Bug#1040001: transition: r-base

[Paul Gevers]

Hi Andreas,

On 30-06-2023 21:35, Andreas Tille wrote:

I'm not sure that we are in the right status to ask for a transition bug


Anytime is good to ask for a transition, particularly when the 
transition is already ongoing.



   https://lists.debian.org/debian-r/2023/06/msg00025.html
 In the end of this mail three options are listed which I simply
 repeat here for your comfort:

1. implement the r-graphics-api-*
   This might be a bit complex since for the moment I do not know
   any means how to detect the packages that need this dependency
   (and how we can implement this into dh-update-R)  So this might
   become technically complex in the first case

2. Just do a full r-api transition
   This would work but affects more packages than strictly
   necessary.  My gut feeling says we will be able to finish this
   earlier than 1. despite technically not perfect

3. Blindly ignore the fact that we need a transition and follow
   the hackish workaround by using random versioned Depends as
   suggested by Nilesh for r-cran-epi.



While I would love to hear the opinion of the release team what kind of
transition (1. or 2.) should be prefered (if this is possible now at all
since the affected package r-base 4.3.1 is in the archive since some
time and also the most urgent packages are rebuild manually) or whether
we need to fight manually through this mess (option 3.)  I confirm that
I agree with Johannes Ranke to prefer option 1. and do it "right" to be
safe for the next time.


I don't think it should surprise anyone that we prefer it to be done 
right. Our preference is for option 1. However, if you can't get the 
pieces for that option in place in a reasonable time (say, a week or 
two, take some time to try), then we prefer to get *this* transition out 
of the way by means of option 2. I don't think it's in anybodies 
interest to waste time on option 3.



Sorry that this transition bug is that complex.  I would have loved if
it would went more coordinated but unfortunately that's not in my hands
and I simply try to reassemble the pieces.


Thanks for communicating with us, much appreciated.

I'll try to set a placeholder transition tracker up soon; for now, by 
lack of something better, will reflect option 2. We can update that once 
we have the pieces for option 1.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040016: discord

[matt quintanilla]

They also have a public test build and an alpha build that we could also
upload and should we upload the .deb version or the tar.gz version this is
the .tar.gz version

he/him
https://www.mattquintanilla.xyz/

Bug#1040016: discord

[matt quintanilla]

fwiw arch got permission to upload it to the arch repos

so I think it should be fine to upload to the debian repository
he/him
https://www.mattquintanilla.xyz/

Bug#1040019: mate-control-center: various memory leaks resolved upstream

[Mike Gabriel]

Package: mate-control-center
Version: 1.26.0-1
Severity: important

In upstream release 1.26.1 various memory leaks have been fixed. This  
should be cherry-picked to a bookworm pu upload.


Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgplBbTLHnUT4.pgp
Description: Digitale PGP-Signatur

Bug#1040018: ITP: discord a modern voice & text chat app

[matt quintanilla]

Package: discord
Severity: ITP
Package name: discord
Version: 0.0.27
Upstream Author: https://discord.com
URL: https://discord.com
License: custom
Description: All-in-one voice and text chat for gamers
Copyright: https://discord.com/terms#7 depends=('libnotify' 'libxss' 'nspr'
'nss' 'gtk3') optdepends=('libpulse: Pulseaudio support' 'ibappindicator:
Systray indicator support' 'xdg-utils: Open files') source=("
https://dl.discordapp.net/apps/linux/$pkgver/$pkgname-$pkgver.deb;
"LICENSE-$pkgver.html::https://discordapp.com/terms;
"OSS-LICENSES-$pkgver.html::https://discordapp.com/licenses;)
sha512sums=('285a0119b4740402a3fa94d3679a52bc8d883413ee32187e90087960a4d34aaf316788d2708bbccafe3f995c2b99767b45bc4b7c731704ef887a8de1b3d3926f'
'1f6e773b9c971aebd5391c22c5e2deea7aa222e0fda240aefbe91c4eb526305972d17302d1f5eb806a9d308c7f029ae8a0549f61d8c2adb53e4fe4ba9cd60a61'
'2adc1404b49930a419eb6c5fbb0c64ebd0a5d797e54357539a093cc99355b10e9c002750dd6d8ab84156593b7cbc8884c1b7e396ac0c2c2b59fcbda2368ebd1a

Please let me know if you need any more info

Bug#1040017: ITP: discord a modern voice & text chat a

[matt quintanilla]

Package:discord
Severity: ITP
Package name: discord
Version: 0.0.27
Upstream Author: https://discord.com
URL: https://discord.com
License: custom
Description: All-in-one voice and text chat for gamers
Copyright: https://discord.com/terms#7 depends=('libnotify' 'libxss' 'nspr'
'nss' 'gtk3') optdepends=('libpulse: Pulseaudio support' 'ibappindicator:
Systray indicator support' 'xdg-utils: Open files') source=("
https://dl.discordapp.net/apps/linux/$pkgver/$pkgname-$pkgver.deb;
"LICENSE-$pkgver.html::https://discordapp.com/terms;
"OSS-LICENSES-$pkgver.html::https://discordapp.com/licenses;)
sha512sums=('285a0119b4740402a3fa94d3679a52bc8d883413ee32187e90087960a4d34aaf316788d2708bbccafe3f995c2b99767b45bc4b7c731704ef887a8de1b3d3926f'
'1f6e773b9c971aebd5391c22c5e2deea7aa222e0fda240aefbe91c4eb526305972d17302d1f5eb806a9d308c7f029ae8a0549f61d8c2adb53e4fe4ba9cd60a61'
'2adc1404b49930a419eb6c5fbb0c64ebd0a5d797e54357539a093cc99355b10e9c002750dd6d8ab84156593b7cbc8884c1b7e396ac0c2c2b59fcbda2368ebd1a

Please let me know if you need any more info
he/him
https://www.mattquintanilla.xyz/

-BEGIN PGP PUBLIC KEY BLOCK-
mQGNBGQZ3X0BDADSBAxrzn8C8pdCeovyCXnOJXkHazh14emOJoCdHQfeJe2EAn1q
QrPGySoD/KmB2UwaTI268pCbZvcWRHll+41Mp3iio0eHwuv6f5rSLv/0x406CkpK
BG7ZMmIW4N83O4dwNa7zZ5pnGjy9Qz57kPYZQJZV3MWPu4XDF57AYFImiZHttptK
4L3I8/rYqzLeI8R95/xs7DL/WoYQCs8F71JTsLEdZHpyrKhWHCGsHKpHhrGla8OH
w8xu4mVKptaq2uEWiBixfN7b5OIgVxYeAzzlB7yEpDTh3fxV24bvqel/SYhVFfdk
2XOcMTZj440FHukGcId9Kxy2wkONuzUQhfqwwhJOTm8lshI7dEtcuBYv4dryfxMd
j4QiSiiExBG7PSRQPZM+7B7LDfYUnHE/+kcnn7DkYyRulzt9CmNV2HR+nW6muVUl
d1mDB+XNF1ZCbEizd81Q037c15bQjlgNG/gWt8+iV9rtANEQDDo/1BcPwqLVFLZ6
G0La/Ry/VLPgAn0AEQEAAbQfbWF0dCA8bWF0dEBtYXR0cXVpbnRhbmlsbGEueHl6
PokB1AQTAQoAPhYhBFkPBLpKtqhISdj0TREQgaYmNzt8BQJkGd19AhsDBQkDwmcA
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBEQgaYmNzt8z74MAK6JCEaVAHcw
9eiioXUUQnPdXcEHC6w8SLraWmYHXrv6c62AGIpFTNigE/CdQzhkQOQK+nBM7e4a
h9lPydfF7HuOFKuW3ACF8aihTsEJMXexy7jMwWBe1YxLLzpJlCF5tIbJg4hBWjYc
prhvJBODyrLcrFQhN/ZlLTkJopzD4NZFbfjKkr9rar47z1mwjqOPsE1s5G5fW9SW
8IN+WZb88G6Ij5Yi+Kn3zpvks1QmGCrjYpjRoUbGLNQy6x0F6LP6m06rwe7XfoDP
GMy95VEoLBbSaXBnEWAt0zMqUM4aJMy0BjQC5rH9YK9Zrh8jap3dwXgeXZIUek/y
1F3TujlzWY/UQk0R5I5cl9KTf5Ui2IMxthxTsJdLMPNhXYNw0h1bbQKD1WtJNrDC
FtnZnhai00gpvW8rejrn35cCRlqgF/xbbshkyeWg1HdoOv90VuOrmJrvufJubsxw
K4KTQ5FCEsGiDBD0XbQayJyjScLUymXd0+hVigAX758tLw2JPAx3R7kBjQRkGd19
AQwA/yGbTn9M7FOf5CwFqWog2V+cf838yebTUOQ7/XP1CCIWcwqNVmkrv2ITpyhT
tYaoDSMGWFyATZD2QWkrR8mW/ykf7OyYJLiszbOqRuaiaxnJ5OHiu7PF6G1JxnFb
Yl6loHNkLSmyzINoHPIGpVP4H961lKTchRzZoqJOeq3YPBFVNxASHOk6nki2vZ/d
SDTGQB86JKfXl77jXBQQNb7zhVFvYbbjjWojX/oTwgJ+FkwWC3lXj0EKqaXDqogI
4CjgpYKYM+m84CMwFMiup2C0KR0lc32VdzA0nMSEbPlbZvqvQc1uazDyFMOKaBxu
psctcXrFyPo1vTH28FxlwrqS83fPvDuhFiqOZvD7cCt1r5JTHAv1rs0pzVUNL4vZ
xK3gpfd1x4HFONsxSxFVvMZOX02Oas7yX9VuoRBVit2kweP2isuosicysTZ4rVmB
ohaHxLQvfNWF0CHUOtQhS5TvpGShxKv7KZsKL0Va06LpC8uyxUBUupbwYuIXcOQe
lK5FABEBAAGJAbwEGAEKACYWIQRZDwS6SraoSEnY9E0REIGmJjc7fAUCZBndfQIb
DAUJA8JnAAAKCRAREIGmJjc7fOdeC/0aXJD59G5Nuj3zTEbC4uReeOJ6M0acY6Av
qeWKHyQDMPGNbvfodM7Y0YvMMX/7pMn+vHC7lmfwMrJun1Kbm3kO/+T3Ce3IowKe
tcIcvILKLuLaX+9b7f8UIGOF9skCq6Q59fPYSIPhOsk5qi47LijAoGmWjFecx+Nz
axvQwl8FgyytvGm3DwMbBScXLZ9CzdhymnFEBjRSXdSM2qTp3u8JaVMx0G7uxXmn
HAkVkBM18Jdm6f/inGFxz4nc+rl9fh1cm0+E3uG3VD68RRR4DJiOh1m7XMDTS4rs
dNgWrOdLZL29/JbCqZ1u5TQ31a20N3UbZDS7ecMMWTb8ZHSiKyBJe3Xi+clhM5P2
eXzra/gfqYTFmqQc8rDUyIDjQrzPM+tlbRKI5e2Gt60NbNvh6pNfZ2TARK2dah4o
UpVMiKdkEAXv3J2gCFxmpoIpM3PqjKH2KR8KgPBuxm6omTIOIdcSwLrkHlZ7vDJS
C0kqE4tqqff7X+VkRDKk0snjIAaUbDQ= =Dv2U -END PGP PUBLIC KEY BLOCK-
 (970) 889-4559

Bug#1040016: Package:discord ITP: discord a modern voice & text chat app

[matt quintanilla]

Package:discord
Severity: ITP
Package name: discord
Version: 0.0.27
Upstream Author: https://discord.com
URL: https://discord.com
License: custom
Description: All-in-one voice and text chat for gamers
Copyright: https://discord.com/terms#7 depends=('libnotify' 'libxss' 'nspr'
'nss' 'gtk3') optdepends=('libpulse: Pulseaudio support' 'ibappindicator:
Systray indicator support' 'xdg-utils: Open files') source=("
https://dl.discordapp.net/apps/linux/$pkgver/$pkgname-$pkgver.deb;
"LICENSE-$pkgver.html::https://discordapp.com/terms;
"OSS-LICENSES-$pkgver.html::https://discordapp.com/licenses;)
sha512sums=('285a0119b4740402a3fa94d3679a52bc8d883413ee32187e90087960a4d34aaf316788d2708bbccafe3f995c2b99767b45bc4b7c731704ef887a8de1b3d3926f'
'1f6e773b9c971aebd5391c22c5e2deea7aa222e0fda240aefbe91c4eb526305972d17302d1f5eb806a9d308c7f029ae8a0549f61d8c2adb53e4fe4ba9cd60a61'
'2adc1404b49930a419eb6c5fbb0c64ebd0a5d797e54357539a093cc99355b10e9c002750dd6d8ab84156593b7cbc8884c1b7e396ac0c2c2b59fcbda2368ebd1a

Please let me know if you need any more info
he/him
https://www.mattquintanilla.xyz/

-BEGIN PGP PUBLIC KEY BLOCK-
mQGNBGQZ3X0BDADSBAxrzn8C8pdCeovyCXnOJXkHazh14emOJoCdHQfeJe2EAn1q
QrPGySoD/KmB2UwaTI268pCbZvcWRHll+41Mp3iio0eHwuv6f5rSLv/0x406CkpK
BG7ZMmIW4N83O4dwNa7zZ5pnGjy9Qz57kPYZQJZV3MWPu4XDF57AYFImiZHttptK
4L3I8/rYqzLeI8R95/xs7DL/WoYQCs8F71JTsLEdZHpyrKhWHCGsHKpHhrGla8OH
w8xu4mVKptaq2uEWiBixfN7b5OIgVxYeAzzlB7yEpDTh3fxV24bvqel/SYhVFfdk
2XOcMTZj440FHukGcId9Kxy2wkONuzUQhfqwwhJOTm8lshI7dEtcuBYv4dryfxMd
j4QiSiiExBG7PSRQPZM+7B7LDfYUnHE/+kcnn7DkYyRulzt9CmNV2HR+nW6muVUl
d1mDB+XNF1ZCbEizd81Q037c15bQjlgNG/gWt8+iV9rtANEQDDo/1BcPwqLVFLZ6
G0La/Ry/VLPgAn0AEQEAAbQfbWF0dCA8bWF0dEBtYXR0cXVpbnRhbmlsbGEueHl6
PokB1AQTAQoAPhYhBFkPBLpKtqhISdj0TREQgaYmNzt8BQJkGd19AhsDBQkDwmcA
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBEQgaYmNzt8z74MAK6JCEaVAHcw
9eiioXUUQnPdXcEHC6w8SLraWmYHXrv6c62AGIpFTNigE/CdQzhkQOQK+nBM7e4a
h9lPydfF7HuOFKuW3ACF8aihTsEJMXexy7jMwWBe1YxLLzpJlCF5tIbJg4hBWjYc
prhvJBODyrLcrFQhN/ZlLTkJopzD4NZFbfjKkr9rar47z1mwjqOPsE1s5G5fW9SW
8IN+WZb88G6Ij5Yi+Kn3zpvks1QmGCrjYpjRoUbGLNQy6x0F6LP6m06rwe7XfoDP
GMy95VEoLBbSaXBnEWAt0zMqUM4aJMy0BjQC5rH9YK9Zrh8jap3dwXgeXZIUek/y
1F3TujlzWY/UQk0R5I5cl9KTf5Ui2IMxthxTsJdLMPNhXYNw0h1bbQKD1WtJNrDC
FtnZnhai00gpvW8rejrn35cCRlqgF/xbbshkyeWg1HdoOv90VuOrmJrvufJubsxw
K4KTQ5FCEsGiDBD0XbQayJyjScLUymXd0+hVigAX758tLw2JPAx3R7kBjQRkGd19
AQwA/yGbTn9M7FOf5CwFqWog2V+cf838yebTUOQ7/XP1CCIWcwqNVmkrv2ITpyhT
tYaoDSMGWFyATZD2QWkrR8mW/ykf7OyYJLiszbOqRuaiaxnJ5OHiu7PF6G1JxnFb
Yl6loHNkLSmyzINoHPIGpVP4H961lKTchRzZoqJOeq3YPBFVNxASHOk6nki2vZ/d
SDTGQB86JKfXl77jXBQQNb7zhVFvYbbjjWojX/oTwgJ+FkwWC3lXj0EKqaXDqogI
4CjgpYKYM+m84CMwFMiup2C0KR0lc32VdzA0nMSEbPlbZvqvQc1uazDyFMOKaBxu
psctcXrFyPo1vTH28FxlwrqS83fPvDuhFiqOZvD7cCt1r5JTHAv1rs0pzVUNL4vZ
xK3gpfd1x4HFONsxSxFVvMZOX02Oas7yX9VuoRBVit2kweP2isuosicysTZ4rVmB
ohaHxLQvfNWF0CHUOtQhS5TvpGShxKv7KZsKL0Va06LpC8uyxUBUupbwYuIXcOQe
lK5FABEBAAGJAbwEGAEKACYWIQRZDwS6SraoSEnY9E0REIGmJjc7fAUCZBndfQIb
DAUJA8JnAAAKCRAREIGmJjc7fOdeC/0aXJD59G5Nuj3zTEbC4uReeOJ6M0acY6Av
qeWKHyQDMPGNbvfodM7Y0YvMMX/7pMn+vHC7lmfwMrJun1Kbm3kO/+T3Ce3IowKe
tcIcvILKLuLaX+9b7f8UIGOF9skCq6Q59fPYSIPhOsk5qi47LijAoGmWjFecx+Nz
axvQwl8FgyytvGm3DwMbBScXLZ9CzdhymnFEBjRSXdSM2qTp3u8JaVMx0G7uxXmn
HAkVkBM18Jdm6f/inGFxz4nc+rl9fh1cm0+E3uG3VD68RRR4DJiOh1m7XMDTS4rs
dNgWrOdLZL29/JbCqZ1u5TQ31a20N3UbZDS7ecMMWTb8ZHSiKyBJe3Xi+clhM5P2
eXzra/gfqYTFmqQc8rDUyIDjQrzPM+tlbRKI5e2Gt60NbNvh6pNfZ2TARK2dah4o
UpVMiKdkEAXv3J2gCFxmpoIpM3PqjKH2KR8KgPBuxm6omTIOIdcSwLrkHlZ7vDJS
C0kqE4tqqff7X+VkRDKk0snjIAaUbDQ= =Dv2U -END PGP PUBLIC KEY BLOCK-
 (970) 889-4559

Bug#1039966: isc-dhcp-server.service: Could not get Tjener LDAP object (but it exists).

[Mike Gabriel]

Control: tags -1 - pending

Hi Daniel,

On  Fr 30 Jun 2023 11:17:57 CEST, Daniel Teichmann wrote:


Package: debian-edu-config
Severity: important

Error messages popping up in syslog on newly installed systems..

gber (Guido Berhörster) can reproduce this issue.

less /var/log/syslog: ```


2023-06-30T10:02:21.863147+02:00 tjener dhcpd[138165]: Cannot find  
host LDAP entry tjener (&(objectClass=dhcpServer)(cn=tjener))

```


I reverted your change for this as it does not address the underlying problem.

In a Debian Edu network, all hosts should be reachable via their short  
hostname (rather than their FQDN).


This is: the underlying fix for this is finding out via

  ping ldap

fails whereas

  ping ldap.intern

does not.

I.e. we need to check /etc/resolv.conf and if there is a "search  
intern" in it. And if not, we need to find out why it is not there:


```
nameserver 127.0.0.1
search intern
```

Please revisit and find the deeper solution to this problem. Thanks!

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgprsEBBIztf1.pgp
Description: Digitale PGP-Signatur

Bug#1040015: share/debian-edu-config/tools/edu-icinga-setup: Uses static password for DB setup

[Mike Gabriel]

Package: debian-edu-config
Version: 2.12.33
Severity: important

The script share/debian-edu-config/tools/edu-icinga-setup helps us  
with setting up an Icinga2 system on the Debian Edu main server for  
the Debian Edu network. I that script, the MySQL DB for Icinga2 is set  
up with a hard-coded password (which is equal across all tjener  
installations).


From my understanding, this can be avoided by uses pwgen for each  
individual script run, so all icinga2 setups on the various tjener  
installations becomes unique.


See grep -r v64nhbe27dfBjR3T in d-e-c's base folder:

share/debian-edu-config/tools/edu-icinga-setup:	IDENTIFIED BY  
'v64nhbe27dfBjR3T';
share/debian-edu-config/tools/edu-icinga-setup:	sed -i "/password/  
s%\".*\"%\"v64nhbe27dfBjR3T\"%"  
"/etc/icinga2/features-available/ido-mysql.conf"
share/debian-edu-config/tools/edu-icinga-setup:	IDENTIFIED BY  
'v64nhbe27dfBjR3T';

share/debian-edu-config/tools/edu-icinga-setup: password = "v64nhbe27dfBjR3T"
share/debian-edu-config/tools/edu-icinga-setup: password = "v64nhbe27dfBjR3T"

light+love
Mike

--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgpf76Lx6TftJ.pgp
Description: Digitale PGP-Signatur

Bug#1024997: what kind of bug was it?

[Junichi Uekawa]

Hi,

On Sat, 01 Jul 2023 06:35:06 +0900,
Preuße, Hilmar wrote:
> 
> [1  ]
> [1.1  ]
> [1.1.1  ]
> On 26.06.2023 08:26, Junichi Uekawa wrote:
> 
> Hi Junichi,
> 
> > From my guess it's some kind of buffer management issue; what was the
> > bug and is there a minimal fix ?
> > 
> To be honest: I don't really care. I know the issue is solved in
> texinfo 7.0.x, hence I perform no further investigation. Uploading TI
> 7.0 to unstable however will break a few packages [1], currently I'm
> waiting that at least the new version of octave hits unstable.
> 
> If you think this could be a security issue, let me know.

As bookworm shipped with this bug which dumps some kind of corrupted
buffer content, I am concerned this can be a security issue.

Bug#1038920: python3-certbot-dns-gandi: Update from Debian 11 -> 12 leaves certificate updates broken

[Norbert Preining]

> sed -i -- 's/certbot-plugin-gandi:dns/dns-gandi/g' 
> /etc/letsencrypt/renewal/*.conf

I see a few issues:

* First of all, you need to convert some - to _ since these are translated
  into python modules

* Then, does that suffice? Looking into the conf files I have, I also see lines
authenticator = dns-gandi
coming from the calls

OLD:
certbot certonly --certbot-plugin-gandi:dns-credential 
/etc/letsencrypt/gandi.ini -d DOMAIN_LIST

NEW:
certbot certonly --authenticator dns-gandi --dns-gandi-credentials 
/etc/letsencrypt/gandi.ini -d DOMAIN_LIST

Now with the above you would rewrite the config file lines
certbot-plugin-gandi:dns_credentials = ...
to
dns_gandi_credentials = ...
(Note the _ here for dns_gandi_credentials and most probably also for
dns_credentials, but I cannot check now!)

But then still the new line
authenticator = dns-gandi
is missing.

Just as food for thoughts.

Best

Norbert

--
PREINING Norbert  https://www.preining.info
Mercari Inc. + IFMGA Guide + TU Wien + TeX Live
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#1040014: coreutils: tail: -f with inotify behaves differently than without when watching the same file twice

[наб]

Package: coreutils
Version: 9.1-1
Severity: normal

Dear Maintainer,

$ tail -f zupa zupa & sleep 0.1; echo zupa >> zupa
[1] 2883746
==> zupa <==
mupa

==> zupa <==
mupa

==> zupa <==
zupa
  but
$ tail ---disable-inotify -f zupa zupa & sleep 0.1; echo zupa >> zupa
[1] 2884513
==> zupa <==
mupa

==> zupa <==
mupa
$
==> zupa <==
zupa

==> zupa <==
zupa


The first one's obviously wrong, and maps trivially onto an inotify
artifact of having a single watch ID per inode.

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b6

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1040013: coreutils: tail: -F with inotify trivially misses renaming of directory's directory

[наб]

Package: coreutils
Version: 9.1-1
Severity: normal

Dear Maintainer,

If
  ~/uwu$ echo tupa > t/a/i/l/zupa
then
  $ tail -F ~/uwu/t/a/i/l/zupa
  tupa
and when
  ~/uwu$ mv t q; mkdir -p t/a/i/l; echo trużpan > t/a/i/l/zupa
nothing changes.

Naturally,
  $ cat /proc/$(pgrep tail)/fdinfo/4
  pos:0
  flags:  00
  mnt_id: 15
  ino:2075
  inotify wd:2 ino:20e117 sdev:71 mask:c06 ignored_mask:0 fhandle-bytes:c 
fhandle-type:1 f_handle:941d177517e12000
  inotify wd:1 ino:20e116 sdev:71 mask:784 ignored_mask:0 fhandle-bytes:c 
fhandle-type:1 f_handle:5d7d142316e12000
and nothing actually changed with what I assume are watches for
~/uwu/t/a/i/l/zupa and ~/uwu/t/a/i/l, and if you muck around with it
(by killing q/a/i/l/zupa or whatever) so much tail says it falls back
to polling, then it works again.

I don't think actually generalising tail -F is possible with linux's
(d|i|fs)notify systems. Or that it's worth-while to do so for the
specified use-case of log rotation.

OTOH, this is NOT documented. And neither is ---disable-inotify,
which is needed to work around some Linux bugs (like #1039488).

Please (a) document this behaviour, and (b) document ---disable-inotify
(for which, funnily enough, the only two results on DCO are coreutils
 and rust-coreutils:
   https://codesearch.debian.net/search?q=---disable-inotify=1
 )
as fixing it.

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages coreutils depends on:
ii  libacl1  2.3.1-3
ii  libattr1 1:2.5.1-4
ii  libc62.36-9
ii  libgmp10 2:6.2.1+dfsg1-1.1
ii  libselinux1  3.4-1+b6

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#860789: freecad: import of openscad file turns "differences" into "unions"

[Petter Reinholdtsen]

Control: found -1 0.20.2+dfsg1-4

I tested the example file, and the problem is still present in the
FreeCAD version included in Bookworm.
-- 
Happy hacking
Petter Reinholdtsen

Bug#1040012: Possible missing firmware /lib/firmware/i915/dg2_huc_gsc.bin for module i915 that is part of the source

[Daniel Leidert]

Package: firmware-misc-nonfree
Version: 20230515-2
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The file dg2_huc_gsc.bin is part of the source, but it is not shipped as part
of firmware-misc-nonfree. I cannot find any reason, why it is not packaged as
well. So I wonder if this was simply an oversight?

Regards, Daniel



- -- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldstable-updates'), (500, 
'oldstable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), 
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

firmware-misc-nonfree depends on no packages.

firmware-misc-nonfree recommends no packages.

Versions of packages firmware-misc-nonfree suggests:
ii  initramfs-tools  0.142

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmSfb/MACgkQS80FZ8KW
0F2zFRAAugH53qTDc9yWhh/0rVvAwTknHkWaWuiK2+u2MfHCrcQGCvPemfapJQSv
33W21sd7msHUf/ObRBRWcVrAWW3iJ1sDeZlllsfRi4+tOWLWiKD0ThoJ+GbNNM9c
aIDxUQNk0duR2RE7B7u1b4iSuf1qRda3oJ6Zg+5ywR4nn0PmAkaL0bru4zFHb0mr
vesINnlACtbPUKln3dyepbMhFNpCxQi9CTemkt+ctTvNQPG5ZOBvLnJLz6Xi7Deg
NXA2OcbBHKyoNp9XVz0L6dIFrKYYZyoqrvdP86s8Nk0u36Bxz/bIfIqzIl21JPZk
Ddyu+m62jCjgMfY+OecPM4dMbFQl2rpND5Tiz4a4HJ2n1v8tjilXATGLrTtfldU6
olxEWCLHVb2At+QEmFXuwEG5nzC1HlfIpl5vfFrIqY+bA15KUrahPbYJsjPf2DjW
uZhp9XrFbvbC2+pKFfYlLJaCmI28CoDaj3ih7KffmbuVbLmnhRyyixNCD6VtaEJ2
E6gUuO0t3QThSjjOHpjsKJvLuCjMBJsYIdm1OiaQbFsZq+zCSvfnRsdj5bY2tL1n
s8wsHhNhQhQOCSQSAOyrLg/mtTyCN5/xjwHUPKNdAumqAkcqcUGO0ZvD4ekgJsVt
RfX10Rmbtdl4zXSYwxkclgAxKnPZZ+M9LMFPS8To9pqwFT7Cy30=
=3K4y
-END PGP SIGNATURE-

Bug#1040011: mate-polkit: Allow mate-polkit to be used in Xfce, Cinnamon, and other desktops

[Unit 193]

Source: mate-polkit
Severity: wishlist

Dear Maintainer,

As policykit-1-gnome is slated for removal from Trixie (#990271), and it's the 
most
generic policykit agent, it would be quite useful if mate-polkit could be 
utilized
on other desktops.

In https://bugs.debian.org/990259 there was a discussion where mate-polkit 
could be
useful to Cinnamon, and I would find it useful on an Xfce desktop.

Below is a patch to mate-polkit's desktop file to allow it to run on other 
desktops,
of course you may prefer to expand the whitelist rather than simply 
blacklisting KDE and GNOME.

Thanks!


~Unit 193
Unit193 @ OFTC
Unit193 @ Libera

Description: Allow mate-polkit to be used in Xfce, Cinnamon, etc.

---
 src/polkit-mate-authentication-agent-1.desktop.in.in |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/polkit-mate-authentication-agent-1.desktop.in.in
+++ b/src/polkit-mate-authentication-agent-1.desktop.in.in
@@ -5,5 +5,5 @@ Exec=@FULL_LIBEXECDIR@/polkit-mate-authe
 Terminal=false
 Type=Application
 NoDisplay=true
-OnlyShowIn=MATE;
+NotShowIn=GNOME;KDE;
 X-MATE-AutoRestart=true

Bug#1012819: gnome-software: When installing freecad via gnome-software, the freecad-common package is installed instead of freecad

[Petter Reinholdtsen]

[PM Eugen Wintersberger 2022-06-14]
> when I install freecad via gnome-software the freecad-common package instead
> of the freecad package is installed. Therefore, a user cannot run freecad when
> installed with gnome-software.

Is this still a problem with version 0.20.2+dfsg1-4?  The freecad
package in this version contain both the .desktop file and the appstream
metadata file.

-- 
Happy hacking
Petter Reinholdtsen

Bug#1033695: freecad-python3: FreeCAD segfaults instantly

[Petter Reinholdtsen]

[Cev Ing]
> Dear Maintainer,
> 
> FreeCAD crashes instantly during startup. I can not even use the option -l to
> produce a log file.

I am not the maintainer, but can add another data point.  It is not
crashing on startup for me.  In the unlikely case that the locale
setting was causing this, I tried starting with
'LANG=de_DE.UTF-8 LC_CTYPE=de_DE.UTF-8 freecad', but did not see any
crash in this case either.  I do not use AppArmor.

Do you see anything useful if running freecad using valgrind?

-- 
Happy hacking
Petter Reinholdtsen

Bug#1031566: freecad-common: inspect.getargspec is used in gui_snapper.py which is no longer supported by python >= 3.10

[Petter Reinholdtsen]

I have added this patch to the Debian package git repository, and
discovered in the process that the fix was already applied upstream
in https://github.com/FreeCAD/FreeCAD/pull/8101, commit
fe02d63c8c9b1280978be841d04e68a0a55cceb9.
-- 
Happy hacking
Petter Reinholdtsen

Bug#1039862: cpdb-libs 1.2.0-2+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1039862 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: cpdb-libs
Version: 1.2.0-2+deb12u1

Explanation: fix a buffer overflow vulnerability

Bug#1040010: [debian-installer] Please support more arm64 boards

[Roman Mamedov]

Package: debian-installer
Severity: normal

Hello,

There are 42 DTBs shipped with the installer for Allwinner alone:
https://d-i.debian.org/daily-images/arm64/daily/device-tree/allwinner/

But for the bootloader aka firmware aka u-boot:
https://d-i.debian.org/daily-images/arm64/daily/netboot/SD-card-images/
it is an extremely weird and arbitrary list of 12 random boards. For instance
supporting "Orange Pi Zero Plus2" of all things specifically, not even just
"Zero Plus"; and not, say, Orange Pi Prime or Orange Pi Win (and so on).

So despite having all the other DTBs, the system is not installable on those
boards. Unless the user is sent to find and compile their own u-boot, but if
so, what is the purpose of randomly providing it for 12 random niche boards to
begin with, might as well make everyone do that.

Instead, I suggest a better solution: maybe not even daily, but at least once
per month, could you build a bootloader part for ALL the supported boards, and
not just a handful of them. Thanks!

-- 
With respect,
Roman

Bug#1039974: tomcat10: tomcat user has wrong home "/var/lib/tomcat" directory in /etc/passwd

[Markus Koschany]

Control: tags -1 moreinfo

> deploy .war in tomcat10
> got errors from tomcat10 in "journalctl -f"
> 
>    * What exactly did you do that was effective ?
> 
> change tomcat user home in /etc/passwd to /var/lib/tomcat10
> 
>    * What was the outcome of this action?
> 
> Problem solved

You most likely don't have to change the user home of tomcat to solve your
problem (which you did not specify at all)

There is a difference between the operating system user and home directory and
the applications' home directory.

See Debian bug https://bugs.debian.org/926338 for reference.

You have to tell your tomcat applications explicitly if they can write or read
certain file system directories. See /usr/share/doc/tomcat10/README.Debian for
more information. By default Debian's tomcat package is meant to be secure. It
is the task of the system administrator to configure tomcat correctly. 




signature.asc
Description: This is a digitally signed message part

Bug#1038879: proftpd-dfsg 1.3.8+dfsg-4+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1038879 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: proftpd-dfsg
Version: 1.3.8+dfsg-4+deb12u1

Explanation: do not enable inetd-style socket at installation

Bug#1038000: texlive-bin 2022.20220321.62855-5.1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1038000 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: texlive-bin
Version: 2022.20220321.62855-5.1+deb12u1

Explanation: security fixes; make installable on i386

Bug#1038879: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u1

[Jonathan Wiltshire]

On Fri, Jun 30, 2023 at 02:44:54PM +0200, Francesco P. Lovergine wrote:
> On Fri, Jun 30, 2023 at 12:54:23PM +0100, Jonathan Wiltshire wrote:
> > 
> > Can I have a source-only upload please? I'll reject the upload for now, you
> > can reuse the same version.
> > 
> 
> Done.

You'll need to bump the version and make a source-only upload to unstable
as well for testing migration.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040009: ITP: python-pytest-trio -- Pytest plugin for trio

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-pytest-trio
  Version : 0.8.0
  Upstream Contact: Emmanuel Leblond 
* URL : https://github.com/python-trio/pytest-trio
* License : Apache-2 or Expat
  Programming Lang: Python
  Description : Pytest plugin for trio

 This is a pytest plugin to help you test projects that use Trio, a friendly
 library for concurrency and async I/O in Python.
 .
 Features include:
  * Async tests without the boilerplate: just write
async def test_whatever(): 
  * Useful fixtures included: use autojump_clock for easy testing of code with
timeouts, or nursery to easily set up background tasks.
  * Write your own async fixtures: set up an async database connection or start
a server inside a fixture, and then use it in your tests.
  * If you have multiple async fixtures, pytest-trio will even do setup/teardown
concurrently whenever possible. (Though honestly, we’re not sure whether 
this
is a good idea or not and might remove it in the future. If it makes your
tests harder to debug, or conversely provides you with big speedups, please
let us know.)
  * Integration with the fabulous Hypothesis library, so your async tests can
use property-based testing: just use @given like you’re used to.
  * Support for testing projects that use Trio exclusively and want to use
pytest-trio everywhere, and also for testing projects that support multiple
async libraries and only want to enable pytest-trio’s features for a subset
of their test suite.

I intend to maintain this as part of DPT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAmSfWT8RHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90Wof5Af/aSsk4H4lC/krkrH4g0jq70eXUQJsbRAF
35oBmDJ55+9ttlhDO20epFZ+58bB57aJnDBHs+EgoFpsEBLAcErPGu4tZS5zEbyG
Fiy90PYRDpvSQV2zNT4IkR2Dko5dyQkDP8vanwOPe0i/jy3Ec9zYJlvCN7E/YyDL
qgw8VwDaNkVR7W02/NGqccOax3TmZw2FNOSkxkwABYii46gSFwgdgxLAv3VtlNTA
f1xcHoOpAKB9DX8kFHquciRdFuiTKWiVA3200A1z4LtIyYQl9o/K0E7KIFsL4niG
8utjegs+x4onxt3La/q2aboqSCZlFqQOG2nsc7JtEuYdVAiCoX7Jiw==
=p6Jq
-END PGP SIGNATURE-

Bug#1039862: bookworm-pu: cpdb-libs/1.2.0-2+deb12u1

[Thorsten Alteholz]

On Thu, 29 Jun 2023, Jonathan Wiltshire wrote:


Please go ahead.


Great, thanks ...

... and uploaded.

  Thorsten

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Nick Hastings]

Hi,

* Limonciello, Mario  [230701 06:40]:
> 
> > > Nevertheless: thx for your report your help through this thread.
> > 
> > No problem. I am willing to try to do more, but right now I don't know
> > how to do what has been suggested.
> > 
> 
> Here is where to report Nouveau bugs:
> 
> https://gitlab.freedesktop.org/drm/nouveau/-/issues/

Thanks.

Done: https://gitlab.freedesktop.org/drm/nouveau/-/issues/241

Cheers,

Nick.

Bug#1040008: RFS: vim-rails/5.4-2 -- vim development tools for Rails development

[Thiago Marques]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "vim-rails":

 * Package name : vim-rails
   Version  : 5.4-2
   Upstream contact : [fill in name and email of upstream]
 * URL  : https://www.vim.org/scripts/script.php?script_id=1567
 * License  : GPL-2+
 * Vcs  : https://salsa.debian.org/debian/vim-rails
   Section  : editors

The source builds the following binary packages:

  vim-rails - vim development tools for Rails development

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/vim-rails/

Alternatively, you can download the package with 'dget' using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/v/vim-rails/vim-rails_5.4-2.dsc

Changes since the last upload:

 vim-rails (5.4-2) unstable; urgency=medium
 .
   * Migrated to dh_vim-addon (Closes: #1015946).

Regards,
-- 
  Thiago Marques Siqueira

Bug#1040007: libwww-mechanize-perl: migrate to libhttp-cookiejar-perl?

[Steve Langasek]

lib/WWW/Mechanize.pm currently says:

  You are encouraged to install L and use
  L as your cookie jar.  L
  provides a better security model matching that of current Web browsers
  when L is installed.

use HTTP::CookieJar::LWP ();

my $jar = HTTP::CookieJar::LWP->new;
my $agent = WWW::Mechanize->new( cookie_jar => $jar );

So it appears libwww-mechanize-perl already supports the use of
libhttp-cookiejar-perl, but leaves it to the caller; and also, I don't see
anywhere in the library that libhttp-cookie-perl is used, only in mech-dump
which almost seems like an example script, and could easily be converted?

On Fri, Jun 30, 2023 at 02:56:15PM -0700, Steve Langasek wrote:
> Package: libwww-mechanize-perl
> Version: 2.16-1
> Severity: wishlist
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu mantic
> 
> Dear maintainers,
> 
> The libwww-perl package has recently switched from depending on
> libhttp-cookies-perl, to depending on libhttp-cookiejar-perl, with the
> upstream rationale that this is "a safer cookie jar".
> 
> Are there any plans for libwww-mechanize-perl to also switch?
> 
> Downstream in Ubuntu, we libwww-perl, libwww-mechanize-perl, and
> libhttp-cookies-perl are all in the "main" component of the archive with
> different security committments than "universe" and we have a preference for
> not having duplicate implementations of functionality where we can avoid it;
> therefore we would prefer to replace libhttp-cookies-perl with
> libhttp-cookiejar-perl in main by having both of the reverse-dependencies
> updated to use the same implementation, rather than having both in main.
> 
> I also see that libwww-mechanize-perl itself depends on libwww-perl, so I
> wonder what the interactions are like there if the two libraries are using
> separate cookie stores?
> 
> Thanks,
> -- 
> Steve Langasek   Give me a lever long enough and a Free OS
> Debian Developer   to set it on, and I can move the world.
> Ubuntu Developer   https://www.debian.org/
> slanga...@ubuntu.com vor...@debian.org

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#1040007: libwww-mechanize-perl: migrate to libhttp-cookiejar-perl?

[Steve Langasek]

Package: libwww-mechanize-perl
Version: 2.16-1
Severity: wishlist
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu mantic

Dear maintainers,

The libwww-perl package has recently switched from depending on
libhttp-cookies-perl, to depending on libhttp-cookiejar-perl, with the
upstream rationale that this is "a safer cookie jar".

Are there any plans for libwww-mechanize-perl to also switch?

Downstream in Ubuntu, we libwww-perl, libwww-mechanize-perl, and
libhttp-cookies-perl are all in the "main" component of the archive with
different security committments than "universe" and we have a preference for
not having duplicate implementations of functionality where we can avoid it;
therefore we would prefer to replace libhttp-cookies-perl with
libhttp-cookiejar-perl in main by having both of the reverse-dependencies
updated to use the same implementation, rather than having both in main.

I also see that libwww-mechanize-perl itself depends on libwww-perl, so I
wonder what the interactions are like there if the two libraries are using
separate cookie stores?

Thanks,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature

Bug#1040006: pflogsumm: fails to count sent emails

[Yvan Masson]

Package: pflogsumm
Version: 1.1.5-7
Severity: normal

Dear maintainer,

I use pflogsumm on a Bullseye system, to analyze Postfix 3.5.17 logs. It 
is possible my setup has some oddities, but while pflogsumm is globally 
working, it fails to count sent emails:


$ pflogsumm my_log_file
[...]
0   sending hosts/domains
[...]
Host/Domain Summary: Messages Received
---
 msg cnt   bytes   host/domain
  ---  ---

Senders by message count: none
[...]
Senders by message size: none
[...]

A friend of mine suggested a very small change in pflogsumm, which seems 
to make it working properly. Here si the diff before and after the fix:


804c805,806
<   if($rcvdMsg{$qid}) {
---
>   if($rcvdMsg{$qid} == '') {



But it si still not perfect, because now errors are printed before the 
actual report:


Argument "" isn't numeric in numeric eq (==) at 
/usr/local/sbin/pflogsumm line 806, <> line 56.
Use of uninitialized value within %rcvdMsg in numeric eq (==) at 
/usr/local/sbin/pflogsumm line 806, <> line 56.
[...] 

Use of uninitialized value $domAddr in hash element at 
/usr/local/sbin/pflogsumm line 814, <> line 1272. 

[...] 

Use of uninitialized value within %rcvdMsg in numeric eq (==) at 
/usr/local/sbin/pflogsumm line 806, <> line 1294.



Hope this help.

Regards,
Yvan

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Limonciello, Mario]

Nevertheless: thx for your report your help through this thread.


No problem. I am willing to try to do more, but right now I don't know
how to do what has been suggested.



Here is where to report Nouveau bugs:

https://gitlab.freedesktop.org/drm/nouveau/-/issues/

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Nick Hastings]

Hi,

* Thorsten Leemhuis  [230630 22:02]:
> On 27.06.23 00:34, Nick Hastings wrote:
> > * Linux regression tracking (Thorsten Leemhuis)  
> > [230626 21:09]:
> >> Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting
> >> for once, to make this easily accessible to everyone.
> >>
> >> Nick, what's the status/was there any progress? Did you do what Mario
> >> suggested and file a nouveau bug?
> > 
> > It was not apparent that the suggestion to open "a Nouveau drm bug" was
> > addressed to me.
> 
> I wish things were earlier for reporters, but from what I can see this
> is the only way forward if you or some silent bystander cares.

In principle I can open another bug report, but I don't know how or
where to report "a Nouveau drm bug". Please keep in mind that I'm just
an end user. I learnt to use git bisect specifically because of this
bug. Prior to that, I hadn't compiled a kernel in about 15 years.

> >> I ask, as I still have this on my list of regressions and it seems there
> >> was no progress in three+ weeks now.
> > 
> > I have not pursued this further since as far as I could tell I already
> > provided all requested information and I don't actually use nouveau, so
> > I blacklisted it.
> 
> I doubt any developer cares enough to take a closer look[1] without a
> proper nouveau bug and some help & prodding from someone affected. And
> looks to me like reverting the culprit now might create even bigger
> problems for users.

If someone can point me to some docs about for reporting nouveau bugs I
can look into it.

> Hence I guess then this won't be fixed in the end. In a ideal world this
> would not happen, but we don't live in one and all have just 24 hours in
> a day. :-/

This is a very common Dell XPS 15 7590 so I expect many people could
experience this issue. Or maybe like me they only use the intel GPU.

> Nevertheless: thx for your report your help through this thread.

No problem. I am willing to try to do more, but right now I don't know
how to do what has been suggested.

Cheers,

Nick.

> [1] some points on the following page kinda explain this
> https://linux-regtracking.leemhuis.info/post/frequent-reasons-why-linux-kernel-bug-reports-are-ignored/
> 
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> --
> Everything you wanna know about Linux kernel regression tracking:
> https://linux-regtracking.leemhuis.info/about/#tldr
> If I did something stupid, please tell me, as explained on that page.
> 
> #regzbot inconclusive: reporting deadlock (see thread for details)
 > 
> 
> 
> >> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> >> --
> >> Everything you wanna know about Linux kernel regression tracking:
> >> https://linux-regtracking.leemhuis.info/about/#tldr
> >> If I did something stupid, please tell me, as explained on that page.
> >>
> >> #regzbot backburner: slow progress, likely just affects one machine
> >> #regzbot poke
> >>
> >>
> >> On 02.06.23 02:57, Limonciello, Mario wrote:
> >>> [AMD Official Use Only - General]
> >>>
>  -Original Message-
>  From: Nick Hastings 
>  Sent: Thursday, June 1, 2023 7:02 PM
>  To: Karol Herbst 
>  Cc: Limonciello, Mario ; Lyude Paul
>  ; Lukas Wunner ; Salvatore
>  Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
>  Wysocki ; Len Brown ; linux-
>  a...@vger.kernel.org; linux-ker...@vger.kernel.org;
>  regressi...@lists.linux.dev
>  Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
>  string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of 
>  system)
> 
>  Hi,
> 
>  * Karol Herbst  [230602 03:10]:
> > On Thu, Jun 1, 2023 at 7:21 PM Limonciello, Mario
> >  wrote:
> >>> -Original Message-
> >>> From: Karol Herbst 
> >>> Sent: Thursday, June 1, 2023 12:19 PM
> >>> To: Limonciello, Mario 
> >>> Cc: Nick Hastings ; Lyude Paul
> >>> ; Lukas Wunner ; Salvatore
> >>> Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
> >>> Wysocki ; Len Brown ; linux-
> >>> a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> >>> regressi...@lists.linux.dev
> >>> Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
> >>> string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
>  system)
> >>>
> >>> On Thu, Jun 1, 2023 at 6:54 PM Limonciello, Mario
> >>>  wrote:
> 
>  [AMD Official Use Only - General]
> 
> > -Original Message-
> > From: Karol Herbst 
> > Sent: Thursday, June 1, 2023 11:33 AM
> > To: Limonciello, Mario 
> > Cc: Nick Hastings ; Lyude Paul
> > ; Lukas Wunner ; Salvatore
> > Bonaccorso ; 1036...@bugs.debian.org; Rafael
>  J.
> > Wysocki ; Len Brown ; linux-
> > a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> > regressi...@lists.linux.dev
> > Subject: Re: 

Bug#1024997: what kind of bug was it?

[Preuße]

On 26.06.2023 08:26, Junichi Uekawa wrote:

Hi Junichi,


From my guess it's some kind of buffer management issue; what was the
bug and is there a minimal fix ?

To be honest: I don't really care. I know the issue is solved in texinfo 
7.0.x, hence I perform no further investigation. Uploading TI 7.0 to 
unstable however will break a few packages [1], currently I'm waiting 
that at least the new version of octave hits unstable.


If you think this could be a security issue, let me know.

Hilmar

[1] 
https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=hille42%40web.de=texinfo70

--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1037086: dropbear-initramfs: /etc/dropbear/initramfs/dropbear_dss_host_key file not generated

[Guilhem Moulin]

On Fri, 30 Jun 2023 at 11:14:35 -0500, Michael Meier wrote:
> I had to edit the file /usr/share/initramfs-tools-hooks so it also copies the 
> dss key:

src:dropbear doesn't ship that file, do you mean 
/usr/share/initramfs-tools/hooks/dropbear?

> The option DROPBEAR_OPTIONS="-E" should be default, so the user gets some
> kind of error message if something is not working. Would have saved me an
> hour or so...

-E is the default in debug mode…  Need a debug trace anyway to track
this down, because it works just fine here (and in ci).

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#1040005: ITP:magpie - window manager for the budgie desktop

[David Mohammed]

Package: wnpp
Severity: wishlist

Owner: David Mohammed (fossfree...@ubuntu.com)

Package name : magpie
Version : 0.9.1
Upstream Author : BuddiesOfBudgie
URL : https://github.com/BuddiesOfBudgie/magpie
License : GPL-2+ and GPL-3+ and LGPL-2+ and LGPL-2.1+ and Expat and
NTP-BSD-variant and SGI-B-2.0
Programming Lang: C
Description : magpie is a X11 window manager and compositor library.
 magpie contains functionality related to, among other things, window
management, window
 compositing, focus tracking, workspace management, keybindings and monitor
 configuration.
 .
 Magpie is a soft-fork of GNOME mutter v43.x tailored for the requirements
 of the budgie-desktop.
 .
 Internally it uses a fork of Cogl, a hardware acceleration abstraction
 library used to simplify usage of OpenGL pipelines, as well as a fork
 of Clutter, a scene graph and user interface toolkit.

Bug#1038000: bookworm-pu: package texlive-bin/2022.20220321.62855-5.1+deb12u1

[Preuße]

On 30.06.2023 13:56, Jonathan Wiltshire wrote:

Hi Jonathan,


You also need to target bookwork, not bookworm-proposed-updates, so I'll
reject the uploads and you can re-use the same version number.

Done. The packages are in the "Resolution Pending" queue. Hope I did 
everything right this time.


Hilmar
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039976: detex.1: some remarks and editorial fixes in a patch for the manual

[Preuße]

On 30.06.2023 01:46, Bjarni Ingi Gislason wrote:

Dear Bjarni,


here are some notes and a patch for the manual.


Many thanks for your patches: they are heavily appreciated.

It would be nice if you could provide your content as attachment, this 
would help me to extract the content, even if it is just text.
Further consider to submit your suggestions directly to the upstream 
maintainer of the software, if possible.


Many thanks,
  Hilmar
--
sigfault



OpenPGP_0x0C871C4C653C1F59.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040004: netplan.io: autopkgtest fails with iproute2 v6.4

[Luca Boccassi]

Package: netplan.io
Version: 0.106.1-2

Dear Maintainers,

I just uploaded iproute2 6.4-1 and some outputs have changed, so
netplan's autopkgtest is failing:

4161s ==
4161s FAIL: test_mix_bridge_on_bond 
(__main__.TestNetworkManager.test_mix_bridge_on_bond)
4161s --
4161s Traceback (most recent call last):
4161s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/scenarios.py",
 line 62, in test_mix_bridge_on_bond
4161s self.assert_iface('br0', ['inet 192.168.0.2/24'])
4161s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/base.py",
 line 279, in assert_iface
4161s self.assertRegex(out, r, out)
4161s AssertionError: Regex didn't match: 'inet 192.168.0.2/24' not found in 
'16: br0:  mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000\nlink/ether 02:b1:cb:83:28:73 brd ff:ff:ff:ff:ff:ff 
promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 \nbridge forward_delay 1500 
hello_time 200 max_age 2000 ageing_time 3 stp_state 1 priority 32768 
vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.2:b1:cb:83:28:73 
designated_root 8000.2:b1:cb:83:28:73 root_port 0 root_path_cost 0 
topology_change 0 topology_change_detected 0 hello_timer0.42 tcn_timer
0.00 topology_change_timer0.00 gc_timer  267.99 vlan_default_pvid 1 
vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 
01:80:c2:00:00:00 mcast_snooping 1 no_linklocal_learn 0 mcast_vlan_snooping 0 
mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 
16 mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 
mcast_last_member_interval 100 mcast_membership_interval 26000 
mcast_querier_interval 25500 mcast_query_interval 12500 
mcast_query_response_interval 1000 mcast_startup_query_interval 3124 
mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 
0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 
gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 
gro_max_size 65536 \n' : 16: br0:  mtu 1500 
qdisc noqueue state DOWN group default qlen 1000
4161s link/ether 02:b1:cb:83:28:73 brd ff:ff:ff:ff:ff:ff promiscuity 0 
allmulti 0 minmtu 68 maxmtu 65535 
4161s bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 
3 stp_state 1 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q 
bridge_id 8000.2:b1:cb:83:28:73 designated_root 8000.2:b1:cb:83:28:73 root_port 
0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer
0.42 tcn_timer0.00 topology_change_timer0.00 gc_timer  267.99 
vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 
group_address 01:80:c2:00:00:00 mcast_snooping 1 no_linklocal_learn 0 
mcast_vlan_snooping 0 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 
mcast_hash_elasticity 16 mcast_hash_max 4096 mcast_last_member_count 2 
mcast_startup_query_count 2 mcast_last_member_interval 100 
mcast_membership_interval 26000 mcast_querier_interval 25500 
mcast_query_interval 12500 mcast_query_response_interval 1000 
mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 
mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 
numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 
65536 tso_max_segs 65535 gro_max_size 65536 

3897s ==
3897s FAIL: test_tunnel_vxlan (__main__.TestNetworkd.test_tunnel_vxlan)
3897s --
3897s Traceback (most recent call last):
3897s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/tunnels.py",
 line 232, in test_tunnel_vxlan
3897s self.assert_iface('vx0', [' udpcsum ', ' udp6zerocsumtx ',
3897s   File 
"/tmp/autopkgtest-lxc.c9fuz980/downtmp/build.jTA/src/tests/integration/base.py",
 line 279, in assert_iface
3897s self.assertRegex(out, r, out)
3897s AssertionError: Regex didn't match: ' udpcsum ' not found in '107: vx0: 
 mtu 1450 qdisc noqueue state UNKNOWN group 
default qlen 1000\nlink/ether 56:33:9d:43:62:06 brd ff:ff:ff:ff:ff:ff 
promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 \nvxlan id 1337 group 
224.0.0.5 local 10.10.10.42 dev eth42 srcport 4000 4200 dstport 4567 ttl 64 
ageing 100 nolearning rsc l2miss l3miss udp_zero_csum6_tx udp_zero_csum6_rx 
remcsum_tx remcsum_rx numtxqueues 1 numrxqueues 1 gso_max_size 65536 
gso_max_segs 65535 tso_max_size 524280 tso_max_segs 65535 gro_max_size 65536 \n 
   inet6 fe80::5433:9dff:fe43:6206/64 scope link proto kernel_ll \n   
valid_lft forever preferred_lft forever\n' : 107: vx0: 
 mtu 1450 qdisc noqueue state UNKNOWN group 
default qlen 1000
3897s link/ether 56:33:9d:43:62:06 brd 

Bug#1040003: jackd: add pipewire-jack to dependency alternativees

[Dominik George]

Package: jackd
Version: 5+nmu1
Severity: wishlist

The pipewire-jack package provides a JACKd implementation based
on PipeWire, which I am using on my audio recording workstation.

Other packages depend on jackd if they need a JACK daemon to talk
to (e.g. qjackctl), and that pulls in jackd2 currently, which
I do not need.

Please allow pipewire-pulse to satisfy the dependency on a JACKd
implementation.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages jackd depends on:
pn  jackd2 | jackd1  

jackd recommends no packages.

jackd suggests no packages.

Bug#1039907: apt-cacher-cleanup.pl clears/removes all cached packages on trixie

[Mark Hindley]

Control: tags -1 moreinfo

On Thu, Jun 29, 2023 at 01:35:28PM +0200, Chris Nospam wrote:
> Package: apt-cacher
> Version: 1.7.29
> 
> As far as I can see, calling /usr/share/apt-cacher/apt-cacher-cleanup.pl
> (e.g. after apt-get dist-upgrade which stores some packages to the cache)
> under debian testing/trixie seems to remove ALL package files in the cache
> /var/cache/apt-cacher/packages/ftp.xx.debian.org_debian, instead of only
> removing superseeded packages which are not in the index any more.

There have not been any recent changes, so unless the underlying perl behaviour
has changed, I don't have an immediate explanation.
> 
> I did not change my config (= nearly default), which used to operate on
> bookworm. Nevertheless, after bookworm got stable (and I stayed on testing), I
> manually cleared the cache by replacing /var/cache/apt-cacher with a vanilla
> version like it once was created by apt-get install apt-cacher .

Can you clarify exactly what you did here? Was that before or after the
dist-upgrade?

Mark

Bug#1036004:

[Nathan Schulte]

I believe we've finally tracked down the root cause of this issue, and
a set of patches has come across that should resolve it.

I haven't yet tried these latest patches but instead an earlier trial
based upon v6.4-rc4, which worked well.

Two patch sets resolve the issue; I haven't tried just the latest, but
I believe both are required for correct operation:

- 
https://lore.kernel.org/linux-acpi/20230601221151.670-1-mario.limoncie...@amd.com/T/#u
- 
https://lore.kernel.org/linux-gpio/20230630194716.6497-1-mario.limoncie...@amd.com/T/#u

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Andreas Tille]

Hi Johannes,

Am Fri, Jun 30, 2023 at 03:22:19PM +0200 schrieb Johannes Ranke:
> I think option 1 from [1] is the way to go, i.e. make r-base provide a 
> graphics API version according to the R changelog, and have the relevant 
> packages depend on that graphics API version. How to identify them was 
> discussed previously on this list [2]. Using the codesearch and github URLS 
> provided in that email, the list given there could be updated.

That's a good hint.  I took it as resource to draft some proof of
concept change for dh-r.
 
> Somehow Dirk is hesitant to do this, I think it is just a matter of "is this 
> really necessary"? To me, it seems there is ample evidence by now that it is 
> indeed necessary, for the mental sanity of everyone involved, and to avoid 
> future discussions about a full R API bump just because of the graphics API 
> on 
> the one hand, and to avoid breaking things by just ignoring the issue on the 
> other hand.

I've filed bug #1040001 and we'll see what release team will decide.

Kind regards
   Andreas.

-- 
http://fam-tille.de

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Gioele Barabucci]

On 30/06/23 21:15, Simon McVittie wrote:

On Fri, 30 Jun 2023 at 12:52:31 +0200, Gioele Barabucci wrote:

autopkgtest-build-podman's failure is due to the issue reported in [1], i.e.
the Debian setup of podman requires `dbus-user-session`, but none of the
podman-related packages Depends on it.

[1] https://bugs.debian.org/1013344


Is there anything that could or should be done in autopkgtest to resolve
this?


Perhaps unrelated to this specific bug, but I would suggest moving the 
builder/drivers to their own packages (autopkgtest-podman, 
autopkgtest-qemu) and letting them Depends on the required packages.


In this way, if I can be sure that after the installation of 
autopkgtest-X  I have all the things that are _needed_ to run that 
specific driver.



If this isn't actionable from autopkgtest's side, then I think the best
thing would be to reassign this bug to podman, merge it with #1013344,
and give it an "affects" on autopkgtest so that it'll still show up in
our list of known issues.


That also seems reasonable.

--
Gioele Barabucci

Bug#1040001: transition: r-base

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: r-b...@packages.debian.org, debia...@lists.debian.org
Control: affects -1 + src:r-base

Hi,

I'm not sure that we are in the right status to ask for a transition bug
since the affected package was just uploaded some time ago by its
maintainer who did not considered a proper transition.  This was discussed
on debia...@lists.debian.org in several postings - I try to point you to
the most relevant ones

  https://lists.debian.org/debian-r/2023/06/msg00011.html
as a response to >30 bugs against single packages all affecting
the r-base migration due to (to be expected) autopkgtest errors
in testing.  You can basically get this list of now all RC buggy
packages from the tracker page or r-base[1]

  https://lists.debian.org/debian-r/2023/06/msg00017.html
suggests r-graphics-api-* after r-base maintainer confirmed
"they cheated _a little_ and changes the graphics API" (probably
meaning ABI not API)

  https://lists.debian.org/debian-r/2023/06/msg00016.html
Reference to the docs

  https://lists.debian.org/debian-r/2023/06/msg00025.html
In the end of this mail three options are listed which I simply
repeat here for your comfort:

   1. implement the r-graphics-api-*
  This might be a bit complex since for the moment I do not know
  any means how to detect the packages that need this dependency
  (and how we can implement this into dh-update-R)  So this might
  become technically complex in the first case

   2. Just do a full r-api transition
  This would work but affects more packages than strictly
  necessary.  My gut feeling says we will be able to finish this
  earlier than 1. despite technically not perfect

   3. Blindly ignore the fact that we need a transition and follow
  the hackish workaround by using random versioned Depends as
  suggested by Nilesh for r-cran-epi.

  https://lists.debian.org/debian-r/2023/06/msg00027.html
Confirmation for option 1.


While I would love to hear the opinion of the release team what kind of
transition (1. or 2.) should be prefered (if this is possible now at all
since the affected package r-base 4.3.1 is in the archive since some
time and also the most urgent packages are rebuild manually) or whether
we need to fight manually through this mess (option 3.)  I confirm that
I agree with Johannes Ranke to prefer option 1. and do it "right" to be
safe for the next time.

To support this idea I just commited some proof of concept change to
dh-r which would support injecting a virtual package in case r-base
would define it.  This requires confirmation of the r-base maintainer.

Sorry that this transition bug is that complex.  I would have loved if
it would went more coordinated but unfortunately that's not in my hands
and I simply try to reassemble the pieces.

Kind regards
Andreas.

[1] https://tracker.debian.org/pkg/r-base
[2] 
https://salsa.debian.org/r-pkg-team/dh-r/-/commit/f79e2573a59c1ff01c526a7dcf15b7f85263cc29

Ben file:

title = "r-base";
is_affected = ;
is_good = ;
is_bad = ;

Bug#1040002: Drop Felix from Uploaders

[Felix Lechner]

Package: nullmailer
Severity: wishlist

Hi David,

I have not used nullmailer in a little while, and I do not plan to
work on the package in the near future.

Please remove my email address from the Uploaders field at your leisure. Thanks!

Kind regards
Felix

P.S. The proposed change alone did not seem to justify an upload.

Bug#1040000: plantuml: CVE-2023-3432

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2023-3432[0]:
| Server-Side Request Forgery (SSRF) in GitHub repository
| plantuml/plantuml prior to 1.2023.9.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3432
https://www.cve.org/CVERecord?id=CVE-2023-3432
[1] https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/
[2] 
https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797
 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1039999: plantuml: CVE-2023-3431

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2023-3431[0]:
| Improper Access Control in GitHub repository plantuml/plantuml prior
| to 1.2023.9.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3431
https://www.cve.org/CVERecord?id=CVE-2023-3431
[1] https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/
[2] 
https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1038920: python3-certbot-dns-gandi: Update from Debian 11 -> 12 leaves certificate updates broken

[Harlan Lieberman-Berg]

tag 1038920 +patch
thanks

On Fri, Jun 30, 2023 at 6:35 AM Norbert Preining  wrote:
> You could still send me the code and I give it an eye ;-)

Sold!  preinst file is attached.

Sincerely,

-- 
Harlan Lieberman-Berg
~hlieberman


preinst
Description: Binary data

Bug#1039998: kwin-wayland: kwin_wayland_wrapper spams thousands of messages to the journal

[mister01x]

Package: kwin-wayland
Version: 4:5.27.5-3
Severity: minor
X-Debbugs-Cc: mister...@web.de

Dear Maintainer,

kwin_wayland_wrapper writes thousands of lines a day to the journal.
A majority of those lines read:

Jun 30 13:10:11 kwin_wayland_wrapper[5999]: kwin_screencast: Dropping a
screencast frame because the compositor is slow

This makes it hard to read the journal as those messages come in rapid
succession at least 2 pages (on my terminal) per second.

On my system here i get:

$ journalctl --since today | grep "Dropping a screencast frame because\
the compositor is slow" | wc -l
29393

And:

$ journalctl --since today | grep kwin_wayland_wrapper | wc -l
39132

I think that this is an over excessive amount of messages to the journal
as it makes it harder to find messages of other programs which are not
that verbose. Therefore I consider this behaviour to be a bug.

Thanks for maintaining kwin-wayland!

Marcel

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.10-1-siduction-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8),
LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kwin-wayland depends on:
ii  kwayland-integration  5.27.5-2
ii  kwin-common   4:5.27.5-3
ii  libc6 2.36-9
ii  libcap2-bin   1:2.66-4
ii  libepoxy0 1.5.10-1
ii  libfontconfig12.14.1-4
ii  libfreetype6  2.12.1+dfsg-5
ii  libkdecorations2-5v5  4:5.27.5-2
ii  libkf5configcore5 5.107.0-1
ii  libkf5configgui5  5.107.0-1
ii  libkf5configwidgets5  5.107.0-1
ii  libkf5coreaddons5 5.107.0-1
ii  libkf5crash5  5.107.0-1
ii  libkf5dbusaddons5 5.107.0-1
ii  libkf5globalaccel-bin 5.107.0-2
ii  libkf5globalaccel55.107.0-2
ii  libkf5globalaccelprivate5 5.107.0-2
ii  libkf5i18n5   5.107.0-1
ii  libkf5idletime5   5.107.0-1
ii  libkf5notifications5  5.107.0-1
ii  libkf5plasma5 5.107.0-1
ii  libkf5service-bin 5.107.0-1
ii  libkf5service55.107.0-1
ii  libkf5windowsystem5   5.107.0-1
ii  libkwineffects14  4:5.27.5-3
ii  libkwinglutils14  4:5.27.5-3
ii  libpipewire-0.3-0 0.3.71-2+b2
ii  libqaccessibilityclient-qt5-0 0.4.1-1+b1
ii  libqt5core5a [qtbase-abi-5-15-8]  5.15.8+dfsg-12
ii  libqt5dbus5   5.15.8+dfsg-12
ii  libqt5gui55.15.8+dfsg-12
ii  libqt5network55.15.8+dfsg-12
ii  libqt5qml55.15.8+dfsg-3
ii  libqt5quick5  5.15.8+dfsg-3
ii  libqt5widgets55.15.8+dfsg-12
ii  libstdc++613.1.0-6
ii  libxcb-randr0 1.15-1
ii  libxcb-xfixes01.15-1
ii  libxcb1   1.15-1
ii  xwayland  2:22.1.9-1

kwin-wayland recommends no packages.

kwin-wayland suggests no packages.

-- debconf-show failed

Bug#1039958: autopkgtest-build-podman: Image creation fails with "sd-bus call: Permission denied"

[Simon McVittie]

On Fri, 30 Jun 2023 at 12:52:31 +0200, Gioele Barabucci wrote:
> autopkgtest-build-podman's failure is due to the issue reported in [1], i.e.
> the Debian setup of podman requires `dbus-user-session`, but none of the
> podman-related packages Depends on it.
> 
> [1] https://bugs.debian.org/1013344

Is there anything that could or should be done in autopkgtest to resolve
this? The only thing I can see that would help from the autopkgtest side
would be a dependency on dbus-user-session, but the dependencies of the
various autopkgtest-build-* tools are only Suggests anyway (we consider
the core functionality of autopkgtest to be running tests, not setting
up any specific backend), and adding a Suggests on dbus-user-session
seems like it wouldn't be a particularly helpful hint for users that
the absence of dbus-user-session is why they're seeing this error.

If this isn't actionable from autopkgtest's side, then I think the best
thing would be to reassign this bug to podman, merge it with #1013344,
and give it an "affects" on autopkgtest so that it'll still show up in
our list of known issues.

smcv

Bug#1039997: RFP: go-mega -- A client library in go for mega.nz storage service, required for rclone

[Alastair]

Package: wnpp
Severity: wishlist

* Package name: go-mega
  Version : Unknown
  Upstream Contact: See https://github.com/t3rm1n4l/go-mega
* URL : https://github.com/t3rm1n4l/go-mega
* License : MIT
  Programming Lang: Go
  Description : A client library in Go for mega.co.nz storage service

This is an API client library for MEGA storage service. Currently, the library 
supports the basic APIs and operations as follows:

  * User login 
  * Fetch filesystem tree
  * Upload file
  * Download file
  * Create directory
  * Move file or directory
  * Rename file or directory
  * Delete file or directory
  * Parallel split download and upload
  * Filesystem events auto sync
  * Unit tests

It would be used by rclone so rlcone can support Mega.nz cloud
storage.
https://github.com/rclone/rclone/issues/3980#issuecomment-654415017
has details and the rlcone package patch where the Mega backend is
disabled is at 
https://sources.debian.org/patches/rclone/1.60.1%2Bdfsg-2/0002-Disable-mega-backend.patch/

Thank you.

Bug#1025552: Bug#1037295: live-config: starting Calamares installer requires a password (which is 'live')

[Simon McVittie]

On Fri, 30 Jun 2023 at 16:01:49 +0200, Roland Clobus wrote:
> On 10/06/2023 19:14, Simon McVittie wrote:
> > On Sat, 10 Jun 2023 at 15:10:35 +0100, Simon McVittie wrote:
> > > * Boot debian-live-12.0.0-amd64-gnome.iso (the version used for
> > >release-day testing)
> > >- KDE has a similar issue with slightly different steps to start the
> > >  installer, probably all desktops' variants are affected
> > 
> > GNOME, KDE and LXQT are affected.
> 
> I've proposed a fix for Calamares in #1025552, which is based on your
> proposal in this ticket.
> If it is accepted there, this ticket can be regarded as a duplicate.

Bug #1037295 "live-config: starting Calamares installer requires a
password" is not a duplicate of #1025552 "calamares: dependency on
transitional policykit-1 package", they are two separate issues both
triggered by the new polkitd version in bookworm. The fix for #1025552
is to remove the transitional package policykit-1 from Build-Depends,
and replace it with polkitd.

The additional issue that you described in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025552#21 *is* the
same thing as bug #1037295, and you are correct to say that the solution
is to provide a JavaScript file configuring polkitd to allow the live
user to start Calamares without a password, but that's outside the scope
of #1025552.

I think it would be better to solve this in live-config rather
than in Calamares, by modifying components/1080-policykit
with polkitd configuration similar to what I suggested in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037295#10, because I
don't think we want installing the calamares package onto an ordinary
(non-live) system to give members of the sudo group the ability to
run it without a re-authentication prompt.

smcv

Bug#1039996: steam-installer: steam/need-nvidia-i386 template refers to a non-existing nvidia-driver-libs-i386 package

[Ricardo Pérez]

Package: steam-installer
Version: 1:1.0.0.78~ds-2
Severity: normal
X-Debbugs-Cc: rica...@ubuntu.com

Dear Maintainer,

The steam/need-nvidia-i386 debconf template, found in
`/var/lib/dpkg/info/steam-installer.templates`, asks the user to install
the non-existing `nvidia-driver-libs-i386` package. I believe the
correct package is `nvidia-driver-libs:i386`, that is, the
`nvidia-driver-libs` package in the `i386` arch.

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages steam-installer depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  steam-libs 1:1.0.0.78~ds-2
ii  steam-libs-i3861:1.0.0.78~ds-2
ii  zenity 3.44.0-1

steam-installer recommends no packages.

steam-installer suggests no packages.

Versions of packages steam-libs depends on:
ii  ca-certificates  20230311
ii  curl 7.88.1-10
ii  file 1:5.44-3
ii  libc62.36-9
ii  libcrypt11:4.4.35-1
ii  libgcc-s1 [libgcc1]  13.1.0-6
ii  libgl1   1.6.0-1
ii  libgl1-mesa-dri  22.3.6-1+deb12u1
ii  libgpg-error01.46-1
ii  libstdc++6   13.1.0-6
ii  libudev1 252.11-1
ii  libva-x11-2  2.18.0-1
ii  libva2   2.18.0-1
ii  libxcb-dri3-01.15-1
ii  libxcb1  1.15-1
ii  libxi6   2:1.8-1+b1
ii  libxinerama1 2:1.1.4-3
ii  xz-utils 5.4.1-0.2

Versions of packages steam-libs recommends:
ii  alacritty [x-terminal-emulator]  0.11.0-4
ii  fontconfig   2.14.1-4
ii  fonts-liberation 1:1.07.4-11
ii  i965-va-driver [va-driver]   2.4.1+dfsg1-1
ii  intel-media-va-driver [va-driver]23.1.2+dfsg1-1
ii  libasound2-plugins   1.2.7.1-1
ii  libegl1  1.6.0-1
ii  libexpat12.5.0-2
ii  libfontconfig1   2.14.1-4
ii  libgbm1  22.3.6-1+deb12u1
ii  libsdl2-2.0-02.28.0+dfsg-1
ii  libva-drm2   2.18.0-1
ii  libva-glx2   2.18.0-1
ii  libx11-6 2:1.8.6-1
ii  libx11-xcb1  2:1.8.6-1
ii  libxau6  1:1.0.9-1
ii  libxcb-dri2-01.15-1
ii  libxcb-glx0  1.15-1
ii  libxcb-present0  1.15-1
ii  libxcb-sync1 1.15-1
ii  libxdamage1  1:1.1.6-1
ii  libxdmcp61:1.1.2-3
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxss1  1:1.2.3-1
ii  libxxf86vm1  1:1.1.4-1+b2
ii  mesa-va-drivers [va-driver]  22.3.6-1+deb12u1
ii  mesa-vulkan-drivers  22.3.6-1+deb12u1
ii  sakura [x-terminal-emulator] 3.8.7-1
ii  steam-devices1:1.0.0.78~ds-2
ii  va-driver-all2.18.0-1
ii  xdg-desktop-portal   1.16.0-2
ii  xdg-desktop-portal-gtk [xdg-desktop-portal-backend]  1.14.1-1
ii  xdg-utils1.1.3-4.1
ii  xterm [x-terminal-emulator]  382-2
ii  zenity   3.44.0-1

Versions of packages steam-libs suggests:
pn  libudev0
ii  nvidia-driver-libs  525.105.17-2
ii  nvidia-vulkan-icd   525.105.17-2
pn  pipewire

Versions of packages steam-libs:i386 depends on:
ii  ca-certificates  20230311
ii  curl 7.88.1-10
ii  file 1:5.44-3
ii  libc62.36-9
ii  libcrypt11:4.4.35-1
ii  libgcc-s1 [libgcc1]  13.1.0-6
ii  libgl1   1.6.0-1
ii  libgl1-mesa-dri  22.3.6-1+deb12u1
ii  libgpg-error01.46-1
ii  libstdc++6   13.1.0-6
ii  libudev1 252.11-1
ii  libva-x11-2  2.18.0-1
ii  libva2

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Salvatore Bonaccorso]

Hi

[CC'ing the security team alias]

On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote:
> Hi,
> 
> Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso  a
> écrit :
> 
> > Source: nodejs
> > Version: 18.13.0+dfsg1-1
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team <
> > t...@security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for nodejs.
> >
> > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
> > CVE-2023-30590[3].
> >
> >
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> >
> 
> It would be interesting to know if we adopt the same plan we had with
> security team:
> full upstream updates in the same branch, 18.x here.

Yes I think we can do the same for bookworm and follow the 18.x
releases given it is a LTS branch. Unless you have some reason to
believe it would not be wise to do for the 18.x series.

Regards,
Salvatore

Bug#1036829: libretro-mgba: Audio stutters horribly and sounds distorted

[Ryan Tandy]

Hello,

I'm preparing an update for mgba in bookworm to fix this issue. Can I 
ask you to test the proposed package and confirm that it works for you?


On my system, the current bookworm package has no audio at all in 
retroarch, which is different from what you reported, so I'd like to be 
sure I've got the right patch.


You can find debs built for bookworm here:

https://salsa.debian.org/rtandy/mgba/-/jobs/4381339/artifacts/browse/debian/output/

with these changes:

https://salsa.debian.org/rtandy/mgba/-/compare/debian%2F0.10.1+dfsg-1...bookworm+ci

thanks,
Ryan

Bug#1039995: RM: iceoryx [armhf] -- ANAIS; 32-bit architectures broken and unsupported

[Timo Röhling]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: iceo...@packages.debian.org
Control: affects -1 + src:iceoryx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear FTP team,

please remove the armhf binaries of src:iceoryx as they are not
functional. Upstream does not support 32-bit architectures at all, so
it is unlikely they will ever be fixed.


Cheers
Timo


-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmSfIwkACgkQ+C8H+466
LVmigQwAzsZnt/csVIGdf/jI97PDBRi+3ODaJTCILf3Tw+pD2doZ0+4ZTIVc1LcY
FUB570qxe9YlLqQPoQcJwEf1l/3koFVemAgjbJMOI9wcMraMqNRYzrxRt5l96j9i
G38iPEzdp67vlgM3kwTWXEQDwHnqlfXqePAeailn357+qe7owPJLIAA4k1jjebev
PVFknsRAIRBsaTeNR4KfFImB/+XxgHSluQha16SmyisTkW1OxJOdFgzUqfC8uxJf
LJpE5jhRRAT0JLliUNbatxhmd85SVbbGBvDez77irHymyEOLxTGYF6TW6vazffIP
VeOVKuKraP2NXrzsQRZV990yE6U9n0QqgGh2MVNgHmIJG+YtU/5p8IpwEzKrNeo8
xwfd4NDih8smma3XvBHFSN+DpePIXnFdmlTl0ViUamvGcDFe/BeqlxstJT6q0EvA
DNIBcGv5/hckHfSepg5zF83e9sEr7YfwEFV/B0lMVcigSFN45D+uIc5z4qsH0jLB
2nNmFqnA
=q6hN
-END PGP SIGNATURE-

Bug#1039994: bullseye-pu: package logrotate/3.18.0-2+deb11u2

[Christian Göttsche]

Package: release.debian.org
Control: affects -1 + src:logrotate
User: release.debian@packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal

[ Reason ]
The previous upload (3.18.0-2+deb11u1) cherry picked several commits
around the state file handling of logrotate.
In particular 
debian/patches/applied-upstream/Do-not-lock-state-file-dev-null.patch
added the following wording to the man page:

If /dev/null is given as the state file, then logrotate will not
try to lock or write the state file.

In the current bullseye version this is only true for locking but nor
for writing since the related commit was not included.
Thus the usage of /dev/null as the state file can lead to /dev/null
being replaced by a regular file.
See #1039868 as an example.

[ Impact ]
Users might be instructed by the man page to use /dev/null as a
throwaway state file and end up with /dev/null being replaced with a
regular file.

[ Tests ]
The testsuite of logrotate passes and there have been no issues in
logrotate versions that include that commit, in particular 3.21.0,
which is the version in Debian stable and unstable.

[ Risks ]
The change is a single trivial added path comparison to skip the state
file writing iff the state file is literal "/dev/null". There is no
change in behavior if the state file is not "/dev/null".

[ Checklist ]
 [X] *all* changes are documented in the d/changelog
 [X] I reviewed all changes and I approve them
 [X] attach debdiff against the package in (old)stable
 [X] the issue is verified as fixed in unstable

[ Changes ]
Skip writing the state to the file iff the path is literal "/dev/null".
Add a test case around using /dev/null as a state file.

[ Other info ]

diff -Nru logrotate-3.18.0/debian/changelog logrotate-3.18.0/debian/changelog
--- logrotate-3.18.0/debian/changelog   2022-01-30 17:29:14.0 +0100
+++ logrotate-3.18.0/debian/changelog   2023-06-30 19:45:16.0 +0200
@@ -1,3 +1,10 @@
+logrotate (3.18.0-2+deb11u2) bullseye; urgency=medium
+
+  * d/patches: cherry-pick usptream fix:
+- writeState: do nothing if state file is /dev/null (Closes: #1039868)
+
+ -- Christian Göttsche   Fri, 30 Jun 2023
19:45:16 +0200
+
logrotate (3.18.0-2+deb11u1) stable; urgency=medium

  * d/patches: cherry-pick upstream fixes:
diff -Nru 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
--- 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
 1970-01-01 01:00:00.0 +0100
+++ 
logrotate-3.18.0/debian/patches/applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch
 2023-06-30 19:45:16.0 +0200
@@ -0,0 +1,76 @@
+From: Kamil Dudka 
+Date: Thu, 3 Jun 2021 10:51:07 +0200
+Applied-Upstream:
https://github.com/logrotate/logrotate/commit/456692644cbf5adb6253cb7ed2d169e950a9e348
+Subject: writeState: do nothing if state file is /dev/null
+
+If users do not want to use any state file, they can specify `/dev/null`
+as the state file.  Without this fix, logrotate would unnecessarily fail
+to rename a temporary file to `/dev/null`.
+
+Fixes: https://github.com/logrotate/logrotate/issues/395
+---
+ logrotate.c|  4 
+ test/Makefile.am   |  1 +
+ test/test-0089.sh  | 14 ++
+ test/test-config.89.in |  4 
+ 4 files changed, 23 insertions(+)
+ create mode 100755 test/test-0089.sh
+ create mode 100644 test/test-config.89.in
+
+diff --git a/logrotate.c b/logrotate.c
+index d110d54..31161bb 100644
+--- a/logrotate.c
 b/logrotate.c
+@@ -2515,6 +2515,10 @@ static int writeState(const char *stateFilename)
+ char *prevCtx;
+ int force_mode = 0;
+
++if (!strcmp(stateFilename, "/dev/null"))
++/* explicitly asked not to write the state file */
++return 0;
++
+ localtime_r(, );
+
+ tmpFilename = malloc(strlen(stateFilename) + 5 );
+diff --git a/test/Makefile.am b/test/Makefile.am
+index f1a0062..97e5775 100644
+--- a/test/Makefile.am
 b/test/Makefile.am
+@@ -87,6 +87,7 @@ TEST_CASES = \
+   test-0086.sh \
+   test-0087.sh \
+   test-0088.sh \
++  test-0089.sh \
+   test-0092.sh \
+   test-0100.sh \
+   test-0101.sh \
+diff --git a/test/test-0089.sh b/test/test-0089.sh
+new file mode 100755
+index 000..c586690
+--- /dev/null
 b/test/test-0089.sh
+@@ -0,0 +1,14 @@
++#!/bin/sh
++
++. ./test-common.sh
++
++# skip the test if /dev/null is not readable
++test -r /dev/null || exit 77
++
++# we don't want any stuff left from previous runs
++cleanup 89
++
++# --- Test 89 
++# using /dev/null as state file tells logrotate not to write the state file
++preptest test.log 89 2
++$RLR --state /dev/null test-config.89
+diff --git a/test/test-config.89.in b/test/test-config.89.in
+new file mode 100644

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Jérémy Lal]

Hi,

Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso  a
écrit :

> Source: nodejs
> Version: 18.13.0+dfsg1-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team <
> t...@security.debian.org>
>
> Hi,
>
> The following vulnerabilities were published for nodejs.
>
> CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
> CVE-2023-30590[3].
>
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>

It would be interesting to know if we adopt the same plan we had with
security team:
full upstream updates in the same branch, 18.x here.

Jérémy

Bug#1039993: apparmor policy for tcpdump does not allow reading of "pcapng" files

[Chris Kuethe]

Package: tcpdump
Version: 4.99.1-3ubuntu0.1

I originally reported this as an Ubuntu bug and was redirected here.
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2024017

As the title says, the stock apparmor policy for tcpdump does not
allow "pcapng" files - such as those produced by wireshark - to be
read. This manifests as an opaque "permission denied" message on the
terminal and a log like this in dmesg when doing something like
`tcpdump -nr /tmp/test.pcapng`:

`[239871.151443] audit: type=1400 audit(1686850017.603:206):
apparmor="DENIED" operation="open" class="file" profile="tcpdump"
name="/tmp/test.pcapng" pid=515786 comm="tcpdump" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0`

The stock policy /etc/apparmor.d/usr.bin.tcpdump contains these rules
(note the lack of pcapng):

```
 # for -r, -F and -w
  /**.[pP][cC][aA][pP] rw,
  /**.[cC][aA][pP] rw,
```

Just for fun, I linked my test file to `/tmp/test.pcap` and tcpdump
was able to parse it correctly, so the problem was definitely not an
invalid format.

I then added a local rule in /etc/apparmor.d/local/usr.bin/tcpdump
which allowed tcpdump to read it:

```
/**.[pP][cC][aA][pP][nN][gG] rw,
```
Please find attached a diff with this change for
https://salsa.debian.org/rfrancoise/tcpdump/-/blob/master/debian/usr.bin.tcpdump

System info:
$ lsb_release -rd
Description: Pop!_OS 22.04 LTS
Release: 22.04
$ uname -a
Linux laptop 6.2.6-76060206-generic
#202303130630~1685473338~22.04~995127e SMP PREEMPT_DYNAMIC Tue M
x86_64 x86_64 x86_64 GNU/Linux
$ apt-cache policy tcpdump
tcpdump:
  Installed: 4.99.1-3ubuntu0.1
  Candidate: 4.99.1-3ubuntu0.1
  Version table:
 *** 4.99.1-3ubuntu0.1 500
500 http://apt.pop-os.org/ubuntu jammy-updates/main amd64 Packages
100 /var/lib/dpkg/status
 4.99.1-3build2 500
500 http://apt.pop-os.org/ubuntu jammy/main amd64 Packages
$ tcpdump --version
tcpdump version 4.99.1
libpcap version 1.10.1 (with TPACKET_V3)
OpenSSL 3.0.2 15 Mar 2022


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
--- usr.bin.tcpdump.orig	2023-06-15 11:01:20.472474816 -0700
+++ usr.bin.tcpdump	2023-06-15 11:01:44.680377905 -0700
@@ -54,6 +54,7 @@
 
   # for -r, -F and -w
   /**.[pP][cC][aA][pP] rw,
+  /**.[pP][cC][aA][pP][nN][gG] rw,
   /**.[cC][aA][pP] rw,
 
   # for convenience with -r (ie, read pcap files from other sources)

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[John Paul Adrian Glaubitz]

Hello!

On Sat, 2023-05-20 at 15:07 +0200, Adam Borowski wrote:
> The JFS filesystem is deprecated in the kernel: on life support since 2009
> and with talks of removal altogether.

Not sure where you got this information from, but JFS [1] unlike ReiserFS [2]
is not marked as deprecated in the kernel. There was a single mail by Christoph
Hellwig suggesting to deprecate JFS in the near future but so far nothing
has been decided yet.

Adrian

> [1] 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/jfs/Kconfig
> [2] 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/reiserfs/Kconfig

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1039992: kcm does not initialize kdc_offset, leading to random "Ticket expired" and "Clock skew too great" errors

[Steffen Kieß]

Package: heimdal-kcm
Version: 7.8.git20221117.28daf24+dfsg-2
Control: found -1 7.7.0+dfsg-2+deb11u3

In kcm/cache.c in kcm_ccache_alloc(), slot->kdc_offset is not 
initialized. The means that kcm will return an uninitialized values for 
GET_KDC_OFFSET (the value will often be 0, but sometimes some random 
value) unless SET_KDC_OFFSET has been called for the cache before.


This has been fixed upstream on the master branch, but not on 
heimdal-7-1-branch:

https://github.com/heimdal/heimdal/pull/390
https://github.com/heimdal/heimdal/commit/9f58896af958ae5e6e3ebde8c48dad4eda841986

Bug#1039991: libxml2: CVE-2022-2309

[Salvatore Bonaccorso]

Source: libxml2
Version: 2.9.14+dfsg-1.2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.9.10+dfsg-6.7+deb11u4
Control: found -1 2.9.10+dfsg-1

Hi,

The following vulnerability was published for libxml2.

CVE-2022-2309[0]:
| NULL Pointer Dereference allows attackers to cause a denial of
| service (or application crash). This only applies when lxml is used
| together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and
| earlier are not affected. It allows triggering crashes through
| forged input data, given a vulnerable code sequence in the
| application. The vulnerability is caused by the iterwalk function
| (also used by the canonicalize function). Such code shouldn't be in
| wide-spread use, given that parsing + iterwalk would usually be
| replaced with the more efficient iterparse function. However, an XML
| converter that serialises to C14N would also be vulnerable, for
| example, and there are legitimate use cases for this code sequence.
| If untrusted input is received (also remotely) and processed via
| iterwalk function, a crash can be triggered.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2309
https://www.cve.org/CVERecord?id=CVE-2022-2309
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/378
[2] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc
 
[3] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2

Regards,
Salvatore

Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

[Salvatore Bonaccorso]

Source: nodejs
Version: 18.13.0+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for nodejs.

CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
CVE-2023-30590[3].


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-30581
https://www.cve.org/CVERecord?id=CVE-2023-30581
[1] https://security-tracker.debian.org/tracker/CVE-2023-30588
https://www.cve.org/CVERecord?id=CVE-2023-30588
[2] https://security-tracker.debian.org/tracker/CVE-2023-30589
https://www.cve.org/CVERecord?id=CVE-2023-30589
[3] https://security-tracker.debian.org/tracker/CVE-2023-30590
https://www.cve.org/CVERecord?id=CVE-2023-30590
[4] https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1039988: Please provide a python3-all-venv package to parallel the python3-all etc packages

[Julian Gilbey]

Package: python3-venv
Version: 3.11.2-1+b1
Severity: wishlist

I have a package whose test suite builds a virtual environment for the
test.  (This is an integral part of the test.)  Unfortunately, though
I can depend on python3-all for the build and then attempt to run the
tests for all supported Python versions, there is no equivalent
python3-all-venv package that I can depend on to bring in the relevant
versioned python3.XX-venv packages.  This would presumably be a simple
addition, and very helpful for my usage case (pylint-venv)!

Best wishes,

   Julian

Bug#1039989: plantuml: CVE-2022-1231

[Salvatore Bonaccorso]

Source: plantuml
Version: 1:1.2020.2+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for plantuml.

CVE-2022-1231[0]:
| XSS via Embedded SVG in SVG Diagram Format in GitHub repository
| plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of
| the diagram embedder. Depending on the actual context, this ranges
| from stealing secrets to account hijacking or even to code execution
| for example in desktop applications. Web based applications are the
| ones most affected. Since the SVG format allows clickable links in
| diagrams, it is commonly used in plugins for web based projects
| (like the Confluence plugin, etc. see
| https://plantuml.com/de/running).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-1231
https://www.cve.org/CVERecord?id=CVE-2022-1231
[1] https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/
[2] 
https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#897933: dhcp-client instead of isc-dhcp-client?

[Beolach]

Is there a reason libguestfs0 depends on isc-dhcp-client specifically, instead 
of the virtual dhcp-client?  I prefer dhcpcd over isc-dhcp-client, and there 
are several other dhcp-client implementations as well.

If it really does need something specifically from isc-dhcp-client, could it be 
moved to Recommends instead of Depends (i.e. is it really a universal 
dependency, or is it just some limited extra functionality)?


Thanks,
Beolach

publickey - Beolach@proton.me - 0x98F57C4E.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Bug#1039985: libjson-smart-java: buster-lts has a newer version than bullseye/bookworm/sid

[Andreas Beckmann]

Package: libjson-smart-java
Version: 2.2-2
Severity: serious
Tags: bullseye bookworm trixie sid
User: debian...@lists.debian.org
Usertags: piuparts
X-Debbugs-Cc: Bastien Roucariès 

Hi,

during a test with piuparts I noticed your package cannot be upgraded
from buster-lts to any newer release since buster-lts has a version
newer than any later release:

 json-smart | 2.2-1 | stretch | source
 json-smart | 2.2-2 | buster  | source
 json-smart | 2.2-2 | bullseye| source
 json-smart | 2.2-2 | bookworm| source
 json-smart | 2.2-2 | trixie  | source
 json-smart | 2.2-2 | sid | source
 json-smart | 2.2-2+deb10u1 | buster-security | source


Andreas

Bug#1037086: dropbear-initramfs: /etc/dropbear/initramfs/dropbear_dss_host_key file not generated

[Michael Meier]

I've had the same problem. Took me quite some time to realize why 
nothing is working.

I'm using debian bookworm.

dropbear-initramfs:
  Installed: 2022.83-1

dropbear-bin:
  Installed: 2022.83-1

I had to edit the file /usr/share/initramfs-tools-hooks so it also 
copies the dss key:

< for keytype in dss rsa ecdsa ed25519; do
---
> for keytype in rsa ecdsa ed25519; do

then

dropbearkey -t dss -f /etc/dropbear/initramfs/dropbear_dss_host_key

update-initramfs -u

And finally. Dropbear could be started!

The option DROPBEAR_OPTIONS="-E" should be default, so the user gets 
some kind of error message if something is not working. Would have saved 
me an hour or so...

Bug#1039984: yail: CVE-2023-33460: Memory leak in yajl 2.1.0 with use of yajl_tree_parse function

[Tobias Frost]

Source: yajl
Version: 2.1.0-2
Severity: important
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team 

The following CVE was published for yajl:

CVE-2023-33460[0]:
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which
will cause out-of-memory in server and cause crash.

Upstream Issue [1] links to a potential patch [2]

I'm filing this bug as I'm going to fix the issue for ELTS (stretch/jessie)
and then possibly also will NMU for sid, bookworm and bullseye and buster.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

[0] https://security-tracker.debian.org/tracker/CVE-2023-33460

[1] https://github.com/lloyd/yajl/issues/250

[2] 
https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698

-- 
Cheers,
tobi

-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'oldstable-security'), (500, 
'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (100, 
'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#1039983: cups: Cannot change printer.conf to CMYK

[Kerstin Hoef-Emden]

Package: cups
Version: 2.4.2-3
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Upgrade from bullseye to bookworm

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
First of all, the printer drivers for my printer (Kyocera FS-C5250dn) were not
anymore available in the printers list. The original Kyocera PPD files were
still present in the file system. I chose them by browsing the file system.
Although the printer was now identified as capable of doing CMYK and it was set
to color in the cups browser interface. I also tried to change the setting in
printer.conf a) by hand to printer-color-mode CMYK and I tried the command
lpoptions -p Kyocera -o printer-colormode=CMYK.

   * What was the outcome of this action?
It did not work, the printer still prints only Black & White and I am not able
to change the setting in printer.conf.

   * What outcome did you expect instead?

For sure I want my color printer to print color again.


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cups depends on:
ii  cups-client2.4.2-3
ii  cups-common2.4.2-3
ii  cups-core-drivers  2.4.2-3
ii  cups-daemon2.4.2-3
ii  cups-filters   1.28.17-3
ii  cups-ppdc  2.4.2-3
ii  cups-server-common 2.4.2-3
ii  debconf [debconf-2.0]  1.5.82
ii  ghostscript10.0.0~dfsg-11
ii  libavahi-client3   0.8-10
ii  libavahi-common3   0.8-10
ii  libc6  2.36-9
ii  libcups2   2.4.2-3
ii  libgcc-s1  12.2.0-14
ii  libstdc++6 12.2.0-14
ii  libusb-1.0-0   2:1.0.26-1
ii  poppler-utils  22.12.0-2+b1
ii  procps 2:4.0.2-3

Versions of packages cups recommends:
ii  avahi-daemon  0.8-10
ii  colord1.4.6-2.2

Versions of packages cups suggests:
ii  cups-bsd   2.4.2-3
pn  cups-pdf   
pn  foomatic-db-compressed-ppds | foomatic-db  
pn  smbclient  
ii  udev   252.6-1

-- debconf information:
  cupsys/raw-print: true
  cupsys/backend: lpd, socket, usb, snmp, dnssd


Kyocera.ppd
Description: application/vnd.cups-ppd
# Printer configuration file for CUPS v2.4.2
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
NextPrinterId 2

PrinterId 1
UUID urn:uuid:80dbe96e-e1b1-33fd-69e1-dabf1d863644
Info Kyocera FS-C5250dn
Location 192.168.1.6
MakeModel Kyocera FS-C5350DN (KPDL)
DeviceURI socket://192.168.1.6
State Idle
StateTime 1688140313
ConfigTime 1688140297
Type 8425564
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy retry-job
Option print-color-mode monochrome
Attribute marker-colors \#00,#FF00FF,#00,#00,none
Attribute marker-levels 6,6,100,65,-1
Attribute marker-names TK-590C,TK-590M,TK-590Y,TK-590K,Waste Toner Box
Attribute marker-types toner,toner,toner,toner,waste-toner
Attribute marker-change-time 1688140313

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[Steve McIntyre]

On Fri, Jun 30, 2023 at 04:56:37PM +0200, Adam Borowski wrote:
>On Sun, May 21, 2023 at 07:35:36AM +0200, Cyril Brulebois wrote:
>> Adam Borowski  (2023-05-20):
>> > The JFS filesystem is deprecated in the kernel: on life support since 2009
>> > and with talks of removal altogether.  Thus, we really shouldn't offer to
>> > format new setups with it.  There are people who kind-of remember JFS being
>> > the fastest back in the day, and it's irresponsible to set them for failed
>> > upgrades past Bookworm.
>> > 
>> > Thus: please remove JFS from the installer.
>> 
>> It doesn't seem reasonable to do that weeks away from the release, without
>> any kind of heads-up. That can be done during the Trixie release cycle,
>> e.g. in Alpha 1.
>
>Aye, sorry for having distracted you during the most busy time.  I filed the
>bug when I learned about plans of giving JFS the axe.
>
>> Feel free to ping this bug report a few weeks/months into the next release
>> cycle
>
>So... it might be a better time now.

Agreed, we'll pick this up shortly.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"The whole problem with the world is that fools and fanatics are
 always so certain of themselves, and wiser people so full of doubts."
   -- Bertrand Russell

Bug#1036569: openvswitch-common: leaves alternatives after purge: /usr/sbin/ovs-vswitchd -> /etc/alternatives/ovs-vswitchd

[Andreas Beckmann]

Followup-For: Bug #1036569
Control: tag -1 patch

find attached a patch to reintroduce openvswictch-common.postinst which
clean up the forgotten alternative


Andreas
>From 082e6d3c316f32e203debc285fa1c20ba460c3b1 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Fri, 30 Jun 2023 14:19:38 +0200
Subject: [PATCH] Remove obsolete alternative dating back to bullseye

Closes: #1036569
---
 debian/openvswitch-common.postinst | 10 ++
 1 file changed, 10 insertions(+)
 create mode 100644 debian/openvswitch-common.postinst

diff --git a/debian/openvswitch-common.postinst 
b/debian/openvswitch-common.postinst
new file mode 100644
index 0..3949d46df
--- /dev/null
+++ b/debian/openvswitch-common.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt-nl "3.1.2-2~"
+then
+   # remove obsolete alternative from bullseye
+   update-alternatives --remove ovs-vswitchd 
/usr/lib/openvswitch-common/ovs-vswitchd
+fi
+
+#DEBHELPER#
-- 
2.20.1

Bug#1039480: [astroplan] Please update to 0.8 for astropy 5.3 compatibility

[Ole Streicher]

Hi Vincent,

if there are only a few tests, I would disable them and update the 
package. The main goal for the tests in Debian are that the package 
works well in that environment - i.e. with the installed astropy etc. 
This can be tested also with a new tests disabled.


I usually just report failing tests upstream and then disable them is 
they are just a bug in the test (or if the problem looks minor to me).


Cheers

Ole

On 30.06.23 17:06, Vincent Prat wrote:

Dear Ole,

There is this long-running issue in astroplan 0.8: 
https://github.com/astropy/astroplan/issues/416.

It is claimed to be solved, but I just tried and it still fails.

I can try to patch the version currently in Debian so that it is 
compatible with astropy 5.3, or disable the problematic tests 
(potentially a lot) in astroplan 0.8.

What do you think is best?

Regards

Vincent

Bug#1039982: packages.debian.org: Cannot download package source files due to mixed content URL

[Boyuan Yang]

Package: www.debian.org
Severity: normal

Converting the email to a bug report.

Thanks,
Boyuan Yang


在 2023-06-26星期一的 17:45 -0700，John Horigan写道：
> I tried to download the the source files and debian files for source package
> agg, but Chrome blocked the downloads with this message on the error
> console:
> 
> > Mixed Content: The site at 'https://packages.debian.org/' was loaded over
> > a secure connection, but the file at
> > 'https://deb.debian.org/debian/pool/main/a/agg/agg_2.6.1-r134+dfsg1-2.debi
> > an.tar.xz' was redirected through an insecure connection. This file should
> > be served over HTTPS. This download has been blocked. See
> > https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for
> > more details.
> 
> 
> The problem appears to be that the download links at the bottom of the
> source page https://packages.debian.org/source/trixie/agg use http: instead
> of https:. Clicking on these insecure links results in a 307 temporary
> redirect to the corresponding secure link. Chrome seems to block secure
> pages with insecure links that redirect to secure locations. The source page
> should have secure links.
> 
> -- john



signature.asc
Description: This is a digitally signed message part

Bug#1039480: [astroplan] Please update to 0.8 for astropy 5.3 compatibility

[Vincent Prat]

Dear Ole,

There is this long-running issue in astroplan 0.8: 
https://github.com/astropy/astroplan/issues/416.

It is claimed to be solved, but I just tried and it still fails.

I can try to patch the version currently in Debian so that it is 
compatible with astropy 5.3, or disable the problematic tests 
(potentially a lot) in astroplan 0.8.

What do you think is best?

Regards

Vincent

Bug#1036400: partman-jfs: JFS is on its way out, please remove from the installer

[Adam Borowski]

On Sun, May 21, 2023 at 07:35:36AM +0200, Cyril Brulebois wrote:
> Adam Borowski  (2023-05-20):
> > The JFS filesystem is deprecated in the kernel: on life support since 2009
> > and with talks of removal altogether.  Thus, we really shouldn't offer to
> > format new setups with it.  There are people who kind-of remember JFS being
> > the fastest back in the day, and it's irresponsible to set them for failed
> > upgrades past Bookworm.
> > 
> > Thus: please remove JFS from the installer.
> 
> It doesn't seem reasonable to do that weeks away from the release, without
> any kind of heads-up. That can be done during the Trixie release cycle,
> e.g. in Alpha 1.

Aye, sorry for having distracted you during the most busy time.  I filed the
bug when I learned about plans of giving JFS the axe.

> Feel free to ping this bug report a few weeks/months into the next release
> cycle

So... it might be a better time now.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ Ash nazg durbatulûk,
⣾⠁⢠⠒⠀⣿⡁   ash nazg gimbatul,
⢿⡄⠘⠷⠚⠋⠀ ash nazg thrakatulûk
⠈⠳⣄   agh burzum-ishi krimpatul.

Bug#1039981: graphviz: Please update fonts-liberation v2 dependency (follow-up of #1003006)

[Boyuan Yang]

Source: graphviz
Severity: minor
Version: 2.42.2-7
Tags: trixie sid

Dear Debian graphviz package maintainer,

Back in https://bugs.debian.org/1003006 , we replaced recommendation of
package font-liberation with font-liberation2.

Now after Bookworm release, the font maintainers decided to drop Liberation v1
font, and let binary package font-liberation to provide Liberation v2 font
[1]. Package font-liberation2 will be a transitional dummy package in Debian
Trixie and Debian Sid. This change has already taken place in Debian Sid [2].

As a result, please replace Recommends: fonts-liberation2 with Recommends:
font-liberation in the Trixie development cycle. It shall not affect packages
in Bookworm or older releases.

[1] https://lists.debian.org/debian-devel/2023/06/msg00220.html
[2] https://tracker.debian.org/pkg/fonts-liberation


Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1039573: cannot authenticate after lock: pam_unix(lightdm:auth): auth could not identify password

[Arturo Borrero Gonzalez]

On Wed, 28 Jun 2023 10:58:39 +0200 Arturo Borrero Gonzalez  
wrote:

Thanks for the follow up, I'll keep you updated in the next few days.


I have not experienced this problem again since the update.

Bug#1039450: ndctl: Split ndctl-monitor (and cxl-monitor?) into own package

[Adam Borowski]

Control: severity -1 wishlist

> I often use a custom livecd verision of Debian with various utilities
> pre-installed, so they can be easily used offline, or without needing to
> reinstall them after each reboot.

Such a livecd is a non-standard (but not non-important!) usage, and it
already customizes other facets of packages it includes.  What about
configuring that livecd to not start such daemons?

> But often, if I boot this same livecd on a machine that does not have cxl
> or nvm dimm devices, deamon will complain, and fail at boot (with big red
> warning), and sytemd will continue restarting it afaik (or maybe not, it
> looks like it tries to run it only once on my system, then gives up).

That's news to me.  I don't run systemd myself (heck, it's so buggy it even
fails to boot my main workstation, and I have a severe dislike of it for
other reasons), and I've included the .service from upstream as-is, after
very superficial testing.  The daemon is supposed to gracefully exit if
there's nothing to monitor:

2023-06-19T06:01:41.874004+02:00 valinor ndctl: ndctl monitor daemon started
2023-06-19T06:01:41.874062+02:00 valinor ndctl: no dimms to monitor, exiting

I had even suggested/implemented some improvements here to upstream, but not
surprisingly 99% of my testing was done with sysvinit and openrc.

Still, it's surprising the upstream would fail to notice what you report:

> root@debian:~# systemctl status ndctl-monitor.service 
> × ndctl-monitor.service - Ndctl Monitor Daemon
>  Loaded: loaded (/lib/systemd/system/ndctl-monitor.service; enabled; 
> preset: enabled)
>  Active: failed (Result: exit-code) since Wed 2023-06-28 22:11:35 UTC; 
> 25min ago
>Duration: 89ms
> Process: 2412 ExecStart=/usr/bin/ndctl monitor (code=exited, status=250)
>Main PID: 2412 (code=exited, status=250)
> CPU: 9ms
> 
> Jun 28 22:11:35 debian systemd[1]: Started ndctl-monitor.service - Ndctl 
> Monitor Daemon.
> Jun 28 22:11:35 debian ndctl[2412]: no dimms to monitor, exiting
> Jun 28 22:11:35 debian systemd[1]: ndctl-monitor.service: Main process 
> exited, code=exited, status=250/n/a
> Jun 28 22:11:35 debian systemd[1]: ndctl-monitor.service: Failed with result 
> 'exit-code'.

Maybe this redness is a regression?

> It is not a big deal, but something that is not perfect in my opinion.

Seems like something to investigate once tuits are more abundant.
 
> For my livecd, I can clearly modify some systemd unit files manually
> (using build scripts for live-build), but I wonder if defaulting to
> running a daemon by default is a good idea in general. Most of the time
> probably yes, but sometimes not.

The rule in Debian is to start a daemon if it's installed; eg. Red Hat has
the opposite custom.  There's usually no point in installing daemons that
are not needed; and it those rare cases you do, the admin can disable them
from starting.  This sounds like a good modification for the livecd.

> As of smartmontools you mentioned. I have exactly same issue. I need
> smartctl tools for troubleshooting various computers on my livecd, but I
> DO NOT WANT smartd to start. For very similar reason I opened a bug
> against smartmontools few days ago: https://bugs.debian.org/1039454

As their user count is many orders of magnitude larger than that of ndctl,
and so is diversity of supported hardware (NVDIMMs are found only in fat
servers), they also have far more collective brain cells.  I'd thus wait
for their decision then copy it.

> Feel free to downgrade to wishlist and think if this makes sense at all.

Done this for now.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ You should never, ever, degrade a human being by saying they're
⣾⠁⢠⠒⠀⣿⡁ a worthless waste of food and air.
⢿⡄⠘⠷⠚⠋⠀
⠈⠳⣄ You should also never anthropomorphize spammers and telemarketers.

Bug#1018106: re: sshd: pam_env(sshd:session): deprecated reading of user environment enabled

[Richard van den Berg]

On Wed, 1 Feb 2023 04:43:07 -0500 nick black  wrote:
> the cause of this output is the following line in /etc/pam.d/sshd:
>
> # In Debian 4.0 (etch), locale-related environment variables were 
moved to

> # /etc/default/locale, so read that as well.
> session required pam_env.so user_readenv=1 envfile=/etc/default/locale
>
> i'm guessing from the comment that user_readenv=1 is in place
> primarily to allow overrides of the default locale?

Indeed. Removing "user_readenv=1" from that line fixes the warning.

> etch was
> quite some time ago, possibly preceding support for SendEnv?
> that seems sufficient workaround if user_readenv is deprecated,
> but this is all speculative.

The comment for etch is about "envfile=/etc/default/locale" which is 
read regardless of the user_readenv setting. See the man page for pam_env.


Kind regards,

Richard van den Berg

Bug#1037295: live-config: starting Calamares installer requires a password (which is 'live')

[Roland Clobus]

Hello Simon,

On 10/06/2023 19:14, Simon McVittie wrote:

On Sat, 10 Jun 2023 at 15:10:35 +0100, Simon McVittie wrote:

* Boot debian-live-12.0.0-amd64-gnome.iso (the version used for
   release-day testing)
   - KDE has a similar issue with slightly different steps to start the
 installer, probably all desktops' variants are affected


GNOME, KDE and LXQT are affected.


I've proposed a fix for Calamares in #1025552, which is based on your 
proposal in this ticket.

If it is accepted there, this ticket can be regarded as a duplicate.

With kind regards,
Roland Clobus


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039980: puppet-module-puppetlabs-mysql sets password repeatedly on MariaDB 10.3

[Larsen]

Package: puppet-module-puppetlabs-mysql
Version: 8.1.0-7

Using this puppet module to create MariaDB users leads to Puppet wanting
to set a user's password again and again as it doesn't fetch the current
password/authentication string correctly: authentication string is always
empty (when the puppet client is running MariaDB 10.3 (Debian Buster,
Ubuntu Focal)).

A fix is available upstream:
https://tickets.puppetlabs.com/browse/MODULES-7487

The pull request fixing the problem:
https://github.com/puppetlabs/puppetlabs-mysql/commit/c7da5289129edc8efdf5471e43bb3f778b54c1ce

I am using Debian Bookworm (Puppetserver).

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Charles Plessy]

Hi all,

pardon me the offence and the noise, but I asked ChatGPT...

--

Me:

In Debian, updates of the r-base package sometimes break backwards
compatibility with a small number of binary packages shipping CRAN
packages, which have in common to use R’s graphic API. We hesitate
between just bumping the version number of the r-base packages’ API, or
to create a new API version scheme just for the subset of packages that
are regularly broken. Which way would you recommend?

ChatGPT:

Creating a new API version scheme just for the subset of packages that
are regularly broken might be a more efficient solution. This way, you
can manage the updates for these specific packages separately without
affecting the entire r-base package. However, this approach might
require more maintenance work. Bumping the version number of the r-base
packages' API is a simpler solution, but it might cause unnecessary
updates for packages that are not affected by the compatibility issue.
It's a trade-off between complexity and efficiency, and the best choice
depends on the specific circumstances and resources available.

--

Sorry that it was not conclusive !

Charles

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from home  https://framapiaf.org/@charles_plessy
- You  do not have  my permission  to use  this email  to train  an AI -

Bug#1039622: nvidia-cuda-toolkit 11.8.0-5~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1039622 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-cuda-toolkit
Version: 11.8.0-5~deb12u1

Explanation: 

Bug#1029681: nvidia-legacy-340xx-driver: Qt5 apps fail to launch with a segfault

[Andreas Beckmann]

Control: reopen -1

On 29/06/2023 18.16, jim_p wrote:

So, can a patch like the one for kodi be applied to qt5? I am mentioning again
that arch does not have a seperate -gles package for qt5, so a single lib that
works everywhere should be possible.


It's unlikely to convince the Qt5 maintainers to change something just 
to support last century's technology (and therefore probably be unable 
to draw full power out of todays technology).


But if all that kodi did is linking against libGL instead of (the 
subset) libGLX, maybe we can just replace libGLX.so.1 with a link to 
libGL.so.1 s.t. we always end in the same implementation regardless of 
the entry point being used ...


Could you try

  ln -sf libGL.so.1 /usr/lib/x86_64-linux-gnu/libGLX.so.0

(assuming amd64) and see if that fixes Qt5 operation? Or breaks other stuff?

Note: this change is only active until you install/upgrade some package, 
i.e. something runs ldconfig. (You can also run ldconfig manually to 
restore the original link.)



Andreas

Bug#1039979: base-files: /var/run and /var/lock should not be absolute symlinks

[henrik]

Package: base-files
Version: 12.4
Severity: normal

Dear Maintainer,

/var/run is currently an absolute symlink to /run
/var/run should be a relative symlink to ../run
if /var/run is deleted, then /usr/lib/tmpfiles.d/var.conf recreates /var/run as 
relative symlink to ../run

/var/lock is currently an absolute symlink to /run/lock
/var/lock should be a relative symlink to ../run/lock
if /var/lock is deleted, then /usr/lib/tmpfiles.d/legacy.conf recreates 
/var/lock as a relative symlink to ../run/lock

Both of these symlinks are currently created in base-files postinst.

This is a problem because base-files currently deviates from the configuration 
files provided by debian in /usr/lib/tmpfiles.d/

Please fix.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages base-files depends on:
ii  mawk [awk]  1.3.4.20200120-3.1

base-files recommends no packages.

base-files suggests no packages.

-- no debconf information

Bug#1039926: Will file bug report for complete R transition (Was: Bug#1039926: svglite requires rebuild under R 4.3.*)

[Johannes Ranke]

Hi,

I think option 1 from [1] is the way to go, i.e. make r-base provide a 
graphics API version according to the R changelog, and have the relevant 
packages depend on that graphics API version. How to identify them was 
discussed previously on this list [2]. Using the codesearch and github URLS 
provided in that email, the list given there could be updated.

Somehow Dirk is hesitant to do this, I think it is just a matter of "is this 
really necessary"? To me, it seems there is ample evidence by now that it is 
indeed necessary, for the mental sanity of everyone involved, and to avoid 
future discussions about a full R API bump just because of the graphics API on 
the one hand, and to avoid breaking things by just ignoring the issue on the 
other hand.

Kind regards,

Johannes


Am Freitag, 30. Juni 2023, 14:01:55 CEST schrieb Andreas Tille:
> Hi Dirk,
> 
> Am Thu, Jun 29, 2023 at 05:52:34PM -0500 schrieb Dirk Eddelbuettel:
> > This accidentally omitted
> > 
> > library(svglite)
> > 
> > The package loads fine, but like the others will not create a graphics
> > device as it was built under the previous R 4.2.* series.
> 
> Thanks a lot for your specific bug reports to somehow heal the R
> graphics ABI change issue.  I've got the impression there is no good
> simple rule to detect the right set of packages that need rebuilt
> against r-base 4.3.1 to fix this issue.  I also spotted that vdiffr
> needs to be rebuilt to let ggplot2 passing its test suite (and so I
> did).
> 
> Thus I think it is the best solution to ask the release team for
> a full r-base transition (option 2 I suggested in [1]).
> 
> BTW, when I was running the autopkgtest of svglite I've spotted an issue
> which was solved by Nilesh Patra and reported as #1039955.  I'd like to
> make you remind this kind of situation if you might fall back into your
> "do not test Debian packages, rather trust CRAN" pattern in future.  We
> do not run tests against CRAN code (despite we had spotted mistakes even
> there in the past) but we are testing Debian packages which is a
> different thing.
> 
> I also spotted vdiffr because of the autopkgtest in ggplot2.  It makes
> simply sense to test what we are shipping before we ship it to our
> users (specifically if we as Debian maintainers like I am are not at
> all R experts as I expressed several times).
> 
> Kind regards
> Andreas.
> 

[1] https://lists.debian.org/debian-r/2023/06/msg00025.html
[2] https://lists.debian.org/debian-r/2022/04/msg00018.html

Bug#964941: base-files: please maintain base-files in a VCS such as git on salsa.d.o

[Lee Garrett]

Bump.

I'm trying to understand why /var/local/ is root:staff (#1039973), and a VCS 
would really help with that. It would also make it easier for you to accept 
patches for bugs.

Bug#1039978: axohelp.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the manual.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint axohelp.1":

mandoc: axohelp.1:4:10: STYLE: whitespace at end of input line

-.-.

Change -- in x--y to \(em (em-dash), or, if an
option, to \-\-

31:.B -h, --help
35:.B -v, --version

-.-.

Increase type size of ~ (tilde) to make it more visible
in the output of "troff".

48:.

-.-.

Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of a
name for an option.

31:.B -h, --help
35:.B -v, --version
39:.B -V

-.-.

Wrong distance between sentences.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.

22:and the output file is file.ax2. If the filename on the command line
27:Options can be introduced by single or double hyphen characters. The

-.-.

Use \(en for a dash (en-dash) between space characters, not a minus
(\-) or a hyphen (-), except in the NAME section.

axohelp.1:3:axohelp - helper program for use of LaTeX package axodraw2 with

-.-.

--- axohelp.1   2023-06-29 23:48:04.0 +
+++ axohelp.1.new   2023-06-29 23:56:06.0 +
@@ -1,7 +1,7 @@
 .TH "axohelp" 1 "5 Mar 2021" ""
 .SH NAME
-axohelp - helper program for use of LaTeX package axodraw2 with
-pdflatex. 
+axohelp \- helper program for use of LaTeX package axodraw2 with
+pdflatex.
 .SH SYNOPSIS
 .B axohelp [options] [filename]
 .SH DESCRIPTION
@@ -19,24 +19,25 @@ draw the desired graphics.
 
 The files processed are specified as follows: When the filename on the
 command line is of the form file.ax1, then the input file is file.ax1
-and the output file is file.ax2. If the filename on the command line
-does not have extension .ax1, then this extension is appended.
+and the output file is file.ax2.
+If the filename on the command line does not have extension .ax1,
+then this extension is appended.
 
 
 .SH OPTIONS
-Options can be introduced by single or double hyphen characters. The
-possible options are:
+Options can be introduced by single or double hyphen characters.
+The possible options are:
 
 .TP
-.B -h, --help
+.B \-h, \-\-help
 Gives usage information
 
 .TP
-.B -v, --version
+.B \-v, \-\-version
 Gives version information
 
 .TP
-.B -V
+.B \-V
 NOT CURRENTLY IMPLEMENTED: Give information on each function used.
 
 .SH AUTHOR
@@ -45,4 +46,4 @@ Jos Vermaseren (username t68 at nikhef d
 
 The released version can be obtained from CTAN:
 , and an author's website
-.
+.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.7-1 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages texlive-binaries depends on:
ii  libc6   2.36-9
ii  libcairo2   1.16.0-7
ii  libfontconfig1  2.14.1-4
ii  libfreetype62.12.1+dfsg-5
ii  libgcc-s1   13.1.0-6
ii  libgraphite2-3  1.3.14-1
ii  libharfbuzz0b   6.0.0+dfsg-3
ii  libicu7272.1-3
ii  libkpathsea62022.20220321.62855-5.1
ii  libmpfr64.2.0-1
ii  libpaper1   1.1.29
ii  libpixman-1-0   0.42.2-1
ii  libpng16-16 1.6.39-2
ii  libptexenc1 2022.20220321.62855-5.1
ii  libstdc++6  13.1.0-6
ii  libsynctex2 2022.20220321.62855-5.1
ii  libteckit0  2.5.11+ds1-1+b1
ii  libtexlua53-5   2022.20220321.62855-5.1
ii  libtexluajit2   2022.20220321.62855-5.1
ii  libx11-62:1.8.6-1
ii  libxaw7 2:1.0.14-1
ii  libxi6  2:1.8-1+b1
ii  libxmu6 2:1.1.3-3
ii  libxpm4 1:3.5.12-1.1
ii  libxt6  1:1.2.1-1.1
ii  libzzip-0-130.13.72+dfsg.1-1.1
ii  perl5.36.0-7
ii  t1utils 1.41-4
ii  tex-common  6.18
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages texlive-binaries recommends:
pn  dvisvgm   
ii  texlive-base  2022.20230122-3

texlive-binaries 

Bug#1039977: kpsewhich.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the man page.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.


Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of a
name for an option.

35:.B -format
45:.BI -debug \ num
48:.BI -D \ num
53:.BI -dpi \ num
55:.BR -D.
57:.BI -engine \ string
62:.BI -expand-braces \ string
66:.BI -expand-path \ string
70:.BI -expand-var \ string
74:.BI -format \ name
78:.B -help
81:.B -help
84:.B -interactive
87:.BI -mktex \ fmt
93:.BI -mode \ string
100:.B -must-exist
103:.BI -no-mktex \ fmt
109:.BI -path \ string
113:.BI -progname \ string
117:.\" .BI -separator \ string
121:.\" .B -path
126:.BI -show-path \ name
130:.B -help
133:.BI -var-value \ variable
137:.B -version

-.-.

Find a repeated word

! 20 --> and

-.-.

Split a punctuation mark from a single argument for a two-font macro

55:.BR -D.

-.-.

Output from "test-nroff -man -b -ww -z -rCHECKSTYLE=3":


[ "test-groff" is a developmental version of "groff" ]

Input file is ./kpsewhich.1

Output from "test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z 
-rSTYLECHECK=3":
an.tmac::55: style: .BR expects at least 2 arguments, got 1

Bad use of \s0 in a string definition, the string could get resized.

6:.if t .ds MF M\s-2ETAFONT\s0
13:.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
16:.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX

-.-.

--- kpsewhich.1 2023-06-30 01:03:17.0 +
+++ kpsewhich.1.new 2023-06-30 01:31:07.0 +
@@ -3,21 +3,21 @@
 .if n .ds MP MetaPost
 .if t .ds MP MetaPost
 .if n .ds MF Metafont
-.if t .ds MF M\s-2ETAFONT\s0
+.if t .ds MF M\s-2ETAFONT\s+2
 .if t .ds TX \fRT\\h'-0.1667m'\\v'0.20v'E\\v'-0.20v'\\h'-0.125m'X\fP
 .if n .ds TX TeX
 .ie t .ds OX \fIT\v'+0.25m'E\v'-0.25m'X\fP for troff
 .el .ds OX TeX for nroff
 .\" the same but obliqued
 .\" BX definition must follow TX so BX can use TX
-.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
+.if t .ds BX \fRB\s-2IB\s+2\fP\*(TX
 .if n .ds BX BibTeX
 .\" LX definition must follow TX so LX can use TX
-.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX
+.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\s-2A\s+2\\h'-0.15m'\\v'0.15v'\fP\*(TX
 .if n .ds LX LaTeX
 .\"=
 .SH NAME
-kpsewhich \- standalone path lookup and and expansion for kpathsea
+kpsewhich \- standalone path lookup and expansion for kpathsea
 .SH SYNOPSIS
 .B kpsewhich
 .RI [ options ]
@@ -32,7 +32,7 @@ or manual
 .B kpsewhich
 is used as a standalone front-end of the kpathsea library that can be
 used to examine variables and find files.  When the
-.B -format
+.B \-format
 option is not given, the search path used when looking for a file is
 inferred from the name given, by looking for a known extension.  If
 no known extension is found, the search path for \*(TX source files is
@@ -42,99 +42,99 @@ used.
 .B kpsewhich
 accepts the following options:
 .TP
-.BI -debug \ num
+.BI \-debug \ num
 Set debugging flags.
 .TP
-.BI -D \ num
+.BI \-D \ num
 Use a base resolution of
 .IR num ;
 the default, set by the installer, is typically 600.
 .TP
-.BI -dpi \ num
+.BI \-dpi \ num
 As
-.BR -D.
+.BR \-D .
 .TP
-.BI -engine \ string
+.BI \-engine \ string
 Set
 .I $engine
 in the environment, which is used in some search paths.
 .TP
-.BI -expand-braces \ string
+.BI \-expand-braces \ string
 Print variable and brace expansion of
 .IR string .
 .TP
-.BI -expand-path \ string
+.BI \-expand-path \ string
 Print complete path expansion of
 .IR string .
 .TP
-.BI -expand-var \ string
+.BI \-expand-var \ string
 Print variable expansion of
 .IR string .
 .TP
-.BI -format \ name
+.BI \-format \ name
 Use file type
 .IR name .
 See the info manual for a list of valid names, or use the
-.B -help
+.B \-help
 option to print the list.
 .TP
-.B -help
+.B \-help
 Print help message and exit.
 .TP
-.B -interactive
+.B \-interactive
 Ask for additional filenames to look up.
 .TP
-.BI -mktex \ fmt
+.BI \-mktex \ fmt
 enable
 .RI mktex fmt
 generation.
 .RI ( fmt =pk/mf/tex/tfm)
 .TP
-.BI -mode \ string
+.BI \-mode \ string
 Set device name for
 .I $MAKETEX_MODE
 to
 .IR string ;
 no default.
 .TP
-.B -must-exist
+.B \-must-exist
 Search the disk as well as ls-R if necessary.
 .TP
-.BI -no-mktex \ fmt
+.BI \-no-mktex \ fmt
 disable
 .RI mktex fmt
 generation.
 .RI ( fmt =pk/mf/tex/tfm)
 .TP
-.BI -path \ string
+.BI \-path \ string
 Search in the path
 .IR string .
 .TP
-.BI -progname \ string
+.BI \-progname \ string
 Set program name to
 .IR string .
 .\" .TP
-.\" .BI -separator \ string
+.\" .BI \-separator \ string
 .\" .rb
 .\" .I string
 .\" separates components in
-.\" .B -path
+.\" .B \-path
 .\" output; default is
 .\" .I :
 .\" on UNIX systems.
 .TP
-.BI 

Bug#1039976: detex.1: some remarks and editorial fixes in a patch for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are some notes and a patch for the manual.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint detex.1":

mandoc: detex.1:6:81: STYLE: input text line longer than 80 bytes: [ 
\fB\-clnstw\fR ] [...
mandoc: detex.1:89:4: STYLE: whitespace at end of input line
mandoc: detex.1:96:82: STYLE: input text line longer than 80 bytes: TEXINPUTS.  
It does ...
mandoc: detex.1:123:84: STYLE: input text line longer than 80 bytes: Originally 
written b...

-.-.

Use "\e" to print the escape character instead of "\\" (which gets
interpreted in copy mode).

16:follows \\input commands.
21:option is used, no \\input or \\include commands will be processed.
27:If the magic sequence ``\\begin{document}'' appears in the text,
35:These include the \\include and \\includeonly commands.
60:mode to have detex echo the arguments to \\cite,
61:\\ref, and \\pageref macros.  This can be useful when sending the output to
75:option tries to naively replace $..$, $$..$$, \\(..\\) and \\[..\\]
94:The TEXINPUTS environment variable is used to find \\input and \\include
101:\\aa, \\ae, \\oe, \\ss, \\o, \\l (and their upper-case
102:equivalents).  The special "dotless" characters \\i and \\j are also
118:Nesting of \\input is allowed but the number of opened files must not
134:source without a ``\\begin{document}''

-.-.

Name of a manual is set in bold, the section in roman.
See man-pages(7).

116:tex(1)

-.-.


--- detex.1 2023-06-29 22:54:43.0 +
+++ detex.1.new 2023-06-29 23:23:28.0 +
@@ -13,18 +13,18 @@ and writes the remainder on the standard
 All text in math mode and display mode is removed.
 By default,
 .I detex
-follows \\input commands.
+follows \einput commands.
 If a file cannot be opened, a warning message is
 printed and the command is ignored.
 If the
 .B \-n
-option is used, no \\input or \\include commands will be processed.
+option is used, no \einput or \einclude commands will be processed.
 This allows single file processing.
 If no input file is given on the command line,
 .I detex
 reads from standard input.
 .PP
-If the magic sequence ``\\begin{document}'' appears in the text,
+If the magic sequence ``\ebegin{document}'' appears in the text,
 .I detex
 assumes it is dealing with
 .I LaTeX
@@ -32,7 +32,7 @@ source and
 .I detex
 recognizes additional constructs used in
 .IR LaTeX .
-These include the \\include and \\includeonly commands.
+These include the \einclude and \eincludeonly commands.
 The
 .B \-l
 option can be used to force
@@ -57,8 +57,8 @@ The
 .B \-c
 option can be used in
 .I LaTeX
-mode to have detex echo the arguments to \\cite,
-\\ref, and \\pageref macros.  This can be useful when sending the output to
+mode to have detex echo the arguments to \ecite,
+\eref, and \epageref macros.  This can be useful when sending the output to
 a style checker.
 .PP
 .I Detex
@@ -72,7 +72,7 @@ environments.
 .PP
 The
 .B \-r
-option tries to naively replace $..$, $$..$$, \\(..\\) and \\[..\\]
+option tries to naively replace $..$, $$..$$, \e(..\e) and \e[..\e]
 with nouns and verbs (in particular, "noun" and "verbs")
 in a way that keeps sentences readable.
 .PP
@@ -86,20 +86,21 @@ with the deletions mentioned above.  New
 preserved where possible
 so that the lines of output match the input as closely as possible.
 .PP
-The 
+The
 .B \-1
 option will prefix each printed line with `filename:linenumber:` indicating
 where that line is coming from in terms of the original (La)TeX document.
 .PP
-The TEXINPUTS environment variable is used to find \\input and \\include
+The TEXINPUTS environment variable is used to find \einput and \einclude
 files.  Like \fITeX\fP, it interprets a leading or trailing `:' as the default
-TEXINPUTS.  It does \fInot\fP support the `//' directory expansion magic 
sequence.
+TEXINPUTS.
+It does \fInot\fP support the `//' directory expansion magic sequence.
 .PP
 Detex now handles the basic \fITeX\fP ligatures as a special case, replacing 
the
 ligatures with acceptable character substitutes.  This eliminates
 spelling errors introduced by merely removing them.  The ligatures are
-\\aa, \\ae, \\oe, \\ss, \\o, \\l (and their upper-case
-equivalents).  The special "dotless" characters \\i and \\j are also
+\eaa, \eae, \eoe, \ess, \eo, \el (and their upper-case
+equivalents).  The special "dotless" characters \ei and \ej are also
 replaced with i and j respectively.
 .PP
 Note that previous versions of
@@ -113,14 +114,15 @@ The old functionality can be essentially
 .B \-s
 option.
 .SH SEE ALSO
-tex(1)
+.BR tex (1)
 .SH DIAGNOSTICS
-Nesting of \\input is allowed but the number of opened files must not
+Nesting of \einput is allowed but the number of opened files must not
 exceed the system's limit 

Bug#1039975: bibtex.original.1: some remarks and editorial fixes for the manual

[Bjarni Ingi Gislason]

Package: texlive-binaries
Version: 2022.20220321.62855-5.1
Severity: minor
Tags: patch

Dear Maintainer,

here are a few notes and fixes for the man page.

-.-.

The difference between the formatted outputs can be seen with:

  nroff -man  > 
  nroff -man  > 
  diff -u  

and for groff using

"groff -man -Z" instead of "nroff -man"

-.-.

Output from "mandoc -T lint bibtex.original.1":

mandoc: bibtex.original.1:67:26: STYLE: whitespace at end of input line
mandoc: bibtex.original.1:71:9: STYLE: whitespace at end of input line
mandoc: bibtex.original.1:85:2: WARNING: skipping paragraph macro: PP empty

-.-.

Use "\e" to print the escape character instead of "\\" (which gets
interpreted in copy mode).

43:files specified by the \\bibliography command,
44:the entries specified by the \\cite and \\nocite commands
49:file (specified by the \\bibliographystyle command,

-.-.

Wrong distance between sentences.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.


58:files. The `\*(BXing' document describes extensions and details of
91:files. If BSTINPUTS is not set, it uses the system default.

-.-.

Output from "test-nroff -man -b -ww -z -rCHECKSTYLE=3":


[ "test-groff" is a developmental version of "groff" ]

Input file is ./bibtex.original.1

Output from "test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z 
-rSTYLECHECK=3":
troff: backtrace: file '':67
troff::67: warning: trailing space in the line

Bad use of \s0 in a string definition, the string could be resized.

8:.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
11:.if t .ds LX 
\fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX

-.-.

--- bibtex.original.1   2023-06-30 03:12:16.0 +
+++ bibtex.original.1.new   2023-06-30 03:20:30.0 +
@@ -5,10 +5,10 @@
 .ie t .ds OX \fIT\v'+0.25m'E\v'-0.25m'X\fP
 .el .ds OX TeX
 .\" BX definition must follow TX so BX can use TX
-.if t .ds BX \fRB\s-2IB\s0\fP\*(TX
+.if t .ds BX \fRB\s-2IB\s+2\fP\*(TX
 .if n .ds BX BibTeX
 .\" LX definition must follow TX so LX can use TX
-.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s0\\h'-0.15m'\\v'0.15v'\fP\*(TX
+.if t .ds LX \fRL\\h'-0.36m'\\v'-0.15v'\\s-2A\\s+2\\h'-0.15m'\\v'0.15v'\fP\*(TX
 .if n .ds LX LaTeX
 .\"=
 .SH NAME
@@ -40,13 +40,13 @@ file that will be incorporated into the
 .PP
 \*(BX looks up, in bibliographic database
 .RB ( .bib )
-files specified by the \\bibliography command,
-the entries specified by the \\cite and \\nocite commands
+files specified by the \ebibliography command,
+the entries specified by the \ecite and \enocite commands
 in the \*(LX or \*(TX source file.
 It formats the information from those entries
 according to instructions in a bibliography style
 .RB ( .bst )
-file (specified by the \\bibliographystyle command,
+file (specified by the \ebibliographystyle command,
 and it outputs the results to the
 .B .bbl
 file.
@@ -55,7 +55,8 @@ The \*(LX manual
 explains what a \*(LX source file must contain to work with \*(BX.
 Appendix B of the manual describes the format of the
 .B .bib
-files. The `\*(BXing' document describes extensions and details of
+files.
+The `\*(BXing' document describes extensions and details of
 this format, and it gives other useful hints for using \*(BX.
 .\"=
 .SH OPTIONS
@@ -64,11 +65,11 @@ The
 option defines the minimum number of
 .B crossref
 required for automatic inclusion of the crossref base entry in the citation
-list; the default is two. 
+list; the default is two.
 To avoid these automatic inclusions altogether, give this option
 a sufficiently large number, and be sure to remove any
 previous
-.B .aux 
+.B .aux
 and
 .B .bbl
 files.  Otherwise the option may
@@ -82,13 +83,14 @@ With the
 option, \*(BX operates silently.  Without it, a banner and progress
 reports are printed on
 .IR stdout .
-.PP
+.
 .\"=
 .SH ENVIRONMENT
 \*(BX searches the directories in the
 path defined by the BSTINPUTS environment variable for
 .B .bst
-files. If BSTINPUTS is not set, it uses the system default.
+files.
+If BSTINPUTS is not set, it uses the system default.
 For
 .B .bib
 files, it uses the BIBINPUTS environment variable if that is set,


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Bug#1039714: gobject-introspection: dh_girepository does not fetch all symbols from GIR files

[Thomas Uhle]

On Fri, 30 Jun 2023, أحمد المحمودي wrote:


On Wed, Jun 28, 2023 at 05:00:10PM +0200, Thomas Uhle wrote:
> 2. dh_girepository does not fetch the 41 symbols from HarfBuzz-0.0.gir
>that are compiled into libharfbuzz-gobject.so.0.  I have attached a
>small patch for it, so that the missing symbols are also dumped into
>the dummy C file that is temporarily generated and compiled for
>dh_shlibdeps.
>This updated version of dh_girepository would also find another 245
>symbols in Gio-2.0.gir for instance.
---end quoted text---

But why doesn't this bug show itself on sparc64 arch ?
Both gir1.2-harfbuzz and gir1.2-freedesktop depend on their respective
library packages on sparc64 archs only.


This is because --as-needed is passed as linker flag since debhelper 13 
which is not working on sparc architectures.  So the temporarily generated 
dummy library would link to libharfbuzz-gobject.so.0 on sparc64 although 
it would not use any of its symbols.  You can see this from the minimal 
version that is annotated to libharfbuzz-gobject0 for instance which is 
0.9.20 (with unpatched dh_girepository).  That is the lowest version 
number in libharfbuzz-gobject0.symbols.  But correct would have been 
5.1.0 which is the minimal version you get with the patched 
dh_girepository because of hb_gobject_draw_funcs_get_type() which was 
introduzed in harfbuzz 4.0.0.  So version 5.1.0-1 was the very first 
version in Debian with that symbol.


Best regards,

Thomas Uhle

Bug#1039933: bepasty 1.0.0-1+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1039933 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: bepasty
Version: 1.0.0-1+deb12u1

Explanation: fix rendering of text uploads

Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present

[henrik]

Package: fontconfig
Version: 2.14.1-4
Followup-For: Bug #962420

Dear Maintainer,

Is there any progress on this bug? It is present in stable release of bookworm 
too now.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fontconfig depends on:
ii  fontconfig-config  2.14.1-4
ii  libc6  2.36-9
ii  libfontconfig1 2.14.1-4
ii  libfreetype6   2.12.1+dfsg-5

fontconfig recommends no packages.

fontconfig suggests no packages.

-- no debconf information

Bug#1037182: bmake 20200710-14+deb11u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1037182 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: bmake
Version: 20200710-14+deb11u1

Explanation: conflict with bsdowl (<< 2.2.2-1.2~) to ensure smooth upgrades

Bug#1036530: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of system)

[Karol Herbst]

On Fri, Jun 30, 2023 at 3:02 PM Thorsten Leemhuis
 wrote:
>
> On 27.06.23 00:34, Nick Hastings wrote:
> > * Linux regression tracking (Thorsten Leemhuis)  
> > [230626 21:09]:
> >> Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting
> >> for once, to make this easily accessible to everyone.
> >>
> >> Nick, what's the status/was there any progress? Did you do what Mario
> >> suggested and file a nouveau bug?
> >
> > It was not apparent that the suggestion to open "a Nouveau drm bug" was
> > addressed to me.
>
> I wish things were earlier for reporters, but from what I can see this
> is the only way forward if you or some silent bystander cares.
>
> >> I ask, as I still have this on my list of regressions and it seems there
> >> was no progress in three+ weeks now.
> >
> > I have not pursued this further since as far as I could tell I already
> > provided all requested information and I don't actually use nouveau, so
> > I blacklisted it.
>
> I doubt any developer cares enough to take a closer look[1] without a
> proper nouveau bug and some help & prodding from someone affected. And
> looks to me like reverting the culprit now might create even bigger
> problems for users.
>
> Hence I guess then this won't be fixed in the end. In a ideal world this
> would not happen, but we don't live in one and all have just 24 hours in
> a day. :-/
>

We recently merged this commit:
https://gitlab.freedesktop.org/drm/nouveau/-/commit/11d24327c2d7ad7f24fcc44fb00e1fa91ebf6525

It might resolve the problem. Worth testing at least, but I can't
remember if this was a hybrid AMD/Nvidia system, but I think it was?

> Nevertheless: thx for your report your help through this thread.
>
> [1] some points on the following page kinda explain this
> https://linux-regtracking.leemhuis.info/post/frequent-reasons-why-linux-kernel-bug-reports-are-ignored/
>
> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> --
> Everything you wanna know about Linux kernel regression tracking:
> https://linux-regtracking.leemhuis.info/about/#tldr
> If I did something stupid, please tell me, as explained on that page.
>
> #regzbot inconclusive: reporting deadlock (see thread for details)
>
>
>
> >> Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
> >> --
> >> Everything you wanna know about Linux kernel regression tracking:
> >> https://linux-regtracking.leemhuis.info/about/#tldr
> >> If I did something stupid, please tell me, as explained on that page.
> >>
> >> #regzbot backburner: slow progress, likely just affects one machine
> >> #regzbot poke
> >>
> >>
> >> On 02.06.23 02:57, Limonciello, Mario wrote:
> >>> [AMD Official Use Only - General]
> >>>
>  -Original Message-
>  From: Nick Hastings 
>  Sent: Thursday, June 1, 2023 7:02 PM
>  To: Karol Herbst 
>  Cc: Limonciello, Mario ; Lyude Paul
>  ; Lukas Wunner ; Salvatore
>  Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
>  Wysocki ; Len Brown ; linux-
>  a...@vger.kernel.org; linux-ker...@vger.kernel.org;
>  regressi...@lists.linux.dev
>  Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
>  string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of 
>  system)
> 
>  Hi,
> 
>  * Karol Herbst  [230602 03:10]:
> > On Thu, Jun 1, 2023 at 7:21 PM Limonciello, Mario
> >  wrote:
> >>> -Original Message-
> >>> From: Karol Herbst 
> >>> Sent: Thursday, June 1, 2023 12:19 PM
> >>> To: Limonciello, Mario 
> >>> Cc: Nick Hastings ; Lyude Paul
> >>> ; Lukas Wunner ; Salvatore
> >>> Bonaccorso ; 1036...@bugs.debian.org; Rafael J.
> >>> Wysocki ; Len Brown ; linux-
> >>> a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> >>> regressi...@lists.linux.dev
> >>> Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video _OSI
> >>> string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
>  system)
> >>>
> >>> On Thu, Jun 1, 2023 at 6:54 PM Limonciello, Mario
> >>>  wrote:
> 
>  [AMD Official Use Only - General]
> 
> > -Original Message-
> > From: Karol Herbst 
> > Sent: Thursday, June 1, 2023 11:33 AM
> > To: Limonciello, Mario 
> > Cc: Nick Hastings ; Lyude Paul
> > ; Lukas Wunner ; Salvatore
> > Bonaccorso ; 1036...@bugs.debian.org; Rafael
>  J.
> > Wysocki ; Len Brown ; linux-
> > a...@vger.kernel.org; linux-ker...@vger.kernel.org;
> > regressi...@lists.linux.dev
> > Subject: Re: Regression from "ACPI: OSI: Remove Linux-Dell-Video
>  _OSI
> > string"? (was: Re: Bug#1036530: linux-signed-amd64: Hard lock up of
> >>> system)
> >
> > On Thu, Jun 1, 2023 at 6:18 PM Limonciello, Mario
> >>
> >> Lyude, Lukas, Karol
> >>
> >> This thread is in relation to this commit:
> 

Bug#1039974: tomcat10: tomcat user has wrong home "/var/lib/tomcat" directory in /etc/passwd

[Peter (Stone) Steiner]

Package: tomcat10
Version: 10.1.6-1
Severity: important

Dear Maintainer,

   * What led up to the situation?

deploy .war in tomcat10
got errors from tomcat10 in "journalctl -f"

   * What exactly did you do that was effective ?

change tomcat user home in /etc/passwd to /var/lib/tomcat10

   * What was the outcome of this action?

Problem solved


-- System Information:
Debian Release: 12.0 amd64