Bug#1033007: Now gcc-13: [Fwd: [PATCH] gcc-12: Re-enable split-stack support for GNU/Hurd.]

[Matthias Klose]

Control: tags -1 + moreinfo

please address this upstream.

Bug#1043438: linux-headers-amd64: Package dependecy is currently broken

[Salvatore Bonaccorso]

On Fri, Aug 11, 2023 at 12:33:54AM -0500, Caleb McKay wrote:
> Package: linux-headers-amd64
> Version: 6.1.38-3
> Severity: important
> X-Debbugs-Cc: ca...@candj.us
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation?
> Atempted to install package linux-headers-amd64 (6.1.38-3)
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> Package fails to install because it depends on linux-headers-6.1.0-11-amd64 
> (6.1.38-3) but only version 6.1.38-4 is available in the archive.
>* What was the outcome of this action?
> Package fails to install with error:
> The following packages have unmet dependencies:
>  linux-headers-amd64 : Depends: linux-headers-6.1.0-11-amd64 (= 6.1.38-3) but 
> 6.1.38-4 is to be installed
>* What outcome did you expect instead?
> Package to install.

This is known, there was a hick-up on releasing the linux updates
which should be resolved as soon FTP master unbreak the situation.
Then a regular DSA announcement will go out.

Regards,
Salvatore

Bug#1043437: linux: report microcode upgrade *from* version as well

[Salvatore Bonaccorso]

Source: linux
Source-Version: 6.3.1-1~exp1

Hi Thorsten,

On Fri, Aug 11, 2023 at 07:23:57AM +0200, Thorsten Glaser wrote:
> Package: src:linux
> Version: 5.10.179-3
> Severity: wishlist
> Tags: upstream
> X-Debbugs-Cc: t...@mirbsd.de
> 
> I have this in dmesg:
> 
> [0.00] microcode: microcode updated early to revision 0xa4, date = 
> 2010-10-02
> 
> It would be very nice if this message also showed the revision *from*
> which it was upgraded, so that info is available without going through
> extra hoops to boot without µcode upgrade.

This is fixed upstream in a9a5cac225b0 ("x86/microcode/intel: Print
old and new revision during early boot") in 6.3-rc1, but not sure it
will have changes to get backported to stable series upstream.

Would you mind trying to get that applied in the needed stable series?

Regards,
Salvatore

Bug#1043438: linux-headers-amd64: Package dependecy is currently broken

[Caleb McKay]

Package: linux-headers-amd64
Version: 6.1.38-3
Severity: important
X-Debbugs-Cc: ca...@candj.us

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Atempted to install package linux-headers-amd64 (6.1.38-3)
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Package fails to install because it depends on linux-headers-6.1.0-11-amd64 
(6.1.38-3) but only version 6.1.38-4 is available in the archive.
   * What was the outcome of this action?
Package fails to install with error:
The following packages have unmet dependencies:
 linux-headers-amd64 : Depends: linux-headers-6.1.0-11-amd64 (= 6.1.38-3) but 
6.1.38-4 is to be installed
   * What outcome did you expect instead?
Package to install.



-- System Information:
Debian Release: 12.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-11-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-headers-amd64 depends on:
pn  linux-headers-6.1.0-10-amd64  
ii  linux-headers-6.1.0-11-amd64  6.1.38-4

linux-headers-amd64 recommends no packages.

linux-headers-amd64 suggests no packages.

Bug#1039487: Resolving #1039487 - zsnapd (my package) removed from testing

[Matt Grant]

Hi!

Can't we just resolve this by patching

#elif defined(__aarch64__)
#include 

out of include/os/linux/kernel/linux/simd.h in the zfs modules source and
thus forcing the use of:

#else

#define kfpu_allowed()  0
#define kfpu_begin()do {} while (0)
#define kfpu_end()  do {} while (0)
#define kfpu_init() 0
#define kfpu_fini() ((void) 0)

#endif
#endif /* _LINUX_SIMD_H */

at the end of the file?  Any regressions should be caught by the ZFS test
suite

--OR--

we just mark zfs-linux package and zfsutils-linux incompatible with
ARM64/__aarch64__ architecture in the debian packages...

Thoughts

Cheers,

Matt Grant

Bug#1043437: linux: report microcode upgrade *from* version as well

[Thorsten Glaser]

Package: src:linux
Version: 5.10.179-3
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: t...@mirbsd.de

I have this in dmesg:

[0.00] microcode: microcode updated early to revision 0xa4, date = 
2010-10-02

It would be very nice if this message also showed the revision *from*
which it was upgraded, so that info is available without going through
extra hoops to boot without µcode upgrade.


-- Package-specific info:
** Version:
Linux version 5.10.0-23-amd64 (debian-ker...@lists.debian.org) (gcc-10 (Debian 
10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP 
Debian 5.10.179-2 (2023-07-14)

** Command line:
BOOT_IMAGE=/SDcardBoot/vmlinuz-5.10.0-23-amd64 
root=/dev/mapper/vg--cSD-lv--root ro net.ifnames=0 vga=792

** Tainted: OE (12288)
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
[cut, irrelevant]

** Model information
sys_vendor: LENOVO
product_name: 7674D67
product_version: ThinkPad X61
chassis_vendor: LENOVO
chassis_version: Not Available
bios_vendor: LENOVO
bios_version: 7NET30WW (1.11 )
board_vendor: LENOVO
board_name: 7674D67
board_version: Not Available

** Loaded modules:
cpuid
cpufreq_ondemand
fuse
tun
ctr
ccm
cpufreq_powersave
tp_smapi(OE)
thinkpad_ec(OE)
snd_hda_codec_analog
snd_hda_codec_generic
snd_hda_intel
i915
snd_intel_dspcfg
soundwire_intel
soundwire_generic_allocation
snd_soc_core
iwl4965
iwlegacy
snd_compress
soundwire_cadence
mac80211
snd_hda_codec
snd_hda_core
cfg80211
snd_hwdep
drm_kms_helper
soundwire_bus
thinkpad_acpi
snd_pcm
cec
pcmcia
evdev
ppdev
drm
libarc4
nvram
snd_timer
iTCO_wdt
ledtrig_audio
tpm_tis
yenta_socket
serio_raw
coretemp
intel_pmc_bxt
snd
pcspkr
rfkill
tpm_tis_core
iTCO_vendor_support
pcmcia_rsrc
watchdog
i2c_algo_bit
tpm
soundcore
pcmcia_core
sg
rng_core
parport_pc
parport
ac
acpi_cpufreq
button
ecb
aes_generic
libaes
crypto_simd
cryptd
glue_helper
xts
dm_crypt
dm_mod
ext4
crc16
mbcache
jbd2
crc32c_generic
sd_mod
t10_pi
crc_t10dif
crct10dif_generic
sr_mod
cdrom
crct10dif_common
ata_generic
mmc_block
ehci_pci
ata_piix
sdhci_pci
uhci_hcd
cqhci
libata
ehci_hcd
sdhci
i2c_i801
psmouse
scsi_mod
i2c_smbus
mmc_core
usbcore
firewire_ohci
lpc_ich
firewire_core
crc_itu_t
e1000e
ptp
usb_common
pps_core
battery
video

** PCI devices:
not available

** USB devices:
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 17ef:1000 Lenovo ThinkPad X6 UltraBase
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0483:2016 STMicroelectronics Fingerprint Reader
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub


-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-23-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages linux-image-5.10.0-23-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.140
ii  kmod28-1
ii  linux-base  4.6

Versions of packages linux-image-5.10.0-23-amd64 recommends:
pn  apparmor 
ii  firmware-linux-free  20200122-1

Versions of packages linux-image-5.10.0-23-amd64 suggests:
pn  debian-kernel-handbook  
ii  grub-pc 2.06-3~deb11u5
pn  linux-doc-5.10  

Versions of packages linux-image-5.10.0-23-amd64 is related to:
pn  firmware-amd-graphics 
pn  firmware-atheros  
pn  firmware-bnx2 
pn  firmware-bnx2x
pn  firmware-brcm80211
pn  firmware-cavium   
pn  firmware-intel-sound  
pn  firmware-intelwimax   
pn  firmware-ipw2x00  
pn  firmware-ivtv 
ii  firmware-iwlwifi  20210315-3
pn  firmware-libertas 
pn  firmware-linux-nonfree
pn  firmware-misc-nonfree 
pn  firmware-myricom  
pn  firmware-netxen   
pn  firmware-qlogic   
pn  firmware-realtek  
pn  firmware-samsung  
pn  firmware-siano
pn  firmware-ti-connectivity  
pn  xen-hypervisor

-- no debconf information

Bug#1042876: RFS: git-credential-azure/0.2.1-1 [ITP] -- Git credential helper for Azure Repos (program)

[Paul Wise]

On Thu, 2023-08-10 at 21:28 +0100, M Hickford wrote:

> Git Credential Manager is prohibitively difficult to package because
> it's developed in .NET
> https://github.com/dotnet/source-build/discussions/2960

To start with modern .NET isn't packaged for Debian, but since
Ubuntu have packaged .NET as dotnet6, perhaps they could be
convinced to contribute the package back to Debian.

Once that is done it should be feasible to package .NET things,
after all, Debian has had Mono things packaged for years.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1043436: RM: packer -- ROM; license is changed to BUSL-1.1 (non-free)

[Shengjing Zhu]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: pac...@packages.debian.org, z...@debian.org
Control: affects -1 + src:packer


This project's license is changed from MPL to BUSL-1.1, which is not DFSG 
anymore.
See 
https://github.com/hashicorp/packer/commit/19055df3ec612ab556aa48e8eac2cb2d401fbab5
And https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license

Bug#1043434: linux-headers-amd64 cannot be upgraded to 6.1.38-3 (dependency is unavailable)

[David Masover]

Package: linux-headers-amd64
Version: 6.1.38-2
Severity: important
X-Debbugs-Cc: d...@forkbox.net

Dear Maintainer,

It looks like linux-headers-amd64 6.1.38-3 depends on
linux-headers-6.1.0-11-amd64 (=6.1.38-3), which makes sense.
Unfortunately, the only version of linux-headers-6.1.0-11-amd64
available is 6.1.38-4. There is no newer version of linux-headers-amd64
available right now.

I marked this "important" because trying to upgrade now will upgrade the
kernel, but not the headers. This means my system's latest kernel has no
headers, which breaks DKMS, and in particular, nvidia-kernel-dkms.
My system didn't attempt to bring up a GUI without nvidia_drm loaded.

I'm not entirely sure I understand what else went wrong here. I think I
tried reinstalling nvidia-kernel-dkms, which skipped the current kernel
because it couldn't find headers, but seemed to also skip the previous
kernel. This would explain why, when I tried rebooting into
6.1.0-10-amd64, I still had no GUI. Reinstalling nvidia-kernel-dkms
while booted into 6.1.0-10-amd64 got my GUI back.


-- System Information:
Debian Release: 12.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-headers-amd64 depends on:
ii  linux-headers-6.1.0-10-amd64  6.1.38-2

linux-headers-amd64 recommends no packages.

linux-headers-amd64 suggests no packages.

-- no debconf information

Bug#1043435: linux-headers-amd64 cannot be upgraded with/after kernel upgrade

[Elliot]

Package: linux-headers-amd64
Version: 6.1.38-2
Severity: important
X-Debbugs-Cc: linuxma...@gmail.com

Dear Maintainer,

   * What led up to the situation?
  * I installed a kernel upgrade, as prompted.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
  * Nothing at the moment, trying to manual install (sudo apt install
linux-headers-amd64) gets the error: "The following packages have unmet
dependencies: linux-headers-amd64 : Depends: linux-headers-6.1.0-11-amd64 (=
6.1.38-3) but it is not going to be installed"
   * What was the outcome of this action?
  * Upgrade unable to complete and NVIDIA GPU on laptop unable to be used
as a result.
   * What outcome did you expect instead?
  * The package would be upgraded with the rest of the kernel and if that
wasn't possible, the kernel would not have been upgraded.

The output of "uname -a":

Linux elliot-debian 6.1.0-11-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-3
(2023-08-07) x86_64 GNU/Linux


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-11-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-headers-amd64 depends on:
ii  linux-headers-6.1.0-10-amd64  6.1.38-2

linux-headers-amd64 recommends no packages.

linux-headers-amd64 suggests no packages.

-- no debconf information

Bug#1042005: transition: mumps hypre2.28.0 superlu combblas

[Drew Parsons]

On 2023-08-11 03:55, Drew Parsons wrote:
...

Unfortunately we're getting test errors from PETSc running its
superlu-dist test.

...

Discussed upstream at superlu-dist issue #141 and PETSc issue #1384.
https://github.com/xiaoyeli/superlu_dist/issues/141
https://gitlab.com/petsc/petsc/-/issues/1384

The superlu-dist patch is (I think)
https://github.com/xiaoyeli/superlu_dist/commit/f36d65a4e3dee264a18f4bd17b3ec506173ccbc2
Unfortunately superlu-dist has not made a release with the fix yet.

We can backport the patch.  Since it's changing the entries in
colperm_t, I think that makes it an ABI shift, in which case we'd want
to add to this transition
  superlu-dist   8 → 8slu6



Actually no, I think the patch does not change the superlu-dist ABI.  
Function signatures are the same.
The reason I thought it was needed was that petsc continued to segfault 
after applying the patch.  But scrutenising the discussion at 
superlu-dist issue #141, a second patch is needed,

https://github.com/xiaoyeli/superlu_dist/commit/b64fe36742f1468075670129ac460915eb7130fe

petsc passes superlu-dist tests after applying the two patches, so I'll 
upload superlu-dist without an ABI bump.

Bug#980900: New watch file for Graphviz package v2

[John Scott]

Thanks to Matt for clearing up the situation, I've written a new watch file. 
Matt said that there is no longer a distinction between stable and unstable 
releases, so please accept this watch file for the next upload and attribute me 
in the changelog as John Scott:

version=4
https://graphviz.org/download/source/ .*/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@
https://qa.debian.org/cgi-bin/fakeupstream.cgi?upstream=gitlab_releases/graphviz/graphviz
 \
.*/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@
opts="searchmode=plain" https://gitlab.com/api/v4/projects/4207231/releases \
[^"]*/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@

This checks for the tarball in three different ways, so that if one method 
breaks, the others will be fallback options. (For example, if upstream makes a 
new upstream release and accidentally publishes it at only one place.)

First, we check the Graphviz downloads page directly. This is obviously the 
preferred discovery option. If that fails, we use qa.debian.org's 
fakeupstream.cgi service to get the latest GitLab release. If that fails, we'll 
do more or less what the fakeupstream.cgi service is doing anyway without the 
dependence on that infrastructure, which is fetch the JSON from the GitLab API 
and parse that in a crude fashion.

By default, uscan will check all three of these sources and see which directs 
it to the newest source. Note that the actual tarball URL discovered should be 
the same in all three cases.

I hope this could be helpful :)


signature.asc
Description: This is a digitally signed message part


smime.p7s
Description: S/MIME cryptographic signature

Bug#1042005: transition: mumps hypre2.28.0 superlu combblas

[Drew Parsons]

On 2023-07-31 21:30, Sebastian Ramacher wrote:

Control: tags -1 confirmed


I'd like clear out some transitions in the numerical library stack:

combblas:  1.16.0 → 2.0.0
superlu:5 → 6
hypre: 2.26.0 → 2.28.0
mumps:5.5 → 5.6


Please go ahead.


All packages are uploaded and built.

Unfortunately we're getting test errors from PETSc running its 
superlu-dist test.


The error was actually triggered indirectly by the superlu upgrade.  An 
extra item was inserted into colperm_t in superlu_enum_consts.h.  
superlu-dist uses it's own copy of the header but hadn't been updated.  
The discrepancy confuses PETSc so it segfaults.


Discussed upstream at superlu-dist issue #141 and PETSc issue #1384.
https://github.com/xiaoyeli/superlu_dist/issues/141
https://gitlab.com/petsc/petsc/-/issues/1384

The superlu-dist patch is (I think) 
https://github.com/xiaoyeli/superlu_dist/commit/f36d65a4e3dee264a18f4bd17b3ec506173ccbc2

Unfortunately superlu-dist has not made a release with the fix yet.

We can backport the patch.  Since it's changing the entries in 
colperm_t, I think that makes it an ABI shift, in which case we'd want 
to add to this transition

  superlu-dist   8 → 8slu6

Apologies for the inconvenience.

Drew

Bug#1043424: plasma-desktop: Missing dependency on pipewire breaks screen sharing under Wayland

[Lisandro Damián Nicanor Pérez Meyer]

Hi!

On Thu, 10 Aug 2023 at 19:21, Nazar Zhuk  wrote:
>
> On 8/10/23 14:45, Lisandro Damian Nicanor Perez Meyer wrote:
> > I can agree that something in Plasma should depend/recommend xdg-desktop-
> > portal-kde.  But neither KDE+Wayland nor pipewire are defaults for Debian, 
> > so
> > users wanting to use them are expected to do some work. Granted, it would be
> > just awesome if no action would be required, but that is sadly not the case
> > here. I am so downgrading this bug to normal.
>
> KDE is an option you can pick in the installer, which is what I did. It
> shouldn't require a user to know what other dependencies to install
> after with apt. Even if installing plasma-desktop later with apt it
> should have all the dependencies.

Right, but with that you should get X11 by default, not wayland.

> > I would argue that this bug should be retitled to only care about the xdg-
> > desktop-portal-kde package.
>
> xdg-desktop-portal-kde was originally installed. pipewire wasn't.

xdg-d-p-kde: cool! That's pretty good to read!
pipewire: expected, not the default sound subsystem for bookworm.

-- 
Lisandro Damián Nicanor Pérez Meyer
https://perezmeyer.com.ar/

Bug#1028157: cython update

[Drew Parsons]

On 2023-08-10 22:18, Yaroslav Halchenko wrote:

Hi Nilson

...

Please follow up here and state your interest to see 3.0.0 in debian.

Note https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028157#10

The latest version of scipy, 1.11.1, needs Cython>=0.29.35
but also declares Cython<3.0.

So we need first check with scipy on either it is ready for cython
3:

- upstream has (and I don't think ever had) no upper bound

> grep Cython pyproject.toml
"Cython>=0.29.18",

...

CCing Drew Parsons maintaining scipy -- may be he could recall the need
for upper bound or just make a verdict to drop that  upper bound?


The upper bound for scipy is declared in its pyproject.toml, but you're 
right it's not declared so in scipy git.
They often add an upper bound in the release tarballs.  I think it's a 
mechanism so keep released code more manageable, avoiding unanticipated 
problems with future versions.
But since the upper bound is not in the main branch in git, that's clue 
that it might not be a real upper bound.

On the other hand some problems with cython 3 were reported,
https://github.com/scipy/scipy/issues/18909
but already fixed in
https://github.com/scipy/scipy/pull/18242
(merged commit a181fd5 into scipy:main on May 3)

The patch is already in scipy 1.11.1, but we can't test it because of 
doit (Bug#1042459).  If you can push the doit maintainers along that 
would be helpful.  doit should probably be moved to the Debian Python 
Team.


But in any case PR18242 looks simple enough to backport to scipy 1.10.1 
. Would need to be tested first. Get cython3 into experimental so we can 
check.


Drew

Bug#1042194: netavark: FTBFS: unsatisfiable build-dependencies: librust-netlink-packet-core-0.4+default-dev (>= 0.4.2-~~), librust-netlink-packet-core-0.4+default-dev (>= 0.4.2-~~)

[Peter Green]

tags 1042194 +patch
thanks


During a rebuild of all packages in sid, your package failed to build
on amd64.


The attached patch makes netavark build again (note: some of the packages
it depends on have only just been accepted, so it may be a little time
before binaries are available in sid).diff -Nru netavark-1.4.0/debian/changelog netavark-1.4.0/debian/changelog
--- netavark-1.4.0/debian/changelog 2023-02-03 11:31:00.0 +
+++ netavark-1.4.0/debian/changelog 2023-08-10 22:42:37.0 +
@@ -1,3 +1,13 @@
+netavark (1.4.0-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply upstream patches for new netlink crates. (Closes: #1042194)
+  * Bump env-logger dependency.
+  * Stop patching zbus cargo dependency and update debian dependency, Debian
+now has zbus 3.x
+
+ -- Peter Michael Green   Thu, 10 Aug 2023 22:42:37 +
+
 netavark (1.4.0-3) unstable; urgency=medium
 
   * Install aardvark-dns by default with netavark
diff -Nru netavark-1.4.0/debian/control netavark-1.4.0/debian/control
--- netavark-1.4.0/debian/control   2023-02-03 11:31:00.0 +
+++ netavark-1.4.0/debian/control   2023-08-10 22:42:37.0 +
@@ -9,7 +9,7 @@
  librust-atty-dev,
  librust-chrono-dev,
  librust-clap-3+derive-dev (>= 3.2.23),
- librust-env-logger-dev (>> 0.9),
+ librust-env-logger-0.10-dev,
  librust-futures-dev,
  librust-fs2-dev,
  librust-humantime-dev,
@@ -17,7 +17,7 @@
  librust-iptables-dev,
  librust-libc-dev,
  librust-log-dev,
- librust-netlink-packet-route-dev,
+ librust-netlink-packet-route-0.17-dev,
  librust-nix-dev,
  librust-rand-dev,
  librust-rtnetlink-dev,
@@ -31,7 +31,7 @@
  librust-termcolor-dev,
  librust-tokio+full-dev,
  librust-url-dev,
- librust-zbus-dev (>= 1.9.2-4),
+ librust-zbus-3-dev (>= 3.6.1),
  librust-zvariant-dev,
  libstd-rust-dev,
  rustc:native ,
diff -Nru netavark-1.4.0/debian/patches/netlink-0.5.patch 
netavark-1.4.0/debian/patches/netlink-0.5.patch
--- netavark-1.4.0/debian/patches/netlink-0.5.patch 1970-01-01 
00:00:00.0 +
+++ netavark-1.4.0/debian/patches/netlink-0.5.patch 2023-08-10 
22:42:37.0 +
@@ -0,0 +1,65 @@
+This patch is based on the upstream commit described below, adapted for
+use in the Debian package by Peter Michael Green.
+
+commit 88a2a7a5a896d9b64d48b95f12e78cf91ee2b05f
+Author: Paul Holzinger 
+Date:   Fri Feb 17 15:03:19 2023 +0100
+
+update netlink-packet-{route,core} to 0.15 and 0.5
+
+They contain breaking changes but nothing major, just moved same type
+definitions.
+
+Signed-off-by: Paul Holzinger 
+
+diff --git a/Cargo.toml b/Cargo.toml
+index de0b465..2620f80 100644
+--- a/Cargo.toml
 b/Cargo.toml
+@@ -44,2 +44,2 @@ zbus = { version = "3.10.0" }
+-netlink-packet-route = "0.13"
+-netlink-packet-core = "0.4.2"
++netlink-packet-route = "0.15"
++netlink-packet-core = "0.5"
+diff --git a/src/network/netlink.rs b/src/network/netlink.rs
+index 4b11a28..dcf165a 100644
+--- a/src/network/netlink.rs
 b/src/network/netlink.rs
+@@ -9,11 +9,14 @@ use crate::{
+ wrap,
+ };
+ use log::{info, trace};
++use netlink_packet_core::{
++NetlinkHeader, NetlinkMessage, NetlinkPayload, NLM_F_ACK, NLM_F_CREATE, 
NLM_F_DUMP, NLM_F_EXCL,
++NLM_F_REQUEST,
++};
+ use netlink_packet_route::{
+ nlas::link::{Info, InfoData, InfoKind, Nla},
+-AddressMessage, LinkMessage, NetlinkHeader, NetlinkMessage, 
NetlinkPayload, RouteMessage,
+-RtnlMessage, AF_INET, AF_INET6, IFF_UP, NLM_F_ACK, NLM_F_CREATE, 
NLM_F_DUMP, NLM_F_EXCL,
+-NLM_F_REQUEST, RTN_UNICAST, RTPROT_STATIC, RTPROT_UNSPEC, 
RT_SCOPE_UNIVERSE, RT_TABLE_MAIN,
++AddressMessage, LinkMessage, RouteMessage, RtnlMessage, AF_INET, 
AF_INET6, IFF_UP, RTN_UNICAST,
++RTPROT_STATIC, RTPROT_UNSPEC, RT_SCOPE_UNIVERSE, RT_TABLE_MAIN,
+ };
+ use netlink_sys::{protocols::NETLINK_ROUTE, SocketAddr};
+ 
+@@ -369,10 +372,7 @@ impl Socket {
+ }
+ 
+ fn send( self, msg: RtnlMessage, flags: u16) -> NetavarkResult<()> {
+-let mut packet = NetlinkMessage {
+-header: NetlinkHeader::default(),
+-payload: NetlinkPayload::from(msg),
+-};
++let mut packet = NetlinkMessage::new(NetlinkHeader::default(), 
NetlinkPayload::from(msg));
+ packet.header.flags = NLM_F_REQUEST | flags;
+ packet.header.sequence_number = {
+ self.sequence_number += 1;
+@@ -440,6 +440,7 @@ impl Socket {
+ return Ok(result);
+ }
+ }
++_ => {}
+ };
+ 
+ offset += rx_packet.header.length as usize;
diff -Nru netavark-1.4.0/debian/patches/netlink-0.7.patch 
netavark-1.4.0/debian/patches/netlink-0.7.patch
--- netavark-1.4.0/debian/patches/netlink-0.7.patch 1970-01-01 
00:00:00.0 +
+++ netavark-1.4.0/debian/patches/netlink-0.7.patch 2023-08-10 
22:42:37.0 +
@@ -0,0 +1,83 @@
+This patch is 

Bug#770171: sshd jail fails when system solely relies on systemd journal for logging

[Andrei Coada]

Hi Team,

This is getting pretty annoying, a 9 years old inconvenience, especially
now that Debian 12 does not even have a syslog service installed by default.
Fail2ban fails to start right after its installation.

The solution is really trivial. At least an SSHD override should be added
in  "paths-debian.conf"  file, such as:

sshd_backend = systemd

so that the fail2ban service can start after one installs it.

Thanks,
Andrei

Bug#862348: fail2ban: fails to filter systemd ssh daemon entries from journal

[Andrei Coada]

Hi Team,

This is getting pretty annoying, especially now that Debian 12 does not
even have a syslog service installed by default.
Fail2ban fails to start right after its installation.

The solution is really trivial. At least an SSHD override should be added
in  "paths-debian.conf"  file, such as:

sshd_backend = systemd

so that the fail2ban service can start after one installs it.

Thanks,
Andrei

Bug#1043433: ITP: alsa-ucm-conf-asahi -- ALSA Use Case Manager configuration (and topologies) for Apple silicon devices

[Tobias Heider]

Package: wnpp
Severity: wishlist
Owner: Tobias Heider 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: alsa-ucm-conf-asahi
  Version : 1
  URL : https://github.com/AsahiLinux/alsa-ucm-conf-asahi
* License : BSD-3-Clause
  Description : ALSA Use Case Manager configuration (and topologies) for 
Apple silicon devices
 This package contains so-called ALSA UCM configuration describing internal
 sound peripherals on Apple hardware. This is to overlay the parent
 alsa-ucm-conf package at /usr/share/alsa.
 .
 ALSA is the Advanced Linux Sound Architecture.

This makes alsa work properly on apple silicon. I intend to maintain this
as part of the debian-banans team.

Bug#1038812: ITP: sexpp -- S-expressions parser and generator C++ library and command-line tool

[Thorsten Alteholz]

On Thu, 10 Aug 2023, Daniel Kahn Gillmor wrote:

The corrected URL is https://github.com/rnp/sexpp and the package name
will be sexpp.  This has been in NEW for over a month now, and is
blocking our ability to ship an updated librnp, which impacts
thunderbird (see #1041409).


It is only that long in NEW because nobody cared to answer my question 
from weeks ago.



It would be great if someone on the FTP team could either accept the
sexpp package, or reject it with an explanation of what needs to be done
to fix it.


I am not going to ACCEPT a package with that name, but maybe someone else 
from the team wants to do this.


  Thorsten





Date: Sun, 16 Jul 2023 11:13:40 +
From: Thorsten Alteholz 
To: Daniel Kahn Gillmor 
Cc: Debian FTP Masters 
Subject: Comments regarding sexpp_0.8.7-1_amd64.changes

Hi Daniel,

given the long discussion about the weboob package, would you mind 
changing the name of your package?


  Thorsten

Bug#1043394: perl: Please add cross config.sh files for hurd-amd64

[Samuel Thibault]

Samuel Thibault, le jeu. 10 août 2023 04:33:00 +0200, a ecrit:
> I could run config.debian natively on the arch, here is the result,
> could you add them to debian/cross/hurd-amd64/, so that we can easily
> cross-build the package?

Ah, the strlcat / strlcpy addition in glibc poses missing
Perl_my_strlcat@Base Perl_my_strlcpy@Base issues. Better use this file
instead.

Samuel
#!/bin/sh
#
# This file was produced by running the Configure script. It holds all the
# definitions figured out by Configure. Should you modify one of these values,
# do not forget to propagate your changes by running "Configure -der". You may
# instead choose to run each of the .SH files by yourself, or "Configure -S".
#

# Package name  : perl5
# Source directory  : /dummy/build/dir
# Configuration time: Tue Oct 18 16:44:58 UTC 2022
# Configured by : Debian
# Target system : gnu localhost 0.9 gnu-mach x86_64-at386 gnu 

: Configure command line arguments.
config_arg0='../Configure'
config_args='-Dmksymlinks -Dusethreads -Duselargefiles -Dcc=x86_64-gnu-gcc 
-Dcpp=x86_64-gnu-cpp -Dld=x86_64-gnu-gcc -Dccflags=-DDEBIAN 
-DAPPLLIB_EXP="/usr/lib/x86_64-gnu/perl-base" -Wdate-time -D_FORTIFY_SOURCE=2 
-g -O2 -ffile-prefix-map=/dummy/build/dir=. -fstack-protector-strong -Wformat 
-Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared 
-Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=x86_64-gnu -Dprefix=/usr 
-Dprivlib=/usr/share/perl/5.36 -Darchlib=/usr/lib/x86_64-gnu/perl/5.36 
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 
-Dvendorarch=/usr/lib/x86_64-gnu/perl5/5.36 -Dsiteprefix=/usr/local 
-Dsitelib=/usr/local/share/perl/5.36.0 
-Dsitearch=/usr/local/lib/x86_64-gnu/perl/5.36.0 -Dman1dir=/usr/share/man/man1 
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 
-Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl 
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm 
-Ui_libutil -Ui_xlocale -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -dEs 
-Uuseshrplib'
config_argc=40
config_arg1='-Dmksymlinks'
config_arg2='-Dusethreads'
config_arg3='-Duselargefiles'
config_arg4='-Dcc=x86_64-gnu-gcc'
config_arg5='-Dcpp=x86_64-gnu-cpp'
config_arg6='-Dld=x86_64-gnu-gcc'
config_arg7='-Dccflags=-DDEBIAN -DAPPLLIB_EXP="/usr/lib/x86_64-gnu/perl-base" 
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/dummy/build/dir=. 
-fstack-protector-strong -Wformat -Werror=format-security'
config_arg8='-Dldflags= -Wl,-z,relro'
config_arg9='-Dlddlflags=-shared -Wl,-z,relro'
config_arg10='-Dcccdlflags=-fPIC'
config_arg11='-Darchname=x86_64-gnu'
config_arg12='-Dprefix=/usr'
config_arg13='-Dprivlib=/usr/share/perl/5.36'
config_arg14='-Darchlib=/usr/lib/x86_64-gnu/perl/5.36'
config_arg15='-Dvendorprefix=/usr'
config_arg16='-Dvendorlib=/usr/share/perl5'
config_arg17='-Dvendorarch=/usr/lib/x86_64-gnu/perl5/5.36'
config_arg18='-Dsiteprefix=/usr/local'
config_arg19='-Dsitelib=/usr/local/share/perl/5.36.0'
config_arg20='-Dsitearch=/usr/local/lib/x86_64-gnu/perl/5.36.0'
config_arg21='-Dman1dir=/usr/share/man/man1'
config_arg22='-Dman3dir=/usr/share/man/man3'
config_arg23='-Dsiteman1dir=/usr/local/man/man1'
config_arg24='-Dsiteman3dir=/usr/local/man/man3'
config_arg25='-Duse64bitint'
config_arg26='-Dman1ext=1'
config_arg27='-Dman3ext=3perl'
config_arg28='-Dpager=/usr/bin/sensible-pager'
config_arg29='-Uafs'
config_arg30='-Ud_csh'
config_arg31='-Ud_ualarm'
config_arg32='-Uusesfio'
config_arg33='-Uusenm'
config_arg34='-Ui_libutil'
config_arg35='-Ui_xlocale'
config_arg36='-Uversiononly'
config_arg37='-DDEBUGGING=-g'
config_arg38='-Doptimize=-O2'
config_arg39='-dEs'
config_arg40='-Uuseshrplib'

Author=''
Date=''
Header=''
Id=''
Locker=''
Log=''
RCSfile=''
Revision=''
Source=''
State=''
_a='.a'
_exe=''
_o='.o'
afs='false'
afsroot='/afs'
alignbytes='8'
aphostname='hostname'
api_revision='5'
api_subversion='0'
api_version='36'
api_versionstring='5.36.0'
ar='ar'
archlib='/usr/lib/x86_64-gnu/perl/5.36'
archlibexp='/usr/lib/x86_64-gnu/perl/5.36'
archname64=''
archname='x86_64-gnu-thread-multi'
archobjs=''
asctime_r_proto='REENTRANT_PROTO_B_SB'
awk='awk'
baserev='5.0'
bash=''
bin='/usr/bin'
bin_ELF='define'
binexp='/usr/bin'
bison='bison'
byacc='byacc'
byteorder='12345678'
c=''
castflags='0'
cat='cat'
cc='x86_64-gnu-gcc'
cccdlflags='-fPIC'
ccdlflags='-Wl,-E'
ccflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN 
-DAPPLLIB_EXP="/usr/lib/x86_64-gnu/perl-base" -Wdate-time -D_FORTIFY_SOURCE=2 
-g -O2 -ffile-prefix-map=/dummy/build/dir=. -fstack-protector-strong -Wformat 
-Werror=format-security -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include 
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
ccname='gcc'
ccsymbols=''
ccversion=''
cf_by='Debian'
cf_email='p...@packages.debian.org'
cf_time='Sun Jan  8 21:28:47 UTC 2023'
charbits='8'
charsize='1'
chgrp=''
chmod='chmod'
chown=''
clocktype='clock_t'
comm='comm'
compiler_warning='grep -i warning'
compress=''

Bug#1030322: gnushogi: FTBFS with TeXInfo 7.0.x

[Bastian Germann]

I am uploading a NMU to move the experimental version to unstable in order to fix this. The debdiff 
is attached.diff -Nru gnushogi-1.5~git20140725/debian/changelog 
gnushogi-1.5~git20140725/debian/changelog
--- gnushogi-1.5~git20140725/debian/changelog   2020-04-03 19:54:19.0 
+0200
+++ gnushogi-1.5~git20140725/debian/changelog   2023-08-10 23:39:21.0 
+0200
@@ -1,3 +1,10 @@
+gnushogi (1.5~git20140725-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Move to unstable (Closes: #1030322)
+
+ -- Bastian Germann   Thu, 10 Aug 2023 23:39:21 +0200
+
 gnushogi (1.5~git20140725-2) experimental; urgency=medium
 
   * Update Vcs-* fields to point to salsa.
@@ -35,6 +42,32 @@
 
  -- Yann Dirson   Tue, 18 Feb 2014 21:24:46 +0100
 
+gnushogi (1.4.2-7) unstable; urgency=medium
+
+  * Fix build with gcc-10 (Closes: #957294).
+
+ -- Yann Dirson   Mon, 24 Aug 2020 23:15:18 +0200
+
+gnushogi (1.4.2-6) unstable; urgency=medium
+
+  * Fix Vcs-git field, broken in 1.4.2-5.
+  * Remove usage of autotools_dev debhelper tools (lintian).
+
+ -- Yann Dirson   Sun, 16 Dec 2018 22:36:56 +0100
+
+gnushogi (1.4.2-5) unstable; urgency=medium
+
+  * Update Vcs-* fields to point to salsa. 
+  * Fix URL to Homepage.
+
+ -- Yann Dirson   Sun, 12 Aug 2018 23:34:39 +0200
+
+gnushogi (1.4.2-4) unstable; urgency=medium
+
+  * Don't ignore failures from sub-makes (Closes: #901539)
+
+ -- Yann Dirson   Sun, 12 Aug 2018 14:39:58 +0200
+
 gnushogi (1.4.2-3) unstable; urgency=medium
 
   * Switch to source format 3.0 (quilt).

Bug#1043424: plasma-desktop: Missing dependency on pipewire breaks screen sharing under Wayland

[Nazar Zhuk]

On 8/10/23 14:45, Lisandro Damian Nicanor Perez Meyer wrote:

I can agree that something in Plasma should depend/recommend xdg-desktop-
portal-kde.  But neither KDE+Wayland nor pipewire are defaults for Debian, so
users wanting to use them are expected to do some work. Granted, it would be
just awesome if no action would be required, but that is sadly not the case
here. I am so downgrading this bug to normal.


KDE is an option you can pick in the installer, which is what I did. It 
shouldn't require a user to know what other dependencies to install 
after with apt. Even if installing plasma-desktop later with apt it 
should have all the dependencies.



I would argue that this bug should be retitled to only care about the xdg-
desktop-portal-kde package.


xdg-desktop-portal-kde was originally installed. pipewire wasn't.

--
Nazar

Bug#1043417: libwraster6: libwraster ABI breakage

[Torrance, Douglas]

Hi Andreas,

On Thu 10 Aug 2023 06:14:44 PM +02, Andreas Metzler  wrote:

already communicated upstream, lets add a blocker bug. The new release
bumped the symbol version of all symbols from LIBWRASTER6 to
LIBWRASTER7, i.e. we have got total ABI breakage, none of the previously
exported symbols are exported anymore.
-
ametzler@argenau:~$ wmweather+ ; echo $?
wmweather+: /lib/x86_64-linux-gnu/libwraster.so.6: version
`LIBWRASTER6' not found (required by wmweather+)
1
-

Upstream had introduced a script for automatic symbol versioning,
however given a libtool version string current:revision:age it
constructs the symbol versioning from $current instead of the soname.
libwraster went from 6:0:0 to 7:0:1 (no soname change).


I've applied the patch that you submitted upstream [1] to the package.  I
think this should fix the issue.  See the latest draft in Salsa [2].

Does this look okay?

Doug

[1] https://groups.google.com/g/wmaker-dev/c/TO106V4iiOo/m/D5oUWxBCDgAJ
[2] https://salsa.debian.org/wmaker-team/wmaker


signature.asc
Description: PGP signature

Bug#890383: ignition-common FTBFS on big endian: UNIT_Util_TEST (Failed)

[Jose Luis Rivero]

Resolved long ago.

On Wed, Apr 11, 2018 at 6:31 PM Jose Luis Rivero 
wrote:

> Thanks for the report. I've submitted the bug upstream:
> https://bitbucket.org/ignitionrobotics/ign-common/issues/33/sha-test-in-big-endian-machines
>
> On Wed, Feb 14, 2018 at 10:46 AM, Adrian Bunk  wrote:
>
>> Source: ignition-common
>> Version: 1.0.1-1
>> Severity: important
>>
>> https://buildd.debian.org/status/package.php?p=ignition-common=sid
>>
>> ...
>>
>> 98% tests passed, 1 tests failed out of 59
>>
>> Total Test time (real) =  10.32 sec
>>
>> The following tests FAILED:
>>  49 - UNIT_Util_TEST (Failed)
>> Errors while running CTest
>> Makefile:143: recipe for target 'test' failed
>> make[2]: *** [test] Error 8
>>
>> --
>> debian-science-maintainers mailing list
>> debian-science-maintain...@lists.alioth.debian.org
>>
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
>>
>
>

Bug#890383: ignition-common FTBFS on big endian: UNIT_Util_TEST (Failed)

[Jose Luis Rivero]

The bug was fixed some years ago. Closing.

On Wed, Apr 11, 2018 at 6:31 PM Jose Luis Rivero 
wrote:

> Thanks for the report. I've submitted the bug upstream:
> https://bitbucket.org/ignitionrobotics/ign-common/issues/33/sha-test-in-big-endian-machines
>
> On Wed, Feb 14, 2018 at 10:46 AM, Adrian Bunk  wrote:
>
>> Source: ignition-common
>> Version: 1.0.1-1
>> Severity: important
>>
>> https://buildd.debian.org/status/package.php?p=ignition-common=sid
>>
>> ...
>>
>> 98% tests passed, 1 tests failed out of 59
>>
>> Total Test time (real) =  10.32 sec
>>
>> The following tests FAILED:
>>  49 - UNIT_Util_TEST (Failed)
>> Errors while running CTest
>> Makefile:143: recipe for target 'test' failed
>> make[2]: *** [test] Error 8
>>
>> --
>> debian-science-maintainers mailing list
>> debian-science-maintain...@lists.alioth.debian.org
>>
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
>>
>
>

Bug#1034000: snapshot.debian.org: Unusual number of 503s on snapshot.d.o

[Theodore Y. Ts'o]

Package: snapshot.debian.org
Followup-For: Bug #1034000

I'm seeing similar failures for a number for the last three snapshots
listed at:

http://snapshot.debian.org/archive/debian/?year=2023=8

Namely for:

 * 2023-08-06 09:19:12
 * 2023-08-07 15:08:23
 * 2023-08-09 03:23:42

As noted in [1] and in the Debian bug #1031628[2], we are also missing
snapshots, but this is different --- even for the snapshots that are
listed as present, they are missing packages, which is this bug
(#1034000).

[1] https://lists.debian.org/debian-devel/2023/08/msg00014.html
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031628

Quoting from [2],

>> Note sure if/how this relates to #1029744 about debian-ports (0 in
>> January, 1 in February).
>> 
>Yes, it's the same thing; not much we can do about it at the moment.

However, when I looked at Debian bug #1029744 there wasn't an
explanation about what might be causing this spate of missing snapshots
and missing packages in snapshots.

If someone on the snapshots.debian.org team could provide some color
commentary about what might be going wrong (are we running out of disk
space?  CPU?  Memory?  Personnel?

Any explanation with suggestions of what help might be able to help
address these problems would be greatly appreciated.

Many thanks!!
 

Bug#1037801: openexr: diff for NMU version 3.1.5-5.1

[Adrian Bunk]

Control: tags 1037801 + patch
Control: tags 1037801 + pending

Dear maintainer,

I've prepared an NMU for openexr (versioned as 3.1.5-5.1) and uploaded 
it to DELAYED/2. Please feel free to tell me if I should cancel it.

cu
Adrian
diff -Nru openexr-3.1.5/debian/changelog openexr-3.1.5/debian/changelog
--- openexr-3.1.5/debian/changelog	2023-04-23 19:46:33.0 +0300
+++ openexr-3.1.5/debian/changelog	2023-08-11 00:09:40.0 +0300
@@ -1,3 +1,10 @@
+openexr (3.1.5-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add upstream fix for FTBFS with gcc 13. (Closes: #1037801)
+
+ -- Adrian Bunk   Fri, 11 Aug 2023 00:09:40 +0300
+
 openexr (3.1.5-5) unstable; urgency=medium
 
   * Team upload.
diff -Nru openexr-3.1.5/debian/patches/0001-Add-missing-include-cstdint-required-by-gcc-13-1264.patch openexr-3.1.5/debian/patches/0001-Add-missing-include-cstdint-required-by-gcc-13-1264.patch
--- openexr-3.1.5/debian/patches/0001-Add-missing-include-cstdint-required-by-gcc-13-1264.patch	1970-01-01 02:00:00.0 +0200
+++ openexr-3.1.5/debian/patches/0001-Add-missing-include-cstdint-required-by-gcc-13-1264.patch	2023-08-11 00:08:37.0 +0300
@@ -0,0 +1,54 @@
+From b8a231ff9082308fb6dda40d78ee7dcde7313678 Mon Sep 17 00:00:00 2001
+From: Cary Phillips 
+Date: Sun, 31 Jul 2022 13:36:03 -0700
+Subject: Add missing #include  required by gcc-13 (#1264)
+
+Originally submitted as #1262, thanks.
+
+Signed-off-by: Cary Phillips 
+---
+ src/bin/exrcheck/main.cpp   | 2 ++
+ src/lib/OpenEXR/ImfDeepTiledInputFile.h | 1 +
+ src/lib/OpenEXR/ImfDeepTiledInputPart.h | 1 +
+ 3 files changed, 4 insertions(+)
+
+diff --git a/src/bin/exrcheck/main.cpp b/src/bin/exrcheck/main.cpp
+index d9812e47..198ebfe9 100644
+--- a/src/bin/exrcheck/main.cpp
 b/src/bin/exrcheck/main.cpp
+@@ -4,6 +4,8 @@
+ #include 
+ #include 
+ 
++#include 
++#include 
+ #include 
+ #include 
+ #include 
+diff --git a/src/lib/OpenEXR/ImfDeepTiledInputFile.h b/src/lib/OpenEXR/ImfDeepTiledInputFile.h
+index ca3372c7..aa768a37 100644
+--- a/src/lib/OpenEXR/ImfDeepTiledInputFile.h
 b/src/lib/OpenEXR/ImfDeepTiledInputFile.h
+@@ -19,6 +19,7 @@
+ 
+ #include "ImfTileDescription.h"
+ 
++#include 
+ #include 
+ 
+ OPENEXR_IMF_INTERNAL_NAMESPACE_HEADER_ENTER
+diff --git a/src/lib/OpenEXR/ImfDeepTiledInputPart.h b/src/lib/OpenEXR/ImfDeepTiledInputPart.h
+index a9ef38a0..86caeb21 100644
+--- a/src/lib/OpenEXR/ImfDeepTiledInputPart.h
 b/src/lib/OpenEXR/ImfDeepTiledInputPart.h
+@@ -10,6 +10,7 @@
+ 
+ #include "ImfTileDescription.h"
+ 
++#include 
+ #include 
+ 
+ OPENEXR_IMF_INTERNAL_NAMESPACE_HEADER_ENTER
+-- 
+2.30.2
+
diff -Nru openexr-3.1.5/debian/patches/series openexr-3.1.5/debian/patches/series
--- openexr-3.1.5/debian/patches/series	1970-01-01 02:00:00.0 +0200
+++ openexr-3.1.5/debian/patches/series	2023-08-11 00:09:39.0 +0300
@@ -0,0 +1 @@
+0001-Add-missing-include-cstdint-required-by-gcc-13-1264.patch

Bug#1043432: ruby-protocol-http1: CVE-2023-38697

[Salvatore Bonaccorso]

Source: ruby-protocol-http1
Version: 0.14.6-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/socketry/protocol-http1/pull/20
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for ruby-protocol-http1.

CVE-2023-38697[0]:
| protocol-http1 provides a low-level implementation of the HTTP/1
| protocol. RFC 9112 Section 7.1 defined the format of chunk size,
| chunk data and chunk extension. The value of Content-Length header
| should be a string of 0-9 digits, the chunk size should be a string
| of hex digits and should split from chunk data using CRLF, and the
| chunk extension shouldn't contain any invisible character. However,
| Falcon has following behaviors while disobey the corresponding RFCs:
| accepting Content-Length header values that have `+` prefix,
| accepting Content-Length header values that written in hexadecimal
| with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and
| accepting LF in chunk extension. This behavior can lead to desync
| when forwarding through multiple HTTP parsers, potentially results
| in HTTP request smuggling and firewall bypassing. This issue is
| fixed in `protocol-http1` v0.15.1. There are no known workarounds.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-38697
https://www.cve.org/CVERecord?id=CVE-2023-38697
[1] https://github.com/socketry/protocol-http1/pull/20
[2] 
https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj
[3] 
https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd
 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1043431: krb5: CVE-2023-36054

[Salvatore Bonaccorso]

Source: krb5
Version: 1.20.1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for krb5.

CVE-2023-36054[0]:
| lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2
| and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote
| authenticated user can trigger a kadmind crash. This occurs because
| _xdr_kadm5_principal_ent_rec does not validate the relationship
| between n_key_data and the key_data array count.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36054
https://www.cve.org/CVERecord?id=CVE-2023-36054
[1] https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1043430: trafficserver: CVE-2022-47185 CVE-2023-33934

[Salvatore Bonaccorso]

Source: trafficserver
Version: 9.2.1+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 9.2.0+ds-2+deb12u1
Control: found -1 8.1.7+ds-1~deb11u1
Control: found -1 8.1.6+ds-1

Hi,

The following vulnerabilities were published for trafficserver.

CVE-2022-47185[0]:
| Improper input validation vulnerability on the range header in
| Apache Software Foundation Apache Traffic Server.This issue affects
| Apache Traffic Server: through 9.2.1.


CVE-2023-33934[1]:
| Improper Input Validation vulnerability in Apache Software
| Foundation Apache Traffic Server.This issue affects Apache Traffic
| Server: through 9.2.1.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-47185
https://www.cve.org/CVERecord?id=CVE-2022-47185
[1] https://security-tracker.debian.org/tracker/CVE-2023-33934
https://www.cve.org/CVERecord?id=CVE-2023-33934
[2] https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1028157:

[Nilson Silva]

Thanks Yaroslav O. Halchenko for the prompt response.
I'll wait for the evolution of this topic!

Thanks!
Nilson F. Silva





Hi Nilson

sorry -- I was not following cython package recently so all kudos
to Stefano and other team members for taking good care of it under team
maintainership.

I think the best would have been to check existing bug reports and
follow up on them, thus to minimize traffic I immediately CCing
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028157

Please follow up here and state your interest to see 3.0.0 in debian.

Note https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028157#10

The latest version of scipy, 1.11.1, needs Cython>=0.29.35
but also declares Cython<3.0.

So we need first check with scipy on either it is ready for cython
3:

- upstream has (and I don't think ever had) no upper bound

> grep Cython pyproject.toml
"Cython>=0.29.18",

 in git log for scipy upstream I find last record for cython3 compat
 from v1.5.0rc1~75 in 2020!  So scipy was in sync with cython
 development

- for debian package upper bound was introduced in


https://salsa.debian.org/python-team/packages/scipy/-/commit/7a469e2435a01468b769f11c14f7e2a5c318fe4a

but no detailed reason provided.  so might have been general precaution.

CCing Drew Parsons maintaining scipy -- may be he could recall the need
for upper bound or just make a verdict to drop that  upper bound?

--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW:   http://www.linkedin.com/in/yarik

Bug#1043429: xserver-xorg-input-libinput: "xinput set-prop" command fails with error

[Gordon Shumway]

Package: xserver-xorg-input-libinput
Version: 1.3.0-1
Severity: important
X-Debbugs-Cc: g.shumw...@gmx.net




-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.

VGA-compatible devices on PCI bus:
--
05:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. 
[AMD/ATI] Lucienne [1002:164c] (rev c1)

/etc/X11/xorg.conf does not exist.

Contents of /etc/X11/xorg.conf.d:
-
total 0

/etc/modprobe.d contains no KMS configuration files.

Kernel version (/proc/version):
---
Linux version 6.4.0-2-amd64 (debian-ker...@lists.debian.org) (gcc-13 (Debian 
13.2.0-1) 13.2.0, GNU ld (GNU Binutils for Debian) 2.41) #1 SMP PREEMPT_DYNAMIC 
Debian 6.4.4-3 (2023-08-08)

Bug#1043426: (no subject)

[dllud]

Pixel Saver was working properly with Debian 11 bullseye on both machines.

Bug#1028157:

[Nilson Silva]

Hello !

Stefano and Yaroslav Halchenko. I decided to talk to Stefano because,
 from what I saw, he was the one who made the last updates of cython.
And for Yaroslav Halchenko, because he is the maintainer of the package.

I'm working on a package 
https://github.com/dofuuz/python-soxr/blob/main/pyproject.toml
 which needs cython in its version >=3.0a7.

As it is not a simple package and has many open bugs.
I don't feel encouraged to collaborate.
For this reason I would like to know if there is an update forecast for this 
package?

Thanks!
Nilson F. Silva

Bug#1028157: cython update

[Yaroslav Halchenko]

Hi Nilson

sorry -- I was not following cython package recently so all kudos
to Stefano and other team members for taking good care of it under team
maintainership.

I think the best would have been to check existing bug reports and
follow up on them, thus to minimize traffic I immediately CCing
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028157

Please follow up here and state your interest to see 3.0.0 in debian.

Note https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028157#10

The latest version of scipy, 1.11.1, needs Cython>=0.29.35
but also declares Cython<3.0.

So we need first check with scipy on either it is ready for cython
3:

- upstream has (and I don't think ever had) no upper bound

> grep Cython pyproject.toml
"Cython>=0.29.18",

 in git log for scipy upstream I find last record for cython3 compat
 from v1.5.0rc1~75 in 2020!  So scipy was in sync with cython
 development

- for debian package upper bound was introduced in


https://salsa.debian.org/python-team/packages/scipy/-/commit/7a469e2435a01468b769f11c14f7e2a5c318fe4a

but no detailed reason provided.  so might have been general precaution. 

CCing Drew Parsons maintaining scipy -- may be he could recall the need
for upper bound or just make a verdict to drop that  upper bound?

-- 
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW:   http://www.linkedin.com/in/yarik

Bug#1042876: RFS: git-credential-azure/0.2.1-1 [ITP] -- Git credential helper for Azure Repos (program)

[M Hickford]

On Thu, 10 Aug 2023 at 21:04, Nilesh Patra  wrote:
>
>
>
> On 11 August 2023 1:32:07 am IST, Nilesh Patra  
> wrote:
> >
> >
> >On 4 August 2023 8:21:50 pm IST, M Hickford  wrote:
> >>X-Debbugs-CC: debian...@lists.debian.org
> >>
> >>Dear mentors,
> >>
> >>I am looking for a sponsor for my package "git-credential-azure":
> >>
> >> * Package name : git-credential-azure
> >>   Version  : 0.2.1-1
> >>   Upstream contact : M Hickford 
> >> * URL  : https://github.com/hickford/git-credential-azure
> >
> >The upstream readme says that this software is in alpha. Do you consider it 
> >ready to go to testing or is it better suited for experimental?

Thanks Nilesh for your reply. Ready for testing I'd say.

> >
> >I think it's the latter, but you probably know best.
>
> And since git-credential-manager is a mature alternative, what advantage does 
> credential-azure have over it?

Principally Linux arm64 support. I've updated the readme.

>
> Why not package credential-manager itself? Why not get the enhancements 
> merged into the alternative instead?

Git Credential Manager is prohibitively difficult to package because
it's developed in .NET
https://github.com/dotnet/source-build/discussions/2960

>
> Thanks,
> Nilesh

Bug#1008202: usrmerge: conversion fails in Docker container (due to overlayfs)

[Tom Levy]

For people that have to convert a container but can't use the
unpacking method suggested by Marco, here is a simple workaround.

WARNING: This worked for me, but I don't know if it's safe. If
something goes wrong it can be *very* difficult to recover, so before
converting, I strongly recommend as a bare minimum to download/install
the package busybox-static and copy the busybox executable to a safe
location (and confirm using ldd that it's not a dynamic executable).

The idea of this workaround is to use mv from coreutils instead of
Perl's rename() function, since mv supports moving directories across
filesystems (by copying then removing the original). Unfortunately,
this is slower, so there will be a longer period of time where /bin
etc. won't exist.

Steps:

1. Change line 237 of /usr/lib/usrmerge/convert-usrmerge from

if (not rename($dir, "$dir~~delete~usrmerge~~")) {# XXX race

to

mv($dir, "$dir~~delete~usrmerge~~"); if (0) {# XXX race

2. Run /usr/lib/usrmerge/convert-usrmerge

I also attached a patch for convenience.

Cheers,
Tom
--- /usr/lib/usrmerge/convert-usrmerge.orig	2018-12-07 22:21:58.0 +
+++ /usr/lib/usrmerge/convert-usrmerge
@@ -234,7 +234,7 @@
 	}
 
 	no autodie;
-	if (not rename($dir, "$dir~~delete~usrmerge~~")) {	# XXX race
+	mv($dir, "$dir~~delete~usrmerge~~"); if (0) {	# XXX race
 		if ($!{EBUSY}) {
 			handle_ebusy($dir);
 			return;

Bug#1042876: RFS: git-credential-azure/0.2.1-1 [ITP] -- Git credential helper for Azure Repos (program)

[Nilesh Patra]

On 11 August 2023 1:32:07 am IST, Nilesh Patra  wrote:
>
>
>On 4 August 2023 8:21:50 pm IST, M Hickford  wrote:
>>X-Debbugs-CC: debian...@lists.debian.org
>>
>>Dear mentors,
>>
>>I am looking for a sponsor for my package "git-credential-azure":
>>
>> * Package name : git-credential-azure
>>   Version  : 0.2.1-1
>>   Upstream contact : M Hickford 
>> * URL  : https://github.com/hickford/git-credential-azure
>
>The upstream readme says that this software is in alpha. Do you consider it 
>ready to go to testing or is it better suited for experimental?
>
>I think it's the latter, but you probably know best.

And since git-credential-manager is a mature alternative, what advantage does 
credential-azure have over it?

Why not package credential-manager itself? Why not get the enhancements merged 
into the alternative instead?

Thanks,
Nilesh

Bug#1036751: RFS: mini-httpd/1.30-4 [ITA] -- Small HTTP server

[Alexandru Mihail]

I committed the fixes, after reading your review on salsa.
Please take a look at
https://salsa.debian.org/debian/mini-httpd/-/merge_requests/2/diffs?commit_id=f89931149c0c7105585061cbfbdcc2cd2ac212b5
when you can.

Cheers,
Alexandru


signature.asc
Description: This is a digitally signed message part

Bug#1042876: RFS: git-credential-azure/0.2.1-1 [ITP] -- Git credential helper for Azure Repos (program)

[Nilesh Patra]

On 4 August 2023 8:21:50 pm IST, M Hickford  wrote:
>X-Debbugs-CC: debian...@lists.debian.org
>
>Dear mentors,
>
>I am looking for a sponsor for my package "git-credential-azure":
>
> * Package name : git-credential-azure
>   Version  : 0.2.1-1
>   Upstream contact : M Hickford 
> * URL  : https://github.com/hickford/git-credential-azure

The upstream readme says that this software is in alpha. Do you consider it 
ready to go to testing or is it better suited for experimental?

I think it's the latter, but you probably know best.

Thanks,
Nilesh

Bug#1041409: thunderbird: OpenPGP features in v115 requires librnp0 >= 0.17.0 not in archive

[Paul Gevers]

Package: thunderbird
Version: 1:115.1.0-1
Followup-For: Bug #1041409

Hi,

I upgraded thunderbird after the latest version migrated to testing
and sending messages fails until I disable signing them. It seems this
issue is still present, despite the switch to the internal version.

The failure message is rather unspecific: "Sending of the message failed."

Paul

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages thunderbird depends on:
ii  debianutils  5.8-1
ii  fontconfig   2.14.1-4
ii  kdialog  4:22.12.3-1
ii  libasound2   1.2.9-1
ii  libatk1.0-0  2.48.3-1
ii  libc62.37-6
ii  libcairo-gobject21.16.0-7
ii  libcairo21.16.0-7
ii  libdbus-1-3  1.14.8-2
ii  libdbus-glib-1-2 0.112-3
ii  libevent-2.1-7   2.1.12-stable-8
ii  libffi8  3.4.4-1
ii  libfontconfig1   2.14.1-4
ii  libfreetype6 2.13.0+dfsg-1
ii  libgcc-s113.2.0-1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.77.1-2
ii  libgtk-3-0   3.24.38-2
ii  libnspr4 2:4.35-1.1
ii  libnss3  2:3.91-1
ii  libotr5  4.1.1-5
ii  libpango-1.0-0   1.50.14+ds-1
ii  libstdc++6   13.2.0-1
ii  libvpx7  1.12.0-1
ii  libx11-6 2:1.8.6-1
ii  libx11-xcb1  2:1.8.6-1
ii  libxcb-shm0  1.15-1
ii  libxcb1  1.15-1
ii  libxext6 2:1.3.4-1+b1
ii  libxrandr2   2:1.5.2-2+b1
ii  psmisc   23.6-1
ii  x11-utils7.7+5
ii  zlib1g   1:1.2.13.dfsg-1

Versions of packages thunderbird recommends:
ii  hunspell-en-us [hunspell-dictionary]  1:2020.12.07-2
ii  hunspell-nl [hunspell-dictionary] 2:2.20.19-2

Versions of packages thunderbird suggests:
ii  apparmor  3.0.8-3
ii  fonts-lyx 2.3.7-1
ii  libgssapi-krb5-2  1.20.1-2

-- no debconf information

Bug#1043428: clamav: Mention in the README.Debian that clamAV AppArmor profiles do not allow OnAccess scanning

[Michal Maloszewski]

Package: clamav
Version: 0.103.8+dfsg-0ubuntu0.20.04.1
Severity: wishlist
Tags: a11y patch

Dear Maintainer,

Apparmor profiles included with the Ubuntu packages - "clamav-daemon"
and "clamav-freshclam" - do not allow the proper execution of clamd
(disallow OnAccess scanning).

The only missing capability that prevents clamd from starting in OnAccess mode 
seems to be the 'sys_admin' capability.
The best way would be to handle it by giving cap_sys_admin to /usr/sbin/clamd 
or to the clamav user.

The apparmor rule that would need to be added by default is considered not safe.

Therefore, the fix can only be to ensure users who want to use it this way are 
aware.

Proposed diff in the attachment.

-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "6"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "12"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "1"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

Config file: freshclam.conf
---
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute 

Bug#1043424: plasma-desktop: Missing dependency on pipewire breaks screen sharing under Wayland

[Lisandro Damian Nicanor Perez Meyer]

severity 1043424 normal
thanks

Hi!

On jueves, 10 de agosto de 2023 15:19:04 -03 Nazar Zhuk wrote:
> Package: plasma-desktop
> Version: 4:5.27.5-2
> Severity: important
> X-Debbugs-Cc: nazar@zhuk.online
> 
> Dear Maintainer,
> 
>* What led up to the situation?
>I attempted screen sharing in Zoom on a fresh install of Debian 12
>with KDE Plasma under Wayland.
> 
>* What was the outcome of this action?
>KDE window allowed me to pick a screen or a window to share. It did
>not show previews. Upon selection the error was shown:
>KDE Portal Integration
>Failed to start screencasting
>Failed to create PipeWire context
> 
>* What outcome did you expect instead?
>I expected the screen/window to be shared.
> 
> I tested screen capture in
> https://mozilla.github.io/webrtc-landing/gum_test.html to make sure this
> isn't a Zoom issue. Same outcome.
> 
> After some searching and digging the issue appears to be that pipewire
> was not installed.
> 
> This fixed the problem:
> 
> sudo apt install pipewire
> systemctl --user start pipewire
> 
> pipewire should be a dependency of plasma-desktop or one of it's
> dependencies so this works out of the box.
> 
> Marking this as important since screen sharing is a must for a desktop OS
> in business.

I can agree that something in Plasma should depend/recommend xdg-desktop-
portal-kde.  But neither KDE+Wayland nor pipewire are defaults for Debian, so 
users wanting to use them are expected to do some work. Granted, it would be 
just awesome if no action would be required, but that is sadly not the case 
here. I am so downgrading this bug to normal.

I would argue that this bug should be retitled to only care about the xdg-
desktop-portal-kde package.

Kinds regards, Lisandro.





signature.asc
Description: This is a digitally signed message part.

Bug#1043427: src:utop: fails to migrate to testing for too long: blocked by ocaml-logs rebuild

[Paul Gevers]

Source: utop
Version: 2.13.0-1
Severity: serious
Control: close -1 2.13.1-2
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:utop has been trying to migrate for 37 
days [2]. Hence, I am filing this bug. The version in unstable seems to 
be involved in some ocaml transition that appears to be stalled somehow. 
(I hardly understand how the ocaml ecosystem in Debian works).


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=utop

Bug#1043426: GNOME freezes when Pixel Saver is enabled

[dllud]

Package: gnome-shell-extension-pixelsaver
Version: 1.30-1
Severity: critical

Enabling the Pixel Saver GNOME Shell Extension freezes GNOME
immediately. No mouse or keyboard input is accepted. Only Alt+SysRq+k
gets me out of it.

On subsequent sessions, i.e. with Pixel Saver previously enabled, GNOME
will freeze when any window is opened. I supposed that's when Pixel
Saver's code gets called.

Upon freezing, and getting killed with Alt+SysRq+k, sometimes GNOME
disables all Extensions on the next session (probably a failsafe). As
soon as I enable the Extensions, GNOME freezes immediately, making it
impossible to disable Pixel Saver (greyed out when Extensions are disabled).

Uninstalling gnome-shell-extension-pixelsaver solves it all.

I got a couple segfaults on dmesg, like this:
gnome-shell[11082]: segfault at 78 ip 7f01cbb92b57 sp
7f01937fd420 error 4 in libglib-2.0.so.0.7400.6[7f01cbb07000+8d000]
likely on CPU 0 (core 0, socket 0)
I do not get them everytime GNOME freezes, therefore I don't know if
it's related.

On rare occasions, I was able to run sessions with Pixel Saver enabled
(and visually working) without any freeze. The freezing returns upon
restarting the session. I was unable to reproduce the (rare) conditions
which enable Pixel Saver to run smoothly.

I was able to reproduce all this on 2 different desktop machines. Both
x86_64, running Debian 12 bookworm with kernel 6.1.0-10-amd64 and GNOME
Shell 43.6 on Wayland. Apart from that, all hardware (CPU, GPU,
motherboard, display) is different.

Bug#1036751: RFS: mini-httpd/1.30-4 [ITA] -- Small HTTP server

[Alexandru Mihail]

Hello Nicholas,
I was in the process of writing this mail when I just saw your gitlab
activity.

>+1 and where can I see this new work?

git checkout 1.5c
git diff 1.4.2 -- conf/httpd.conf-dist | grep -B 2 -A 4 " VirtualHost "
+#BindAddress 127.0.0.1
+
+# VirtualHost allows you to look differently depending on the hostname
you
+# are called by.  The parameter must be either an IP address or a
hostname
+# that maps to a single IP address.  Most of the normal httpd.conf
commands
+# are available, as well as the ability to denote a special
ResourceConfig
+# file for this host.
+# You can also specify an error level with this setting, by denoting
the 
+# VirtualHost as Optional or Required.
+
+
+DocumentRoot /local
+ServerName localhost.ncsa.uiuc.edu


But this does not matter anymore : "We discussed this, and you agreed
that 1.4.2 just confuses things.  Just stick with 1.5."
I agree and I remember.

"I wonder if he used the not-for-export version, and then didn't edit
htpasswd* ?"
This seems like the case to me too..

I will work on the other points you've noted and commit again when I'm
ready.

>If you strongly dislike using web interfaces and prefer patches via
>email, please let me know and we'll switch back to email.

No, not at all. I actually prefer the web iface for leaving more
trivial, small notes on the MR and for replying to them in a more
timely manner than a traditional bug mail, it's up to you too.

Thanks,
Alexandru



signature.asc
Description: This is a digitally signed message part

Bug#1043234: libmath-bigint-perl: subclassing breaks numeric comparison

[Niko Tyni]

Control: forwarded -1 https://github.com/pjacklam/p5-Math-BigInt/issues/8
Control: tag -1 patch
Control: affects -1 libpgobject-type-bigfloat-perl

On Mon, Aug 07, 2023 at 08:06:09PM +0100, Niko Tyni wrote:
> Package: libmath-bigint-perl
> Version: 1.999838-1
> Severity: important
> Tags: ftbfs upstream
> User: debian-p...@lists.debian.org
> Usertags: perl-5.38-transition
> Control: affects -1 ledgersmb

> I was able to narrow it down to this test, which fails with newer versions:
> 
> ---
> package MyFloat;
> use base qw(Math::BigFloat);
> 1;
> 
> print MyFloat->new(.99) == Math::BigFloat->new(.99) ? "ok\n": "not 
> ok\n";
> ---
> 
> It bisects down to upstream commit 
> 
>   
> https://github.com/pjacklam/p5-Math-BigInt/commit/46d1252c98f565ae787c840173e5f98acf8953f1
> 
> so it regressed with upstream version 1.999836.

I've filed an upstream bug at 
https://github.com/pjacklam/p5-Math-BigInt/issues/8
and sent a proposed patch at  https://github.com/pjacklam/p5-Math-BigInt/pull/9

-- 
Niko

Bug#1030129: (no subject)

[Dan Mick]

Are there any plans to backport this?  Is the bug in a state that allows 
it to show up as an action item for the maintainers?

Bug#1043425: libmethod-signatures-perl: FTBFS with Perl 5.38: Smartmatch is deprecated

[Niko Tyni]

Source: libmethod-signatures-perl
Version: 20170211-3
Severity: important
Tags: ftbfs trixie sid
User: debian-p...@lists.debian.org
Usertags: perl-5.38-transition

This package fails to build from source with Perl 5.38 (currently in
experimental.)

  
http://perl.debian.net/rebuild-logs/perl-5.38-throwaway/libmethod-signatures-perl_20170211-3/libmethod-signatures-perl_20170211-3_amd64-2023-08-04T06:11:02Z.build

#   Failed test 'no warnings for using smartmatch'
#   at t/where.t line 21.
# found warning: Smartmatch is deprecated at (eval 34) line 1.
# didn't expect to find a warning
Any::Moose is deprecated. Please use Moo instead at 
/<>/blib/lib/Method/Signatures.pm line 1293.
# Looks like you failed 1 test of 6.
t/where.t  
not ok 1 - no warnings for using smartmatch
[...]
Test Summary Report
---
t/role_check_basic.t   (Wstat: 0 Tests: 2 Failed: 0)
  TODO passed:   1-2
t/syntax_errors.t  (Wstat: 0 Tests: 3 Failed: 0)
  TODO passed:   2
t/where.t  (Wstat: 256 (exited 1) Tests: 6 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=68, Tests=446,  9 wallclock secs ( 0.18 usr  0.07 sys +  7.81 cusr  
1.39 csys =  9.45 CPU)
Result: FAIL
 
-- 
Niko Tyni   nt...@debian.org

Bug#1043424: plasma-desktop: Missing dependency on pipewire breaks screen sharing under Wayland

[Nazar Zhuk]

Package: plasma-desktop
Version: 4:5.27.5-2
Severity: important
X-Debbugs-Cc: nazar@zhuk.online

Dear Maintainer,

   * What led up to the situation?
   I attempted screen sharing in Zoom on a fresh install of Debian 12
   with KDE Plasma under Wayland.

   * What was the outcome of this action?
   KDE window allowed me to pick a screen or a window to share. It did
   not show previews. Upon selection the error was shown:
   KDE Portal Integration
   Failed to start screencasting
   Failed to create PipeWire context

   * What outcome did you expect instead?
   I expected the screen/window to be shared.

I tested screen capture in
https://mozilla.github.io/webrtc-landing/gum_test.html to make sure this
isn't a Zoom issue. Same outcome.

After some searching and digging the issue appears to be that pipewire
was not installed.

This fixed the problem:

sudo apt install pipewire
systemctl --user start pipewire

pipewire should be a dependency of plasma-desktop or one of it's
dependencies so this works out of the box.

Marking this as important since screen sharing is a must for a desktop OS
in business.


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages plasma-desktop depends on:
ii  accountsservice  22.08.8-6
ii  breeze   4:5.27.5-2
ii  kactivitymanagerd5.27.5-2
ii  kde-cli-tools4:5.27.5.1-2
ii  kded55.103.0-1
ii  kio  5.103.0-1
ii  kpackagetool55.103.0-1
ii  layer-shell-qt   5.27.5-2
ii  libaccounts-qt5-11.16-2
ii  libc62.36-9+deb12u1
ii  libglib2.0-0 2.74.6-2
ii  libibus-1.0-51.5.27-5
ii  libkaccounts24:22.12.3-1
ii  libkf5activities55.103.0-1
ii  libkf5activitiesstats1   5.103.0-1
ii  libkf5authcore5  5.103.0-1
ii  libkf5baloo5 5.103.0-2
ii  libkf5bookmarks5 5.103.0-1
ii  libkf5codecs55.103.0-1
ii  libkf5completion55.103.0-1
ii  libkf5configcore55.103.0-2
ii  libkf5configgui5 5.103.0-2
ii  libkf5configwidgets5 5.103.0-1
ii  libkf5coreaddons55.103.0-1
ii  libkf5crash5 5.103.0-1
ii  libkf5dbusaddons55.103.0-1
ii  libkf5globalaccel-bin5.103.0-1
ii  libkf5globalaccel5   5.103.0-1
ii  libkf5guiaddons5 5.103.0-1
ii  libkf5i18n5  5.103.0-1
ii  libkf5iconthemes55.103.0-1
ii  libkf5itemviews5 5.103.0-1
ii  libkf5jobwidgets55.103.0-1
ii  libkf5kcmutils5  5.103.0-3
ii  libkf5kcmutilscore5  5.103.0-3
ii  libkf5kdelibs4support5   5.103.0-1
ii  libkf5kiocore5   5.103.0-1
ii  libkf5kiofilewidgets55.103.0-1
ii  libkf5kiogui55.103.0-1
ii  libkf5kiowidgets55.103.0-1
ii  libkf5newstuffcore5  5.103.0-1
ii  libkf5notifications5 5.103.0-1
ii  libkf5notifyconfig5  5.103.0-1
ii  libkf5package5   5.103.0-1
ii  libkf5plasma55.103.0-1
ii  libkf5plasmaquick5   5.103.0-1
ii  libkf5quickaddons5   5.103.0-1
ii  libkf5runner55.103.0-1
ii  libkf5service-bin5.103.0-1
ii  libkf5service5   5.103.0-1
ii  libkf5solid5 5.103.0-1
ii  libkf5sonnetcore55.103.0-1
ii  libkf5sonnetui5  5.103.0-1
ii  libkf5widgetsaddons5 5.103.0-1
ii  libkf5windowsystem5  5.103.0-1
ii  libkf5xmlgui55.103.0-1
ii  libkworkspace5-5 4:5.27.5-2
ii  libnotificationmanager1  4:5.27.5-2
ii  libpackagekitqt5-1   1.1.1-1
ii  libphonon4qt5-4  4:4.11.1-4
ii  libprocesscore9  4:5.27.5-2
ii  libqt5concurrent5 

Bug#1043423: ukwm: Incompatible with gsettings-desktop-schemas 45

[Jeremy Bícha]

Source: ukwm
Version: 1.2.0-2
Severity: important

ukwm uses the gsettings key org.gnome.desktop.wm.keybindings
toggle-shaded but this key is being dropped in
gsettings-desktop-schemas 45.alpha

Please update ukwm to stop using this key.

See for instance:
https://gitlab.gnome.org/GNOME/metacity/-/commit/bd5f8743e9ec6697

Thank you,
Jeremy Bícha

Bug#1043324: pybuild-plugin-pyproject: always copy pytest.ini (if present)

[Sandro Tosi]

> Looking at this, it already should be. Do we have examples where it isn't?
>
> https://salsa.debian.org/python-team/tools/dh-python/-/blob/4ae1f8962c2cbe85a8fbc6e1bbba2268c6384579/dhpython/build/base.py#L51

hm now im confused too, since it appears to be working already.

This was part of trying to get tests (at build-time and autopkgtests)
enabled for tvdb-api, currently i cant run adt (waiting for pytest-env
from NEW) but i'll give it another run when that package is in the
archive

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Bug#977321: O: autoconf2.13 -- automatic configure script builder (obsolete version)

[Bastian Germann]

On Fri, 18 Dec 2020 02:16:55 +0100 Axel Beckert  wrote:

Hi Ben,

Ben Pfaff wrote:
> This package is really obsolete.  It has several bug reports but the
> right thing to do is probably to get any packages that use autoconf2.13
> updated to use something else.  (Or removed; they are antiques
> themselves.)

While I hoped that you are right, there seem at least two big blockers
on a first glance: Firefox and Thunderbird.

I tried to make a quick list of affected packages:

→ grep-dctrl -s Package -FBuild-Depends,Build-Depends-Indep,Build-Depends-Arch 
autoconf2.13 /var/lib/apt/lists/*Source* | fgrep Package | sort -u
Package: firefox
Package: firefox-esr
Package: gcc-3.3
Package: gcc-m68hc1x
Package: grass
Package: maxima
Package: mozjs52
Package: mozjs78
Package: postgis
Package: thunderbird
Package: vflib3
Package: xemacs21

And yeah, some packages in this list are really old. gcc-3.3 recently
has been orphaned for similar reasons: https://bugs.debian.org/966317

So I tried to figure out which versions of Firefox and Thunderbird
exactly are affected and it started to look less bad:


The list is now

mozjs78
gcc-3.3
mozjs102
xemacs21

gcc-3.3 can be dropped at any time. mozjs78 can be dropped as soon as 
cjs has moved v5.8.0 to unstable. That leaves mozjs102 and xemacs21.


The major problem with this: mozjs102 and probably a future mozjs115 
still need autoconf2.13 to reconfigure. The mozjs source contains the 
built configure, so an alternative would be to just use that.


The same goes for xemacs if it is not updated (see #343083).

I guess, for trixie it is already too late to hand in Spidermonkey 
patches to update the build system because trixie will likely release 
with mozjs115.

Bug#1043422: bookworm-pu: package nco/5.1.4-1+deb12u1

[Bas Couwenberg]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: n...@packages.debian.org
Control: affects -1 + src:nco

[ Reason ]
As reported in #1043409, nco in bookworm lost udunits2 support causing a 
significant loss in functionality.

[ Impact ]
Significant loss of functionality.

[ Tests ]
Upstream test suite.

[ Risks ]
Low, trivial change to a leaf package.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The branch needs to be updated to keep git-buildpackage and debcheckout working.

The --disable-udunits configure option now disables udunits2 support instead of 
udunits support as before, dropping the option makes --enable-udunits2 works as 
intended again.

[ Other info ]
N/A

Kind Regards,

Bas
diff -Nru nco-5.1.4/debian/changelog nco-5.1.4/debian/changelog
--- nco-5.1.4/debian/changelog  2023-01-11 08:01:46.0 +0100
+++ nco-5.1.4/debian/changelog  2023-08-10 19:23:45.0 +0200
@@ -1,3 +1,11 @@
+nco (5.1.4-1+deb12u1) bookworm; urgency=medium
+
+  * Update branch in gbp.conf & Vcs-Git URL.
+  * Fix udunits2 support.
+(closes: #1043409)
+
+ -- Bas Couwenberg   Thu, 10 Aug 2023 19:23:45 +0200
+
 nco (5.1.4-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru nco-5.1.4/debian/control nco-5.1.4/debian/control
--- nco-5.1.4/debian/control2023-01-11 08:01:46.0 +0100
+++ nco-5.1.4/debian/control2023-08-10 19:23:43.0 +0200
@@ -18,7 +18,7 @@
texinfo
 Standards-Version: 4.6.1
 Vcs-Browser: https://salsa.debian.org/debian-gis-team/nco
-Vcs-Git: https://salsa.debian.org/debian-gis-team/nco.git
+Vcs-Git: https://salsa.debian.org/debian-gis-team/nco.git -b bookworm
 Homepage: http://nco.sourceforge.net/
 Rules-Requires-Root: no
 
diff -Nru nco-5.1.4/debian/gbp.conf nco-5.1.4/debian/gbp.conf
--- nco-5.1.4/debian/gbp.conf   2023-01-11 08:01:46.0 +0100
+++ nco-5.1.4/debian/gbp.conf   2023-08-10 19:23:36.0 +0200
@@ -6,7 +6,7 @@
 
 # The default name for the Debian branch is "master".
 # Change it if the name is different (for instance, "debian/unstable").
-debian-branch = master
+debian-branch = bookworm
 
 # git-import-orig uses the following names for the upstream tags.
 # Change the value if you are not using git-import-orig
diff -Nru nco-5.1.4/debian/rules nco-5.1.4/debian/rules
--- nco-5.1.4/debian/rules  2023-01-11 08:01:46.0 +0100
+++ nco-5.1.4/debian/rules  2023-08-10 19:23:45.0 +0200
@@ -25,7 +25,6 @@
--libdir=/usr/lib/nco \
--disable-nco_cplusplus \
--disable-static \
-   --disable-udunits \
--enable-dap \
--enable-gsl \
--enable-ncap2 \

Bug#1043409: [DKIM] Bug#1043409: 'nco' misses UDUnits2 conversions

[Sebastiaan Couwenberg]

Control: reassign -1 src:nco
Control: found -1 nco/5.1.4-1
Control: severity -1 important
Control: tags -1 pending

On 8/10/23 15:18, Vries de, Hans (KNMI) wrote:

In bookworm the package ‘nco’ misses the UDUnits2 conversions, below the output 
of ncap2 —revision, at the bottom.

[...]
UDUnits2 conversionsNo  http://nco.sf.net/nco.html#udunits

In bullseye this was active. Is it possible to switch it on in bookworm as well?


Nothing has changed to the packaging, it still build depends on 
libudunits2-dev and debian/rules uses --enable-udunits2 explicitly.


--disable-udunits is also used explicitly, which turns out to now 
disable udunits2 support instead of udunits support. Dropping this 
option from debian/rules resolves the issue.


Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1043421: rust-rustls FTBFS: file not found error.

[Peter Green]

Package: rust-rustls
Version: 0.21.6-1
Severity: serious

rust-rustls fails to build from source.


error: couldn't read rustls/build.rs: No such file or directory (os error 2)

error: could not compile `rustls` due to previous error

Bug#1043324: pybuild-plugin-pyproject: always copy pytest.ini (if present)

[Stefano Rivera]

Control: -1 tags + moreinfo

Hi Sandro (2023.08.09_06:28:28_+)
> Hello,
> pybuild-plugin-pyproject already copies the directory `tests` or `test`;
> probably it should also copy by default the file `pytest.ini` if present.

Looking at this, it already should be. Do we have examples where it isn't?

https://salsa.debian.org/python-team/tools/dh-python/-/blob/4ae1f8962c2cbe85a8fbc6e1bbba2268c6384579/dhpython/build/base.py#L51

Stefano

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Bug#1043420: orphan-sysvinit-scripts: triggers will be broken by /usr-merge

[Helmut Grohne]

Package: orphan-sysvinit-scripts
Version: 0.14
Tags: patch

Hi Matthew,

orphan-sysvinit-scripts happes to declare trigger interest in a way that
is affected by the /usr-merge. As packages move their unit files from /
to /usr, dpkg will cease activating orphan-sysvinit-scripts's trigger.
This is not a problem now, because the file move moratorium prevents
such moves, but when we lift the moratorium, this issue will become
release critical. The problem is described in DEP17-P2 (draft available
at https://subdivi.de/~helmut/dep17.html). Even though we are still in
the process of selecting mitigations, the mitigation for this already is
pretty clear: Duplicating triggers (M12). I'm attaching a patch for your
convenience.

This change is compatible with the moratorium and can be applied right
away. It would be good to have this change in trixie within two months
from now.

Maintaining this duplication may be annoying due to the number of
interests. If you prefer, we can try generating the trigger file at
build to enforce the duplication rule. Let me know if you want me to do
that.

Let me know if you have any questions.

Helmut
diff --minimal -Nru orphan-sysvinit-scripts-0.14/debian/changelog 
orphan-sysvinit-scripts-0.14+nmu1/debian/changelog
--- orphan-sysvinit-scripts-0.14/debian/changelog   2023-02-24 
11:01:40.0 +0100
+++ orphan-sysvinit-scripts-0.14+nmu1/debian/changelog  2023-08-10 
18:40:24.0 +0200
@@ -1,3 +1,10 @@
+orphan-sysvinit-scripts (0.14+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Duplicate triggers for /usr-merge. (Closes: #-1)
+
+ -- Helmut Grohne   Thu, 10 Aug 2023 18:40:24 +0200
+
 orphan-sysvinit-scripts (0.14) unstable; urgency=medium
 
   * Divert rsyslog-rotate with a portable version (Closes: #1031854)
diff --minimal -Nru 
orphan-sysvinit-scripts-0.14/debian/orphan-sysvinit-scripts.triggers 
orphan-sysvinit-scripts-0.14+nmu1/debian/orphan-sysvinit-scripts.triggers
--- orphan-sysvinit-scripts-0.14/debian/orphan-sysvinit-scripts.triggers
2023-02-24 11:01:40.0 +0100
+++ orphan-sysvinit-scripts-0.14+nmu1/debian/orphan-sysvinit-scripts.triggers   
2023-08-10 18:40:21.0 +0200
@@ -1,11 +1,25 @@
+# According to DEP17-P2/M12, triggers for locations affected by /usr-merge
+# should be duplicated until forky is released. Then, the non-/usr variants may
+# be deleted.
+interest-noawait /usr/lib/systemd/system/NetworkManager.service
 interest-noawait /lib/systemd/system/NetworkManager.service
+interest-noawait /usr/lib/systemd/system/avahi-daemon.service
 interest-noawait /lib/systemd/system/avahi-daemon.service
+interest-noawait /usr/lib/systemd/system/avahi-dnsconfd.service
 interest-noawait /lib/systemd/system/avahi-dnsconfd.service
+interest-noawait /usr/lib/systemd/system/dirsrv.service
 interest-noawait /lib/systemd/system/dirsrv.service
+interest-noawait /usr/lib/systemd/system/dnscrypt-proxy.service
 interest-noawait /lib/systemd/system/dnscrypt-proxy.service
+interest-noawait /usr/lib/systemd/system/firewalld.service
 interest-noawait /lib/systemd/system/firewalld.service
+interest-noawait /usr/lib/systemd/system/gpsd.service
 interest-noawait /lib/systemd/system/gpsd.service
+interest-noawait /usr/lib/systemd/system/nftables.service
 interest-noawait /lib/systemd/system/nftables.service
+interest-noawait /usr/lib/systemd/system/pdns.service
 interest-noawait /lib/systemd/system/pdns.service
+interest-noawait /usr/lib/systemd/system/rsyslog.service
 interest-noawait /lib/systemd/system/rsyslog.service
+interest-noawait /usr/lib/systemd/system/tomcat9.service
 interest-noawait /lib/systemd/system/tomcat9.service

Bug#1043419: runit: ineffective trigger interest due to /usr-merge

[Helmut Grohne]

Package: runit
Version: 2.1.2-54
Severity: important

Hi Lorenzo,

The runit package declares quite broad trigger interest:

| interest-noawait /usr/sbin
| interest-noawait /usr/bin
| interest-noawait /etc/init.d
| interest-noawait /lib/systemd/system

Would you be able to shed some light on why it does so?

In the mean time, let me explain why I am looking at this. I'm working
on finalizing the /usr-merge transition for Freexian SARL and triggers
are something that is impacted and runit is affected.

A trigger on /usr/sbin and /usr/bin misses out on files installed into
those locations via /sbin or /bin. Even if those files end up in the
same place due to the aliasing symlinks, dpkg knows them by the location
used in the data.tar of the .deb and if that happens to not be the /usr
one, it will skip a trigger activation, which may be a problem to runit
depending on why it declares such a broad trigger interest. In general,
such broad trigger interest seems dubious to me. Can you narrow it down
maybe?

The trigger interest for /etc/init.d is totally unaffected by the
/usr-merge, but the one for /lib/systemd/system will get broken.
Currently, packages must install their unit files to the aliased
location (due to the file move moratorium and the way debhelper
implements that) and runit will get properly activated (except for a
minority of units that happen to ship in the /usr location already). As
packages move their files from / to /usr, this trigger interest will
become ineffective and miss activations. This problem is captured in
DEP17 section P2 (a draft of this document is available at
https://subdivi.de/~helmut/dep17.html). We're in the process of
selecting mitigations for the various problems, but it already is clear
that the preferred mitigation for this problem is duplicating triggers
(M12), because this mitigation is safe regardless of the other
mitigations to be selected. So your trigger file should likely look like
this:

| ...
| interest-noawait /usr/lib/systemd/system
| # Duplicate trigger interest according to DEP17-M12 until forky is
| # released.
| interest-noawait /lib/systemd/system

Depending on your answers why you activate on /usr/bin and /usr/sbin you
may opt for similarly duplicating those triggers.

Note that this issue is actionable now. It will become release critical
once we lift the file move moratorium. I hope that to happen in two
months as the necessary preparations (one of which is this bug) are
ready.

If you have any questions, don't hesitate to ask.

Helmut

Bug#1043031: Probably not a bug in xserver-xorg

[Benjamin Gufler]

I found the external monitor working when booting 
linux-image-6.3.0-2-amd64. It doesn't work with 
linux-image-6.4.0-1-amd64 or linux-image-6.4.0-2-amd64.

So probably this bug should be reassigned to the kernel package

Bug#1036751: RFS: mini-httpd/1.30-4 [ITA] -- Small HTTP server

[Nicholas D Steeves]

Alexandru Mihail  writes:

> I've redone some diffs, too. Also, my previous statement of 1.4.2 httpd
> makes no sense, because, at a quick glance, I could observe the
> introduction of virtual hosting in httpd 1.5*, which mini-httpd had
> from the beginning. You're right to advise to look at 1.5* again.

+1 and where can I see this new work?

>>I started a review and noted what looks like one typo.
> Where can I view the typo/review info ? I've looked in my original
> merge details and I couldn't find it. Am I affected by temporary
> blindness ? :)

You should have received notifications for the review to the email
address that you used to sign up for Salsa, and those emails included
links to individual items.  Alternatively, you can see the full review
here:

https://salsa.debian.org/debian/mini-httpd/-/merge_requests/2/diffs

If you strongly dislike using web interfaces and prefer patches via
email, please let me know and we'll switch back to email.

Regards,
Nicholas


signature.asc
Description: PGP signature

Bug#1043418: rust-rustls-webpki - autopkgtest failure, file not found errors.

[Peter Green]

Package: rust-rustls-webpki
Version: 0.101.2-2
Severity: serious

The autopkgtest for rust-rustls-webpki is failing with a bunch of file not 
found errors.
the first of which is pasted below.


199s error: couldn't read 
src/../third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-spki-params-null.pem:
 No such file or directory (os error 2)
199s--> src/signed_data.rs:443:13
199s |
199s 443 | / include_bytes!(concat!(
199s 444 | | "../third-party/chromium/data/verify_signed_data/",
199s 445 | | $file_name
199s 446 | | ))
199s | |__^
199s ...
199s 573 | / test_verify_signed_data!(
199s 574 | | test_ecdsa_prime256v1_sha512_spki_params_null,
199s 575 | | "ecdsa-prime256v1-sha512-spki-params-null.pem",
199s 576 | | Err(Error::UnsupportedSignatureAlgorithm)
199s 577 | | );
199s | |_- in this macro invocation
199s |
199s = note: this error originates in the macro `include_bytes` which comes 
from the expansion of the macro `test_verify_signed_data` (in Nightly builds, 
run with -Z macro-backtrace for more info)

Bug#1043417: libwraster6: libwraster ABI breakage

[Andreas Metzler]

Package: libwraster6
Version: 0.96.0-1
Severity: grave
Tags: upstream
Justification: Policy 8.6.2

Hello,

already communicated upstream, lets add a blocker bug. The new release
bumped the symbol version of all symbols from LIBWRASTER6 to
LIBWRASTER7, i.e. we have got total ABI breakage, none of the previously
exported symbols are exported anymore.
-
ametzler@argenau:~$ wmweather+ ; echo $?
wmweather+: /lib/x86_64-linux-gnu/libwraster.so.6: version `LIBWRASTER6' not 
found (required by wmweather+)
1
-

Upstream had introduced a script for automatic symbol versioning,
however given a libtool version string current:revision:age it
constructs the symbol versioning from $current instead of the soname.
libwraster went from 6:0:0 to 7:0:1 (no soname change).

cu Andreas

Bug#1039699: Adding students/teachers with gosa fails due to LDAP and postcreate command errors

[Mike Gabriel]

Control: reassign -1 src:gosa
Control: found -1 2.8~git20230203.10abe45+dfsg-4

On  Fr 04 Aug 2023 13:29:00 CEST, Guido Berhoerster wrote:

On Fri, 21 Jul 2023 11:34:21 +0200 Guido Berhoerster  
 wrote:

I must have done something wrong before, with the newstudent
template applied gosa creates the following on bullseye, which
looks more correct/as expected:


I just noticed that a "posixUser" class is only added if one
clicks on the "POSIX" tab at least once (even without changing
anything). That explains the difference. Not sure if that is
intended behavior, it is surprising to say the least.

--
Guido Berhoerster



Also reassigning this to GOsa. The hook script execution will probably  
be fixed with upcoming upload of gosa 2.8~git20230203.10abe45+dfsg-5.


Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgpszYow21Bxc.pgp
Description: Digitale PGP-Signatur

Bug#1039698: gosa postcreate/postmodify command fails when adding/modifying a system

[Mike Gabriel]

Control: reassign -1 src:gosa
Control: found -1 2.8~git20230116.d119cff+dfsg-1

On  Di 18 Jul 2023 11:17:41 CEST, Guido Berhoerster wrote:


None of the command hooks using sudo work. The issue is that the scripts
seem to be executed by gosa without sudo as www-data. The problem seem to
be that plugin::callHook() method erroneously strips off the sudo command
(see
https://github.com/gosa-project/gosa-core/blob/2b22a5550089bab108177a41254f3f9de07eb20c/include/class_plugin.inc#L1612).
However I don't see any changes in git blame since 2016, not sure why
this used to work in bullseye.

--
Guido Berhoerster


The issue needs to be resolved via GOsa², so reassigning the bug report.

Mike


--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgpTibVTxWyv5.pgp
Description: Digitale PGP-Signatur

Bug#1042889: Debian PR #1042889

[Ian Jackson]

Hi.

Kurt Hornik writes ("Debian PR #1042889"):
> Have you seen
>   
> ?

No.

> This points to a branch of VM at
>   
> which apparently at some point in time passed native compilation (I
> never got a chance to try to far).

Interesting!

> I can try to follow up with Uday Reddy and Mark Diekhans to try merging
> the native compilation fixes into the main branch (at least).

That would be great.

> Afaict, part of the problem was Emacs 29 not being out when this was
> reported, and Emacs 28 having native compilation off by default but on
> for the Debian packages.  In any case, Emacs 29 is out now, so I guess
> time to ask again.

Thanks for the info.

With my Debian maintainer hat on, I don't think I ought to be fishing
some random branch out of launchpad and shipping it to Debian's users,
without a fairly thorough review.  (Also, it's in bzr!)

So I think I need to fix #1042889 by disabling byte-compilation,
pending a better resolution (ideally, upstream).

PS: Was there a reason you didn't send your message to the Debian
ticket #1042889 ?  I think it's generally a good idea to do these
things in public.  Unless you tell me not to, I will forward your
message (and this one) to the bug - so please let me know if you
object for any reason.

Regards,
Ian.

-- 
Ian JacksonThese opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Bug#1042889: Debian PR #1042889

[Kurt Hornik]

Ian/Dirk,

Have you seen

  

?

This points to a branch of VM at

  

which apparently at some point in time passed native compilation (I
never got a chance to try to far).

I can try to follow up with Uday Reddy and Mark Diekhans to try merging
the native compilation fixes into the main branch (at least).

Afaict, part of the problem was Emacs 29 not being out when this was
reported, and Emacs 28 having native compilation off by default but on
for the Debian packages.  In any case, Emacs 29 is out now, so I guess
time to ask again.

Best
-k

Bug#1038812: ITP: sexpp -- S-expressions parser and generator C++ library and command-line tool

[Daniel Kahn Gillmor]

On Wed 2023-06-21 12:20:52 -0400, Daniel Kahn Gillmor wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Daniel Kahn Gillmor 
> X-Debbugs-Cc: debian-de...@lists.debian.org, d...@fifthhorseman.net
>
> * Package name: sexp
>   Version : 0.8.5
>   Upstream Contact: Maxim Samsonov 
> * URL : https://github.com/rnp/sexp
> * License : MIT
>   Programming Lang: C++
>   Description : S-expressions parser and generator C++ library and 
> command-line tool

fwiw, upstream has renamed this library to "sexpp" to avoid naming
conflicts with other S-expression implementations.

The corrected URL is https://github.com/rnp/sexpp and the package name
will be sexpp.  This has been in NEW for over a month now, and is
blocking our ability to ship an updated librnp, which impacts
thunderbird (see #1041409).

It would be great if someone on the FTP team could either accept the
sexpp package, or reject it with an explanation of what needs to be done
to fix it.

Thanks,

--dkg


signature.asc
Description: PGP signature

Bug#1043416: ibus-table-emoticon: typo in long description

[Jonas Smedegaard]

Package: ibus-table-emoticon
Version: 1.3.17-1
Severity: minor

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Long description says "Emoticion".  The proper word is "Emoticon"
(without the second "i").

 - Jonas
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmTU/JYACgkQLHwxRsGg
ASHUaA/9EvfgrCfbIXDVDW97U0/SafLa96gqw9uP87FPDJIypeHVqni3euM7Fy+m
L/ByfCRMtE8RGQQLxohVext6LxQsVz3LxLMMmyBwXN7/1TUgE/Jsrm8yZIKtc4ZK
R/LjS0Git7ZwuZrfr5DU4yflfe8s8PoI/FMIRK3MjvFL/6CgK/6opSGFxN2KAMRt
5BeIUWHuHqCaCTTmziM2PztqGxvGOcap6rRFTxWR7/nXwokxiv3rP1MRUzu8jqzx
sbnfZDbcWW6tU+1FdPSe6gF0H0P3FHCaBw6wed9NGyjenKUkypejON0OjVKH1QOU
cLM/upTiR7zw/kK8c+25LG65WEWZ4xvS0A32DnCTdGyF56PwQyilcxHBR+DbSf2z
fcdhbV7T/b86SCAXWegOSlOdH4Vr/ndYqHxpa/ZOmo8BxGYcYfggiqFJJguILrWD
vzE+CgiQxcwQv4UrUQisMUZMBOYWwrwtcvfHz+ZtSWfASq+J23JQ9V6v/pxWIumh
DE7iNMQd/HQ0/3Cx0IJ6QNUI03tFzNloUJXwRwczo4KdfNDVsI49Xv9oGYXp3xUZ
+cJ/ZdLtD+rApuwKYhEZwiwSdJZX1Y1o/dRTrlWteyU7WZDoMYopdhV6gLJexIND
laFQ1iRbzg0wJJceFSO0Y4zAAQkqajQKZJdCUocVBQDqkq7du+A=
=u8AO
-END PGP SIGNATURE-

Bug#1040705: Call to undefined function GuzzleHttp\json_decode()

[Guilhem Moulin]

Control: tag -1 pending

On Sun, 09 Jul 2023 at 13:13:55 -0400, David Mandelberg via 
Pkg-roundcube-maintainers wrote:
> I tried setting up oauth2 in roundcube, but when the OIDC provider redirects
> back to roundcube, I get an "Oops... something went wrong!" page. When that
> happens, /var/log/roundcube/errors.log shows:
> 
> [09-Jul-2023 17:00:49 UTC] PHP Fatal error:  Uncaught Error: Call to
> undefined function GuzzleHttp\json_decode() in
> /usr/share/roundcube/program/include/rcmail_oauth.php:237

It's unfortunate that tests/Rcmail/Oauth.php doesn't cover this :-(  I
think 
https://salsa.debian.org/roundcube-team/roundcube/-/commit/3f5fd4677abdf25224a2c05047a5a9d7490cf159
(more precisely the part that patches program/include/rcmail_oauth.php)
fixes the issue.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#1043415: netdata: Integrated web server displays "File does not exist, or is not accessible: "

[Marc Riedel]

Package: netdata
Version: 1.41.0-1
Severity: important
X-Debbugs-Cc: m.riedel@gmail.com

When opening http://localhost:1, only "File does not exist, or is not
accessible: " is displayed. Maybe related to commit "Refreshing allow-
symlinks.patch."

Best regards,

Marc


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-9.slh.2-aptosid-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages netdata depends on:
ii  netdata-core  1.41.0-1
ii  netdata-plugins-bash  1.41.0-1
ii  netdata-web   1.41.0-1

Versions of packages netdata recommends:
ii  netdata-plugins-python  1.41.0-1

netdata suggests no packages.

-- no debconf information

Bug#1043414: mirror submission for mirror.nl.altushost.com

[AltusHost B.V.]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: mirror.nl.altushost.com
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Archive-rsync: debian/
Maintainer: AltusHost B.V. 
Country: NL Netherlands
Location: Amsterdam
Sponsor: AltusHost B.V. https://www.altushost.com




Trace Url: http://mirror.nl.altushost.com/debian/project/trace/
Trace Url: 
http://mirror.nl.altushost.com/debian/project/trace/ftp-master.debian.org
Trace Url: 
http://mirror.nl.altushost.com/debian/project/trace/mirror.nl.altushost.com

Bug#1043407: configure-edu-gateway does not enable nat/ip forwarding due to missing iptables

[Mike Gabriel]

Hi Guido,

On  Do 10 Aug 2023 12:15:38 UTC, Guido Berhoerster wrote:


Am 10.08.23 um 13:59 schrieb Mike Gabriel:

On  Do 10 Aug 2023 11:46:21 UTC, Guido Berhoerster wrote:


Package: debian-edu-config
Version: 2.12.33

Setting up a router following the documentation at
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Requirements
by doing a minimal install and and running the setup script

/usr/share/debian-edu-config/tools/configure-edu-gateway --firewall=no

does not suffice to create a working router because iptables is not
installed and the enable-nat service/init script will not configure
forwarding.

This could be fixed by
1. amending the documentation to manually install iptables
2. installing iptables in the configure-edu-gateway script
3. adding iptables to the minimal installation

Suggestions?
--
Guido Berhoerster


or: document how to install debian-edu-router-config???

https://packages.debian.org/unstable/debian-edu-router-config


Sure, but what about configure-edu-gateway, should we remove it then?

--
Guido Berhoerster



I'd drop the script and update the documentation (and explain how to  
install debian-edu-router-config, basically an apt-get install  
debian-edu-router-config with pressing enter for most of the debconf  
questions).


Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpkW7HaRoKV4.pgp
Description: Digitale PGP-Signatur

Bug#1043413: mirror submission for mirror.se.altushost.com

[AltusHost B.V.]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: mirror.se.altushost.com
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Archive-rsync: debian/
Maintainer: AltusHost B.V. 
Country: SE Sweden
Location: Sweden
Sponsor: AltusHost B.V. https://www.altushost.com




Trace Url: http://mirror.se.altushost.com/debian/project/trace/
Trace Url: 
http://mirror.se.altushost.com/debian/project/trace/ftp-master.debian.org
Trace Url: 
http://mirror.se.altushost.com/debian/project/trace/mirror.se.altushost.com

Bug#1043412: bookworm-pu: package quicktext/5.6

[Mechtilde Stehmann]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: quickt...@packages.debian.org, mechti...@debian.org
Control: affects -1 + src:quicktext

[ Reason ]

This package is an extension to thunderbird. After thunderbird
will be updated to version 115.* in bookwork
it is necessary to update this extension too.

[ Impact ]
Otherwise this extension doesn't work anymore

[ Risks ]
No other packages depends on this package

[ Checklist ]
  [] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [] attach debdiff against the package in (old)stable
  [] the issue is verified as fixed in unstable


Kind regards to the release team

Bug#1043410: efivar: install fails

[kevin]

Package: efivar
Severity: normal
X-Debbugs-Cc: kcr...@hotmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

grub-installer:error: Error creating /target/sys/firmware/efi/cfivars
init: starting pid 449, tty '/dev/tty2/: '-/bin/sh'


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages efivar depends on:
ii  libc62.36-9+deb12u1
ii  libefiboot1  37-6
ii  libefivar1   37-6

efivar recommends no packages.

efivar suggests no packages.

Bug#1043118: victoriametrics: FTBFS: test failure

[Shengjing Zhu]

On Thu, Aug 10, 2023 at 5:57 PM Guillem Jover  wrote:
>
> Hi!
> I cannot reproduce this one on my sid chroot, but another error
> completely different in TestMarshalUnmarshalInt64Array.
>

This is a flaky test, I have reported it to upstream and it has been fixed.
https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3683

-- 
Shengjing Zhu

Bug#1043409: 'nco' misses UDUnits2 conversions

[Vries de, Hans (KNMI)]

Package: nco
Version: 5.1.4-1

In bookworm the package ‘nco’ misses the UDUnits2 conversions, below the output 
of ncap2 —revision, at the bottom.

NCO netCDF Operators version 5.1.4 "Bakhmut" built by buildd on x86-csail-01 at 
Jan 11 2023 07:01:46
ncap2 version 5.1.4
Linked to netCDF library version 4.9.0 compiled Aug  7 2022 23:41:41
Copyright (C) 1995--2023 Charlie Zender
This program is part of NCO, the netCDF Operators.
NCO is free software and comes with a BIG FAT KISS and ABSOLUTELY NO WARRANTY
You may redistribute and/or modify NCO under the terms of the
3-Clause BSD License with exceptions described in the LICENSE file
BSD: https://opensource.org/licenses/BSD-3-Clause
LICENSE: https://github.com/nco/nco/tree/master/LICENSE
Homepage: http://nco.sf.net
Code: http://github.com/nco/nco
Build-engine: Autoconf
User Guide: http://nco.sf.net/nco.html
Configuration Option:   Active? Meaning or Reference:
Check _FillValueYes http://nco.sf.net/nco.html#mss_val
Community Codec RepoNo  http://github.com/ccr/ccr
DAP support Yes http://nco.sf.net/nco.html#dap
Debugging: Custom   No  Pedantic, bounds checking (slowest execution)
Debugging: Symbols  No  Produce symbols for debuggers (e.g., dbx, gdb)
GNU Scientific Library  Yes http://nco.sf.net/nco.html#gsl
HDF4 supportNo  http://nco.sf.net/nco.html#hdf4
InternationalizationNo  http://nco.sf.net/nco.html#i18n (pre-alpha)
Logging No  http://nco.sf.net/nco.html#dbg
netCDF3 64-bit offset   Yes http://nco.sf.net/nco.html#lfs
netCDF3 64-bit data Yes http://nco.sf.net/nco.html#cdf5
netCDF4/HDF5 supportYes http://nco.sf.net/nco.html#nco4
OpenMP SMP threadingYes http://nco.sf.net/nco.html#omp
Regular Expressions Yes http://nco.sf.net/nco.html#rx
UDUnits2 conversionsNo  http://nco.sf.net/nco.html#udunits

In bullseye this was active. Is it possible to switch it on in bookworm as well?

I am using the python:3.12.0rc1-bookworm image from DockerHub (hub.docker.com).

Thanks, Hans

Bug#1043408: ITP: golang-github-dsnet-compress -- Collection of compression related Go packages.

[Nisha Pariyar]

X-Debbugs-CC: debian-de...@lists.debian.org, debian...@lists.debian.org
Package: wnpp
Severity: wishlist
Owner: Nisha Pariyar 

* Package name: golang-github-dsnet-compress
  Version : 0.0.1-1
  Upstream Author : Joe Tsai
* URL : https://github.com/dsnet/compress
* License : BSD-3-clause
  Programming Lang: Go
  Description : Collection of compression related Go packages.

 Collection of compression libraries for Go
 .
 A collection of pure Go libraries for popular compression algorithms,
 designed to extend the Go standard library capabilities. Includes
 implementations of Brotli (RFC 7932), BZip2, DEFLATE (RFC 1951), and
 XFLATE formats. Offers a balance between maintainable code,
 performance, and flexibility. Active development; API stability not
 guaranteed. Requires Go 1.9+.


OpenPGP_0xD81FCFF8BFC3A65B.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1043407: configure-edu-gateway does not enable nat/ip forwarding due to missing iptables

[Guido Berhoerster]

Am 10.08.23 um 13:59 schrieb Mike Gabriel:
> On  Do 10 Aug 2023 11:46:21 UTC, Guido Berhoerster wrote:
> 
>> Package: debian-edu-config
>> Version: 2.12.33
>>
>> Setting up a router following the documentation at
>> https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Requirements
>> by doing a minimal install and and running the setup script
>>
>> /usr/share/debian-edu-config/tools/configure-edu-gateway --firewall=no
>>
>> does not suffice to create a working router because iptables is not
>> installed and the enable-nat service/init script will not configure
>> forwarding.
>>
>> This could be fixed by
>> 1. amending the documentation to manually install iptables
>> 2. installing iptables in the configure-edu-gateway script
>> 3. adding iptables to the minimal installation
>>
>> Suggestions?
>> -- 
>> Guido Berhoerster
> 
> or: document how to install debian-edu-router-config???
> 
> https://packages.debian.org/unstable/debian-edu-router-config

Sure, but what about configure-edu-gateway, should we remove it then?

-- 
Guido Berhoerster

Bug#1043335: dgit-user(7) should note where dgit build is inappropriate (e.g. CI)

[Sean Whitton]

Hello,

On Wed 09 Aug 2023 at 10:29am +01, Matthew Vernon wrote:

> And you pointed out that, in fact, I'd be better just using
> dpkg-buildpackage -uc -b
>
> In particular, that avoids the need to produce a source package at
> all, which in many cases is desirable (in a gitish workflow, they're
> not useful). dgit-user(7) does include runes to produce a
> source-package-for-sbuild (under "Using sbuild") alongside a note that
> this source package should not otherwise be used (and a reference to
> #868527).

What I like to tell people is that dgit is pretty much only for when
what you want to do will involve .dscs.  No .dscs, no need for dgit.

> In fact, while a DD always wants to use some flavour of dgit
> build/sbuild/whatever (since a DD will be uploading a source or binary
> package), for non-DD-users who don't care about source packages but
> just want binaries-from-git, they don't want dgit build at all (since
> that will make a source package), but rather dpkg-buildpackage[0].

I think that the above distinction in terms of whether source packages
are required is more informative than this distinction.  How about
something like:

As a general rule, you only need to invoke dgit when what you want
to do involves generating or unpacking .dsc files.  And if you're
not actually performing an upload to a Debian-style archive, the
only case you need a .dsc is likely to be 'dgit clone'.

(I don't think the fact that sbuild's input is a source package is a
problem here, but possibly that should be worked in too.)

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1043407: configure-edu-gateway does not enable nat/ip forwarding due to missing iptables

[Mike Gabriel]

Hi Guido,

On  Do 10 Aug 2023 11:46:21 UTC, Guido Berhoerster wrote:


Package: debian-edu-config
Version: 2.12.33

Setting up a router following the documentation at
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Requirements
by doing a minimal install and and running the setup script

/usr/share/debian-edu-config/tools/configure-edu-gateway --firewall=no

does not suffice to create a working router because iptables is not
installed and the enable-nat service/init script will not configure
forwarding.

This could be fixed by
1. amending the documentation to manually install iptables
2. installing iptables in the configure-edu-gateway script
3. adding iptables to the minimal installation

Suggestions?
--
Guido Berhoerster


or: document how to install debian-edu-router-config???

https://packages.debian.org/unstable/debian-edu-router-config

???

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Bug#815402: org-mode: * [[shell:cat ~/tmp | grep "asdf :: "]] does not work.

[Max Nikulin]

On 05/08/2023 16:35, Bastien wrote:

Max Nikulin writes:


I do not see any value in having this bug in the open state, but I am
leaving decision up to you.


I tested with the latest Org version and the bug is still there.


Bastien, similar issues have been raised on the emacs-orgmode mailing 
lists enough times. An example:


Nicolas Goaziou. c47b535bb origin/main org-element: Remove dependency on 
‘org-emphasis-regexp-components’

Thu, 18 Nov 2021 13:35:19 +0100.
https://list.orgmode.org/87y25l8wvs@nicolasgoaziou.fr :

I disagree. Priority should be given to the first object being started.
This is, IMO, the only sane way to handle syntax.


On 05/08/2023 16:35, Bastien wrote:

May I suggest to the OP (Josef?) to share the bug upstream on the
Org-mode list, if not already done?


Nicholas D Steeves added the link to the mailing list archive, see 
comments in the bug tracker.



Even if it's a minor gotcha, it deserves to be fixed.


It is not minor issue, it is design of parser as it was implemented by 
Nicolas Goaziou. I do not mind to get behavior similar to pandoc, but I 
can not estimate required efforts. Perhaps it would be a breaking change 
for some users.



Bugs are reported on the mailing list and tracked on
https://updates.orgmode.org.


An almost identical issue is tracked there as "Double colon :: in 
description breaks link and forces list item to become descriptive one". 
Another example of a record with similar origin related to parsing 
approach: "Bug: PDF Export of Link fails [9.4.6]"


I see 2 ways:
- Serious change of the org-element parser.
- More prominently documenting current behavior.

Bug#1043407: configure-edu-gateway does not enable nat/ip forwarding due to missing iptables

[Guido Berhoerster]

Package: debian-edu-config
Version: 2.12.33

Setting up a router following the documentation at
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Requirements
by doing a minimal install and and running the setup script

/usr/share/debian-edu-config/tools/configure-edu-gateway --firewall=no

does not suffice to create a working router because iptables is not
installed and the enable-nat service/init script will not configure
forwarding.

This could be fixed by
1. amending the documentation to manually install iptables
2. installing iptables in the configure-edu-gateway script
3. adding iptables to the minimal installation

Suggestions?
-- 
Guido Berhoerster

Bug#1042887: procps: CVE-2023-4016 ps buffer overflow External

[Craig Small]

tags -1 fixed-upstream

The probable fix is at
https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413

The issue is the -C command allocates memory using malloc(length of arg *
size of struct).
In odd situations, you could have a very large arg, the multiplication
overflows and malloc will allocate less memory. You basically need to have
a recompiled kernel that increases ARG_MAX for it to happen.

Using the number of items, calculated later, and more importantly using
calloc() fixes the issue.

 - Craig

Bug#1043307: mshr: [ignore test2]

[Drew Parsons]

Source: mshr
Followup-For: Bug #1043307

[reportbug has not been able to send emails.
testing configuration here. Please ignore]

Bug#1043395: roundcube-core: Cron job triggers gc.sh 60 times

[Guilhem Moulin]

Control: tag -1 pending
Control: found -1 1.6.1+dfsg-1

On Thu, 10 Aug 2023 at 07:46:40 +0300, Antti Kultanen via 
Pkg-roundcube-maintainers wrote:
> in the crontab file /etc/cron.d/roundcube-core file the garbage collector
> is set run 60 times, or every minute from 5:00 to 5:59.
> […]
> Is there a reason for this or is it just a typo?

Thanks for the report!  It was a mistake indeed, fixed at
https://salsa.debian.org/roundcube-team/roundcube/-/commit/851a1cd0894b95d431170d5604c449dd5d9228ea
 .

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#1043406: Package: libnvidia-egl-wayland1

[Murphy Joshua]

Package: libnvidia-egl-wayland1
Source: egl-wayland
Version: 1:1.1.10-1
Architecture: amd64
Maintainer: Ubuntu Developers 
Original-Maintainer: Timo Aaltonen 


Hi!

I'm writing to you in a hope to draw attention to the recent updates to the 
""libnvidia-egl-wayland1" package upstream at 
https://github.com/NVIDIA/egl-wayland.

[https://opengraph.githubassets.com/d1c9b719f8b7e9ea82d70f1b5027500b373b63cb6f9e835ceedbbeb5e52b1cbd/NVIDIA/egl-wayland]
GitHub - NVIDIA/egl-wayland: The EGLStream-based Wayland external 
platform
The EGLStream-based Wayland external platform. Contribute to NVIDIA/egl-wayland 
development by creating an account on GitHub.
github.com


If libnvidia-egl-wayland1 is an essential package for (nVidia Users) kDE - 
Ubuntu / Debian based Distro's can we please get it updated to the latest 
version: 1.1.12

https://github.com/NVIDIA/egl-wayland
version: 1.1.12
- Added support for version 4 of the Linux DMA-BUF protocol
- Added support for EGL_EXT_explicit_device extension
- Fixed incomplete window resizing regression from 1.1.10
- Fixed eglSwapInterval when using DMA-BUF path

The libnvidia-egl-wayland1 package was last updated in the Ubuntu / Debian 
2021/ 2022 but has none of the above fixes.


Why is libnvidia-egl-wayland1 and essential package?

Because in currently in Plasma Wayland session, if this lib is not installed, 
then LLVMPIPE is used instead of the nVidia Driver (all releases).


Timo Aaltonen is the original maintainer for ubuntu.

Timo Aaltonen is also the maintainer for the package in Debian which is also 
outdated.


I use kDE_NEON. your bug tracker was a bit beyond me at the moment.


I do appreciate how incredibly busy everyone is.

Thankyou

https://www.phoronix.com/news/Mesa-23.3-EGL-Explicit-Device
https://wayland.app/protocols/linux-dmabuf-unstable-v1
https://registry.khronos.org/EGL/sdk/docs/man/html/eglSwapInterval.xhtml

Bug#1043307: [test ignore]

[Drew Parsons]

Source: mshr
Followup-For: Bug #1043307

[testing reportbug. please ignore]

Bug#918914: Enabling -fstack-clash-protection for trixie

[Wookey]

On 2023-08-06 23:25 +0200, Moritz Mühlenhoff wrote:
> Following the procedure to modify default dpkg-buildflags I propose to
> enable -fstack-clash-protection on amd64. The bug for dpkg tracking this
> is #918914.

> The open question is whether to also enable this for arm64, mips64el,
> ppc64el, riscv and s390x. I'm adding the respective porter lists, if there's
> consensus among porters of a given arch other than amd64 to also add
> the flag, please post a followup to #918914.

There is consensus amongst the ARM distro team that this should be
turned on for arm64. Our preference is to turn it on for the 32-bit
arm arches too. However Ubuntu chose not to enable this on armhf in
2019 after a rebuild test (although it doesn't look significantly
worse than arm64 to me on that chart - needs more detailed
investigation). We will do some new archive rebuilds to see what the current
status is.
https://people.canonical.com/~doko/ftbfs-report/test-rebuild-20190614-eoan.html

I've also asked the arm compiler team if there are any known issues with this 
feature.

Wookey
-- 
Principal hats:  Debian, Wookware, ARM
http://wookware.org/


signature.asc
Description: PGP signature

Bug#1043313: libsuperlu-dev: Inconsistent declaration of double{C,M}alloc()

[Drew Parsons]

Source: superlu
Followup-For: Bug #1043313

Upstream has just released a new version to fix it.
Apparently it introduced other problems however.
Let's see what upstream's response to that is.

Bug#1030835: Quite a lot of dependencies

[Jelmer Vernooij]

I've picked up ruff now that maturin (which it uses for building) is
in NEW.

It does look like there's quite a lot of other crates that need to be
packaged first:

* ruff-macros
* rustpython-ast
* rustpython-common
* lexical-parse-float
* lexical-parse-integer
* lexical-util
* volatile
* unic-ucd-category
* rustpython-compiler-core
* lexf-parse
* rustpython-parser
* unic-emoji-char
* unic-ucd-ident
* unicode_names2
* schemars
* titlecase
* joinery
* ciborium
* chic
* annotate-snippets

And python packages:

* libcst

Jelmer

Bug#1036996: python3-notebook: Is Breaks: cadabra2 enough?

[Helmut Grohne]

Hi Andreas,

you fixed python3-notebook by adding versioned Breaks for cadabra2. Is
this really enough?

A Breaks condition allows concurrent unpack (but not concurrent
configuration). An inconvenient unpack order could have bad results
here, so I think this should be upgraded to versioned Conflicts.
Alternatively, we could declare Replaces, but since this is conflict
involving a symlink, I prefer being strict and entirely disallowing
concurrent unpack. Do you agree? If yes, please reopen the bug.

If I were to arm dumat to automatically file rc bugs, it would be filing
this as an rc bug, so we have to do something about it. Either I need to
refine detection or we need to fix this.

Helmut

Bug#1043405: RM: pipewire-media-session -- RoQA; dead upstream, no rdeps, maintainer announced pending removal

[Simon McVittie]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: pipewire-media-sess...@packages.debian.org
Control: affects -1 + src:pipewire-media-session

pipewire-media-session is dead upstream and superseded by wireplumber (see
#1030765) and has no unconditional reverse-dependencies according to
`dak rm -R -n pipewire-media-session`.

gnome-remote-desktop depends on pipewire-media-session|wireplumber (which
I'm fixing now), but that shouldn't block removal.

pipewire-bin Recommends wireplumber|pipewire-media-session, but again that
shouldn't block removal.

smcv

Bug#1043118: victoriametrics: FTBFS: test failure

[Guillem Jover]

Hi!

On Tue, 2023-08-08 at 14:59:45 +0300, Denys Holius wrote:
> The latest version of VictoriaMetrics v1.92.0
>  should be marked as
> LTS but it has some backwards-incompatible changes. Meanwhile v1.87.6
>  was marked as LTS
> and maybe this version contains bugfix.

I have pending updating to a new release, but when I looked at that
before the bookworm release, that involved packaging a ton of
dependencies (and transitive dependencies), I need to allocate some
time to do that now, but that has not seemed urgent.

> 1. Could you please point me to a documentation which I can use to
>reproduce this bug?

I've covered this (somewhat) in an reply to Denys off-BTS.

> 2. Maybe we can make a bugfix or patch and send a PR to
>https://salsa.debian.org/go-team/packages/victoriametrics ?

Sure, if you do that, I'd do an upload with such fix. Although…

> On 06.08.23 12:16, Sebastian Ramacher wrote:
> > === RUN   TestMergeForciblyStop
> > 2023-08-05T22:21:13.980Zpanic   
> > VictoriaMetrics/lib/storage/inmemory_part.go:37 BUG: Inmemory.InitFromRows 
> > must accept at least one row
> > --- FAIL: TestMergeForciblyStop (0.00s)
> > panic: BUG: Inmemory.InitFromRows must accept at least one row [recovered]
> > panic: BUG: Inmemory.InitFromRows must accept at least one row
> > 
> > goroutine 31839 [running]:
> > testing.tRunner.func1.2({0x6f7a60, 0xc003b2e4b0})
> > /usr/lib/go-1.20/src/testing/testing.go:1526 +0x24e
> > testing.tRunner.func1()
> > /usr/lib/go-1.20/src/testing/testing.go:1529 +0x39f
> > panic({0x6f7a60, 0xc003b2e4b0})
> > /usr/lib/go-1.20/src/runtime/panic.go:884 +0x213
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logMessage({0x742b44, 
> > 0x5}, {0xc00507f300, 0x37}, 0x0?)
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:269
> >  +0x965
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevelSkipframes(0x1,
> >  {0x742b44, 0x5}, {0x75c548?, 0xc00503fcc8?}, {0x0?, 0x90?, 0x72aba0?})
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:137
> >  +0x1a5
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevel(...)
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:129
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.Panicf(...)
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:125
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*inmemoryPart).InitFromRows(0xc7ccf0,
> >  {0x0, 0x0, 0x0})
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/inmemory_part.go:37
> >  +0x5e
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.newTestBlockStreamReader(0xca6150?,
> >  {0x0, 0x0, 0x0})
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/block_stream_reader_test.go:151
> >  +0x48
> > github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.TestMergeForciblyStop(0xc004101380)
> > 
> > /<>/_build/src/github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/merge_test.go:358
> >  +0xce
> > testing.tRunner(0xc004101380, 0x7e12e8)
> > /usr/lib/go-1.20/src/testing/testing.go:1576 +0x10b
> > created by testing.(*T).Run
> > /usr/lib/go-1.20/src/testing/testing.go:1629 +0x3ea
> > FAILgithub.com/VictoriaMetrics/VictoriaMetrics/lib/storage  10.215s

I cannot reproduce this one on my sid chroot, but another error
completely different in TestMarshalUnmarshalInt64Array.

Thanks,
Guillem

Bug#1042902: system-packages-el and #1042902

[Sean Whitton]

Hello,

On Thu 10 Aug 2023 at 09:05am +05, Lev Lamberov wrote:

> Hi,
>
> As reported in #1042902 system-packages-el in some configurations sets
> its system-packages-package-manager variable to a wrong value. The
> upstream documentation says that
>
>   The package attempts to guess which package manager you use. If it
>   guesses wrong (or you'd like to set it manually), you may modify the
>   variable =system-packages-package-manager=.
>
> Typically one uses apt/apt-get in Debian, so I think it is justified to
> set the variable to apt by default. I can imagine someone who uses other
> package managers in Debian, but guess these users are not our primary
> target audience so to say.
>
> What the team thinks about the issue? Should the variable be set to apt
> by default in Debian? If yes, where would you suggest to set it?

Yes, I think it should be set.  I would do it with a quilt patch.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1041323: CFEngine agent connection errors

[Guido Berhoerster]

Am 10.08.23 um 11:12 schrieb Mike Gabriel:
> Indeed, cfengine3 for Debian Edu is only designed to be used for post-install 
> adjustments, not for regular / continuous config management.
> 
> So, disabling the cfagent (cf-execd) service should be the way to go (we 
> won't loose functionality compared to previous Debian Edu versions), the 
> cf-agent run should happen only based on the local configuration files 
> shipped by debian-edu-config.

Before we start changing anything here it needs to
be cleared up with the cfengine3 maintainers what
the default of cfengine should be. Right now it is
inconsistent,depening on whether systemd is installed
or not, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043353

-- 
Guido Berhoerster

Bug#1043322: cockpit-tests: prone to loosing /lib/systemd/system/cockpit.service.d during /usr-merge

[Helmut Grohne]

Hi Martin,

On Wed, Aug 09, 2023 at 09:19:41AM +0200, Martin Pitt wrote:
> > I'm attaching a patch for your convenience and hope you agree.
> 
> You didn't actually, but it's fairly straightforward (I think). I sent an
> upstream PR to fix that. I didn't test it at all, let's see what CI says -- 
> but
> I'm fairly sure about it.

Oh dang, sorry. But I see you came up with exactly the same patch that I
had.

> If all goes well, that can go into today's release, then I can fix this in sid
> in the next day or two.

Cool. Note that this problem won't be practically relevant for about a
month. I hope that we progress well enough for it to become relevant
then.

Helmut

Bug#1041323: CFEngine agent connection errors

[Mike Gabriel]

Hi Guido,

On  Mi 09 Aug 2023 13:17:03 CEST, Guido Berhoerster wrote:

On Thu, 20 Jul 2023 11:25:09 +0200 Guido Berhoerster  
 wrote:
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
TRUST FAILED, server presented untrusted key:  
MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
No suitable server found for '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Promise belongs to bundle 'failsafe_cfe_internal_update' in file  
'/var/lib/cfengine3/inputs/failsafe.cf' near line 121
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Errors encountered when actuating files promise  
'/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:error: ::1>   
   SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> SSL_write: underlying network  
error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>   
   Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
TRUST FAILED, server presented untrusted key:  
MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
No suitable server found for '/var/lib/cfengine3/modules'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Promise belongs to bundle 'failsafe_cfe_internal_update' in file  
'/var/lib/cfengine3/inputs/failsafe.cf' near line 130
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Errors encountered when actuating files promise  
'/var/lib/cfengine3/modules'
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:error: ::1>   
   SSL_write: underlying network error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> SSL_write: underlying network  
error (Broken pipe)
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>   
   Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> Connection was hung up!
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
TRUST FAILED, server presented untrusted key:  
MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:error: ::1>   
   Connection was hung up while receiving line:
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> Connection was hung up while  
receiving line:
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:   notice: ::1>   
   Client closed connection early! He probably does not  
trust our key...
Jul 20 10:35:34 tjener.intern cf-serverd[1168]:  
CFEngine(server)  ::1> Client closed connection early!  
He probably does not trust our key...
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
No suitable server found for '/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Promise belongs to bundle 'failsafe_cfe_internal_update' in file  
'/var/lib/cfengine3/inputs/failsafe.cf' near line 144
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Comment is 'If we failed to fetch policy we try again using
 
  the legacy default in case we are fetching policy
 
  from a hub that is not serving mastefiles via a
 
  shortcut.'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Errors encountered when actuating files promise  
'/var/lib/cfengine3/inputs'
Jul 20 10:35:34 tjener.intern cf-agent[4722]: CFEngine(agent)   
Method 'failsafe_cfe_internal_update' failed in some repairs
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)   
TRUST FAILED, server presented untrusted key:  
MD5=42d62c2c4be843a78dafffb40dd40277
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)   
No suitable server found for  
'/var/lib/cfengine3/inputs/cf_promises_validated'
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)   
Promise belongs to bundle 'cfe_internal_update_policy_cpv' in file  
'/var/lib/cfengine3/inputs/cfe_internal/update/update_policy.cf'  
near line 229
Jul 20 10:35:34 tjener.intern cf-agent[4734]: CFEngine(agent)   
Comment is 'Check whether a validation stamp is available for a new  
policy update to reduce the distributed load'



The untrusted server key issue can be fixed by following the procedure on
manually establishing trust described in