Bug#1050053: xml2rfc: recommends empty package fonts-noto-unhinted

[Scott Kitterman]

On September 15, 2023 5:37:23 AM UTC, Jonas Smedegaard  wrote:
>Scott Kitterman wrote:
>>> Please change the dependency to the appropriate package instead.
>>> Thank you.
>> Which one is that?  I can't find any indication in the package what
>> replaced it.
>
>The binary package fonts-noto-unhinted is currently empty because it
>contained only fonts lacking hinting, and currently all fonts provided
>from same source package are available with hinting.
>
>So I would turn the question around: Do xml2rfc require fonts without
>hinting, or does it require certain specific fonts which formerly
>existed only without hinting?

Unhinted is what the upstream documentation specifies:

https://salsa.debian.org/debian/pkg-xml2rfc/-/blob/debian/sid/README.md

Scott K

Bug#1036277: Ship keama - The KEA Migration Assistant

[Santiago Ruano Rincón]

Control: tags -1 + pending

El 13/09/23 a las 01:25, Athos Ribeiro escribió:
> On Mon, Sep 11, 2023 at 03:35:37PM +0530, Santiago Ruano Rincón wrote:
> > 
> > Do you think it would be possible to add an autopkgtest for keama?
> > 
> 
> Hi Santiago!
> 
> Thanks for having a look at this :)
> 
> I added an autopkgtest to run some upstream provided checks and also
> changed d/rules to run the same checks during the package build.
> 
> I needed to perform some changes to ensure the tests will make the build
> process halt on failures and removed one specific test which was
> performing a DNS query.
> 
> Let me know your thoughts on this.
> 
> Thanks again!

LGTM, thank you!

Just merged.

Cheers,

 -- Santiago


signature.asc
Description: PGP signature

Bug#1050053: xml2rfc: recommends empty package fonts-noto-unhinted

[Jonas Smedegaard]

Scott Kitterman wrote:
>> Please change the dependency to the appropriate package instead.
>> Thank you.
> Which one is that?  I can't find any indication in the package what
> replaced it.

The binary package fonts-noto-unhinted is currently empty because it
contained only fonts lacking hinting, and currently all fonts provided
from same source package are available with hinting.

So I would turn the question around: Do xml2rfc require fonts without
hinting, or does it require certain specific fonts which formerly
existed only without hinting?


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1051975: ITP: cli-docs-tool -- A library containing utilities to generate documentation for Docker

[Leandro Cunha]

Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Leandro Cunha 
X-Debbugs-Cc: leandrocunha...@gmail.com
Severity: wishlist

* Package name: cli-docs-tool
  Version : 0.6.0
  Upstream Contact: Docker 
* URL : https://github.com/docker/cli-docs-tool
* License : Apache-2.0 license
  Programming Lang: Go
  Description : This is a library containing utilities to generate
(reference) documentation for the docker CLI

This library is intended for use by Docker's CLIs, and is not intended
to be a general-purpose utility. Various bits are hard-coded or make
assumptions that are very specific to our use-case. Contributions are
welcome, but we will not accept contributions to make this a
general-purpose module.

The package will be assigned to the Debian Go Packaging Team.
It is necessary to build some packages such as buildx and
docker-compose in the latest version.
https://salsa.debian.org/debian-brasilia-team/docs/-/issues/44
https://salsa.debian.org/debian-brasilia-team/docs/-/issues/14
Work is being carried out together with the Debian Brasilia community,
a group with users, Debian Contributors, Debian Developers and Debian
Maintainers.
-BEGIN PGP PUBLIC KEY BLOCK-

mQINBF/gQ8gBEADHVKgoWsUWNGVvR6sMhBPUdBUEH+QALpr1QYXhetBfRwaY0HWN
pKgejHdxKO8H+kIhRMoh89CCKg3hAJ9LmOOTXkX7U5/Cya/zRMKk5zBD3rKIaugh
0XYT15Nz1jwL7TIDG25yPSloDtVgVXTep0ZzKsNYJjb4OAqa88cvUEJEhhqrldlR
gpNbkixEh5ituO8pMShEBWqLs3yt4Hr1VFWnTIm4dl/JLBHpexzubDOw/mKCTpNd
A1JGHTvce1wtJ2fMzCVzhEjd5pyjLZV/o8hVw2/ON/yXvpJuz0lV/hiW0M+cDcas
sKftErtsZpRy3wwXdkBcJt6soYuqfCHwgMfL2iC6mPviE8xWAHMOmhdC3wDskZpb
RcLfH5IMYajJAGRO/GCMcKKbq7WkEOeloivtg64xBlYuJf9aOcHKP/8R3EObiNp7
ubQAJtV3pEGD4mx1mhutFxDHB+CfnxE3dWvxZSV9y1n4UOzkDJ3kDx5Ee0MbRvJD
w6aXKc6dhYREgh7hLDcMFz+3LcBiZDLxI3g+SHe3Bl61vdsnPno+0HhCzvB+fL4S
eoy7Myfiunz9BrB2HPN+wNCT0YgV+Kv8QoDGzBwos5H1vUJSY4t59w6xoXAYUsAm
hjAM8s+rUtG40mcUWePd8kZtgE9IV1eQ+Qt8/SNpSdRnUunmIGl3JjHvEwARAQAB
tClMZWFuZHJvIEN1bmhhIDxsZWFuZHJvY3VuaGEwMTZAZ21haWwuY29tPokCTgQT
AQoAOBYhBLT5oBCvKN3HzFEPK8LZ4zKUW9A8BQJf4EPIAhsDBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAAAoJEMLZ4zKUW9A8FjAQAKWYqiLpLUD+DLB+NSy3DI3rf9z3
k0vE7TLaEjdEM5CQWN+j4vBqMnAckdcARvSWPndTjp8K+mtFF4PyfhNbS64z/a7L
F3DdhmX73n7LKFG8Ow9NZwcrkmPwH5WcP7mXTh6R+6/+OSL/K85NB8MLlxQTJOni
julVax9JEZjwBaP2HLCu53Zq9gZcvJlXoAoTHyTxKdp8Mh8V+Qit26E78o9c6SQD
Dq9eyMRG8hYCRfreDjKceRkYHjECySlk+VoI1ssVs07Dqvxg6qSyP4RnW+1+W74C
s0yIyuC/eRJpMAf1PBQEOOrVcTfRfpN+go955t21yIAvT58vqotTM5eaqXYIQn/y
sC4lThZai/ZBZHxl5Mbv42WkkYdjisLQOCALIMBpj5nq4oh2C+kvMupcuBKfERgV
dguU51MzfQktKb6d5y777zYnDaFMQDD2IfiD/C7ln5A9LP/L54ixlA3uRmWx/yAx
/m+Zusws98j4Eq/jw5T54XW655m6lMCTE9WXLJkgxrRcEonHSllbgRSsToEmWq0Z
doxcnpagHdcGQzW+cu2VOGi1da73ZFmrn+ptJgc8cW2suO06IeArOi0TzIg7e65j
Xp2DbJCpFrfzEuBb1u71WvB8V2MkAfJZx/uZJPCA936B4HT8YGPEMzlQRIHI2Y9C
+DloyzlBLTS1EMKuuQINBF/gQ8gBEAC47o9u1Wm9jZ6RC+lfxEDEvVS7MmI5VzSy
q04rFttWwbKix13pc65aDlk47LxWrb84N3Gnf1E/OTsLTXqC7u5JZ7YJkC6CsPbo
D1sQkfCiJCFCTgf7dydEVt8ujS/Uu1kz86ufdRwaMRcvBZAORGdB58LEsLB65WN4
hLRYF7xvcxu6t7FGrIYereaxUAWLA2B/ZnCEdOY94w7s0uaPjHdf4lfHebuZ7T08
iG5ACDvKBjgaFArGfdNYWchXJgbOEg14bGj40/8LuBKQMZASiFSqLPZxoporK9FY
xBw+D080dUWWD5g868TZ3pkM3DXO9bdq22IBKqKOep8CnuKgoDpUvA8dTEY/UDCn
sdOlBUK/Y9zTGVmD/90cO/xkvkV78suqiBnwBSddPzVS0EuiWwrLGu8gaY4EyM/X
7khlbTcMgh4njzUCAE6Tq+TbXSxn86wuOybVY5Y+I99LNdsocI5SIn2nDh2IOi00
4dE/iwO2MatWIOLFBC7pw8Xv4UHZY+WIf3Y/6XjExpllhUkeB6BwZpTr1SXk+cug
q5Dj5i4aGn2LrvQJ57terqUWYyDUBFgXTc4SPOzT5og8CavBgHfrQoFwSnRZ2oyX
xtZhEDI5Pk2j1qTbOhXZ29po4rPNWHMq2HQgM0I+BqQndsoVdkPOFzS2wKkdXjCz
bNYcyanusQARAQABiQI2BBgBCgAgFiEEtPmgEK8o3cfMUQ8rwtnjMpRb0DwFAl/g
Q8gCGwwACgkQwtnjMpRb0Dzh6g//ZjXaWSzKmG5ZS6XJa/ZOokkE2hFOFusWX8Qa
hEwLAnTFEy02dLfV54rKwmu2jHPDKLhE+iYtusvytueZAzVRyQahv0RE4BH8Emqw
gQdBwyJ/L+QhUp/lMdJ6Hh/2ZSZmzU29U24vnY+U+haoB1fLnA3lXgOP59kMLGud
lERR2Vluuc7TcpzvcaRWgrQRU2vSrrBBEp6y07iVKbRM/9yhE/aHJahLbhKh2Dk9
WJvHPnhYJY5yU+Y5vTl3BiW5+EuzMBdPUawOWKhqCq9dswn0GL1g/vlt/bdU/6DO
jECQ6fssTAtDjRClXySsS3X0mh8y8qlGvMPB4anfvOy4+4nUV6IESdJftKn2SMGd
CA3MaQ+S7frWn5v7GIWSC9vumCsiu1JTOugLmbVmu5m5nFsyllavm/k9LtOtswuF
fHM/SlXLFuGBWU6XceqaM2dpP8i5jGz0vIGMhqoFNgXWGO1NhwR1rmeU1CMpnM5e
Wue4h/+mJiuEzuZcmzOcwq3HGMUXO0jZDgLEmlnenO9czhrLuGZaMXGdwnIk0G3O
+SqH36v7blnDh96RXpgaa+ifTHd0qKeoVXVwSq/9jNtHSQrI+NJcTpMhu73xtxhX
UFPr/31+IFLWepC5GDwdu/gQm5E6ntGyxE2p2v76pcjz7SGdXjPFZjqekBveEJuW
fNdY6Ns=
=rdCA
-END PGP PUBLIC KEY BLOCK-

Bug#1051974: ITP: inwasm -- Inline WebAssembly for Typescript

[Yadd]

Package: wnpp
Severity: wishlist
Owner: Yadd 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: inwasm
  Version : 0.0.13
  Upstream Contact: Joerg Breitbart 
* URL : https://github.com/jerch/inwasm
* License : Expat
  Programming Lang: JavaScript
  Description : Inline WebAssembly for Typescript

InWasm is a small bundler for inline standalone wasm libraries (Web Assembly).
It compiles and bundles the wasm source code inplace, using either
clang, wabt and/or emscripten.

inwasm is a build dependency needed to build node-xterm-wasm-parts,
which is required by node-xterm 5 which update is needed to build
node-jupyterlab. Will be maintained under JS Team umbrella.

Bug#1051973: tzdata: no warning about moving US/* to tzdata-legacy

[Mike Kupfer]

Package: tzdata
Version: 2023c-10
Severity: important
X-Debbugs-Cc: kup...@rawbw.com

Dear Maintainer,

After using synaptic or apt to upgrade tzdata from 2023c-7 to
2023c-10, I would get the wrong time in my desktop environments and on
a virtual terminal (no X).  I would get UTC, rather than my local
time.  Though the lightdm screen would display the correct time.

I tracked this down to the fix for #1040997.  So, changing TZ from
US/Pacific to America/Los_Angeles makes the problem go away.  Or,
keeping TZ at US/Pacific, installing tzdata-legacy makes the problem
go away.

I'm okay with the change itself, but it really should get more
visibility.  That is, on upgrade the user should get some sort of
heads-up that they are getting an incompatible change and may need to
take corrective action.

thanks,
mike

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-3-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tzdata depends on:
ii  debconf [debconf-2.0]  1.5.82

tzdata recommends no packages.

tzdata suggests no packages.

-- debconf information:
  tzdata/Zones/Pacific:
  tzdata/Zones/Africa:
  tzdata/Zones/Europe:
  tzdata/Zones/Arctic:
* tzdata/Zones/America: Los_Angeles
* tzdata/Areas: America
* tzdata/Zones/Etc: UTC
  tzdata/Zones/Australia:
  tzdata/Zones/Antarctica:
  tzdata/Zones/US:
  tzdata/Zones/Indian:
  tzdata/Zones/Atlantic:
  tzdata/Zones/SystemV:
  tzdata/Zones/Asia:

Bug#1050676: enblend-enfuse: FTBFS: dot: maze.c:311: chkSgraph: Assertion `np->cells[0]' failed.

[GCS]

Hi Andreas,

On Sun, Sep 10, 2023 at 9:21 PM Andreas Metzler  wrote:
> I tried to do a test build of enblend against graphviz 8.1.0 from
> experimental. I had no luck, since dot seems to be built without support
> for png output:
 Please try graphviz 9.0.0 from experimental.

> /usr/bin/m4 --fatal-warnings --prefix-builtins --synclines 
> --define='dot_output_type=png' ../../doc/uml-dot.m4 
> ../../doc/external-mask-workflow.dot | \
> /usr/bin/dot  -Tpng -Gbgcolor=transparent -Gresolution=600 | \
> /usr/bin/convert png:- -transparent white -resize $(( ((96 * 
> 1000) / 600) / 10 ))% external-mask-workflow.png
> Format: "png" not recognized. Use one of: canon cmap cmapx cmapx_np dot 
> dot_json eps fig gv imap imap_np ismap json json0 mp pic plain plain-ext pov 
> ps ps2 svg svgz tk xdot xdot1.2 xdot1.4 xdot_json
> convert: improper image header 
> `/dev/shm/magick-u_9y0p39jcrUpQwvjHcDxiLBtxK8jlEu' @ 
> error/png.c/ReadPNGImage/4107.
 There's still a font issue, you will get something like:
fontconfig: Didn't find expected font family. Perhaps URW Type 1 fonts
need installing?

I don't know why this is happening, as if I check the intermediate dot
file then only the node font settings cause this error. Other uses of
the Helvetica font are fine. As per source change, you will need this
patch for enblend-enfuse.
Please check if the resulting package works as you expected or not and
report back your findings.

Regards,
Laszlo/GCS
Description: use Times font instead of Helvetica for testing
 For testing the font Helvetica used. This is fine, but for some reason
 recently fontconfig can't find it as URW Type 1 font for dot nodes. For
 other uses, Helvetica font is found by the way.
Author: Laszlo Boszormenyi (GCS) 
Forwarded: no
Last-Update: 2023-09-15

---

--- enblend-enfuse-4.2.orig/doc/uml-dot.m4
+++ enblend-enfuse-4.2/doc/uml-dot.m4
@@ -10,7 +10,7 @@ m4_dnl  (`uml_'), we treat only `Activit
 m4_dnl  need more for the Enblend/Enfuse documentation.
 
 
-m4_define(`uml_font', `Helvetica')
+m4_define(`uml_font', `Times')
 
 
 m4_dnl  Graph Attributes

Bug#1051966: icmake: Please add bootstrap build profile to break circular build dependency

[tony mancill]

On Fri, Sep 15, 2023 at 12:50:37AM +0200, John Paul Adrian Glaubitz wrote:
> Source: icmake
> Version: 10.04.01-2
> Severity: normal
> User: debian-de...@lists.debian.org
> Usertags: loong64
> X-Debbugs-Cc: zhangjial...@loongson.cn,zhangdan...@loongson.cn
> 
> Hi!
> 
> The changelog entry for icmake 10.03.02-1 reads:
> 
>   * New upstream version 10.03.02 adds bobcatbootstrap to build icmake
> on systems that haven't installed the bobcat library
> 
> However, looking at debian/control, the build dependency on libbobcat-dev is
> actually unconditional and there is currently no way to build the icmake
> Debian package without having libbobcat-dev installed. This is in particular
> problematic because src:bobcat build-depends on icmake to build.
> 
> A build profile which allows to disable the libbobcat-dev build dependency
> temporarily and use the aforementioned bootstrap mechanism would be very
> helpful for bootstrapping icmake on new architectures such as loong64.

Hi Adrian,

The bootstrap instructions are included in the source package [1].

This is new to me, so I'm looking for some guidance here.  Is the
expectation an upload of an icmake source package that can build itself?
It would have to have build-deps libbobcat-dev | bobcat-src in order to
avoid having to download the bobcat sources.  In this scenario, I
believe we would need to introduce a new bobcat-src (binary) package.

Or, should it build-dep on libbobcat-dev | (something always available)
and then in debian/rules detect the lack of libbobcat-dev and perform
the bootstrap by downloading the bobcat sources tarball?

Or something else?

In any case, we can a script to the icmake source to perform the
bootstrap once we have decided on a way to obtain the bobcat sources.

Thank you,
tony

[1] 
https://salsa.debian.org/debian/icmake/-/blob/debian/latest/README.bobcatbootstrap


signature.asc
Description: PGP signature

Bug#1049440: calculix-cgx - build-depends on dropped transitional package.

[Matthias Klose]

Control: tags -1 + patch

patch at
https://patches.ubuntu.com/c/calculix-cgx/calculix-cgx_2.17+dfsg-2ubuntu1.patch

Bug#1051515: raft: New version available

[GCS]

On Mon, Sep 11, 2023 at 6:40 PM Mathias Gibbens  wrote:
>   I spent some time looking at this over the weekend, and apparently
> there's some issue(s) running the integration/uv tests within a
> continer(-ish) environment.
 While I may copy your report to an upstream bugreport, it's not my
work. Would you please file an upstream issue yourself? I hope it will
be an easy fix for them and raft can be updated soon in Debian.

Thanks,
Laszlo/GCS

Bug#1051972: jami-daemon: Fails to start with libopendht2 2.6.0.4-1

[Asher Gordon]

Package: jami-daemon
Version: 20230206.0~ds2-1.3
Severity: grave
X-Debbugs-Cc: none, Asher Gordon 

Dear Maintainer,

After upgrading libopendht2, jami-daemon fails to start, making Jami
unusable. Downgrading libopendht2 fixes the problem.

$ apt-cache policy libopendht2 | grep Installed:
  Installed: 2.6.0.4-1
$ jami
Using Qt runtime version: 6.4.2
"notify server name: dunst, vendor: knopwob, version: 1.9.2 (2023-04-20), 
spec: 1.2"
"Using locale: en_US"
"Error : jamid is not available, make sure it is running"
terminate called after throwing an instance of 'char const*'
Aborted
$ /usr/libexec/jamid 
/usr/libexec/jamid: symbol lookup error: /usr/libexec/jamid: undefined 
symbol: 
_ZN3dht4http8ResolverC1ERN4asio10io_contextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrINS_6LoggerEE

Downgrading:

$ sudo sed -i~ s/trixie/bookworm/g /etc/apt/sources.list
$ sudo apt-get update
Get:1 tor+https://deb.debian.org/debian bookworm InRelease [151 kB]
[...]
Fetched 88.2 MB in 42s (2,120 kB/s)
Reading package lists... Done
$ sudo apt-get install libopendht2=2.4.12-7
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be DOWNGRADED:
  libopendht2
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded.
Need to get 806 kB of archives.
After this operation, 377 kB disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 tor+https://deb.debian.org/debian bookworm/main amd64 libopendht2 
amd64 2.4.12-7 [806 kB]
Fetched 806 kB in 2s (335 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell 
buffer, or without a controlling terminal.)
debconf: falling back to frontend: Readline
dpkg: warning: downgrading libopendht2:amd64 from 2.6.0.4-1 to 2.4.12-7
(Reading database ... 586843 files and directories currently installed.)
Preparing to unpack .../libopendht2_2.4.12-7_amd64.deb ...
Unpacking libopendht2:amd64 (2.4.12-7) over (2.6.0.4-1) ...
Setting up libopendht2:amd64 (2.4.12-7) ...
Processing triggers for libc-bin (2.37-8) ...
$ apt-cache policy libopendht2 | grep Installed:
  Installed: 2.4.12-7
$ jami
Using Qt runtime version: 6.4.2
"notify server name: dunst, vendor: knopwob, version: 1.9.2 (2023-04-20), 
spec: 1.2"
"Using locale: en_US"
No migration required
[...]
$ /usr/libexec/jamid 
Jami Daemon 13.7.0, by Savoir-faire Linux Inc. 2004-2023
https://jami.net/
[Video support enabled]
[Plugins support enabled]

22:56:59.121 os_core_unix.c !pjlib 2.12.1 for POSIX initialized
  C-c C-cCaught signal Interrupt, terminating...

Jami runs as expected.

It looks like jamid references an undefined symbol,
_ZN3dht4http8ResolverC1ERN4asio10io_contextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrINS_6LoggerEE,
which is likely present in the old version of libopendht2. I don't know
a whole lot about C++ and name mangling, but I would guess that Jami had
been using a deprecated or undocumented symbol, which has been removed
or renamed in libopendht2. It's also possible that the new libopendht2
was compiled with a newer compiler, which mangled the name differently,
but as far as I know, name mangling is supposed to be fairly stable
(again, I don't know a whole lot about this).

Also, the name unmangled:

$ echo 
_ZN3dht4http8ResolverC1ERN4asio10io_contextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrINS_6LoggerEE
 | c++filt
dht::http::Resolver::Resolver(asio::io_context&, 
std::__cxx11::basic_string, std::allocator > 
const&, std::shared_ptr)

Thanks,
Asher

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages jami-daemon depends on:
ii  libarchive13 3.6.2-1
ii  libasound2   1.2.9-2
ii  libavcodec60 7:6.0-6
ii  libavdevice607:6.0-6
ii  libavfilter9 7:6.0-6
ii  libavformat607:6.0-6
ii  libavutil58  7:6.0-6
ii  libc62.37-8
ii  libdbus-c++-1-0v50.9.0-12
ii  libfmt9  9.1.0+ds1-2
ii  libgcc-s113.2.0-3
ii  libgit2-1.5  1.5.1+ds-1
ii  libgnutls30  3.8.1-4+b1
ii  libixml111:1.14.18-1
ii  libjsoncpp25 

Bug#1051971: owncloud-client-cmd: Error transfering https://BLAH/owncloud/remote.php/webdav/status.php - server replied: Forbidden

[Sergio Mendoza]

Package: owncloud-client-cmd
Version: 3.2.0.10193+dfsg-1
Severity: important

Dear mainteiner,

  With the new unstable version ( 3.2.0.10193+dfsg-1 ) of owncloudcmd,
when I try to sync with the onwcloud server I get the following error:

23-09-14 20:45:05:955 [ warning sync.checkserverjob ]:  error: status.php 
replied 403
23-09-14 20:45:05:955 [ fatal default ]:Failed to resolve
https://BLAH/owncloud/remote.php/webdav Error: Error transferring 
https://BLAH/owncloud/remote.php/webdav/status.php - server replied: Forbidden.
Aborted

  I've checked permissions at the server side and everything seems fine
(it has been working fine for years).  Also, accesing the owncloud server
using a web browser, everything works fine.

Cheers,

S.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-0-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages owncloud-client-cmd depends on:
ii  libc6  2.37-8
ii  libowncloudsync0   3.2.0.10193+dfsg-1
ii  libqt5core5a   5.15.10+dfsg-3
ii  libqt5network5 5.15.10+dfsg-3
ii  libqt5sql5-sqlite  5.15.10+dfsg-3
ii  libstdc++6 13.2.0-4

owncloud-client-cmd recommends no packages.

owncloud-client-cmd suggests no packages.

-- no debconf information

Bug#1050256: autopkgtest fails on debci

[Mathias Gibbens]

On Mon, 2023-09-11 at 13:45 +0200, Michael Biebl wrote:
> Am 09.09.23 um 14:20 schrieb intrigeri:
> 
> > At this stage it seems clear that the bug and the corresponding
> > ideal fix are in the AppArmor part of src:linux, and the bug
> > affects at least src:apparmor and src:lxc. I'd like to reflect this
> > in the metadata of #1050256 by reassigning the bug to Linux, and
> > adding "affects" indications. I'll do so in the next few days
> > unless someone objects soon.
> 
> It also affects at least
> src:systemd, src:pdns, src:policykit-1
> All those packages have added workarounds for this issue.
> I'll revert the workaround in systemd and notify the maintainers of
> pdns and policykit-1.
> 
> > Doing so will also be an opportunity for me to sum up the problem
> > for the maintainers of src:linux, and let them know about our
> > desired timeline: ideally this would be fixed in the upcoming
> > Bookworm point-release.

  Not having heard any objections, please feel free to reassign this
bug. As you said, this will give the src:linux maintainers a heads up,
even if the patch isn't quite ready yet (but hopefully in time for the
12.2 point release).

Mathias


signature.asc
Description: This is a digitally signed message part

Bug#1050256: autopkgtest fails on debci

[Mathias Gibbens]

On Mon, 2023-09-04 at 12:39 -0700, John Johansen wrote:
> On 9/4/23 12:32, Michael Biebl wrote:
> > John, could you help with getting this fix into 6.1.x?
> 
> yes, I am working on a patch.

Hi John,

  I wanted to check in to see if you've had a chance to work on that
patch for the 6.1 kernel. The deadline for package updates being
included in the 12.2 point release is in roughly two weeks, but given
this will be a patch for the kernel I'd really like to have something
tested and handed over to the src:linux team well before then.

Thanks,
Mathias


signature.asc
Description: This is a digitally signed message part

Bug#1051874: closed by Michael Biebl (Re: Bug#1051874: systemd: XDG_RUNTIME_DIR is not set in X11 login session (MATE/slim))

[Linas Vepstas]

Hi,

On Thu, Sep 14, 2023 at 12:51 PM Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:

> I installed a test VM with bookworm and task-mate-desktop and slim.
>
> Everything is working fine.
> So I must conclude this is a local (mis)configuration.


The problem manifested after an upgrade from bullseye, and not in a fresh
bookworm install. I did not perform any local configuration. No change from
`apt reinstall slim`.

Prior to logging into the MATE desktop, I logged into the gnome desktop,
and then logged out. Perhaps this left behind a garbled systemd login
config, that was not cleared on the subsequent MATE login? I will
experiment...

Is there a recommended debugging procedure, to find the root cause?

Bug#1051970: vim: clicking tab character selects next character after tab

[Matthijs van Duin]

Small addendum, in case it helps tracking down the issue: quite curiously,
clicking below a tab character on the last line of the buffer still works
correctly, it selects the tab itself.

Bug#1051970: vim: clicking tab character selects next character after tab

[Matthijs van Duin]

Source: vim
Version: 2:9.0.1378-2
Severity: normal
X-Debbugs-Cc: matthijsvand...@gmail.com

Dear Maintainer,

Clicking anywhere in a tab character other than its leftmost column
causes the cursor to be placed on the next character after the tab
instead of putting it on the tab character itself.

This is especially obnoxious in selection mode, e.g. say you have some
tab-separated columns of text, e.g.:

abc foo
x   bar

If you now start block-selection mode on the topleft and try to select
the first column of text using the mouse you'll end up also selecting
the "f" of "foo" and "b" of "bar".


This is a regression, it worked correctly in bullseye (vim 8.2.2434).


I only use vim in text mode (xterm mouse) but gvim appears to be
affected in the same way based on some quick testing.


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1051966: icmake: Please add bootstrap build profile to break circular build dependency

[tony mancill]

On Fri, Sep 15, 2023 at 12:50:37AM +0200, John Paul Adrian Glaubitz wrote:
> Source: icmake
> Version: 10.04.01-2
> Severity: normal
> User: debian-de...@lists.debian.org
> Usertags: loong64
> X-Debbugs-Cc: zhangjial...@loongson.cn,zhangdan...@loongson.cn
> 
> The changelog entry for icmake 10.03.02-1 reads:
> 
>   * New upstream version 10.03.02 adds bobcatbootstrap to build icmake
> on systems that haven't installed the bobcat library
> 
> However, looking at debian/control, the build dependency on libbobcat-dev is
> actually unconditional and there is currently no way to build the icmake
> Debian package without having libbobcat-dev installed. This is in particular
> problematic because src:bobcat build-depends on icmake to build.
> 
> A build profile which allows to disable the libbobcat-dev build dependency
> temporarily and use the aforementioned bootstrap mechanism would be very
> helpful for bootstrapping icmake on new architectures such as loong64.

Hi Adrian,

Oh, good catch!  Thank you for reporting the bug.  I will follow up.

Cheers,
tony


signature.asc
Description: PGP signature

Bug#1051969: ITP: matekbd-keyboard-display -- Display keyboard layouts in MATE

[Mike Gabriel]

Package: wnpp
Severity: wishlist
Owner: Mike Gabriel 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: matekbd-keyboard-display
  Version : 23.9.1
  Upstream Contact: Robert Tari 
* URL : https://tari.in/www/software/matekbd-keyboard-display/
* License : LGPL-2+
  Programming Lang: C
  Description : Display keyboard layouts in MATE

 An application that allows you to preview keyboard layouts on MATE
 desktop. It uses the libmatekbd library, similarly to
 gkbd-keyboard-display and libgnomekbd.
 .
 This package is required for the next upstream release of
 ayatana-indicator-display.
 .
 This package will be maintained under the umbrella of the MATE
 packaging team.

Bug#1037367: (many packages): build-depends on transitional package libgdk-pixbuf2.0-dev

[Simon McVittie]

Control: severity -1 serious

On Sun, 10 Sep 2023 at 14:28:44 +0100, Simon McVittie wrote:
> On Mon, 12 Jun 2023 at 11:34:11 +0100, Simon McVittie wrote:
> > In Debian 11, libgdk-pixbuf2.0-dev was split into two packages:
> > 
> > - libgdk-pixbuf-2.0-dev contains the supported gdk-pixbuf-2.0 library
> > 
> > - libgdk-pixbuf-xlib-2.0-dev contains the deprecated, unmaintained
> >   Xlib integration layer, gdk-pixbuf-xlib-2.0
> > 
> > If [this package] only requires functionality from gdk-pixbuf-2.0.pc
> > and , please update the build-dependency to
> > libgdk-pixbuf-2.0-dev.
> > 
> > If it also requires the Xlib integration gdk-pixbuf-xlib-2.0.pc and
> >  (unlikely), then you can also build-depend on
> > libgdk-pixbuf-xlib-2.0-dev until the package can be updated to remove
> > that requirement.
> > 
> > libgdk-pixbuf-2.0-dev was present in both Debian 11 and Debian 12, so
> > it is not necessary to have a "| libgdk-pixbuf2.0-dev" alternative
> > dependency, even for packages that are expected to be backported.
> 
> It's been almost 3 months since I opened these bugs, and we should
> remove this transitional package well before the Debian 13 freeze (it
> should ideally have already been removed in Debian 12), so I'm raising
> them to RC.

Really raising the severity, as I had intended to do with the previous
mail to these bugs.

smcv

Bug#1051968: libreoffice: Libreoffice on MATE doesn't install libreoffice-gnome

[Charles Boling]

Package: libreoffice
Severity: normal
Tags: patch

Dear Maintainer,

(Sorry if wrong pkg; had trouble finding dependency
Also, yes, I used the term "patch" very loosely.)

Problem:
Fresh debian installation includes LibreOffice, but when installed in the MATE
environment, it installs the libreoffice-gtk package but does NOT install
the libreoffice-gnome package.

How I noticed:
LO was unable to open e.g. "sftp://; files.
If opened from LO, it was as if you hit ESC instead of ENTER on open dialog
-- nothing happened.
If opened from file browser (Caja), it launched LO which then immediately 
exited.

How I fixed:
Manually installed libreoffice-gnome

I don't know where to go to tweak this in the distro, but I suspect you do!

Thanks for reading my report.


-- System Information:
Debian Release: 12.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice depends on:
pn  libreoffice-base
ii  libreoffice-calc4:7.4.7-1
ii  libreoffice-core4:7.4.7-1
ii  libreoffice-draw4:7.4.7-1
ii  libreoffice-impress 4:7.4.7-1
ii  libreoffice-math4:7.4.7-1
pn  libreoffice-report-builder-bin  
ii  libreoffice-writer  4:7.4.7-1
ii  python3-uno 4:7.4.7-1

Versions of packages libreoffice recommends:
pn  fonts-crosextra-caladea 
pn  fonts-crosextra-carlito 
ii  fonts-dejavu2.37-6
pn  fonts-liberation
ii  fonts-liberation2   2.1.5-1
pn  fonts-linuxlibertine
pn  fonts-noto-core 
pn  fonts-noto-extra
ii  fonts-noto-mono 20201225-1
pn  fonts-noto-ui-core  
pn  fonts-sil-gentium-basic 
pn  libreoffice-java-common 
pn  libreoffice-nlpsolver   
pn  libreoffice-report-builder  
pn  libreoffice-script-provider-bsh 
pn  libreoffice-script-provider-js  
pn  libreoffice-script-provider-python  
pn  libreoffice-sdbc-mysql  
pn  libreoffice-sdbc-postgresql 
pn  libreoffice-wiki-publisher  

Versions of packages libreoffice suggests:
pn  cups-bsd  
pn  default-jre | java-runtime | java8-runtime | jre  
ii  firefox-esr   102.13.0esr-1~deb12u1
ii  ghostscript   10.0.0~dfsg-11+deb12u1
ii  gnupg 2.2.40-1.1
pn  gpa   
ii  gstreamer1.0-libav1.22.0-2
ii  gstreamer1.0-plugins-bad  1.22.0-4+deb12u1
ii  gstreamer1.0-plugins-base 1.22.0-3+deb12u1
ii  gstreamer1.0-plugins-good 1.22.0-5+deb12u1
ii  gstreamer1.0-plugins-ugly 1.22.0-2
ii  hunspell-en-us [hunspell-dictionary]  1:2020.12.07-2
ii  hyphen-en-us [hyphen-hyphenation-patterns]2.8.8-7
pn  imagemagick | graphicsmagick-imagemagick-compat   
ii  libgl11.6.0-1
pn  libofficebean-java
ii  libreoffice-gnome 4:7.4.7-1
pn  libreoffice-grammarcheck  
ii  libreoffice-help-en-us [libreoffice-help] 4:7.4.7-1
pn  libreoffice-l10n  
pn  libreoffice-librelogo 
ii  libsane1  1.2.1-2
ii  libxrender1   1:0.9.10-1.1
pn  myspell-dictionary
ii  mythes-en-us [mythes-thesaurus]   1:7.5.0-1
pn  openclipart-libreoffice   
pn  pstoedit  
pn  unixodbc  

Bug#1051967: php-fig-log-test: ships /usr/share/php/Psr/Log/Test/*.php, already in php-psr-log-test

[Andreas Beckmann]

Package: php-fig-log-test
Version: 1.1.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install
because it tries to overwrite other packages files:

  Preparing to unpack .../php-psr-log-test_1.1.0-1_all.deb ...
  Unpacking php-psr-log-test (1.1.0-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/php-psr-log-test_1.1.0-1_all.deb (--unpack):
   trying to overwrite '/usr/share/php/Psr/Log/Test/DummyTest.php', which is 
also in package php-fig-log-test 1.1.0-1
  Errors were encountered while processing:
   /var/cache/apt/archives/php-psr-log-test_1.1.0-1_all.deb

The conflicting files are

usr/share/php/Psr/Log/Test/DummyTest.php
usr/share/php/Psr/Log/Test/LoggerInterfaceTest.php
usr/share/php/Psr/Log/Test/TestLogger.php
usr/share/php/Psr/Log/Test/autoload.php


cheers,

Andreas

Bug#1051966: icmake: Please add bootstrap build profile to break circular build dependency

[John Paul Adrian Glaubitz]

Source: icmake
Version: 10.04.01-2
Severity: normal
User: debian-de...@lists.debian.org
Usertags: loong64
X-Debbugs-Cc: zhangjial...@loongson.cn,zhangdan...@loongson.cn

Hi!

The changelog entry for icmake 10.03.02-1 reads:

  * New upstream version 10.03.02 adds bobcatbootstrap to build icmake
on systems that haven't installed the bobcat library

However, looking at debian/control, the build dependency on libbobcat-dev is
actually unconditional and there is currently no way to build the icmake
Debian package without having libbobcat-dev installed. This is in particular
problematic because src:bobcat build-depends on icmake to build.

A build profile which allows to disable the libbobcat-dev build dependency
temporarily and use the aforementioned bootstrap mechanism would be very
helpful for bootstrapping icmake on new architectures such as loong64.

Thanks,
Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1051965: compat-el: new upstream release 29.1.4.2 needed by elpa-hl-todo/sid

[Andreas Beckmann]

Package: compat-el
Version: 29.1.4.1-2
Severity: serious

elpa-hl-todo/sid is currently uninstallable since it depends on
elpa-compat (>= 29.1.4.2).


Andreas

Bug#1051707: [INTL:es] Spanish translation of fontconfig debconf template

[Gunnar Hjalmarsson]

Thanks for your update!

Due to this revert:

https://salsa.debian.org/freedesktop-team/fontconfig/-/commit/f35af06b

I only kept the typo correction part of your change:

https://salsa.debian.org/freedesktop-team/fontconfig/-/commit/20b04fea

Sorry for the noise.

--
Gunnar Hjalmarsson

Bug#1051964: adding a local preseed file into the initrd breaks CD/USB media usage

[Steve McIntyre]

Source: debian-installer-utils
Version: 1.147
Severity: normal

I'm hacking together an installer for an rpi4 locally, copying all the
files onto a FAT-formatted USB drive. I also want to do some minor
config in a preseed late_command, so I've modified the initrd to add a
preseed file.

Unfortunately, once I added the preseed file d-i fails in
cdrom-detect. Digging further, I've found that this is because the USB
drive is already mounted on /media. This is caused by the "fetch-url"
command in preseed/preseed_fetch. In fetch-url-methods/file, we call
mountmedia to allow for preseed via USB from netboot - see commit
916a613577c5cd747d15b3d20f16b9518d7d54ea in 2013!!

This mountmedia is not needed in my case, and is what's breaking
things. As a workaround, I've added a preseed early_command for now to
*unmount* /media and all is well. But this code needs changing to not
run mountmedia unconditionally!

We already had a report from Bogdan Veringioiu about this problem back
in 2018... :-( [1]

[1] https://lists.debian.org/debian-boot/2018/04/msg00057.html

-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-23-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1051963: RM: libkysdk-base/experimental -- NVIU; RoQA; upload to sid has merged several packages

[Andreas Beckmann]

Package: ftp.debian.org
Severity: normal

the initial upload to experimental happened with very fine granular
binary packages, the upload to sid has merged most of them together
therefore cruft removal does ot clean up the obsolete packages from
experimental


Andreas

Bug#1051797: libtk-img-doc: dpkg extraction error during upgrading

[Andreas Beckmann]

Followup-For: Bug #1051797
Control: severity -1 serious
Control: notfound -1 1:1.4.14+dfsg-2
Control: found -1 1:1.4.15+dfsg-1

On upgrades from bookworm to trixie:

  Preparing to unpack .../libtk-img-doc_1%3a1.4.15+dfsg-1_all.deb ...
  Unpacking libtk-img-doc (1:1.4.15+dfsg-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/libtk-img-doc_1%3a1.4.15+dfsg-1_all.deb (--unpack):
   trying to overwrite '/usr/share/doc/libtk-img/README.gz', which is also in 
package libtk-img:amd64 1:1.4.14+dfsg-2

/usr/share/doc/libtk-img/README.gz is the only file in conflict, and
that is probably caused by the debhelper compat bump which changes the
behavior of dh_installdocs w.r.t. the default install location.


Andreas

Bug#934811: webrtc-audio-processing 1.0 available, pipewire will require >= 1.2

[Felipe Sateler]

On Thu, Sep 14, 2023 at 4:46 PM Jeremy Bícha 
wrote:

> On Thu, Sep 14, 2023 at 3:39 PM Felipe Sateler 
> wrote:
> > This patch adds support for big endian architectures. Are there any in
> the archive?
>
> s390x is the only remaining big-endian Release Architecture for Debian.
>
> There are other big-endian architectures in ports.
> https://wiki.debian.org/ArchitectureSpecificsMemo


Would it be to terrible to drop support for that?

-- 

Saludos,
Felipe Sateler

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

[Adam D. Barratt]

On Thu, 2023-09-14 at 17:00 +0100, Adam D. Barratt wrote:
> On Thu, 2023-09-14 at 08:31 +0200, Sebastian Andrzej Siewior wrote:
> > On 2023-09-14 06:31:26 [+0100], Adam D. Barratt wrote:
> > > On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior
> > > wrote:
> > > > On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> > > > > How does this sound for an SUA?
> > > [...]
[...]
> Great, we agree. :) I'll try and get this sorted this evening, worst
> case it should be tomorrow.
> 

That's now out, as SUA-240-1.

Regards,

Adam

Bug#1051962: New Upstream Version

[Barak A. Pearlmutter]

Package: kexec-tools
Version: 1:2.0.25-3

Version 2.0.27 is available upstream. Also the packaging was a bit
scruffy around the edges, so I updated the packaging scripts and
yanking in the newest upstream version and put it all in
https://salsa.debian.org/debian/kexec-tools

(I did it because 2.0.25 wasn't working on all my machines while 2.0.27 is.)

Naturally I fixed little silly things, without addressing the elephant
in the room: correct inter-operations with systemd and not invoking
the sysvinit scripts inappropriately during systemd shutdown.

Anyway, please feel free to disregard, cherry pick, tell me to delete
that repo, force push your packaging over it, whatever. Just trying to
lend a hand! And thanks for packaging kexec-tools.

Cheers,

--Barak.

Bug#1041745: Device: /dev/nvme0, number of Error Log entries increased from … to …

[Christian Franke]

This should no longer happen with smartd 7.4, see
https://www.smartmontools.org/ticket/1222

Regards,
Christian
smartmontools.org

Bug#1051961: llvm-toolchain-15 - broken changelog.

[Peter Green]

Package: llvm-toolchain-15

While trying to import the llvm-toolchain-15 package from trixie
using dgit import-dsc, dgit gave the error.>


LINE: llvm-toolchain-14 (1:14.0.6-16) unstable; urgency=medium

dgit: error: missing field Maintainer in package changelog, entry no.11


Looking at the changelog it does indeed seem to be broken.


llvm-toolchain-15 (1:15.0.7-2) unstable; urgency=medium

  [ Sylvestre Ledru ]
  * Yeah, we would like to have this version in bookworm
(Closes: #1032316)
  * Adjust some lintian overrides
  * Disable flang on s390x. Seems that it is breaking

  [ Gianfranco Costamagna ]
  * Update print lldb python patch, following what was done
in automake for newer python

  [ Samuel Thibault ]
  * Fix disabling amdgpu on non-Linux.

llvm-toolchain-14 (1:14.0.6-16) unstable; urgency=medium

  [ Sylvestre Ledru ]
  * also apply the wasm build fix

 -- Gianfranco Costamagna   Fri, 08 Sep 2023 00:41:35 
+0200


I presume this was a case of a merge conflict resoloution gone wrong.
I would appreciate if you could fix the changelog on the next upload.

Bug#934811: webrtc-audio-processing 1.0 available, pipewire will require >= 1.2

[Jeremy Bícha]

On Thu, Sep 14, 2023 at 3:39 PM Felipe Sateler  wrote:
> This patch adds support for big endian architectures. Are there any in the 
> archive?

s390x is the only remaining big-endian Release Architecture for Debian.

There are other big-endian architectures in ports.
https://wiki.debian.org/ArchitectureSpecificsMemo

Thank you,
Jeremy Bícha

Bug#934811: webrtc-audio-processing 1.0 available, pipewire will require >= 1.2

[Felipe Sateler]

Hi,

On Wed, Sep 13, 2023 at 12:29 PM Dylan Aïssi  wrote:

> Hello all,
>
> The next version of pipewire depends on webrtc-audio-processing-1 >= 1.2
> for
> its echo-canceller module. Although it is an optional dependencies,
> upstream
> advised me not to disable it to avoid too many complaints. That means, I
> won't be able to update pipewire in debian anymore until we have a newer
> version
> of webrtc-audio-processing-1.
> By checking the upstream pulseaudio repo, latest commits are adding
> support of
> this new webrtc-audio-processing. So, it looks like we'll have to make the
> transition soon.


> Apart the Jonas's uploads last year, I don't see any recent work on this
> pkg,
> is there any plan around this transition?
>

I tried to update webrtc to the latest version, but quickly hit a
roadblock: patch big-endian-support.patch does not apply, and the method in
question changed enough that I don't know how to port the patch forward.

This patch adds support for big endian architectures. Are there any in the
archive?

-- 

Saludos,
Felipe Sateler

Bug#1051960: ITP: qadwaitadecorations -- Qt decoration plugin implementing Adwaita-like client-side decorations

[Matthias Geiger]

Package: wnpp
Severity: wishlist
Owner: Matthias Geiger 
X-Debbugs-Cc: debian-de...@lists.debian.org, 
pkg-kde-ext...@alioth-lists.debian.net, werdah...@riseup.net

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: qadwaitadecorations
  Version : 0.1.1
  Upstream Contact: Jan Grulich 
* URL : https://github.com/FedoraQt/QAdwaitaDecorations
* License : LGPL-2.1+
  Programming Lang: C++
  Description : Qt decoration plugin implementing Adwaita-like client-side 
decorations

This plugin is the successor to qgnomeplatform implementing an adwaita
style for qt5 apps. It'll be maintained with the Debian QT/KDE Extras
team.

thanks,

Matthias Geiger

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmUDYXgVHHdlcmRhaGlh
c0ByaXNldXAubmV0AAoJEBi9EGs7bFR1DhQQAJ0+HUpdpm4mBOPTBiklmx70knkg
josCqIzvioyNY5nGPl817pVxq+/xGpgbczA6WTw4W7RTKbSzvOm+ITdnd+Grd99X
TnN3PbfvCrRQu7ANExuzcVlC//7p3LNusRCcYc6DNJCj1fH1nsh+TjjTxJCsLTy5
yfSrfOma5TmASYd1xl/Z/XbDWTaKWqW4GPu9RolcT2tsW4JdRKbbeHXkITI/5pKL
0vAxxC307cpEg2R4Yed3ZNVl1rEcoxhuXWyMy/ffsJkFdtLjqSaPC6s2IHhfn+4M
DanVCo2ITHSfvJQ46s3mSZfALtjdf1tH+DzZZHrQqoUCosGJELiOibjh1FGuEMm5
0GiXY0LMO0C6x+fchPJRZRXCy+0A/kL/HuZj+SueA68cQMN0ECydkstz8zGSkjiq
pwM9UMIK5w9IOD3Y/iCth799ogs+R2lpxNIhkF/SH6sJ+Im6SRfVuy4vVMbVmuZ/
9ZcQE4N5O906an1eIZ28RkW2Fb6z06BHwjpT+iHy1UsXo+T6w4r1Oti/50sldEdb
z85NBw7ry+wW1Ja7rMT0En6wXaMgbCENIZMD2wfWwQpvSOTZw/ZV4k4utpAbNbFI
NBtclOj4b4FjpLVeV7g2OzvqMmF65e+Q3v5wyK+Z2Ub/MO58hlxolcXhr0+PPYbx
VGfNZG2ddbLyWYOs
=lL46
-END PGP SIGNATURE-

Bug#1051959: RFP: itd -- daemon to control watches running InfiniTime (such as PineTime)

[Adam Borowski]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: kilob...@angband.pl

* Package name: itd
  Upstream Contact: Arsen Musyaelyan 
* URL : https://gitea.elara.ws/Elara6331/itd
* License : GPL3
  Programming Lang: Go :(
  Description : daemon to control watches running InfiniTime (such as 
PineTime)

InfiniTime is a daemon to connect to and control watches running InfiniTime
(currently PineTime but it's open hardware).  It can update time, relay
messages, send weather/navigation/files, receive music control, do firmware
upgrades, and more.



(There's also an optional GUI, but even upstream packages don't ship it, and
I haven't tried it.)

Alas, this piece of software is written in an unholy language I've learned
to stay away from, thus I can't package this myself.  Requesting then...

Bug#915583: debian sphinx styling: second attempt

[Stéphane Blondon]

Hello,

I've done a new version. It's based on 'sphinx_rtd_theme' theme. So,
to build the site, the package 'python3-sphinx-rtd-theme' requires to
be added to dependencies. A new file 'debian.css' is specific to set
some colors and renderings.

Reusing 'Read the docs' theme allows to have a responsive design automatically.

The theme could be modified more but it could be considered as a first
step which is already usable.

There are temporary demos available:
 - for debian-policy: http://stephane.yaal.fr/tmp/policy/
 - for (draft sphinx) release-notes: http://stephane.yaal.fr/tmp/release-notes/

What do you think about it?

-- 
Stéphane

Bug#1051957: mailman3: autopkgtest is might be flaky at times

[Alexandre Detiste]

Source: mailman3
Version: 3.3.8-3.1
Severity: minor

Hi,

I had to retry a test two times to unblock systemd-cron migration.

The test alway fail at the very last step.


Example failure:


>483s Created symlink /etc/systemd/system/multi
>484s Processing triggers for libc-bin (2.37-7) ...
>497s autopkgtest [06:49:27]: test mailman3-api: ---]
>498s autopkgtest [06:49:28]: test mailman3-api:  - - - - - - - - - - results - 
>- - - - - - - - -
>498s mailman3-api FAIL non-zero exit status 7

Example OK:
"""

>489s Created symlink /etc/systemd/system/multi
>490s Processing triggers for libc-bin (2.37-7) ...
>504s {"mailman_version": "GNU Mailman 3.3.8 (Tom Sawyer)",
   "python_version": "3.11.5 (main, Aug 29 2023, 15:31:31) [GCC 13.2.0]",
   "api_version": "3.1",
   "self_link": "http://localhost:8001/3.1/system/versions;,
   "http_etag": "\"2c68f151bb20bd0ba4086e11e7f98f20a28fdceb\""}
  autopkgtest [19:03:55]: test mailman3-api: ---]
>504s autopkgtest [19:03:55]: test mailman3-api:  - - - - - - - - - - results - 
>- - - - - - - - -
>504s mailman3-api PASS



Can you please have a look ?




The CI apt resolver will pick Vixie cron as prefered
cron-daemon; so these tests are totaly pointless
from systemd-cron side anyway...
but that would be a bug for the CI system.

> 31s The following additional packages will be installed:
> 31s   cron cron-daemon-common




https://ci.debian.net/packages/m/mailman3/testing/i386/

 3.3.8-3.1  2023-09-14 19:04:02 UTC systemd-cron/2.1.3-1
 src:systemd-cron from unstable
 8m 32s  pass   britney test log (53 KB)artifacts (3.54 KB)

 3.3.8-3.1  2023-09-14 06:49:34 UTC systemd-cron/2.1.3-1
 src:systemd-cron from unstable
 8m 24s  fail   britney test log (51.8 KB)  artifacts (3.56 KB)

 3.3.8-3.1  2023-09-13 15:29:34 UTC systemd-cron/2.1.3-1
 src:systemd-cron from unstable
 8m 40s  fail   britney test log (52.5 KB)  artifacts (3.56 KB)

 3.3.8-3.1  2023-09-11 15:51:54 UTC systemd-cron/2.1.2-1
 src:systemd-cron from unstable
 8m 41s  pass   britney test log (53.2 KB)  artifacts (3.55 KB





 T H A N K S



-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-4-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#1051958: glibc: CVE-2023-4527

[Salvatore Bonaccorso]

Source: glibc
Version: 2.37-8
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=30842
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 2.36-9+deb12u1
Control: found -1 2.36-9

Hi,

The following vulnerability was published for glibc.

CVE-2023-4527[0]:
| Stack read overflow in getaddrinfo in no- mode


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-4527
https://www.cve.org/CVERecord?id=CVE-2023-4527
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=30842

Regards,
Salvatore

Bug#1051644: adduser: [INTL:pt] Update on Portuguese translation of MANPAGE

[Marc Haber]

On Thu, Sep 14, 2023 at 07:23:11PM +0100, Américo Monteiro wrote:
> A quinta-feira, 14 de setembro de 2023 09:18:01 WEST Marc Haber escreveu:
> > If you want the FSF to be the
> > copyright holder (which is not the case for the actual code in the
> > adduser package), of course the header can stay as it is. I just want to
> > understand your intentions.
> Yes... For me this is fine this way

Okay. Thankfully I don't need to understand this, it really got me
confused. Sorry for being a nuisance.

> > In any case, adding the usual "This file is distributed under the same
> > license as the adduser package." would be appreciated for clarity.
> done, use this new file attached

Committed.

Greetings
Marc


-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#1042909: RM: rust-sha3-0.9 -- NVIU; obsolete package, no rdeps

[Alexander Kjäll]

tags 1042909 - moreinfo

thanks

We needed some more time to handle a transition, sorry for filing this
bug prematurely.

Bug#1051956: libapache-mod-jk: CVE-2023-41081

[Salvatore Bonaccorso]

Source: libapache-mod-jk
Version: 1:1.2.48-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libapache-mod-jk.

CVE-2023-41081[0]:
| The mod_jk component of Apache Tomcat Connectors in some
| circumstances, such as when a configuration included "JkOptions
| +ForwardDirectories" but the configuration did not   provide
| explicit mounts for all possible proxied requests, mod_jk would
| use an implicit mapping and map the request to the first defined
| worker. Such an implicit mapping could result in the unintended
| exposure of the status worker and/or bypass security constraints
| configured in httpd. As of JK 1.2.49, the implicit mapping
| functionality has been removed and all mappings must now be via
| explicit configuration. Only mod_jk is affected by this issue. The
| ISAPI redirector is not affected.  This issue affects Apache Tomcat
| Connectors (mod_jk only): from 1.2.0 through 1.2.48.  Users are
| recommended to upgrade to version 1.2.49, which fixes the issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41081
https://www.cve.org/CVERecord?id=CVE-2023-41081
[1] https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b
[2] http://www.openwall.com/lists/oss-security/2023/09/13/2
[3] 
https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1051955: gpac: CVE-2023-41000

[Salvatore Bonaccorso]

Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gpac.

CVE-2023-41000[0]:
| GPAC through 2.2.1 has a use-after-free vulnerability in the
| function gf_bifs_flush_command_list in bifs/memory_decoder.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41000
https://www.cve.org/CVERecord?id=CVE-2023-41000
[1] https://github.com/gpac/gpac/issues/2550
[2] https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1051954: xen: CVE-2023-34321: XSA-437: arm32: The cache may not be properly cleaned/invalidated

[Salvatore Bonaccorso]

Source: xen
Version: 4.17.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for xen.

CVE-2023-34321[0]:
| arm32: The cache may not be properly cleaned/invalidated


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34321
https://www.cve.org/CVERecord?id=CVE-2023-34321
[1] https://xenbits.xen.org/xsa/advisory-437.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1051953: cups: CVE-2023-32360

[Salvatore Bonaccorso]

Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for cups.

CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed in macOS Big Sur 11.7.7, macOS
| Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be
| able to access recently printed documents.

Severity choosen on RC level, due to an unautnethicated user beeing
able to access recently printed documents.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32360
https://www.cve.org/CVERecord?id=CVE-2023-32360
[1] 
https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1051938: systemd: "Assertion 'path_is_absolute(p)' failed" on upgrade

[Michel Meyers]

On 14/09/2023 19:55, Michael Biebl wrote:

Am 14.09.23 um 19:52 schrieb Michael Biebl:

Am 14.09.23 um 15:43 schrieb Michel Meyers:
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, 
function chase( ). Aborting.


Sounds like
https://github.com/systemd/systemd/issues/28458


Do you use any virtualization like OpenVZ ?


No OpenVZ, but I do have both Docker containers and a VM in KVM/libvirt 
running on this box.

Bug#1051644: adduser: [INTL:pt] Update on Portuguese translation of MANPAGE

[Américo Monteiro]

A quinta-feira, 14 de setembro de 2023 09:18:01 WEST Marc Haber escreveu:
> Hi,
> 
> I have spent some time skimming ancient archives and version control
> logs. It looks like you were the only person to ever work on the
> european portuguese translation of the manual page. Sorry to have gotten
> this wrong.
> 
> Do you really want to reassign copyright for your work to the Free
> Software Foundation? If not, I would suggest changing the wording to
> something like "(C) Copyright for the translation Américo Monteiro
> , 2010 - 2023." If you want the FSF to be the
> copyright holder (which is not the case for the actual code in the
> adduser package), of course the header can stay as it is. I just want to
> understand your intentions.
Yes... For me this is fine this way

> 
> In any case, adding the usual "This file is distributed under the same
> license as the adduser package." would be appreciated for clarity.
done, use this new file attached


> 
> Greetings
> Marc
Bets regards
Américo

adduser_3.137_pt.po.gz
Description: application/gzip

Bug#1051952: ITS: oneliner-el

[Bastian Germann]

Source: oneliner-el

oneliner-el does not seem to be maintained anymore.
I intend to salvage the package with the plan to orphan it in three weeks.
Please notify me if you object.

Bug#1051951: ITS: fuse-umfuse-ext2

[Bastian Germann]

Source: fuse-umfuse-ext2

fuse-umfuse-ext2 does not seem to be maintained anymore.
I intend to salvage the package with the plan to orphan it in three weeks.
Please notify me if you object.

Bug#1051950: ITS: appconfig

[Bastian Germann]

Source: appconfig

appconfig does not seem to be maintained anymore.
I intend to salvage the package with the plan to orphan it in three weeks.
Please notify me if you object.

Bug#1051949: ITS: binfmtc

[Bastian Germann]

Source: binfmtc

binfmtc does not seem to be maintained anymore.
I intend to salvage the package with the plan to orphan it in three weeks.
Please notify me if you object.

Bug#1051948: irssi: no indication that you're scrolled up

[Adam Borowski]

Package: irssi
Version: 1.4.4-1
Severity: normal
X-Debbugs-Cc: kilob...@angband.pl

Hi!
If you use PgUp to scroll up, there is no visual indication of any kind
that what you're seeing is not the most recent data.  This notoriously leads
to responding to days old stuff, etc -- especially if you're an inattentive
oaf like me.  Unlike most other programs with such a kind of display,
switching off a window and back to it doesn't scroll you to the bottom;
such a position persistence is likely to make you forget that you've scrolled.

Possible ideas:
 * (like I did in kbtin): the input bar replaced with a line of ^
 * (like in zMud): split window with a few lines on the bottom showing what
   is going on
 * an extra indicator on the edge of the status bar


Meow!
-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (250, 'unstable'), (201, 'experimental')
merged-usr: no
Architecture: arm64 (aarch64)

Kernel: Linux 6.4.0-4-arm64 (SMP w/6 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages irssi depends on:
ii  libc6   2.37-7
ii  libglib2.0-02.78.0-1
ii  libperl5.36 5.36.0-7
ii  libssl3 3.0.10-1
ii  libtinfo6   6.4+20230625-2
ii  perl5.36.0-7
ii  perl-base [perlapi-5.36.0]  5.36.0-7

irssi recommends no packages.

Versions of packages irssi suggests:
pn  irssi-scripts  

-- no debconf information

Bug#1051938: systemd: "Assertion 'path_is_absolute(p)' failed" on upgrade

[Michael Biebl]

Am 14.09.23 um 19:52 schrieb Michael Biebl:

Am 14.09.23 um 15:43 schrieb Michel Meyers:
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, 
function chase( ). Aborting.


Sounds like
https://github.com/systemd/systemd/issues/28458


Do you use any virtualization like OpenVZ ?


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1051938: systemd: "Assertion 'path_is_absolute(p)' failed" on upgrade

[Michael Biebl]

Am 14.09.23 um 15:43 schrieb Michel Meyers:
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, 
function chase( ). Aborting.


Sounds like
https://github.com/systemd/systemd/issues/28458


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1051947: RM: gatos -- RoQA; dead upstream; orphaned; low popcon

[Bastian Germann]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
Control: affects -1 + src:gatos

gatos is dead upstream and orphaned. Please remove it.
It is really old software for i386 only and judging by the supported,
old hardware and the very low popcon it is not in use anymore.

Bug#1051946: libsdl2-dev: sdl2-config --static-libs will fail with clang-16 and above.

[Bram Stolk]

Package: libsdl2-dev
Version: 2.28.3+dfsg-2
Justification: sdl2-config can fail to get the proper link flags.

This used to work with both gcc and clang, but now when using clang, it
fails:

$ CC=clang-16 sdl2-config --static-libs
clang: error: unsupported option '-print-multiarch'
clang: error: no input files
/usr/lib//libSDL2.a -lm -lasound -lm -ldl -lpthread -lpulse-simple -lpulse
-pthread -lsamplerate -lX11 -lXext -lXcursor -lXi -lXfixes -lXrandr -lXss
-ldrm -lgbm -lwayland-egl -lwayland-client -lwayland-cursor -lxkbcommon
-ldecor-0 -lpthread

The reason for this failure is the fact that clang has removed support for
the -print-multiarch flag.
See:
https://github.com/llvm/llvm-project/commit/e05edb19adbfd1b24f58d583e4b5b4d742f982ee

I first tried reporting this with Ubuntu, then with SDL2 upstream, but the
source of this bug actually stems from a debian patch.

See: debian/patches/no-libdir.patch

The author of the patch states that:
"a compiler for the host architecture that supports the -print-multiarch
argument (which Debian's gcc and clang do)"

This is no longer true, as clang will not take that flag.

The SDL2 upstream will not execute the compiler to determine the library
dir. This is debian-specific (and inherited by Ubuntu.)

>From my testing, it seems that clang v 16 and above is affected.

I have produced this bug on:
Ubuntu 23.04 Lunar Lobster
Ubuntu 23.10 Mantic Minotaur

Bug#1051944: ITP: sd-mux-ctrl -- SD card multiplexer controller

[Lisandro Damián Nicanor Pérez Meyer]

El jueves, 14 de septiembre de 2023 14:23:01 -03 Lisandro Damián Nicanor Pérez 
Meyer escribió:
> Package: wnpp
> Severity: wishlist
> Owner: Lisandro Damián Nicanor Pérez Meyer 
> X-Debbugs-Cc: debian-de...@lists.debian.org, lisan...@debian.org
> 
> * Package name: sd-mux-ctrl
>   Version : 0.0.3
>   Upstream Contact: Lisandro Damián Nicanor Pérez Meyer 
> * URL : https://gitlab.com/perezmeyer/sd-mux-ctrl
> * License : Apache-2.0
>   Programming Lang: C++
>   Description : SD card multiplexer controller
> 
> sd-mux stands for Secure Digital Multiplexer. This is SD card switcher
> (multiplexer) designed to help automatic testing.
> .
> The software is designed to work with Tizen's SD MUX [0], but it is also
> compatible with SDWire [1], which is now recommended over the former.
> .
> [0] 
> [1] 
> 
> While the archive has usbsdmux packaged they are simply two different
> hardware with different way fo solving the same problem, so they need
> different approaches. I have reached usbsdmux's ceratrors and they are
> not going to add support for the SDWire, and I prefer C++ rather than
> python, so better to have this software also packaged.

Worth to mention: the upstream project is basically dead, so I'm taking it 
over. To be honest the tool "just works", so most of the work is maintaining 
the package.


signature.asc
Description: This is a digitally signed message part.

Bug#1051945: README.Debian documentation regarding MAIN_TLS_ENABLE is wrong

[Marc Haber]

Package: exim4-base
Version: 4.96-22
Severity: normal

Hi,

in README.Debian we are documenting that MAIN_TLS_ENABLE is needed to
make exim advertise STARTTLS. This is implemented in the configuration
by bracketing the TLS configuration in an .ifdef MAIN_TLS_ENABLE
construct, leaving the upstream defaults in the .else case.

However, Upstream has flipped the default on tls_advertise_hosts to *
from "unset" somewhen between 4.50 and 4.92 (I just checked those two
versions quickly), invalidating our documentation.

It would probably be the easiest way to just unset tls_advertise_hosts
in the .else part, restoring exim's behavior to what we document. On the
other side, noone reads our documentation anyway, so I'd prefer to stay
with the default behavior, which probably would mean to kind of re-work
the configuration, maybe getting rid of the MAIN_TLS_ENABLE option
entirely, and adapting the documentation.

Unfortunately, I am swamped, and cannot promise doing any work on this
myself, and am most probably unable to test. But if you tell me your
thoughts about this, I might try taking some time to work on this;
sometimes it is good to do something entirely different for a few hours
just to get out of things.

Greetings
Marc

Bug#1051483: mrtg: [INTL:de] updated German debconf translation

[Eriberto]

Thanks Helge!

Already sent to Salsa.

Regards,

Eriberto

Em sex., 8 de set. de 2023 às 11:36, Helge Kreutzmann
 escreveu:
>
> Package: mrtg
> Version: 2.17.10-10
> Severity: wishlist
> Tags: patch l10n
>
> Please find the updated German debconf translation for mrtg
> attached.
>
> Please place this file in debian/po/ as de.po for your next upload.
>
> If you update your template, please use
> 'msgfmt --statistics '
> to check the po-files for fuzzy or untranslated strings.
>
> If there are such strings, please contact me so I can update the
> German translation.
>
> Greetings
> Helge

Bug#1051486: mrtg: [INTL:pt] Portuguese translation - debconf messages

[Eriberto]

Thanks Américo!

Already sent to Salsa.

Regards,

Eriberto

Em sex., 8 de set. de 2023 às 12:30, Américo Monteiro
 escreveu:
>
> Package: mrtg
> Version: 2.17.10-10
> Tags: l10n, patch
> Severity: wishlist
>
> Updated Portuguese translation for mrtg's debconf messages
> Translator: Américo Monteiro 
> Feel free to use it.
>
> For translation updates please contact 'Last Translator'
>
> --
> Melhores cumprimentos/Best regards,
>
> Américo Monteiro
>
> -

Bug#1051944: ITP: sd-mux-ctrl -- SD card multiplexer controller

[Lisandro Damián Nicanor Pérez Meyer]

Package: wnpp
Severity: wishlist
Owner: Lisandro Damián Nicanor Pérez Meyer 
X-Debbugs-Cc: debian-de...@lists.debian.org, lisan...@debian.org

* Package name: sd-mux-ctrl
  Version : 0.0.3
  Upstream Contact: Lisandro Damián Nicanor Pérez Meyer 
* URL : https://gitlab.com/perezmeyer/sd-mux-ctrl
* License : Apache-2.0
  Programming Lang: C++
  Description : SD card multiplexer controller

sd-mux stands for Secure Digital Multiplexer. This is SD card switcher
(multiplexer) designed to help automatic testing.
.
The software is designed to work with Tizen's SD MUX [0], but it is also
compatible with SDWire [1], which is now recommended over the former.
.
[0] 
[1] 

While the archive has usbsdmux packaged they are simply two different
hardware with different way fo solving the same problem, so they need
different approaches. I have reached usbsdmux's ceratrors and they are
not going to add support for the SDWire, and I prefer C++ rather than
python, so better to have this software also packaged.

Bug#1051401: general: PATH variable definition in debian 12

[Timo Lindfors]

On 9/7/23 14:59, robin hodges wrote:

Had a problem when I installed debian 12 onto my PC. As root the reboot and 
shutdown commands wouldnt work.
I have solved this on my PC by including the following into the root .bashrc 
file

export PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin


Did you login as root by typing "su" instead of "su --login"? If yes, 
this is normal behavior, check "man su":


"It is recommended to always use the --login option"

-Timo

Bug#1042993: dkms: DKMS fails to build amd64 kernel module in i386 userland

[Stefan Monnier]

> since the wrong package: linux-compiler-gcc-13-x86
> is isntalled.

Thanks... so this prompted me to dig again into the problem and this
time I found a workaround which consist in installing
`gcc-13-x86-64-linux-gnu` (which I found simply via `apt-file search
/usr/bin/x86_64-linux-gnu-gcc-13`.  Not sure why it didn't occur to me
to try that earlier).

Hopefully someone here has an idea how this package should be
(automatically) brought in (and replaced when upgrading to a newer
version of GCC).


Stefan

Bug#1051903: gparted: Warning symbol when formatting in FAT32 in all removable disks

[Phillip Susi]

jpedro  writes:

>* What led up to the situation?
> Creating or formating fat32 partitions in any removable disk (usb 
> disks
> and SD  cards) shows a warning symbol. At the information menu appears
> to be a possible bad disk. Also the disk is not properly formatted or
> the partition not properly created.

Are you sure that you *formatted* the partition?  Just creating the
partition without formatting it results in the warning symbol.  Can you
post the output of parted print on such a drive?

Bug#1050479: ITS: libxml-rss-feed-perl

[Bastian Germann]

Control: retitle -1 O: libxml-rss-feed-perl -- Perl module for Persistent XML 
RSS Encapsulation
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning libxml-rss-feed-perl. Please only consider adopting if 
you have
the time and skills to maintain it.

Description: Perl module for Persistent XML RSS (RDF Site Summary) Encapsulation
 This module is a framework for persistent XML RSS (RDF Site Summary)
 Encapsulation. This module provides a framework for watching multiple
 RSS sources. The magic is in the late_breaking_news method that returns
 only headlines it hasn't seen.

Bug#1050477: ITS: libtext-unaccent-perl

[Bastian Germann]

Control: retitle -1 O: libtext-unaccent-perl -- functions to remove accents 
using UTF16 as a pivot
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning libtext-unaccent-perl. Please only consider adopting if 
you have
the time and skills to maintain it.

Description: provides functions to remove accents using UTF16 as a pivot
 Text::Unaccent is a module that provides functions to remove accents
 from a string.  For instance the string été will become ete.  The
 charset of the input string is specified as an argument. The input is
 converted to UTF-16 using iconv(3), accents are stripped and the
 result is converted back to the original charset. The iconv -l
 command on GNU/Linux will show all charset supported.

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

[Adam D. Barratt]

On Thu, 2023-09-14 at 08:31 +0200, Sebastian Andrzej Siewior wrote:
> On 2023-09-14 06:31:26 [+0100], Adam D. Barratt wrote:
> > On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior wrote:
> > > On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> > > > How does this sound for an SUA?
> > [...]
> > > This sounds entirely fine to me. I don't think that it is needed
> > > to
> > > point out that bullseye is not affected by the second issue.
> > > 
> > 
> > Great, thanks.
> > 
> > > There is also this thing regarding libclamunrar and the update to
> > > v6.2.10 of the bundled libbrary. I *think* it is related to
> > > CVE-2023-40477. Since unrar itself is only in -pu I think it is
> > > okay
> > > for libclamunar to follow the same fate.
> > > 
> > 
> > Just to be completely sure, "follow the same fate" here means
> > leaving
> > libclamunrar in (o-)p-u until the point releases?
> 
> I mean there is no reason to push libclamunrar via d/updates if the
> unrar package isn't. Therefore I don't mind keeping libclamunrar in
> o-)p-u until the point release. It is non-free after all.

Great, we agree. :) I'll try and get this sorted this evening, worst
case it should be tomorrow.

Regards,

Adam

Bug#1050467: ITS: gatos

[Bastian Germann]

Control: retitle -1 O: gatos -- ATI All-in-Wonder TV capture software
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning gatos. Please only consider adopting if you have
the time and skills to maintain it.

Description: ATI All-in-Wonder TV capture software
 The General ATI TV and Overlay Software (GATOS) suite for
 capturing video.

Bug#1051943: Document requirements for sending mails to mailing lists which require GPG signature

[Lee Garrett]

Package: lists.debian.org
Severity: normal
X-Debbugs-Cc: deb...@rocketjump.eu

Hi,

it would be nice to have a checklist of things to check for sending mails to
mailing lists that require a GPG signature.

So far it is at least:
- No whitespace or unsigned text (#1050915), excluding Thunderbird as mail
  client
- Requiring re-signing the mail content on every new delivery attempt (#1051941)
- Informing that invalid mails get blackholed, and not rejected (#1050906)
- Info on where the keys are sourced from, to be able to check for e.g. expired
  keys
- Document where to ask when mails still don't go through (#debian-lists on
  irc.oftc.net)

Ideally this should then be linked from the respective overview pages to easily
be found, e.g. https://lists.debian.org/debian-devel-announce/

Greetings,
Lee

Bug#1051786: CVE-2023-4863: Heap buffer overflow in WebP

[Gianfranco Costamagna]

control: tags -1 pending

Hello, since the package libwebp looks a little bit maintained via NMU and 
package is on salsa.d.o/debian namespace, I'll just do it and git push/git push 
--tags.

G.

On Tue, 12 Sep 2023 09:08:55 -0600 Jeffrey Cliff  
wrote:

Subject: CVE-2023-4863: Heap buffer overflow in WebP
Package: chromium
Version: 116.0.5845.180-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team 



On Tue, Sep 12, 2023 at 9:07 AM Jeffrey Cliff  wrote:
>
> Dear Maintainer,
>
> 116.0.5845.187 fixes a critical remote vulnerability in chrome
>
> [$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP.
> Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen
> Lab at The University of Torontoʼs Munk School on 2023-09-06
>
> 
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
>
> Might want to look into this at least
>
> Jeff Cliff
>
>
> -- System Information:
> Debian Release: trixie/sid
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500,
> 'oldstable-debug')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.5.0-gnulibre (SMP w/2 CPU threads; PREEMPT)
> Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_CA:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: sysvinit (via /sbin/init)
> LSM: AppArmor: enabled
>
>
> Versions of packages chromium depends on:
> pn  chromium-common
> ii  libasound2 1.2.9-2
> ii  libatk-bridge2.0-0 2.49.91-2
> ii  libatk1.0-02.49.91-2
> ii  libatomic1 13.2.0-3
> ii  libatspi2.0-0  2.49.91-2
> ii  libbrotli1 1.0.9-2+b6
> ii  libc6  2.37-7
> ii  libcairo2  1.17.8-3
> ii  libcups2   2.4.2-5
> ii  libdbus-1-31.14.10-1devuan1
> ii  libdouble-conversion3  3.3.0-1
> ii  libdrm22.4.115-1
> ii  libevent-2.1-7 2.1.12-stable-8
> ii  libexpat1  2.5.0-2
> ii  libflac12  1.4.3+ds-2
> ii  libfontconfig1 2.14.2-5


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1051942: ITP: kiwi-keg -- Create KIWI image descriptions based on snippets

[Isaac True]

Package: wnpp
Severity: wishlist
Owner: Isaac True 
X-Debbugs-Cc: debian-de...@lists.debian.org, isaac@is.having.coffee

* Package name: kiwi-keg
  Version : 2.1.1
  Upstream Contact: Public Cloud Team 
* URL : https://github.com/SUSE-Enceladus/keg
* License : GPL-3.0
  Programming Lang: Python
  Description : Create KIWI image descriptions based on snippets

Keg is a tool which helps to create and manage image descriptions for use with
the KIWI appliance builder. A KIWI image description consists of a single XML
document that specifies type, configuration, and content of the image to
build. Optionally there can be configuration scripts and overlay archives
added to an image description, which allow for further configuration and
additional content.

Since KIWI image descriptions are monolithic, maintaining a number of image
descriptions that have considerable overlap with respect to content and setup
can be cumbersome and error-prone. Keg attempts to alleviate that by allowing
image descriptions to be broken into modules. Those modules can be composed in
different ways in so called image definitions, and modules can inherit from
parent modules which allows for fine-tuning for specific image setups.
Configuration scripts and overlay archives can also be generated in a modular
fashion.

This package depends on the `kiwi` package, along with various Python modules.

Bug#1051941: replay cache accepts signed mail before it goes through to mailing list

[Lee Garrett]

Package: lists.debian.org
Severity: normal
X-Debbugs-Cc: deb...@rocketjump.eu

Hi,

when sending a malformed mail to a mailing list requiring a valid PGP signature,
the replay cache will add signature to the cache, but then get rejected in a
later step.

This results in any later attempts to send the signed mail to silently fail
(#1050906), even though it would otherwise have a valid signature and be
correctly formed.

It would be nice if the signature verification check would be last in the milter
list to mitigate this issue.

Regards,
Lee

Bug#993587: Source Repository for Package

[Sahib]

Source Repository for Package already exists here

https://salsa.debian.org/debian/qalculate-qt


Thanks

Sheik

Bug#1050480: ITS: net-telnet-cisco

[Bastian Germann]

Control: retitle -1 O: net-telnet-cisco -- Additional functionality to automate 
Cisco management
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning net-telnet-cisco. Please only consider adopting if you 
have
the time and skills to maintain it.

Description: Additional functionality to automate Cisco management
 Net::Telnet::Cisco provides additional functionality to
 Net::Telnet for dealing with Cisco routers. It provides a new
 object that allows for remote management of routers through perl
 issuing commands like you were connected directly to the router
 (or switch).

Bug#1051415: Noting existing ITP

[Sahib]

Sorry didn't realise there was an already an existing ITP, thanks for 
closing.


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993587

https://salsa.debian.org/debian/qalculate-qt


Thanks

Sheik

Bug#1051940: RFS: golang-github-stefanhaller-tcell/0.0~git20230806.2dfa11e-1 [ITP]

[Jongmin Kim]

Dear Go team,

I am looking for a sponsor for the package "golang-github-stefanhaller-tcell".
This package is a prerequisite for the package "lazygit" (#908894)[1,2].

  [1] https://bugs.debian.org/908894
  [2] https://github.com/jesseduffield/lazygit-debian/wiki/Dependency-graph

The package upstream[3] is a forked version of tcell[4] which is already
packaged in Debian archive[5]. However, the package is needed due to
forked upstream modified some functions[6] for lazygit, which have
discrepency from the original.

  [3] https://github.com/stefanhaller/tcell
  [4] https://github.com/gdamore/tcell
  [5] https://tracker.debian.org/pkg/golang-github-gdamore-tcell.v2
  [6] https://github.com/stefanhaller/tcell/commits/main

I pushed to the team's Salsa:

  https://salsa.debian.org/go-team/packages/golang-github-stefanhaller-tcell

The package was tested on both gbp and sbuild.
The package has 2 lintian messages:

  W: (package-has-long-file-name)
 Due to following the Go Debian package naming convention.

  E: (unreleased-changes)
 I marked this UNRELEASED due to it is not uploaded yet. Please mark
 to unstable when it gets uploaded.

Could you please reviewing/sponsoring this?
Any kind of reviews and suggestions are appreciated.

-- 
Jongmin Kim

OpenPGP key located at https://jongmin.dev/pgp
OpenPGP fingerprint: 012E 4A06 79E1 4EFC DAAE  9472 D39D 8D29 BAF3 6DF8


signature.asc
Description: PGP signature

Bug#1051907: aranym: Please update the outdated config.guess and config.sub to recognize the LoongArch

[Thorsten Glaser]

John Paul Adrian Glaubitz dixit:

>I was planning to rewrite the debian/rules file anyway and I will probably
>fix with dh_autoreconf. I was not aware of dh_update_autotools_config, so

AFAICT, using the “dh7-style” rules files runs dh_autoreconf
automatically, and so should fix this automatically if it can
find the config.* files.

bye,
//mirabilos
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

Bug#1051940: ITP: golang-github-stefanhaller-tcell -- Cell based view for text terminals

[Jongmin Kim]

Package: wnpp
Severity: wishlist
Owner: Jongmin Kim 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-stefanhaller-tcell
  Version : 0.0~git20230806.2dfa11e
  Upstream Contact: Jongmin Kim 
* URL : https://github.com/stefanhaller/tcell
* License : Apache-2.0
  Programming Lang: Go
  Description : Cell based view for text terminals

 Package tcell provides a cell based view for text terminals, like xterm.
 It was inspired by termbox, but differs from termbox in some important
 ways. It also adds substantial functionality beyond termbox.

The package is in the dependency tree of lazygit (#908894)[1,2].
The package upstream[3] is a forked version of tcell[4] which is
already packaged in Debian archive[5].

[1] https://bugs.debian.org/908894
[2] https://github.com/jesseduffield/lazygit-debian/wiki/Dependency-graph
[3] https://github.com/jesseduffield/go-git
[4] https://github.com/gdamore/tcell
[5] https://tracker.debian.org/pkg/golang-github-gdamore-tcell.v2

Bug#1051939: ITP: ubpm - Universal Blood Pressure Manager

[Steven Robbins]

Package: wnpp
Severity: wishlist
Owner: "Steve M. Robbins" 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: ubpm
  Version : 1.9.0
  Upstream Contact: Thomas Löwe 
* URL : https://codeberg.org/LazyT/ubpm
* License : GPL v3
  Programming Lang: C++
  Description : Universal Blood Pressure Manager

The UBPM manages blood pressure readings, imported directly from supported
devices,
from files (CSV, JSON, XML, SQL), or entered manually.  Readings may be viewed,
printed, or mailed as a chart, table, or statistics.

Features:
  * export data to CSV, JSON, XML, SQL or PDF format
  * migrate data from vendor software
  * analyze data via SQL queries
  * plugin interface for blood pressure monitors with a computer interface
(USB, Bluetooth)

My intention is to maintain this under the Debian-med umbrella
https://salsa.debian.org/med-team

signature.asc
Description: This is a digitally signed message part.

Bug#1043009: lcovutil.pm is missing

[Free Ekanayaka]

Hello,

is there any news on this bug? It basically makes lcov unusable on
Debian/trixie.

BTW it seems that the latest 2.0-2 package version was not pushed to
salsa:

https://salsa.debian.org/mckinstry/lcov/-/tags

Thanks

Bug#1050476: ITS: libperlmenu-perl

[Bastian Germann]

Control: retitle -1 O: libperlmenu-perl -- Insomnia's Basic ToolKit
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning libperlmenu-perl. Please only consider adopting if you 
have
the time and skills to maintain it.

Description: Menu and Template (curses-based) UI for Perl
 perlmenu is a Perl module that provides your application
 with access to easy-to-use functions for templates,
 menus, forms, and the like -- everything needed
 to put a slick UI on a program without resorting to a GUI.

Bug#1051938: systemd: "Assertion 'path_is_absolute(p)' failed" on upgrade

[Michel Meyers]

Package: systemd
Version: 254.1-3
Severity: important

Dear Maintainer,

While running an apt upgrade, systemd fails to get upgraded/installed
with the followint error messages:

Setting up systemd (254.1-3) ...
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, function 
chase(  


   ). Aborting.
/var/lib/dpkg/info/systemd.postinst: line 11: 3184727 Aborted 
(c  

   
ore dumped) journalctl ${DPKG_ROOT:+--root="$DPKG_ROOT"} --update-catalog
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, function 
chase(  


   ). Aborting.
/var/lib/dpkg/info/systemd.postinst: line 65: 3184729 Aborted 
(c  

   
ore dumped) systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} basic.conf 
system  


   d-journal.conf systemd-network.conf
dpkg: error processing package systemd (--configure):
 installed systemd package post-installation script subprocess returned error 
ex  

   
it status 134

I am uncertain on how to debug this further.

- Michel

*** End of the template - remove these template lines ***


-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-2-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl12.3.1-3
ii  libaudit1  1:3.1.1-1
ii  libblkid1  2.39.2-1
ii  libc6  2.37-7
ii  libcap21:2.66-4
ii  libcryptsetup122:2.6.1-5
ii  libfdisk1  2.39.2-1
ii  libgcrypt201.10.2-2
ii  libkmod2   30+20230601-1
ii  liblz4-1   1.9.4-1
ii  liblzma5   5.4.4-0.1
ii  libmount1  2.39.2-1
ii  libp11-kit00.25.0-4
ii  libseccomp22.5.4-1+b3
ii  libselinux13.5-1
ii  libssl33.0.10-1
ii  libsystemd-shared  254.1-3
ii  libsystemd0254.1-3
ii  libzstd1   1.5.5+dfsg2-1
ii  mount  2.39.2-1
ii  systemd-dev254.1-3

Versions of packages systemd recommends:
ih  dbus [default-dbus-system-bus]  1.14.10-1
ii  ntpsec [time-daemon]1.2.2+dfsg1-2

Versions of packages systemd suggests:
ii  libfido2-11.13.0-1
ii  libqrencode4  4.1.1-1
ii  libtss2-esys-3.0.2-0  3.2.1-3
ii  libtss2-mu0   3.2.1-3
pn  libtss2-rc0   
ii  polkitd   123-1
ii  python3   3.11.4-5+b1
pn  python3-pefile
pn  systemd-boot  
ii  systemd-container 254.1-3
pn  systemd-homed 
pn  systemd-resolved  
pn  systemd-userdbd   

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.10-1
pn  dracut 
it  initramfs-tools0.142
ii  libnss-systemd 254.1-3
ii  libpam-systemd 254.1-3
ih  udev   254.1-3

-- Configuration Files:
/etc/systemd/logind.conf changed:
[Login]
HandlePowerKey=ignore


-- no debconf information
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:628, function 
chase(). Aborting.
Failed to call DumpByFileDescriptor: Failed to activate service 
'org.freedesktop.systemd1': timed out (service_start_timeout=25000ms)
==> /var/lib/systemd/deb-systemd-helper-enabled/snapd.apparmor.service.dsh-also 
<==

Bug#1051785: gdm3 won't allow logins when a smarcard with a x.509 credential is plugged in

[Paul Tagliamonte]

On Thu, Sep 14, 2023 at 11:25:57AM +0200, Raphael Hertzog wrote:
> In my case, I don't have any "smartcard development tools" (at least not
> on purpose), I just have a smartcard inserted with a single GPG key used
> for "authentication" (i.e. mainly for SSH logins).

Ahha! As do I! I removed all my tokens, and understood smartcard to mean
an x.509 credential. My Debian signing key is on Hardware as well.

> $ gpg --card-status 
> Reader ...: Alcor Micro AU9540 00 00
> Application ID ...: D276000124010201000540DD
> Application type .: OpenPGP
> Version ..: 2.1
> Manufacturer .: ZeitControl
> [...]
> Key attributes ...: rsa2048 rsa2048 rsa2048
> Max. PIN lengths .: 32 32 32
> PIN retry counter : 3 0 3
> Signature counter : 0
> Signature key : [none]
> Encryption key: [none]
> Authentication key: 1CAC 8718 CAA0 C7B9 1EC0  E907 F1CA EE10 6CE6 97F8
>   created : 2022-01-19 08:31:51

Reader ...: Yubico YubiKey FIDO CCID 00 00
Application ID ...: D276000124010201000607535263
Application type .: OpenPGP
Version ..: 2.1
Manufacturer .: Yubico
[...]
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation ...: 
URL of public key : [not set]
Login data ...: [not set]
Signature PIN : forced
Key attributes ...: rsa4096 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : [...]
Signature counter : [...]
Signature key : B7EC F42D DFD9 8AC7 301C  062B 1101 AD5A 8136 9AD7
  created : 2019-02-09 15:52:11

  paultag

-- 
  ⢀⣴⠾⠻⢶⣦⠀   Paul Tagliamonte 
  ⣾⠁⢠⠒⠀⣿⡁  https://people.debian.org/~paultag | https://pault.ag/
  ⢿⡄⠘⠷⠚⠋Debian, the universal operating system.
  ⠈⠳⣄⠀⠀  4096R / FEF2 EB20 16E6 A856 B98C  E820 2DCD 6B5D E858 ADF3


signature.asc
Description: PGP signature

Bug#1051937: bullseye-pu: package cairosvg/oldstable-new

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cairo...@packages.debian.org, Joe Burmeister 
, car...@debian.org
Control: affects -1 + src:cairosvg

Dear SRM,

[ Reason ]
Triggered by a offlist-report from Joe Burmeister, cairosvg suffers
from a regression from the original fix upstream for CVE-2023-27586,
where embedded images using data URIs no longer work without the
unsafe flag. To fix the issue it would only be necessary to dissalow
loading of external files, but data URIs would be expected to still
work.

See:
- https://bugs.debian.org/1050643
- https://github.com/Kozea/CairoSVG/issues/383

[ Impact ]
Without using the unsafe flag, it is not possible to embed images
using data URIs.

[ Tests ]
Joe tested the updated package with a (non public) testcase.

[ Risks ]
Syncs up with upstream fixes after the original fix for
CVE-2023-27586.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Allow to handle data-URLs in safe mode as well, using a introduced
safe_fetch which fetches the content of a passed url if it's a data
URL and return an empty SVG otherwise.

[ Other info ]
None

Regards,
Salvatore
diff -Nru cairosvg-2.5.0/debian/changelog cairosvg-2.5.0/debian/changelog
--- cairosvg-2.5.0/debian/changelog 2023-03-23 20:51:51.0 +0100
+++ cairosvg-2.5.0/debian/changelog 2023-09-06 21:24:37.0 +0200
@@ -1,3 +1,10 @@
+cairosvg (2.5.0-1.1+deb11u2) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Handle data-URLs in safe mode (Closes: #1050643)
+
+ -- Salvatore Bonaccorso   Wed, 06 Sep 2023 21:24:37 +0200
+
 cairosvg (2.5.0-1.1+deb11u1) bullseye-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru cairosvg-2.5.0/debian/patches/Handle-data-URLs-in-safe-mode.patch 
cairosvg-2.5.0/debian/patches/Handle-data-URLs-in-safe-mode.patch
--- cairosvg-2.5.0/debian/patches/Handle-data-URLs-in-safe-mode.patch   
1970-01-01 01:00:00.0 +0100
+++ cairosvg-2.5.0/debian/patches/Handle-data-URLs-in-safe-mode.patch   
2023-09-06 21:24:37.0 +0200
@@ -0,0 +1,61 @@
+From: Guillaume Ayoub 
+Date: Tue, 18 Apr 2023 14:51:13 +0200
+Subject: Handle data-URLs in safe mode.
+Origin: 
https://github.com/Kozea/CairoSVG/commit/2cbe3066e604af67c31d6651aa3acafe4ae0749d
+Bug: https://github.com/Kozea/CairoSVG/issues/383
+Bug-Debian: https://bugs.debian.org/1050643
+
+Fix #383.
+---
+ cairosvg/parser.py |  5 ++---
+ cairosvg/url.py| 11 +++
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/cairosvg/parser.py b/cairosvg/parser.py
+index 61275f0a1073..06a65db5c0e2 100644
+--- a/cairosvg/parser.py
 b/cairosvg/parser.py
+@@ -14,7 +14,7 @@ from defusedxml import ElementTree
+ from . import css
+ from .features import match_features
+ from .helpers import flatten, pop_rotation, rotations
+-from .url import fetch, parse_url, read_url
++from .url import fetch, parse_url, read_url, safe_fetch
+ 
+ # 'display' is actually inherited but handled differently because some markers
+ # are part of a none-displaying group (see test painting-marker-07-f.svg)
+@@ -393,8 +393,7 @@ class Tree(Node):
+ 
+ # Don’t allow fetching external files unless explicitly asked for
+ if 'url_fetcher' not in kwargs and not unsafe:
+-self.url_fetcher = (
+-lambda *args, **kwargs: b'')
++self.url_fetcher = safe_fetch
+ 
+ self.xml_tree = tree
+ root = cssselect2.ElementWrapper.from_xml_root(tree)
+diff --git a/cairosvg/url.py b/cairosvg/url.py
+index b4a78eaf6645..7b184e6e74d9 100644
+--- a/cairosvg/url.py
 b/cairosvg/url.py
+@@ -84,6 +84,17 @@ def fetch(url, resource_type):
+ return urlopen(Request(url, headers=HTTP_HEADERS)).read()
+ 
+ 
++def safe_fetch(url, resource_type):
++"""Fetch the content of ``url`` only if it’s a data-URL.
++
++Otherwise, return an empty SVG.
++
++"""
++if url and url.startswith('data:'):
++return fetch(url, resource_type)
++return b''
++
++
+ def parse_url(url, base=None):
+ """Parse an URL.
+ 
+-- 
+2.40.1
+
diff -Nru cairosvg-2.5.0/debian/patches/series 
cairosvg-2.5.0/debian/patches/series
--- cairosvg-2.5.0/debian/patches/series2023-03-23 20:51:07.0 
+0100
+++ cairosvg-2.5.0/debian/patches/series2023-09-06 21:23:58.0 
+0200
@@ -1,3 +1,4 @@
 0001-Remove-pytest-options-for-plugins-not-packaged-for-D.patch
 0002-Don-t-use-overlapping-groups-for-regular-expressions.patch
 Don-t-allow-fetching-external-files-unless-explicitl.patch
+Handle-data-URLs-in-safe-mode.patch

Bug#1051936: bookworm-pu: package cairosvg/2.5.2-1.1+deb12u1

[Salvatore Bonaccorso]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cairo...@packages.debian.org, Joe Burmeister 
, car...@debian.org
Control: affects -1 + src:cairosvg

Dear SRM,

[ Reason ]
Triggered by a offlist-report from Joe Burmeister, cairosvg suffers
from a regression from the original fix upstream for CVE-2023-27586,
where embedded images using data URIs no longer work without the
unsafe flag. To fix the issue it would only be necessary to dissalow
loading of external files, but data URIs would be expected to still
work.

See:
- https://bugs.debian.org/1050643
- https://github.com/Kozea/CairoSVG/issues/383

[ Impact ]
Without using the unsafe flag, it is not possible to embed images
using data URIs.

[ Tests ]
Joe tested the updated package with a (non public) testcase.

[ Risks ]
Syncs up with upstream fixes after the original fix for
CVE-2023-27586.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Allow to handle data-URLs in safe mode as well, using a introduced
safe_fetch which fetches the content of a passed url if it's a data
URL and return an empty SVG otherwise.

[ Other info ]
None

Regards,
Salvatore
diff -Nru cairosvg-2.5.2/debian/changelog cairosvg-2.5.2/debian/changelog
--- cairosvg-2.5.2/debian/changelog 2023-03-21 22:21:22.0 +0100
+++ cairosvg-2.5.2/debian/changelog 2023-09-06 21:20:16.0 +0200
@@ -1,3 +1,10 @@
+cairosvg (2.5.2-1.1+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Handle data-URLs in safe mode (Closes: #1050643)
+
+ -- Salvatore Bonaccorso   Wed, 06 Sep 2023 21:20:16 +0200
+
 cairosvg (2.5.2-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru cairosvg-2.5.2/debian/patches/Handle-data-URLs-in-safe-mode.patch 
cairosvg-2.5.2/debian/patches/Handle-data-URLs-in-safe-mode.patch
--- cairosvg-2.5.2/debian/patches/Handle-data-URLs-in-safe-mode.patch   
1970-01-01 01:00:00.0 +0100
+++ cairosvg-2.5.2/debian/patches/Handle-data-URLs-in-safe-mode.patch   
2023-09-06 21:20:16.0 +0200
@@ -0,0 +1,61 @@
+From: Guillaume Ayoub 
+Date: Tue, 18 Apr 2023 14:51:13 +0200
+Subject: Handle data-URLs in safe mode.
+Origin: 
https://github.com/Kozea/CairoSVG/commit/2cbe3066e604af67c31d6651aa3acafe4ae0749d
+Bug: https://github.com/Kozea/CairoSVG/issues/383
+Bug-Debian: https://bugs.debian.org/1050643
+
+Fix #383.
+---
+ cairosvg/parser.py |  5 ++---
+ cairosvg/url.py| 11 +++
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/cairosvg/parser.py b/cairosvg/parser.py
+index 61275f0a1073..06a65db5c0e2 100644
+--- a/cairosvg/parser.py
 b/cairosvg/parser.py
+@@ -14,7 +14,7 @@ from defusedxml import ElementTree
+ from . import css
+ from .features import match_features
+ from .helpers import flatten, pop_rotation, rotations
+-from .url import fetch, parse_url, read_url
++from .url import fetch, parse_url, read_url, safe_fetch
+ 
+ # 'display' is actually inherited but handled differently because some markers
+ # are part of a none-displaying group (see test painting-marker-07-f.svg)
+@@ -393,8 +393,7 @@ class Tree(Node):
+ 
+ # Don’t allow fetching external files unless explicitly asked for
+ if 'url_fetcher' not in kwargs and not unsafe:
+-self.url_fetcher = (
+-lambda *args, **kwargs: b'')
++self.url_fetcher = safe_fetch
+ 
+ self.xml_tree = tree
+ root = cssselect2.ElementWrapper.from_xml_root(tree)
+diff --git a/cairosvg/url.py b/cairosvg/url.py
+index b4a78eaf6645..7b184e6e74d9 100644
+--- a/cairosvg/url.py
 b/cairosvg/url.py
+@@ -84,6 +84,17 @@ def fetch(url, resource_type):
+ return urlopen(Request(url, headers=HTTP_HEADERS)).read()
+ 
+ 
++def safe_fetch(url, resource_type):
++"""Fetch the content of ``url`` only if it’s a data-URL.
++
++Otherwise, return an empty SVG.
++
++"""
++if url and url.startswith('data:'):
++return fetch(url, resource_type)
++return b''
++
++
+ def parse_url(url, base=None):
+ """Parse an URL.
+ 
+-- 
+2.40.1
+
diff -Nru cairosvg-2.5.2/debian/patches/series 
cairosvg-2.5.2/debian/patches/series
--- cairosvg-2.5.2/debian/patches/series2023-03-21 22:20:08.0 
+0100
+++ cairosvg-2.5.2/debian/patches/series2023-09-06 21:19:48.0 
+0200
@@ -1,2 +1,3 @@
 0001-Remove-pytest-options-for-plugins-not-packaged-for-D.patch
 Don-t-allow-fetching-external-files-unless-explicitl.patch
+Handle-data-URLs-in-safe-mode.patch

Bug#1051935: /usr/lib/x86_64-linux-gnu/libg3d/plugins/import/imp_vrml.so: undefined symbol: yywrap

[Frederic-Emmanuel Picca]

Package: libg3d-plugins
Version: 0.0.8-36
Severity: important
X-Debbugs-Cc: pi...@debian.org

Dear Maintainer,

I am the maintainer of the hkl package.

When I use the ghkl librarry, I get this error message

(ghkl:1336510): LibG3D-WARNING **: 15:03:32.967: libg3d: plugins: failed to 
load /usr/lib/x86_64-linux-gnu/libg3d/plugins/import/imp_vrml.so: 
/usr/lib/x86_64-linux-gnu/libg3d/plugins/import/imp_vrml.so: undefined symbol: 
yywrap

So there is a missing symbol in the plugins.

thanks for considering

Frederic

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-8-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libg3d-plugins depends on:
ii  libc6 2.37-8
ii  libg3d0   0.0.8-36
ii  libglib2.0-0  2.78.0-1
ii  libxml2   2.9.14+dfsg-1.3

libg3d-plugins recommends no packages.

libg3d-plugins suggests no packages.

-- no debconf information

Bug#1050475: ITS: libibtk

[Bastian Germann]

Control: retitle -1 O: libibtk -- Insomnia's Basic ToolKit
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning libibtk. Please only consider adopting if you have
the time and skills to maintain it.

Description: Insomnia's Basic ToolKit
 IBTK is used by The General ATI TV and Overlay Software (GATOS) suite
 for capturing video.

Bug#1051933: python3-pysnmp-pysmi has an undeclared file conflict

[Helmut Grohne]

Package: python3-pysnmp-pysmi
Version: 1.0.4-1
Severity: serious
User: debian...@lists.debian.org
Usertags: fileconflict
Control: affects -1 + python3-pysmi

python3-pysnmp-pysmi has an undeclared file conflict. This may result in
an unpack error from dpkg.

The files
 * /usr/lib/python3/dist-packages/pysmi/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/borrower/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/borrower/anyfile.py
 * /usr/lib/python3/dist-packages/pysmi/borrower/base.py
 * /usr/lib/python3/dist-packages/pysmi/borrower/pyfile.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/base.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/jsondoc.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/null.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/pysnmp.py
 * /usr/lib/python3/dist-packages/pysmi/codegen/symtable.py
 * /usr/lib/python3/dist-packages/pysmi/compat.py
 * /usr/lib/python3/dist-packages/pysmi/compiler.py
 * /usr/lib/python3/dist-packages/pysmi/debug.py
 * /usr/lib/python3/dist-packages/pysmi/error.py
 * /usr/lib/python3/dist-packages/pysmi/lexer/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/lexer/base.py
 * /usr/lib/python3/dist-packages/pysmi/lexer/smi.py
 * /usr/lib/python3/dist-packages/pysmi/mibinfo.py
 * /usr/lib/python3/dist-packages/pysmi/parser/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/parser/base.py
 * /usr/lib/python3/dist-packages/pysmi/parser/dialect.py
 * /usr/lib/python3/dist-packages/pysmi/parser/null.py
 * /usr/lib/python3/dist-packages/pysmi/parser/smi.py
 * /usr/lib/python3/dist-packages/pysmi/parser/smiv1.py
 * /usr/lib/python3/dist-packages/pysmi/parser/smiv1compat.py
 * /usr/lib/python3/dist-packages/pysmi/parser/smiv2.py
 * /usr/lib/python3/dist-packages/pysmi/reader/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/reader/base.py
 * /usr/lib/python3/dist-packages/pysmi/reader/callback.py
 * /usr/lib/python3/dist-packages/pysmi/reader/ftpclient.py
 * /usr/lib/python3/dist-packages/pysmi/reader/httpclient.py
 * /usr/lib/python3/dist-packages/pysmi/reader/localfile.py
 * /usr/lib/python3/dist-packages/pysmi/reader/url.py
 * /usr/lib/python3/dist-packages/pysmi/reader/zipreader.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/anyfile.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/base.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/pyfile.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/pypackage.py
 * /usr/lib/python3/dist-packages/pysmi/searcher/stub.py
 * /usr/lib/python3/dist-packages/pysmi/writer/__init__.py
 * /usr/lib/python3/dist-packages/pysmi/writer/base.py
 * /usr/lib/python3/dist-packages/pysmi/writer/callback.py
 * /usr/lib/python3/dist-packages/pysmi/writer/localfile.py
 * /usr/lib/python3/dist-packages/pysmi/writer/pyfile.py
are contained in the packages
 * python3-pysmi
   * 0.3.2-2 as present in bullseye
   * 0.3.2-3 as present in bookworm|trixie|unstable
 * python3-pysnmp-pysmi/1.0.4-1 as present in unstable

These packages can be unpacked concurrently, because there is no
relevant Replaces or Conflicts relation. Attempting to unpack these
packages concurrently results in an unpack error from dpkg, because none
of the packages installs a diversion for the affected files.

Kind regards

The Debian Usr Merge Analysis Tool

This bug report has been automatically filed with no human intervention.
The source code is available at https://salsa.debian.org/helmutg/dumat.
If the filing is unclear or in error, don't hesitate to contact
hel...@subdivi.de for assistance.

Bug#1051934: python3-pyasn1-modules-lextudio has an undeclared file conflict

[Helmut Grohne]

Package: python3-pyasn1-modules-lextudio
Version: 0.2.9-1
Severity: serious
User: debian...@lists.debian.org
Usertags: fileconflict
Control: affects -1 + python3-pyasn1-modules

python3-pyasn1-modules-lextudio has an undeclared file conflict. This
may result in an unpack error from dpkg.

The files
 * /usr/lib/python3/dist-packages/pyasn1_modules/__init__.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/pem.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc1155.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc1157.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc1901.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc1902.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc1905.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2251.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2314.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2315.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2437.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2459.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2511.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2560.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2631.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2634.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2985.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc2986.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3114.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3161.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3274.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3279.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3280.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3281.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3412.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3414.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3447.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3560.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3565.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3709.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3770.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3779.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc3852.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4043.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4055.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4073.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4108.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4210.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4211.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4334.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc4985.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5035.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5083.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5084.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5208.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5280.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5480.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5649.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5652.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5751.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5755.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5913.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5914.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5915.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5916.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5917.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5924.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5934.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5940.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5958.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc5990.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6010.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6019.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6031.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6032.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6120.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6170.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6187.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6210.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6211.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6402.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6482.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6486.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6487.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6664.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6955.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc6960.py
 * /usr/lib/python3/dist-packages/pyasn1_modules/rfc7030.py
 * 

Bug#1051932: RFS: python-ajsonrpc/1.2.0-1 [ITP] -- Python JSON-RPC 2.0 implementation and async server powered by asyncio (doc)

[Peter Zahradnik]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "python-ajsonrpc":

 * Package name : python-ajsonrpc
   Version  : 1.2.0-1
   Upstream contact : k...@p99.io
 * URL  : https://github.com/pavlov99/ajsonrpc
 * License  : Expat
 * Vcs  :
https://salsa.debian.org/python-team/packages/ajsonrpc
   Section  : python

The source builds the following binary packages:

  python3-ajsonrpc - Python JSON-RPC 2.0 implementation and
asynchronous server powered by asyncio
  python3-ajsonrpc-doc - Python JSON-RPC 2.0 implementation and async
server powered by asyncio (doc)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-ajsonrpc/

Alternatively, you can download the package with 'dget' using this
command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-ajsonrpc/python-ajsonrpc_1.2.0-1.dsc

Changes for the initial release:

 python-ajsonrpc (1.2.0-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1050212)

Regards,
Peter Zahradnik

Bug#1050474: ITS: libdigest-whirlpool-perl

[Bastian Germann]

Control: retitle -1 O: libdigest-whirlpool-perl -- A 512-bit, 
collision-resistant, one-way hash function
Control: reassign -1 wnpp
Control: severity -1 normal

Description:  A 512-bit, collision-resistant, one-way hash function
 Provides an interface to the WHIRLPOOL hash algorithm. This module
 subclasses Digest::base and can be used either directly or through
 the Digest meta-module. Using the latter is recommended.

Bug#1050473: ITS: leave

[Bastian Germann]

Control: retitle -1 O: leave -- Reminds you when you have to leave
Control: reassign -1 wnpp
Control: severity -1 normal

I am hereby orphaning "leave". Please only consider adopting if you have
the time and skills to maintain it.

Description: Reminds you when you have to leave
 Leave waits until the specified time, then reminds you that you have
 to leave.  You are reminded 5 minutes and 1 minute before the actual
 time, at the time, and every minute thereafter.  When you log off,
 leave exits just before it would have printed the next message.

Bug#1051841: debian-edu-testsuite reports errors

[Guido Berhoerster]

On Thu, 14 Sep 2023 10:57:32 +0200 Petter Reinholdtsen  wrote:
> [Guido Berhoerster]
> >> error: ./ldap-client: Not only one PAM module of krb5, ldap and sss is 
> >> enabled
> >
> > /etc/pam.d/common-auth contains:
> >
> > …
> > auth[success=3 default=ignore]  pam_krb5.so minimum_uid=1000
> > auth[success=2 default=ignore]  pam_unix.so nullok 
> > try_first_pass
> > auth[success=1 default=ignore]  pam_ldap.so minimum_uid=1000 
> > use_first_pass
> > …
> >
> > So PAM tries them in the given order until one succeeds, I'm not sure
> > what is wrong with that. The git history of testsuite/ldap-client is
> > not helpful either why this was added.
> 
> The pam_ldap.so line should be removed.  The LDAP authentication send
> the password over to the LDAP server for verification, hopefully via an
> TLS channel, allowing a rouge server to collect user passwords, while
> Kerberos only send an encrypted timestamp to the server.  Because of
> this Debian Edu do not want LDAP authentication enabled, and uses
> Kerberos exclusively over the network.

OK, digging into history shows that this has been a problem before
(#591773) which had a workaround via cfengine. However, that was removed
in
https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/3a2cb02332e0dea3bb1dae1847de1a7fe542b1c6
well before bullseye and in bullseye libpam-ldapd does not get pulled in
on non-roaming installs.

The dependency chain in bookworm is education-networked-common -> nslcd 
-> libpam-ldapd and nslcd still has "libpam-ldapd | libpam-ldap |
libpam-krb5 | libpam-heimdal | libpam-sss" but
education-networked-common also directly recommends libpam-ldapd which
seems to be the culprit.

The following commit introduced the dependency:

https://salsa.debian.org/debian-edu/debian-edu/-/commit/16307694c2a24b13a5a910c7cbcacafc8bf6abec


> >> error: ./rdp-server: xrdp service is not listening on 3389/tcp.'
> >
> > This can be probably be ignored as I have set up FAI on top of my LTSP 
> > setup.
> 
> I do not understand what you mean here.  How is this relevant?

It's a quirk on my local system, I shouldn't have included it in the
report.

-- 
Guido Berhoerster

Bug#1051931: obs-studio: Please use whitelist for libluajit-5.1-dev build dependency

[John Paul Adrian Glaubitz]

Source: obs-studio
Version: 29.1.3+dfsg-2
Severity: normal
User: debian-powe...@lists.debian.org
Usertags: powerpc ppc64
X-Debbugs-Cc: debian-powe...@lists.debian.org

Hello!

src:obs-studio currently only blacklists ppc64el in debian/control in its
build dependencies [1] while luajit is missing on many architectures [2].

Thus, it would make sense to use a whitelist for the libluajit-5.1-dev
build dependency in debian/control and also adjust debian/rules accordingly:

diff -Nru old/obs-studio-29.1.3+dfsg/debian/control 
new/obs-studio-29.1.3+dfsg/debian/control
--- old/obs-studio-29.1.3+dfsg/debian/control   2023-08-02 13:39:19.0 
+0200
+++ new/obs-studio-29.1.3+dfsg/debian/control   2023-09-14 14:02:58.869380395 
+0200
@@ -27,7 +27,7 @@
  libfreetype-dev,
  libjack-jackd2-dev,
  libjansson-dev,
- libluajit-5.1-dev [!ppc64el],
+ libluajit-5.1-dev [amd64 arm64 armel armhf hurd-i386 i386 mips64el s390x],
  libmbedtls-dev,
  libopengl-dev,
  libpci-dev,
diff -Nru old/obs-studio-29.1.3+dfsg/debian/rules 
new/obs-studio-29.1.3+dfsg/debian/rules
--- old/obs-studio-29.1.3+dfsg/debian/rules 2023-08-02 13:39:19.0 
+0200
+++ new/obs-studio-29.1.3+dfsg/debian/rules 2023-09-14 14:02:41.005436844 
+0200
@@ -18,7 +18,7 @@
 confflags += -DOBS_VERSION_OVERRIDE=$(subst +dfsg,.1,$(DEB_VERSION))
 confflags += -DAPPDATA_RELEASE_DATE=$(shell date --utc 
--date=@$${SOURCE_DATE_EPOCH} +'%Y-%m-%d')
 
-ifeq (ppc64el,$(DEB_HOST_ARCH))
+ifeq (,$(filter amd64 arm64 armel armhf hurd-i386 i386 mips64el s390x, 
$(DEB_HOST_ARCH)))
 confflags += -DENABLE_SCRIPTING_LUA=OFF
 endif

I have attached the patch as a file as well.

Thanks,
Adrian

> [1] 
> https://salsa.debian.org/multimedia-team/obs-studio/-/blob/master/debian/control#L30
> [2] https://buildd.debian.org/status/package.php?p=luajit=sid

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
diff -Nru old/obs-studio-29.1.3+dfsg/debian/control 
new/obs-studio-29.1.3+dfsg/debian/control
--- old/obs-studio-29.1.3+dfsg/debian/control   2023-08-02 13:39:19.0 
+0200
+++ new/obs-studio-29.1.3+dfsg/debian/control   2023-09-14 14:02:58.869380395 
+0200
@@ -27,7 +27,7 @@
  libfreetype-dev,
  libjack-jackd2-dev,
  libjansson-dev,
- libluajit-5.1-dev [!ppc64el],
+ libluajit-5.1-dev [amd64 arm64 armel armhf hurd-i386 i386 mips64el s390x],
  libmbedtls-dev,
  libopengl-dev,
  libpci-dev,
diff -Nru old/obs-studio-29.1.3+dfsg/debian/rules 
new/obs-studio-29.1.3+dfsg/debian/rules
--- old/obs-studio-29.1.3+dfsg/debian/rules 2023-08-02 13:39:19.0 
+0200
+++ new/obs-studio-29.1.3+dfsg/debian/rules 2023-09-14 14:02:41.005436844 
+0200
@@ -18,7 +18,7 @@
 confflags += -DOBS_VERSION_OVERRIDE=$(subst +dfsg,.1,$(DEB_VERSION))
 confflags += -DAPPDATA_RELEASE_DATE=$(shell date --utc 
--date=@$${SOURCE_DATE_EPOCH} +'%Y-%m-%d')
 
-ifeq (ppc64el,$(DEB_HOST_ARCH))
+ifeq (,$(filter amd64 arm64 armel armhf hurd-i386 i386 mips64el s390x, 
$(DEB_HOST_ARCH)))
 confflags += -DENABLE_SCRIPTING_LUA=OFF
 endif
 

Bug#1051930: ITP: node-node-pty -- Node.js library to allow one to fork processes with pseudoterminal file descriptors

[Yadd]

Package: wnpp
Severity: wishlist
Owner: Yadd 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: node-node-pty
  Version : 1.0.0
  Upstream Contact: node-pty authors
  
* URL : https://github.com/microsoft/node-pty/issues
* License : Expat
  Programming Lang: JavaScript
  Description : Node.js library to allow one to fork processes with 
pseudoterminal file descriptors

node-node-pty provides forkpty bindings for node.js. This allows one to fork
processes with pseudoterminal file descriptors. It returns a terminal object
which allows reads and writes. This is useful for:
 * Writing a terminal emulator
 * Getting certain programs to think they are in a terminal

node-node-pty is a dependency of node-xterm 5 which is needed to build
node-jupyterlab. Will be maintained under JS Team umbrella.

Bug#1042374: Removing udev rules fixes unwanted reboots on startup with 6.4.0 kernel but not stable kernel

[rpnpif]

After this command

update-initramfs -k all -u

all works fine for all installed kernels (6.4.0-4-amd64, 
.6.1.0-0.deb11.11-amd64, 6.1.0-0.deb11.9-amd64).


So I could confirm that this issue was probably caused by the udev 
252.5-2~bpo11+1 package or another systemd function that hangs with my 
old rules that I mentioned earlier.


--
Rpnpif

Bug#1051896: rkhunter: CVE-2023-4413

[Richard Lewis]

On Thu, 14 Sep 2023, 06:00 Francois Marier,  wrote:

> On 2023-09-13 at 14:15:53, Moritz Mühlenhoff (j...@inutil.org) wrote:
> > https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7
>
> My summary of this is: it's possible to figure out what files/ports/etc.
> rkhunter is looking for by looking at the log file.
>
> That log file is:
>
>   -rw-r-  1 root  adm 502K 13 sep 07:41
> rkhunter.log
>
> and on my machine that means only root and logcheck can see it:
>
>   $ grep adm /etc/group
>   adm:x:4:logcheck
>
> Of course, it's also possible to find out what files/ports/etc. rkhunter is
> looking for by looking in /usr/share/rkhunter/scripts/ or looking at the
> source code
> (https://sourceforge.net/p/rkhunter/rkh_code/ci/develop/tree/files/).
>
> So am I missing something here or is this simply not relevant given the
> rkhunter threat model of being an Open Source tool with a public database?
>
> Francois
>

I dont think you are missing anything - the cve links to a githab gist
which boils down to  "i can write a rootkit that rkhunter doesnt detect,
because i can find what strings rkhunter looks for in a log" - as you say,
the strings are in the source code anyway. And calling this a security
issue is a bit odd really.

rkhunter detects a number of known rootkits with some quite basic string
matching - it cant possibly detect arbitrary variations.

possibly they have reported over-interpreted the "hunter" part of the name
rkhunter!

Bug#1051503: aa-logprof does not support mount rules

[dp217]

Hi intrigeri,

Yes, I understand. At first it wasn't even very clear what the problem was.

Maybe it would be better to change the title to: aa-logprof quietly ignore some 
messages without the user knowing

Because the problem isn't so much that the mount isn't supported, although it 
would be nice if it were, but that the messages that aa-logprof is supposed to 
reviewed are ignored without the user knowing.
Also, mount isn't the only thing that isn't supported, the same problem also 
applies to pivotroot.

Bug#1051928: ITP: python3-kiwi-boxed-plugin -- KIWI plugin to provide self contained build support using QEMU

[Isaac True]

Package: wnpp
Severity: wishlist
Owner: Isaac True 
X-Debbugs-Cc: debian-de...@lists.debian.org, isaac@is.having.coffee

* Package name: python3-kiwi-boxed-plugin
  Version : 0.2.28
  Upstream Contact: Marcus Schäfer 
* URL : https://github.com/OSInside/kiwi-boxed-plugin/
* License : GPL-3.0
  Programming Lang: Python
  Description : KIWI plugin to provide self contained build support using 
QEMU

Users building images with KIWI face problems if they want to build an image
matching one of the following criteria:

 - Build should happen as non root user.
 - Build should happen on a host system distribution for which no KIWI
   packages exists.
 - Build happens on an incompatible host system distribution compared to the
   target image distribution. For example building an apt/dpkg based system on
   an rpm based system.
 - Run more than one build process at the same time on the same host.
 - Run a build process for a different target architecture compared to the
   host architecture (Cross Arch Image Build)

The python3-kiwi-boxed-plugin is an optional plugin for KIWI which
adds an additional command (`kiwi system boxbuild`) that allows building
KIWI images inside a self-contained QEMU VM environment and overcoming
the problems mentioned above.

This is helpful for users of KIWI who have complex requirements for
generating KIWI images. It requires `qemu-system-x86/arm`, as well as the
`kiwi` package (already in the archives). It is an optional extension to KIWI.

As this is will be my first package in Debian, I am looking for a
sponsor to help to get this included in the archives.