Bug#1053296: RFS: kcollectd/0.12.1-1 -- simple collectd graphing front-end for KDE
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "kcollectd": * Package name : kcollectd Version : 0.12.1-1 Upstream contact : Antonio Russo * URL : https://www.antonioerusso.com/projects/kcollectd * License : GFDL-1.3+, PUBLIC-DOMAIN, GPL-3+ * Vcs : https://salsa.debian.org/qt-kde-team/extras/kcollectd Section : utils The source builds the following binary packages: kcollectd - simple collectd graphing front-end for KDE To access further information about this package, please visit the following URL: https://mentors.debian.net/package/kcollectd/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/k/kcollectd/kcollectd_0.12.1-1.dsc Changes since the last upload: kcollectd (0.12.1-1) unstable; urgency=medium . * New upstream release 0.12.1. - Align translations with source code (Closes: #1048793) * Bump Standards-Version to 4.6.2, no changes required. Best, Antonio Russo OpenPGP_0xB01C53D5DED4A4EE.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1053295: golang-ginkgo: dropped transitional package golang-ginkgo-dev, which is still used
Source: golang-ginkgo Version: 1.16.5-4 Severity: serious golang-ginkgo is failing to migrate to testing, because it dropped the transitional package golang-ginkgo-dev, which makes a lot of golang packages uninstallable, because they haven't migrated to the new package golang-github-onsi-ginkgo-dev yet. The britney log indicates the src/bin packages with newly uninstallable Depends/Build-Depends and the ftp-master cruft report confirms the problems in more detail. https://release.debian.org/britney/update_output.txt https://release.debian.org/doc/britney/short-intro-to-migrations.html#debugging-failed-migration-attempts https://ftp-master.debian.org/cruft-report-daily.txt Probably the solution to this is for golang-github-onsi-ginkgo-dev to add Provides: golang-ginkgo-dev so it doesn't have to go through NEW. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#1051613: linux-image-6.1.0-12-amd64: 6.1.0-12 breaks loading DVB ddbridge module and others
Hello, On Tue, 26 Sep 2023 06:54:43 +0200 Salvatore Bonaccorso wrote: > The next point release is scheduled on 7th October, meaning that the > kernel needs to be uploaded to the stable-proposed-updates queue the > weekend before (and testing from there would be very welcome). I can confirm that updating my kernel to linux-image-6.1.0-13-amd64-unsigned from proposed-updates did fix the bug for me. Thank you very much.
Bug#1053294: RFP: auto-cpufreq -- Automatic CPU speed & power optimizer
Package: wnpp Severity: wishlist X-Debbugs-Cc: Adnan Hodzic * Package name: auto-cpufreq Version : 2.0.0 Upstream Contact: Adnan Hodzic * URL : https://github.com/AdnanHodzic/auto-cpufreq * License : LGPL-3 Programming Lang: Python Description : Automatic CPU speed & power optimizer Automatic CPU speed & power optimizer for, Linux based on active monitoring of a laptop's battery state, CPU usage, CPU temperature and system load. Ultimately allowing you to improve battery life without making any compromises. Features: * Monitoring * Basic system information * CPU frequency (system total & per core) * CPU usage (system total & per core) * CPU temperature (total average & per core) * Battery state * System load * CPU frequency scaling, governor and turbo boost management based on * Battery state * CPU usage (total & per core) * CPU temperature in combination with CPU utilization/load (prevent overheating) * System load * Automatic CPU & power optimization (temporary and persistent) I found this package through this post on Debian Planet: https://foolcontrol.org/?p=4603 This is a tool similar to already existing tools in Debian, specifically TLP. According to the auto-cpufreq author though: > Using tools like TLP can help in this situation with extending > battery life (which is something I used to do for numerous years), > but it also might come with its own set of problems, like losing > turbo boost. > > With that said, I needed a simple tool which would automatically > make "cpufreq" related changes, save battery like TLP, but let Linux > kernel do most of the heavy lifting. That's how auto-cpufreq was > born. > > Please note: auto-cpufreq aims to replace TLP in terms of > functionality and after you install auto-cpufreq it's recommended to > remove TLP. If both are used for same functionality, i.e: to set CPU > frequencies it'll lead to unwanted results like overheating. Hence, > only use both tools in tandem if you know what you're doing. So I'm not exactly clear on what the overlap between the two is, but I do feel there's some room in this space for another option. TLP is rather "heavy" in terms of the number of things it does, it's a rather big pill to swallow, with all sorts of pitfalls... I like the idea of having a simple, one-task-focused tool. I do not currently have the cycles to evaluate this any further, but would love to collaborate on further research when I have time. Otherwise, if anyone is interested in pursuing this any further, please go right ahead (but keep this bug in CC!).
Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu [ Reason ] As requested by the security team, I would like to bring the microcode update level for AMD64 processors in Bullseye and Bookworm to match what we have in Sid and Trixie. This is the bug report for Bookworm, a separate one will be filled for Bullseye. This fixes: CVE-2023-20569 "AMD Inception" on AMD Zen4 processors There are no releavant issues reported on this microcode update, considering the version of amd64-microcode already available as security updates for bookworm and bullseye. [ Impact ] If this update is not approved, owners of some Zen4 processors will depend on UEFI updates to be protected against CVE-2023-20569. [ Tests ] There were no bug reports from users of Debian sid or Trixie, these packages have been tested there since 2023-08-10 (sid), 2023-08-12 (trixie). [ Risks ] Unknown, but not believed to be any different from other AMD microcode updates. Linux kernel updates related to these microcode update fixes are already available in Bookworm and Bullseye. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] As per the debdiff, only documentation changes, package documentation changes, and the binary blob change from upstream. Diffstat: README | 15 + amd-ucode/README | 13 +++ amd-ucode/microcode_amd_fam19h.bin |binary amd-ucode/microcode_amd_fam19h.bin.asc | 16 +++--- debian/NEWS| 15 + debian/changelog | 37 + 6 files changed, 88 insertions(+), 8 deletions(-) [ Other info ] The package version with "~" is needed to guarantee smooth updates to the next debian release. -- Henrique Holschuh diff --git a/README b/README index cd7c30b..798d2e7 100644 --- a/README +++ b/README @@ -8,6 +8,21 @@ the newest of either amd-ucode or amd-sev. latest commits in this release: +commit f2eb058afc57348cde66852272d6bf11da1eef8f +Author: John Allen +Date: Tue Aug 8 19:02:39 2023 + + +linux-firmware: Update AMD cpu microcode + +* Update AMD cpu microcode for processor family 19h + +Key Name= AMD Microcode Signing Key (for signing microcode container files only) +Key ID = F328AE73 +Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73 + +Signed-off-by: John Allen +Signed-off-by: Josh Boyer + commit 0bc3126c9cfa0b8c761483215c25382f831a7c6f Author: John Allen Date: Wed Jul 19 19:17:57 2023 + diff --git a/amd-ucode/README b/amd-ucode/README index 1d39da3..fac1152 100644 --- a/amd-ucode/README +++ b/amd-ucode/README @@ -37,6 +37,19 @@ Microcode patches in microcode_amd_fam17h.bin: Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes Microcode patches in microcode_amd_fam19h.bin: + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e Length=5568 bytes + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes + Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes + +NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0), +either AGESA version >= 1.0.0.8 OR a kernel with the following commit is +required: +a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too") + +When late loading the patches for Genoa or Bergamo, there may be one spurious +NMI observed per physical core. These NMIs are benign and don't cause any +functional issue but will result in kernel messages being logged. diff --git a/amd-ucode/microcode_amd_fam19h.bin b/amd-ucode/microcode_amd_fam19h.bin index 50470c3..02a5d05 100644 Binary files a/amd-ucode/microcode_amd_fam19h.bin and b/amd-ucode/microcode_amd_fam19h.bin differ diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc index a32b4d6..8cff901 100644 --- a/amd-ucode/microcode_amd_fam19h.bin.asc +++ b/amd-ucode/microcode_amd_fam19h.bin.asc @@ -1,11 +1,11 @@ -BEGIN PGP SIGNATURE- -iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo -rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx -7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm -xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT -LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
Bug#1053293: ghdl-llvm: Does not work, ghdl1-llvm not found
Package: ghdl-llvm Version: 3.0.0+dfsg-1 Severity: important ghdl-llvm has become unusable with 3.0.0+dfsg-1. Running ghdl-llvm immediately aborts with the message: /usr/bin/ghdl-llvm:error: installation problem: ghdl1-llvm not found According to build logs, the testsuite for the LLVM build already fails with the same message. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/24 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ghdl-llvm depends on: ii gcc 4:13.2.0-1 ii ghdl-common 3.0.0+dfsg-1 ii libc62.37-11 ii libgcc-s113.2.0-4 ii libgnat-12 12.3.0-9 ii libllvm161:16.0.6-15 ii libstdc++6 13.2.0-4 ii zlib1g-dev 1:1.2.13.dfsg-3 ghdl-llvm recommends no packages. ghdl-llvm suggests no packages. -- no debconf information
Bug#1053291: libffi-platypus-perl: FTBFS on hppa - broken integer support
Source: libffi-platypus-perl Severity: normal Tags: ftbfs Dear Maintainer, Various integer tests fail. See build log: https://buildd.debian.org/status/fetch.php?pkg=libffi-platypus-perl=hppa=2.08-1=1696034524=0 More details are available in this upstream issue: https://github.com/PerlFFI/FFI-Platypus/issues/394 There is a partial fix but the t/type_sint64.t and t/type_uint64.t fail. This might be due to incorrect casts. Regards, Dave Anglin -- System Information: Debian Release: trixie/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable') Architecture: hppa (parisc64) Kernel: Linux 6.1.55+ (SMP w/4 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] As requested by the security team, I would like to bring the microcode update level for AMD64 processors in Bullseye and Bookworm to match what we have in Sid and Trixie. This is the bug report for Bullseye, a separate one will be filled for Bookmorm. This fixes: CVE-2023-20569 "AMD Inception" on AMD Zen4 processors There are no releavant issues reported on this microcode update, considering the version of amd64-microcode already available as security updates for bookworm and bullseye. [ Impact ] If this update is not approved, owners of some Zen4 processors will depend on UEFI updates to be protected against CVE-2023-20569. [ Tests ] There were no bug reports from users of Debian sid or Trixie, these packages have been tested there since 2023-08-10 (sid), 2023-08-12 (trixie). [ Risks ] Unknown, but not believed to be any different from other AMD microcode updates. Linux kernel updates related to these microcode update fixes are already available in Bookworm and Bullseye. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] As per the debdiff, only documentation changes, package documentation changes, and the binary blob change from upstream. Diffstat: README | 15 + amd-ucode/README | 13 +++ amd-ucode/microcode_amd_fam19h.bin |binary amd-ucode/microcode_amd_fam19h.bin.asc | 16 ++--- debian/NEWS| 15 + debian/changelog | 38 + 6 files changed, 89 insertions(+), 8 deletions(-) [ Other info ] The package version with "~" is needed to guarantee smooth updates to the next debian release. -- Henrique Holschuh diff --git a/README b/README index cd7c30b..798d2e7 100644 --- a/README +++ b/README @@ -8,6 +8,21 @@ the newest of either amd-ucode or amd-sev. latest commits in this release: +commit f2eb058afc57348cde66852272d6bf11da1eef8f +Author: John Allen +Date: Tue Aug 8 19:02:39 2023 + + +linux-firmware: Update AMD cpu microcode + +* Update AMD cpu microcode for processor family 19h + +Key Name= AMD Microcode Signing Key (for signing microcode container files only) +Key ID = F328AE73 +Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73 + +Signed-off-by: John Allen +Signed-off-by: Josh Boyer + commit 0bc3126c9cfa0b8c761483215c25382f831a7c6f Author: John Allen Date: Wed Jul 19 19:17:57 2023 + diff --git a/amd-ucode/README b/amd-ucode/README index 1d39da3..fac1152 100644 --- a/amd-ucode/README +++ b/amd-ucode/README @@ -37,6 +37,19 @@ Microcode patches in microcode_amd_fam17h.bin: Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes Microcode patches in microcode_amd_fam19h.bin: + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e Length=5568 bytes + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes + Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes + +NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0), +either AGESA version >= 1.0.0.8 OR a kernel with the following commit is +required: +a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too") + +When late loading the patches for Genoa or Bergamo, there may be one spurious +NMI observed per physical core. These NMIs are benign and don't cause any +functional issue but will result in kernel messages being logged. diff --git a/amd-ucode/microcode_amd_fam19h.bin b/amd-ucode/microcode_amd_fam19h.bin index 50470c3..02a5d05 100644 Binary files a/amd-ucode/microcode_amd_fam19h.bin and b/amd-ucode/microcode_amd_fam19h.bin differ diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc index a32b4d6..8cff901 100644 --- a/amd-ucode/microcode_amd_fam19h.bin.asc +++ b/amd-ucode/microcode_amd_fam19h.bin.asc @@ -1,11 +1,11 @@ -BEGIN PGP SIGNATURE- -iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo -rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx -7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm -xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT -LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
Bug#1053276: polyphone: update d/watch
Hello Patrice, >Here is a suggested patch for this. for this what? Is there a problem with the watch file, other than the usual github changed their links one? I’ve had a fix for the latter in another package of mine for a long time already but hadn’t had uploaded polyphone yet. I guess I should probably do that some time. I have committed the fixed d/watch file now. Is there anything you still think needs changing? I don’t like these @magicstring@ thingies very much and would prefer to not apply them. Thanks, //mirabilos -- you introduced a merge commit│ % g rebase -i HEAD^^ sorry, no idea and rebasing just fscked │ Segmentation should have cloned into a clean repo │ fault (core dumped) if I rebase that now, it's really ugh │ wuahh
Bug#1053289: libzypp FTBFS on slower buildds: 87 - EvDownloader_test (Failed)
Source: libzypp Version: 17.31.15-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=libzypp=mips64el https://buildd.debian.org/status/logs.php?pkg=libzypp=riscv64 https://buildd.debian.org/status/logs.php?pkg=libzypp=alpha ... 87: Test command: /<>/obj-riscv64-linux-gnu/tests/zyppng/media/EvDownloader_test "--catch_system_errors=no" 87: Working Directory: /<>/obj-riscv64-linux-gnu/tests/zyppng/media 87: Test timeout computed to be: 1000 87: Running 100 test cases... 87: ./tests/zyppng/media/EvDownloader_test.cc(465): [4;31;49mfatal error: in "test1/_4": critical check startedDownloads == expectedDownloads has failed [11 != 10] 87: Failure occurred in a following context: 87: elem = MirrorSet{ All good mirrors }; withSSL = true; maxDLs = 10; [0;39;49m 87: ./tests/zyppng/media/EvDownloader_test.cc(465): [4;31;49mfatal error: in "test1/_5": critical check startedDownloads == expectedDownloads has failed [11 != 10] 87: Failure occurred in a following context: 87: elem = MirrorSet{ All good mirrors }; withSSL = true; maxDLs = 15; [0;39;49m 87: 87: [1;31;49m*** 2 failures are detected in the test module "Master Test Suite" 87: [0;39;49m 87/91 Test #87: EvDownloader_test ***Failed 206.11 sec ... The following tests FAILED: 87 - EvDownloader_test (Failed) Errors while running CTest Output from these tests are in: /<>/obj-riscv64-linux-gnu/tests/Testing/Temporary/LastTest.log Use "--rerun-failed --output-on-failure" to re-run the failed cases verbosely. make[4]: *** [tests/CMakeFiles/ctest.dir/build.make:73: tests/CMakeFiles/ctest] Error 8 The pattern where it fails correlates strongly with buildd speed, like a cutoff regarding minimum speed required. The number of times this assert triggers, and the numbers in the assert, differ in different builds. This failure is also frequently seen in reproducible builds. The error sounds like race condition, like an assumption that everything that had been started more than $time ago is already finished which is only true with a certain minimum speed of the buildd.
Bug#1053288: crontab -l became unreadable
Package: cron Version: 3.0pl1-175 I am using a dark desktop theme. Problem is, since #813614 the output of crontab -l is unreadable due to lack of contrast, esp. the comment lines. Apparently crontab -l changes the foreground color to dark blue, but ignores the background color provided by the terminal application using the dark theme. Doesn't seem reasonable to me. Either define both foreground and background, or don't mess up the colors. In Debian 12 crontab -l was fine. Regards Harri
Bug#967818: xboard: depends on deprecated GTK 2
I have fixed this in git by building the Xaw backend. As I am not very familiar with xboard, can somebody please verify that one can still use it in all the ways as the gtk version?
Bug#1052210: lxappearance: segfault after upgrade to lxappearance 0.6.3-3
>@10dmar10 >Do you have lxapperance-obconf installed too? If yes, have you tried removing >it? lxapperance and lxapperance-obconf are installed on my system as a required dependency of lxde. Removing lxapperance-obconf would break lxde, I would prefer not to do that... >And if possible, please open a new bug report there, with grave severity. The >patch is already available, so it won't be much work of fixing the package. Done: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053287
Bug#1053287: lxappearance-obconf: segfault in lxappearance since upgrade to gtk3(?)
Package: lxappearance-obconf Version: 0.2.3-2 Severity: grave Justification: renders package unusable X-Debbugs-Cc: 10dma...@gmail.com Hi, it seems since the last upgrade from 0.2.3-1 to 0.2.3-2 this package is causing a segfault in lxappearance. see also: attached gdb backtrace text file https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052210 -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug') Architecture: amd64 (x86_64) Kernel: Linux 6.5.5-wwa (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages lxappearance-obconf depends on: ii libc62.37-10 ii libcairo21.18.0-1 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.78.0-2 ii libgtk-3-0 3.24.38-5 ii libobrender32v5 3.6.1-11 ii libobt2v53.6.1-11 ii libx11-6 2:1.8.6-1 ii libxml2 2.9.14+dfsg-1.3 lxappearance-obconf recommends no packages. lxappearance-obconf suggests no packages. -- no debconf information Starting program: /usr/bin/lxappearance [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x757ff6c0 (LWP 3673)] [New Thread 0x74ffe6c0 (LWP 3674)] [New Thread 0x7fffe6c0 (LWP 3675)] [New Thread 0x7fffef7fe6c0 (LWP 3676)] [Thread 0x7fffef7fe6c0 (LWP 3676) exited] [New Thread 0x7fffef7fe6c0 (LWP 3677)] [New Thread 0x7fffeeffd6c0 (LWP 3678)] [Thread 0x7fffef7fe6c0 (LWP 3677) exited] [Thread 0x7fffeeffd6c0 (LWP 3678) exited] [New Thread 0x7fffeeffd6c0 (LWP 3679)] [New Thread 0x7fffef7fe6c0 (LWP 3680)] [New Thread 0x7fffed5ff6c0 (LWP 3681)] [Thread 0x7fffef7fe6c0 (LWP 3680) exited] [New Thread 0x7fffef7fe6c0 (LWP 3682)] [New Thread 0x7fffecdfe6c0 (LWP 3683)] [Thread 0x7fffed5ff6c0 (LWP 3681) exited] [Thread 0x7fffef7fe6c0 (LWP 3682) exited] [Thread 0x7fffecdfe6c0 (LWP 3683) exited] [New Thread 0x7fffecdfe6c0 (LWP 3684)] [New Thread 0x7fffef7fe6c0 (LWP 3685)] [New Thread 0x7fffed5ff6c0 (LWP 3686)] [Thread 0x7fffecdfe6c0 (LWP 3684) exited] [New Thread 0x7fffecdfe6c0 (LWP 3687)] [Thread 0x7fffef7fe6c0 (LWP 3685) exited] [Thread 0x7fffed5ff6c0 (LWP 3686) exited] [New Thread 0x7fffed5ff6c0 (LWP 3688)] [New Thread 0x7fffef7fe6c0 (LWP 3689)] [New Thread 0x7fffda1ff6c0 (LWP 3690)] [Thread 0x7fffed5ff6c0 (LWP 3688) exited] [New Thread 0x7fffed5ff6c0 (LWP 3691)] [Thread 0x7fffef7fe6c0 (LWP 3689) exited] [Thread 0x7fffda1ff6c0 (LWP 3690) exited] [Thread 0x7fffecdfe6c0 (LWP 3687) exited] [Thread 0x7fffed5ff6c0 (LWP 3691) exited] Thread 1 "lxappearance" received signal SIGSEGV, Segmentation fault. 0x76cf6564 in cairo_surface_get_content () from /lib/x86_64-linux-gnu/libcairo.so.2 #0 0x76cf6564 in cairo_surface_get_content () at /lib/x86_64-linux-gnu/libcairo.so.2 #1 0x77eede3f in gdk_pixbuf_get_from_surface () at /lib/x86_64-linux-gnu/libgdk-3.so.0 #2 0x7460806c in preview_menu (theme=0x555de8b0) at src/preview.c:152 title_text = dpy = 0x55577d40 title_h = 25 selected = 0x55ad0a40 surface = 0x555fa170 width = 77 x = 1 tw = 2 th = 18 bw = bh = 22 unused = 51 normal = 0x55ad0930 disabled = 0x55ad0b50 bullet = 0x55ad0d70 y = 1 title = 0x55ad0560 menu = background = pixbuf = height = 94 preview = menu = window = window_w = menu_w = w = h = theme = 0x555de8b0 #3 preview_theme (name=, titlelayout=0x55957800 "NLIMC", active_window_font=, inactive_window_font=, menu_title_font=, menu_item_font=, osd_active_font=0x559b3520, osd_inactive_font=0x55ab5920) at src/preview.c:835 preview = menu = window = window_w = menu_w = w = h = theme = 0x555de8b0 #4 0x746088e6 in preview_update_all () at src/preview_update.c:60 pix = preview = name = 0x55a901b0 "Clearlooks-Olive" it = { stamp = 1769482829, user_data = 0x55a93d80, user_data2 = 0x0, user_data3 = 0x0 } sel = #5 0x7460901d in theme_load_all () at src/theme.c:242 name = 0x55a8e600 "Clearlooks-Olive" p = it = next = i = w = 0x55a49c70 #6 0x74606792 in plugin_load (app=, lxappearance_builder=) at src/main.c:231 exit_with_error = 0 wm_name = #7 0xdd6f in plugins_init (builder=0x555fdd40) at ./src/plugin.c:62 load = 0x746064d0 loaded = 0
Bug#1052759: qtremoteobjects-everywhere-src: FTBFS: qcontainerfwd.h:63:7: error: typedef redefinition with different types ('QList' vs 'QByteArrayList')
Control: retitle -1 qtremoteobjects-everywhere-src: FTBFS: tst_usertypes::extraPropertyInQml2() fails Control: severity -1 important Control: tags -1 + unreproducible Hi Lucas! On Tue, Sep 26, 2023 at 02:38:35PM +0200, Lucas Nussbaum wrote: > Source: qtremoteobjects-everywhere-src > Version: 5.15.10-2 > Severity: serious > Justification: FTBFS > Tags: trixie sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20230925 ftbfs-trixie > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. I have just built this package successfully two times in my sid chroot. Also, it builds successfully in the reproducible builds environment [1]. [1]: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/qtremoteobjects-everywhere-src.html > Relevant part (hopefully): > > make[6]: Entering directory '/<>/src/remoteobjects' > > /usr/lib/qt5/bin/qtattributionsscanner /<> --filter > > QDocModule=qtremoteobjects -o > > /<>/src/remoteobjects/codeattributions.qdoc > > /<>/src/remoteobjects/qdoc_wrapper.sh -outputdir > > /<>/doc/qtremoteobjects -installdir /usr/share/qt5/doc > > /<>/src/remoteobjects/doc/qtremoteobjects.qdocconf -prepare > > -indexdir /usr/share/qt5/doc -no-link-errors -I. -I../../include > > -I../../include/QtRemoteObjects -I../../include/QtRemoteObjects/5.15.10 > > -I../../include/QtRemoteObjects/5.15.10/QtRemoteObjects -I. > > -I/usr/include/x86_64-linux-gnu/qt5 > > -I/usr/include/x86_64-linux-gnu/qt5/QtNetwork > > -I/usr/include/x86_64-linux-gnu/qt5/QtCore/5.15.10 > > -I/usr/include/x86_64-linux-gnu/qt5/QtCore/5.15.10/QtCore > > -I/usr/include/x86_64-linux-gnu/qt5/QtCore -I.moc > > -I/usr/lib/x86_64-linux-gnu/qt5/mkspecs/linux-g++ -I/usr/include/c++/13 > > -I/usr/include/x86_64-linux-gnu/c++/13 -I/usr/include/c++/13/backward > > -I/usr/lib/gcc/x86_64-linux-gnu/13/include -I/usr/local/include > > -I/usr/include/x86_64-linux-gnu -I/usr/include > > qt.qdoc: Start qdoc for QtRemoteObjects in dual process mode: prepare phase. > > /usr/include/x86_64-linux-gnu/qt5/QtCore/qcontainerfwd.h:63:7: error: > > typedef redefinition with different types ('QList' vs > > 'QByteArrayList') No, this is an error when generating documentation, but it does not make the build fail. The really relevant part is this one: > > * Start testing of tst_usertypes * > > Config: Using QtTest library 5.15.10, Qt 5.15.10 (x86_64-little_endian-lp64 > > shared (dynamic) release build; by GCC 13.1.0), debian unknown > > PASS : tst_usertypes::initTestCase() > > PASS : tst_usertypes::extraPropertyInQml() > > QSYSTEM: tst_usertypes::extraPropertyInQml2() qt.remoteobjects: Listen > > failed for URL: QUrl("local:test2") > > QSYSTEM: tst_usertypes::extraPropertyInQml2() qt.remoteobjects: > > QAbstractSocket::AddressInUseError > > FAIL! : tst_usertypes::extraPropertyInQml2() Compared values are not the > > same > >Actual ((obj->property("hour").value())): 6 > >Expected (10) : 10 > >Loc: [tst_usertypes.cpp(106)] Maybe this test is flaky, but as I said, it works for me. Can you reproduce this error? Maybe there is some difference between our setups that makes it fail? -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#1053286: tripwire segfaults during run
Package: tripwire Version: 2.4.3.7-4+b9 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Maintainer, The latest version of tripwire segfaults during a run. I've taken an strace, but it's over a Gb lond, and still over 100 Mb when tarred and feathered. I'll try and attach the last couple of hundred lines. I do note that the last couple of files that it was checking before it failed were symlinks to other files (/lib/x86_64-linux-gnu/libbsd.so.0 and /lib/x86_64-linux-gnu/libmd.so.0), but I don't know whether that's relevant or not. - -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.5.khufu (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0]1.5.82 ii sendmail-bin [mail-transport-agent] 8.17.2-1 tripwire recommends no packages. tripwire suggests no packages. - -- Configuration Files: /etc/tripwire/twpol.txt changed: @@section GLOBAL TWBIN = /usr/sbin; TWETC = /etc/tripwire; TWVAR = /var/lib/tripwire; @@section FS SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change SEC_BIN = $(ReadOnly) ;# Binaries that should not change SEC_CONFIG= $(Dynamic) ; # Config files that are changed # infrequently but accessed # often SEC_LOG = $(Growing) ; # Files that grow, but that # should never change ownership SEC_INVARIANT = +tpug ; # Directories that should never # change permission or ownership SIG_LOW = 33 ; # Non-critical files that are of # minimal security impact SIG_MED = 66 ; # Non-critical files that are of # significant security impact SIG_HI= 100 ;# Critical files that are # significant points of # vulnerability ( rulename = "Tripwire Binaries", severity = $(SIG_HI) ) { $(TWBIN)/siggen -> $(SEC_BIN) ; $(TWBIN)/tripwire -> $(SEC_BIN) ; $(TWBIN)/twadmin-> $(SEC_BIN) ; $(TWBIN)/twprint-> $(SEC_BIN) ; } ( rulename = "Tripwire Data Files", severity = $(SIG_HI) ) { $(TWVAR)/$(HOSTNAME).twd-> $(SEC_CONFIG) -i ; $(TWETC)/tw.pol -> $(SEC_BIN) -i ; $(TWETC)/tw.cfg -> $(SEC_BIN) -i ; $(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ; $(TWETC)/site.key -> $(SEC_BIN) ; #don't scan the individual reports $(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ; } ( rulename = "Critical system boot files", severity = $(SIG_HI) ) { /boot -> $(SEC_CRIT) ; /lib/modules-> $(SEC_CRIT) ; } ( rulename = "Boot Scripts", severity = $(SIG_HI) ) { /etc/init.d -> $(SEC_BIN) ; /etc/rcS.d -> $(SEC_BIN) ; /etc/rc0.d -> $(SEC_BIN) ; /etc/rc1.d -> $(SEC_BIN) ; /etc/rc2.d -> $(SEC_BIN) ; /etc/rc3.d -> $(SEC_BIN) ; /etc/rc4.d -> $(SEC_BIN) ; /etc/rc5.d -> $(SEC_BIN) ; /etc/rc6.d -> $(SEC_BIN) ; /etc/systemd-> $(SEC_BIN) ; } ( rulename = "Root file-system executables", severity = $(SIG_HI) ) { /bin-> $(SEC_BIN) ; /sbin -> $(SEC_BIN) ; } ( rulename = "Root file-system libraries", severity = $(SIG_HI) ) { /lib-> $(SEC_BIN) ; } ( rulename = "Security Control", severity = $(SIG_MED) ) { /etc/passwd -> $(SEC_CONFIG) ; /etc/shadow -> $(SEC_CONFIG) ; } ( rulename = "Root config files", severity = 100 ) { /root -> $(SEC_CRIT) ; # Catch all additions to /root /root/.bashrc -> $(SEC_CONFIG) ; /root/.bash_profile -> $(SEC_CONFIG) ; /root/.Xdefaults-> $(SEC_CONFIG) ; /root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode number on login /root/.ICEauthority -> $(SEC_CONFIG) ; } ( rulename = "Devices & Kernel information", severity = $(SIG_HI), ) { /dev-> $(Device) ; } ( rulename = "Things that change all the time", severity = 0 ) { /etc/cups/printers.conf
Bug#1050329: sexpp FTBFS with nocheck profile
Hello! Please excuse me for writing a mail about this bug as a non-Debian developer. I had read on a problem with the GnuPG2 package (#1033155) that Daniel is on the LowThresholdNmu list. If I understood it correctly, there is already a patch for this bug. So could such a non-maintainer upload be the solution here as well? Again, sorry for this unasked post, but since 10/24 is approaching, I just wrote it as a simple Thundbird user on Debian. Kind regards Karel
Bug#1050607: xcb: bookworm xcb won't paste from selected cut buffer
X-Debbugs-CC: Phil Chadwick Control: tag -1 moreinfo I cannot reproduce this with 2.4-7 under xorg: xcb behaves as expected. You state that you use the "standard bookworm Gnome desktop" which should be using Wayland. Are you under Wayland? Because if so then I suspect the behaviour you observed might be due to Xwayland probably not implementing Cut Buffers correctly (or at all) -- which would be unsurprising as they have been a rather obscure/obsolete feature of X for quite some time. In that case it would be prudent to look for an alternative clipboard because I have my doubts that the Xwayland people would add this feature if one were to ask them to. If you want to debug this further you should paste the output of xprop -root | grep CUT_BUFFER For me its: CUT_BUFFER0(UTF8_STRING) = "foo" CUT_BUFFER1(UTF8_STRING) = "bar" CUT_BUFFER2(STRING) = CUT_BUFFER3(STRING) = CUT_BUFFER4(STRING) = CUT_BUFFER5(STRING) = CUT_BUFFER6(STRING) = CUT_BUFFER7(STRING) = Regards.
Bug#1053285: AttributeError: 'PlatformioCLI' object has no attribute 'resultcallback'
Package: platformio Version: 4.3.4-3 Severity: grave Justification: renders package unusable Forwarded: https://github.com/platformio/platformio-core/issues/4075 X-Debbugs-Cc: onit...@gmail.com Dear Maintainer, The current version of PlatformIO in Debian no longer works with python3-click due to the following incompatibility: AttributeError: 'PlatformioCLI' object has no attribute 'resultcallback'. Did you mean: 'result_callback'? This issue has been fixed in PlatformIO 5.2.1. Preferably, update to the latest upstream version (6.1.11 currently). Thanks! Full stack trace: Traceback (most recent call last): File "/usr/bin/platformio", line 33, in sys.exit(load_entry_point('platformio==4.3.4', 'console_scripts', 'platformio')()) ^^ File "/usr/bin/platformio", line 25, in importlib_load_entry_point return next(matches).load() File "/usr/lib/python3.11/importlib/metadata/__init__.py", line 202, in load module = import_module(match.group('module')) File "/usr/lib/python3.11/importlib/__init__.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1204, in _gcd_import File "", line 1176, in _find_and_load File "", line 1147, in _find_and_load_unlocked File "", line 690, in _load_unlocked File "", line 940, in exec_module File "", line 241, in _call_with_frames_removed File "/usr/lib/python3/dist-packages/platformio/__main__.py", line 66, in @cli.resultcallback() ^^ AttributeError: 'PlatformioCLI' object has no attribute 'resultcallback'. Did you mean: 'result_callback'? -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages platformio depends on: ii python3 3.11.4-5+b1 ii python3-bottle0.12.23-1.2 ii python3-click 8.1.6-1 ii python3-colorama 0.4.6-4 ii python3-marshmallow 3.18.0-1 ii python3-pyelftools0.30-1 ii python3-requests 2.31.0+dfsg-1 ii python3-semantic-version 2.9.0-2 ii python3-serial3.5-1.1 ii python3-tabulate 0.8.9-1 platformio recommends no packages. Versions of packages platformio suggests: pn platformio-doc -- no debconf information
Bug#1053284: xrdp: CVE-2023-42822: Unchecked access to font glyph info
Source: xrdp Version: 0.9.21.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for xrdp. CVE-2023-42822[0]: | xrdp is an open source remote desktop protocol server. Access to the | font glyphs in xrdp_painter.c is not bounds-checked . Since some of | this data is controllable by the user, this can result in an out-of- | bounds read within the xrdp executable. The vulnerability allows an | out-of-bounds read within a potentially privileged process. On non- | Debian platforms, xrdp tends to run as root. Potentially an out-of- | bounds write can follow the out-of-bounds read. There is no denial- | of-service impact, providing xrdp is running in forking mode. This | issue has been addressed in release 0.9.23.1. Users are advised to | upgrade. There are no known workarounds for this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42822 https://www.cve.org/CVERecord?id=CVE-2023-42822 [1] https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw [2] https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053283: matrix-synapse: CVE-2023-42453 CVE-2023-41335
Source: matrix-synapse Version: 1.92.0-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for matrix-synapse. CVE-2023-42453[0]: | Synapse is an open-source Matrix homeserver written and maintained | by the Matrix.org Foundation. Users were able to forge read receipts | for any event (if they knew the room ID and event ID). Note that the | users were not able to view the events, but simply mark it as read. | This could be confusing as clients will show the event as read by | the user, even if they are not in the room. This issue has been | patched in version 1.93.0. Users are advised to upgrade. There are | no known workarounds for this issue. CVE-2023-41335[1]: | Synapse is an open-source Matrix homeserver written and maintained | by the Matrix.org Foundation. When users update their passwords, the | new credentials may be briefly held in the server database. While | this doesn't grant the server any added capabilities—it already | learns the users' passwords as part of the authentication process—it | does disrupt the expectation that passwords won't be stored in the | database. As a result, these passwords could inadvertently be | captured in database backups for a longer duration. These | temporarily stored passwords are automatically erased after a | 48-hour window. This issue has been addressed in version 1.93.0. | Users are advised to upgrade. There are no known workarounds for | this issue. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42453 https://www.cve.org/CVERecord?id=CVE-2023-42453 https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x [1] https://security-tracker.debian.org/tracker/CVE-2023-41335 https://www.cve.org/CVERecord?id=CVE-2023-41335 https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 Regards, Salvatore -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1053282: node-postcss: CVE-2023-44270
Source: node-postcss Version: 8.4.20+~cs8.0.23-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for node-postcss. CVE-2023-44270[0]: | An issue was discovered in PostCSS before 8.4.31. It affects linters | using PostCSS to parse external Cascading Style Sheets (CSS). There | may be \r discrepancies, as demonstrated by @font-face{ | font:(\r/*);} in a rule. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44270 https://www.cve.org/CVERecord?id=CVE-2023-44270 [1] https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053281: linux-image-6.5.0-1-amd64: Debian does not boot at cold start on kernel 6.5.0-1-amd64 on Intel NUC 12
Package: src:linux Version: 6.5.3-1 Severity: important X-Debbugs-Cc: kurom...@stodwa.org Dear Maintainer, * What is the issue? When I cold boot my Intel NUC12SNKi72, boot process of my Debian sid hangs at Loading initial ramdisk EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path EFI stub: Measured initrd data into PCR 9 Suspected problem source is firmware loading and/or i915 driver because it has dual Intel GPU (CPU-included and A770M) configuration, which is not very popular. * What exactly did you do (or not do) that was effective (or ineffective)? Added "nomodeset" kernel param -> it made issue even worse. It hangs same way, but ctrl+alt+del does not reboot OS. Installed bookworm-backports kernel linux-image-6.4.0-0.deb12.2-amd64 (6.4.4-3~bpo12+1) - it works properly on this version. * What was the outcome of this action? OS does not boot. I found two workarounds for kernel 6.5: 1. Boot Windows first, reboot and boot Debian. 2. Let Debian hang as described above, press ctrl+alt+del to reboot. After that Debian will boot properly. It won't boot though if I reboot while in Grub - it must attempt to load initrd to let Debian boot after reboot. The issue was reported on Ubuntu kernel 6.5 as well: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/2037176 -- Package-specific info: ** Version: Linux version 6.5.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-13 (Debian 13.2.0-4) 13.2.0, GNU ld (GNU Binutils for Debian) 2.41) #1 SMP PREEMPT_DYNAMIC Debian 6.5.3-1 (2023-09-13) ** Command line: BOOT_IMAGE=/boot/vmlinuz-6.5.0-1-amd64 root=UUID=bf0e1c3b-f21b-443d-a929-d450ea6a2f30 ro quiet ** Tainted: U (64) * taint requested by userspace application ** Kernel log: [5.014518] usb 1-1.5: new high-speed USB device number 11 using xhci_hcd [5.144618] usb 1-1.5: New USB device found, idVendor=0bda, idProduct=5418, bcdDevice= 1.01 [5.144622] usb 1-1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [5.144622] usb 1-1.5: Product: BillBoard Device [5.144623] usb 1-1.5: Manufacturer: Realtek [5.214504] usb 1-1.1.5: new high-speed USB device number 12 using xhci_hcd [5.332226] usb 1-1.1.5: New USB device found, idVendor=0bda, idProduct=1100, bcdDevice= 1.01 [5.332230] usb 1-1.1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [5.332232] usb 1-1.1.5: Product: HID Device [5.332233] usb 1-1.1.5: Manufacturer: Realtek [5.402517] usb 1-1.1.2.3: new full-speed USB device number 13 using xhci_hcd [5.424418] Bluetooth: hci0: Waiting for firmware download to complete [5.425079] Bluetooth: hci0: Firmware loaded in 1538277 usecs [5.425167] Bluetooth: hci0: Waiting for device to boot [5.441106] Bluetooth: hci0: Device booted in 15611 usecs [5.441472] bluetooth hci0: firmware: direct-loading firmware intel/ibt-0040-0041.ddc [5.441500] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-0040-0041.ddc [5.444292] Bluetooth: hci0: Applying Intel DDC parameters completed [5.447239] Bluetooth: hci0: Firmware timestamp 2023.13 buildtype 1 build 62562 [5.509488] usb 1-1.1.2.3: New USB device found, idVendor=413c, idProduct=2514, bcdDevice= 2.22 [5.509510] usb 1-1.1.2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [5.509512] usb 1-1.1.2.3: Product: Dell Universal Receiver [5.509513] usb 1-1.1.2.3: Manufacturer: Dell Computer Corp [5.516437] Bluetooth: MGMT ver 1.22 [5.521038] NET: Registered PF_ALG protocol family [5.582555] usb 1-1.6: new high-speed USB device number 14 using xhci_hcd [5.677319] pipewire[1235]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [5.700275] usb 1-1.6: New USB device found, idVendor=0bda, idProduct=1101, bcdDevice= 1.01 [5.700279] usb 1-1.6: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [5.700280] usb 1-1.6: Product: HID Device [5.700280] usb 1-1.6: Manufacturer: Realtek [5.709487] mc: Linux media interface: v0.10 [5.710256] hid: raw HID events driver (C) Jiri Kosina [5.722243] videodev: Linux video capture interface: v2.00 [5.731497] usbcore: registered new interface driver usbhid [5.731499] usbhid: USB HID core driver [5.734394] input: Dell C2422HE Consumer Control as /devices/pci:00/:00:14.0/usb1/1-1/1-1.3/1-1.3:1.3/0003:413C:C00B.0001/input/input17 [5.734823] usb 1-1.4: Found UVC 1.50 device Integrated_Webcam_5M_IR (413c:c00a) [5.752288] usb 1-1.3: Warning! Unlikely big volume range (=18944), cval->res is probably wrong. [5.752308] usb 1-1.3: [2] FU [Headset Playback Volume] ch = 2, val = -18944/0/1 [5.757326] usb 1-1.3: Warning! Unlikely big volume range (=18944), cval->res is probably wrong. [5.757334] usb 1-1.3: [6] FU [Headset Capture Volume] ch = 2, val = -18944/0/1 [5.774563] usb 1-1.1.2.4: new high-speed USB device number 15 using xhci_hcd [5.794553] input: Dell C2422HE as
Bug#1053280: RFS: gsimplecal/2.5.1-1 -- lightweight GUI calendar application
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "gsimplecal": * Package name : gsimplecal Version : 2.5.1-1 Upstream contact : https://github.com/dmedvinsky/gsimplecal/issues * URL : https://dmedvinsky.github.io/gsimplecal * License : BSD-3-Clause * Vcs : https://salsa.debian.org/debian/gsimplecal Section : misc The source builds the following binary packages: gsimplecal - lightweight GUI calendar application To access further information about this package, please visit the following URL: https://mentors.debian.net/package/gsimplecal/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/g/gsimplecal/gsimplecal_2.5.1-1.dsc Changes since the last upload: gsimplecal (2.5.1-1) unstable; urgency=medium . * New upstream version 2.5.1 Regards, -- Hugo Torres de Lima
Bug#1053199: liferea does not show feed item contents after 1.15.2-1->1.15.3-1 update
Hi, Thanks for reporting issues you encounter. On 29-09-2023 09:47, Paul Seyfert wrote: I upgraded liferea and liferea-data 1.15.2-1 → 1.15.3-1, along with a bunch of other updates (e.g. libwebkit2gtk 2.40.5-1 → 2.42.0-1) Stupid question maybe: did you restart liferea since the upgrade? The liferea window is divided into 3 parts: 1) the list of all my feeds 2) the list of all news items in the selected feed 3) the content a news item Usually, when selecting a news item in 2, it gets shown in 3. Agreed (I use liferea myself). Since the upgrade, window 3 remains gray and does not show. It works for me. So, what could be different (non-default) in your environment? Paul OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1053275: (no subject)
Recent patch: * https://gitlab.com/axet/homebin/-/blob/debian/dbuild.d/bookworm/devscripts/mk-build-deps.patch Also devscripts failed to build without: * https://gitlab.com/axet/homebin/-/blob/debian/dbuild.d/bookworm/devscripts/build.patch -- AK
Bug#999649: tagging 999649
tags 999649 + pending thanks Fixed with commit: https://salsa.debian.org/science-team/ckon/-/commit/45cf9dd5f
Bug#1053277: libcups2: typo in NEWS
Hi Christian, On 30.09.23 19:02, Christian T. Steigies wrote: I did not find this file (because I don't have a full install), but I think the filename should be cupsd.conf instead of cupds.conf. oops, thanks for telling. You are right, the correct name would have been cupsd.conf Thorsten
Bug#1053278: Acknowledgement (embeds fasttext LLM)
Screenshot attached -- see shy jo signature.asc Description: PGP signature
Bug#1053279: contains 100+kb minified .js file without corresponding source
Package: firefox Version: 118.0-1 Severity: normal toolkit/components/translations/fasttext/fasttext_wasm.js is 100+ kb of minified js. There is no other source code. AFAIK this is not acceptable in a Debian package. https://firefox-source-docs.mozilla.org/toolkit/components/translations/resources/02_contributing.html#building-fasttext discusses this file and how it was generated, including minification. -- Package-specific info: -- Addons package information -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 5.13 ii fontconfig 2.14.2-6 ii libasound2 1.2.10-1 ii libatk1.0-0 2.50.0-1 ii libc62.37-11 ii libcairo-gobject21.18.0-1 ii libcairo21.18.0-1 ii libdbus-1-3 1.14.10-1 ii libdbus-glib-1-2 0.112-3 ii libevent-2.1-7 2.1.12-stable-8 ii libffi8 3.4.4-1 ii libfontconfig1 2.14.2-6 ii libfreetype6 2.13.2+dfsg-1 ii libgcc-s113.2.0-4 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.78.0-2 ii libgtk-3-0 3.24.38-5 ii libnspr4 2:4.35-1.1 ii libnss3 2:3.93-1 ii libpango-1.0-0 1.51.0+ds-2 ii libstdc++6 13.2.0-4 ii libvpx7 1.12.0-1 ii libx11-6 2:1.8.6-1 ii libx11-xcb1 2:1.8.6-1 ii libxcb-shm0 1.15-1 ii libxcb1 1.15-1 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxrandr2 2:1.5.2-2+b1 ii libxtst6 2:1.2.3-1.1 ii procps 2:4.0.3-1 ii zlib1g 1:1.2.13.dfsg-3 Versions of packages firefox recommends: ii libavcodec59 7:5.1.3-2 ii libavcodec60 7:6.0-7 Versions of packages firefox suggests: ii fonts-lmodern 2.005-1 pn fonts-stix | otf-stix ii libcanberra0 0.30-10 ii libgssapi-krb5-2 1.20.1-4 ii pulseaudio 16.1+dfsg1-2+b1 -- no debconf information -- see shy jo signature.asc Description: PGP signature
Bug#1053278: embeds fasttext LLM
Package: firefox Version: 118.0-1 Severity: normal Firefox has a new offline translation capability in version 118. Step one of that is determining the language used in a web page. It uses https://fasttext.cc/ to acomplish that. I have experimentally verified that firefox is able to detect the language of a Spanish language web page when used offline. So it is not downloading the LLM from a server and using it, instead the LLM must be baked into firefox. (The LLMs used for the actual translation are downloaded on demand.) See attached screenshot. This is the first run of firefox in a user account, while offline. The localhost webserver does not send any headers indicating the page's language. This is arguably a DFSG violation. I have no firm opinion on that matter, but I *do* have the opinion that the free software community needs to come to a consensus about the question. Inclusion of LLMs in packages like this risks a decision by default. Note that the fasttext LLM uses wikipedia or the common crawl as its corpus. The pre-trained vectors, which I think some would prefer to consider as "source" rather than the training corpus, are 500+ mb so it seems that are not included in the source package either. I think what is included is a quantized model, as described here https://fasttext.cc/docs/en/faqs.html -- Package-specific info: -- Addons package information -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 5.13 ii fontconfig 2.14.2-6 ii libasound2 1.2.10-1 ii libatk1.0-0 2.50.0-1 ii libc62.37-11 ii libcairo-gobject21.18.0-1 ii libcairo21.18.0-1 ii libdbus-1-3 1.14.10-1 ii libdbus-glib-1-2 0.112-3 ii libevent-2.1-7 2.1.12-stable-8 ii libffi8 3.4.4-1 ii libfontconfig1 2.14.2-6 ii libfreetype6 2.13.2+dfsg-1 ii libgcc-s113.2.0-4 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.78.0-2 ii libgtk-3-0 3.24.38-5 ii libnspr4 2:4.35-1.1 ii libnss3 2:3.93-1 ii libpango-1.0-0 1.51.0+ds-2 ii libstdc++6 13.2.0-4 ii libvpx7 1.12.0-1 ii libx11-6 2:1.8.6-1 ii libx11-xcb1 2:1.8.6-1 ii libxcb-shm0 1.15-1 ii libxcb1 1.15-1 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxrandr2 2:1.5.2-2+b1 ii libxtst6 2:1.2.3-1.1 ii procps 2:4.0.3-1 ii zlib1g 1:1.2.13.dfsg-3 Versions of packages firefox recommends: ii libavcodec59 7:5.1.3-2 ii libavcodec60 7:6.0-7 Versions of packages firefox suggests: ii fonts-lmodern 2.005-1 pn fonts-stix | otf-stix ii libcanberra0 0.30-10 ii libgssapi-krb5-2 1.20.1-4 ii pulseaudio 16.1+dfsg1-2+b1 -- no debconf information -- see shy jo signature.asc Description: PGP signature
Bug#1053219: bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u2
Control: tags -1 confirmed On Fri, 2023-09-29 at 17:37 +0400, Yadd wrote: > Two new vulnerabilities have been dicovered and fixed in lemonldap- > ng: > - an open redirection only when configuration is edited by hand and >doesn't follow OIDC specifications > - a server-side-request-forgery (CVE-2023-44469) in OIDC protocol: >A little-know feature of OIDC allows the OpenID Provider to fetch > the >Authorization request parameters itself by indicating a > request_uri >parameter. This feature is now restricted to a white list using > this >patch > --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,13 @@ +lemonldap-ng (2.16.1+ds-deb12u2) bullseye; urgency=medium As Salvatore pointed out, the suite is wrong in the header. + + A little-know feature of OIDC allows the OpenID Provider to fetch the s/little-know// Please go ahead. Regards, Adam
Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1
Control: tags -1 confirmed On Fri, 2023-09-29 at 08:35 +0200, Birger Schacht wrote: > The terminal emulator foot contains a vulnerability. The issue is > that, if an XTGETTCAP escape sequence printed to the terminal > contains newline characters, foot will echo the newline characters > back into the PTY as part of the "invalid capability" response. > (XTGETTCAP strings are supposed to be hex-encoded, so it's not valid > for them to contain newline characters.) > Please go ahead. Regards, Adam
Bug#1053220: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u5
Control: tags -1 confirmed On Fri, 2023-09-29 at 17:45 +0400, Yadd wrote: > Two new vulnerabilities have been dicovered and fixed in lemonldap- > ng: > - an open redirection due to incorrect escape handling > - an open redirection only when configuration is edited by hand and >doesn't follow OIDC specifications > - a server-side-request-forgery (CVE-2023-44469) in OIDC protocol: >A little-know feature of OIDC allows the OpenID Provider to fetch > the >Authorization request parameters itself by indicating a > request_uri >parameter. This feature is now restricted to a white list using > this >patch > Please go ahead. Regards, Adam
Bug#1053277: libcups2: typo in NEWS
Package: libcups2 Version: 2.2.10-6+deb10u9 Severity: minor Dear Maintainer, I don't seem to have a full CUPS install on this old machine, but libcups2 got updated and displayed the NEWS file with this line: "Please double check your /etc/cups/cupds.conf file" I did not find this file (because I don't have a full install), but I think the filename should be cupsd.conf instead of cupds.conf. thanks, Christian -- System Information: Debian Release: 10.13 APT prefers oldoldstable APT policy: (500, 'oldoldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-20-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libcups2 depends on: ii libavahi-client3 0.7-4+deb10u3 ii libavahi-common3 0.7-4+deb10u3 ii libc6 2.28-10+deb10u2 ii libgnutls30 3.6.7-4+deb10u10 ii libgssapi-krb5-2 1.17-3+deb10u5 ii zlib1g1:1.2.11.dfsg-1+deb10u2 libcups2 recommends no packages. Versions of packages libcups2 suggests: pn cups-common -- no debconf information
Bug#1053270: bullseye-pu: package curl/7.74.0-1.3+deb11u9
Control: tags -1 confirmed On Sat, 2023-09-30 at 20:46 +0800, Carlos Henrique Lima Melara wrote: > Vulnerabilities were discovered and reported to Curl upstream [1][2] > with the > following CVE IDs: > > - CVE-2023-28321 > - CVE-2023-28322 > Please go ahead. Regards, Adam
Bug#1053276: polyphone: update d/watch
Package: polyphone Version: 2.2.0.20210109+dfsg1-3 Severity: minor Dear Maintainer, Here is a suggested patch for this. Thanks, Patrice -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages polyphone depends on: ii libc6 2.37-11 ii libflac12 1.4.3+ds-2 ii libgcc-s1 13.2.0-4 ii libjack-jackd2-0 [libjack-0.125] 1.9.21~dfsg-3 ii libportaudio2 19.6.0-1.2 ii libqcustomplot2.1 2.1.0+dfsg1-3.1 ii libqt5core5a 5.15.10+dfsg-3 ii libqt5gui55.15.10+dfsg-3 ii libqt5network55.15.10+dfsg-3 ii libqt5svg55.15.10-2 ii libqt5widgets55.15.10+dfsg-3 ii librtmidi65.0.0-3 ii libsfark0 2.24-5 ii libssl3 3.0.11-1 ii libstdc++613.2.0-4 ii libstk-4.6.2 4.6.2+dfsg-2 ii zlib1g1:1.2.13.dfsg-3 polyphone recommends no packages. polyphone suggests no packages. -- no debconf information diff --git a/debian/watch b/debian/watch index ac23b1b..3543b8b 100644 --- a/debian/watch +++ b/debian/watch @@ -3,6 +3,6 @@ version=4 repacksuffix=+dfsg1,\ compression=xz,\ dversionmangle=s/\+dfsg[0-9]+$// \ - https://github.com/mirabilos/polyphone/tags \ - .*/polyphone/archive/([0-9]+(?:\.[0-9]+)*)\.tar\.gz \ + https://github.com/mirabilos/@PACKAGE@/tags \ + (?:.*?/)?v?@ANY_VERSION@@ARCHIVE_EXT@ \ debian
Bug#1038447: librsvg: FTBFS on big-endian architectures: multiple test regressions since September 2022
On Mon, 28 Aug 2023 at 06:05:57 +, Gayathri Berli wrote: > Unfortunately, we are encountering an issue with the chroot as followed. > [an attached screenshot of some text] For reference, the attached image was a screenshot of a terminal with approximately this text (might contain mistakes, I am transcribing it by hand): root@:~# schroot -n librsvg -c sid —begin E: --session-name is not permitted for the specified action I: Run “schroot --help” to list usage example for the specified action When discussing a technical issue, particularly involving command-line tools, please try to send text as copy/pasted text, rather than as images of text. Images are not easily available in all contexts, and some developers who rely on screen readers and other accessibility technologies cannot see them at all. > We > tried the best to resolve it, but nothing helped us move forward. Could anyone > has faced the same issue/solution of it please let us know. If any other steps > might be needed to reproduce the same, please confirm. Sorry, I have too many responsibilities other than librsvg, and I am not able to provide you with a detailed tutorial on how to use schroot. The instructions I provided assume basic familiarity with the schroot tool, and a chroot template named "sid" already set up with Debian unstable. As an alternative to using Debian-specific tools, you could try building librsvg according to its normal upstream build procedure: you might find that easier if you are unfamiliar with Debian tools. There is an upstream development guide available: https://gnome.pages.gitlab.gnome.org/librsvg/devel-docs/index.html Or, if you have a preferred container or virtual machine technology, you could use that instead of schroot, set up a Debian unstable environment, and run something like this as root in that environment instead of using schroot: apt-get -y update apt-get -y dist-upgrade apt-get -y install ccache git quilt git-buildpackage apt-get -y build-dep librsvg and then do the build in that environment. If you would prefer to use schroot, please consult schroot documentation or ask a colleague who already knows how to use it. In the text in your screenshot, you seem to be using "—begin" (starting with U+2014 EM DASH) instead of the correct "--begin" (starting with two copies of U+002D HYPHEN-MINUS) which is probably part of the problem that you are having. smcv
Bug#1038447: librsvg: FTBFS on big-endian architectures: multiple test regressions since September 2022
On Sun, 18 Jun 2023 at 15:58:10 +0200, John Paul Adrian Glaubitz wrote: > TIL about debbisect. I can try to bisect this on big-endian PowerPC, > I have root on multiple big-endian machines. Were you able to do this? Thanks, smcv
Bug#1050388: canu: autopkgtest generates unreasonably large artifacts
Hello, this has been fixed. Can you unblock canu from running on the CI infrastructure? Thanks,
Bug#1015702: view3dscene: ftbfs with LTO (link time optimization) enabled
I don't think disabling LTO is the correct solution here. At least, view3dscene 4.2.0-2 still FTBFS in Ubuntu with: /usr/bin/ld.bfd: -f may not be used without -shared Please consider the patch that was applied in Ubuntu [1], which filters out -ffat-lto-objects from LDFLAGS. --- a/debian/rules +++ b/debian/rules @@ -22,7 +22,7 @@ # Set default compilation options LDFLAGS=$(strip $(shell DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) \ dpkg-buildflags --get LDFLAGS | \ - sed -e 's/-Wl,//g' -e 's/,/ /g' -e 's1-specs=/usr/share/dpkg/.*\.specs11')) + sed -e 's/-Wl,//g' -e 's/,/ /g' -e 's1-specs=/usr/share/dpkg/.*\.specs11' -e 's/-ffat-lto-objects//')) BUILDOPTS=-k"${LDFLAGS}"\ -dRELEASE \ -Mobjfpc \ [1] https://launchpad.net/ubuntu/+source/view3dscene/4.0.0-3ubuntu1
Bug#1053275: devscripts: mk-build-deps failed to build i386 packages on amd64 host
Package: devscripts Version: 2.23.4 Severity: normal Dear Maintainer, the script copy Build-Depends into Depends. But those are not the same fields. Build-Depends parsed differently by apt then Depends. For most cases it is the same. But when you specify Build-Depends as for example python3-mako apt will install python3-mako:all arch. But when this build dependency moved into Depends with out arch specification, apt will try to install python3-mako:i386. and since here is no python3-mako:i386 install will failed. Following should work on amd64: apt build-dep mangohud apt build-dep mangohud:i386 mk-build-deps mangohud mk-build-deps -a i386 mangohud This patch / hack fixing the behaviour: diff --git a/scripts/mk-build-deps.pl b/scripts/mk-build-deps.pl index 8b35e7e..f09ae9b 100755 --- a/scripts/mk-build-deps.pl +++ b/scripts/mk-build-deps.pl @@ -425,7 +425,7 @@ if ($opt_install) { my (@pkg_names, @deb_files, @buildinfo_files, @changes_files, %uniq); for my $package (@packages) { if ($uniq{ $package->{deb_file} }++ == 0) { - push @pkg_names, $package->{package}; + push @pkg_names, $package->{package}.":".$package->{arch}; push @deb_files, $package->{deb_file}; push @buildinfo_files, $package->{buildinfo_file}; push @changes_files, $package->{changes_file}; @@ -514,16 +514,6 @@ sub build_equiv { $hostarch = $opt_hostarch; } - if ($packagearch eq "all") { - if ($buildarch ne $hostarch) { - die -"build architecture \"$buildarch\" is unequal host architecture \"$hostarch\" in which case the package architecture must not be \"all\" (but \"$hostarch\" instead)\n"; - } - } elsif ($packagearch ne $hostarch) { - die -"The package architecture must be equal to the host architecture except if the package architecture is \"all\"\n"; - } - my $build_profiles = [split /\s+/, ($ENV{'DEB_BUILD_PROFILES'} // "")]; if (defined $opt_buildprofiles) { $build_profiles = [split /,/, $opt_buildprofiles]; @@ -560,6 +550,10 @@ sub build_equiv { $dep->{archqual} = $buildarch; } } + my $str = `apt-cache showsrc "$dep" | grep-dctrl --show-field Package-List - | awk '\$1 == "$dep" && /arch=all/{print \$1}'`; + if ($str ne "") { + $dep->{archqual} = "all"; + } return 1; }; deps_iterate($positive, $handle_native_archqual); @@ -574,6 +568,14 @@ sub build_equiv { $buildess .= ", crossbuild-essential-$hostarch:$buildarch"; } + use File::Temp (); + my $temp = File::Temp->new(); + print $temp +" +$pkgname ($opts->{version}) unstable; urgency=low + + * First version +"; my $readme = '/usr/share/devscripts/templates/README.mk-build-deps'; open EQUIVS, "| equivs-build $args-" or die "$progname: Failed to execute equivs-build: $!\n"; @@ -581,7 +583,9 @@ sub build_equiv { . "Priority: optional\n" . "Standards-Version: 3.7.3\n\n" . "Package: $pkgname\n" - . "Architecture: $packagearch\n" + . "Architecture: any\n" + . "Multi-Arch: same\n" + . "Changelog: $temp\n" . "Depends: $buildess, $positive\n"; print EQUIVS "Conflicts: $negative\n" if $negative; @@ -603,10 +607,17 @@ sub build_equiv { my $v = Dpkg::Version->new($version); # The version in the .deb filename will not contain the epoch $version = $v->as_string(omit_epoch => 1); - my $deb_file = "${pkgname}_${version}_${packagearch}.deb"; + my $debarch; + if ($packagearch eq "all") { + $debarch = "$buildarch"; + } else { + $debarch = "$packagearch"; + } + my $deb_file = "${pkgname}_${version}_${debarch}.deb"; my $buildinfo_file = "${pkgname}_${version}_${hostarch}.buildinfo"; my $changes_file = "${pkgname}_${version}_${hostarch}.changes"; return { + arch => $debarch, package => $pkgname, deb_file => $deb_file, buildinfo_file => $buildinfo_file, -- Package-specific info: --- /etc/devscripts.conf --- Empty. --- ~/.devscripts --- DEBEMAIL=a...@me.com DEBFULLNAME="Alexey Kuznetsov" -- System Information: Debian Release: 12.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages devscripts depends on: ii dpkg-dev 1.21.22 ii fakeroot 1.31-1.2 ii file 1:5.44-3 ii gnupg 2.2.40-1.1 ii gpgv 2.2.40-1.1 ii libc6 2.36-9+deb12u1 ii libfile-dirlist-perl 0.05-3 ii libfile-homedir-perl 1.006-2 ii libfile-touch-perl 0.12-2 ii libfile-which-perl 1.27-2 ii libipc-run-perl 20220807.0-1 ii libmoo-perl 2.005005-1 ii libwww-perl 6.68-1 ii patchutils 0.4.2-1 ii perl 5.36.0-7 ii python3 3.11.2-1+b1 ii sensible-utils 0.0.17+nmu1 ii wdiff 1.2.2-5 Versions of packages devscripts recommends: ii apt 2.6.1 ii curl 7.88.1-10 ii dctrl-tools 2.24-3+b1 ii debian-keyring 2022.12.24 ii dput 1.1.3 ii equivs 2.3.1 ii libdistro-info-perl 1.5 ii libdpkg-perl 1.21.22 ii libencode-locale-perl 1.05-3 ii libgit-wrapper-perl 0.048-2 ii libgitlab-api-v4-perl 0.26-3 ii liblist-compare-perl 0.55-2 ii
Bug#1053274: ont-fast5-api: test_001_read_events fails with h5py 3.9.0: 'AstypeWrapper' object does not support the context manager protocol
Source: ont-fast5-api Version: 4.1.1+dfsg-2 Severity: serious Justification: debci h5py 3.9.0 is triggering an error ont-fast5-api debci tests, https://ci.debian.net/data/autopkgtest/testing/amd64/o/ont-fast5-api/38279479/log.gz 33s ERROR: test_001_read_events (test.test_event_detection_tools.TestEventDetectionTools.test_001_read_events) 33s -- 33s Traceback (most recent call last): 33s File "/tmp/autopkgtest-lxc.jqw02kin/downtmp/autopkgtest_tmp/test/test_event_detection_tools.py", line 26, in test_001_read_events 33s data, attrs = fh.get_event_data(time_in_seconds=True) 33s ^^^ 33s File "/usr/lib/python3/dist-packages/ont_fast5_api/analysis_tools/event_detection.py", line 84, in get_event_data 33s with dataset.astype(np.dtype(descr)): 33s TypeError: 'AstypeWrapper' object does not support the context manager protocol 33s 33s -- 33s Ran 76 tests in 1.416s 33s 33s FAILED (errors=1, skipped=5)
Bug#1053272: bookworm-pu: package rmlint/2.9.0-2.5~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Julian Gilbey , Carlos Maddela This adds the #1040940 fix to the #1040939 upload for an unrelated issue that is already included for the next point release. #1040940 happens with python3.11/sid but not with python3.11/bookworm, but it is unclear which python3.11 change caused it or whether this might at some point get backported as part of a security fix to python3.11/bookworm. The fix is an obvious off-by-one fix. Regarding the versioning: My debdiff is against the already approved #1040939, but I am changing the versioning from 2.9.0-2.3+deb12u* to 2.9.0-2.5~deb12u1 for two reasons: 1. it documents that this is a backport of a version, and 2. people won't see the same changes twice in apt-listchanges These are not very strong reasons, I wouldn't have made such a change had 2.9.0-2.3+deb12u1 already been released. diffstat for rmlint-2.9.0 rmlint-2.9.0 changelog | 19 ++- patches/0001-cmdline-do-not-write-NUL-byte-to-GUI-bootstrap-scrip.patch | 26 ++ patches/0001-fix-link-error-on-compilers-with-fno-common-enabled.patch |9 --- patches/series |1 4 files changed, 46 insertions(+), 9 deletions(-) diff -Nru rmlint-2.9.0/debian/changelog rmlint-2.9.0/debian/changelog --- rmlint-2.9.0/debian/changelog 2023-07-12 18:18:40.0 +0300 +++ rmlint-2.9.0/debian/changelog 2023-09-30 15:52:45.0 +0300 @@ -1,10 +1,25 @@ -rmlint (2.9.0-2.3+deb12u1) bookworm; urgency=medium +rmlint (2.9.0-2.5~deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * Rebuild for bookworm. + + -- Adrian Bunk Sat, 30 Sep 2023 15:52:45 +0300 + +rmlint (2.9.0-2.5) unstable; urgency=high + + * Non-maintainer upload. + * Add upstream fix for GUI startup failure with recent python3.11. +(Closes: #1040940) + + -- Adrian Bunk Sat, 05 Aug 2023 17:16:05 +0300 + +rmlint (2.9.0-2.4) unstable; urgency=medium * Non-maintainer upload. * Fix error in other packages caused by invalid python package version number (cherry-picking upstream patch; closes: #1040179) - -- Julian Gilbey Wed, 12 Jul 2023 16:18:40 +0100 + -- Julian Gilbey Wed, 05 Jul 2023 09:31:46 +0100 rmlint (2.9.0-2.3) unstable; urgency=medium diff -Nru rmlint-2.9.0/debian/patches/0001-cmdline-do-not-write-NUL-byte-to-GUI-bootstrap-scrip.patch rmlint-2.9.0/debian/patches/0001-cmdline-do-not-write-NUL-byte-to-GUI-bootstrap-scrip.patch --- rmlint-2.9.0/debian/patches/0001-cmdline-do-not-write-NUL-byte-to-GUI-bootstrap-scrip.patch 1970-01-01 02:00:00.0 +0200 +++ rmlint-2.9.0/debian/patches/0001-cmdline-do-not-write-NUL-byte-to-GUI-bootstrap-scrip.patch 2023-08-05 17:13:47.0 +0300 @@ -0,0 +1,26 @@ +From e811a34bdf81f0f5366b07077432f8ab9c776ddd Mon Sep 17 00:00:00 2001 +From: Cebtenzzre +Date: Wed, 2 Aug 2023 21:29:15 -0400 +Subject: cmdline: do not write NUL byte to GUI bootstrap script + +Fixes #628 +--- + lib/cmdline.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/cmdline.c b/lib/cmdline.c +index d5b1338c..07ba104a 100644 +--- a/lib/cmdline.c b/lib/cmdline.c +@@ -176,7 +176,7 @@ static void rm_cmd_start_gui(int argc, const char **argv) { + return; + } + +-if(write(bootstrap_fd, RM_PY_BOOTSTRAP, sizeof(RM_PY_BOOTSTRAP)) < 0) { ++if(write(bootstrap_fd, RM_PY_BOOTSTRAP, strlen(RM_PY_BOOTSTRAP)) < 0) { + rm_log_warning_line("Could not bootstrap gui: Unable to write to tempfile: %s", + g_strerror(errno)); + return; +-- +2.30.2 + diff -Nru rmlint-2.9.0/debian/patches/0001-fix-link-error-on-compilers-with-fno-common-enabled.patch rmlint-2.9.0/debian/patches/0001-fix-link-error-on-compilers-with-fno-common-enabled.patch --- rmlint-2.9.0/debian/patches/0001-fix-link-error-on-compilers-with-fno-common-enabled.patch 2023-07-12 18:18:40.0 +0300 +++ rmlint-2.9.0/debian/patches/0001-fix-link-error-on-compilers-with-fno-common-enabled.patch 2023-07-05 11:31:46.0 +0300 @@ -10,11 +10,9 @@ lib/config.h.in | 62 ++--- 1 file changed, 33 insertions(+), 29 deletions(-) -diff --git a/lib/config.h.in b/lib/config.h.in -index 44d7e5d9..d9fdeabd 100644 --- a/lib/config.h.in +++ b/lib/config.h.in -@@ -121,9 +121,13 @@ +@@ -123,9 +123,13 @@ # define N_(String) gettext_noop (String) #endif @@ -30,7 +28,7 @@ typedef guint64 RmOff; -@@ -150,33 +154,33 @@ typedef guint64 RmOff; +@@ -152,33 +156,33 @@ /// @@ -91,6 +89,3 @@ /* Domain for reporting errors. Needed by GOptions */ #define RM_ERROR_QUARK (g_quark_from_static_string("rmlint")) --- -2.20.1 - diff -Nru rmlint-2.9.0/debian/patches/series rmlint-2.9.0/debian/patches/series ---
Bug#1053271: bullseye-pu: package cpio/2.13+dfsg-7.1~deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org, Anibal Monsalve Salazar This updates the cpio package in bullseye to the package in bookworm/trixie/sid (same upstream version). The first 3 post-bullseye uploads are CVE-2021-38185 plus regression fixes for this change. The 2.13+dfsg-7.1 changes are one documentation change and two changes that look desirable (even though they alone might not have warranted a stable update): * Suggest libarchive-dev (Closes: #662718). * d/copyright: Convert to machine-readable format. * Fix CRC with new ASCII format when file > 2GB (Closes: #962188). There are no bugs in the BTS that any regressions have been caused by any of these changes during the 1 year since they were uploaded to bookworm/sid. diffstat for cpio-2.13+dfsg cpio-2.13+dfsg changelog| 39 control |2 copyright| 51 - patches/992045-CVE-2021-38185-rewrite-dynamic-string-support | 454 +++ patches/992098-regression-of-orig-fix-for-CVE-2021-38185 | 36 patches/992192-Fix-dynamic-string-reallocations.patch| 80 + patches/Wrong-CRC-with-ASCII-CRC-for-large-files.patch | 34 patches/series |4 8 files changed, 685 insertions(+), 15 deletions(-) diff -Nru cpio-2.13+dfsg/debian/changelog cpio-2.13+dfsg/debian/changelog --- cpio-2.13+dfsg/debian/changelog 2020-09-17 14:16:18.0 +0300 +++ cpio-2.13+dfsg/debian/changelog 2023-09-30 15:18:55.0 +0300 @@ -1,3 +1,42 @@ +cpio (2.13+dfsg-7.1~deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * Rebuild for bullseye. + + -- Adrian Bunk Sat, 30 Sep 2023 15:18:55 +0300 + +cpio (2.13+dfsg-7.1) unstable; urgency=medium + + * Non-maintainer upload. + * Suggest libarchive-dev (Closes: #662718). + * d/copyright: Convert to machine-readable format. + * Fix CRC with new ASCII format when file > 2GB (Closes: #962188). + + -- Bastian Germann Wed, 14 Sep 2022 21:45:55 +0200 + +cpio (2.13+dfsg-7) unstable; urgency=medium + + [ Salvatore Bonaccorso ] + * Fix dynamic string reallocations (Closes: #992192) + + -- Anibal Monsalve Salazar Sun, 22 Aug 2021 15:21:53 +1000 + +cpio (2.13+dfsg-6) unstable; urgency=high + + * Fix regression of original fix for CVE-2021-38185 +Add patch 992098-regression-of-orig-fix-for-CVE-2021-38185 +Closes: #992098 + + -- Anibal Monsalve Salazar Fri, 13 Aug 2021 13:06:27 +1000 + +cpio (2.13+dfsg-5) unstable; urgency=medium + + * Fix CVE-2021-38185 +Add patch 992045-CVE-2021-38185-rewrite-dynamic-string-support +Closes: #992045 + + -- Anibal Monsalve Salazar Wed, 11 Aug 2021 01:18:33 +1000 + cpio (2.13+dfsg-4) unstable; urgency=medium * Source only upload to enable migration. diff -Nru cpio-2.13+dfsg/debian/control cpio-2.13+dfsg/debian/control --- cpio-2.13+dfsg/debian/control 2020-02-01 15:11:00.0 +0200 +++ cpio-2.13+dfsg/debian/control 2022-09-14 22:45:55.0 +0300 @@ -17,7 +17,7 @@ Replaces: cpio-mt Conflicts: mt-st (<< 0.6), cpio-mt Multi-Arch: foreign -Suggests: libarchive1 +Suggests: libarchive-dev Description: GNU cpio -- a program to manage archives of files GNU cpio is a tool for creating and extracting archives, or copying files from one place to another. It handles a number of cpio formats diff -Nru cpio-2.13+dfsg/debian/copyright cpio-2.13+dfsg/debian/copyright --- cpio-2.13+dfsg/debian/copyright 2020-02-01 15:11:00.0 +0200 +++ cpio-2.13+dfsg/debian/copyright 2022-09-14 22:45:55.0 +0300 @@ -1,16 +1,39 @@ -This is the Debian GNU/Linux prepackaged version of GNU cpio -(including mt). +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Comment: + This is the Debian GNU/Linux prepackaged version of GNU cpio + (including mt). + . + This package was put together by Clint Adams . +Source: ftp://ftp.gnu.org/gnu/cpio -This package was put together by Clint Adams , -from sources obtained from ftp://ftp.gnu.org:/gnu/cpio +Files: * +Copyright: (C) 1984-2019 Free Software Foundation, Inc. +License: GPL-3+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3, or (at your option) + any later version. +Comment: + The text of the GPL version 3 can be found on Debian systems in + /usr/share/common-licenses/GPL-3. -GNU cpio is Copyright (C) 1990, 1991, 1992, 2001, 2003, 2004, 2005, -2006, 2007 Free Software Foundation, Inc. - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation;
Bug#1053270: bullseye-pu: package curl/7.74.0-1.3+deb11u9
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: c...@packages.debian.org, charlesmel...@riseup.net Control: affects -1 + src:curl [ Reason ] Vulnerabilities were discovered and reported to Curl upstream [1][2] with the following CVE IDs: - CVE-2023-28321 - CVE-2023-28322 The description of the CVE-2023-28321 is: > An improper certificate validation vulnerability exists in curl > listed as "Subject Alternative Name" in TLS server certificates. curl > can be built to use its own name matching function for TLS rather than > one provided by a TLS library. This private wildcard matching function > would match IDN (International Domain Name) hosts incorrectly and > could as a result accept patterns that otherwise should mismatch. IDN > hostnames are converted to puny code before used for certificate > checks. Puny coded names always start with `xn--` and should not be > allowed to pattern match, but the wildcard check in curl could still > check for `x*`, which would match even though the IDN name most likely > contained nothing even resembling an `x`. And the description of the CVE-2023-28322 is: > An information disclosure vulnerability exists in curl doing HTTP(S) transfers, libcurl might erroneously use the read > callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when > the `CURLOPT_POSTFIELDS` option has been set, if the same handle > previously wasused to issue a `PUT` request which used that callback. > This flaw may surprise the application and cause it to misbehave and > either send off the wrong data or use memory after free or similar in > the second transfer. The problem exists in the logic for a reused > handle when it is (expected to be) changed from a PUT to a POST. This proposed update is meant to fix those vulnerabilities. [ Impact ] As the vulnerabilities are present in bullseye's curl code, they can be exploited by malicious actors. [ Tests ] Automatic tests were executed (from the curl test suite) during build time. Everything passed after the changes were introduced. I also conducted a test to see if the CVE-2023-28321 was fixed. In order to do so, I've followed the report's reproduction steps [3] and tested in a bullseye container. The default bullseye curl version is vulnerable, but this new one is not. Unfortunately the PoC of CVE-2023-28322 was crafted using a newer version of libcurl, so I wasn't able to validate the fix of the backported patch. Also, note the fix for CVE-2023-28321 comes from CentOS and is already available there. [ Risks ] The changes for weren't big because the delta between bullseye's version and current upstream are not that large (true for CVE-2023-28322). Though they exist so I did a backport of the patch (obviously there is a chance of introducing bugs here, but we are using the tests to spot it). Also, the fix for CVE-2023-28321 is new code based on the fix applied in curl 8.1.0 done by a Red Hat engineer. So, new bugs could have been introduced. I reviewed this fix and samueloph reviewed everything (both fixes and packaging). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Here is a list of the commits applied to this pu release: commit a1190a634dcca9a85f8217c71b1073825885a16e Author: Carlos Henrique Lima Melara Date: Sun Sep 10 15:29:53 2023 +0530 Finalize changelog for 7.74.0-1.3+deb11u9 bullseye upload commit 39155aa17df39693c2f21ef5dbb0ddf11568256f Author: Carlos Henrique Lima Melara Date: Fri Sep 8 19:00:25 2023 +0530 d/p/CVE-2023-28322.patch: backport patch commit 156409a45db1c739edece8fd3b3d4d78d09c82ae Author: Carlos Henrique Lima Melara Date: Sun Aug 13 11:01:11 2023 -0300 Import 2 new patches fixing CVES One comes from upstream and another from CentOS. CVE-2023-28321 CVE-2023-28322 [ Other info ] Links: [1] https://security-tracker.debian.org/tracker/CVE-2023-28321 [2] https://security-tracker.debian.org/tracker/CVE-2023-28322 [3] https://hackerone.com/reports/1950627 Cheers, Charles diff -Nru curl-7.74.0/debian/changelog curl-7.74.0/debian/changelog --- curl-7.74.0/debian/changelog2023-04-03 03:34:17.0 +0800 +++ curl-7.74.0/debian/changelog2023-09-10 17:49:20.0 +0800 @@ -1,3 +1,14 @@ +curl (7.74.0-1.3+deb11u9) bullseye; urgency=medium + + * Team upload. + * Import 2 new patches to fix CVES: +- CVE-2023-28321: IDN wildcard match may lead to Improper Cerificate + Validation. +- CVE-2023-28322: more POST-after-PUT confusion. + * debian/patches/CVE-2023-28322.patch: backport patch. + + -- Carlos Henrique Lima Melara Sun, 10 Sep 2023 15:19:20 +0530 + curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium * Backport upstream patches to fix 5 CVEs: diff -Nru
Bug#1053269: RFS: wifi-qr/0.3-1 -- WiFi password share via QR codes
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "wifi-qr": * Package name : wifi-qr Version : 0.3-1 Upstream contact : kokoye2007 * URL : https://github.com/kokoye2007/wifi-qr * License : GPL-3.0+ * Vcs : https://github.com/kokoye2007/wifi-qr Section : utils The source builds the following binary packages: wifi-qr - WiFi password share via QR codes To access further information about this package, please visit the following URL: https://mentors.debian.net/package/wifi-qr/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/w/wifi-qr/wifi-qr_0.3-1.dsc Changes since the last upload: wifi-qr (0.3-1) unstable; urgency=medium . * New upstream release (0.3). * #18 Xiaomi QR code is parsed incorrectly. * #17 QR issue when the name and SSID differ. * #16 QR issue when the password has special characters. * #15 QR issue when the SSID has special characters. * #12 Password with special characters needs to be unquoted. More function with feedback and merge requests. Usage: ./wifi-qr [-g] [-c] [-t] [-s] [-z] [-f file] [-p] [-q] [-v] [-h] -g Launch GUI Main Menu -c Launch WiFi QR Create GUI -t Launch WiFi QR Create Terminal -z Launch WiFi QR Create Terminal Fuzzy Finder -s Launch QR Scan and Auto Connect WiFi -f file Terminal [file] QR Scan and Auto Connect WiFi from file -p Launch GUI [file] QR Scan and Auto Connect WiFi from file -q Launch QR Scan and Connect WiFi GUI -v Show WiFi-QR Version 0.3 -h Show this help message Regards,
Bug#1028722: prody: FTBFS: AssertionError: 3205 != 3211 : selection 'abs(x) == sqrt(sq(x))' for Selection 'all' failed, expected 3211, selected 3205
Source: prody Followup-For: Bug #1028722 There seems to be ambiguity about the reproducibility of this bug. That's possibly consistent with problems with rounding, though the bug here seems to be more than an issue with floating point precision. Upstream has made a new release. I suggest packaging and uploading the new version. That will give more fresh information on the state of the build, whether the FTBFS is reliably reproducible.
Bug#1053188: darktable removed at each apt full-upgrade
David Bremner writes: > Control: tag -1 unreproducible > Thierry told me off list that the problem went away after an upgrade, so I'll close the bug for now. Feel free to reopen (ideally with the apt debugging info above) if the problem resurfaces. d
Bug#1007700: but the configured service works
I had the same problem, but if you use the service configured by the debian packages it works fine (like: systemctl omnidb start). For more information you can see: /usr/share/doc/omnidb-server/README.Debian Regards -- Diego Roversi
Bug#1053268: RM: pgaudit-1.7 -- ROM; superseded by pgaudit-16
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: pgaudit-...@packages.debian.org Control: affects -1 + src:pgaudit-1.7 Please remove pgaudit-1.7 from unstable, it supports PG15 only. (pgaudit-16 in unstable supports PG16.) Thanks, Christoph
Bug#1053267: hickle: test_H5NodeFilterProxy fails with h5py 3.9.0: Unable to delete attribute (no write intent on file)
Source: hickle Version: 5.0.2-5 Severity: serious Justification: debci h5py 3.9.0 is triggering an error in hickle tests, found by debci, https://ci.debian.net/data/autopkgtest/testing/amd64/h/hickle/38279474/log.gz 62s test_H5NodeFilterProxy 62s 62s h5_data = 62s 62s def test_H5NodeFilterProxy(h5_data): 62s """ 62s tests H5NodeFilterProxy class. This class allows to temporarily rewrite 62s attributes of h5py.Group and h5py.Dataset nodes before being loaded by 62s hickle._load method. 62s """ 62s 62s # load data and try to directly modify 'type' and 'base_type' Attributes 62s # which will fail cause hdf5 file is opened for read only 62s h5_node = h5_data['somedata'] 62s with pytest.raises(OSError): 62s try: 62s > h5_node.attrs['type'] = pickle.dumps(list) 62s 62s /tmp/autopkgtest-lxc.kwo7jiul/downtmp/build.aWU/src/hickle/tests/test_01_hickle_helpers.py:126: 62s _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 62s h5py/_debian_h5py_serial/_objects.pyx:54: in h5py._debian_h5py_serial._objects.with_phil.wrapper 62s ??? 62s h5py/_debian_h5py_serial/_objects.pyx:55: in h5py._debian_h5py_serial._objects.with_phil.wrapper 62s ??? 62s /usr/lib/python3/dist-packages/h5py/_debian_h5py_serial/_hl/attrs.py:104: in __setitem__ 62s self.create(name, data=value) 62s /usr/lib/python3/dist-packages/h5py/_debian_h5py_serial/_hl/attrs.py:200: in create 62s h5a.delete(self._id, name) 62s h5py/_debian_h5py_serial/_objects.pyx:54: in h5py._debian_h5py_serial._objects.with_phil.wrapper 62s ??? 62s h5py/_debian_h5py_serial/_objects.pyx:55: in h5py._debian_h5py_serial._objects.with_phil.wrapper 62s ??? 62s _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 62s 62s > ??? 62s E KeyError: 'Unable to delete attribute (no write intent on file)' 62s 62s h5py/_debian_h5py_serial/h5a.pyx:145: KeyError
Bug#1053266: python3-h5sparse incomplete Depends: python3-h5py-serial
Package: python3-h5sparse Version: 0.1.0-6 Severity: serious Justification: debci Currently python3-h5sparse Depends: python3-h5py-serial, but h5sparse tests access h5py, not h5py._debian_h5py_serial. The python3-h5py-serial package only provides h5py._debian_h5py_serial. If you need to use the generic h5py namespace rather than the specific serial namespace, then you need Depends: python3-h5py python3-h5py depends on python3-h5py-serial by default but that might alternatively be satisfied by python3-h5py-mpi. If h5sparse strictly needs python3-h5py-serial and not python3-h5py-mpi, then the dependency should declare both Depends: python3-h5py, python3-h5py-serial -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-h5sparse depends on: ii python3 3.11.4-5+b1 ii python3-h5py-serial 3.9.0-2 ii python3-numpy1:1.24.2-1 ii python3-scipy1.10.1-2 ii python3-six 1.16.0-4 python3-h5sparse recommends no packages. python3-h5sparse suggests no packages. -- no debconf information
Bug#1053265: dipy: test_icm_square test fails since exact equality used with floating point numbers
Source: dipy Version: 1.7.0-2 Severity: serious Justification: debci h5py 3.9.0 is triggering an error in dipy debci tests, https://ci.debian.net/data/autopkgtest/testing/amd64/d/dipy/38279462/log.gz However from the error log, it's not clear that the problem is directly related to h5py. An exact [in]equality test is failing between floating point numbers. The error log is: 1967s ___ test_icm_square 1967s 1967s def test_icm_square(): 1967s 1967s com = ConstantObservationModel() 1967s icm = IteratedConditionalModes() 1967s 1967s initial_segmentation = square 1967s 1967s mu, sigma = com.seg_stats(square_1, initial_segmentation, 1967s nclasses) 1967s sigmasq = sigma ** 2 1967s npt.assert_(mu[0] >= 0.0) 1967s npt.assert_(mu[1] >= 0.0) 1967s npt.assert_(mu[2] >= 0.0) 1967s npt.assert_(mu[3] >= 0.0) 1967s npt.assert_(sigmasq[0] >= 0.0) 1967s npt.assert_(sigmasq[1] >= 0.0) 1967s npt.assert_(sigmasq[2] >= 0.0) 1967s npt.assert_(sigmasq[3] >= 0.0) 1967s 1967s negll = com.negloglikelihood(square_1, mu, sigmasq, nclasses) 1967s 1967s final_segmentation_1 = np.empty_like(square_1) 1967s final_segmentation_2 = np.empty_like(square_1) 1967s 1967s beta = 0.0 1967s 1967s for i in range(max_iter): 1967s 1967s print('\n') 1967s print('>> Iteration: ' + str(i)) 1967s print('\n') 1967s 1967s final_segmentation_1, energy_1 = icm.icm_ising(negll, beta, 1967s initial_segmentation) 1967s initial_segmentation = final_segmentation_1 1967s 1967s beta = 2 1967s initial_segmentation = square 1967s 1967s for j in range(max_iter): 1967s 1967s print('\n') 1967s print('>> Iteration: ' + str(j)) 1967s print('\n') 1967s 1967s final_segmentation_2, energy_2 = icm.icm_ising(negll, beta, 1967s initial_segmentation) 1967s initial_segmentation = final_segmentation_2 1967s 1967s difference_map = np.abs(final_segmentation_1 - final_segmentation_2) 1967s > npt.assert_(np.abs(np.sum(difference_map)) != 0) 1967s E AssertionError 1967s 1967s dipy/segment/tests/test_mrf.py:370: AssertionError I'm assumung final_segmentation is floating point, not integer. Correct me if that's wrong. In general exact equality of floating point numbers should always be expected to fail. The test should be something like npt.assert_( not np.isclose( np.abs(np.sum(difference_map)), 0 ) ) If final_segmentation is an integer then of course it's a different problem.
Bug#1053264: wpasupplicant: config parser has problem with SSIDs/PSKs that contain double quotes followed by hash sign
Package: wpasupplicant Version: 2.10 Dear Maintainer, wpa_supplicant has problems loading a configs that contains a network with an SSID/PSK that contains double quotes followed by hash. steps to reproduce: 1a. create the config: ctrl_interface=/run/wpa_supplicant network={ ssid="my"#SSID" psk="securePsk" } 1b. start wpa_supplicant and do "wpa_cli list_networks": > ~/wpa_supplicant-2.10/wpa_supplicant# wpa_cli list_networks Selected interface 'wlan0' network id / ssid / bssid / flags 0 my any <--- wrong SSID 2a. create the config: ctrl_interface=/run/wpa_supplicant network={ ssid="my"awsome#SSID" psk="securePsk" } 2b. start wpa_supplicant gives the following errors in log: 1692607987.076948: Successfully initialized wpa_supplicant 1692607987.077262: Line 3: failed to parse ssid '"my"awsome'. <-- wrong SSID 1692607987.077302: Line 3: failed to parse ssid '"my"awsome'. 1692607987.109757: Line 5: failed to parse network block. 1692607987.109836: Failed to read or parse configuration '/etc/wpa_supplicant/wpa_supplicant.conf'. 3a. create the config: ctrl_interface=/run/wpa_supplicant network={ ssid="mySSID" psk="secure"awsome#Psk" } 3b. start wpa_supplicant gives the following errors in log: 1692608589.796979: Successfully initialized wpa_supplicant 1692608589.797357: Line 4: Invalid passphrase length 6 (expected: 8..63) 'secure"awsome'. <-- wrong PSK 1692608589.797399: Line 4: failed to parse psk '"secure"awsome'. 1692608589.797439: Line 5: failed to parse network block. 1692608589.797496: Failed to read or parse configuration '/etc/wpa_supplicant/wpa_supplicant.conf'. The problem did not occure with wpa_supplicant v2.8-devel. The problem does not occure if the hash sign is followed by double quotes. I am using: Linux Kali 6.3.0-kali1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.3.7-1kali1 (2023-06-29) x86_64 GNU/Linux Linux Raspberry-Pi-2 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux
Bug#1052667: mptcpd FTBFS when systemd.pc changes systemdsystemunitdir
Hi Helmut, Sorry for the delay, I was at a conference. 25 Sept 2023 23:33:15 Helmut Grohne : > We want to change the value of systemdsystemunitdir in systemd.pc to > point below /usr. mptcpd's upstream build system consumes this variable > while its packaging hard codes the current value. Consequently, mptcpd > FTBFS when changing it. Consider applying the attached patch to avoid > that failure. Thank you for the bug report and the patch, it looks good to me. I'm sorry, it is the first time I'm getting such contributions and I'm not sure what I'm supposed to do: apply the patch in the Git repo, prepare a new release and send it? (I still need someone to sponsor my packages to have new versions accepted) Or do you plan to send a new version with this patch? Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net
Bug#1053263: blaspp: please make the build reproducible
Source: blaspp Version: 2023.08.25-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: hostname X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Hi, Whilst working on the Reproducible Builds effort [0], we noticed that blaspp could not be built reproducibly. This is because it embeds the build hostname into a defines.h file as a comment. Patch attached that strips out this entry. [0] https://reproducible-builds.org/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- --- a/debian/patches/reproducible-build.patch 1970-01-01 01:00:00.0 +0100 --- b/debian/patches/reproducible-build.patch 2023-09-29 09:36:59.134774346 +0100 @@ -0,0 +1,14 @@ +Description: Make the build reproducible +Author: Chris Lamb +Last-Update: 2023-09-29 + +--- blaspp-2023.08.25.orig/include/blas/defines.h.in blaspp-2023.08.25/include/blas/defines.h.in +@@ -8,7 +8,6 @@ + + // auto-generated by: @argv@ + // @CMAKE_COMMAND@ @CMAKE_VERSION@ +-// host: @HOSTNAME@ + // + // Definitions for: + // CXX = @CXX@ --- a/debian/patches/series 2023-09-29 09:33:44.700072219 +0100 --- b/debian/patches/series 2023-09-29 09:36:58.190765429 +0100 @@ -0,0 +1 @@ +reproducible-build.patch
Bug#1041242: libheif1: 1.16.2-1+b1 breaks displaying any pictures
Christoph, I tried cherry-picking the commit you mentioned. It needed to be rebased slightly. It did not fix my test case: Use geeqie to open the autumn image from upstream issue 933 I pushed my change to the wip/10421242 branch of https://salsa.debian.org/multimedia-team/libheif if someone wants to do a test build. Thank you, Jeremy Bícha
Bug#1053262: node-get-func-name: CVE-2023-43646
Source: node-get-func-name Version: 2.0.0+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for node-get-func-name. CVE-2023-43646[0]: | get-func-name is a module to retrieve a function's name securely and | consistently both in NodeJS and the browser. Versions prior to 2.0.1 | are subject to a regular expression denial of service (redos) | vulnerability which may lead to a denial of service when parsing | malicious input. This vulnerability can be exploited when there is | an imbalance in parentheses, which results in excessive backtracking | and subsequently increases the CPU load and processing time | significantly. This vulnerability can be triggered using the | following input: '\t'.repeat(54773) + '\t/function/i'. This issue | has been addressed in commit `f934b228b` which has been included in | releases from 2.0.1. Users are advised to upgrade. There are no | known workarounds for this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-43646 https://www.cve.org/CVERecord?id=CVE-2023-43646 [1] https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5 [2] https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053261: gst-plugins-bad1.0: CVE-2023-40474
Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40474[0]: | Integer overflow leading to heap overwrite in MXF file handling with | uncompressed video If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40474 https://www.cve.org/CVERecord?id=CVE-2023-40474 [1] https://gstreamer.freedesktop.org/security/sa-2023-0006.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053260: gst-plugins-bad1.0: CVE-2023-40475
Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40475[0]: | Integer overflow leading to heap overwrite in MXF file handling with | AES3 audio If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40475 https://www.cve.org/CVERecord?id=CVE-2023-40475 [1] https://gstreamer.freedesktop.org/security/sa-2023-0007.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053259: gst-plugins-bad1.0: CVE-2023-40476
Source: gst-plugins-bad1.0 Version: 1.22.4-1 Severity: grave Tags: patch security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gst-plugins-bad1.0. CVE-2023-40476[0]: | Integer overflow in H.265 video parser leading to stack overwrite If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40476 https://www.cve.org/CVERecord?id=CVE-2023-40476 [1] https://gstreamer.freedesktop.org/security/sa-2023-0008.html [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#1053258: cdimage.debian.org: wine installation incomplete offline with only amd64 DVDs/BDs but without dropped i386 DVDs/BDs
Package: cdimage.debian.org Severity: normal Dear Maintainer, I am maintaining some offline computers in my organization. I choose Debian because it provides a set of DVDs/BDs of nearly complete Debian software repositories, and can be used with USB sticks to maintain these offline computers. I noticed that amd64 DVDs/BDs do not contain complete wine installation -- amd64 wine needs wine64 and wine32 to work, but wine32 is in i386 DVDs/BDs. I workaround this by downloading both amd64 and i386 DVDs/BDs. However, I found that Debian trixie has dropped DVDs, so this workaround will not work with trixie any more. I know that I can download wine32 and its prereq packages manually, and copy these into offline computers using USB sticks. But it is frustrating as DVDs/BDs are no longer complete for offline usage. So I wonder if Debian can keep wine packages complete in trixie amd64 DVDs/BDs. I think one of these methods can solve this: 1. let trixie amd64 DVDs/BDs contain wine32 and its prereqs. 2. build a small i386 DVD/BD which contains only wine32 and its prereqs. 3. completely drop wine in amd64 DVDs/BDs (disappointing). 3. write a wiki page about its workaround. 4. change wine packaging flavor from current multiarch to multilib again. 5. packaging wine using 'new wow64 mode', which does not need any i386 prereqs (only mingw-w64-i686), introduced in most recent wine. Regards, -- dfrg
Bug#1052817: sarsen: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11 returned exit code 13
This seems to be the same issue reported in #1050832. The problem seems to be a regression in xarray v2023.08. The update to xarray > 2023.08 should fix the issue. See also https://github.com/bopen/sarsen/issues/54. I will reassign to xarray. [#1050832] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050832 -- Antonio Valentino
Bug#1053257: ITP: python-globus-sdk -- convenient Pythonic interface to Globus APIs
Package: wnpp Severity: wishlist Owner: Étienne Mollier X-Debbugs-Cc: debian-de...@lists.debian.org X-Debbugs-Cc: debian-pyt...@lists.debian.org X-Debbugs-Cc: debian-...@lists.debian.org * Package name: python-globus-sdk Version : 3.28.0 Upstream Contact: Globus Team * URL : https://github.com/globus/globus-sdk-python * License : Apache-2.0 Programming Lang: Python Description : convenient Pythonic interface to Globus APIs The Globus SDK for Python provides a convenient Pythonic interface to Globus APIs. Using this package, one can import Globus client classes and other helpers from the globus_sdk python module. This package would be needed to finish the packaging of python-parsl, which in turn would be required to finish the qiime ecosystem upgrade to version 2023.7. For the moment, I plan to put this package under the Debian Python team umbrella, but I'm also open to put it under the Debian HPC team, so the people behind the Globus ecosystem packaging also have this component on their radar. I have not settled for a location for the repository yet, probably some place like [1] if sticking to the Python team. [1]: https://salsa.debian.org/python-team/packages/python-globus-sdk Have a nice day, :) -- .''`. Étienne Mollier : :' : gpg: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/3, please excuse my verbosity `-on air: Final Conflict - A River Of Dreams signature.asc Description: PGP signature
Bug#1049872: armel and armhf excluded from asmjit architectures
control: severity -1 normal Hello, In 0.0~git20230914.917f19d-1 I have excluded armel and armhf architectures from the list of architectures asmjit is built upon. Thus I think the severity should be normal now. Andrius
Bug#1053256: ITP: bypass-paywalls-firefox-clean -- Firefox browser plugin to bypass various paywalls
Package: wnpp Severity: wishlist Owner: Andres Salomon X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: bypass-paywalls-firefox-clean Version : 3.3.5.0 Upstream Contact: https://gitlab.com/magnolia1234 * URL : https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean * License : MIT Programming Lang: Javascript Description : Firefox browser plugin to bypass various paywalls Add-on allows you to read articles from (supported) sites that implement a paywall. You can also add a domain as custom site and try to bypass the paywall. . Note: this plugin may leak information about your web browsing based on the techniques used to bypass paywalls. For example, for some sites it will load text from Google's webcache, thereby letting Google know that you read a certain article. The plugin only operates on sites that you opt-into. I use this package on both firefox and chromium, and would welcome this to be co-maintained by Debian Mozilla Extension Maintainers if they're interested. I've already got a working package, but I'm still trying to figure out whether we really need separate source packages for the firefox and chromium plugins.
Bug#1053255: mozilla-devscripts: dh_webext shouldn't look in .pc for manifest.json
Package: mozilla-devscripts Version: 0.54.2+nmu1 While building a package using dh_webext, I noticed the following warning/error: dh_webext: Found != 1 manifest.json, source PATH set to . I was a bit confused because there's only one manifest.json file, but it turns out that the find command sees the following: find . -name manifest.json -not -path './debian/*' ./manifest.json ./.pc/applications.patch/manifest.json I have a quilt patch called debian/patches/applications.patch that modifies manifest.json. As such, when the package builds it creates that manifest.json file in the .pc directory. dh_webext shouldn't be picking that up; it should be ignoring everything in .pc. I suggest the following command instead: find . -name manifest.json -not -path './debian/*' -not -path './.pc/*' In the script, that would look like this: candidates = subprocess.check_output( ["find", ".", "-name", "manifest.json", "-not", "-path", './debian/*', "-not", "-path", './.pc/*'])
Bug#824499: GPX Route vs. Track
On Fri, 2023-09-29 at 18:10 +, Stefan Kropp wrote: > I looked into the code. I wouldn't bother looking at the FoxtrotGPS codebase, since it is GTK2 and there aren't any volunteers to fix that, it is likely to be removed from Debian within the trixie release cycle. There is a WIP branch to port it to GTK3 (which is already obsolete) but no-one with the time, skills and motivation to work on and finish the port. There are also much better map apps now, so it would be best to switch to them. https://bugs.debian.org/967347 https://code.launchpad.net/~pabs/foxtrotgps/gtk3 -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part