Bug#1053339: pytorch-cuda: autopkgtest regression on amd64 (time outs)

[Petter Reinholdtsen]

Package: pytorch-cuda
Version: 2.0.1+dfsg-4

The pakcage has failed to migrate to testing because the autopkgtest
checks on amd64 failed.

https://ci.debian.net/data/autopkgtest/testing/amd64/p/pytorch-cuda/37832584/log.gz
 >
end like this:

30609s 96_of_98__cpptest__weakref_test PASS
30609s 97_of_98__cpptest__wrapdim_test PASS
30609s 98_of_98__cpptest__xla_tensor_test PASS
30609s 1_of_7__pytest__test_autograd PASS
30609s 2_of_7__pytest__test_modules FAIL timed out
30609s 3_of_7__pytest__test_nn PASS
30609s 4_of_7__pytest__test_ops FAIL timed out
30609s 5_of_7__pytest__test_ops_gradients FAIL timed out
30609s 6_of_7__pytest__test_ops_jit SKIP global timeout exceeded
30609s 7_of_7__pytest__test_torch SKIP global timeout exceeded

As the test succeeded in version 2.0.1+dfsg-3, this is seen as a
regression and migration is blocked.

Anyone got any idea why the test time out in this latest version?

-- 
Happy hacking
Petter Reinholdtsen

Bug#1053338: nvtop: core dump when it doesn't have wayland or X11 access

[Russell Coker]

Package: nvtop
Version: 3.0.2-1
Severity: normal

nvtop: ./src/extract_gpuinfo_amdgpu.c:964: parse_drm_fdinfo_amd: Assertion 
`!cache_entry_check && "We should not be processing a client id twice per 
update"' failed.
 Aborted (core 
dumped)

I get the above when I run it as root after sshing to a system.  It's not
necessarily a bug to be unable to operate without Wayland/X11 access but
a core dump is a bug.

I expect an error message and an orderly shutdown.

-- System Information:
Debian Release: 12.1
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/18 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages nvtop depends on:
ii  libc6 2.36-9+deb12u1
ii  libncursesw6  6.4-4
ii  libsystemd0   252.12-1~deb12u1
ii  libtinfo6 6.4-4

nvtop recommends no packages.

nvtop suggests no packages.

-- debconf-show failed

Bug#1053337: qgis_process ails with Command --noversioncheck not known

[Sebastiaan Couwenberg]

Control: tags -1 pending

This is fixed in git:


https://salsa.debian.org/debian-gis-team/qgis/-/commit/84235db07927e12fbde967dd07a0eed165de5bd1

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1053196: [pkg-uWSGI-devel] Bug#1053196: Please remove librados-dev build-depends on all 32 bits arch

[Jonas Smedegaard]

Quoting Thomas Goirand (2023-09-29 09:18:34)
> I'd like to remove 32 bits support from Ceph, because upstream makes some
> 64 bits assumptions a bit everywhere, because it's not tested in upstream
> CI, and because it is increasingly difficult to build Ceph on a smaller
> addressing footprint (we used to have many tricks to reduce the build 
> footprint
> that isn't sustainable in the long run).
> 
> So please remove librados-dev in build-depends of your package for all 32
> bits arch, and remove Ceph support in all 32 bits binaries. I'll upload
> Ceph with Build-Depends: architecture-is-64-bit as soon as this is done

Thanks for the heads-up.

For uwsgi, please simply go ahead without waiting, and then simply raise
severity once done: That is more reliable to maintain due to the way
uwsgi packaging is constructed.

Thanks again,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#1053337: qgis_process ails with Command --noversioncheck not known

[Andrew Harvey]

Subject: qgis_process ails with Command --noversioncheck not known
Package: qgis
X-Debbugs-Cc: andrew.harv...@gmail.com
Version: 3.28.11+dfsg-1
Severity: important

Dear Maintainer,

Executing

qgis_process --help

results in the error

Command --noversioncheck not known!

It was expected to output the help page

It appears this is due to sourcing /etc/default/qgis which includes the
--noversioncheck option although that option only applies to qgis and not
qgis_process.

Calling qgis_process.bin directly and making sure to include the grass path
works around the issue.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages qgis depends on:
ii  libc62.37-10
ii  libgcc-s113.2.0-4
ii  libgdal333.7.2+dfsg-1
ii  libgeos-c1v5 3.12.0-1
ii  libproj259.3.0-1
ii  libqgis-3d3.28.113.28.11+dfsg-1
ii  libqgis-analysis3.28.11  3.28.11+dfsg-1
ii  libqgis-app3.28.11   3.28.11+dfsg-1
ii  libqgis-core3.28.11  3.28.11+dfsg-1
ii  libqgis-gui3.28.11   3.28.11+dfsg-1
ii  libqt5core5a 5.15.10+dfsg-3
ii  libqt5gui5   5.15.10+dfsg-3
ii  libqt5keychain1  0.14.1-1
ii  libqt5network5   5.15.10+dfsg-3
ii  libqt5webkit55.212.0~alpha4-33
ii  libqt5widgets5   5.15.10+dfsg-3
ii  libstdc++6   13.2.0-4
ii  ocl-icd-libopencl1 [libopencl1]  2.3.2-1
ii  python3-qgis 3.28.11+dfsg-1
ii  qgis-common  3.28.11+dfsg-1
ii  qgis-providers   3.28.11+dfsg-1

Versions of packages qgis recommends:
pn  qgis-plugin-grass  

Versions of packages qgis suggests:
ii  gpsbabel  1.8.0+ds-7

-- no debconf information

Bug#1052419: cups-daemon: NEWS.Debian is only tech-gibberish

[Andres Salomon]

On Thu, 21 Sep 2023 19:38:44 +0200 IOhannes m zmoelnig 
 wrote:

> Package: cups-daemon
> Version: 2.4.2-6
> Followup-For: Bug #1052419
>
> Just as a follow-up: after double-checking my cupsd.conf file, I see 
that
> the  section is present multiple-times in 
the
> document, once each in the "default", "authenticated" and "kerberos" 
Policy

> section.
> I assume, that the patch needs to be applied to the "default" 
policy, as for the

> other policies there is already an AuthType defined.
>
> is this correct?
> (the nature of a patch file does not make this obvious)
> this ought to be documented as well.
>
> And since i'm pretty sure that i've neve touched this file myself 
(at least
> etckeeper shows that it was only ever changed while i installed 
cups-daemon 1½
> years ago), i wonder why there was no dialog showing me the 
differences between

> the files.
>
>
> cheers


It is confusing. Given that the vast majority of people don't touch 
cupsd.conf, maybe the NEWS entry should say something like the 
following?


"If you've never touched cupsd.conf and are unsure what to do, it's 
probably safest to simply run the following commands:
sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf-bak; sudo cp  
/usr/share/cups/cupsd.conf.default /etc/cups/cupsd.conf


In case printing stops working after making that change, you can 
restore the old configuration file. However, note that restoring the 
old config will reintroduce the security hole. Do the configuration 
file restoration by running:

sudo mv /etc/cups/cupsd.conf-bak /etc/cups/cupsd.conf
"


Or even better, have a cups.postinst that checks /etc/cups/cupsd.conf's 
md5sum == 758e3a2fb820f5cfb8aed788f2c8f353, and if so automatically 
copy over that cupsd.conf.default config and restart cupsd. I just 
checked two machines (sid and bookworm) and my untouched cupsd.conf 
matches that checksum on both.

Bug#1053277: libcups2: typo in NEWS

[Andres Salomon]

Control: severity -1 important


On Sat, 30 Sep 2023 19:24:53 +0200 Thorsten Alteholz 
 wrote:

> Hi Christian,
>
> On 30.09.23 19:02, Christian T. Steigies wrote:
> > I did not find this file (because I don't have a full install), 
but I think

> > the filename should be cupsd.conf instead of cupds.conf.
>
> oops, thanks for telling. You are right, the correct name would have
> been cupsd.conf
>
>Thorsten
>
>
>


I think this should be a higher priority, since this is a security 
update and you're telling folks to ensure their config file is 
up-to-date. The typo for the config file path means a chunk of users 
won't know what file to check.


Even better would be to automatically update the config file of course, 
but I understand that's extremely difficult in this case..

Bug#1053336: rsyslog: Removal of SysV init scripts is not prominent in docs

[Matija Nalis]

Package: rsyslog
Version: 8.2302.0-1
Severity: normal
X-Debbugs-Cc: mnalis-debian...@voyager.hr


Hi, the rsyslog shipped in Bookworm no longer installs SysV init scripts. 

While that is maintainer prerogative; it is a regression on default upgrade
path from Bullseye for all non-systemd init users which are silently left
without running syslog deamon (and all associated issues stemming from that).

(The fact that Bookworm release-notes do not mention that is not helping 
either, but that is another issue).

Could we kindly indicate that end-of-sysV-support in rsyslog's NEWS.Debian 
(per 
https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#supplementing-changelogs-with-news-debian-files),
 
and point users of non-default init systems to orphan-sysvinit-scripts package?

Thank you for your consideration,
Matija

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=hr_HR.UTF-8, LC_CTYPE=hr_HR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages rsyslog depends on:
ii  libc6  2.36-9+deb12u1
ii  libelogind0 [libsystemd0]  246.10-1debian1
ii  libestr0   0.1.11-1
ii  libfastjson4   1.2304.0-1
ii  liblognorm52.0.6-4
ii  libuuid1   2.38.1-5+b1
ii  libzstd1   1.5.4+dfsg2-5
ii  zlib1g 1:1.2.13.dfsg-1

Versions of packages rsyslog recommends:
ii  logrotate  3.21.0-1

Versions of packages rsyslog suggests:
pn  rsyslog-doc   
pn  rsyslog-gssapi
pn  rsyslog-mongodb   
pn  rsyslog-mysql | rsyslog-pgsql 
pn  rsyslog-openssl | rsyslog-gnutls  
pn  rsyslog-relp  

-- no debconf information

Bug#1038611: lightdm: Lightdm fails to start X after upgrade to 1.32.0

[Adilson dos Santos Dantas]

Hi.

Here are the logs with and without the  "logind-check-graphical=false"
option.

With this opinion, a new seat is added and no seat is added when this
option is commented.

Regards,

Adilson

Em dom., 1 de out. de 2023 às 11:22, Yves-Alexis Perez 
escreveu:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Tue, 2023-08-08 at 01:25 -0500, Steev Klimaszewski wrote:
> > I'm running into a very similar issue as the original submitter,
> > however, when I'm running into it, I am *not* using the nVidia binary
> > driver, but I am using a custom 5.15.44 kernel for a Raspberry Pi.
> > What I found after digging for quite a while, was that, yes,
> > downgrading to 1.26 would start Xorg, and upgrading to 1.32 would
> > cause it to not start Xorg.  After diffing the contents between 1.26
> > and 1.32, it seems that the option "logind-check-graphical" has
> > changed from the default of false, to a default of true.
> >
> > Simply adding in
> >
> > logind-check-graphical=false
> >
> > under the [LightDM] heading in /etc/lightdm/lightdm.conf shows it as
> > starting again.  This happened for me on both Pi3 and Pi4, armhf and
> > arm64.  I'm not entirely sure why this is the case, and the kernel
> > hasn't changed on these devices since 2022-07-03 when we last built
> > the kernel for them.  Perhaps the original submitter could also see if
> > changing that option works for them with the nVidia binary driver?
>
> Hi Steev and Adilson,
>
> so it might be linked to https://github.com/canonical/lightdm/issues/263
>
> Looking at a bug linked from above
> (https://github.com/canonical/lightdm/issues/165) it looks like the
> default
> was changed in order to fix a race condition or something.
>
> The documentation says:
>
> # logind-check-graphical = True to on start seats that are marked as
> graphical
> by logind
>
> Could you check the lightdm.log and check if you have messages about seats
> beeing added and whether it's graphical or not (you can add logs here).
> With
> both value for the logind-check-graphical option.
>
> It looks to me that there's an issue deeper in the stacks (in the NVIDIA
> stuff
> or in the RPi graphical stuff) and maybe the seats arent't marked as
> graphical
> or something. So it's ok to tune the option locally as a workaround, but
> I'm
> not sure about reverting it globally.
>
> Regards,
> - --
> Yves-Alexis
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmUZgJIACgkQ3rYcyPpX
> RFtkzAgAvSJE1yDFRCZrdI/1zGTW/SWH2KUXuxpYw8b+LrwcvkLBVwSzQhkxKkS4
> rd8VUjRRXVcaPXTrPJxeKqObAAYN2iUhiFCKdYAYUxdvlIPWxOkQEf8CeLm/AG6f
> rCaHMmQNZY5SFkTCQ5AGUzH38IAp3a4Sdn3E+x1xVMsiYGn6h5I/z0eDcx5135mP
> omuBRUYZGnoTfsApetBOQCK7pMzUJX1QRxdaiMjLZCUEsKjwoJc/6ZaLSHB4goYQ
> AXAYcrc4jOhYfv6KFqbaxEBWxR/gbdG8+YBh2u8a44KEniJgXl+T4FEKfTA1poxc
> muyLJuBzqpHqGyfOvZS73TjWPVZcHw==
> =Lrpk
> -END PGP SIGNATURE-
>


-- 
Adilson dos Santos Dantas
http://www.adilson.net.br
http://twitter.com/adilsond
[+0.00s] DEBUG: Logging to /var/log/lightdm/lightdm.log
[+0.00s] DEBUG: Starting Light Display Manager 1.32.0, UID=0 PID=1740
[+0.00s] DEBUG: Loading configuration dirs from 
/usr/share/lightdm/lightdm.conf.d
[+0.00s] DEBUG: Loading configuration from 
/usr/share/lightdm/lightdm.conf.d/01_debian.conf
[+0.00s] DEBUG: Loading configuration from 
/usr/share/lightdm/lightdm.conf.d/40-kde-plasma-kf5.conf
[+0.00s] DEBUG:   [SeatDefaults] is now called [Seat:*], please update this 
configuration
[+0.00s] DEBUG: Loading configuration dirs from 
/usr/local/share/lightdm/lightdm.conf.d
[+0.00s] DEBUG: Loading configuration dirs from /etc/xdg/lightdm/lightdm.conf.d
[+0.00s] DEBUG: Loading configuration from /etc/lightdm/lightdm.conf
[+0.00s] DEBUG: Registered seat module local
[+0.00s] DEBUG: Registered seat module xremote
[+0.00s] DEBUG: Using D-Bus name org.freedesktop.DisplayManager
[+0.01s] DEBUG: Using cross-namespace EXTERNAL authentication (this will 
deadlock if server is GDBus < 2.73.3)
[+0.01s] DEBUG: _g_io_module_get_default: Found default implementation local 
(GLocalVfs) for ‘gio-vfs’
[+0.01s] DEBUG: Monitoring logind for seats
[+0.01s] DEBUG: New seat added from logind: seat0
[+0.01s] DEBUG: Seat seat0: Loading properties from config section Seat:*
[+0.01s] DEBUG: Seat seat0 has property CanMultiSession=no
[+0.01s] DEBUG: Seat seat0: Starting
[+0.01s] DEBUG: Seat seat0: Creating greeter session
[+0.01s] DEBUG: Seat seat0: Creating display server of type x
[+0.01s] DEBUG: Seat seat0: Plymouth is running on VT 1, but this is less than 
the configured minimum of 7 so not replacing it
[+0.01s] DEBUG: Quitting Plymouth
[+0.03s] DEBUG: Using VT 7
[+0.04s] DEBUG: Seat seat0: Starting local X display on VT 7
[+0.04s] DEBUG: XServer 0: Logging to /var/log/lightdm/x-0.log
[+0.04s] DEBUG: XServer 0: Writing X server authority to 
/var/run/lightdm/root/:0
[+0.04s] DEBUG: XServer 0: Launching X Server
[+0.04s] DEBUG: Launching process 1849: /usr/bin/X :0 -seat seat0 -auth 
/var/run/lightdm/root/:0 

Bug#1053335: gnuradio: Crash on startup, when using some gtk themes

[Witold Baryluk]

Package: gnuradio
Version: 3.10.7.0-3+b2
Severity: normal
X-Debbugs-Cc: witold.bary...@gmail.com


At least I do think it is related to a theme.

Thread 1 "python3" received signal SIGSEGV, Segmentation fault.
0x7ffee1cd45c2 in gtk_css_node_ensure_style (cssnode=0x2064a90 
[GtkCssWidgetNode], current_time=current_time@entry=5187726406826) at 
../../../gtk/gtkcssnode.c:987
987 ../../../gtk/gtkcssnode.c: No such file or directory.
(gdb) bt
#0  0x7ffee1cd45c2 in gtk_css_node_ensure_style (cssnode=0x2064a90 
[GtkCssWidgetNode], current_time=current_time@entry=5187726406826) at 
../../../gtk/gtkcssnode.c:987
#1  0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#2  gtk_css_node_ensure_style (cssnode=0x207edd0 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#3  0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#4  gtk_css_node_ensure_style (cssnode=0x209b100 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#5  0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#6  gtk_css_node_ensure_style (cssnode=0x20b53d0 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#7  0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#8  gtk_css_node_ensure_style (cssnode=0x20cf780 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#9  0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#10 gtk_css_node_ensure_style (cssnode=0x20e9ac0 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#11 0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#12 gtk_css_node_ensure_style (cssnode=0x2103e00 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
...
...
...
#6626 gtk_css_node_ensure_style (cssnode=0x179cce60 [GtkCssWidgetNode], 
current_time=current_time@entry=5187726406826) at ../../../gtk/gtkcssnode.c:1003
#6627 0x7ffee1cd4617 in gtk_css_node_ensure_style 
(current_time=5187726406826, cssnode=) at 
../../../gtk/gtkcssnode.c:983
#6628 gtk_css_node_ensure_style (cssnode=cssnode@entry=0x179e71e0 
[GtkCssWidgetNode], current_time=5187726406826) at 
../../../gtk/gtkcssnode.c:1003
#6629 0x7ffee1cd48c5 in gtk_css_node_ensure_style (current_time=, cssnode=0x179e71e0 [GtkCssWidgetNode]) at ../../../gtk/gtkcssnode.c:983
#6630 gtk_css_node_get_style (cssnode=0x179e71e0 [GtkCssWidgetNode]) at 
../../../gtk/gtkcssnode.c:1033
#6631 0x7ffee1e48e64 in gtk_style_context_lookup_style (context=) at ../../../gtk/gtkstylecontext.c:494
#6632 _gtk_style_context_peek_property (context=, 
property_id=78) at ../../../gtk/gtkstylecontext.c:1642
#6633 0x7ffee1ef6dc2 in gtk_widget_update_alpha (widget=0x179e7190 
[GtkModelMenuItem]) at ../../../gtk/gtkwidget.c:16097

#6634 0x7ffee1ef7117 in gtk_widget_realize (widget=widget@entry=0x179e7190 
[GtkModelMenuItem]) at ../../../gtk/gtkwidget.c:5541
#6635 0x7ffee1efa498 in gtk_widget_set_parent (widget=0x179e7190 
[GtkModelMenuItem], parent=0x1e75da0 [GtkMenuBar]) at 
../../../gtk/gtkwidget.c:9663
#6640 0x7ffee5a47243 in  (instance=, signal_id=, 
detail=) at ../../../gobject/gsignal.c:3675
#6636 0x7ffee5a2c540 in g_closure_invoke (closure=0x12b70d0, 
return_value=0x0, n_param_values=3, param_values=0x7f84cde0, 
invocation_hint=0x7f84cd30) at ../../../gobject/gclosure.c:832
#6637 0x7ffee5a3fc40 in signal_emit_unlocked_R
(node=node@entry=0x7f84cec0, detail=detail@entry=0, 
instance=instance@entry=0x1e75da0, emission_return=emission_return@entry=0x0, 
instance_and_params=instance_and_params@entry=0x7f84cde0)
at ../../../gobject/gsignal.c:3813
#6638 0x7ffee5a41501 in signal_emit_valist_unlocked 
(instance=instance@entry=0x1e75da0, signal_id=signal_id@entry=170, 
detail=detail@entry=0, var_args=var_args@entry=0x7f84d020)
at ../../../gobject/gsignal.c:3612
#6639 0x7ffee5a47186 in g_signal_emit_valist (instance=0x1e75da0, 
signal_id=170, detail=0, var_args=0x7f84d020) at 
../../../gobject/gsignal.c:3355
#6641 0x7ffee1db0eda in gtk_menu_tracker_add_items
(tracker=tracker@entry=0x1e75770, section=section@entry=0x1e78270, 
change_point=change_point@entry=0x1e78278, offset=offset@entry=0, 
model=model@entry=0x1e78130 [UnityGtkMenuSection], position=position@entry=0, 
n_items=) at ../../../gtk/gtkmenutracker.c:401
#6642 0x7ffee1db182a in gtk_menu_tracker_model_changed (model=0x1e78130 

Bug#1053334: Galera 4 not reproducible: post-build tests fail on build 2

[Otto Kekäläinen]

Package: galera-4
Severity: normal
Tags: help
Forwarded: https://github.com/codership/galera/issues/647


Currently 
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/galera-4.html
shows that build 2 is failing in unstable.

The difference between build 1 and build 2 is visible in
https://tests.reproducible-builds.org/debian/logdiffs/unstable/amd64/galera-4_26.4.16-1.diff.gz

Looking at the output the issue has something to do with TLS
connections timing out. Could perhaps be something as simple as TLS
certificates being expired / not valid in future (if the source code
has fixed certificates somewhere).

Bug#1053333: Extend Galera autopkgtests to run actual tests, and not be superficial

[Otto Kekäläinen]

Package: galera-4
Severity: wishlist
Tags: help
Forwarded: https://github.com/codership/galera/issues/646

Currently the Debian CI system runs superficial tests and thus the
Debian CI system shows 'neutral' for Galera. Lintian also nags about
'superficial-tests'.

Implementing a new tests 'upstream' to be along the existing 'smoke'
could be not-superficial and solve this issue, and offer better
confidence in Galera showing correct status in Debian CI.

Bug#1053332: RFS: python-cloudscraper/1.2.69-2 [ITP] -- Python module to bypass Cloudflare's anti-bot page

[Carles Pina i Estany]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "python-cloudscraper":

 * Package name : python-cloudscraper
   Version  : 1.2.69-2
   Upstream contact : [fill in name and email of upstream]
 * URL  : https://github.com/VeNoMouS/cloudscraper
 * License  : MIT
 * Vcs  : https://github.com/VeNoMouS/cloudscraper
   Section  : python

The source builds the following binary packages:

  python3-cloudscraper - Python module to bypass Cloudflare's anti-bot page

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/python-cloudscraper/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/p/python-cloudscraper/python-cloudscraper_1.2.69-2.dsc

Changes for the initial release:

 python-cloudscraper (1.2.69-2) unstable; urgency=medium
 .
   * Initial release. (Closes: #1053134)

Regards,
-- 
  Carles Pina i Estany

Bug#1053331: bettercap-caplets: Unsatisfiable dependency on bettercap-ui

[Jeremy Bícha]

Source: bettercap-caplets
Version: 0+git20210429-1
Severity: serious
Control: block -1 by 1024640

bettercap-caplets is uninstallable because it depends on bettercap-ui
which does not exist in Debian.

Thank you,
Jeremy Bícha

Bug#1053330: xournal: Should not depend on transitional package ghostscript-x

[Witold Baryluk]

Package: xournal
Version: 1:0.4.8.2016-7+b1
Severity: normal
X-Debbugs-Cc: witold.bary...@gmail.com

Dependency on ghostscript-x should be switched to ghostscript package
instead.

ghostscript-x is transitional package that just installs ghostscript.

There are only few remaining package that still depend on it (xournal,
latex2html, gv being last few ones).

Bug#1036873: Don't Depend on transitional package ghostscript-x

[Witold Baryluk]

Package: gv
Version: 1:3.7.4-2+b1
Followup-For: Bug #1036873
X-Debbugs-Cc: witold.bary...@gmail.com

Dear Maintainer,

any updates on this? I do not see gv sources on salsa, so I am not sure
how to update the pacakge otherwise (I am not DD).

Should be one line change to switch from ghostscript-x to ghostscript.

I know there were no releases of gv in many many years, but the program
just works and is quite useful (It is one of the fastests postscript
viewers).

Regards,
Witold

Bug#1053329: gimp-gmic: new upstream version available

[Oswald Buddenhagen]

Package: gimp-gmic
Version: 2.9.4-4+b4
Severity: wishlist

the current stable version is 3.3.0 as of now. the debian package lags 
it quite a bit.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gimp-gmic depends on:
ii  gimp  2.10.34-1
ii  libbabl-0.1-0 1:0.1.106-2
ii  libc6 2.37-7
ii  libfftw3-double3  3.3.10-1
ii  libgcc-s1 13.2.0-3
ii  libgegl-0.4-0 1:0.4.46-3
ii  libgimp2.02.10.34-1
ii  libglib2.0-0  2.77.3-1
ii  libgmic1  2.9.4-4+b4
ii  libgomp1  13.2.0-3
ii  libqt5core5a  5.15.10+dfsg-3
ii  libqt5gui55.15.10+dfsg-3
ii  libqt5network55.15.10+dfsg-3
ii  libqt5widgets55.15.10+dfsg-3
ii  libstdc++613.2.0-3
ii  libx11-6  2:1.8.6-1
ii  zlib1g1:1.2.13.dfsg-3

gimp-gmic recommends no packages.

Versions of packages gimp-gmic suggests:
pn  gmic  

-- no debconf information

Bug#1053242: ibus: Keyboard input gets jumbled when typing fast

[Gunnar Hjalmarsson]

Control: tags -1 + bookworm
Control: fixed -1 ibus/1.5.28-6
Control: severity -1 wishlist

Hi Billy,

On 2023-09-29 22:23, Billy Croan wrote:

I am requesting a backport of ibus' fix to stable/bookworm:
https://github.com/ibus/ibus/pull/2532/commits


There have been quite a few improvements between ibus 1.5.27-5 in 
bookworm and 1.5.29~rc1-1 in trixie, and I think a backport to bookworm 
would be a reasonable measure. That would include many other things 
besides the PR you mention.


I prepared such an upload here:

https://salsa.debian.org/debian/ibus/-/commits/bookworm-bpo

I have successfully used that branch to build and install ibus locally 
in Debian 12 (amd64), and confirmed with some basic checks that it runs 
as expected. If you know how to build, it would be good if you too could 
build and test it.


--
Rgds,
Gunnar Hjalmarsson

Bug#1052584: linux-image-6.5.0-1-amd64: NFS4 stopped working in 6.5 with SELinux error

[Michal Kaspar]

Hi Slavatore.
I've tried to build a new kernel image with the patch mentioned and it 
seems it works well. I was able to mount NFS 4 shares with no problem so 
this patch indeed solves the problem reported for me.

Thank you for your help

On 25. 09. 23 10:01, Salvatore Bonaccorso wrote:

Control: tags -1 + moreinfo

Hi Michal,

On Mon, Sep 25, 2023 at 12:52:16AM +0200, Michal Kaspar wrote:

Package: src:linux
Version: 6.5.3-1
Severity: normal

Dear Maintainer,
After upgrading to kernel version 6.5.0-1-amd64, the NFS4 stopped
working on the station. Whe trying to mount nf4 FS, the mount fails with
error:
mount.nfs: an incorrect mount option was specified for
The kernel log contains error message:
kernel: SELinux: Unable to set superblock options before the security server
is initialized
This puzzles me a bit as I've got SELinux disabled (don't even have
SELinux userspace installed, /sys/fs/selinux/enforce says 0). Tried
booting with selinux=0 boot parameter but with the same result.
Rebooting wih previou (6.4.0-4-amd64) kernel version fixes the problem
immediately.

I suspect this is fixed by
https://git.kernel.org/linus/ccf1dab96be4caed7c5235b1cfdb606ac161b996
in 6.6-rc2, and which went into 6.5.5 (will be included on next
unstable upload).

Can you apply the patch on top to confirm if that fixes the issue for
you?

Regards,
Salvatore

Bug#1042967: Your mail

[Nilesh Patra]

Control: forwarded -1 https://github.com/Nheko-Reborn/nheko/issues/1574

On Sun, 24 Sep 2023 10:11:23 + ZenWalker  wrote:

Did you report it at upstream?

https://github.com/Nheko-Reborn/nheko/issues


I've just done so.

Bug#1042057: binNMUs needed for new pandoc in *stable

[Adam D. Barratt]

On Sun, 2023-10-01 at 18:37 +0100, Adam D. Barratt wrote:
> wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to
> clear version space for rebuilds in stable; see #1042058"
> wb nmu 6 gitit haskell-hakyll . ANY . bookworm . -m "Rebuild against
> new pandoc; see #1042058"
> wb nmu 2 gitit haskell-hakyll . ANY . bullseye . -m "Rebuild against
> new pandoc; see #1042057"

The packages don't build in unstable currently, so I've binNMUed them
in testing and we'll see if we can get them prop-upped.

For bullseye, haskell-hakyll ends up needing a version of haskell-
pandoc-citeproc built against the newer pandoc, so I've binNMUed that
as well.

Regards,

Adam

Bug#1043043: UDD patches: marks Forwarded as invalid if not 'no', 'not-needed', 'yes' or URL

[Richard Lewis]

On Mon, 7 Aug 2023 01:19:38 +0200 Guillem Jover  wrote:

> On Fri, 2023-08-04 at 23:35:27 -0300, David da Silva Polverari wrote:

> > When using https://udd.debian.org/patches.cgi, I notice that whenever
> > the Forwarded field contains anything other than "no", "not-needed",
> > "yes" or an URL, it gets marked as invalid.
>

Even 'Forwarded: yes' is regarded as invalid - see here:

https://udd.debian.org/patches.cgi?src=chkrootkit=0.58b-1

the patches marked "invalid" have been sent upstream by email but, sadly,
there is no upstream bug tracker or url , so no url to include.

it looks like this comes from
https://salsa.debian.org/qa/udd/-/blob/master/rimporters/patches.rb#206-222

line 222 requires that 'Forwarded: yes' be accompanied by a 'Bug' field
(and on line 208 the bug must be http(s) url). This seems stricter than
DEP3 ("Any value other than "no" or "not-needed" means that the patch has
been forwarded upstream. Ideally the value is an URL proving that it has
been forwarded and where one can find more information about its inclusion
status.")

and then
https://salsa.debian.org/qa/udd/-/blob/master/web/patches.cgi i assume
renders these as invalid.

the simplest fix looks.like having line 222 in patches.rb say

pa['forwarded_short'] = 'yes'

(and then modify
https://salsa.debian.org/qa/udd/-/blob/master/web/patches.cgi#194 to only
have the  if e[:forwarded_url] is set)

Or patches.rb could allow mailto: in the same way as http(s)?

(either looks quite easy, and i could send a MR -  but i dont know how to
test it)

Bug#1053328: pycryptodome: Baseline violation on i386 and test FTBFS on !x86

[Adrian Bunk]

Source: pycryptodome
Version: 3.18.0+dfsg1-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=pycryptodome=3.18.0%2Bdfsg1-1

...
[  1%] Building C object CMakeFiles/mont.dir/<>/src/mont.c.o
cc: error: unrecognized command-line option ‘-mssse3’
cc: error: unrecognized command-line option ‘-mpclmul’
cc: error: unrecognized command-line option ‘-maes’
make[4]: *** [CMakeFiles/mont.dir/build.make:76: 
CMakeFiles/mont.dir/<>/src/mont.c.o] Error 1



- SSE is not part of the i386 baseline
- trying to run the tests with "-mssse3 -mpclmul" FTBFS on !x86
  (m68k and sh4 are building with nocheck)

Bug#1053327: p11-kit: Please add nodoc build profile

[Samuel Thibault]

Package: p11-kit
Version: 0.25.0-4
Severity: important
Tags: patch

Hello,

p11-kit's build-dependency on gtk-doc-tools introduces an ample
dependency loop. This can be avoided by adding a nodoc profile, as the
attached patch does (chmod +x debian/p11-kit.install is needed for
dh-exec to work).

Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.5.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages p11-kit depends on:
ii  libc62.37-10
ii  libp11-kit0  0.25.0-4
ii  libtasn1-6   4.19.0-3
ii  p11-kit-modules  0.25.0-4

p11-kit recommends no packages.

p11-kit suggests no packages.

-- no debconf information
--- debian/control.original 2023-10-01 19:17:48.0 +
+++ debian/control  2023-10-01 19:41:49.0 +
@@ -4,8 +4,8 @@
 Uploaders:
  Andreas Metzler ,
 Build-Depends:
- debhelper-compat (= 13),
- gtk-doc-tools,
+ debhelper-compat (= 13), dh-exec,
+ gtk-doc-tools ,
  libbsd-dev [kfreebsd-any hurd-any],
  libffi-dev,
  libtasn1-6-dev,
@@ -89,6 +89,7 @@
  policy module.
 
 Package: p11-kit-doc
+Build-Profiles: 
 Architecture: all
 Section: doc
 Depends:
--- debian/rules.original   2023-10-01 19:19:03.0 +
+++ debian/rules2023-10-01 19:19:34.0 +
@@ -5,11 +5,15 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+ifeq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
+  DOC=--enable-doc
+endif
+
 override_dh_auto_configure:
dh_auto_configure --verbose -- \
--disable-silent-rules \
--with-trust-paths=/etc/ssl/certs/ca-certificates.crt \
-   --with-hash-impl=internal --enable-doc
+   --with-hash-impl=internal $(DOC)
 
 override_dh_makeshlibs:
# Force keeping symbol file up to date.
--- debian/p11-kit.install.original 2023-10-01 19:42:06.0 +
+++ debian/p11-kit.install  2023-10-01 19:42:11.0 +
@@ -1,6 +1,7 @@
+#!/usr/bin/dh-exec
 /usr/libexec/p11-kit/p11-kit-remote
 /usr/libexec/p11-kit/p11-kit-server
 usr/bin/*
 usr/share/locale/*/*/p11-kit.mo
-usr/share/man/man[158]/*
+ usr/share/man/man[158]/*
 usr/share/p11-kit/modules/p11-kit-trust.module

Bug#1026430: more bugs to account for than upstream is aware of

[debbug . 1026430]

Package: profanity
Version: 0.13.1-1~bpo11+1
Followup-For: Bug #1026430
X-Debbugs-Cc: debbug.1026...@sideload.33mail.com

The scenario captured in bug 1026430 actually expands into 4 bugs. Upstream bug 
report 1615¹ seems to capture sub bug 1 (the mere fact that fingerprints are 
lost) but not sub bugs 2—4.

If upstream bug 1615 is resolved by merely mitigating the key loss, what 
happens when there is no key for someone to begin with?  Or when a key expires? 
 More guard conditionals are needed to ensure a msg doesn’t go out to a group 
without everyone’s pubkey first being completely resolved. This check should 
ideally be performed before the sender even begins typing a msg.

1. https://github.com/profanity-im/profanity/issues/1615

Bug#1053326: src:python-xsdata: fails to migrate to testing for too long: uploader built arch:all

[Paul Gevers]

Source: python-xsdata
Version: 23.7-1
Severity: serious
Control: close -1 23.8-1
Tags: sid trixie pending
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:python-xsdata has been trying to migrate 
for 31 days [2]. Hence, I am filing this bug.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


Your package is only blocked because the arch:all binary package(s) 
aren't built on a buildd. Unfortunately the Debian infrastructure 
doesn't allow arch:all packages to be properly binNMU'ed. Hence, I will 
shortly do a no-changes source-only upload to DELAYED/15, closing this 
bug. Please let me know if I should delay or cancel that upload.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=python-xsdata



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053325: src:sugar-artwork: fails to migrate to testing for too long: cruft not auto removed

[Paul Gevers]

Source: sugar-artwork
Version: 0.120-1
Severity: serious
Control: close -1 0.120-2
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:sugar-artwork has been trying to migrate 
for 31 days [2]. Hence, I am filing this bug. The version in unstable 
seems to have stopped building arch specific binaries. This situation 
isn't handled well automatically so you'll need to talk to ftp-master to 
get the right packages removed.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=sugar-artwork



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053310: exim4-base: Various severe CVE reports are outstanding

[Andreas Metzler]

On 2023-10-01 Andreas Metzler  wrote:
> On 2023-10-01 Rainer Dorsch  wrote:
[...]
> > It would help if there would be a statement by the Debian exim
> > maintainer team, by when updates are expected to arrive.

> > This would at least help to judge, if I should migrate my systems to
> > postfix or if I can wait for a bugfix.
> [...]

> Hello Rainer,

> Upstream is coordinating with various Linux distribution on the timing
> of the update. I cannot publish these confidential communications.

Tentative timeline: tomorrow (Monday).

Further details on the bugs' scope and mitigations:
https://www.openwall.com/lists/oss-security/2023/10/01/4

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Bug#1050684:

[debian . doorbell912]

According to https://packages.debian.org/trixie/clang it was bumped to
clang-16 and this bug is fixed and can be closed. Thank you!

Bug#1053324: util-linux: Need to drop asciidoctor build-dep in stage1

[Samuel Thibault]

Package: util-linux
Version: 2.39.2-2
Severity: important

Hello,

As mentioned in the 2.37.2-1 changelog:

We should figure out how to skip asciidoctor for stage1 builds, as it is
not strictly necessary except for some edge cases.

The asciidoctor build-dep indeed brings an ample dependency loop through
ruby (!) so we want to break that loop :)

The attached patch does get the package built in stage1 without the
manpages.

Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.5.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages util-linux depends on:
ii  libblkid1  2.39.2-2
ii  libc6  2.37-10
ii  libcap-ng0 0.8.3-1+b3
ii  libcrypt1  1:4.4.36-2
ii  libmount1  2.39.2-2
ii  libpam0g   1.5.2-7
ii  libselinux13.5-1
ii  libsmartcols1  2.39.2-2
ii  libsystemd0254.4-1
ii  libtinfo6  6.4+20230625-2
ii  libudev1   254.4-1
ii  libuuid1   2.39.2-2
ii  zlib1g 1:1.2.13.dfsg-3

Versions of packages util-linux recommends:
ii  sensible-utils  0.0.20

Versions of packages util-linux suggests:
ii  dosfstools  4.2-1
ii  kbd 2.5.1-1+b1
ii  util-linux-extra2.39.2-2
ii  util-linux-locales  2.39.2-2

-- no debconf information

-- 
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.
--- debian/control.original 2023-10-01 18:17:59.0 +
+++ debian/control  2023-10-01 18:18:07.0 +
@@ -1,6 +1,6 @@
 Source: util-linux
 Build-Depends:
- asciidoctor,
+ asciidoctor ,
  bc ,
  bison,
  debhelper-compat (= 13),
--- debian/rules.original   2023-10-01 21:04:31.151276173 +0200
+++ debian/rules2023-10-01 21:04:40.451338687 +0200
@@ -123,7 +123,11 @@
rm -rf debian/*-udeb/usr/share/doc
 
 override_dh_installman:
+ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+   :
+else
dh_installman --language=C
+endif
 
 override_dh_missing:
dh_missing --list-missing

Bug#1032864: labwc ITP bug more info

[Louis-Philippe Véronneau]

My initial efforts can be found here: https://salsa.debian.org/pollo/labwc

--
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄

Bug#1053323: onak: purging onak will leave a lot of files behind

[Alexandre Detiste]

Package: onak
Version: 0.6.2-1
Severity: normal

"dpkg --purge onak" should set back the system in 
a clean state.

These are left behind:

/var/lib/onak
/var/lib/onak/__db.001
/var/lib/onak/__db.002
/var/lib/onak/__db.003
/var/lib/onak/id32db
/var/lib/onak/id64db
/var/lib/onak/keydb.0.db
/var/lib/onak/keydb.1.db
/var/lib/onak/keydb.10.db
/var/lib/onak/keydb.11.db
/var/lib/onak/keydb.12.db
/var/lib/onak/keydb.13.db
/var/lib/onak/keydb.14.db
/var/lib/onak/keydb.15.db
/var/lib/onak/keydb.2.db
/var/lib/onak/keydb.3.db
/var/lib/onak/keydb.4.db
/var/lib/onak/keydb.5.db
/var/lib/onak/keydb.6.db
/var/lib/onak/keydb.7.db
/var/lib/onak/keydb.8.db
/var/lib/onak/keydb.9.db
/var/lib/onak/log.01
/var/lib/onak/num_keydb
/var/lib/onak/skshashdb
/var/lib/onak/subkeydb
/var/lib/onak/worddb


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages onak depends on:
ii  adduser  3.137
ii  libc62.37-10
ii  libcurl3-gnutls  8.2.1-2
ii  libdb5.3 5.3.28+dfsg2-2
ii  libgmp10 2:6.3.0+dfsg-2
ii  libhogweed6  3.9.1-2
ii  libnettle8   3.9.1-2
ii  perl 5.36.0-9

Versions of packages onak recommends:
ii  lighttpd [httpd] 1.4.71-1+exp1
ii  micro-httpd [httpd]  20140814-2.1+b2

Versions of packages onak suggests:
pn  db-util  

Bug#781748: Confirmed in 4.2.5

[Chris Carr]

Tags: confirmed

Bug#1053220: lemonldap-ng 2.0.11+ds-4+deb11u5 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053220 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: lemonldap-ng
Version: 2.0.11+ds-4+deb11u5

Explanation: fix open redirection when OIDC RP has no redirect URIs; fix Server 
Side Request Forgery issue [CVE-2023-44469]; fix open redirection due to 
incorrect escape handling

Bug#1035464: lttng-modules 2.12.5-1+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1035464 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: lttng-modules
Version: 2.12.5-1+deb11u1

Explanation: fix build issues with newer kernel versions

Bug#1053292: amd64-microcode 3.20230808.1.1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053292 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: amd64-microcode
Version: 3.20230808.1.1~deb12u1

Explanation: update included microcode, including fixes for "AMD Inception" on 
AMD Zen4 processors [CVE-2023-20569]

Bug#1053290: amd64-microcode 3.20230808.1.1~deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053290 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: amd64-microcode
Version: 3.20230808.1.1~deb11u1

Explanation: update included microcode, including fixes for "AMD Inception" on 
AMD Zen4 processors [CVE-2023-20569]

Bug#1053267: hickle: test_H5NodeFilterProxy fails with h5py 3.9.0: Unable to delete attribute (no write intent on file)

[Edward Betts]

Thanks for the patch.

I've applied it and uploaded a new version of hickle.

Cheers,

Edward

Bug#1053272: rmlint 2.9.0-2.5~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053272 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: rmlint
Version: 2.9.0-2.5~deb12u1

Explanation: fix GUI startup failure with recent python3.11

Bug#1053271: cpio 2.13+dfsg-7.1~deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053271 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: cpio
Version: 2.13+dfsg-7.1~deb11u1

Explanation: fix arbitrary code execution issue [CVE-2021-38185]; replace 
Suggests: on libarchive1 with libarchive-dev

Bug#1053270: curl 7.74.0-1.3+deb11u9 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053270 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: curl
Version: 7.74.0-1.3+deb11u9

Explanation: fix improper certificate validation issue [CVE-2023-28321], 
information disclosure issue [CVE-2023-28322]

Bug#1053219: lemonldap-ng 2.16.1+ds-deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053219 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: lemonldap-ng
Version: 2.16.1+ds-deb12u2

Explanation: fix open redirection when OIDC RP has no redirect URIs; fix Server 
Side Request Forgery issue [CVE-2023-44469]

Bug#1053189: foot 1.13.1-2+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053189 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: foot
Version: 1.13.1-2+deb12u1

Explanation: ignore XTGETTCAP queries with invalid hex encodings

Bug#1053316: polymake: Causes FTBFS for gap-polymaking by failing tests

[David Bremner]

Joachim Zobel  writes:

> Package: polymake
> Version: 4.6-5+b2
> Severity: important
>
> Dear Maintainer,
>
> The package polymake causes a FTBFS in its GAP interface package 
> gap-polymaking
> when building for trixie.
>

I'm currently waiting to see what happens with

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042521

before putting much effort into debugging polymake issues.

d

Bug#1053322: ceres-solver FTBFS with suitesparse 7.2.0

[Adrian Bunk]

Source: ceres-solver
Version: 2.1.0+really2.1.0+dfsg-2
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/ceres-solver/ceres-solver/issues/1009
Control: affects -1 src:colmap src:openturns src:sight

https://buildd.debian.org/status/fetch.php?pkg=ceres-solver=loong64=2.1.0%2Breally2.1.0%2Bdfsg-2=1695853727=0

...
CMake Error at internal/ceres/CMakeLists.txt:329 (target_link_libraries):
  Target "ceres" links to:

CXSparse::CXSparse

  but the target was not found.  Possible reasons include:

* There is a typo in the target name.
* A find_package call is missing for an IMPORTED target.
* An ALIAS target is missing.
...

Bug#1038861: [Pkg-shadow-devel] Bug#1038861: login updates login.defs, adds options that old groupmod doesn't understand

[pillule]

Hello,

I am upgrading my debian 11 to debian 12 and all my systems are affected
by this bug. The systems are fully upgraded and the bug is persistent.

$ apt info login
[...]
Version: 1:4.13+dfsg-1+b1
[...]

$ apt info passwd
[...]
Version: 1:4.13+dfsg1-1+b1
[...]

No only the upgrade process is affected, but most commands that read
/etc/login.defs : useradd, userdell, groupmems, ... etc.

As I am an user of QubesOS, I reported the bug first on :
https://github.com/QubesOS/qubes-issues/issues/8559

It should not matter as the relevant programs come from debian bookworm
stable.

Cdlt

Bug#781747: Fixed in 4.2.5

[Chris Carr]

Tags: pending

Bug#778811: Fixed in 4.2.5

[Chris Carr]

Tags: pending

Bug#780770: The show_damage option does not show spell damage

[Chris Carr]

Tags: upstream, confirmed

Bug#1053321: RM: google-android-platform-33-upsidedowncakeprivacysandbox-installer -- ROM; NVIU

[Fab Stz]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: google-android-install...@packages.debian.org
Control: affects -1 + src:google-android-installers


Please remove:

google-android-platform-33-upsidedowncakeprivacysandbox-installer

because it is now replaced by:

google-android-platform-34-upsidedowncakeprivacysandbox-installer

Actually the package should have been named with "34" since the beginning.

Regards
Fab

Bug#1053267: hickle: test_H5NodeFilterProxy fails with h5py 3.9.0: Unable to delete attribute (no write intent on file)

[Nilesh Patra]

Control: tags -1 patch

Hi Edward,

Quoting Drew Parsons:

 62s """
 62s
 62s # load data and try to directly modify 'type' and 'base_type' 
Attributes
 62s # which will fail cause hdf5 file is opened for read only
 62s h5_node = h5_data['somedata']
 62s with pytest.raises(OSError):
 62s try:
 62s >   h5_node.attrs['type'] = pickle.dumps(list)
 62s
 62s 
/tmp/autopkgtest-lxc.kwo7jiul/downtmp/build.aWU/src/hickle/tests/test_01_hickle_helpers.py:126:
 62s _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _
...
 62s >   ???
62s E   KeyError: 'Unable to delete attribute (no write intent on file)'


This seems to have only changed the kind of error pytest is throwing, and I've 
attached a patch trivial fix.
Please consider to apply and upload soonish since hickle is the last package 
blocking the transition
of new h5py to testing (rest packages have been fixed).

Best,
Nilesh--- a/hickle/tests/test_01_hickle_helpers.py
+++ b/hickle/tests/test_01_hickle_helpers.py
@@ -121,16 +121,16 @@
 # load data and try to directly modify 'type' and 'base_type' Attributes
 # which will fail cause hdf5 file is opened for read only
 h5_node = h5_data['somedata']
-with pytest.raises(OSError):
+with pytest.raises(KeyError):
 try:
 h5_node.attrs['type'] = pickle.dumps(list)
 except RuntimeError as re:
-raise OSError(re).with_traceback(re.__traceback__)
-with pytest.raises(OSError):
+raise KeyError(re).with_traceback(re.__traceback__)
+with pytest.raises(KeyError):
 try:
 h5_node.attrs['base_type'] = b'list'
 except RuntimeError as re:
-raise OSError(re).with_traceback(re.__traceback__)
+raise KeyError(re).with_traceback(re.__traceback__)
 
 # verify that 'type' expands to tuple before running
 # the remaining tests

Bug#1053276: polyphone: update d/watch

[Thorsten Glaser]

Hi Patrice,

>I just tried to use uscan with the current packaging and faced trouble
>with its watch file.

yes, the last upload of polyphone was before the bookworm release,
and just as we had the bookworm freeze, github broke ALL watch
files (by changing their URLs in an incompatible way), so all
packages with watch files on github need new uploads to fix that.

Given that watch files are for the maintainer mostly, that has
low priority usually though.

I suspect you’ll want an upgrade to version 2.3 then… I will
have at it when I find the time (currently dayjob-busy plus
an upcoming concert AND extra vocal training õÕ).

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1053320: opentyrian: redo the "missing data" patch using SDL2 SDL_ShowMessageBox()

[Alexandre Detiste]

Package: opentyrian
Version: 2.1.20221123-1
Severity: minor

I re-read #856810 and noticed that this task can now be done.

> smcv / Sun, 5 Mar 2017 13:20:26
>
> We'll hopefully have something better for buster,
> probably using SDL2's SDL_ShowMessageBox() rather than subprocesses
> (but at the moment opentyrian is still stuck on SDL1).

Better do it smartly: provide a generic feature upstream
that can be overiden with a configure option.

Greetings,

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opentyrian depends on:
ii  game-data-packager  76
ii  libc6   2.37-10
ii  libsdl2-2.0-0   2.28.3+dfsg-3
ii  libsdl2-net-2.0-0   2.2.0+dfsg-2

opentyrian recommends no packages.

Versions of packages opentyrian suggests:
ii  kdialog4:22.12.3-1
ii  libnotify-bin  0.8.2-1
ii  x11-utils  7.7+5
ii  yad7.2-1
ii  zenity 3.44.2-1

-- no debconf information

Bug#1053319: Retained file handles after a tab was closed

[julien . puydt]

Package: firefox-esr
Version: 115.3.0esr-1

I only report it now because I noticed this recently, but I don't think
I had the issue in last may.

On one of the sites I have to use professionally, after a file was
uploaded and I disconnect from the site and close the tab, lsof shows
the file handle is still used by firefox ; and if the file is on an usb
key, I have to force the ejection as it means it's seen as busy (which
is how I detected the issue).

Cheers,

J.Puydt

Bug#1042057: binNMUs needed for new pandoc in *stable

[Adam D. Barratt]

On Sun, 2023-10-01 at 19:57 +0300, Adrian Bunk wrote:
> On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote:
> > ...
> > The Security Team decided not to issue a DSA for that CVE, but it's
> > now fixed in
> > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so
> > it makes sense
> > to fix it via (o)s-pu too.
> > ...
> 
> In all 3 distributions this made libghc-{gitit,hakyll}-{dev,prof} 
> uninstallable due to changed libghc-pandoc-{dev,prof}-* provides,
> e.g.:
>   The following packages have unmet dependencies:
>libghc-gitit-dev : Depends: libghc-pandoc-dev-2.17.1.1-35d44
> 
> For bullseye/bookworm this should be fixed with:
> 
>   wb nmu gitit . ANY . bookworm . -m 'Rebuild against new pandoc'
>   wb nmu haskell-hakyll . ANY . bookworm . -m 'Rebuild against new
> pandoc'
> 
>   wb nmu gitit . ANY . bullseye . -m 'Rebuild against new pandoc'
>   wb nmu haskell-hakyll . ANY . bullseye . -m 'Rebuild against new
> pandoc'
> 

Both packages already have binNMUs, so need the binNMU number
specifying. Both already have binNMUs in stable and unstable that have
consecutive versions, so I've scheduled higher-versioned ones in
unstable to make some room:

wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to clear version 
space for rebuilds in stable; see #1042058"
wb nmu 6 gitit haskell-hakyll . ANY . bookworm . -m "Rebuild against new 
pandoc; see #1042058"
wb nmu 2 gitit haskell-hakyll . ANY . bullseye . -m "Rebuild against new 
pandoc; see #1042057"

Regards,

Adam

Bug#1053318: python3-plotly: imshow displays no data

[Sig T-M]

Package: python3-plotly
Version: 5.15.0+dfsg1-1
Severity: normal
X-Debbugs-Cc: siggy...@gmail.com

Dear Maintainer,

I recently updated from bullseye to bookworm and I've not been able to get
plotly's imshow to work since. First, there's a version mismatch in stable -
using imshow results in the following error:

AttributeError: module 'numpy' has no attribute 'bool'.
`np.bool` was a deprecated alias for the builtin `bool`. To avoid this error in
existing code, use `bool` by itself. Doing this will not modify any behavior
and is safe. If you specifically wanted the numpy scalar type, use `np.bool_`
here.
The aliases was originally deprecated in NumPy 1.20; for more details and
guidance see the original release note at:
https://numpy.org/devdocs/release/1.20.0-notes.html#deprecations

plotly fixed this error in May
(https://github.com/plotly/plotly.py/issues/3403) but I guess that version has
not made it into stable yet. stable has plotly v5.4.1 and numpy v1.24.2

So then I tried the testing version (5.15.0) and ran into a different problem -
imshow displays completely blank axes. You can see this with the example code
from https://plotly.com/python/imshow/:

import plotly.express as px
import numpy as np
img_rgb = np.array([[[255, 0, 0], [0, 255, 0], [0, 0, 255]],
[[0, 255, 0], [0, 0, 255], [255, 0, 0]]
   ], dtype=np.uint8)
fig = px.imshow(img_rgb)
fig.show()

I don't know what to do about it aside from reporting it.

Thanks very much,
Sig


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-plotly depends on:
ii  python33.11.2-1+b1
ii  python3-decorator  5.1.1-3
ii  python3-nbformat   5.5.0-1
ii  python3-requests   2.28.1+dfsg-1
ii  python3-tenacity   8.2.1-1
ii  python3-tz 2022.7.1-4

python3-plotly recommends no packages.

Versions of packages python3-plotly suggests:
ii  ipython38.5.0-4
ii  python3-ipykernel   6.17.0-1
ii  python3-matplotlib  3.6.3-1+b1
ii  python3-pandas  1.5.3+dfsg-2
ii  python3-scipy   1.10.1-2

-- no debconf information

Bug#986714: fedora-messaging: changing from ITP to RFP

[Sergio Cipriano]

retitle 986714 RFP: fedora-messaging -- A framework for declaring message 
schemas

noowner 986714

thanks 

I am no longer interested in packaging fedora-messaging. If anyone is
interested in packaging it, there is a working version [1] that I made 2
years ago when I was trying to update pagure to the latest version.

[1]: https://salsa.debian.org/sergiosacj/fedora-messaging


signature.asc
Description: PGP signature

Bug#984741: pagure-messages: changing from ITP to RFP

[Sergio Cipriano]

retitle 984741 RFP: pagure-messages -- A schema package for messages sent by 
pagure

noowner 984741

thanks

I am no longer interested in packaging pagure-messages. If anyone is
interested in packaging it, there is a working version [1] that I made 2
years ago when I was trying to update pagure to the latest version.

[1]: https://salsa.debian.org/sergiosacj/pagure-messages

--
Sergio Cipriano


signature.asc
Description: PGP signature

Bug#1042057: binNMUs needed for new pandoc in *stable

[Adrian Bunk]

On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote:
>...
> The Security Team decided not to issue a DSA for that CVE, but it's now fixed 
> in
> buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so it makes 
> sense
> to fix it via (o)s-pu too.
>...

In all 3 distributions this made libghc-{gitit,hakyll}-{dev,prof} 
uninstallable due to changed libghc-pandoc-{dev,prof}-* provides, e.g.:
  The following packages have unmet dependencies:
   libghc-gitit-dev : Depends: libghc-pandoc-dev-2.17.1.1-35d44

For bullseye/bookworm this should be fixed with:

  wb nmu gitit . ANY . bookworm . -m 'Rebuild against new pandoc'
  wb nmu haskell-hakyll . ANY . bookworm . -m 'Rebuild against new pandoc'

  wb nmu gitit . ANY . bullseye . -m 'Rebuild against new pandoc'
  wb nmu haskell-hakyll . ANY . bullseye . -m 'Rebuild against new pandoc'

This might result in the Provides of libghc-{gitit,hakyll}-{dev,prof} changing,
but these are leaf packages.

cu
Adrian

Bug#1053276: polyphone: update d/watch

[Patrice Duroux]

Hi Thorsten,
I just tried to use uscan with the current packaging and faced trouble
with its watch file.
Sure, regarding my patch,do whatever you want moreover if you don't
like using the @@ variables.
Regards,
Patrce

Le dim. 1 oct. 2023 à 00:42, Thorsten Glaser  a écrit :
>
> Hello Patrice,
>
> >Here is a suggested patch for this.
>
> for this what? Is there a problem with the watch file,
> other than the usual github changed their links one?
>
> I’ve had a fix for the latter in another package of mine
> for a long time already but hadn’t had uploaded polyphone
> yet. I guess I should probably do that some time. I have
> committed the fixed d/watch file now.
>
> Is there anything you still think needs changing?
>
> I don’t like these @magicstring@ thingies very much and
> would prefer to not apply them.
>
> Thanks,
> //mirabilos
> --
>  you introduced a merge commit│ % g rebase -i HEAD^^
>  sorry, no idea and rebasing just fscked │ Segmentation
>  should have cloned into a clean repo  │  fault (core dumped)
>  if I rebase that now, it's really ugh │ wuahh

Bug#1052361: cups 2.4.2-3+deb12u3 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052361 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.4.2-3+deb12u3

Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix 
unauthenticated access issue [CVE-2023-32360]

Bug#1053221: python-git 3.1.30-1+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053221 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: python-git
Version: 3.1.30-1+deb12u2

Explanation: fix remote code execution issue [CVE-2023-40267], blind local file 
inclusion issue [CVE-2023-41040]

Bug#1052361: cups 2.4.2-3+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052361 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.4.2-3+deb12u2

Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix 
unauthenticated access issue [CVE-2023-32360]

Bug#1053317: freerdp2: Watchfile does only find partial results

[Tobias Frost]

Source: freerdp2
Severity: minor
Control: tags -1 patch

DearMaintainer,

When trying to download 2.0.0 for LTS, I found that the current watch
file does not find all releases. The attached watch file fixes this.
(It seems also not to find the version 3 releases)

old one finds:
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.2.tar.gz (2.11.2) 
index=2.11.2-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.2.tar.gz (2.11.2) 
index=2.11.2-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.1.tar.gz (2.11.1) 
index=2.11.1-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.1.tar.gz (2.11.1) 
index=2.11.1-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.0.tar.gz (2.11.0) 
index=2.11.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.11.0.tar.gz (2.11.0) 
index=2.11.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.10.0.tar.gz (2.10.0) 
index=2.10.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.10.0.tar.gz (2.10.0) 
index=2.10.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.9.0.tar.gz (2.9.0) 
index=2.9.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.9.0.tar.gz (2.9.0) 
index=2.9.0-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.8.1.tar.gz (2.8.1) 
index=2.8.1-1
   https://github.com/FreeRDP/FreeRDP/archive/refs/tags/2.8.1.tar.gz (2.8.1) 
index=2.8.1-1

new one finds:
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/3.0.0-beta4 
(3.0.0-beta4) index=3.0.0-beta4-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/3.0.0-beta3 
(3.0.0-beta3) index=3.0.0-beta3-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/3.0.0-beta2 
(3.0.0-beta2) index=3.0.0-beta2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/3.0.0-beta1 
(3.0.0-beta1) index=3.0.0-beta1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.11.2 (2.11.2) 
index=2.11.2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.11.1 (2.11.1) 
index=2.11.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.11.0 (2.11.0) 
index=2.11.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.10.0 (2.10.0) 
index=2.10.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.9.0 (2.9.0) 
index=2.9.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.8.1 (2.8.1) 
index=2.8.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.8.0 (2.8.0) 
index=2.8.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.7.0 (2.7.0) 
index=2.7.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.6.1 (2.6.1) 
index=2.6.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.6.0 (2.6.0) 
index=2.6.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.5.0 (2.5.0) 
index=2.5.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.4.1 (2.4.1) 
index=2.4.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.4.0 (2.4.0) 
index=2.4.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.3.2 (2.3.2) 
index=2.3.2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.3.1 (2.3.1) 
index=2.3.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.3.0 (2.3.0) 
index=2.3.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.2.0 (2.2.0) 
index=2.2.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.1.2 (2.1.2) 
index=2.1.2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.1.1 (2.1.1) 
index=2.1.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.1.0 (2.1.0) 
index=2.1.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0-rc4 (2.0.0-rc4) 
index=2.0.0-rc4-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0-rc3 (2.0.0-rc3) 
index=2.0.0-rc3-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0-rc2 (2.0.0-rc2) 
index=2.0.0-rc2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0-rc1 (2.0.0-rc1) 
index=2.0.0-rc1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0-rc0 (2.0.0-rc0) 
index=2.0.0-rc0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/2.0.0 (2.0.0) 
index=2.0.0-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.1.0-beta+2013071101 
(1.1.0-beta+2013071101) index=1.1.0-beta+2013071101-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.1.0-beta1 
(1.1.0-beta1) index=1.1.0-beta1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.0.2-rc1 (1.0.2-rc1) 
index=1.0.2-rc1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.0.2 (1.0.2) 
index=1.0.2-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.0.1 (1.0.1) 
index=1.0.1-0
   https://api.github.com/repos/FreeRDP/FreeRDP/tarball/1.0.0 (1.0.0) 
index=1.0.0-0


Cheers,
-- 
tobi

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'oldstable-security'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'testing'), (500, 

Bug#1052539: RFS: onefetch/2.18.1 [ITB] -- Command-line Git information tool

[Ossama Hjaji]

On Wed, 27 Sep 2023 13:00:40 +0200 Bastian Germann  wrote:
> Control: block 943720 by -1
> Control: tags -1 moreinfo
>
> Please actually fill the templates that are generated by dh_make.
>
> You have to change #943720 to be an ITP first and have to reference it using 
> a Closes: tag in your changelog.
>
> Your package has to use the format 3.0 (quilt). The native format is reserved 
> for packages that are Debian-specific and
> have no upstream.
>
> When you are done with these first steps, please untag moreinfo from this RFS.
>
>

I've addressed all the points mentioned.
If there are any more changes required or if I missed something, please let me 
know.

Bug#898448: Makes vinagre segfault on authentication failure

[Tobias Frost]

Control: fixed -1 2.10.0+dfsg1-1.1

A quick test: It does NOT crash on sid, so I'll mark the version in sid
as "fixed", but leave it up to the maintainer to close the bug.

On Fri, 29 Jan 2021 12:30:27 +0100 Fabio Fantoni
 wrote:
> this should be solved in freerdp2 2.0.0-rc3, patch was also applied in
> 2.0.0~git20181120.1.e21b72c95+dfsg1-1, can confirm please that is not
> reproducible anymore in buster, testing or sid?
> 
> 
> 

Bug#898448: Makes vinagre segfault on authentication failure

[Tobias Frost]

Control: found -1 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2

Can confirm that is crashes on buster (LTS).

On Fri, 29 Jan 2021 12:30:27 +0100 Fabio Fantoni
 wrote:
> this should be solved in freerdp2 2.0.0-rc3, patch was also applied in
> 2.0.0~git20181120.1.e21b72c95+dfsg1-1, can confirm please that is not
> reproducible anymore in buster, testing or sid?
> 
> 
> 

Bug#1053316: polymake: Causes FTBFS for gap-polymaking by failing tests

[Joachim Zobel]

Package: polymake
Version: 4.6-5+b2
Severity: important

Dear Maintainer,

The package polymake causes a FTBFS in its GAP interface package gap-polymaking
when building for trixie.

> Architecture: x86_64-pc-linux-gnu-default64-kv8
>
> testing: /<>/debian/gaproot/pkg/\
> polymaking/tst/example.tst
> polymake: upgrading /tmp/gaptempdirKvYo8c/poly1318 from old plain file format
> polymake:  ERROR: "/usr/share/polymake/perllib/Polymake/Core/CPlusPlus.pm",
line 1785: Can't load shared module /usr/lib/polymake/lib/ideal.so:
libsingular-Singular-4.3.1.so: cannot open shared object file: No such file or
directory

The reason is that libsingular-Singular-4.3.1.so is not present, only
libsingular-Singular-4.3.2.so is.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052949
The package gap-hapcryst is also affected:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052974








*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.1
  APT prefers oldstable-security
  APT policy: (500, 'oldstable-security'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-10-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages polymake depends on:
ii  libbliss2   0.73-5
ii  libc6   2.36-9+deb12u1
ii  libcdd0d094m-1
ii  libflint17  2.9.0-5
ii  libgcc-s1   12.2.0-14
ii  libgmp102:6.2.1+dfsg1-1.1
ii  libgomp112.2.0-14
ii  liblrs1 0.71b-2
ii  libmpfr64.2.0-1
ii  libpolymake-dev-common  4.6-5
ii  libppl141:1.2-8.1+b1
ii  libsingular4m3n01:4.3.1-p3+ds-2
ii  libstdc++6  12.2.0-14
ii  ninja-build 1.11.1-1
ii  perl5.36.0-7
ii  perl-base [perlapi-5.36.0]  5.36.0-7
ii  polymake-common 4.6-5

Versions of packages polymake recommends:
ii  chromium   117.0.5938.62-1~deb11u1
ii  gfan   0.6.2-6+b1
ii  graphviz   2.42.2-7+b3
ii  xdg-utils  1.1.3-4.1

Versions of packages polymake suggests:
pn  povray   
ii  texlive-latex-extra  2022.20230122-4
ii  texlive-pictures 2022.20230122-3

-- debconf-show failed

Bug#1053315: RM: firmware-tomu -- RoM; RC-buggy; abandoned upstream

[Louis-Philippe Véronneau]

Package: ftp.debian.org
Severity: normal

Hello,

I haven't touched this package in a while, it's RC buggy and the 
hardware project behind it is dead.


Please remove it :)

---
po...@mirror.ftp-master.debian.org "dak rm -Rn firmware-tomu"
Will remove the following packages from unstable:

firmware-tomu |  2.0~rc7-2 | source, all

Maintainer: Louis-Philippe Véronneau 

--- Reason ---

--

Checking reverse dependencies...
No dependency problem found.
---


--
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄

Bug#951166: RE: ITP Shortwave

[Matthias Geiger]

On Wed, 30 Nov 2022 10:50:52 +0100 (CET) matthias.geiger1...@tutanota.de 
wrote:

> Hi all,
>
> Shortwave is down to five missing crates. libshumate and libadwaita 
are blocked by bug #1017905. async-std-resolver and mdns are packagable, 
I'm working on those. mpris-player is not packageable because it depends 
on old dbus versions. I tried writing a patch but one might re-write the 
whole crate while being at it.

>

I updated gtk-rs to the latest version. libadwaita-rs landed in 
unstable; I prepared libshumate for upload. mpris-player was updated 
upstream; so I'll look into packaging it and see if Shortwave builds


against it.


--
Matthias Geiger 
Debian Maintainer
"Freiheit ist immer Freiheit des anders Denkenden" -- Rosa Luxemburg



OpenPGP_0x18BD106B3B6C5475.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1050877: devscripts: debchange v2.17.10 ignores EMAIL and DEBEMAIL env variables

[Peter Hyman]

Hi.

Even though environment variables were listed in the current shell, they 
were not explicitly EXPORTED in the sourced .bashrc file.


This caused the $ENV{'VARNAME'} not to pick it up.

Using export VARNAME corrected the issue.

export DEBFULLNAME="Peter Hyman"
export DEBEMAIL="p...@peterhyman.com"
export EMAIL="p...@peterhyman.com"

--
Peter Hyman

Bug#1038611: lightdm: Lightdm fails to start X after upgrade to 1.32.0

[Yves-Alexis Perez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, 2023-08-08 at 01:25 -0500, Steev Klimaszewski wrote:
> I'm running into a very similar issue as the original submitter,
> however, when I'm running into it, I am *not* using the nVidia binary
> driver, but I am using a custom 5.15.44 kernel for a Raspberry Pi.
> What I found after digging for quite a while, was that, yes,
> downgrading to 1.26 would start Xorg, and upgrading to 1.32 would
> cause it to not start Xorg.  After diffing the contents between 1.26
> and 1.32, it seems that the option "logind-check-graphical" has
> changed from the default of false, to a default of true.
> 
> Simply adding in
> 
> logind-check-graphical=false
> 
> under the [LightDM] heading in /etc/lightdm/lightdm.conf shows it as
> starting again.  This happened for me on both Pi3 and Pi4, armhf and
> arm64.  I'm not entirely sure why this is the case, and the kernel
> hasn't changed on these devices since 2022-07-03 when we last built
> the kernel for them.  Perhaps the original submitter could also see if
> changing that option works for them with the nVidia binary driver?

Hi Steev and Adilson,

so it might be linked to https://github.com/canonical/lightdm/issues/263

Looking at a bug linked from above
(https://github.com/canonical/lightdm/issues/165) it looks like the default
was changed in order to fix a race condition or something.

The documentation says:

# logind-check-graphical = True to on start seats that are marked as graphical
by logind

Could you check the lightdm.log and check if you have messages about seats
beeing added and whether it's graphical or not (you can add logs here). With
both value for the logind-check-graphical option.

It looks to me that there's an issue deeper in the stacks (in the NVIDIA stuff
or in the RPi graphical stuff) and maybe the seats arent't marked as graphical
or something. So it's ok to tune the option locally as a workaround, but I'm
not sure about reverting it globally.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmUZgJIACgkQ3rYcyPpX
RFtkzAgAvSJE1yDFRCZrdI/1zGTW/SWH2KUXuxpYw8b+LrwcvkLBVwSzQhkxKkS4
rd8VUjRRXVcaPXTrPJxeKqObAAYN2iUhiFCKdYAYUxdvlIPWxOkQEf8CeLm/AG6f
rCaHMmQNZY5SFkTCQ5AGUzH38IAp3a4Sdn3E+x1xVMsiYGn6h5I/z0eDcx5135mP
omuBRUYZGnoTfsApetBOQCK7pMzUJX1QRxdaiMjLZCUEsKjwoJc/6ZaLSHB4goYQ
AXAYcrc4jOhYfv6KFqbaxEBWxR/gbdG8+YBh2u8a44KEniJgXl+T4FEKfTA1poxc
muyLJuBzqpHqGyfOvZS73TjWPVZcHw==
=Lrpk
-END PGP SIGNATURE-

Bug#1053314: Depends: python3-h5py-mpi without python3-h5py

[Drew Parsons]

Package: xmds2
Version: 3.1.0+dfsg2-4
Severity: serious
Justification: debci

xmds2 Depends: python3-h5py-mpi without depending on python3-h5py

python3-h5py-mpi only provides the h5py._debian_h5py_mpi namespace,
not h5py.  Hence tests using h5py without specifying _debian_h5py_mpi
fail.  This is the case with h5py 3.9.0. (Marking Severity: serious due
to debci failure)

python3-h5py provides the h5py namespace, so if xmds2 strictly needs
the mpi build, but accessing via the generic h5py namespace, then the
Depends should specify both packages
  Depends: python3-h5py python3-h5py-mpi
  
  
Note there seems to be an inconsistency in the xmds2 package
configuration. It has MPI dependencies (python3-h5py-mpi, also
mpi-default-dev, libfftw3-mpi-dev), but with respect to hdf5 it has
 Depends: libhdf5-serial-dev
Should that instead be
 Depends: libhdf5-mpi-dev ?

Bug#1053313: octavia-agent: please depends on "cron | cron-daemon"

[Alexandre Detiste]

Package: octavia-agent
Version: 13.0.0~rc1-1
Severity: normal

Dear maintainer,

Please replace the dependency on "cron" with
one on "cron | cron-daemon" to allow usage of
an alternaive cron-compatible implementation
such like "cronie" or "systemd-cron".

Greetings,

Alexandre Detiste


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages octavia-agent depends on:
ii  acl  2.3.1-3
ii  adduser  3.137
pn  apparmor 
pn  at   
pn  cron 
pn  cryptsetup   
ii  curl 8.2.1-2
pn  dbconfig-common  
ii  dbus 1.14.10-1
ii  debconf  1.5.82
ii  dirmngr  2.2.40-1.1
pn  dmeventd 
pn  ethtool  
ii  gawk 1:5.2.1-2
ii  gpg  2.2.40-1.1
ii  gpg-agent2.2.40-1.1
pn  haproxy  
pn  haveged  
pn  ifenslave
ii  ifupdown 0.8.41
ii  iptables 1.8.9-2
ii  iputils-ping 3:20221126-1
pn  iputils-tracepath
pn  ipvsadm  
pn  keepalived   
ii  net-tools2.10-0.1
ii  netbase  6.4
pn  netcat-openbsd   
pn  octavia-common   
pn  pollinate
ii  psmisc   23.6-1
pn  python3-openstackclient  
pn  q-text-as-data   
pn  rsyslog  
pn  socat
ii  systemd-cron [anacron]   2.2.0-1
pn  uuid-runtime 
pn  vlan 

octavia-agent recommends no packages.

octavia-agent suggests no packages.

Bug#1053312: packeth: FTBFS on non-x86 due to x86 asm

[Bastian Germann]

I am uploading a NMU once again to fix this. The debdiff is attached.diff -Nru packeth-2.1/debian/changelog packeth-2.1/debian/changelog
--- packeth-2.1/debian/changelog2023-09-20 17:54:49.0 +
+++ packeth-2.1/debian/changelog2023-10-01 12:56:11.0 +
@@ -1,3 +1,10 @@
+packeth (2.1-0.2) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Drop unused code with x86 assembly (Closes: #1053312)
+
+ -- Bastian Germann   Sun, 01 Oct 2023 12:56:11 +
+
 packeth (2.1-0.1) unstable; urgency=medium
 
   * Non-maintainer upload
diff -Nru packeth-2.1/debian/patches/04-no-asm.patch 
packeth-2.1/debian/patches/04-no-asm.patch
--- packeth-2.1/debian/patches/04-no-asm.patch  1970-01-01 00:00:00.0 
+
+++ packeth-2.1/debian/patches/04-no-asm.patch  2023-10-01 12:56:11.0 
+
@@ -0,0 +1,182 @@
+Description: Drop unused code with x86 assembly
+Author: Bastian Germann 
+---
+--- packeth-2.1.orig/cli/cli_send.c
 packeth-2.1/cli/cli_send.c
+@@ -1729,36 +1728,6 @@ void onexit(int signum)
+ }
+ 
+ 
/*--*/
+-inline __sum16
+-ip_fast_csum(const void *iph, unsigned int ihl)
+-{
+-unsigned int sum;
+-
+-asm("  movl (%1), %0\n"
+-"  subl $4, %2\n"
+-"  jbe 2f\n"
+-"  addl 4(%1), %0\n"
+-"  adcl 8(%1), %0\n"
+-"  adcl 12(%1), %0\n"
+-"1: adcl 16(%1), %0\n"
+-"  lea 4(%1), %1\n"
+-"  decl %2\n"
+-"  jne  1b\n"
+-"  adcl $0, %0\n"
+-"  movl %0, %2\n"
+-"  shrl $16, %0\n"
+-"  addw %w2, %w0\n"
+-"  adcl $0, %0\n"
+-"  notl %0\n"
+-"2:"
+-/* Since the input registers which are loaded with iph and ih
+-   are modified, we must also specify them as outputs, or gcc
+-   will assume they contain their original values. */
+-: "=r" (sum), "=r" (iph), "=r" (ihl)
+-: "1" (iph), "2" (ihl)
+-: "memory");
+-return (__sum16)sum;
+-}
+ 
/*--*/
+ uint16_t
+ TCPChecksum(uint16_t* buf1, int buf1len, uint16_t* buf2, int buf2len)
+@@ -1808,139 +1777,6 @@ MyRandom(uint64_t *seed)
+ return (uint32_t)(*seed >> 32); 
+ }
+ 
/*--*/
+-char *
+-build_packet(char *buffer, int pktsize, int tot_rules, int *rule_idx, 
uint64_t *seed, int attack)
+-{
+-struct ether_header *ethh;
+-struct iphdr *iph;
+-struct tcphdr *tcph;
+-uint16_t tot_len;
+-static struct
+-{
+-uint32_t src_addr;
+-uint32_t dst_addr;
+-uint8_t zero;
+-uint8_t protocol;
+-uint16_t len;
+-} __attribute__ ((aligned (__WORDSIZE))) pseudo_header = {
+-IP_SRC_ADDR, IP_DST_ADDR, 0, IPPROTO_TCP, 0,
+-};
+-static u_int8_t ether_dhost[ETH_ALEN] = MAC_DST_ADDR;
+-static u_int8_t ether_shost[ETH_ALEN] = MAC_SRC_ADDR;
+-static uint64_t attack_meter = 0;
+-uint64_t attack_index;
+-uint8_t attack_packet = 0;
+-
+-/* build ether header (14B) */
+-ethh = (struct ether_header *)buffer;
+-memcpy(ethh->ether_dhost, ether_dhost, ETH_ALEN);
+-memcpy(ethh->ether_shost, ether_shost, ETH_ALEN);
+-ethh->ether_type = htons(ETHERTYPE_IP);
+-
+-tot_len = pktsize - sizeof(struct ether_header);
+-
+-/* build ip header (20B) */
+-iph = (struct iphdr *)(ethh + 1);
+-memset(iph, 0, sizeof (struct iphdr));  
+-iph->ihl = (unsigned int)(sizeof(struct iphdr)>>2);
+-iph->version = 4;
+-iph->ttl = 32;
+-iph->protocol = IPPROTO_TCP;
+-/* in nbo */
+-iph->saddr = IP_SRC_ADDR;
+-iph->daddr = IP_DST_ADDR;
+-iph->tot_len = htons(tot_len);
+-iph->check = ip_fast_csum(iph, iph->ihl);
+-
+-/* build tcp header (20B) */
+-tcph = (struct tcphdr *)((char *)buffer + sizeof(struct ether_header) +
+- sizeof(struct iphdr));
+-memset(tcph, 0, sizeof (struct tcphdr));
+-tcph->source = TCP_SRC_PORT;
+-tcph->dest = TCP_DST_PORT;
+-tcph->seq = MyRandom(seed);
+-tcph->ack_seq = MyRandom(seed);
+-tcph->doff = (sizeof(struct tcphdr)>>2);
+-tcph->res1 = 0;
+-tcph->res2 = 0;
+-tcph->urg = 0;
+-tcph->ack = 1;
+-tcph->psh = 0;
+-tcph->rst = 0;
+-tcph->syn = 0;
+-tcph->fin = 0;
+-tcph->window = htons(5840);
+-
+-attack_index = attack_meter & (4 - 1);
+-switch (attack) {
+-case 0:
+-memcpy((char *)buffer + sizeof(struct ether_header) +
+-   sizeof(struct iphdr) + sizeof(struct tcphdr),
+-   null_payload, tot_len + sizeof(struct ether_header));
+-break;
+-case 1:
+-if (attack_index == 0) {
+-memcpy((char *)buffer + sizeof(struct ether_header) +
+-   sizeof(struct iphdr) + sizeof(struct tcphdr),
+-   

Bug#1053310: exim4-base: Various severe CVE reports are outstanding

[Andreas Metzler]

On 2023-10-01 Rainer Dorsch  wrote:
> Package: exim4-base
> Version: 4.94.2-7
> Severity: critical
> Justification: breaks the whole system

> Dear Maintainer,

> *** Reporter, please consider answering these questions, where appropriate ***

> There are various CVE report with a rating of 9.8/10.

> CVE-2023-42119
> CVE-2023-42118
> CVE-2023-42117
> CVE-2023-42116
> CVE-2023-42115
> CVE-2023-42114

> It would help if there would be a statement by the Debian exim
> maintainer team, by when updates are expected to arrive.

> This would at least help to judge, if I should migrate my systems to
> postfix or if I can wait for a bugfix.
[...]

Hello Rainer,

Upstream is coordinating with various Linux distribution on the timing
of the update. I cannot publish these confidential communications.

cu Andreas

Bug#1053312: packeth: FTBFS on non-x86 due to x86 asm

[Bastian Germann]

Source: packeth
Version: 2.1-0.1
Severity: serious

With my NMU, I have introduced a FTBFS on non-x86 platforms:

cli_send.c: In function ‘ip_fast_csum’:
cli_send.c:1737:5: error: invalid 'asm': invalid operand for code 'w'
 1737 | asm("  movl (%1), %0\n"
  | ^~~
cli_send.c:1737:5: error: invalid 'asm': invalid operand for code 'w'

Bug#1053311: sound: Laptop Dell XPS 9510 the second pair of speakers (subwoofers) do not work

[Vlad Stulikov]

Package: kernel
Version: 6.1.0.12
Severity: important
File: sound
X-Debbugs-Cc: vladstuli...@gmail.com

Dear Maintainer,

The problem exists from the fresh installation of Debian, the sound is tinny 
and no low frequencies are 
reproduced (checked with youtube 20-2 Hz video). Googled for a solution, 
found hundreds of similar reports
for this laptops and other models having 2 pairs of speakers. The suggested 
manipulations with 
HDAJackRetask did not help. Installation of pulseaudio did not help too. 
Alsamixer from alsa-utils package shos 00 for 
LFE and does not allow to change volume.


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1053310: exim4-base: Various severe CVE reports are outstanding

[Rainer Dorsch]

Package: exim4-base
Version: 4.94.2-7
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

There are various CVE report with a rating of 9.8/10.

CVE-2023-42119
CVE-2023-42118
CVE-2023-42117
CVE-2023-42116
CVE-2023-42115
CVE-2023-42114

It would help if there would be a statement by the Debian exim maintainer team, 
by when updates are expected to arrive.

This would at least help to judge, if I should migrate my systems to postfix or 
if I can wait for a bugfix.


*** End of the template - remove these template lines ***


-- Package-specific info:
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS 
move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP 
PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is 
/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-25-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4-base depends on:
ii  adduser3.118
ii  cron [cron-daemon] 3.0pl1-137
ii  debconf [debconf-2.0]  1.5.77
ii  exim4-config [exim4-config-2]  4.94.2-7
ii  libc6  2.31-13+deb11u6
ii  libdb5.3   5.3.28+dfsg1-0.8
ii  lsb-base   11.1.0
ii  netbase6.3
ii  systemd-sysv   247.3-7+deb11u4

Versions of packages exim4-base recommends:
ii  mailutils [mailx]  1:3.10-3+b1
ii  psmisc 23.4-2

Versions of packages exim4-base suggests:
ii  emacs-gtk [mail-reader]  1:27.1+1-3.1+deb11u2
pn  exim4-doc-html | exim4-doc-info  
pn  eximon4  
ii  file 1:5.39-3+deb11u1
ii  mailutils [mail-reader]  1:3.10-3+b1
ii  openssl  1.1.1n-0+deb11u5
pn  spf-tools-perl   
pn  swaks

-- Configuration Files:
/etc/logrotate.d/exim4-base changed [not included]
/etc/logrotate.d/exim4-paniclog changed [not included]

-- debconf information excluded

Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1

[Henrique de Moraes Holschuh]

Uploaded (source).

Thank you!

On Sun, Oct 1, 2023, at 05:53, Adam D. Barratt wrote:
> Control: tags -1 confirmed

-- 
  Henrique de Moraes Holschuh 

Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1

[Henrique de Moraes Holschuh]

Uploaded (source + amd64 binaries).

Thank you!

-- 
  Henrique de Moraes Holschuh 

Bug#1053240: ghostscript 9.53.3~dfsg-7+deb11u6 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053240 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: ghostscript
Version: 9.53.3~dfsg-7+deb11u6

Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS 
server startup [CVE-2023-43115]

Bug#1052363: cups 2.3.3op2-3+deb11u5 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052363 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.3.3op2-3+deb11u5

Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix 
unauthenticated access issue [CVE-2023-32360]

Bug#1053239: ghostscript 10.0.0~dfsg-11+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053239 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: ghostscript
Version: 10.0.0~dfsg-11+deb12u2

Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS 
server startup [CVE-2023-43115]

Bug#1052363: cups 2.3.3op2-3+deb11u4 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1052363 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.3.3op2-3+deb11u4

Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix 
unauthenticated access issue [CVE-2023-32360]

Bug#1053306: libxapp1: xapp-sn-watcher.desktop file should be in the xapp-sn-watcher debian package

[Fabio Fantoni]

Il 01/10/2023 12:33, Alban Browaeys ha scritto:

Package: libxapp1
Version: 2.6.1-1
Severity: normal

Dear Maintainer,
I get this error in my logs:
oct. 01 12:19:15 hermes systemd-xdg-autostart-generator[501717]: Exec binary 
'/usr/lib/x86_64-linux-gnu/xapps/sn-watcher/xapp-sn-watcher' does not exist: No 
such file or directory
oct. 01 12:19:15 hermes systemd-xdg-autostart-generator[501717]: 
/etc/xdg/autostart/xapp-sn-watcher.desktop: not generating unit, error parsing 
Exec= line: No such file or directory

it turns out I have libxapp1:amd64 2.6.1-1 installed but not xapp-sn-watcher.

I believe the xapp-sn-watcher.desktop shipped by libxapp1 should be shipped by
the xapp-sn-watcher package.


Hi, from the version you are reporting xapp-sn-watcher.desktop is 
already in xapp-sn-watcher package: 
https://packages.debian.org/sid/amd64/xapp-sn-watcher/filelist


file was moved latest time in 2.4.2-1 (from xapp package) and first time 
in 2.2.6-1 (from libxapp1)


I suppose the issue you spotted is related to old conffile moved (in 
case your system was upgraded and was installed intially with version < 
2.2.6-1, where there was the first move from libxapp1), relating to it 
there is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983441 but is 
blocked by another bug in dpkg (that I'm unable to fix it) and as wrote 
in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886389 is 
impossible use rm_conffile in case of move from one binary package to 
another of the same source or the file of the new package will be 
removed broking it


since the unexpected case you spotted is more that simply "mark as 
obsolete" I think is good to reply on bug #886389 that now seems 
considered minor and without progress




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1053308: ITP: gnome-snapshot -- take pictures and videos

[Matthias Geiger]

Package: wnpp
Severity: wishlist
Owner: Matthias Geiger 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-gtk-gn...@lists.debian.org, 
werdah...@riseup.net

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: gnome-snapshot
  Version : 45.beta 
  Upstream Contact: Maximiliano Sandoval 
* URL : https://gitlab.gnome.org/GNOME/snapshot
* License : GPL-3+
  Programming Lang: Rust
  Description : take pictures and videos

Snapshot is the new camera app by GNOME. It is designated to replace
Cheese as Core app in GNOME 45. Most dependencies are already in debian;
it's just missing a few gstreamer-* rust crates. It will be maintained
with the Debian GNOME team.

-BEGIN PGP SIGNATURE-

iQJJBAEBCgAzFiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmUZWjIVHHdlcmRhaGlh
c0ByaXNldXAubmV0AAoJEBi9EGs7bFR1R30QALrhSeUqjCNdmpjlvSgwjRWOLDPa
Z6iIIJbfBKaXLRyZSPWLb7VbRqfdvDoGYZLKe2PXdu8C86PhDbYkAYp1ObLc67SG
AMnsegL61xHQ2r/AMbgoZWYaL+45UNq2owhDKTgV3vMOwclaonp/EE1GpUA2ECwP
IuX0jfeKQI9Ks0AwjTTif+8c5lpnOvHACIIRSllQBWCqei0nz4ZzGOZJx6jaaKB3
vTCUEa8+zXl2Xf6GwUa/NowTIIT7vQQfcCSxvuT5BrQ7YqJT0tPvBPZJ1dOkoH+S
K9GPnTkdvaJRPrhp3Xo6bHzyStAIvZ2mkf/AiEMVv7pkuVqmUl0t5bHvA5ILk377
0LlsTxG7RPMiKnvNAQ4W1MbTtyHJiBlsbxwV+0pk7EN0hFXqJSTt4jYBW3aGKtSW
cQaYi3QbbfJXwTc/VAJI6N6PTnISux2lK77ak6xOdCeQWwlUwaNAsiLtTJm1kK15
XjvgEjyWhcutgYzEyRGoB7ThDNwjMyc56cc5og1gEp+Nq3xo+zuPxloJK973aq+y
5pzFi9TVmkIOE9V7+NslQSMM0KEw+4xE3K0q0sBcXi4o1HqWSV4wC8434fq6CaVx
BORJFnYCWUs6a3v7BsYqVPegcT4VIz0Qd1Zyk88plnHgYj3Hw1nyWh57aG2VR4ir
Bph2dJNHMa7udZTu
=yGzj
-END PGP SIGNATURE-

Bug#1053307: bullseye-pu: package glib2.0/2.66.8-1+deb11u1

[Simon McVittie]

Package: release.debian.org
Severity: normal
Tags: bullseye d-i
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: glib...@packages.debian.org, debian-gtk-gn...@lists.debian.org
Control: affects -1 + src:glib2.0

I would like to update glib2.0 in Debian 11.9. We're too close to the
11.8 deadline for an update with this size of diffstat, so I'd like
to upload it to bullseye-proposed-updates shortly after 11.8 is out,
to give it the maximum amount of review and testing possible.

glib2.0 has a udeb and is actively used in the graphical installer,
so this will need a d-i ack, either before upload or before acceptance.

[ Reason ]
Fix denial of service vulnerabilities when parsing untrusted
GVariant data, either in binary form (CVE-2023-32665, CVE-2023-32611,
CVE-2023-29499, which were marked as no-dsa by the security team) or
in text form (no CVEs for these, I don't think the GLib maintainers
consider parsing GVariant text notation to be a valid thing to do with
untrusted input).

The vulnerabilities with CVEs were already fixed in Debian 10 LTS. The
issues without CVEs were not fixed in Debian 10 LTS, but I think fixing
them will give us a lower regression risk as well as more bug fixes.

[ Impact ]
If not fixed, anything that parses untrusted data in GVariant format will
be subject to denial of service attacks, and the LTS team will presumably
backport the same changes into Debian 11 LTS in a less complete form with
(IMO) a higher risk of regressions.

Flatpak and ostree parse trusted or at least semi-trusted data in GVariant
format, so they will be subject to this denial of service, but it isn't
urgent to fix (the integrity of GVariant data they process is protected
by PGP signatures and/or https, and it rarely makes sense to access a
completely untrusted ostree repository). I don't currently know of any
software in Debian that parses totally untrusted GVariant data.

[ Tests ]
A test-build that differs only in its changelog and version number can be
downloaded from: https://people.debian.org/~smcv/11.9/pool/main/g/glib2.0/

GLib's automated test suite passes (dh_auto_test and autopkgtest on both
amd64 and i386), and new coverage for several of the issues fixed here
accounts for around 30% of the diff.

There were no obvious regressions in a Debian 11 GNOME VM. I'll try this
on one of my work test machines before upload, but I no longer have any
bullseye machines in production use, so I can only do this on a test
installation that is not used day-to-day.

Any further testing that bullseye users can provide would be appreciated.

[ Risks ]
The diffstat is considerable, but I have tried to minimize the risk by
backporting *all* GVariant fixes from the version we ship in Debian 12,
and verifying that the only remaining non-comment differences in
`glib/gvariant*` between Debian 12 and this version are inclusion of
some compatibility headers. This means that if there were regressions
caused by these changes, we should already have seen them in Debian 12
(we haven't). Also, if regressions are discovered in this area in future,
their fixes should backport cleanly from Debian 12.

The initial versions of the denial-of-service fixes introduced a more
serious vulnerability (a buffer overflow, CVE-2023-32643) and some bugs
(a crash on big-endian architectures, and another denial of service
detected by a fuzzer). I have made sure to backport the fixes for those too.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in oldstable
  [x] the issue is verified as fixed in unstable (and stable)

[ Changes ]
po/hr.po is (obviously) a translation update, from upstream.

All other changes are for the denial of service vulnerabilities, or are
small bug fixes in the same module which I have backported in order to
minimize risk.

All changes are straightforward cherry-picks from upstream via
Debian 12's GLib 2.74.x, except for the translation update, which was
applied to upstream's 2.66.x branch after its final point release, and
"debian/patches/Exclude-g_variant_maybe_get_child_value-from-API-document.patch",
which adjusts the content of a doc-comment to prevent a documentation
check from causing FTFBS (no changes to the actual code).

[ Other info ]
For my reference, this proposed version is
https://salsa.debian.org/gnome-team/glib/-/merge_requests/26 v1.

Thanks,
smcv


glib2.0_2.66.8-1+deb11u1_f2310192.diff.gz
Description: application/gzip

Bug#1050896: Packagesearch Copyright Statement

[Benjamin Mesing]

Hi Enrico, hi Frannoe,
you have both contributed to packagesearch in the past (Frannoe
contributed the Spanish Translation, Enrico quite some code changes).

Bug #1050896 now states that I should clarify copyright:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050896
I would like to switch to GPL3+ and would like your approval for this
license switch.

I would ask you to CC 1050...@bugs.debian.org if you are comfortable
with this change.
I have BCCed you, to protect your E-Mail Address in case you want it to
remain private. Please not that CCing 1050...@bugs.debian.org will
record your response and mail-address permanently by the BTS and make
it accessible to the internet.

Regards
Ben


signature.asc
Description: This is a digitally signed message part

Bug#1024899: profanity: some Profanity → Beagle OMEMO msgs give “This message cannot be decrypted for any recipient.”

[Stefan Kropp]

Control: forwarded -1 https://github.com/profanity-im/profanity/issues/1615

Thanks a lot for your contribution by filling a bug report.
This bug is known in upstream:
https://github.com/profanity-im/profanity/issues/1615

-- 
Stefan

Bug#1026430: profanity: If an OMEMO msg to 2+ recipients & 1 recipient’s pubkey is bad, the msg is sent anyway (a logistical mess)

[Stefan Kropp]

Control: forwarded -1 https://github.com/profanity-im/profanity/issues/1615

Thanks a lot for your contribution by filling a bug report.
This bug is known in upstream:
https://github.com/profanity-im/profanity/issues/1615

-- 
Stefan

Bug#1053306: libxapp1: xapp-sn-watcher.desktop file should be in the xapp-sn-watcher debian package

[Alban Browaeys]

Package: libxapp1
Version: 2.6.1-1
Severity: normal

Dear Maintainer,
I get this error in my logs:
oct. 01 12:19:15 hermes systemd-xdg-autostart-generator[501717]: Exec binary 
'/usr/lib/x86_64-linux-gnu/xapps/sn-watcher/xapp-sn-watcher' does not exist: No 
such file or directory
oct. 01 12:19:15 hermes systemd-xdg-autostart-generator[501717]: 
/etc/xdg/autostart/xapp-sn-watcher.desktop: not generating unit, error parsing 
Exec= line: No such file or directory

it turns out I have libxapp1:amd64 2.6.1-1 installed but not xapp-sn-watcher.

I believe the xapp-sn-watcher.desktop shipped by libxapp1 should be shipped by
the xapp-sn-watcher package.

Cheers,
Alban

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'oldstable-debug'), (500, 
'testing'), (500, 'stable'), (90, 'unstable-debug'), (90, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libxapp1 depends on:
ii  libc62.37-10
ii  libcairo-gobject21.17.8-3
ii  libcairo21.17.8-3
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.78.0-2
ii  libgnomekbd8 3.28.1-1
ii  libgtk-3-0   3.24.38-5
ii  libpango-1.0-0   1.51.0+ds-2
ii  libx11-6 2:1.8.6-1
ii  xapps-common 2.6.1-1

Versions of packages libxapp1 recommends:
pn  libxapp-gtk3-module  
pn  xapp-sn-watcher  

libxapp1 suggests no packages.

-- no debconf information

Bug#1053300: Acknowledgement (Debian 11 amd64, Firefox 115.3.1esr (64-bit) - Modifiers specified, but DRI is too old message from RDD process is spamming the logs)

[Shubhra Prakash Nandi]

-- The log messages are as below.

Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: VA-API version 1.10.0
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: Trying to open /usr/lib/x86_64-linux-
gnu/dri/radeonsi_drv_video.so
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: Found init function __vaDriverInit_1_10
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
ATTENTION: default value of option mesa_glthread overridden by
environment.
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: va_openDriver() returns 0
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: VA-API version 1.10.0
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: Trying to open /usr/lib/x86_64-linux-
gnu/dri/radeonsi_drv_video.so
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: Found init function __vaDriverInit_1_10
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
ATTENTION: default value of option mesa_glthread overridden by
environment.
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
libva info: va_openDriver() returns 0
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [debug] rtkit-daemon[2741]: Supervising 2
threads of 2 processes of 1 users.
Oct  1 15:45:53 shubhra-pc [debug] rtkit-daemon[2741]: Supervising 2
threads of 2 processes of 1 users.
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct  1 15:45:53 shubhra-pc [info] disk_friendly_firefox.desktop[64216]:
Modifiers specified, but DRI is too old
Oct 

Bug#1053305: Fw: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ examples suffer escape damage

[Holger Wansing]

Control: tags -1 + patch


наб  wrote:
>  You should have received a copy of the GNU General Public License
>  along with this package; if not, see https://www.gnu.org/licenses/;.
> -- >8 --
> and I almost just copied this into d/copyright verbatim.
> 
> Oddly, all other <> pairs, even in those same  hunks,
> are correctly (un)escaped? So unclear to me how this happened.

Using   entites does not work here.
Should be replaced by < >.

Patch (tested) attached.


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff --git a/copyright-format-1.0.xml b/copyright-format-1.0.xml
index 954a65b..0920a84 100644
--- a/copyright-format-1.0.xml
+++ b/copyright-format-1.0.xml
@@ -1283,7 +1283,7 @@ License: GPL-2+
  GNU General Public License for more details.
  .
  You should have received a copy of the GNU General Public License
- along with this package; if not, see https://www.gnu.org/licenses/;.
+ along with this package; if not, see .
 Comment:
  On Debian systems, the full text of the GNU General Public License
  version 2 can be found in the file '/usr/share/common-licenses/GPL-2'.
@@ -1363,7 +1363,7 @@ License: GPL-2+
  GNU General Public License for more details.
  .
  You should have received a copy of the GNU General Public License
- along with this package; if not, see https://www.gnu.org/licenses/;.
+ along with this package; if not, see .
 Comment:
  On Debian systems, the full text of the GNU General Public License
  version 2 can be found in the file '/usr/share/common-licenses/GPL-2'.]]>

Bug#1053305: Fw: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ examples suffer escape damage

[Holger Wansing]

Package: debian-policy
Severity: minor
X-Debbugs-CC: наб 


This has to be fixed in the package.
Turning this into a bugreport against debian-policy.




Date: Sun, 1 Oct 2023 01:42:47 +0200
From: наб 
To: debian-...@lists.debian.org
Subject: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 
examples suffer escape damage


File appears untagged, as does everything up to /doc. So posting here.

https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/,
Example 3. Simple and Example 4. Complex say
-- >8 --
 You should have received a copy of the GNU General Public License
 along with this package; if not, see https://www.gnu.org/licenses/;.
-- >8 --
and I almost just copied this into d/copyright verbatim.

Oddly, all other <> pairs, even in those same  hunks,
are correctly (un)escaped? So unclear to me how this happened.

Best,
наб


-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076


signature.asc
Description: PGP signature

Bug#1053304: haskell-aeson: FTBFS almost everywhere

[Sebastian Ramacher]

Source: haskell-aeson
Version: 2.1.2.1-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=haskell-aeson=amd64=2.1.2.1-3=1695492428=0

1 out of 1611 tests failed (8.13s)
Test suite aeson-tests: FAIL
Test suite logged to: dist-ghc/test/aeson-2.1.2.1-aeson-tests.log
0 of 1 test suites (0 of 1 test cases) passed.
-e: error: debian/hlibrary.setup test --builddir=dist-ghc --show-details=direct 
returned exit code 1
 at /usr/share/perl5/Debian/Debhelper/Dh_Lib.pm line 880.
Debian::Debhelper::Dh_Lib::error("debian/hlibrary.setup test 
--builddir=dist-ghc --show-details"...) called at 
/usr/share/perl5/Debian/Debhelper/Dh_Lib.pm line 610
Debian::Debhelper::Dh_Lib::error_exitcode("debian/hlibrary.setup test 
--builddir=dist-ghc --show-details"...) called at 
/usr/share/perl5/Debian/Debhelper/Dh_Lib.pm line 473
Debian::Debhelper::Dh_Lib::doit("debian/hlibrary.setup", "test", 
"--builddir=dist-ghc", "--show-details=direct") called at 
/usr/share/perl5/Debian/Debhelper/Buildsystem/Haskell/Recipes.pm line 692
Debian::Debhelper::Buildsystem::Haskell::Recipes::check_recipe() called 
at -e line 1
make: *** [/usr/share/cdbs/1/class/hlibrary.mk:163: check-ghc-stamp] Error 25

Cheers
-- 
Sebastian Ramacher

Bug#1053303: Wishlist request to allow "mount --fstab /etc/fstab.d ..." as a user

[Carl Ponder]

Package:  util-linux
Version:    2.37.2-4ubuntu3
Severity:  wishlist

I can break the /etc/fstab into separate files in a directory, but 
/etc/fstab.d won't be read by default.
I would have to use an explicit argument "mount -T /etc/fstab.d" but the 
-T (and the equivalent --fstab) are only allowed to be used by root.


I like the idea of splitting the fstab into files so I can 
compartmentalize the information and manage the files independently in GIT.
When I install a new system I'd just plop the files into /etc/fstab.d 
and not have to use hacks like appending or patching, which make the 
contents of the file look like junk.


Could you please allow "-T /etc/fstab.d" to be work for users, and just 
exclude users from using other path-arguments?
I suppose this would have to be implemented upstream of Debian, but I 
don't know how to file that.


References:

https://askubuntu.com/questions/168290/why-cant-mount-read-files-in-etc-fstab-d

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663623

https://marc.info/?l=util-linux-ng=132740311801201=2

Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1

[Adam D. Barratt]

Control: tags -1 confirmed

On Sat, 2023-09-30 at 20:21 -0300, Henrique de Moraes Holschuh wrote:
> As requested by the security team, I would like to bring the
> microcode
> update level for AMD64 processors in Bullseye and Bookworm to match
> what
> we have in Sid and Trixie.  This is the bug report for Bullseye, a
> separate one will be filled for Bookmorm.
> 
> This fixes:
> CVE-2023-20569 "AMD Inception" on AMD Zen4 processors
> 

The upload window for the next point release closes at some point today
(UTC). If the upload happens in time then we can look at getting it
included for this cycle, but at this stage it's certainly too close to
promise anything.

Regards,

Adam

Bug#1053302: pytorch-sparse: FTBFS on arm64

[Sebastian Ramacher]

Source: pytorch-sparse
Version: 0.6.17-1
Severity: serious
Tags: ftbfs sid trixie
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=pytorch-sparse=arm64=0.6.17-1=1694243524=0


=== FAILURES ===
 test_spmm[dtype5-device5-sum] _

dtype = torch.float32, device = device(type='cpu'), reduce = 'sum'

@pytest.mark.parametrize('dtype,device,reduce',
 product(grad_dtypes, devices, reductions))
def test_spmm(dtype, device, reduce):
if device == torch.device('cuda:0') and dtype == torch.bfloat16:
return  # Not yet implemented.

src = torch.randn((10, 8), dtype=dtype, device=device)
src[2:4, :] = 0  # Remove multiple rows.
src[:, 2:4] = 0  # Remove multiple columns.
src = SparseTensor.from_dense(src).requires_grad_()
row, col, value = src.coo()

other = torch.randn((2, 8, 2), dtype=dtype, device=device,
requires_grad=True)

src_col = other.index_select(-2, col) * value.unsqueeze(-1)
expected = torch_scatter.scatter(src_col, row, dim=-2, reduce=reduce)
if reduce == 'min':
expected[expected > 1000] = 0
if reduce == 'max':
expected[expected < -1000] = 0

grad_out = torch.randn_like(expected)

expected.backward(grad_out)
expected_grad_value = value.grad
value.grad = None
expected_grad_other = other.grad
other.grad = None

out = matmul(src, other, reduce)
out.backward(grad_out)

atol = 1e-7
if dtype == torch.float16 or dtype == torch.bfloat16:
atol = 1e-1

assert torch.allclose(expected, out, atol=atol)
assert torch.allclose(expected_grad_value, value.grad, atol=atol)
>   assert torch.allclose(expected_grad_other, other.grad, atol=atol)
E   assert False
E+  where False = (tensor([[[-1.2813e+00, -1.5149e+00],\n [-5.9411e-02, 
-3.7580e-01],\n [ 0.e+00,  0.e+00],\n   ...e+00],\n 
[ 1.9554e+00,  2.9660e+00],\n [-2.2483e+00, -2.2663e+00],\n [ 
4.1025e-03, -9.0971e-01]]]), tensor([[[-1.2813e+00, -1.5149e+00],\n 
[-5.9411e-02, -3.7580e-01],\n [ 0.e+00,  0.e+00],\n   
...e+00],\n [ 1.9554e+00,  2.9660e+00],\n [-2.2483e+00, 
-2.2663e+00],\n [ 4.1023e-03, -9.0971e-01]]]), atol=1e-07)
E+where  
= torch.allclose
E+and   tensor([[[-1.2813e+00, -1.5149e+00],\n 
[-5.9411e-02, -3.7580e-01],\n [ 0.e+00,  0.e+00],\n   
...e+00],\n [ 1.9554e+00,  2.9660e+00],\n [-2.2483e+00, 
-2.2663e+00],\n [ 4.1023e-03, -9.0971e-01]]]) = tensor([[[ 4.5925e-01, 
-1.0188e+00],\n [ 1.6147e-03,  1.0610e+00],\n [-1.3520e+00, 
-9.0994e-01],\n   ...0452e-01,  7.3244e-01],\n [-1.1243e+00,  
6.4083e-01],\n [ 6.1791e-01,  2.0024e-01]]], requires_grad=True).grad

test/test_matmul.py:51: AssertionError
=== warnings summary ===
.pybuild/cpython3_3.11_torch-sparse/build/test/test_matmul.py::test_spspmm[dtype1-device1]
  
/<>/.pybuild/cpython3_3.11_torch-sparse/build/torch_sparse/matmul.py:97:
 UserWarning: Sparse CSR tensor support is in beta state. If you miss a 
functionality in the sparse tensor support, please submit a feature request to 
https://github.com/pytorch/pytorch/issues. (Triggered internally at 
./aten/src/ATen/SparseCsrTensorImpl.cpp:54.)
C = torch.sparse.mm(A, B)

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=== short test summary info 
FAILED test/test_matmul.py::test_spmm[dtype5-device5-sum] - assert False

Cheers
-- 
Sebastian Ramacher

Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1

[Adam D. Barratt]

Control: tags -1 confirmed

On Sat, 2023-09-30 at 21:17 -0300, Henrique de Moraes Holschuh wrote:
> As requested by the security team, I would like to bring the
> microcode update level for AMD64 processors in Bullseye and Bookworm
> to match what we have in Sid and Trixie.  This is the bug report for
> Bookworm, a separate one will be filled for Bullseye.
> 
> This fixes:
> CVE-2023-20569 "AMD Inception" on AMD Zen4 processors
> 

The upload window for the next point release closes at some point today
(UTC). If the upload happens in time then we can look at getting it
included for this cycle, but at this stage it's certainly too close to
promise anything.

Regards,

Adam