Bug#1053542: package contains license CC-BY-2.5

[Sebastiaan Couwenberg]

Control: tags -1 upstream
Control: forwarded -1 https://josm.openstreetmap.de/ticket/23220

On 10/5/23 23:42, Thorsten Alteholz wrote:

unfortunately your package contains files with license: CC-BY-2.5

    src/javax/annotation/*

As you can see on [1] this license is not compatible with DFSG, so please
remove the files or move the package to non-free.


Switching to jakarta.annotation may be option, it uses EPL-2.0 or 
GPL-2.0 with Classpath-exception-2.0.


If not, we'll have to move the package to non-free.

I'll need to test the jakarta.annotation changes and forward those 
upstream if it works.


Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug#1053547: bup: Remote backup fails with exception

[Austin Schuh]

Package: bup
Version: 0.33.2-1~deb12u1
Severity: important
X-Debbugs-Cc: austin.li...@gmail.com

Dear Maintainer,

   * What led up to the situation?

bup save -r synology-bup: -n aschuh-3950x /

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?

Saving: 88.92% (582379/654922k, 141698/141698 files), done. 
Receiving index from server: 1329644/1329644, done.
WARNING: 45 errors encountered while saving.
Exception ignored in: 
Traceback (most recent call last):
  File "/usr/lib/bup/bup/client.py", line 571, in __del__
TypeError: super() argument 1 must be a type, not NoneType

   * What outcome did you expect instead?

Backup to succeed


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bup depends on:
ii  git   1:2.39.2-1.1
ii  libacl1   2.3.1-3
ii  libc6 2.36-9+deb12u1
ii  libpython3.11 3.11.2-6
ii  libreadline8  8.2-1.3
ii  par2  0.8.1-3
ii  python3   3.11.2-1+b1
ii  python3-pylibacl  0.7.0-2
ii  python3-pyxattr   0.8.1-1

Versions of packages bup recommends:
ii  bup-doc  0.33.2-1~deb12u1
ii  python3-fuse 2:1.0.5-1+b3
ii  python3-tornado  6.2.0-3

bup suggests no packages.

-- no debconf information

Bug#1053546: zict: test_stress_different_keys_threadsafe hangs when run on a single core

[Vladimir Petko]

Package: zict
Severity: wishlist
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu mantic ubuntu-patch
X-Debbugs-Cc: vladimir.pe...@canonical.com

Dear Maintainer,

 test_stress_different_keys_threadsafe hangs in autopkgtest on ppc64el. This
issue was fixed upstream[1] and added as a patch in Ubuntu.

In Ubuntu, the attached patch was applied to achieve the following:
  * Prevent test timeout on a single CPU (LP: #2033759).


Thanks for considering the patch.

[1]
https://github.com/dask/zict/commit/b142286c09bddd27cba29e0cfb968cfc0ed54233


-- System Information:
Debian Release: bookworm/sid
  APT prefers lunar-updates
  APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'), 
(100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.0-34-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru zict-3.0.0/debian/patches/prevent_test_timeout_on_single_cpu.patch 
zict-3.0.0/debian/patches/prevent_test_timeout_on_single_cpu.patch
--- zict-3.0.0/debian/patches/prevent_test_timeout_on_single_cpu.patch  
1970-01-01 12:00:00.0 +1200
+++ zict-3.0.0/debian/patches/prevent_test_timeout_on_single_cpu.patch  
2023-10-02 11:54:38.0 +1300
@@ -0,0 +1,20 @@
+Description: Prevent test timeout on a single CPU
+ When running on a single CPU (`taskset -c 0 pytest`), multitasking can
+ misbehave and almost completely starve one of the two threads
+Origin: upstream, 
https://github.com/dask/zict/pull/108/commits/17a36dc68964c0f91c2d0fc0e7b8c6dc686251ca
+Bug: https://github.com/dask/zict/pull/108
+Bug-Ubuntu: https://launchpad.net/bugs/2033759
+Last-Update: 2023-10-02
+--- a/zict/tests/utils_test.py
 b/zict/tests/utils_test.py
+@@ -169,7 +169,9 @@
+ 
+ def worker(idx, key, value):
+ barrier.wait()
+-while any(c < 10 for c in counters):
++# When running on a single CPU (`taskset -c 0 pytest`), multitasking 
can
++# misbehave and almost completely starve one of the two threads
++while any(c < 10 for c in counters) and all(c < 1000 for c in 
counters):
+ z[key] = value
+ try:
+ assert z[key] == value
diff -Nru zict-3.0.0/debian/patches/series zict-3.0.0/debian/patches/series
--- zict-3.0.0/debian/patches/series2023-07-30 17:09:00.0 +1200
+++ zict-3.0.0/debian/patches/series2023-10-02 11:54:38.0 +1300
@@ -1 +1,2 @@
 update-pytest-markers.patch
+prevent_test_timeout_on_single_cpu.patch

Bug#1038611: Help with investigating a bug in the LightDM/logind/DDX stack

[Adilson dos Santos Dantas]

Hi.

I checked this command and I got this:

udevadm info /sys/class/drm/card0
Unknown device "/sys/class/drm/card0": No such device

So I tried to find out why this error and I discovered that the nvidia_drm
module is not loaded.

After loading this module the udevadm got some information:
udevadm info /sys/class/drm/card0
P: /devices/pci:00/:00:01.0/:01:00.0/drm/card0
M: card0
R: 0
U: drm
T: drm_minor
D: c 226:0
N: dri/card0
L: 0
S: dri/by-path/pci-:01:00.0-card
E: DEVPATH=/devices/pci:00/:00:01.0/:01:00.0/drm/card0
E: SUBSYSTEM=drm
E: DEVNAME=/dev/dri/card0
E: DEVTYPE=drm_minor
E: MAJOR=226
E: MINOR=0
E: USEC_INITIALIZED=4363555
E: ID_PATH=pci-:01:00.0
E: ID_PATH_TAG=pci-_01_00_0
E: ID_FOR_SEAT=drm-pci-_01_00_0
E: DEVLINKS=/dev/dri/by-path/pci-:01:00.0-card
E: TAGS=:master-of-seat:uaccess:seat:
E: CURRENT_TAGS=:master-of-seat:uaccess:seat:

But this module was not loaded at boot time and I found an old nvidia.conf
at /etc/modprobe.d. Probably it was from an old nvidia package and it
prevented this module from loading..

I removed this file and finally nvidia_drm was loaded in the next boot. It
worked with lightdm and with sddm. With sddm it stopped working for more
than one year until I removed nvidia.conf from modprobe.d.

Then, for me, the root cause is a nvidia_drm module not loaded due to a
file in modprobe.d . I don't know if there is something similar with the
RasperryPi 4.

Thanks for the help.

Best regards,

Adilson


Em qui., 5 de out. de 2023 às 06:12, Yves-Alexis Perez 
escreveu:

> On Thu, Oct 05, 2023 at 01:06:43AM +0200, Michael Biebl wrote:
> > have you checked if the graphics device is properly tagged by
> >
> > /lib/udev/rules.d/71-seat.rules
> >
> > udevadm info /sys/class/drm/card0
> > → E: TAGS=:seat:master-of-seat:uaccess:
> >
> Hi Michael,
>
> thanks for the tip. I'm not the one experiencing the bug, I'm handling
> this as LightDM maintainer. So I'm adding back the bug and the two
> people who were experiencing it so they can test (especially Adilson).
>
> Regards,
> --
> Yves-Alexis Perez
>
> --
> To unsubscribe, send mail to 1038611-unsubscr...@bugs.debian.org.
>


-- 
Adilson dos Santos Dantas
http://www.adilson.net.br
http://twitter.com/adilsond

Bug#1052929: yasnippet: FTBFS: make: *** [debian/rules:4: binary] Error 25

[Nicholas D Steeves]

Control: forwarded -1 https://github.com/joaotavora/yasnippet/issues/1173
Control: tag -1 upstream fixed-upstream

Lucas Nussbaum  writes:

> Source: yasnippet
> Version: 0.14.0+git20200603.5cbdbf0d-2
> Severity: serious
> Justification: FTBFS
> Tags: trixie sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20230925 ftbfs-trixie

This looks like it's probably fixed upstream, and I've requested a new
tagged release there.  Also, the last time either of the existing
Uploaders worked on this package was 2016, so they should be dropped at
this time.  I've CCed everyone involved.

Aymeric and Xiyue Deng, would you to take responsibility for this
package?


signature.asc
Description: PGP signature

Bug#1015915: pipewire-pulse leaking memory

[Vuk Mirovic]

Package: pipewire
Version: 0.3.65-3
Followup-For: Bug #1015915

Dear Maintainer,

Longstanding memory leak was finally fixed upstream.

Here is the upstream issue for context: 
https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1840

Commits fixing the issue: 
https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/7e2f6757fcc4eefd29cb47d8292714ac8014b9ef
https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/8680c74d1bd83b4969c9305171076b36f56d82fa

I made a patch for 0.3.65-3:

Index: pipewire-0.3.65/meson.build
===
--- pipewire-0.3.65.orig/meson.build
+++ pipewire-0.3.65/meson.build
@@ -401,6 +401,7 @@ check_functions = [
   ['reallocarray', '#include ', ['-D_GNU_SOURCE'], []],
   ['sigabbrev_np', '#include ', ['-D_GNU_SOURCE'], []],
   ['XSetIOErrorExitHandler', '#include ', [], [x11_dep]],
+  ['malloc_trim', '#include ', [], []],
 ]
 
 foreach f : check_functions
Index: pipewire-0.3.65/src/pipewire/impl-node.c
===
--- pipewire-0.3.65.orig/src/pipewire/impl-node.c
+++ pipewire-0.3.65/src/pipewire/impl-node.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -1945,6 +1946,11 @@ void pw_impl_node_destroy(struct pw_impl
 
spa_system_close(context->data_system, node->source.fd);
free(impl);
+
+#ifdef HAVE_MALLOC_TRIM
+   int res = malloc_trim(0);
+   pw_log_debug("malloc_trim(): %d", res);
+#endif
 }
 
 SPA_EXPORT

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable'), (10, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pipewire depends on:
ii  adduser  3.134
ii  init-system-helpers  1.65.2
ii  libpipewire-0.3-modules  0.3.65-3
ii  pipewire-bin 0.3.65-3

pipewire recommends no packages.

pipewire suggests no packages.

-- no debconf information

Bug#1052824: flycheck: FTBFS if gawk is installed

[Nicholas D Steeves]

Xiyue Deng  writes:

> Indeed.  I've refinalized, recompiled, and reuploaded it to mentors[1].
> PTAL.  Will create tag once it's uploaded to unstable.

There was some undocumented churn with python3-sphinx, but this release
isn't at fault, and it solves an RC bug, so I went ahead and uploaded.
Please consider double checking for stuff like this in the future.  You
can do this with something like

  cd $project_root
  git diff $latest_tagged_version_in_the_archive -- debian

>> Alternatively, if you're looking for off-team sponsors, then you should
>> file an RFS in addition to uploading to mentors.
>>
>
> Still prefer to let you sponsor here ;)

Fine with me, but if no one on the team (including myself) has time,
then please keep this in mind.

Cheers,
Nicholas


signature.asc
Description: PGP signature

Bug#1041792: Upload

[Arthur Diniz]

Dear maintainer,

Upload done with a delay of 7 days.

Kind Regards,
Arthur Diniz

diff -Nru httpie-3.2.1/debian/changelog httpie-3.2.1/debian/changelog
--- httpie-3.2.1/debian/changelog   2022-07-19 11:06:14.0 +0100
+++ httpie-3.2.1/debian/changelog   2023-10-05 19:09:08.0 +0100
@@ -1,6 +1,28 @@
+httpie (3.2.1-2) unstable; urgency=high
+
+  * d/control:
+- Add Bartosz Fenski as principal uploader.
+- Add Arthur Diniz as secondary uploader.
+- Change maintainer to Debian Python Team.
+- Bump Standards-Version to 4.6.2.
+- Declare Vcs-* fields under python salsa group.
+- Declare Rules-Requires-Root to no.
+- Replace debhelper with debhelper-compat.
+- Removed trailing whitespaces.
+  * d/copyright:
+- Add Arthur Diniz.
+- Update format URL.
+  * d/changelog: Removed trailing whitespaces.
+  * d/compat: Removed.
+  * d/patches: Patch to disable update checks. (Closes: #1041792)
+  * d/upstream/metadata: Created.
+  * d/gbp.conf: Created.
+
+ -- Arthur Diniz   Thu, 05 Oct 2023 19:09:08 +0100
+
 httpie (3.2.1-1) unstable; urgency=medium
 
-  * New upstream version (Closes: #1006651) 
+  * New upstream version (Closes: #1006651)
 - fixes two exposure of sensitive information vulnerabilities:
   CVE-2022-0430 (Closes: #1014765)
   CVE-2022-24737 (Closes: #1008011)
@@ -115,7 +137,7 @@
 httpie (0.3.1-1) unstable; urgency=low
 
   * The Akamai Technologies paid volunteer days release.
-  * Includes manual page (Closes: #673067) 
+  * Includes manual page (Closes: #673067)
 Courtesy of Khalid El Fathi . Thanks!
   * New upstream version. (Closes: #693810)
 - handles binary transfers properly (Closes: #689974)
@@ -124,12 +146,12 @@
 
 httpie (0.1.6+20120309git-2) unstable; urgency=low
 
-  * Depends on exact version of python-requests (Closes: #663506) 
+  * Depends on exact version of python-requests (Closes: #663506)
 
  -- Bartosz Fenski   Sat, 24 Mar 2012 17:43:02 +0100
 
 httpie (0.1.6+20120309git-1) unstable; urgency=low
 
-  * Initial release (Closes: #663184) 
+  * Initial release (Closes: #663184)
 
  -- Bartosz Fenski   Fri, 09 Mar 2012 09:23:08 +0100
diff -Nru httpie-3.2.1/debian/compat httpie-3.2.1/debian/compat
--- httpie-3.2.1/debian/compat  2022-07-19 11:06:14.0 +0100
+++ httpie-3.2.1/debian/compat  1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-13
diff -Nru httpie-3.2.1/debian/control httpie-3.2.1/debian/control
--- httpie-3.2.1/debian/control 2022-07-19 11:06:14.0 +0100
+++ httpie-3.2.1/debian/control 2023-10-05 19:09:08.0 +0100
@@ -1,8 +1,10 @@
 Source: httpie
 Section: web
 Priority: optional
-Maintainer: Bartosz Fenski 
-Build-Depends: debhelper (>= 13.0.0),
+Uploaders: Bartosz Fenski ,
+   Arthur Diniz 
+Maintainer: Debian Python Team 
+Build-Depends: debhelper-compat (= 13),
dh-python,
python3-setuptools,
python3-pygments,
@@ -10,16 +12,19 @@
python3-pkg-resources,
python3-charset-normalizer,
python3-all
-Standards-Version: 4.5.0
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Vcs-Browser: https://salsa.debian.org/python-team/packages/httpie
+Vcs-Git: https://salsa.debian.org/python-team/packages/httpie.git
 Homepage: https://httpie.io
 
 Package: httpie
 Architecture: all
 Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}, 
python3-defusedxml, python3-requests-toolbelt, python3-socks
 Description: CLI, cURL-like tool for humans
- HTTPie is a CLI HTTP utility that makes CLI interaction with HTTP-based 
+ HTTPie is a CLI HTTP utility that makes CLI interaction with HTTP-based
  services as human-friendly as possible.
  .
- HTTPie does so by providing an http command that allows for issuing 
- arbitrary HTTP requests using a simple and natural syntax and 
+ HTTPie does so by providing an http command that allows for issuing
+ arbitrary HTTP requests using a simple and natural syntax and
  displaying colorized responses.
diff -Nru httpie-3.2.1/debian/copyright httpie-3.2.1/debian/copyright
--- httpie-3.2.1/debian/copyright   2022-07-19 11:06:14.0 +0100
+++ httpie-3.2.1/debian/copyright   2023-10-05 19:09:08.0 +0100
@@ -1,4 +1,4 @@
-Format: http://dep.debian.net/deps/dep5
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: httpie
 Source: 
 
@@ -58,6 +58,7 @@
 
 Files: debian/*
 Copyright: 2012-2022 Bartosz Feński 
+   2023 Arthur Diniz 
 License: GPL-2+
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
diff -Nru httpie-3.2.1/debian/gbp.conf httpie-3.2.1/debian/gbp.conf
--- httpie-3.2.1/debian/gbp.conf1970-01-01 01:00:00.0 +0100
+++ httpie-3.2.1/debian/gbp.conf2023-10-05 19:09:08.0 +0100
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = debian/sid
+dist = DEP14

Bug#754357: Changing gmastermind.app to RFP

[Bastian Germann]

On Wed, 25 Feb 2015 20:11:43 +1100 Riley Baird 
 wrote:

You can find the package here:
https://anonscm.debian.org/cgit/pkg-gnustep/pkg-gmastermind.app.git


https://salsa.debian.org/gnustep-team/gmastermind.app
still builds successfully on current sid.

Bug#1051125: RFS: a2d/2.0.0-1 [ITP] -- APRS to DAPNET portal

[Yogeswaran Umasankar]

Hi Boyuan,
A huge thanks for sponsoring my package, I appreciate your support. I 
understand the manual review process you mentioned. I'll await the 
notification regarding the package's status. Once again, thank you for 
your support.


Best regards,
Yogeswaran.


OpenPGP_0x47DAC12E5D3610E6.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053545: CVE-2022-22995: netatalk afpd vulnerable to symlink spoofing

[Daniel Markstedt]

Package: netatalk
Version: 3.1.12~ds-3
Severity: critical
Tags: security
Justification: root security hole
X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team 


Under very specific circumstances, netatalk can be tricked into copying a 
symlink or other malicious file from the shared volume into a restricted place 
in the file system, potentially achieving remote code execution. All versions 
of netatalk from 3.1.0 to 3.1.17 are vulnerable.

The CVE-2022-22995 advisory was published over a year ago, but the details of 
the exploit weren't disclosed at the time:

https://nvd.nist.gov/vuln/detail/cve-2022-22995

It was only recently that we in the upstream team were able to get in touch 
with original security researchers to gain enough insights to formulate a patch 
and publish our own security advisory:

https://netatalk.sourceforge.io/CVE-2022-22995.php

Bug#748321: ITP: raceintospace -- free software version of the Liftoff! board game

[Bastian Germann]

For the record: The current URL to obtain the sources is
https://github.com/raceintospace/raceintospace

Bug#1053544: librecad: Unicode Captial Delta U+0394 displays as diamond

[David Christensen]

Package: librecad
Version: 2.1.3-1.3+deb11u1
Severity: normal
X-Debbugs-Cc: dpchr...@holgerdanske.com

Dear Maintainer,

When I insert MText containing a Unicode Capital Delta U+0394, LibreCAD
displays a diamond.

David


-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-25-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages librecad depends on:
ii  libc62.31-13+deb11u6
ii  libgcc-s110.2.1-6
ii  libmuparser2v5   2.2.6.1+dfsg-1
ii  libqt5core5a 5.15.2+dfsg-9
ii  libqt5gui5   5.15.2+dfsg-9
ii  libqt5printsupport5  5.15.2+dfsg-9
ii  libqt5svg5   5.15.2-3
ii  libqt5widgets5   5.15.2+dfsg-9
ii  librecad-data2.1.3-1.3+deb11u1
ii  libstdc++6   10.2.1-6

librecad recommends no packages.

librecad suggests no packages.

-- no debconf information

Bug#1053543: libdw-dev: Poor package description

[Witold Baryluk]

Package: libdw-dev
Version: 0.189-4
Severity: normal
X-Debbugs-Cc: witold.bary...@gmail.com

libdw-dev:

Description: libdw1 development libraries and header files


This is really poor choice of a description. It does not provide any
actual information. Like what libdw1 is?

Usually Description will be more informative, similar to how non-dev
packages are described.



Maybe:

library that provides access to the DWARF debug information (development files)

which would align with libdw1 package description.


However, ultimately this would be better (and shorter):

Library to access DWARF debugging information (development files)

and for libdw1:

Library to access DWARF debugging information


(with possible (shared libraries) suffix, but preferably without)



Similarliy for libelf-dev:

Description: libelf1 development libraries and header files

=>

Description: Library to read and write ELF files (developement files)


Cheers,
Witold


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE, TAINT_SOFTLOCKUP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libdw-dev depends on:
ii  libdw1   0.189-4
ii  libelf-dev   0.189-4
ii  liblzma-dev  5.4.4-0.1
ii  zlib1g-dev   1:1.2.13.dfsg-3

libdw-dev recommends no packages.

libdw-dev suggests no packages.

-- no debconf information

Bug#180980: libaiksaurusgtk-bin: Dialog has no close button.

[Bastian Germann]

Control: tags -1 wontfix

On Fri, 14 Feb 2003 13:46:36 + Robert Hart  wrote:

The AiksaurusGTK program does not seem to have a close or quit button.
This problem may depend on window manager configuration. 


The program was dropped with revision 1.2.1+dev-0.12-7.1.

Bug#765428: gaiksaurus: no icon

[Bastian Germann]

Control: tags -1 wontfix

On Tue, 14 Oct 2014 22:10:48 -0400 Logan Rosen  wrote:

There is no icon for gaiksaurus. On Launchpad, poikiloid suggested using the 
icon that the OS X port uses or a public domain dinosaur. [1]


gaiksaurus was dropped with revision 1.2.1+dev-0.12-7.1.

Bug#1053537: aiksaurus FTBFS: error: possibly undefined macro: AC_MSG_ERROR

[Bastian Germann]

I am uploading another NMU to fix my previous NMU. I am sorry about that.diff -Nru aiksaurus-1.2.1+dev-0.12/debian/changelog 
aiksaurus-1.2.1+dev-0.12/debian/changelog
--- aiksaurus-1.2.1+dev-0.12/debian/changelog   2023-09-23 09:43:10.0 
+0200
+++ aiksaurus-1.2.1+dev-0.12/debian/changelog   2023-10-06 00:28:37.0 
+0200
@@ -1,3 +1,12 @@
+aiksaurus (1.2.1+dev-0.12-7.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add previously implied build dependency pkg-config. (Closes: #1053537)
+  * d/rules: Drop unnecessary override_dh_auto_configure.
+  * Add Homepage. (Closes: #1035418)
+
+ -- Bastian Germann   Fri, 06 Oct 2023 00:28:37 +0200
+
 aiksaurus (1.2.1+dev-0.12-7.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru aiksaurus-1.2.1+dev-0.12/debian/control 
aiksaurus-1.2.1+dev-0.12/debian/control
--- aiksaurus-1.2.1+dev-0.12/debian/control 2023-09-23 09:43:10.0 
+0200
+++ aiksaurus-1.2.1+dev-0.12/debian/control 2023-10-06 00:28:37.0 
+0200
@@ -5,7 +5,9 @@
 Build-Depends:
  debhelper-compat (= 13),
  libpng-dev,
+ pkg-config,
 Standards-Version: 3.9.8
+Homepage: https://aiksaurus.sourceforge.net/
 
 Package: libaiksaurus-1.2-dev
 Architecture: any
diff -Nru aiksaurus-1.2.1+dev-0.12/debian/rules 
aiksaurus-1.2.1+dev-0.12/debian/rules
--- aiksaurus-1.2.1+dev-0.12/debian/rules   2023-09-23 09:43:10.0 
+0200
+++ aiksaurus-1.2.1+dev-0.12/debian/rules   2023-10-06 00:28:37.0 
+0200
@@ -15,9 +15,6 @@
 override_dh_autoreconf:
AUTOMAKE="automake --foreign" dh_autoreconf
 
-override_dh_auto_configure:
-   dh_auto_configure
-
 execute_before_dh_install:
mkdir -p debian/tmp/usr/share/applications/
mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/

Bug#1051150: RFS: blender-doc/3.6-1 [ITP] -- Blender Manual by the Blender Foundation

[Jonathan Rubenstein]

Hey Hugh,

I have added a README.source file detailing the need for git-lfs to 
build, and updated the changelog timestamp. If there is further action 
required, please let me know.


Best Regards,
Jonathan Rubenstein

Bug#1053542: package contains license CC-BY-2.5

[Thorsten Alteholz]

Package: josm
Version: 0.0.svn18646dfsg-1
Severity: serious
User: alteh...@debian.org
Usertags: license
thanks


Hi,

unfortunately your package contains files with license: CC-BY-2.5

   src/javax/annotation/*

As you can see on [1] this license is not compatible with DFSG, so please
remove the files or move the package to non-free.

Thanks!
 Thorsten

[1] https://wiki.debian.org/DFSGLicenses

Bug#1053541: package contains license CC-BY-2.5

[Thorsten Alteholz]

Package: anki
Version: 2.1.8dfsg-1
Severity: serious
User: alteh...@debian.org
Usertags: license
thanks


Hi,

unfortunately your package contains a file with license: CC-BY-2.5

   debian/browsersel.py

As you can see on [1] this license is not compatible with DFSG, so please
remove the file or move the package to non-free.

Thanks!
 Thorsten

[1] https://wiki.debian.org/DFSGLicenses

Bug#1053540: package contains license CC-BY-SA-2.0-uk

[Thorsten Alteholz]

Package: libhtmlcleaner-java
Version: 2.21-5
Severity: serious
User: alteh...@debian.org
Usertags: license
thanks


Hi,

unfortunately your package contains a file with license: CC-BY-SA-2.0-uk

   src/test/resources/test23.html

As you can see on [1] this license is not compatible with DFSG, so please
remove the file or move the package to non-free.

Thanks!
 Thorsten

[1] https://wiki.debian.org/DFSGLicenses

Bug#1053379: munin-node: logrotate.d/munin-node should call invoke-rc.d

[Bob Proulx]

Holger Levsen wrote:
> Bob Proulx wrote:
> > The introduction of systemctl is problematic especially when used in
> > chroots.
>
> systemctl handles chroots, so can you elaborate on this?

The policy-rc.d layer was created so that dpkg upgrading packages in
chroots don't start daemons in the chroot that might be installed in
the chroot but for which we don't want them to be running in the
chroot.  Unless we do.  In either case we can control that using the
policy-rc.d layer which is entered through the invoke-rc.d command.
Therefore packaged actions such as from postinst and logrotate.d and
should call through invoke-rc.d which might do nothing if policy-rc.d
has been configured for them to do nothing.  So that upgrading
packages in a chroot won't start daemons there.

[[Aside: Strangely the policy-rc.d layer controls a running system but
not a booting system.  An init system booting ignores the policy-rc.d
layer entirely.  I have seen systems, mostly virtualized, incorrectly
configured with a policy-rc.d that prevents upgrades from (re)starting
daemons but that boot and reboot okay.  But then upgrades don't
restart daemons due to the mistaken configuration.  I think that is a
hole in the design but a minor one that mostly is never encountered.
Except I encountered it.  Too funny!]]

In my case I noticed because I don't have any init system installed
within reach at all.  It's a very special case.  But useful.  So for
me on the upgrade it produced errors from calling systemctl and not
finding it.  So I knew immediately.  Which was a useful mine-canary.

> > Please use invoke-rc.d like other logrotate.d files do.  Here is a
> > patch.
>
> thank you, applied to the debian branch, so it will be included in the
> upcoming 2.0.74-1 upload.

Excellent!  Thank you!

> > I note that TABs were used and that those will probably not be
> > preserved and will need to be manually handled as desired.
>
> where?

The /etc/logrotate.d/munin-node file contains TAB characters.

I was careful that my email preserved those.  But if one copy-pasted
out of there probably will convert those TABs to spaces depending upon
mail client, terminal emulator, desktop manager, X/Wayland, and so
forth.  So many possibilities!  Certainly if one looks at the web page
of the bug ticket and copy-pasted from there for example the -/+ lines
would only have been converted to spaces at that point.  Or your flow
might preserve them naturally.  When I am in emacs reading the mail
message and then copy the text then the TABs will be preserved from
the original into the copy.  Emacs FTW!  :-)

Bob

Bug#1021239: opensmtpd: debconf answers during installation are not saved/used

[Daniel Richard G.]

I can confirm that this behavior persists in opensmtpd 7.3.0p2-1, the
current sid version.

The package scripts take settings from the (possibly absent)
/etc/mailname and /etc/aliases files, and push those into debconf,
instead of the other way around. This breaks pre-seeding, and makes the
package's debconf support little better than using an editor on those
files directly.

You can kinda-sorta pre-seed by doing

# echo my.mail.name >/etc/mailname
# echo "root: my.r...@addr.com" >/etc/aliases

and then installing the package, but then you don't get the more
elaborate aliases file that is generated by the install scripts.

(The configuration scripts are in need of an overhaul, generally. The
absence of settings for a smarthost and additional mail-names is
conspicuous. Ideally, opensmtpd would have a debconf implementation
similar to that of postfix or exim4-config.)


--Daniel


-- 
Daniel Richard G. || sk...@iskunk.org
My ASCII-art .sig got a bad case of Times New Roman.

Bug#1053313: octavia-agent: please depends on "cron | cron-daemon"

[Thomas Goirand]

On 10/1/23 16:04, Alexandre Detiste wrote:

Package: octavia-agent
Version: 13.0.0~rc1-1
Severity: normal

Dear maintainer,

Please replace the dependency on "cron" with
one on "cron | cron-daemon" to allow usage of
an alternaive cron-compatible implementation
such like "cronie" or "systemd-cron".

Greetings,

Alexandre Detiste


Hi Alexandre,

Do you know what octavia-agent does? Its only purpose is to be installed 
in a specially crafted cloud image. As much as I know, the only image 
available is the one built with my own tool, and probably later by the 
cloud team. Currently, I tweak anacron to run every hour, otherwise the 
haproxy logs can be too big, so really, there's only a single 
implementation that I care about.


Does it really still feel like we need multiple alternatives then?

Cheers,

Thomas Goirand (zigo)

Bug#1053539: package contains license CC-BY-2.0

[Thorsten Alteholz]

Package: retroarch-assets
Version: 1.7.6git20221024dfsg-3
Severity: serious
User: alteh...@debian.org
Usertags: license
thanks


Hi,

unfortunately your package contains files with license: CC-BY-2.0

   rgui/wallpaper/mystery_blocks*

As you can see on [1] this license is not compatible with DFSG, so please
remove the files or move the package to non-free.

Thanks!
 Thorsten

[1] https://wiki.debian.org/DFSGLicenses

Bug#1052824: flycheck: FTBFS if gawk is installed

[Xiyue Deng]

Hi Nicholas,

Nicholas D Steeves  writes:

> Hi,
>
> Manphiz  writes:
>
>> Finally got access from David.  I have prepared a revision for the fix
>> and uploaded to mentors[1].  Now looking for sponsors :)
>>
>> [1] https://mentors.debian.net/package/flycheck/
>
> If you'd like me to sponsor, please refinalise, because 9222c3db occurs
> after the 33~git20230824.e56e30d-2 release commit.  Also, when following
> best practises, that full version will appear in the release commit
> message, so this is a good opportunity to dtrt and fix that.
>

Indeed.  I've refinalized, recompiled, and reuploaded it to mentors[1].
PTAL.  Will create tag once it's uploaded to unstable.

> Alternatively, if you're looking for off-team sponsors, then you should
> file an RFS in addition to uploading to mentors.
>

Still prefer to let you sponsor here ;)

> Thank you for comaintaining this package :)
>

Happy to help :)

> Regards,
> Nicholas
>

[1] https://mentors.debian.net/package/flycheck/

-- 
Xiyue Deng


signature.asc
Description: PGP signature

Bug#1053538: kexec-tools: kexec reboot even if "systemctl reboot" via initscripts - Debian stable and testing

[Alban Browaeys]

Package: kexec-tools
Version: 1:2.0.25-3+b1
Severity: normal

Dear Maintainer,
When I call "reboot" or "systemctl reboot" I ends up with a kexec
reboot.

I expect a cold reboot.



I have enabled kexec-tools as it is a dependency of kdump-tools.
I supposed enabling a kexec kernel was a requirement to get kdump tools
to dump to /var/crash. Maybe I misunderstood.

In the journal I get after systemd telling it is rebooting:
"
oct. 05 21:59:59 cyclope systemd-logind[1954]: The system will reboot now!
(...)
oct. 05 21:59:59 cyclope systemd-logind[1954]: System is rebooting.
(...)
oct. 05 22:00:00 cyclope systemd[1]: Stopping kexec-load.service - LSB: Load 
kernel image with kexec...
(...)
oct. 05 22:00:02 cyclope kexec-load[6144]: Loading new kernel image into 
memory...done.
oct. 05 22:00:02 cyclope systemd[1]: kexec-load.service: Deactivated 
successfully.
oct. 05 22:00:02 cyclope systemd[1]: Stopped kexec-load.service - LSB: Load 
kernel image with kexec.
oct. 05 22:00:02 cyclope systemd[1]: kexec-load.service: Consumed 1.208s CPU 
time.
(...)
oct. 05 22:00:02 cyclope systemd[1]: Stopping kexec.service - LSB: Execute the 
kexec -e command to reboot system...
(...)
oct. 05 22:00:02 cyclope kexec[6439]: Will now restart with kexec.
"

This even though the kexec-tools Debian REAME tells:
/usr/share/doc/kexec-tools/README.Debian
"reboot" command with ystemd will by default do a cold reboot. To kexec
a new kernel with systemd, use "systemctl kexec".

I believe this is a new issue maybe from my upgrade in June of kexec-tools
from 1:2.0.20-2.1, 1:2.0.25-3+b1.
That is I did not change my kexec-tools config and I believe monthes ago
systemctl reboot gave me a cold reboot, not a kexec one.
Note that it does not means the setup was fine beforehand as I do not
have a single kdump crash file in /var/crash.
I do not know if kexec reboot was even working with the previous
version. Now it kexec reboots fine ... but even when I ask systemctl for
a default coldreboot.

I don't believe this affects unstable as kexec-tools 1:2.0.27-1 removed the
initscripts that are called by systemd at reboot.

Maybe this is expected behavior with systemd-sysv installed?


Cheers,
Alban


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'oldstable-debug'), (500, 
'oldoldstable'), (500, 'testing'), (500, 'stable'), (90, 'unstable-debug'), 
(90, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kexec-tools depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  dpkg   1.22.0
ii  libc6  2.37-12
ii  libxenmisc4.17 4.17.2-1
ii  lsb-base   11.6
ii  sysvinit-utils [lsb-base]  3.08-1

kexec-tools recommends no packages.

kexec-tools suggests no packages.

-- debconf information:
* kexec-tools/load_kexec: true
  kexec-tools/use_grub_config: false

Bug#1051650: cmake: Problems finding libraries on Alpha

[Michael Cree]

I have tried the suggested script (with a small modification to count
number of failures) running for a few hours on one of the packages
that had failed on the buildd and never saw cmake fail.

But then building a few packages locally with sbuild, apbs failed
first time to build with the cmake failure.  Second try at building
apbs with sbuild succeeded.

So it appears that there is something different about running in sbuild
(or possibly under dpkg-buildpackage) that is triggering this failure
on occassion.

Cheers,
Michael.

Bug#1053537: aiksaurus FTBFS: error: possibly undefined macro: AC_MSG_ERROR

[Adrian Bunk]

Source: aiksaurus
Version: 1.2.1+dev-0.12-7.1
Severity: serious
Tags: ftbfs
X-Debbugs-Cc: Bastian Germann 

https://buildd.debian.org/status/logs.php?pkg=aiksaurus=1.2.1%2Bdev-0.12-7.1

...
configure.ac:95: the top level
configure.ac:119: error: possibly undefined macro: AC_MSG_ERROR
  If this token and others are legitimate, please use m4_pattern_allow.
  See the Autoconf documentation.
autoreconf: error: /usr/bin/autoconf failed with exit status: 1
dh_autoreconf: error: autoreconf -f -i returned exit code 1
make[1]: *** [debian/rules:16: override_dh_autoreconf] Error 25

Bug#1023649: ghc: FTBFS haskell-random powerpc (ghc Segmentation fault)

[John Paul Adrian Glaubitz]

Hi Christian!

> ,
> | Reading symbols from 
> /home/marillat/haskell-random-1.2.1.1/debian/hlibrary.setup...
> | (No debugging symbols found in 
> /home/marillat/haskell-random-1.2.1.1/debian/hlibrary.setup)
> | [New LWP 9082]
> | [Thread debugging using libthread_db enabled]
> | Using host libthread_db library "/lib/powerpc-linux-gnu/libthread_db.so.1".
> | Core was generated by `debian/hlibrary.setup build --builddir=dist-ghc'.
> | Program terminated with signal SIGSEGV, Segmentation fault.
> | #0  __GI_kill () at ../sysdeps/unix/syscall-template.S:122
> | 122 ../sysdeps/unix/syscall-template.S: No such file or directory.
> | (gdb) bt
> | #0  __GI_kill () at ../sysdeps/unix/syscall-template.S:122
> | #1  0x108f27b4 in exitBySignal ()
> | #2  0x108f29f4 in shutdownHaskellAndSignal ()
> | #3  0x1088c828 in ?? ()
> | #4  0x108f55a0 in scheduleWaitThread ()
> | #5  0x108f21c8 in hs_main ()
> | #6  0x10007408 in main ()
> | (gdb)
> `

Could you provide the disassembled code for the affected code section?

Thanks,
Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1053536: squeekboard FTBFS with version 0.18 of rust gtk stack.

[Peter Green]

Package: squeekboard
Version: 1.22.0-4
Severity: serious
Tags: patch

The rust gtk stack was recently updated, and squeekboard needs a few
tweaks to build with the new version.

I have whipped up a patch and tested that squeekboard builds with it,
I have not tested it beyond that.diff -Nru squeekboard-1.22.0/debian/changelog 
squeekboard-1.22.0/debian/changelog
--- squeekboard-1.22.0/debian/changelog 2023-08-23 08:47:31.0 +
+++ squeekboard-1.22.0/debian/changelog 2023-10-05 19:31:30.0 +
@@ -1,3 +1,10 @@
+squeekboard (1.22.0-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * update patches for gtk-rs 0.18
+
+ -- Peter Michael Green   Thu, 05 Oct 2023 19:31:30 +
+
 squeekboard (1.22.0-4) unstable; urgency=medium
 
   [ Peter Michael Green ]
diff -Nru 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.17.patch
 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.17.patch
--- 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.17.patch
2023-08-23 08:47:31.0 +
+++ 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.17.patch
1970-01-01 00:00:00.0 +
@@ -1,53 +0,0 @@
-From: Arnaud Ferraris 
-Date: Tue, 27 Jun 2023 12:31:30 +0200
-Subject: Cargo.deps.newer: update for gtk-rs 0.17
-

- Cargo.deps.newer | 20 ++--
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/Cargo.deps.newer b/Cargo.deps.newer
-index 197dfa3..c236cc5 100644
 a/Cargo.deps.newer
-+++ b/Cargo.deps.newer
-@@ -9,30 +9,30 @@ zvariant = "2.10.*"
- zvariant_derive = "2.10.*"
- 
- [dependencies.cairo-rs]
--version = "0.14.*"
-+version = "0.17.*"
- 
- [dependencies.cairo-sys-rs]
--version = "0.14.*"
-+version = "0.17.*"
- 
- [dependencies.gdk]
--version = "0.14.*"
-+version = "0.17.*"
- 
- [dependencies.gio]
--version = "0.14.*"
-+version = "0.17.*"
- features = ["v2_58"]
- 
- [dependencies.glib]
--version = "0.14.*"
-+version = "0.17.*"
- features = ["v2_58"]
- 
- [dependencies.glib-sys]
--version = "0.14.*"
-+version = "0.17.*"
- features = ["v2_58"]
- 
- [dependencies.gtk]
--version = "0.14.*"
--features = ["v3_22"]
-+version = "0.17.*"
-+features = ["v3_24"]
- 
- [dependencies.gtk-sys]
--version = "0.14.*"
--features = ["v3_22"]
-+version = "0.17.*"
-+features = ["v3_24"]
diff -Nru 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.18.patch
 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.18.patch
--- 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.18.patch
1970-01-01 00:00:00.0 +
+++ 
squeekboard-1.22.0/debian/patches/0001-Cargo.deps.newer-update-for-gtk-rs-0.18.patch
2023-10-05 19:31:30.0 +
@@ -0,0 +1,55 @@
+Modified by Peter Michael Green for version 0.18 of rust gtk stack.
+
+From: Arnaud Ferraris 
+Date: Tue, 27 Jun 2023 12:31:30 +0200
+Subject: Cargo.deps.newer: update for gtk-rs 0.17
+
+---
+ Cargo.deps.newer | 20 ++--
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/Cargo.deps.newer b/Cargo.deps.newer
+index 197dfa3..c236cc5 100644
+--- a/Cargo.deps.newer
 b/Cargo.deps.newer
+@@ -9,30 +9,30 @@ zvariant = "2.10.*"
+ zvariant_derive = "2.10.*"
+ 
+ [dependencies.cairo-rs]
+-version = "0.14.*"
++version = "0.18.*"
+ 
+ [dependencies.cairo-sys-rs]
+-version = "0.14.*"
++version = "0.18.*"
+ 
+ [dependencies.gdk]
+-version = "0.14.*"
++version = "0.18.*"
+ 
+ [dependencies.gio]
+-version = "0.14.*"
++version = "0.18.*"
+ features = ["v2_58"]
+ 
+ [dependencies.glib]
+-version = "0.14.*"
++version = "0.18.*"
+ features = ["v2_58"]
+ 
+ [dependencies.glib-sys]
+-version = "0.14.*"
++version = "0.18.*"
+ features = ["v2_58"]
+ 
+ [dependencies.gtk]
+-version = "0.14.*"
+-features = ["v3_22"]
++version = "0.18.*"
++features = ["v3_24"]
+ 
+ [dependencies.gtk-sys]
+-version = "0.14.*"
+-features = ["v3_22"]
++version = "0.18.*"
++features = ["v3_24"]
diff -Nru 
squeekboard-1.22.0/debian/patches/0004-Cargo.-use-xkbcommon-v0.5.patch 
squeekboard-1.22.0/debian/patches/0004-Cargo.-use-xkbcommon-v0.5.patch
--- squeekboard-1.22.0/debian/patches/0004-Cargo.-use-xkbcommon-v0.5.patch  
2023-08-23 08:47:31.0 +
+++ squeekboard-1.22.0/debian/patches/0004-Cargo.-use-xkbcommon-v0.5.patch  
2023-10-05 19:31:30.0 +
@@ -26,14 +26,10 @@
 index c236cc5..b36e616 100644
 --- a/Cargo.deps.newer
 +++ b/Cargo.deps.newer
-@@ -7,6 +7,7 @@ zbus = "1.9.*"
- zvariant = "2.10.*"
- # Newer versions seem to confuse the version of Cargo on Debian Bullseye
+@@ -9,2 +9,3 @@ zbus = "1.9.*"
  zvariant_derive = "2.10.*"
 +xkbcommon = { version = "0.5.*", features = ["wayland"] }
  
- [dependencies.cairo-rs]
- version = "0.17.*"
 diff --git a/Cargo.toml.in b/Cargo.toml.in
 index c9b2064..557e6c6 100644
 --- a/Cargo.toml.in
diff -Nru 

Bug#1052824: flycheck: FTBFS if gawk is installed

[Nicholas D Steeves]

Hi,

Manphiz  writes:

> Finally got access from David.  I have prepared a revision for the fix
> and uploaded to mentors[1].  Now looking for sponsors :)
>
> [1] https://mentors.debian.net/package/flycheck/

If you'd like me to sponsor, please refinalise, because 9222c3db occurs
after the 33~git20230824.e56e30d-2 release commit.  Also, when following
best practises, that full version will appear in the release commit
message, so this is a good opportunity to dtrt and fix that.

Alternatively, if you're looking for off-team sponsors, then you should
file an RFS in addition to uploading to mentors.

Thank you for comaintaining this package :)

Regards,
Nicholas


signature.asc
Description: PGP signature

Bug#1051125: RFS: a2d/2.0.0-1 [ITP] -- APRS to DAPNET portal

[Boyuan Yang]

X-Debbugs-CC: kd8...@gmail.com

Hi,

On Sun, 24 Sep 2023 17:49:12 -0400 Yogu NY3W  wrote:
> Hi Boyuan,
> 
> Thank you for your valuable feedback on the a2d Debian package. I
> appreciate your time and insights into the packaging process. Let me
> address the points you've raised:
> 
> 
> debian/a2d.init.d: You are absolutely right, I apologize for the oversight.
> I've removed /usr/local/ and revised debian/a2d.init.d script.
> 
> 
> /etc/nginx/ssl/: This empty directory is intended to be used by a2d to
> store user SSL certificates and implement them for nginx. I understand your
> concern, but this directory serves a purpose within the functionality of
> the program.
> 
> 
> /usr/share/scripts/: These scripts are simple helper scripts specific to
> a2d. I believe that they should not be available globally like other system
> scripts. Placing them in /usr/share/a2d/scripts/ could be better for
> managing them.
> 
> 
> Lintian Warnings: I have addressed the lintian warnings regarding the
> skip-systemd-native-flag-missing-pre-depends in the package. Thank you for
> pointing these out.
> 
> 
> Thank you once again for your guidance and support. I look forward to your
> response and any further suggestions you may have.

Thanks for the update. I am uploading the current version on 2023-10-03 02:39
now.

This package will go through a manual review in the Debian NEW queue at
https://ftp-master.debian.org/new.html , and you will receive a notification
on the decision of ACCEPT or REJECT together with the reasons someday in the
future. This process is done manually, and it is handled by the Debian FTP
Masters Team ( https://ftp-master.debian.org/ ), which is out of my control.

Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#1053534: RM: restbed -- RoQA; unmaintained, RC-buggy, no rdeps

[Moritz Muehlenhoff]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rest...@packages.debian.org
Control: affects -1 + src:restbed

Please remove restbed. The last maintainer upload was in 2017,
it FTBFS since 3.5 years and there are no reverse dependencies.

Cheers,
Moritz

Bug#1053476: [debian-mysql] Bug#1053476: galera-3: CVE-2023-5157

[Salvatore Bonaccorso]

Hi Otto,

Thanks for the quick followup.

On Wed, Oct 04, 2023 at 08:59:31PM -0700, Otto Kekäläinen wrote:
> Thanks for reporting this Salvatore!
> 
> Are you aware of what plans upstream has?

We are not, basically we require your help for this report for
assessing the issue.

> The Jira MDEV-25068 was fixed in Galera 26.4.12
> (https://releases.galeracluster.com/galera-4.12/release-notes-galera-26.4.12.txt)
> in 2022. i don't see any commits on
> https://github.com/codership/galera/commits/3.x since 2022. i will
> keep an eye for new upstream releases.
> 
> I can also review/merge for all Debian and Ubuntu releases still in
> maintenance a patch if somebody wants to submit a Debian-specific fix
> at https://salsa.debian.org/mariadb-team/galera-3/-/merge_requests. On
> a quick look I did not find the 26.4.12 fix
> (https://github.com/search?q=repo%3Acodership%2Fgalera+MDEV-25068=commits)
> so I am not aware of any specific commit nor if it can be backported
> to 25.3.37

Do you have a good upstream contact which you could reach out to ask
on more details, references to fixes, etc on the issue?

Regards,
Salvatore

Bug#1053533: mbedtls: enable MBEDTLS_NIST_KW_C

[Jérôme Pouiller]

Source: mbedtls
Severity: wishlist
X-Debbugs-Cc: phco...@silabs.com, jerome.pouil...@gmail.com

Hello,

I have just noticed MBEDTLS_NIST_KW_C was not enabled (and obviously my
project[1] depends on it).

I usually use the default config provided by mbedtls (which I believe
enable all the possible options). Do you know if there is any reason to
strip down this configuration?


[1] https://github.com/SiliconLabs/wisun-br-linux

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable'), (300, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_IE.utf8, LC_CTYPE=en_IE.utf8 (charmap=UTF-8), LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1040901: Upcoming changes to Debian Linux kernel packages

[Bastian Blank]

Hi

On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote:
> > Multiple uploads of the same upstream version will have
> > the same package name, but those rarely happens.
> Those happen fairly often for urgent security updates.

We could encode that in the upstream version.  Aka to have
co-installable packages for security updates we do:

- 6.6.1-1
- 6.6.1+1-1
- 6.6.1+2-1

This allows for easy semantic, aka we only care for package names about
the upstream part of the version, which then needs to follow a certain
syntax.

Regards,
Bastian

-- 
A Vulcan can no sooner be disloyal than he can exist without breathing.
-- Kirk, "The Menagerie", stardate 3012.4

Bug#1053532: bookworm-pu: package arctica-greeter/0.99.3.0-1+deb12u2

[Mike Gabriel]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: arctica-gree...@packages.debian.org
Control: affects -1 + src:arctica-greeter

This is a follow-up upload of artica-greeter, +deb12u1 has already been
accepted for the next bookworm point release, but here comes another one
(explanation see below).

I have attached two debdiffs, one against arctica-greeter in bookworm,
one against arctica-greeter in bookworm-pu.

[ Reason ]
During the preparation of the Debian Edu 12 artwork I encountered a
problem with the logo positioning code in Arctica Greeter.

The previous code version would make assumptions of the logo height and
in the past we always used logo images of a certain pixel height.

However, the Debian 12 logo and the Debian Edu 12 logo differ in height
by design and the Debian Edu 12 would lap very far towards the bottom
border of the screen. Really not beautiful.

With Arctica Greeter upstream hat on I developed a patch that now allows
logos of any height with Arctica Greeter. This patch is shipped in
another bookworm-pu upload.

[ Impact ]
This is a change that makes Arctica Greeter in Debian Edu 12 more
beautiful. (We use Arctica Greeter for the MATE variant of Debian Edu).

If it does not get accepted, it won't leave anything in a broken or so,
it is merely an aesthetic fix.

[ Tests ]
Manual tests on a Debian bookworm and Debian Edu bookworm system.

[ Risks ]
Regression in arctica-greeter. Minimal.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
++ Add 0008_better-positioning-of-logo.patch. Move logo in bottom-left
+  corner one grid-size count away from the border.

Patch cherry-picked from upstream PR:
https://github.com/ArcticaProject/arctica-greeter/pull/87

[ Other info ]
None.
diff -Nru 
arctica-greeter-0.99.3.0/debian/30_arctica-greeter-theme-debian.gschema.override
 
arctica-greeter-0.99.3.0/debian/30_arctica-greeter-theme-debian.gschema.override
--- 
arctica-greeter-0.99.3.0/debian/30_arctica-greeter-theme-debian.gschema.override
2023-03-01 19:35:03.0 +0100
+++ 
arctica-greeter-0.99.3.0/debian/30_arctica-greeter-theme-debian.gschema.override
2023-08-24 07:40:47.0 +0200
@@ -1,5 +1,5 @@
 [org.ArcticaProject.arctica-greeter]
-background='/usr/share/desktop-base/emerald-theme/login/background-nologo.svg'
+background='/usr/share/desktop-base/active-theme/login/background-nologo.svg'
 background-color='#032F3D'
 togglebox-button-bgcolor='#032F3D'
 togglebox-button-bordercolor='#032F3D'
diff -Nru arctica-greeter-0.99.3.0/debian/changelog 
arctica-greeter-0.99.3.0/debian/changelog
--- arctica-greeter-0.99.3.0/debian/changelog   2023-03-01 21:21:03.0 
+0100
+++ arctica-greeter-0.99.3.0/debian/changelog   2023-10-05 20:48:16.0 
+0200
@@ -1,3 +1,30 @@
+arctica-greeter (0.99.3.0-1+deb12u2) bookworm; urgency=medium
+
+  * debian/patches:
++ Add 0008_better-positioning-of-logo.patch. Move logo in bottom-left
+  corner one grid-size count away from the border.
+
+ -- Mike Gabriel   Thu, 05 Oct 2023 20:48:16 +0200
+
+arctica-greeter (0.99.3.0-1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
++ [a11y] Add patches 0001 and 0002. Support configuring the onscreen
+  keyboard theme via ArcticaGreeter's gsettings.
++ [a11y, i18n]  Use 'Compact' OSK layout (instead of Small) which include
+  special keys such as German Umlauts, etc.
++ Add 0004-src-session-list.vala-Treat-gnome-xorg-as-GNOME-and-.patch. Show
+  correct icon for GNOME/X.Org session in session chooser list.
++ Add patches 0005, 0006 and 0007. Make PAM messages (esp. on login 
failure,
+  password expiry, etc.) be displayed fully and in readable colors.
+  * debian/30_arctica-greeter-theme-debian.gschema.override:
++ Use active theme rather then emerald (although the button color scheme
+  is designed for emerald). This allows the user/admin to adjust the
+  background image of Arctica Greeter via the alternative system in
+  desktop-base.
+
+ -- Mike Gabriel   Thu, 24 Aug 2023 19:58:57 +0200
+
 arctica-greeter (0.99.3.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
arctica-greeter-0.99.3.0/debian/patches/0001-data-org.ArcticaProject.arctica-greeter.gschema.xml-.patch
 
arctica-greeter-0.99.3.0/debian/patches/0001-data-org.ArcticaProject.arctica-greeter.gschema.xml-.patch
--- 
arctica-greeter-0.99.3.0/debian/patches/0001-data-org.ArcticaProject.arctica-greeter.gschema.xml-.patch
 1970-01-01 01:00:00.0 +0100
+++ 
arctica-greeter-0.99.3.0/debian/patches/0001-data-org.ArcticaProject.arctica-greeter.gschema.xml-.patch
 2023-08-24 07:40:06.0 +0200
@@ -0,0 +1,27 @@
+From 

Bug#1051367: Acknowledgement (regression: powersave screen blank causes system freeze after upgrade to Debian 12)

[Marcin Owsiany]

Unfortunately it's not fixed. Looks like the probability of a freeze is
just lower :-(

Bug#1053531: gnupg/gpg-agent/pinentry: timeout

[Thorsten Glaser]

Package: gpg-agent
Version: 2.2.27-2+deb11u2
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

Not sure which subpackage exactly is at fault, please reassign accordingly.

I started a “git commit -a -S” and got presented a pinentry-curses
through gpg-agent to enter my PGP key’s password, but then got IRL
distracted by being asked a question, and it had terminated the
pinentry and agent, asking me for a password on stderr/tty without
pinentry, but as soon as I went to type it there, it ended up with:

error: gpg failed to sign the data
fatal: failed to write commit object

Then I had to redo the commit, writing the entire commit message
again because, of course, it wasn’t kept.

IMHO the pinentry form shouldn’t time out (or at least be reasonable
about it, e.g. time out after one hour, at the earliest, or so).


-- System Information:
Debian Release: 11.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-24-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages gpg-agent depends on:
ii  gpgconf 2.2.27-2+deb11u2
ii  init-system-helpers 1.60
ii  libassuan0  2.5.3-7.1
ii  libc6   2.31-13+deb11u7
ii  libgcrypt20 1.8.7-6
ii  libgpg-error0   1.38-2
ii  libnpth01.6-3
ii  pinentry-curses [pinentry]  1.1.0-4

Versions of packages gpg-agent recommends:
ii  gnupg  2.2.27-2+deb11u2

Versions of packages gpg-agent suggests:
pn  dbus-user-session  
pn  libpam-systemd 
pn  pinentry-gnome3
pn  scdaemon   

-- no debconf information

Bug#1053530: haskell-aeson FTBFS on 32bit

[Adrian Bunk]

Source: haskell-aeson
Version: 2.1.2.1-4
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/haskell/aeson/issues/1060

https://buildd.debian.org/status/logs.php?pkg=haskell-aeson=2.1.2.1-4

...
  JSONTestSuite
i_number_double_huge_neg_exp.json
  decode:  OK (0.02s)
  decode via tokens:   OK (0.01s)
  tokens bs:   OK
  tokens lbs:  OK (0.02s)
i_number_huge_exp.json
  decode:  FAIL (0.02s)
Test output was different from 
'tests/JSONTestSuite/results/i_number_huge_exp.txt'. Output of 
["diff","-u","tests/JSONTestSuite/results/i_number_huge_exp.txt","/tmp/i_number_huge_exp19725-4.actual"]:
--- tests/JSONTestSuite/results/i_number_huge_exp.txt   2001-09-09 
01:46:40.0 +
+++ /tmp/i_number_huge_exp19725-4.actual2023-10-05 
18:40:15.167808595 +
@@ -1 +1 @@
-Right (Array [Number 4.0e-3000995])
+Right (Array [Number 4.0e64770077])

Use -p '$0=="tests.JSONTestSuite.i_number_huge_exp.json.decode"' to 
rerun this test only.
  decode via tokens:   FAIL (0.02s)
Test output was different from 
'tests/JSONTestSuite/results/i_number_huge_exp.txt'. Output of 
["diff","-u","tests/JSONTestSuite/results/i_number_huge_exp.txt","/tmp/i_number_huge_exp19725-5.actual"]:
--- tests/JSONTestSuite/results/i_number_huge_exp.txt   2001-09-09 
01:46:40.0 +
+++ /tmp/i_number_huge_exp19725-5.actual2023-10-05 
18:40:15.199808343 +
@@ -1 +1 @@
-Right (Array [Number 4.0e-3000995])
+Right (Array [Number 4.0e64770077])

Use -p '/i_number_huge_exp.json.decode via tokens/' to rerun this test 
only.
  tokens bs:   FAIL (0.04s)
Test output was different from 
'tests/JSONTestSuite/results/i_number_huge_exp.tok'. Output of 
["diff","-u","tests/JSONTestSuite/results/i_number_huge_exp.tok","/tmp/i_number_huge_exp19725-6.actual"]:
--- tests/JSONTestSuite/results/i_number_huge_exp.tok   2001-09-09 
01:46:40.0 +
+++ /tmp/i_number_huge_exp19725-6.actual2023-10-05 
18:40:15.219808186 +
@@ -1,4 +1,4 @@
 TkArrayOpen
 TkItem
-TkNumber NumScientific 4.0e-3000995
+TkNumber NumScientific 4.0e64770077
 TkArrayEnd

Use -p '/i_number_huge_exp.json.tokens bs/' to rerun this test only.
  tokens lbs:  FAIL (0.01s)
Test output was different from 
'tests/JSONTestSuite/results/i_number_huge_exp.tok'. Output of 
["diff","-u","tests/JSONTestSuite/results/i_number_huge_exp.tok","/tmp/i_number_huge_exp19725-7.actual"]:
--- tests/JSONTestSuite/results/i_number_huge_exp.tok   2001-09-09 
01:46:40.0 +
+++ /tmp/i_number_huge_exp19725-7.actual2023-10-05 
18:40:15.251807934 +
@@ -1,4 +1,4 @@
 TkArrayOpen
 TkItem
-TkNumber NumScientific 4.0e-3000995
+TkNumber NumScientific 4.0e64770077
 TkArrayEnd

Use -p '/i_number_huge_exp.json.tokens lbs/' to rerun this test only.
...
4 out of 1611 tests failed (29.36s)
Test suite aeson-tests: FAIL

Bug#1053463: quilt: quilt functions corrupt patches if awk is not gawk

[Dr. Tobias Quathamer]

control: tag -1 pending

Am 05.10.23 um 19:18 schrieb Sven Joachim:

If you would like a merge request on Salsa, I can do that.  But applying
the upstream patch is trivial, the only question is what name you want
to give it.

Cheers,
Sven


Hi Sven,

thanks for filing this bug and pointing to a patch. I'll certainly 
include that. However, as you might be aware, I've uploaded v0.67 
recently and the upgrade is not as smooth as I would have hoped.


I'm currently dealing with a lot of FTBFS bugs in dependent packages, 
and therefore I'd like to sort that out cleanly before adding another patch.


So once the dust settles (hopefully in the next couple of days), I can 
prepare another upload with your suggested patch.


Regards,
Tobias



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1021341: autopkgtest-build-qemu: add dependency on zerofree

[Cyril Brulebois]

Control: retitle -1 vmdb2: missing dependency on zerofree
Control: found -1 0.27+really.0.26-1
Control: severity -1 serious

Cc += Emanuele, Christian.

Michael Tokarev  (2023-09-17):
> Please do not add dependency on zerofree.
> 
> Instead, pleas DROP zerofree usage entirely in todays world.
> 
> It gave me multiple headaches already.
> 
> First I tried to experiment with autopkgtest (which uses vmdb2)
> on a tmpfs.  It all went fine until vmdb2 decided to helpfully
> zerofree the image, - which expanded it to whole RAM and immediately
> caused an OOM.  I had to clean up from this for quite some time.
> 
> Another case is an SSD which gets filled with zeros, having to
> allocate else unused blocks in the image file.
> 
> And yet another - on a regular rotating HDD, it has to turn a
> sparse file into complete file, - in a typical autopkgtest-build-qemu
> use case this means writing 25Gb of data, it is insanely slow.
> 
> If anything, one can use fstrim to achieve the desired result.
> 
> Thanks!

Please file a separate bug report instead of hijacking that one.

Bumping severity to serious because getting autopkgtest-build-qemu
to work is much harder than it should be (as evidenced by recurring
conversations on #debian-devel at least), and getting avoidable errors
doesn't help.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#1053523: cups 2.4.2-3+deb12u4 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053523 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.4.2-3+deb12u4

Explanation: remove debian/NEWS again to avoid too much information when the 
server isn't installed; fix typo in config filename

Bug#1053529: gnome-subtitles: Ships autogenerated files that can't be renegerated with the code in Debian main

[Bastian Germann]

Source: gnome-subtitles
Version: 1.8-1
Severity: serious

Similar to bug #1017897, this package ships autogenerated files:
subprojects/gtk-sharp/Source/gio/gio-api.raw
subprojects/gtk-sharp/Source/atk/atk-api.raw
subprojects/gtk-sharp/Source/gtk/gtk-api.raw
subprojects/gtk-sharp/Source/gdk/gdk-api.raw
subprojects/gtk-sharp/Source/pango/pango-api.raw

Please regenerate them based on what is in Debian.
It would be even better to fix the referenced bug and implement
#1050515, which enables to repack gnome-subtitles, getting rid of
subprojects/gtk-sharp.

Bug#1053522: cups 2.3.3op2-3+deb11u6 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1053522 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: cups
Version: 2.3.3op2-3+deb11u6

Explanation: remove debian/NEWS again to avoid too much information when the 
server isn't installed; fix typo in config filename

Bug#1053475: [ftpmas...@ftp-master.debian.org: Accepted python-django 3:4.2.6-1 (source) into unstable]

[Salvatore Bonaccorso]

Source: python-django
Source-Version: 3:4.2.6-1

- Forwarded message from Debian FTP Masters 
 -

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 05 Oct 2023 09:17:06 +0200
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.6-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team 
Changed-By: Chris Lamb 
Changes:
 python-django (3:4.2.6-1) unstable; urgency=high
 .
   * New upstream security release.
 .
 - CVE-2023-43665: Address a denial-of-service possibility in
   django.utils.text.Truncator.
 .
   Following the fix for CVE-2019-14232, the regular expressions used in the
   implementation of django.utils.text.Truncator’s chars() and words()
   methods (with html=True) were revised and improved. However, these
   regular expressions still exhibited linear backtracking complexity, so
   when given a very long, potentially malformed HTML input, the evaluation
   would still be slow, leading to a potential denial of service
   vulnerability.
 .
   The chars() and words() methods are used to implement the
   truncatechars_html and truncatewords_html template filters, which were
   thus also vulnerable.
 .
   The input processed by Truncator, when operating in HTML mode, has been
   limited to the first five million characters in order to avoid potential
   performance and memory issues.
 .
 
Checksums-Sha1:
 a022246e71830ebaa3f8933bb65c5e99359f0607 2782 python-django_4.2.6-1.dsc
 6e912eeabd1df0b652e0da44cd3a556a496a1811 10407018 
python-django_4.2.6.orig.tar.gz
 429bd69ce5db87684b9fa1463ebdcc1afd0a1306 31088 
python-django_4.2.6-1.debian.tar.xz
 4fed491e4e2d99927dec1f83d085ab0ec325 7860 
python-django_4.2.6-1_amd64.buildinfo
Checksums-Sha256:
 bcf1d2abcd4a9a086a8dd458f36d78a16f53e7faeb7bbe46079418c3f85c2dd8 2782 
python-django_4.2.6-1.dsc
 08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f 10407018 
python-django_4.2.6.orig.tar.gz
 ffbfbeb66ee754f0e257d8052253285d24306f561d202d87e4d4040b144ddb4d 31088 
python-django_4.2.6-1.debian.tar.xz
 8809b83840e73dd1dc16b718d7c557dc5726133a344f8445673041422542eff7 7860 
python-django_4.2.6-1_amd64.buildinfo
Files:
 fe4bed0b7bfe3781a39030879685c41d 2782 python optional python-django_4.2.6-1.dsc
 ad84c2b9bbebaa26427a2a656fe5ceea 10407018 python optional 
python-django_4.2.6.orig.tar.gz
 d385194f311ee720d8532bf49f2fa7ce 31088 python optional 
python-django_4.2.6-1.debian.tar.xz
 a5003824855baacdbdefa106e7969842 7860 python optional 
python-django_4.2.6-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmUeZUIACgkQHpU+J9Qx
HliXtQ//ZZKR5xRtO0faYGoxxFVyloQc1dTH4XhbsFtH9NTxbxNRvVkJJ8Q1IkZR
kSJJM336s3IN2zOIINrb6IrF3rdZpbUdK0CgMCYtaiP0f1ktboFw6L0YIbxaqecl
5lHS3z1U6okgZLDSv4yJg/lIMmipSaYTNxxJozYWOPs5unAUgZQN64xpjfNEnr96
aTMU5dkaH8tLJVhrE8M+9dqQv4+dO69yYos55nEoXM4dEbtfaUT2k9UkdCkr/8hS
Xkw/Nlu7EAGOuFcneZH3/Rltai5Hh4Ar9FWCYhuGNJgzXy93RCk+FF8FrRD28Bc5
+DIe/1KzRflhbQORVUDUWs6fjV5a6COlArgKGE+RXPtGv1M2pR7ZtqNVs/UQ78ct
v2YlTpyj4CDMLw6/za9Yh0oDeGeb5uW5SnPNqL+NBEA890ky6E92vb2XYQhtAc5a
7SaNZQ69Ny76cWbM+OPACU5/o43554Ouqw4JMUxBwBRAdkmvEPgxco11+jSbv+nf
I69AoKgQolV3s8vVdbQyrTOBs6SgvxDYUv1XRJLbbIhoB67XCxjrZeNkgyyGUxhe
r8J40H6iLNDlegQ7npvIyjRrRWnSSZsEbAiBOaByjQSJ3hiM0Qb/1N6h2qF9lFJ7
wpM66R4eZMqaabUwMJr9H0fPANwCviWfG4PYsAEzxCKnVXTwCVk=
=7Q/z
-END PGP SIGNATURE-


- End forwarded message -

Bug#839403: apt: define default pin priority for a source in sources.list directly

[Raphael Hertzog]

Hello,

On Sat, 01 Oct 2016, Raphaël Hertzog wrote:
> Hello I would like to be able to use something like this in my
> sources.list:
> 
> deb [pin-priority=500] http://ftp.debian.org/debian experimental main

Today I stumbled upon another case where something like this would have
been useful, to be able to tweak priorities of APT repositories injected
in autopkgtest test chroots with --add-apt-release:
https://salsa.debian.org/freexian-team/debusine/-/merge_requests/300#note_432326

This feature request doesn't seem super hard to implement, is there any
chance that someone could tackle it?

Cheers,
-- 
  ⢀⣴⠾⠻⢶⣦⠀   Raphaël Hertzog 
  ⣾⠁⢠⠒⠀⣿⡁
  ⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/
  ⠈⠳⣄   Debian Long Term Support: https://deb.li/LTS

Bug#1053528: python-pcre2 FTBFS on architectures without PCRE2 jit support

[Adrian Bunk]

Source: python-pcre2
Version: 0.3.0+ds-1
Severity: important
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=python-pcre2=0.3.0%2Bds-1

=== FAILURES ===
 test_pattern_jit_compile_success[a+b+c*d*-0-SUCCESS0] _

pattern = b'a+b+c*d*', options = 0, return_code = 'SUCCESS'

@pytest.mark.parametrize("pattern,options,return_code", 
test_data_pattern_compile_success)
def test_pattern_jit_compile_success(pattern, options, return_code):
try:
p = pcre2.compile(pattern, options=options, jit=True)
rc = "SUCCESS"
assert p.jit_size > 0
except CompileError as e:
rc = "COMPILE_ERROR"
except LibraryError as e:
rc = "LIB_ERROR"
>   assert rc == return_code
E   AssertionError: assert 'LIB_ERROR' == 'SUCCESS'
E - SUCCESS
E + LIB_ERROR

tests/test_pattern.py:43: AssertionError
...
utils.pyx:108: LibraryError
=== short test summary info 
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[a+b+c*d*-0-SUCCESS0]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[(?a+b+)c*d*-0-SUCCESS0]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[\xc3\xa5+\xe2\x88\xab+\xc3\xa7*\xe2\x88\x82*-0-SUCCESS]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[a+b+c*d*-0-SUCCESS1]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[(?a+b+)c*d*-0-SUCCESS1]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[(?a+b+)c*d*(?a+b+)-64-SUCCESS]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[\xe5+\u222b+\xe7*\u2202*-0-SUCCESS]
FAILED 
tests/test_pattern.py::test_pattern_jit_compile_success[(?<\u0192\xf8\xf8>a+b+)c*d*-0-SUCCESS]
FAILED tests/test_pattern.py::test_pattern_jit_findall - pcre2.exceptions.Lib...
FAILED tests/test_pattern.py::test_pattern_jit_split - pcre2.exceptions.Libra...
 10 failed, 52 passed in 1.60s =

Bug#1053527: scipy: build dependency missing: python3-pythran (< 0.13)

[Paul Gevers]

Source: scipy
Version: 1.10.1-2
Severity: serious
Tags: sid trixie ftbfs
User: debian...@lists.debian.org
Usertag: edos-uninstallable

Dear maintainer(s),

Dose [1] is reporting issues with your packages. It seems that 
src:pythran was updated without informing scipy that it would fail to 
build from source now.


Please look into how to resolve this issue.

Paul

[1] https://qa.debian.org/dose/debcheck/src_testing_main/index.html


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053474: snappy-java: CVE-2023-43642

[tony mancill]

On Wed, Oct 04, 2023 at 09:41:10PM +0200, Salvatore Bonaccorso wrote:
> Source: snappy-java
> Version: 1.1.8.3-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> 
> 
> The following vulnerability was published for snappy-java.
> 
> CVE-2023-43642[0]:
>
> ...(SNIP)...
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2023-43642
> https://www.cve.org/CVERecord?id=CVE-2023-43642
> [1] 
> https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5
> [2] 
> https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv

The latest upstream version 1.1.10.5 has been uploaded to unstable.

I will look into what is required to apply the patch referenced above
against 1.1.8.3 for bookworm and bullseye.



signature.asc
Description: PGP signature

Bug#1009159: Add autopkgtest

[Nilesh Patra]

On Thu, 5 Oct 2023 10:53:06 +0100 Luma  wrote:

Hello,
Pleas find attached a patch for Bug#1009159.


Thanks for the patch, but this looks wrong since it does not do anything other
than printing out a help menu.
We would like to actually test the binary for some data and verify whether 
output
is correct.

Also, it seems to even return a non-zero exit code and fails its testsuite
in current scenario. Did you run the autopkgtests before submitting it?

autopkgtest [22:37:50]: test run-unit-test: [---
# Too few arguments handed
# Printing help message:
# KmerResistance-2.0 correlates genes to species from WGS data, by mapping 
reads with KMA
# Options are:  Desc:   Default:
Requirements:
#
#   -i  Input/query file name   
REQUIRED
#   -o  Output file 
REQUIRED
#   -t_db   Template DB 
REQUIRED
#   -s_db   Species DB  
REQUIRED
#   -id ID threshhold   70.0
#   -hidHard ID threshhold  1.0
#   -dctDepth correction threshhold 0.1
#   -kmaalternative KMA kma
#   -v  Version
#   -h  Shows this help message
#
autopkgtest [22:37:51]: test run-unit-test: ---]
autopkgtest [22:37:51]: test run-unit-test:  - - - - - - - - - - results - - - 
- - - - - - -
run-unit-testFAIL non-zero exit status 1
autopkgtest [22:37:51]:  summary
run-unit-testFAIL non-zero exit status 1

Bug#1009158: Add autopkgtest

[Nilesh Patra]

On Thu, 5 Oct 2023 11:03:14 +0100 Luma  wrote:> There 
seems to be a commit for this bug  here:

https://salsa.debian.org/med-team/xdffileio/-/commit/ab2887ce1e89ed11980264b004ced95a87ec3c4b

Is there more I can do?


I think this is not closed because xdffileio was never uploaded with those 
tests. And the new version fails
to build as can be seen in the CI[1].
help fixing that would be good!

[1]: https://salsa.debian.org/med-team/xdffileio/-/jobs/2660702

Thanks,
Nilesh

Bug#1053463: quilt: quilt functions corrupt patches if awk is not gawk

[Sven Joachim]

Control: severity -1 grave

On 2023-10-04 17:16 +0200, Sven Joachim wrote:

> Package: quilt
> Version: 0.67+really0.67-1
> Severity: important

Thinking about it again, that severity was too low.  This bug causes
non-serious data loss with Debian's default awk implementation.

> The /usr/share/quilt/scripts/patchfns script contains a gawkism and does
> not work correctly with either mawk or original-awk.  In both cases
> "quilt refresh" corrupts existing patches, but the symptoms are quite
> different:
>
> - With awk=original-awk the refreshed patch is appended after the
>   original one instead of replacing it, and applying the refreshed patch
>   later fails.

That is what had been observed in the upstream report, but considering
original-awk's low popcon, few Debian users will see that.

> - With awk=mawk there is a complaint from mawk:
>
>   ,
>   | awk: line 21: regular expression compile failed (syntax error ^* or ^+)
>   | ^+++[ \t][^ \t]
>   `
>
>   This time there is no duplication of the patch, but the complete patch
>   header is removed, causing information loss. :-(

I think that is really bad, as there is no way to recover the header if
it had not been backed up (e.g. committed to a VCS).  And not everyone
has gawk installed or uses it as the default awk implementation.  So
quite a few people will observe that bug, and we should not let the
package migrate to testing without fixing it.

> Fortunately the problem had already been reported upstream and fixed in
> commit ce9c68abb7c ("patchfns: Compatibility fix for BSD awk"), I have
> attached the patch for your convenience and already tested it
> successfully with both mawk and original-awk. :-)

If you would like a merge request on Salsa, I can do that.  But applying
the upstream patch is trivial, the only question is what name you want
to give it.

Cheers,
   Sven

Bug#1039720: Acknowledgement (gnome-online-accounts: google account stop working files and calendar. Not able to re create online account.)

[Alberto Garcia]

On Thu, Oct 05, 2023 at 01:45:13PM -0300, sergio wrote:
> Waiting until the package version it is upgradeed on the backports repo has
> sense ?
> Upgrading from stable warn me that i will need to update 27 other packages.

Hi,

if you're using stable then it's better that you don't install
WebKitGTK from unstable, I'll tell you when a backport is available.

Thanks,

Berto

Bug#1051141: mfem: broken build system?

[Gianfranco Costamagna]

control: tags -1 patch pending

Uploaded and git pushed.

G.

On Sun, 3 Sep 2023 14:17:09 +0200 Gianfranco Costamagna 
 wrote:

Source: mfem
Version: 4.5.2+ds-1.1
Severity: serious
Justification: the directories hardcoded in header file points to unexisting 
locations.

Hello, I found some issues on the packaging of mfem, and I would like to see 
them fixed
because I don't think the package is good for stable in this way, but feel free 
to close
if you think this isn't the case!

First issue:
this is passed in configure:
-DINSTALL_LIB_DIR=lib/x86_64-linux-gnu
instead of DEB_HOST_MULTIARCH, causing a lot of pain a little bit after:

 dh_fixperms
 chrpath -d debian/libmfem4*/usr/lib/*-*/libmfem.so*
# one day this will also work on non x86_64-linux-gnu
# debian/libmfem-dev/usr/lib/cmake/mfem/*.cmake are with absolute wrong/build 
paths
 sed -i 
"s,/.*/lib/.*/libmfem.so.4.5.2,/usr/lib/x86_64-linux-gnu/libmfem.so.4.5.2,g" 
debian/libmfem-dev/usr/lib/cmake/mfem/MFEMTargets-*.cmake
# one day someone will fix the -ffile-prefix-map
 sed -i "s,/.*/lib/.*x86_64-linux-gnu,/usr/lib/x86_64-linux-gnu,g" 
debian/libmfem-dev/usr/lib/cmake/mfem/MFEMConfig.cmake

(for some reasons the DESTDIR contains the full path of the build, not the 
relative one, so this causes a lot of other issues)


Second issue:

cat /usr/include/mfem/config/_config.hpp |grep build
#define MFEM_SOURCE_DIR "/build/reproducible-path/mfem-4.5.2+ds"

MFEM_SOURCE_DIR and MFEM_INSTALL_DIR are used in many places in the code, and 
this will fail.

fem/ceed/interface/util.cpp:  const char *install_dir = MFEM_INSTALL_DIR 
"/include/mfem/fem/ceed";
fem/ceed/interface/util.cpp: MFEM_ABORT("Cannot find libCEED kernels in 
MFEM_INSTALL_DIR or "
general/device.cpp:   if (occa::io::exists(MFEM_INSTALL_DIR "/include/mfem/"))
general/device.cpp:  mfemDir = MFEM_INSTALL_DIR "/include/mfem/";
general/device.cpp:  MFEM_ABORT("Cannot find OCCA kernels in MFEM_INSTALL_DIR or 
MFEM_SOURCE_DIR");

fem/ceed/interface/util.cpp:  const char *source_dir = MFEM_SOURCE_DIR 
"/fem/ceed";
fem/ceed/interface/util.cpp:"MFEM_SOURCE_DIR");
general/device.cpp:   else if (occa::io::exists(MFEM_SOURCE_DIR))
general/device.cpp:  mfemDir = MFEM_SOURCE_DIR;
general/device.cpp:  MFEM_ABORT("Cannot find OCCA kernels in MFEM_INSTALL_DIR or 
MFEM_SOURCE_DIR");


Third issue: the shipped cmake file looks wrong and broken (this is a good 
candidate for autopkgtest :) )

cat ../CMakeLists.txt
cmake_minimum_required(VERSION 3.27)
project(foo)
find_package(MFEM)

cmake ..
-- The C compiler identification is GNU 13.2.0
-- The CXX compiler identification is GNU 13.2.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053128: This is Bug 15170 on bugzilla.samba.org

[Dmitry Telegin]

I found this bug in samba:
Bug 15170 - smbtree seg fault if using -N option.
https://bugzilla.samba.org/show_bug.cgi?id=15170

I checked this error in CentOS Stream 9 (samba 4.18.6-100.el9) -
successfully reproduced.

Bug#1039720: Acknowledgement (gnome-online-accounts: google account stop working files and calendar. Not able to re create online account.)

[sergio]

Hi Alberto,

Waiting until the package version it is upgradeed on the backports repo 
has sense ?
Upgrading from stable warn me that i will need to update 27 other 
packages.


Thanks for the message and help.
Regards.

El jue,  5 de oct de 2023 a las 10:36:21 AM, Alberto Garcia 
 escribió:

On Thu, Jun 29, 2023 at 03:51:53PM -0400, Sergio Zamora wrote:

 looks like this update *WebKitGTK 2.38 -> 2.40*  left the account
 unusable and then made it impossible to configure it again.


Hello, I just uploaded WebKitGTK 2.42.1-2 to unstable.

Could you give it a try and tell me if it works fine without having to
use any environment variable or any other workaround?

Thanks!

Berto

Bug#1017983: reprepro: upgrade from 5.3.0-1.2 to 5.4.1-1 loses data

[Bastian Germann]

Hi Steve,

Am 05.10.23 um 12:50 schrieb Steve McIntyre:

I've got time to debug this issue now, happy to help however...


Please have a look at #1051537. That might be related.
I did not have the time to look at the proposed patch and would be happy if you 
tested that.

Thanks,
Bastian

Bug#1053526: /etc/init.d/shiny-server without effect

[Stephan Hachinger]

Package: shiny-server
Version: 1.5.20.1002-1

Dear Sirs and Madams,

I just noticed by accident that in bookworm (12.1) with the versions mentioned above, 
"/etc/init.d/shiny-server start" or "/etc/init.d/shiny-server stop" are without 
any effect (silent and nothing happens).

This can apparently be changed to work "normally" by replacing
DAEMON=shiny-server
... with ...
DAEMON=/usr/bin/shiny-server
... in /etc/init.d/shiny-server. At least for me it works; it seems to be 
related to this discussion: https://github.com/rstudio/shiny-server/issues/23


Best

Stephan


smime.p7s
Description: Kryptografische S/MIME-Signatur

Bug#1053379: munin-node: logrotate.d/munin-node should call invoke-rc.d

[Holger Levsen]

control: tags -1 + pending
thanks

Hi Bob,

On Mon, Oct 02, 2023 at 03:16:03PM -0600, Bob Proulx wrote:
> The introduction of systemctl is problematic especially when used in
> chroots. 

systemctl handles chroots, so can you elaborate on this?

> Please use invoke-rc.d like other logrotate.d files do.  Here is a
> patch.  

thank you, applied to the debian branch, so it will be included in the
upcoming 2.0.74-1 upload.

> I note that TABs were used and that those will probably not be
> preserved and will need to be manually handled as desired.

where?

> Thank you for maintaining munin-node in Debian.
 
thank you for filing a bug report against munin-node! :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The devel is in the details.


signature.asc
Description: PGP signature

Bug#1053525: libphp-adodb too old for php8.2

[Justin Hallett]

Package: libphp-adodb
Version: 5.21.4-1

PHP 8.2 requires 5.22.6

https://adodb.org/dokuwiki/doku.php?id=v5:php_compatibility_status

Since 8.2 is in stable, that leaves libphp-adodb as unusable.

Bug#1052651: Disabling qname minimization due to 'ncache nxdomain'

[Ondřej Surý]

> On 25. 9. 2023, at 21:55, Thomas Leuxner  wrote:
> 
> I believe this is related to a QNAME change in 9.18.17. I do understand that 
> Spamhaus technically might violate a RFC, but the standard qname setting 
> breaks a lot of mail servers which use Spamhaus.

It's not **might**, Spamhaus is violating DNS RFC and there's just no 
justification to support broken DNS servers, you need to complain to Spamhaus 
about this, not to BIND 9.

Here's the situation described in more detail: 
https://kb.isc.org/docs/qname-minimization-and-spamhaus

Ondřej

--
Ondřej Surý (He/Him)
ond...@sury.org

Bug#1053524: src:shelltestrunner: fails to migrate to testing for too long: stuck in haskell transition

[Paul Gevers]

Source: shelltestrunner
Version: 1.9-2
Severity: serious
Control: close -1 1.9.0.1-1
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:shelltestrunner has been trying to migrate 
for 31 days [2]. Hence, I am filing this bug.


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=shelltestrunner



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053301: udev.postinst removes valid /etc/rc*.d/ symlinks

[Luca Boccassi]

Control: severity -1 minor

On Wed, 4 Oct 2023 22:00:06 +0100 Mark Hindley 
wrote:
> Control: tags -1 patch
> Control: affects -1 initscripts
> Control: severity -1 serious
> Justification: Breaks unrelated packages, breaks non-systemd boot
> 
> Michael,
> 
> Please find a patch below that addresses this issue in my test setup.
I can
> offer to NMU if you would like?
> 
> I have provided an easy means to reproduce the bug and a clear
justfication for
> why I think this is an RC bug. If you disagree, please explain why,
rather than
> just changing the severity. Thanks.

If you want to see your changes merged, I would recommend to stop
playing games with severity and send a MR on Salsa instead. It will be
quicker, easier and much more effective.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1053523: bookworm-pu: cups/2.4.2-3+deb12u4

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu


After uploading the fix for CVE-2023-4504 and CVE-2023-32360 to Buster I 
got some complaints:

 - the mentioned filename of the cupsd configuration contained a typo
   and several users were unsure what to do now ...
 - ... especially as the contents of debian/NEWS was also shown on
   computers where only cups client was installed.

So this upload fixes the typo and removes debian/NEWS again, so that the 
text is only shown when cups-daemon will be updated.


I know it is rather late for this, but maybe this makes things easier for 
our users.


  Thorsten
diff -Nru cups-2.4.2/debian/changelog cups-2.4.2/debian/changelog
--- cups-2.4.2/debian/changelog 2023-09-29 21:20:27.0 +0200
+++ cups-2.4.2/debian/changelog 2023-10-05 16:35:27.0 +0200
@@ -1,3 +1,11 @@
+cups (2.4.2-3+deb12u4) bookworm; urgency=medium
+
+  * remove debian/NEWS again to avoid too much information when only
+the client part is installed
+  * fix typo in config filename
+
+ -- Thorsten Alteholz   Thu, 05 Oct 2023 16:35:27 +0200
+
 cups (2.4.2-3+deb12u3) bookworm; urgency=medium
 
   * move debian/NEWS.Debian to debian/NEWS
diff -Nru cups-2.4.2/debian/cups-daemon.NEWS cups-2.4.2/debian/cups-daemon.NEWS
--- cups-2.4.2/debian/cups-daemon.NEWS  2023-09-29 21:20:27.0 +0200
+++ cups-2.4.2/debian/cups-daemon.NEWS  2023-10-05 16:35:27.0 +0200
@@ -4,7 +4,7 @@
   unauthorized users to fetch documents over local or remote networks.
   Since this is a configuration fix, it might be that it does not reach you if 
you
   are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the 
access
+  Please double check your /etc/cups/cupsd.conf file, whether it limits the 
access
   to CUPS-Get-Document with something like the following
   >  
   >AuthType Default
diff -Nru cups-2.4.2/debian/NEWS cups-2.4.2/debian/NEWS
--- cups-2.4.2/debian/NEWS  2023-09-29 21:20:27.0 +0200
+++ cups-2.4.2/debian/NEWS  1970-01-01 01:00:00.0 +0100
@@ -1,16 +0,0 @@
-cups (2.4.2-3+deb12u3) bookworm; urgency=medium
-
-  This release addresses a security issue (CVE-2023-32360) which allows
-  unauthorized users to fetch documents over local or remote networks.
-  Since this is a configuration fix, it might be that it does not reach you if 
you
-  are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the 
access
-  to CUPS-Get-Document with something like the following
-  >  
-  >AuthType Default
-  >Require user @OWNER @SYSTEM
-  >Order deny,allow
-  >   
-  (The important line is the 'AuthType Default' in this section)
-
- -- Thorsten Alteholz   Tue, 19 Sep 2023 21:20:27 +0200

Bug#1053522: bullseye-pu: cups/2.3.3op2-3+deb11u6

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu


After uploading the fix for CVE-2023-4504 and CVE-2023-32360 to Buster I
got some complaints:
 - the mentioned filename of the cupsd configuration contained a typo
   and several users were unsure what to do now ...
 - ... especially as the contents of debian/NEWS was also shown on
   computers where only cups client was installed.

So this upload fixes the typo and removes debian/NEWS again, so that the
text is only shown when cups-daemon will be updated.

I know it is rather late for this, but maybe this makes things easier for
our users.

  Thorsten
diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog  2023-09-29 21:20:27.0 +0200
+++ cups-2.3.3op2/debian/changelog  2023-10-05 16:35:27.0 +0200
@@ -1,3 +1,11 @@
+cups (2.3.3op2-3+deb11u6) bullseye; urgency=medium
+
+  * remove debian/NEWS again to avoid too much information when only
+the client part is installed
+  * fix typo in config filename
+
+ -- Thorsten Alteholz   Thu, 05 Oct 2023 16:35:27 +0200
+
 cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium
 
   * move debian/NEWS.Debian to debian/NEWS
diff -Nru cups-2.3.3op2/debian/cups-daemon.NEWS 
cups-2.3.3op2/debian/cups-daemon.NEWS
--- cups-2.3.3op2/debian/cups-daemon.NEWS   2023-09-29 21:20:27.0 
+0200
+++ cups-2.3.3op2/debian/cups-daemon.NEWS   2023-10-05 16:35:27.0 
+0200
@@ -4,7 +4,7 @@
   unauthorized users to fetch documents over local or remote networks.
   Since this is a configuration fix, it might be that it does not reach you if 
you
   are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the 
access
+  Please double check your /etc/cups/cupsd.conf file, whether it limits the 
access
   to CUPS-Get-Document with something like the following
   >  
   >AuthType Default
diff -Nru cups-2.3.3op2/debian/NEWS cups-2.3.3op2/debian/NEWS
--- cups-2.3.3op2/debian/NEWS   2023-09-29 21:20:27.0 +0200
+++ cups-2.3.3op2/debian/NEWS   1970-01-01 01:00:00.0 +0100
@@ -1,16 +0,0 @@
-cups (2.3.3op2-3+deb11u5) bullseye; urgency=medium
-
-  This release addresses a security issue (CVE-2023-32360) which allows
-  unauthorized users to fetch documents over local or remote networks.
-  Since this is a configuration fix, it might be that it does not reach you if 
you
-  are updating 'cups-daemon' (rather than doing a fresh installation).
-  Please double check your /etc/cups/cupds.conf file, whether it limits the 
access
-  to CUPS-Get-Document with something like the following
-  >  
-  >AuthType Default
-  >Require user @OWNER @SYSTEM
-  >Order deny,allow
-  >   
-  (The important line is the 'AuthType Default' in this section)
-
- -- Thorsten Alteholz   Tue, 19 Sep 2023 21:20:27 +0200

Bug#1053483: hash-slinger: diff for NMU version 3.1-1.2

[Antoine Beaupré]

On 2023-10-05 16:46:01, Ondřej Surý wrote:
> Go ahead and add yourself to maintainers and do a proper release if you care 
> about the packages. It would be appreciated 

Right now I'm about 4 yaks down in this stack, so adding myself to
maintainers is not part of my priorities right now.

As of all packages we use at torproject.org however, we will try to fix
issues like this when we find them. :) We can't, unfortunately, add
ourselves as maintainers for them any time we fix one of those issues.

Sorry!

A.

PS: should I understand I shouldn't delay the upload any further, otherwise?

-- 
If builders built houses the way programmers built programs,
The first woodpecker to come along would destroy civilization.
- Gerald Weinberg

Bug#1037938: linux FTCBFS: perf builds a python extension for the build architecture

[Johannes Schauer Marin Rodrigues]

Hi,

On Wed, 14 Jun 2023 16:40:54 +0200 Helmut Grohne  wrote:
> linux fails to cross build from source again. It seems like the perf build
> gained a python extension and that extension happens to be built for the
> build architecture, which doesn't go well. Please export the magic python
> cross building environment variable to make this work. I'm attaching a patch
> for your convenience.

I put Helmut's patch as a MR on salsa:

https://salsa.debian.org/kernel-team/linux/-/merge_requests/866/diffs

I stumbled across this, because after the recent python3.11 upload, the
cross-build not just builds something wrong but straight-up fails with:

LDSHARED="aarch64-linux-gnu-gcc -pthread -shared" \
CFLAGS='-g -O2 -fstack-protector-strong -fstack-clash-protection 
-Wformat -Werror=format-security -mbranch-protection=standard -Wall -Wdate-time 
-D_FORTIFY_SOURCE=2 -I/<>/tools/perf 
-I/<>/debian/build/build-tools/tools/perf -isystem 
/<>/debian/build/build-tools/include -Wbad-function-cast 
-Wdeclaration-after-statement -Wformat-security -Wformat-y2k -Winit-self 
-Wmissing-declarations -Wmissing-prototypes -Wno-system-headers 
-Wold-style-definition -Wpacked -Wredundant-decls -Wstrict-prototypes 
-Wswitch-default -Wswitch-enum -Wundef -Wwrite-strings -Wformat 
-Wno-type-limits -Wstrict-aliasing=3 -Wshadow -DHAVE_SYSCALL_TABLE_SUPPORT 
-I/<>/debian/build/build-tools/tools/perf/arch/arm64/include/generated
 -DHAVE_PERF_REGS_SUPPORT -DHAVE_ARCH_REGS_QUERY_REGISTER_OFFSET -DNDEBUG=1 -O6 
-fno-omit-frame-pointer -ggdb3 -funwind-tables -Wall -Wextra -std=gnu11 
-fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE 
-I/<>/tools/perf/util/include 
-I/<>/tools/perf/arch/arm64/include 
-I/<>/tools/include/ 
-I/<>/tools/arch/arm64/include/uapi 
-I/<>/tools/include/uapi 
-I/<>/tools/arch/arm64/include/ 
-I/<>/tools/arch/arm64/ 
-I/<>/debian/build/build-tools/tools/perf//util 
-I/<>/debian/build/build-tools/tools/perf/ 
-I/<>/tools/perf/util -I/<>/tools/perf 
-DHAVE_PTHREAD_ATTR_SETAFFINITY_NP -DHAVE_PTHREAD_BARRIER 
-DHAVE_EVENTFD_SUPPORT -DHAVE_GET_CURRENT_DIR_NAME -DHAVE_GETTID 
-DHAVE_FILE_HANDLE -DHAVE_DWARF_GETLOCATIONS_SUPPORT -DHAVE_AIO_SUPPORT 
-DHAVE_SCANDIRAT_SUPPORT -DHAVE_SCHED_GETCPU_SUPPORT -DHAVE_SETNS_SUPPORT 
-DHAVE_CSTRACE_SUPPORT  -DHAVE_LIBELF_SUPPORT -DHAVE_ELF_GETPHDRNUM_SUPPORT 
-DHAVE_GELF_GETNOTE_SUPPORT -DHAVE_ELF_GETSHDRSTRNDX_SUPPORT 
-DHAVE_DWARF_SUPPORT  -DHAVE_LIBBPF_SUPPORT -DHAVE_BPF_PROLOGUE -DHAVE_JITDUMP 
-DHAVE_LIBUNWIND_AARCH64_SUPPORT -DHAVE_DWARF_UNWIND_SUPPORT 
-DHAVE_LIBUNWIND_SUPPORT -DHAVE_SLANG_SUPPORT -DHAVE_LIBPERL_SUPPORT 
-DHAVE_TIMERFD_SUPPORT -DHAVE_LIBPYTHON_SUPPORT -DHAVE_CXA_DEMANGLE_SUPPORT 
-DHAVE_ZLIB_SUPPORT -DHAVE_LZMA_SUPPORT -DHAVE_ZSTD_SUPPORT 
-DHAVE_LIBCAP_SUPPORT -DHAVE_BACKTRACE_SUPPORT -DHAVE_LIBNUMA_SUPPORT 
-DHAVE_KVM_STAT_SUPPORT -DHAVE_LIBBABELTRACE_SUPPORT  -DHAVE_AUXTRACE_SUPPORT 
-DHAVE_LIBTRACEEVENT -DLIBTRACEEVENT_VERSION=66813 -DLIBTRACEFS_VERSION=66810 
-I/<>/debian/build/build-tools/tools/perf/libapi/include 
-I/<>/debian/build/build-tools/tools/perf/libbpf/include 
-I/<>/debian/build/build-tools/tools/perf/libsubcmd/include 
-I/<>/debian/build/build-tools/tools/perf/libsymbol/include 
-I/<>/debian/build/build-tools/tools/perf/libperf/include 
-I/<>/debian/build/build-tools/tools/perf/' LDFLAGS='-Wl,-z,relro' 
\
  '/usr/bin/python3' util/setup.py \
  --quiet build_ext; \
cc1: error: ‘-fcf-protection=full’ is not supported for this target
error: command '/usr/bin/aarch64-linux-gnu-gcc' failed with exit code 1

The reason is likely, that python3.11 was now rebuilt with a dpkg
version exposing the new build flags which get captured at build time
into sysconfigdata and make the build fail because flags that only
work with amd64 gcc get used with arm64 gcc.

Since Diederik de Haas is already looking into the MR, this email is
more a memo for myself so that I find this issue later on in my email
inbox. :)

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#1050933:

[Mathieu Malaterre]

Control: tags -1 wontfix

GCC-13 works as expected. Turns out to be a UB case in highway source code.

Closing

Bug#1037439: Unlikely to be a bug in r-base

[Dirk Eddelbuettel]

Andreas,

This looks like an error:

> reassign 1037439 src:r-base
Bug #1037439 {Done: Dirk Eddelbuettel } [r-cran-rstan] 
r-cran-rstan/armhf FTBFS with r-cran-bh 1.74, works with boost 1.81
Bug reassigned from package 'r-cran-rstan' to 'src:r-base'.
No longer marked as found in versions r-cran-rstan/2.21.8-1 and r-cran-bh.

r-base-core cannot possibly be the cause.  What we have here is that

- R packages can use (C++ upstream library) Boost (from boost.org)
- (ie not be confused with a CRAN package called boost)
- I happen to be upstream for CRAN package BH
- Which I update annually in December, so CRAN is now at 1.81
- Because BH is big we once decided to _not_ double it up in Debian
- So we have r-cran-bh essentially as a virtual package depending on 
libboost-all-dev

In June, we put a hard version constraint into r-cran-bh to enfore 1.81 or
later:

r-cran-bh (1.81.0-1) unstable; urgency=medium

  * debian/control: Update Build-Depends to libboost1.81-dev to ensure use
of Boost 1.81 (needed eg by rstan) which is not yet the default Boost
in Debian, but available. Note to re-set this to libboost-dev once it
is default. Thanks to Steve Langasek for the idea. (Closes: #1037439)

  * debian/control: Set Build-Depends: to current R version
  * debian/control: Set Standards-Version: to current version 
  * debian/control: Switch to virtual debhelper-compat (= 12)

 -- Dirk Eddelbuettel   Tue, 13 Jun 2023 07:10:09 -0500

Steve may have suggsted that at the time for Ubuntu build issues. So is this
now in Debian unstable/testing? IIRC there was a migration.

Thanks for any pointer,  Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1053521: ghostscript: ps2pdf modifies ASCII text of a PDF file, breaking conversion to text and searching for text (regression)

[Vincent Lefevre]

Package: ghostscript
Version: 10.02.0~dfsg-2
Severity: important
Tags: upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=707237

(Note that this is some form of data corruption.)

If I run ps2pdf on the PDF file from

  https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3163.pdf

the text

  arithmetic. Also, C99’s informative annex G offered [...]

is changed to

  arithmetic. !lso, C99’s informative annex G offered [...]

i.e. the letter "A" is changed to the exclamation point "!".

Note that this is a regression: there is no such issue with the
ghostscript 10.0.0~dfsg-11+deb12u1 package under Debian 12 (bookworm).

The above PDF file was generated with Microsoft Word, and an
uncompressed stream shows unusual content. This is where the
bug occurs.

I've reported the bug upstream and put more technical details
there.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ghostscript depends on:
ii  libc62.37-12
ii  libgs10  10.02.0~dfsg-2

ghostscript recommends no packages.

ghostscript suggests no packages.

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1053520: ITP: golang-github-ozeidan-fuzzy-patricia -- A generic patricia trie (also called radix tree) implemented in Go (Golang).

[Nilesh Patra]

Control: forcemerge -1 1053518

I'm merging the bugs since both are ITPs with the same description.

On Thu, Oct 05, 2023 at 08:01:21PM +0530, Ananthu C V wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Ananthu C V 
> X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org
> 
> * Package name: golang-github-ozeidan-fuzzy-patricia
>   Version : 3.0.0
>   Upstream Author : Omar Zeidan
> * URL : https://github.com/ozeidan/fuzzy-patricia.git
> * License : Expat 
>   Programming Lang: Go
>   Description : A generic patricia trie (also called radix tree) 
> implemented in Go (Golang).
> 
> A generic patricia trie (also called radix tree) implemented in Go (Golang).
> 
> The patricia trie as implemented in this library enables fast visiting of 
> items in some particular ways:
> 
> visit all items saved in the tree,
> visit all items matching particular prefix (visit subtree), or
> given a string, visit all items matching some prefix of that string.
> 
> []byte type is used for keys, interface{} for values.
> 
> Trie is not thread safe. Synchronize the access yourself.
> 
> This package is in the dependency tree of Lazygit (#908894)
> 


signature.asc
Description: PGP signature

Bug#1053483: hash-slinger: diff for NMU version 3.1-1.2

[Ondřej Surý]

Go ahead and add yourself to maintainers and do a proper release if you care 
about the packages. It would be appreciated 
--
Ondřej Surý  (He/Him)

> On 5. 10. 2023, at 16:43, anar...@debian.org wrote:
> 
> Control: tags 1053483 + pending
> 
> Dear maintainer,
> 
> I've prepared an NMU for hash-slinger (versioned as 3.1-1.2) and
> uploaded it to DELAYED/10. Please feel free to tell me if I
> should delay it longer.
> 
> I didn't find a recent copy of the source code on Salsa as well,
> otherwise I would have submitted this as a MR there as well.
> 
> I also plan on issuing a stable release update for this once the NMU
> lands in testing. Let me know if I should delay this as well.
> 
> My work on this issue is tracked in this bug report and our internal
> tracker here as well:
> 
> https://gitlab.torproject.org/tpo/tpa/team/-/issues/41350
> 
> Regards.
> 
> 
> --
> 

Bug#1053483: hash-slinger: diff for NMU version 3.1-1.2

[anarcat]

Control: tags 1053483 + pending

Dear maintainer,

I've prepared an NMU for hash-slinger (versioned as 3.1-1.2) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.

I didn't find a recent copy of the source code on Salsa as well,
otherwise I would have submitted this as a MR there as well.

I also plan on issuing a stable release update for this once the NMU
lands in testing. Let me know if I should delay this as well.

My work on this issue is tracked in this bug report and our internal
tracker here as well:

https://gitlab.torproject.org/tpo/tpa/team/-/issues/41350

Regards.


-- 
diff -Nru hash-slinger-3.1/debian/changelog hash-slinger-3.1/debian/changelog
--- hash-slinger-3.1/debian/changelog	2022-02-10 01:03:46.0 -0500
+++ hash-slinger-3.1/debian/changelog	2023-10-05 10:37:58.0 -0400
@@ -1,3 +1,10 @@
+hash-slinger (3.1-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bug fix: "tlsa can produce invalid records" (Closes: #1053483)
+
+ -- Antoine Beaupré   Thu, 05 Oct 2023 10:37:58 -0400
+
 hash-slinger (3.1-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch
--- hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch	1969-12-31 19:00:00.0 -0500
+++ hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch	2023-10-05 10:36:07.0 -0400
@@ -0,0 +1,34 @@
+From e3bec6e2a6b1bda7c52b4c585474fd7cc23ab643 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= 
+Date: Wed, 4 Oct 2023 22:05:26 -0400
+Subject: [PATCH] fix generic TLSA record generation
+Applied-Upstream: https://github.com/letoams/hash-slinger/commit/0bb0dba91c51d367d9a37297f13e07f33c01bfdc
+
+It seems like the calculation for the TLSA record never really worked,
+as we're doing float division here on the `len()` field. In our case,
+that field returned `35.0` which is not valid in our environment.
+
+Doing an integer division gives the correct result in most cases, I
+believe.
+
+Closes: #45
+---
+ tlsa | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tlsa b/tlsa
+index cea7230..ec97150 100755
+--- a/tlsa
 b/tlsa
+@@ -513,7 +513,7 @@ class TLSARecord:
+ 	def getRecord(self, generic=False):
+ 		"""Returns the RR string of this TLSARecord, either in rfc (default) or generic format"""
+ 		if generic:
+-			return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)/2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert)
++			return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)//2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert)
+ 		return '%s IN TLSA %s %s %s %s' % (self.name, self.usage, self.selector, self.mtype, self.cert)
+ 
+ 	def _toHex(self, val):
+-- 
+2.39.2
+
diff -Nru hash-slinger-3.1/debian/patches/series hash-slinger-3.1/debian/patches/series
--- hash-slinger-3.1/debian/patches/series	2021-02-14 11:40:02.0 -0500
+++ hash-slinger-3.1/debian/patches/series	2023-10-05 10:36:07.0 -0400
@@ -1 +1,2 @@
 0001-Debian-default-root.key-resides-in-usr-share-dns-roo.patch
+0001-fix-generic-TLSA-record-generation.patch


signature.asc
Description: PGP signature

Bug#1053482: systemd-resolved: resolved can intermittingly fail AF_UNSPEC queries to CNAMEd domains

[Michael Biebl]

Am 05.10.23 um 02:18 schrieb benja...@locrian.net:

Package: systemd-resolved
Version: 252.12-1~deb12u1
Severity: important

Dear Maintainer,

When systemd-resolved simultaneously does A and  queries, it fails if one 
of the queries returns a CNAME with a zero ttl and the other query returns a 
CNAME with a nonzero ttl. This happens in practice with several DNS providers. 
A fix for the problem was recently merged upstream at 
https://github.com/systemd/systemd/commit/8ec951e8d5cdd3ad632b1cbd8bcbe21d68b17512.
 See that commit for further details about the issue.

Please consider backporting this fix to bookworm.


Please ask for a backport to the v252-stable branch upstream.

Regards,
Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1050337:

[عبد سلمان]

تلي كرام انستا فوري ع. نفس جهازي فوري

Bug#1037366: libplank-dev: depends on deprecated libgdk-pixbuf2.0-dev

[Andreas Beckmann]

Control: reopen -1
Control: tag -1 sid trixie

On Fri, 11 Aug 2023 16:41:15 +0200 Bastian Germann  wrote:

Version: 0.11.89-2


This bug is about the libplank-dev package, not about the src:plank 
package (which has been fixed in -2).



Andreas

Bug#1053520: ITP: golang-github-ozeidan-fuzzy-patricia -- A generic patricia trie (also called radix tree) implemented in Go (Golang).

[Ananthu C V]

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-ozeidan-fuzzy-patricia
  Version : 3.0.0
  Upstream Author : Omar Zeidan
* URL : https://github.com/ozeidan/fuzzy-patricia.git
* License : Expat 
  Programming Lang: Go
  Description : A generic patricia trie (also called radix tree) 
implemented in Go (Golang).

A generic patricia trie (also called radix tree) implemented in Go (Golang).

The patricia trie as implemented in this library enables fast visiting of items 
in some particular ways:

visit all items saved in the tree,
visit all items matching particular prefix (visit subtree), or
given a string, visit all items matching some prefix of that string.

[]byte type is used for keys, interface{} for values.

Trie is not thread safe. Synchronize the access yourself.

This package is in the dependency tree of Lazygit (#908894)

Bug#1053502: mailman3-web: Package failed to install during upgrade from Debian 11 to 12

[Pierre-Elliott Bécue]

tags 1053502 +moreinfo
thanks

Hi,

Steven Verhulst  wrote on 05/10/2023 at 10:37:05+0200:

> Package: mailman3-web
> Version: 0+20200530-2.1
> Severity: important
>
> Dear Maintainer,
>
> When we upgraded our test mailingserver from Debian 11 to 12 we
> noticed the following error:
>
> Setting up mailman3-web (0+20200530-2.1) ...
> Determining localhost credentials from /etc/mysql/debian.cnf: failed (hosts 
> not equal).
> dbconfig-common: writing config to /etc/dbconfig-common/mailman3-web.conf
> dbconfig-common: flushing administrative password
> sed: -e expression #2, char 82: unterminated `s' command
> dpkg: error processing package mailman3-web (--configure):
> installed mailman3-web package post-installation script subprocess returned 
> error exit status 1
>
> From what I understand there seems to be an issue with the
> post-installation script.
>
> Since the post-installation script did not run it left us with a
> broken listserver.  Further it is not possible to use APT to update
> packages as it keep warning about mailman3-web package being broken.

When I read

> Determining localhost credentials from /etc/mysql/debian.cnf: failed (hosts 
> not equal).
> dbconfig-common: writing config to /etc/dbconfig-common/mailman3-web.conf
> dbconfig-common: flushing administrative password

I tend to think some weird stuff happened on your host.

But to try understanding further the issue, could you please give me
some hints about what this file contains?

-- 
PEB


signature.asc
Description: PGP signature

Bug#1053519: gcc-12: ICE when compiling ghdl 3.0.0 on arm64

[Simon Richter]

Package: gcc-12
Version: 12.3.0-9
Severity: normal
Tags: upstream
Forwarded: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111704
X-Debbugs-Cc: s...@debian.org
Control: affects -1 = ghdl

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

GHDL steps on an ICE while compiling GHDL 3.0.0 on arm64:

aarch64-linux-gnu-gcc-12 -c -I./ -I../../src -I../../src/vhdl -I../../src/synth 
-I../../src/grt -I../../src/psl -I../../src/vhdl/translate -I../../src/ghdldrv 
-I../../src/ortho -I../../src/ortho/llvm6 -I../../src/synth -I../../src/ghdldrv 
-gnat12 -gnaty3befhkmr -g -gnatwa -gnatwC -gnatf -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong 
-fstack-clash-protection -mbranch-protection=standard -gno-record-gcc-switches 
-gnata -I- /<>/src/synth/synth-disp_vhdl.adb
/<>/src/ghdldrv/ghdldrv.adb: In function ‘Ghdldrv.Gen_Makefile’:
/<>/src/ghdldrv/ghdldrv.adb:2022:8: error: unrecognizable insn:
(insn 1387 147 204 13 (parallel [
(set (mem/c:SI (plus:DI (reg/f:DI 29 x29)
(const_int -260 [0xfefc])) [36 files_it+4 
S4 A32])
(reg:SI 2 x2 [244]))
(set (mem/c:SI (plus:DI (reg/f:DI 29 x29)
(const_int -256 [0xff00])) [36 files_it+8 
S4 A64])
(reg:SI 1 x1 [604]))
]) "/<>/src/ghdldrv/ghdldrv.adb":1926:19 -1
 (expr_list:REG_DEAD (reg:SI 2 x2 [244])
(expr_list:REG_DEAD (reg:SI 1 x1 [604])
(nil
during RTL pass: cprop_hardreg

Full build log is at 
https://buildd.debian.org/status/fetch.php?pkg=ghdl=arm64=3.0.0%2Bdfsg2-1=1696130520=0

I have already reported this to the GCC Bugzilla.

   Simon

- -- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 6.1.0-12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages gcc-12 depends on:
ii  binutils   2.40-2
ii  cpp-12 12.2.0-14
ii  gcc-12-base12.2.0-14
ii  libc6  2.36-9+deb12u3
ii  libcc1-0   12.2.0-14
ii  libgcc-12-dev  12.2.0-14
ii  libgcc-s1  12.2.0-14
ii  libgmp10   2:6.2.1+dfsg1-1.1
ii  libisl23   0.25-1
ii  libmpc31.3.1-1
ii  libmpfr6   4.2.0-1
ii  libstdc++6 12.2.0-14
ii  libzstd1   1.5.4+dfsg2-5
ii  zlib1g 1:1.2.13.dfsg-1

Versions of packages gcc-12 recommends:
ii  libc6-dev  2.36-9+deb12u3

Versions of packages gcc-12 suggests:
pn  gcc-12-doc   
pn  gcc-12-locales   
pn  gcc-12-multilib  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEtjuqOJSXmNjSiX3Tfr04e7CZCBEFAmUexsEACgkQfr04e7CZ
CBHkYggArUJUHU/RlpTocoJ13EqLsENnfQGVlLuwcyX1lSEZRA06WGZk4HXa8Q85
V6TZNDtY1wjUdMQq/AWGPxyXJH/KqZRXHyx95L1fh7LY6BiI52/uajkzTQm0+V9M
HgUMDM2XrH23ocFNU/91vNmH4RH0bjYaV215ES4XHt+RV+YJpjjo9zFmjCYy99O/
PYFdq3XkIDKgNrFc7aN4hdPf94Xx0dFRZQ0JUA9X+y3Bzx5OIH7yUZkGEP4zrhv5
twIKAN0rdI6t89CCW/WhtIDaP2CYfraiB+vdMBtGdaOKCE09D8dVjpHB85CFqYyy
/MD/PclgY7KNaQvGj4fdk6AgWEIFPg==
=ijpm
-END PGP SIGNATURE-

Bug#1053518: ITP: golang-github-ozeidan-fuzzy-patricia -- A generic patricia trie (also called radix tree) implemented in Go (Golang).

[Nilesh Patra]

Package: wnpp
Severity: wishlist
Owner: Ananthu C V 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian...@lists.debian.org

* Package name: golang-github-ozeidan-fuzzy-patricia
  Version : 3.0.0
  Upstream Author : Omar Zeidan
* URL : https://github.com/ozeidan/fuzzy-patricia.git
* License : Expat 
  Programming Lang: Go
  Description : A generic patricia trie (also called radix tree) 
implemented in Go (Golang).

A generic patricia trie (also called radix tree) implemented in Go (Golang).

The patricia trie as implemented in this library enables fast visiting of items 
in some particular ways:

visit all items saved in the tree,
visit all items matching particular prefix (visit subtree), or
given a string, visit all items matching some prefix of that string.

[]byte type is used for keys, interface{} for values.

Trie is not thread safe. Synchronize the access yourself.

This package is in the dependency tree of Lazygit (#908894)

Bug#1053517: find commands became noisy in urlcheck/cleanup.logs cron job

[Laura Arjona Reina]

Package: www.debian.org
Severity: normal
User: debian-...@lists.debian.org
Usertags: scripts

Hello all
Since some time (maybe since the www-master machine (wolkenstein) was upgraded 
to bullseye?) we're receiving (at webmas...@debian.org) daily mails with noisy 
useless output of the "urlcheck" lessoften job:


-
 Mensaje reenviado 
Asunto: Cron  cd /srv/www.debian.org/cron/urlcheck && 
./cleanup.logs

Fecha: Thu, 05 Oct 2023 13:05:01 +
De: Cron Daemon 
Para: deb...@wolkenstein.debian.org

rm: cannot remove 'logs': Is a directory
gzip: logs is a directory -- ignored
-

The code producing the output is here:
https://salsa.debian.org/webmaster-team/cron/-/blob/master/urlcheck/cleanup.logs

Which is just 3 lines, so I copy them here:

---
#!/bin/sh

find logs -daystart -mtime +7 -exec rm {} \;
find logs -daystart -mtime +2 -not -name '*.gz' -exec gzip -9 {} \;
---

the "logs" folder is where other cron jobs store files so I guess we should keep 
it, I'd like just the script to be more silent so we only get mails if there is 
an actual error.


My bash skills are limited, if anybody can help, MR or patches or ideas are 
welcome.

Kind regards,

Laura Arjona Reina
https://wiki.debian.org/LauraArjona

Bug#1053516: catch2: new v3 upstream release available

[Drew Parsons]

Package: catch2
Version: 2.13.10-1
Severity: important
Control: affects -1 src:fenics-dolfinx

dolfinx 0.7 is trying to use catch2 to manage tests via cmake.
It fails at configuration time though, with cmake returning the error

CMake Warning at CMakeLists.txt:20 (find_package):
  Could not find a configuration file for package "Catch2" that is compatible
  with requested version "3".

  The following configuration files were considered but not accepted:

/usr/lib/cmake/Catch2/Catch2Config.cmake, version: 2.13.10
/lib/cmake/Catch2/Catch2Config.cmake, version: 2.13.10

-- Catch2 not found.



That is, the dolfinx test CMakeLists.txt uses

  find_package(Catch2 3)

but the debian catch2 package is 2.13.10, so v2 not v3.
Hence cmake rejects the package.

Upstream, catch2 is now at release 3.4.0.

Could catch2 please be updated to the latest upstream release?

Bug#1028489: transition: boost1.81

[Adrian Bunk]

On Wed, Oct 04, 2023 at 03:23:46PM -0400, David James wrote:
> Hi Anton,
> 
> Is there anything I can do to help this transition along? I wish to
> package software that does not build on 1.74, but does on 1.81 and 1.82.
> If there's anyway I can assist with bumping boost-defaults to 1.81 or 1.82
> I would be happy to help.

Note that as a workaround you could temporarily use a non-default boost 
by build depending on libboost-foo1.81-dev instead of libboost-foo-dev,
and then later switch to libboost-foo-dev (>= 1.81) [1] after the 
defaults change.

> Regards,
> 
> David James

cu
Adrian

[1]   Build-Depends: libboost-foo-dev (>= 1.81) | libboost-foo1.81-dev
would then (*after* the defaults change) be an alternative option to 
make the package easily backportable since boost1.81 is already in
bookworm and even bullseye-backports

Bug#1053515: sddm: inconsistent loading of selected sddm login in screen

[Johnny Edwards]

Package: sddm
Version: 0.20.0-1
Severity: normal
X-Debbugs-Cc: bugreport.d8...@passmail.net

Dear Maintainer,

Context - I have selected to use a different SDDM Theme that I found from the
"Get New SDDM Themes". I found, downloaded and selected the SDDM Theme as my
default Login Screen.

Bug - Inconsistently, upon login/startup of my Debian machine, the SDDM does
not load the selected Login Screen. Instead, it loads the default Debian Login
Screen. However, sometimes I will open the Debian machine and the correct SDDM
Login Screen will be displayed. It is inconsistent.

Observation of Bug - I believe that the bug might only occur when the Debian
machine is waking from sleep. I notice that when I restart the machine, or boot
up from shut down, the correct login screen is displayed.

Many thanks,
 a Grateful Debian User


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sddm depends on:
ii  adduser 3.137
ii  debconf [debconf-2.0]   1.5.82
ii  libc6   2.37-12
ii  libgcc-s1   13.2.0-4
ii  libpam0g1.5.2-7
ii  libqt5core5a5.15.10+dfsg-3
ii  libqt5dbus5 5.15.10+dfsg-3
ii  libqt5gui5  5.15.10+dfsg-3
ii  libqt5network5  5.15.10+dfsg-3
ii  libqt5qml5  5.15.10+dfsg-2
ii  libqt5quick55.15.10+dfsg-2
ii  libstdc++6  13.2.0-4
ii  libsystemd0 254.5-1
ii  libxau6 1:1.0.9-1
ii  libxcb-xkb1 1.15-1
ii  libxcb1 1.15-1
ii  qml-module-qtquick2 5.15.10+dfsg-2
ii  x11-common  1:7.7+23
ii  xauth   1:1.1.2-1
ii  xserver-xorg [xserver]  1:7.7+23

Versions of packages sddm recommends:
ii  libpam-systemd 254.5-1
ii  sddm-theme-breeze [sddm-theme] 4:5.27.8-2
ii  sddm-theme-debian-breeze [sddm-theme]  4:5.27.8-2

Versions of packages sddm suggests:
ii  libpam-kwallet5   5.27.8-1
pn  qtvirtualkeyboard-plugin  

-- debconf information:
* shared/default-x-display-manager: sddm
  sddm/daemon_name: /usr/bin/sddm

Bug#1053514: openstack-cluster-installer-agent: (oci-system-serial) Bugfix for handling NICs which do not report a speed

[Jim Scadden]

Package: openstack-cluster-installer-agent
Version: 42.3.0~bpo12+1

The command used in openstack-cluster-installer-agent to determine the
speed of a NIC can in some cases return the string "null", but the script
only checks for an empty response when checking if no speed could be
determined

# ip link show dev ens3 | grep 'link/ether' | awk '{print $2}'
52:54:00:55:74:03
# lshw -class network -json 2>/dev/null | jq '.[] | select(.serial == 
"'52:54:00:55:74:03'") | .capacity' | head -n 1
null

This prevents installations as OCI cannot find a matching NIC to
configure the network.

I've attached a patch which updates openstack-cluster-installer-agent to
handle the "null" response

--

Regards
Jim
diff --git a/common/usr/bin/openstack-cluster-installer-agent b/common/usr/bin/openstack-cluster-installer-agent
index 85df5d6e..22f30999 100755
--- a/common/usr/bin/openstack-cluster-installer-agent
+++ b/common/usr/bin/openstack-cluster-installer-agent
@@ -194,7 +194,7 @@ for i in $(ip link show | grep -v '^ ' | grep -v 'lo:' | cut -d' ' -f2 | cut -d:
 	fi
 	NET_DRIVER_NAME=$(ethtool -i $i | grep driver | sed -e 's/driver: //' | awk '{print $1}')
 	LSHW_SPEED=$(lshw -class network -json 2>/dev/null | jq '.[] | select(.serial == "'${MAC_ADDR}'") | .capacity' | head -n 1)
-	if [ -n "${LSHW_SPEED}" ] ; then
+	if [ -n "${LSHW_SPEED}" ] && [ "${LSHW_SPEED}" != "null" ] ; then
 		ETH_SPEED=$(( ${LSHW_SPEED} / 100 ))
 	else
 		# If we can't find a speed, let's report it as 100 MBits/s

Bug#1043266: python3-mypy: stub error message could point to python3-typeshed package

[Michael R. Crusoe]

control: tags -1 help newcomer

This is a good suggestion. I would happily review a merge request to 
implement this


--
Michael R. Crusoe



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1040106: mypy: deprecation of Python libraries asyncore and asynchat

[Michael R. Crusoe]

control: tags -1 wontfix

Hello, thank you for checking. However mypy does not use either the 
asyncore nor asychat libraries; it does contain type hints for those 
libraries.


Please remove "*.pyi" files from your analysis.

Cheers,

--

Michael R. Crusoe



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053513: openstack-cluster-installer-common: (oci-system-serial) Use system serial on QEMU VMs

[Jim Scadden]

Package: openstack-cluster-installer-common
Version: 42.3.0~bpo12+1

The oci-system-serial command  is currently unable to determine the
serial number on my libirtd/QEMU VMs as the fallback dmidecode commands
do not return any data. I've attached a patch to use the system-uuid
instead.

I also noticed that openstack-cluster-installer-agent duplicates the
code from oci-system-serial so I've attached a patch to just call
oci-system-serial instead.

--

Regards
Jim
diff --git a/common/usr/bin/oci-system-serial b/common/usr/bin/oci-system-serial
index 43854085..317f0562 100755
--- a/common/usr/bin/oci-system-serial
+++ b/common/usr/bin/oci-system-serial
@@ -23,6 +23,9 @@ else
 		"Supermicro")
 			SYSTEM_SERIAL=$(dmidecode -s baseboard-serial-number)
 		;;
+		"QEMU")
+			SYSTEM_SERIAL=$(dmidecode -s system-uuid)
+		;;
 		# Fallback for all other (possibly broken?) motherboards.
 		# Please contribute as you see issues.
 		*)
diff --git a/common/usr/bin/openstack-cluster-installer-agent b/common/usr/bin/openstack-cluster-installer-agent
index 85df5d6e..18a5c3ab 100755
--- a/common/usr/bin/openstack-cluster-installer-agent
+++ b/common/usr/bin/openstack-cluster-installer-agent
@@ -230,29 +230,7 @@ echo "===> Fetching baseboard info with dmidecode"
 
 ### Chassis serial number, product name, BIOS version, IPMI version, IPMI ip
 SYSTEM_MANUFACTURER=$(dmidecode -s system-manufacturer)
-
-case $SYSTEM_MANUFACTURER in
-	"HPE"|"Dell"|"Dell Inc."|"Acer"|"LinuxKVM"|"OpenStack Nova"|"GIGABYTE")
-		SYSTEM_SERIAL=$(dmidecode -s system-serial-number)
-	;;
-	"LENOVO"|"Lenovo")
-		SYSTEM_SERIAL=$(dmidecode -s chassis-serial-number)
-	;;
-	# Supermicro is stupid, dmidecode -s system-serial-number
-	# will always return 1234567890
-	"Supermicro")
-		SYSTEM_SERIAL=$(dmidecode -s baseboard-serial-number)
-	;;
-	# Fallback for all other (possibly broken?) motherboards.
-	# Please contribute as you see issues.
-	*)
-		SYSTEM_SERIAL=$(dmidecode -s baseboard-serial-number)
-		if [ -z "${SYSTEM_SERIAL}" ] ; then
-			SYSTEM_SERIAL=$(dmidecode -s system-serial-number)
-		fi
-	;;
-esac
-
+SYSTEM_SERIAL=$(oci-system-serial)
 PRODUCT_NAME=$(dmidecode -t 1 | grep "Product Name" | sed -e "s/[ \t]*Product Name:[ ]*//"  -e "s/,//g")
 BIOS_VENDOR=$(dmidecode -s bios-vendor)
 case ${BIOS_VENDOR} in

Bug#1053512: encfs: Will EncFS be removed from Debian? / How unsecure is EncFS?

[Christian Buhtz]

Package: encfs
Version: 1.9.5-2
Severity: normal

Dear Maintainer,

I'm sure you are aware of the "security problems" of EncFS. The information are
not clear to me but to my knowledge there was an security audition some years
ago and the upstream maintainer refused to invest more ressource into the
project and suggest to migrate to gocryptfs.

There is a bug ticket at upstream summarizing some of the information

https://github.com/vgough/encfs/issues/314

As member of upstream maintenance team for "Back In Time"
(https://github.com/bit-team/backintime) currently depending on EncFS, I try to
find out how to deal with the problem. I also try to find out how big the
problem really is.

Debian seems to keep EncFS. That indicates to me that the problem can not be so
big.
As upstream maintainer of Back In Time I'm unsure how to  evaluate the
situation. We do think about to remove EncFS because of the security issues.

How do you evaluate the situation?

Kind
Christian Buhtz


-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.1.0-12-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages encfs depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  fuse3 [fuse]   3.14.0-4
ii  libc6  2.36-9+deb12u3
ii  libfuse2   2.9.9-6+b1
ii  libgcc-s1  12.2.0-14
ii  libssl33.0.9-1
ii  libstdc++6 12.2.0-14
pn  libtinyxml2-9  
ii  mount  2.38.1-5+b1

encfs recommends no packages.

encfs suggests no packages.

Bug#1052055: Webkit output fully white

[R Pi]

Same goes for the MiniBrowser. Will now work with both environment
variables, but not without.

Thanks,

On Thu, Oct 5, 2023 at 10:37 AM Alberto Garcia  wrote:
>
> On Sat, Sep 16, 2023 at 06:29:52PM +0200, R Pi wrote:
> > I'm currently developing an app using Tauri. Since upgrading
> > libwebkit2gtk-4.0-dev from version 2.40.5-1~deb12u1 to version
> > 2.42.0-1, whenever I launch my app I'm getting the following
> > messages:
>
> Hello, I just uploaded WebKitGTK 2.42.1-2 to unstable.
>
> Could you give it a try and tell me if it works fine without having to
> use any environment variable or any other workaround?
>
> Thanks!
>
> Berto



-- 
- Romain

Bug#1052055: Webkit output fully white

[R Pi]

Hello,

> Hello, I just uploaded WebKitGTK 2.42.1-2 to unstable.

Hello Berto,

Thank you for the follow up.

> Could you give it a try and tell me if it works fine without having to
> use any environment variable or any other workaround?

Unfortunately, I am still encountering the same issue.

Here's some console output when not using any environment variable:
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
Failed to create GBM buffer of size 1024x741: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
Failed to create GBM buffer of size 1024x741: Permission denied
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Permission denied
Failed to create GBM buffer of size 1024x741: Permission denied
Failed to create EGL images for DMABufs with file descriptors -1, -1 and -1

However, it now works with either WEBKIT_DISABLE_DMABUF_RENDERER=1 or
WEBKIT_DMABUF_RENDERER_DISABLE_GBM=1, which is different from before.

Thank you,

-- 
- Romain

Bug#1053511: Printing with cups not possible any more after system upgrade

[Debian]

Package: cups-daemon
Version: 2.3.3op2-3+deb11u5
Severity: important

Dear Maintainer,

can you please tell, what is going on that printing becomes impossible 
in all versions of Debian?


Yesterday I give up working with Debian 12 and one of the reasons is 
this bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039983 that 
color printing is not possible any more.
So I reactivated an backup of Debian 11 and for security reasons it has 
been upgraded.
CUPS is part of this upgrade and after the upgrade no printing is 
possible any more (see log of upgrade below).


In the printer configuration 
http://localhost:631/printers/Kyocera_Kyocera_ECOSYS_P5021cdw_ the 
printer cannot be deleted or jobs cancelled, all of them are resulting 
in "Gesamte Anfrage zu groß" translated "request to big"!
When you print, the print job keeps "on hold" and cannot be started or 
released. Then again you enter "request to big".

Some screenshots are attached.

Now i am really desparated, because I invested much work to reactivate 
the backup that is running really good excluding CUPS and printing.
I already need to boot Debian 8 when I want to send a fax, because CUPS 
has been altered and so Roger Router Fax is not working any more afterwards.
So different installations are needed and have to be booted now to print 
in Debian Gnu/Linux ?


Cheers
karsten


-- System Information:
Debian Release: 11.8
 APT prefers oldstable-updates
 APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), 
(500, 'oldstable-proposed-updates'), (500, 'oldstable')

Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-26-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE 
not set

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cups-daemon depends on:
ii  adduser  3.118+deb11u1
ii  bc   1.07.1-2+b2
ii  init-system-helpers  1.60
ii  libavahi-client3 0.8-5+deb11u2
ii  libavahi-common3 0.8-5+deb11u2
ii  libc6    2.31-13+deb11u6
ii  libcups2 2.3.3op2-3+deb11u5
ii  libdbus-1-3  1.12.28-0+deb11u1
ii  libgssapi-krb5-2 1.18.3-6+deb11u4
ii  libpam0g 1.4.0-9+deb11u1
ii  libpaper1    1.1.28+b1
ii  libsystemd0  247.3-7+deb11u4
ii  lsb-base 11.1.0
ii  procps   2:3.3.17-5
ii  ssl-cert 1.1.0+nmu1


Upgrade of this packages:

Start-Date: 2023-10-03  16:32:30
Install: linux-image-5.10.0-26-amd64:amd64 (5.10.197-1, automatic), 
linux-headers-5.10.0-26-common:amd64 (5.10.197-1, automatic), 
linux-headers-5.10.0-26-amd64:amd64 (5.10.197-1, automatic)
Upgrade: dpkg:amd64 (1.20.12, 1.20.13), openjdk-11-jre:amd64 
(11.0.18+10-1~deb11u1, 11.0.20+8-1~deb11u1), libcups2:amd64 
(2.3.3op2-3+deb11u2, 2.3.3op2-3+deb11u5), libcups2:i386 
(2.3.3op2-3+deb11u2, 2.3.3op2-3+deb11u5), linux-kbuild-5.10:amd64 
(5.10.179-1, 5.10.197-1), libcurl4:amd64 (7.74.0-1.3+deb11u7, 
7.74.0-1.3+deb11u9), libcurl4:i386 (7.74.0-1.3+deb11u7, 
7.74.0-1.3+deb11u9), python2.7-minimal:amd64 (2.7.18-8, 
2.7.18-8+deb11u1), libwebpmux3:amd64 (0.6.1-2.1+deb11u1, 
0.6.1-2.1+deb11u2), openjdk-11-jre-headless:amd64 (11.0.18+10-1~deb11u1, 
11.0.20+8-1~deb11u1), krb5-locales:amd64 (1.18.3-6+deb11u3, 
1.18.3-6+deb11u4), bind9-host:amd64 (1:9.16.42-1~deb11u1, 
1:9.16.44-1~deb11u1), libgssapi-krb5-2:amd64 (1.18.3-6+deb11u3, 
1.18.3-6+deb11u4), libgssapi-krb5-2:i386 (1.18.3-6+deb11u3, 
1.18.3-6+deb11u4), libcurl3-gnutls:amd64 (7.74.0-1.3+deb11u7, 
7.74.0-1.3+deb11u9), libcurl3-gnutls:i386 (7.74.0-1.3+deb11u7, 
7.74.0-1.3+deb11u9), openssh-client:amd64 (1:8.4p1-5+deb11u1, 
1:8.4p1-5+deb11u2), gstreamer1.0-plugins-ugly:amd64 (1:1.18.4-dmo3, 
1:1.18.4-dmo3+deb11u1), cups-bsd:amd64 (2.3.3op2-3+deb11u2, 
2.3.3op2-3+deb11u5), libtinfo5:amd64 (6.2+20201114-2+deb11u1, 
6.2+20201114-2+deb11u2), libtinfo6:amd64 (6.2+20201114-2+deb11u1, 
6.2+20201114-2+deb11u2), libtinfo6:i386 (6.2+20201114-2+deb11u1, 
6.2+20201114-2+deb11u2), nvidia-alternative:amd64 (470.182.03-1, 
470.199.02-1), cups-common:amd64 (2.3.3op2-3+deb11u2, 
2.3.3op2-3+deb11u5), libmagic-mgc:amd64 (1:5.39-3, 1:5.39-3+deb11u1), 
yt-dlp:amd64 (1:2023.06.22-dmo1, 1:2023.09.24-dmo1), 
gstreamer1.0-gl:amd64 (1.18.4-dmo1, 1.18.4-dmo1+deb11u1), 
linux-image-5.10.0-23-amd64:amd64 (5.10.179-1, 5.10.179-3), rar:amd64 
(2:5.5.0-1, 2:6.23-1~deb11u1), linux-compiler-gcc-10-x86:amd64 
(5.10.179-1, 5.10.197-1), libblas3:amd64 (3.9.0-3, 3.9.0-3+deb11u1), 
cups-client:amd64 (2.3.3op2-3+deb11u2, 2.3.3op2-3+deb11u5), 
cups-ppdc:amd64 (2.3.3op2-3+deb11u2, 2.3.3op2-3+deb11u5), 
opera-stable:amd64 (100.0.4815.20, 103.0.4928.16), libmagic1:amd64 
(1:5.39-3, 1:5.39-3+deb11u1), cups-daemon:amd64 (2.3.3op2-3+deb11u2, 
2.3.3op2-3+deb11u5), liblua5.3-0:amd64 (5.3.3-1.1+b1, 
5.3.3-1.1+deb11u1), libmujs1:amd64 

Bug#1053510: openstack-cluster-installer: puppetserver sign command needs updating for puppet 7

[Jim Scadden]

Package: openstack-cluster-installer
Version: 42.3.0~bpo12+1

The puppetserver command for signing a client cert has changed in puppet
7. This causes errors when installing new nodes.

root@oci-01:~# puppetserver cert --help
puppetserver: 'cert' is not a puppetserver command. See 'puppetserver --help'.

Patches attached.

--

Regards
Jim
diff --git a/src/install-status.php b/src/install-status.php
index fa7f8f3b..0fe08b3a 100644
--- a/src/install-status.php
+++ b/src/install-status.php
@@ -85,7 +85,7 @@ if($n == 0){
 $output = "";
 $machine_hostname = $machine["hostname"];
 if($puppet_master_is_7_or_more == "yes"){
-$mycmd = "puppetserver cert sign --certname";
+$mycmd = "puppetserver ca sign --certname";
 }else{
 $mycmd = "puppet cert sign";
 }
diff --git a/debian/openstack-cluster-installer.sudoers b/debian/openstack-cluster-installer.sudoers
index 0e407c41..9f87d70f 100644
--- a/debian/openstack-cluster-installer.sudoers
+++ b/debian/openstack-cluster-installer.sudoers
@@ -1,8 +1,8 @@
 www-data ALL = (root) NOPASSWD: /usr/bin/puppet cert clean *
 www-data ALL = (root) NOPASSWD: /usr/bin/puppet cert sign *
 www-data ALL = (root) NOPASSWD: /usr/bin/puppet ca generate *
-www-data ALL = (root) NOPASSWD: /usr/bin/puppetserver cert clean *
-www-data ALL = (root) NOPASSWD: /usr/bin/puppetserver cert sign *
+www-data ALL = (root) NOPASSWD: /usr/bin/puppetserver ca clean *
+www-data ALL = (root) NOPASSWD: /usr/bin/puppetserver ca sign *
 www-data ALL = (root) NOPASSWD: /usr/bin/puppetserver ca generate *
 www-data ALL = (root) NOPASSWD: /usr/bin/oci-remove-slave-node-generated-key *
 www-data ALL = (root) NOPASSWD: /usr/bin/oci-copy-slave-node-generate-key *

Bug#1053509: shasta: autopkgtest regression on arm64: is memory suddenly not enough?

[Paul Gevers]

Source: shasta
Version: 0.11.1-1
Severity: important
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

Your package has an autopkgtest, great. However, it recently started 
failing on arm64 in unstable, testing *and* stable. Until mid September 
2023, most runs passed (there are some historical rare failures where we 
don't have logs anymore), but somewhere between 2023-09-17 and 
2023-10-01 the tests started failing (although, in testing we had some 
passes on 2023-09-28 and 2023-10-04, interestingly these runs too *much* 
longer than normal (factor ~20)). I first suspected that this regression 
aligned with my fix for bug 1050256 where I switched the kernel of our 
hosts to backports, but there are multiple good runs with that kernel. 
Today I learned that "Killed" in the log is often coming from the kernel 
when a program is allocating too much memory and the kernel kills the 
process. We have some striking logs of failures [1] where the shasta 
test actually bails out itself for lack of memory.


So, there's a couple of things (weirdness and options):
1) why does it now suddenly start to (nearly always) fail across the 
board on arm64 (in Debian, Ubuntu still seems fine), without changes to 
the infrastructure that I know of?

2) do you also believe this is related to memory consumption?
3) If 2 == yes, what are the memory requirements for the test? The test 
*could* test for that before it starts and bail out (restriction: 
skippable with exit code 77 [2]) if the amount of memory available is 
too small.
4) just stop testing on arm64 (but again, in Ubuntu the test is still 
running fine)
5) the recent glibc security update also came to my mind, but that's not 
*yet* installed on our hosts, nor is it installed in the stable testbed.


The release team has announced [3] that failing autopkgtest on amd64 and 
arm64 are considered RC in testing. However, due to nature of the 
symptoms, I've filed this as important for now.


Paul

[1] 
https://ci.debian.net/data/autopkgtest/testing/arm64/s/shasta/38544284/log.gz
 48s 2023-Oct-04 12:01:05.603191 Memory allocation failure  during 
mremap call for MemoryMapped::Vector.

 48s This assembly requires more memory than available.
 48s Rerun on a larger machine.
[2] 
https://salsa.debian.org/ci-team/autopkgtest/-/blob/master/doc/README.package-tests.rst

[3] https://lists.debian.org/debian-devel-announce/2019/07/msg2.html


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053508: sitemap.wml also lists external web pages, review all content

[Thomas Lange]

Package: www.debian.org

The sitemap also includes external links like qa.debian.org,
lists.d.o, even wiki.d.o But a sitemap should only list internal pages.

Also the selection seems to be very random. Why should archives of
mailing lists listed here? Is devel/developers.loc that important to
be listed on a sitemap?

Why are these listed?
- Procedures for submitting a General Resolution proposal or amendment
- Standard Resolution Procedure
It's sufficient to list a link to our vote page


Please review all content. Less is more!
-- 
regards Thomas

Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file

[Tim Small]

I haven't been able to reproduce this on a Debian 12 container. For 
those that are still seeing this problem, is it always reproducible?  If 
there is a race, is there a way to force this (e.g. via apt settings or 
manual package install ordering with dpkg etc.)?


Thanks,

Tim.

Bug#1053507: openstack-cluster-installer: 500 error on oci agent first report

[Jim Scadden]

Package: openstack-cluster-installer
Version: 42.3.0~bpo12+1

When PXE booting a new node, on its first report there is an error in
the apache logs:

[Tue Oct 03 08:48:00.052212 2023] [php:error] [pid 83221] [client 
10.10.48.12:54344] PHP Fatal error:  Uncaught mysqli_sql_exception: Unknown 
column 'hwid' in 'field list' in 
/usr/share/openstack-cluster-installer/report.php:292\nStack trace:\n#0 
/usr/share/openstack-cluster-installer/report.php(292): mysqli_query()\n#1 
{main}\n  thrown in /usr/share/openstack-cluster-installer/report.php on line 
292

This appears to be due to an incorrect table name in an SQL statement.
Patch attached.

--

Regards
Jim
diff --git a/src/report.php b/src/report.php
index 6240fc36..1ade880a 100644
--- a/src/report.php
+++ b/src/report.php
@@ -289,7 +289,7 @@ if($n == 0){
 if(!preg_match($reg_alpha, $blkdev_ctrl_product))  die("Block device controller product suspicious line ".__LINE__." file ".__FILE__);
 if(!preg_match($reg_alpha, $blkdev_ctrl_ctrl_type))die("Block device controller ctrl type suspicious line ".__LINE__." file ".__FILE__);
 if(!preg_match($reg_int,   $blkdev_ctrl_firmware_version)) die("Block device controller fw version suspicious line ".__LINE__." file ".__FILE__);
-$r = mysqli_query($con, "INSERT INTO physblockdevices (machine_id, hwid, vendor, product, ctrl_type, firmware_version) VALUES ('".$machine_id."', '".$blkdev_ctrl_hwid."', '".$blkdev_ctrl_vendor."', '".$blkdev_ctrl_product."', '".$blkdev_ctrl_ctrl_type."', '".$blkdev_ctrl_firmware_version."')");
+$r = mysqli_query($con, "INSERT INTO blkdev_ctrl (machine_id, hwid, vendor, product, ctrl_type, firmware_version) VALUES ('".$machine_id."', '".$blkdev_ctrl_hwid."', '".$blkdev_ctrl_vendor."', '".$blkdev_ctrl_product."', '".$blkdev_ctrl_ctrl_type."', '".$blkdev_ctrl_firmware_version."')");
 }
 }
 }

Bug#548024: more info, still an issue?

[Thomas Lange]

I want to know if this still is an issue (bug was opened 10+ years
ago), or did we missed to close the bug. I want to avoid that we still
need to ignore it for all the next releases.

-- 
regards Thomas