Bug#1068207:

[Jan Mojzis]

Hi,

'https://wiki.debian.org/qa.debian.org/FTBFS'
see:
2024-03-13 -Werror=implicit-function-declaration
... In dpkg version 1.22.6, the compiler flag 
-Werror=implicit-function-declaration was enabled by default for all 
architectures in build flags
...
...


You  need to patch libnginx-mod-http-modsecurity source code:

~~~
diff --git a/config b/config
index c6e7467..3bf06a8 100644
--- a/config
+++ b/config
@@ -10,7 +10,8 @@
 
 ngx_feature_name=
 ngx_feature_run=no
-ngx_feature_incs="#include "
+ngx_feature_incs="#include 
+#include "
 ngx_feature_libs="-lmodsecurity"
 ngx_feature_test='printf("hello");'
 ngx_modsecurity_opt_I=
~~~

Jan

Bug#1069146: RM: aufs-tools -- RoQA; FTBFS since 2019, overlayfs available, not in bullseye, bookworm, trixie

[Jan Naumann]

I support as maintainer the removal. I am sorry that I orphaned the package and 
did not take care to ask for removal myself.

Best, 
Jan

Am 17. April 2024 08:56:45 MESZ schrieb Helmut Grohne :
>Package: ftp.debian.org
>Severity: normal
>Tags: ftbfs
>X-Debbugs-Cc: aufs-to...@packages.debian.org, Jan Luca Naumann 
>
>Control: affects -1 + src:aufs-tools
>User: ftp.debian@packages.debian.org
>Usertags: remove
>
>Hi,
>
>I request removal of aufs-tools from unstable for the following reasons:
> * FTBFS since 2019
> * No maintainer upload since 2019
> * Not part of bullseye, bookworm, trixie
> * Similar functionality available via standard kernel module overlayfs
> * Requires changes to complete the /usr-move transition
>
>Helmut

Bug#1069153: RM: aufs -- RoQA; FTBFS since 2020, not part of bullseye, bookworm or trixie, dead upstream

[Jan Naumann]

I support as maintainer the removal. I am sorry that I orphaned the package and 
did not take care to ask for removal myself.

Best,
Jan Naumann

Am 17. April 2024 09:46:26 MESZ schrieb Helmut Grohne :
>Package: ftp.debian.org
>Severity: normal
>Tags: ftbfs
>X-Debbugs-Cc: a...@packages.debian.org, Jan Luca Naumann 
>
>Control: affects -1 + src:aufs
>User: ftp.debian@packages.debian.org
>Usertags: remove
>
>Hi,
>
>I request removal of aufs from Debian unstable for the following
>reasons:
> * FTBFS since 2020
> * Alternative overlayfs exists
> * No maintainer upload since 2019
> * Dead upstream: https://marc.info/?l=linux-kernel=123938442923108
> * aufs-tools also being removed: #1069146
>
>Helmut

Bug#1068849: cryptsetup: Fails to unlock the filesystem with missing libgcc_s.so.1

[Jan Katins]

 below is not anymore relevant as both initrds now booted
up, so whatever it is showing, it now works.

> Erm no, that likely won't work since pthread functions have moved from
> libpthread.so.1 to libc.so.6 with glibc 2.34.  Otherwise copy_exec()
> would have pulled in libgcc_s.  New attempt:

The following is with the 6.7.7 image, I just reran with the a freshly
created 6.7.9 image and it showed basically the same output

λ  unmkinitramfs ./initrd.img-6.7.7-amd64 /tmp/initramfs-destdir
λ  for p in $(find /tmp/initramfs-destdir/main -type f | sort); do \
  objdump -T "$p" 2>&1 | grep pthread_exit && echo "^^ $p"; \
done
  DF *UND*   (GLIBC_2.2.5) pthread_exit
^^ /tmp/initramfs-destdir/main/usr/lib/x86_64-linux-gnu/libcrypto.so.3
00089560  w   DF .text  0042  GLIBC_2.2.5 pthread_exit
^^ /tmp/initramfs-destdir/main/usr/lib/x86_64-linux-gnu/libc.so.6
  DF *UND*   (GLIBC_2.2.5) pthread_exit
^^ /tmp/initramfs-destdir/main/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.4

λ  dpkg -S ibcrypto.so.3
libssl3t64:amd64: /usr/lib/x86_64-linux-gnu/libcrypto.so.3

λ  dpkg -S libc.so.6
libc6-dev:amd64: /usr/share/gdb/auto-load/lib/x86_64-linux-gnu/libc.so.6-gdb.py
libc6:amd64: /lib/x86_64-linux-gnu/libc.so.6

λ  dpkg -S libglib-2.0.so.0
libglib2.0-0t64:amd64: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
libglib2.0-0t64:amd64: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.4

λ  dpkg -s libglib2.0-0t64 | grep Version
Version: 2.78.4-6

λ  dpkg -s libssl3t64 | grep Version
Version: 3.2.1-3

λ  dpkg -s libc6 | grep Version
Version: 2.37-16

And just because it was mentioned:

λ  dpkg -s  libcryptsetup12 | grep Version
Version: 2:2.7.2-1

--
Thanks!

Jan

Bug#1068849: cryptsetup: Fails to unlock the filesystem with missing libgcc_s.so.1

[Jan Katins]

On Fri, 12 Apr 2024 at 14:00, Chris Hofstaedtler  wrote:
> Can you tell us which part was wanting libgcc_s.so.1?
> cryptsetup in the initramfs doesn't seem to be the (original)
> problem of that.

How would I find out? (I've never debugged such a problem, and have
basically no clue what is happening behind the scenes during encrypted
hd unlock and how to figure out "what wants it" :-( )

I basically inputted a password (both on the "UI" and the console
after ctrl-alt-del) and on the console it showed me that error after
pressing enter. It then showed the passwort entry box/line again.
Given that it was the password validation, I figured I should file a
bug here.

Jan

Bug#1068849: cryptsetup: Fails to unlock the filesystem with missing libgcc_s.so.1

[Jan Katins]

Package: cryptsetup
Version: 2:2.7.2-1
Severity: normal

Dear Maintainer,

After a recent apt upgrade on a debian sid system (installed about 3
years ago with an installer, choosing to encrypt the filesystem, no
idea what actually ended up on my system as a crypt setup. Since then,
the laptop runs debian unstable), my system failed to unlock. After a
ctrl-alt-del, I got to the console and there it showed an error about
libgcc_s.so.1 not available and aborting.

Thankfully, I still had another, still working, initrd around (I guess
due to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065698 ? If
so: yay for bugs!).

I snooped around in the source code a bit and found that libgcc_s
seems to be dlopened and is special cased:
https://salsa.debian.org/kernel-team/initramfs-tools/-/blob/master/hook-functions?ref_type=heads#L248-249
(original bugreport:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950254). So my guess
is that nothing depends on libpthread anymore, and this is the
case: `lsinitramfs initrd.img-6.7.9-amd64 |grep thread` shows no
libpthread (actually nothing). I fixed it now by installing a
update-initramfs hook (thanks to
https://groups.google.com/g/linux.debian.bugs.dist/c/4fi2HaOEC_M):

```
λ  cat /etc/initramfs-tools/hooks/libgcc
#!/bin/sh -e
PREREQS=""
case $1 in
prereqs) echo "${PREREQS}"; exit 0;;
esac

. /usr/share/initramfs-tools/hook-functions
copy_file library /lib/x86_64-linux-gnu/libgcc_s.so.1
/lib/x86_64-linux-gnu/libgcc_s.so.1
```

Not sure if that's the right solution, but i got my system back to boot up:

```
λ  sudo update-initramfs -k 6.7.9-amd64 -u
λ  lsinitramfs initrd.img-6.7.9-amd64 |grep gcc
usr/lib/x86_64-linux-gnu/libgcc_s.so.1
```

It would also be nice if the "gui" view could show the error or at
least tell the user to pres ctrl-alt-del to get to a more informative
view, took me ages to figure out that one :-(

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.7.9-amd64 root=/dev/mapper/bloodaxe--vg-root ro
quiet splash

-- /etc/crypttab
nvme0n1p3_crypt UUID=8df352e7-81f1-457e-82bc-0d40aa06ea83 none luks,discard

-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
#
/dev/mapper/bloodaxe--vg-root /   ext4
errors=remount-ro 0   1
# /boot was on /dev/nvme0n1p2 during installation
UUID=1fa0b711-60ed-4c97-b63e-63b57ea38220 /boot   ext2
defaults0   2
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=5AC9-21F9  /boot/efi   vfatumask=0077  0   1
/dev/mapper/bloodaxe--vg-swap_1 noneswapsw
 0   0

-- lsmod
Module  Size  Used by
xt_conntrack   12288  1
nft_chain_nat  12288  3
xt_MASQUERADE  16384  1
nf_nat 65536  2 nft_chain_nat,xt_MASQUERADE
nf_conntrack_netlink61440  0
nf_conntrack  212992  4
xt_conntrack,nf_nat,nf_conntrack_netlink,xt_MASQUERADE
nf_defrag_ipv6 24576  1 nf_conntrack
nf_defrag_ipv4 12288  1 nf_conntrack
xfrm_user  61440  1
xfrm_algo  16384  1 xfrm_user
xt_addrtype12288  2
nft_compat 24576  4
br_netfilter   36864  0
bridge385024  1 br_netfilter
stp12288  1 bridge
llc16384  2 bridge,stp
ctr12288  2
ccm20480  6
tun69632  2
rfcomm102400  4
uinput 20480  2
cmac   12288  3
algif_hash 12288  1
algif_skcipher 12288  1
af_alg 36864  6 algif_hash,algif_skcipher
snd_seq_dummy  12288  0
snd_hrtimer12288  1
snd_seq   114688  7 snd_seq_dummy
snd_seq_device 16384  1 snd_seq
nf_tables 372736  57 nft_compat,nft_chain_nat
qrtr   57344  4
overlay   212992  0
bnep   36864  2
binfmt_misc28672  1
snd_ctl_led24576  0
snd_soc_skl_hda_dsp24576  4
snd_soc_hdac_hdmi  45056  1 snd_soc_skl_hda_dsp
snd_sof_probes 24576  0
snd_soc_intel_hda_dsp_common16384  1 snd_soc_skl_hda_dsp
snd_hda_codec_hdmi 90112  1
snd_hda_codec_realtek   200704  1
snd_hda_codec_generic   114688  1 snd_hda_codec_realtek
snd_soc_dmic   12288  1
snd_sof_pci_intel_cnl12288  0
snd_sof_intel_hda_common   221184  1 snd_sof_pci_intel_cnl
intel_pmc_core_pltdrv12288  0
intel_pmc_core 81920  0
soundwire_intel73728  1 snd_sof_intel_hda_common
soundwire_generic_allocation12288  1 soundwire_intel
snd_sof_intel_hda_mlink40960  2 

Bug#1068848: cryptsetup: Fails to unlock the filesystem with missing libgcc_s.so.1

[Jan Katins]

Subject: cryptsetup: Fails to unlock the filesystem with missing libgcc_s.so.1
Package: cryptsetup
Version: 2:2.7.2-1
Severity: normal

Dear Maintainer,

After a recent apt upgrade, my system failed to unlock. After a
ctrl-alt-del, I got to the console and there it showed an error about
libgcc_s.so.1 not available and aborting.

Thankfully, I still had a other initrd around (I guess due to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065698, yay for
bugs!).

I snooped around in the source code a bit and found that libgcc_s
seems to be dlopened and is special cased:
https://salsa.debian.org/kernel-team/initramfs-tools/-/blob/master/hook-functions?ref_type=heads#L248-249
(original bugreport:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950254). So my guess
is that nothing depends on libpthread either anymore, and this is the
case: `lsinitramfs initrd.img-6.7.9-amd64 |grep thread` shows no
libpthread (actually nothing). I fixed it now by installing a
update-initramfs hook (thanks to
https://groups.google.com/g/linux.debian.bugs.dist/c/4fi2HaOEC_M):

```
λ  cat /etc/initramfs-tools/hooks/libgcc
#!/bin/sh -e
PREREQS=""
case $1 in
prereqs) echo "${PREREQS}"; exit 0;;
esac

. /usr/share/initramfs-tools/hook-functions
copy_file library /lib/x86_64-linux-gnu/libgcc_s.so.1
/lib/x86_64-linux-gnu/libgcc_s.so.1
```

Not sure if that's the right solution, but i got my system back to boot up:

```
λ  sudo update-initramfs -k 6.7.9-amd64 -u
λ  lsinitramfs initrd.img-6.7.9-amd64 |grep gcc
usr/lib/x86_64-linux-gnu/libgcc_s.so.1
```

It would also be nice if the "gui" view could show the error or at
least tell the user to pres ctrl-alt-del to get to a more informative
view, took me ages to figure out that one :-(

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.7.9-amd64 root=/dev/mapper/bloodaxe--vg-root ro
quiet splash

-- /etc/crypttab
nvme0n1p3_crypt UUID=8df352e7-81f1-457e-82bc-0d40aa06ea83 none luks,discard

-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
#
/dev/mapper/bloodaxe--vg-root /   ext4
errors=remount-ro 0   1
# /boot was on /dev/nvme0n1p2 during installation
UUID=1fa0b711-60ed-4c97-b63e-63b57ea38220 /boot   ext2
defaults0   2
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=5AC9-21F9  /boot/efi   vfatumask=0077  0   1
/dev/mapper/bloodaxe--vg-swap_1 noneswapsw
 0   0

-- lsmod
Module  Size  Used by
xt_conntrack   12288  1
nft_chain_nat  12288  3
xt_MASQUERADE  16384  1
nf_nat 65536  2 nft_chain_nat,xt_MASQUERADE
nf_conntrack_netlink61440  0
nf_conntrack  212992  4
xt_conntrack,nf_nat,nf_conntrack_netlink,xt_MASQUERADE
nf_defrag_ipv6 24576  1 nf_conntrack
nf_defrag_ipv4 12288  1 nf_conntrack
xfrm_user  61440  1
xfrm_algo  16384  1 xfrm_user
xt_addrtype12288  2
nft_compat 24576  4
br_netfilter   36864  0
bridge385024  1 br_netfilter
stp12288  1 bridge
llc16384  2 bridge,stp
ctr12288  2
ccm20480  6
tun69632  2
rfcomm102400  4
uinput 20480  2
cmac   12288  3
algif_hash 12288  1
algif_skcipher 12288  1
af_alg 36864  6 algif_hash,algif_skcipher
snd_seq_dummy  12288  0
snd_hrtimer12288  1
snd_seq   114688  7 snd_seq_dummy
snd_seq_device 16384  1 snd_seq
nf_tables 372736  57 nft_compat,nft_chain_nat
qrtr   57344  4
overlay   212992  0
bnep   36864  2
binfmt_misc28672  1
snd_ctl_led24576  0
snd_soc_skl_hda_dsp24576  4
snd_soc_hdac_hdmi  45056  1 snd_soc_skl_hda_dsp
snd_sof_probes 24576  0
snd_soc_intel_hda_dsp_common16384  1 snd_soc_skl_hda_dsp
snd_hda_codec_hdmi 90112  1
snd_hda_codec_realtek   200704  1
snd_hda_codec_generic   114688  1 snd_hda_codec_realtek
snd_soc_dmic   12288  1
snd_sof_pci_intel_cnl12288  0
snd_sof_intel_hda_common   221184  1 snd_sof_pci_intel_cnl
intel_pmc_core_pltdrv12288  0
intel_pmc_core 81920  0
soundwire_intel73728  1 snd_sof_intel_hda_common
soundwire_generic_allocation12288  1 soundwire_intel
snd_sof_intel_hda_mlink40960  2 soundwire_intel,snd_sof_intel_hda_common
x86_pkg_temp_thermal16384  0
soundwire_cadence  45056  1 soundwire_intel
intel_powerclamp   16384  0

Bug#1068046: /etc/firehol/ifupdown-firehol.sh: 71: [: -o: unexpected operator

[Jan Petykiewicz]

Package: firehol
Version: 3.1.7+ds-3
Severity: normal
X-Debbugs-Cc: jspam+...@mpxd.net

Dear Maintainer,

When running ifup / ifdown, I run into error messages along the lines of

/etc/network/if-up.d/firehol: 71: [: -o: unexpected operator
/etc/network/if-pre-up.d/zz-firehol: 71: [: -o: unexpected operator
/etc/network/if-up.d/firehol: 71: [: -o: unexpected operator

I've worked around them locally by modifying /etc/firehol/ifupdown-firehol.sh to
run using /bin/bash rather than /bin/sh, but there may be a better solution.

Thanks,
Jan


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firehol depends on:
ii  firehol-common   3.1.7+ds-3
ii  init-system-helpers  1.66

Versions of packages firehol recommends:
ii  fireqos  3.1.7+ds-3

Versions of packages firehol suggests:
pn  firehol-doc
pn  firehol-tools  
pn  ulogd2 

-- Configuration Files:
/etc/default/firehol changed [not included]
/etc/firehol/firehol.conf changed [not included]
/etc/firehol/ifupdown-firehol.sh changed [not included]

-- no debconf information

Bug#1063576: O: virtualenv-clone -- script for cloning a non-relocatable virtualenv (Python3)

[Jan Dittberner]

Package: wnpp
Severity: normal
X-Debbugs-Cc: virtualenv-cl...@packages.debian.org
Control: affects -1 + src:virtualenv-clone

I intend to orphan the virtualenv-clone package.

I packaged virtualenv-clone because it was a dependency of
virtualenvwrapper which I no longer use.

The package description is:
 Virtualenv provides a way to make virtualenv's relocatable which could then be
 copied as wanted. However making a virtualenv relocatable this way breaks
 the no-site-packages isolation of the virtualenv as well as other aspects that
 come with relative paths and '/usr/bin/env' shebangs that may be undesirable.
 .
 Also, the .pth and .egg-link rewriting doesn't seem to work as intended. This
 attempts to overcome these issues and provide a way to easily clone an
 existing virtualenv.
 .
 This is the Python3 package.

Bug#1063575: O: virtualenvwrapper -- extension to virtualenv for managing multiple environments

[Jan Dittberner]

Package: wnpp
Severity: normal
X-Debbugs-Cc: virtualenvwrap...@packages.debian.org
Control: affects -1 + src:virtualenvwrapper

I intend to orphan the virtualenvwrapper package.

I no longer use virtualenvwrapper, pipenv and poetry are better
alternatives for all of my use cases.

The package description is:
 virtualenvwrapper is a set of extensions to Ian Bicking's virtualenv
 tool. The extensions include wrappers for creating and deleting
 virtual environments and otherwise managing your development
 workflow, making it easier to work on more than one project at a time
 without introducing conflicts in their dependencies.

Bug#1063574: O: sysconftool -- development tool to install and update configuration files

[Jan Dittberner]

Package: wnpp
Severity: normal
X-Debbugs-Cc: sysconft...@packages.debian.org
Control: affects -1 + src:sysconftool

I intend to orphan the sysconftool package.

I have no use for the package and it had no uploads for ages.

The package description is:
 sysconftool is a development utility that helps to install
 application configuration files. sysconftool allows an existing
 application to be upgraded without losing the older version's
 configuration settings, but that's the advantage over plain dpkg
 upgrading, will add new configuration settings (and remove unneeded).

Bug#1062339: Cross-building broken for riscv64 due to libgssapi-krb5-2 version mismatch

[Jan Kiszka]

Package: release.debian.org

Please align the uploaded versions of libgssapi-krb5-2 so that
cross-building is working again for riscv64.

TIA,
Jan

Bug#1062063: bookworm-pu: package monitoring-plugins/2.3.3-5+deb12u2

[Jan Wagner]

Hi Adam,

> 
> Am 31.01.2024 um 18:59 schrieb Adam D. Barratt :
> 
>> On Wed, 2024-01-31 at 09:50 +0100, Jan Wagner wrote:
>> As reported in #1061956, check_http fails when called with --no-body
>> and
>> Transfer-Encoding: chunked is used
> 
> Please go ahead.

I uploaded the package to proposed-updates.

Many thanks.

Bug#1061956: [Pkg-nagios-devel] Bug#1061956: monitoring-plugins-basic: check_http --no-body fails when Transfer-Encoding: chunked

[Jan Wagner]

Hi Cyprien,

Am 30.01.24 um 14:27 schrieb Cyprien Nicolas:

This issue is related to `check_http` failing to handle the --no-body
or -N argument when a server sends the Transfer-Encoding: chunked
header.

We use this argument for checking only the HTTP status code, as we
don't need the full body of the response.

The issue is already fixed upstream since 2.3.4 [1] and I can't
reproduce the issue with 2.3.5-1 from testing.


thanks for reporting.


Would it be possible to get a fix in current stable? In next
point-release maybe?


I opened #1062063 for this.


1. https://github.com/monitoring-plugins/monitoring-plugins/pull/1901


Maybe as in 
https://github.com/monitoring-plugins/monitoring-plugins/pull/1901#issuecomment-1771021923 
suggested you might want to migrate over to check_curl?


With kind regards, Jan.
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS 
PE Y++

PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y
--END GEEK CODE BLOCK--

Bug#1062063: bookworm-pu: package monitoring-plugins/2.3.3-5+deb12u2

[Jan Wagner]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: monitoring-plug...@packages.debian.org
Control: affects -1 + src:monitoring-plugins

[ Reason ]
As reported in #1061956, check_http fails when called with --no-body and 
Transfer-Encoding: chunked is used


[ Impact ]
check_http is unusable when called with --no-body and Transfer-Encoding: 
chunked is used


[ Tests ]
Upstream test suite, It was verified to work in the upstream issue 
tracker 
(https://github.com/monitoring-plugins/monitoring-plugins/pull/1901) and 
2.3.5-1 has also this fix, which is since some time in testing.


[ Risks ]
Low, trivial change.

[ Checklist ]
   [x] *all* changes are documented in the d/changelog
   [x] I reviewed all changes and I approve them
   [x] attach debdiff against the package in (old)stable
   [x] the issue is verified as fixed in unstable

[ Changes ]
The patch is required to fix the check_http regression.

[ Other info ]
This is a request for pre approval, if you are okay with the changes, 
I'll upload it.


Kind Regards,

Jan
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS 
PE Y++

PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y
--END GEEK CODE BLOCK--diff --git a/debian/changelog b/debian/changelog
index d0b7b5b..1e067a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+monitoring-plugins (2.3.3-5+deb12u2) bookworm; urgency=medium
+
+  * [c45bc15] Adding d/p/23_check_http_fix_unchunking_body from upstream
+(Closes: #1061956)
+
+ -- Jan Wagner   Wed, 31 Jan 2024 09:40:18 +0100
+
 monitoring-plugins (2.3.3-5+deb12u1) bookworm; urgency=medium
 
   * [85eed74] Adding d/p/22_check_disk_avoid_mount from upstream
diff --git a/debian/patches/23_check_http_fix_unchunking_body 
b/debian/patches/23_check_http_fix_unchunking_body
new file mode 100644
index 000..b14
--- /dev/null
+++ b/debian/patches/23_check_http_fix_unchunking_body
@@ -0,0 +1,22 @@
+From a6802bd5f50a5c12ed5bafa4fe9ee14fede7c1e1 Mon Sep 17 00:00:00 2001
+From: Thoralf Rickert-Wendt <30341294+tricker...@users.noreply.github.com>
+Date: Tue, 8 Aug 2023 10:22:53 +0200
+Subject: [PATCH] Fix issue #1872
+
+---
+ plugins/check_http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 1288c415d..718c8ee71 100644
+--- a/plugins/check_http.c
 b/plugins/check_http.c
+@@ -1279,7 +1279,7 @@ check_http (void)
+ 
+   regmatch_t chre_pmatch[1]; // We actually do not care about this, since we 
only want to know IF it was found
+ 
+-  if (regexec(_header_regex, header, 1, chre_pmatch, 0) == 0) {
++  if (!no_body && regexec(_header_regex, header, 1, chre_pmatch, 0) 
== 0) {
+ if (verbose) {
+   printf("Found chunked content\n");
+ }
diff --git a/debian/patches/series b/debian/patches/series
index b024b25..d8711a4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@
 15_check_swap_remove_includes
 16_check_snmp_disable_multiplier_when_unused
 22_check_disk_avoid_mount
+23_check_http_fix_unchunking_body

Bug#1061140: Cross-building against sqlite3 broken for riscv64

[Jan Kiszka]

Package: release.debian.org

Please align the uploaded versions of sqlite3 packages so that
cross-building against some lib of this source is working for riscv64.

TIA,
Jan

Bug#1060262: linux-image-6.6.9-amd64: Please enable CONFIG_INTEL_VSC and CONFIG_IPU_BRIDGE

[Jan Binder]

Package: src:linux
Version: 6.6.9-1
Severity: wishlist

Dear Maintainer,

please enable CONFIG_INTEL_VSC and CONFIG_IPU_BRIDGE,
doing so makes using the integrated camera on some Alder lake laptops easier.


-- Package-specific info:
** Version:
Linux version 6.6.9-amd64 (debian-ker...@lists.debian.org) (gcc-13 (Debian 
13.2.0-9) 13.2.0, GNU ld (GNU Binutils for Debian) 2.41.50.20231227) #1 SMP 
PREEMPT_DYNAMIC Debian 6.6.9-1 (2024-01-01)

** Command line:
BOOT_IMAGE=/vmlinuz-6.6.9-amd64 root=/dev/mapper/vg--flunder-root ro 
mitigations=off

** Tainted: OE (12288)
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

** Model information
sys_vendor: LENOVO
product_name: 21CDCTO1WW
product_version: ThinkPad X1 Yoga Gen 7
chassis_vendor: LENOVO
chassis_version: None
bios_vendor: LENOVO
bios_version: N3AET77W (1.42 )
board_vendor: LENOVO
board_name: 21CDCTO1WW
board_version: NO DPK

** Loaded modules:
ccm
nft_masq
rfcomm
snd_seq_dummy
snd_hrtimer
snd_seq
cmac
algif_hash
algif_skcipher
af_alg
xt_CHECKSUM
xt_MASQUERADE
xt_conntrack
ipt_REJECT
nf_reject_ipv4
xt_tcpudp
nft_compat
nft_chain_nat
nf_nat
nf_conntrack
nf_defrag_ipv6
nf_defrag_ipv4
nf_tables
bridge
stp
llc
r8153_ecm
cdc_ether
usbnet
r8152
mii
binder_linux
qrtr
bnep
uinput
snd_ctl_led
btusb
btrtl
snd_soc_skl_hda_dsp
snd_usb_audio
btintel
btbcm
snd_soc_intel_hda_dsp_common
btmtk
snd_sof_probes
snd_soc_hdac_hdmi
snd_usbmidi_lib
bluetooth
snd_rawmidi
snd_seq_device
gpio_ljca(OE)
spi_ljca(OE)
i2c_ljca(OE)
ecdh_generic
ljca(OE)
snd_hda_codec_hdmi
snd_hda_codec_realtek
snd_hda_codec_generic
binfmt_misc
snd_soc_dmic
snd_sof_pci_intel_tgl
snd_sof_intel_hda_common
soundwire_intel
soundwire_generic_allocation
snd_sof_intel_hda_mlink
soundwire_cadence
iwlmvm
snd_sof_intel_hda
snd_sof_pci
snd_sof_xtensa_dsp
snd_sof
nls_ascii
intel_uncore_frequency
snd_sof_utils
intel_uncore_frequency_common
nls_cp437
snd_soc_hdac_hda
vfat
mac80211
snd_hda_ext_core
x86_pkg_temp_thermal
fat
snd_soc_acpi_intel_match
intel_powerclamp
snd_soc_acpi
snd_soc_core
coretemp
kvm_intel
snd_compress
snd_pcm_dmaengine
libarc4
soundwire_bus
kvm
snd_hda_intel
snd_intel_dspcfg
snd_intel_sdw_acpi
irqbypass
iwlwifi
snd_hda_codec
intel_ipu6_isys(OE)
rapl
snd_hda_core
videobuf2_dma_contig
thinkpad_acpi
pmt_telemetry
mei_hdcp
videobuf2_memops
mei_pxp
intel_rapl_msr
pmt_class
intel_cstate
nxp_nci_i2c
videobuf2_v4l2
hid_sensor_gyro_3d
hid_sensor_accel_3d
snd_hwdep
think_lmi
nxp_nci
nvram
intel_uncore
processor_thermal_device_pci
snd_pcm
hid_sensor_trigger
ledtrig_audio
cfg80211
firmware_attributes_class
videobuf2_common
nci
iTCO_wdt
snd_timer
processor_thermal_device
platform_profile
hid_sensor_iio_common
processor_thermal_rfim
intel_pmc_bxt
industrialio_triggered_buffer
snd
iTCO_vendor_support
ucsi_acpi
wmi_bmof
kfifo_buf
processor_thermal_mbox
intel_ipu6_psys(OE)
nfc
typec_ucsi
watchdog
industrialio
soundcore
processor_thermal_rapl
mei_me
roles
intel_rapl_common
intel_vsec
igen6_edac
intel_ipu6(OE)
typec
mei_vsc(OE)
int3403_thermal
mei
soc_button_array
int340x_thermal_zone
ac
rfkill
ov2740(OE)
intel_skl_int3472_tps68470
v4l2_fwnode
int3400_thermal
intel_hid
v4l2_async
intel_pmc_core
acpi_thermal_rel
intel_skl_int3472_discrete
sparse_keymap
acpi_tad
joydev
acpi_pad
hid_multitouch
serio_raw
evdev
v4l2loopback(OE)
videodev
mc
msr
parport_pc
ppdev
lp
parport
loop
efi_pstore
configfs
nfnetlink
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
dm_crypt
dm_mod
efivarfs
raid10
raid456
async_raid6_recov
async_memcpy
async_pq
async_xor
async_tx
xor
raid6_pq
libcrc32c
crc32c_generic
raid1
raid0
multipath
linear
md_mod
hid_logitech_hidpp
hid_logitech_dj
hid_sensor_custom
hid_sensor_hub
intel_ishtp_hid
i915
crc32_pclmul
crc32c_intel
drm_buddy
ghash_clmulni_intel
wacom
i2c_algo_bit
nvme
sha512_ssse3
drm_display_helper
usbhid
nvme_core
sha256_ssse3
cec
sha1_ssse3
xhci_pci
t10_pi
rc_core
hid_generic
xhci_hcd
crc64_rocksoft_generic
crc64_rocksoft
ttm
crc_t10dif
i2c_hid_acpi
i2c_hid
crct10dif_generic
drm_kms_helper
usbcore
aesni_intel
video
intel_lpss_pci
intel_ish_ipc
crct10dif_pclmul
i2c_i801
hid
intel_lpss
crypto_simd
crc64
cryptd
psmouse
drm
thunderbolt
usb_common
i2c_smbus
crct10dif_common
intel_ishtp
button
idma64
fan
battery
wmi

** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation Device [8086:4621] (rev 02)
Subsystem: Lenovo Device [17aa:22e6]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: igen6_edac
Kernel modules: igen6_edac

00:02.0 VGA compatible controller [0300]: Intel Corporation Alder Lake-P GT2 
[Iris Xe Graphics] [8086:46a6] (rev 0c) (prog-if 00 [VGA controller])
Subsystem: Lenovo Alder Lake-P Integrated Graphics Controller 
[17aa:22e6]
Control: I/O+ Mem+ BusMaster+ SpecCycle- 

Bug#1060079: RM: python-smstrade -- ROM; smstrade service has been aquired by cm.com which uses a different API

[Jan Dittberner]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: python-smstr...@packages.debian.org
Control: affects -1 + src:python-smstrade

Dear ftp-masters,

please remove python-smstrade from unstable, the service that this
package is for has been aquired by cm.com a while ago. cm.com provides a
different SMS gateway API that cannot be used with the packaged client
code.


Best regards
Jan Dittberner

Bug#1059698: Please do a maintainer upload to enable riscv64 cross-building

[Jan Kiszka]

Package: libkeyutils1
Version: 1.6.3-2+b1

Currently, libkeyutils1 is the last blocker to automatically set up an
essential cross-build environments for riscv64:

$ docker run --rm -it debian:sid
root@d897052b9483:/# dpkg --add-architecture riscv64
root@d897052b9483:/# apt update
...
root@032073e91e5f:/# apt install build-essential libc6-dev:riscv64
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libkrb5-3:riscv64 : Depends: libkeyutils1:riscv64 (>= 1.5.9) but it is not 
installable
E: Unable to correct problems, you have held broken packages.
root@032073e91e5f:/# apt-get install build-essential libc6-dev:riscv64
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libkrb5-3:riscv64 : Depends: libkeyutils1:riscv64 (>= 1.5.9) but it is not 
installable
E: Unable to correct problems, you have held broken packages.


It looks like this is caused by libkeyutils1:amd64 and
libkeyutils1:riscv64 having different versions and, thus, refuse to be
installed at the same time. I've resolved it locally by rebuilding
keyutils for riscv64 using the same version as for the other archs.

Would be great to resolve that by performing a maintainer upload for
this package to sid for all architectures (not sure if
libkeyutils1:riscv64 could be "downgraded" from 1.6.3-2+b1 to 1.6.3-2, I
suspect not).

Bug#1059490: Freeradius init script - mariadb dependency

[Jan Korbel]

Package: freeradius
Version: 3.2.1+dfsg-4+deb12u1

Debian stable (12.4).

Hello.

There is a missing dependency in freeradius init script. We have radius 
accounts in mariadb database. Please can you apply this trivial fix? Thanks.


diff /etc/init.d/freeradius.original /etc/init.d/freeradius
7c7
< # Should-Start:  $time mysql slapd postgresql samba krb5-kdc
---
> # Should-Start:  $time mysql slapd postgresql samba krb5-kdc mariadb

Best regards,

J.K.

Bug#1059278: systemd: CVE-2023-7008

[Jan Erik Petersen]

Hi,

I'm the reporter of the bug at 
https://github.com/systemd/systemd/issues/25676. I'm sorry that I have 
to add to the bug at this time.


The commit[0] that was determined to have introduced this vulnerability 
is incorrect. Looking at the relevant diff[1] the commit merely 
introduced the use of the `FLAGS_SET` macro, but did not change the flag 
being read from the incorrect variable `t`. In the fix[2] this was 
changed to `dt`.


Note that the vulnerability has been previously reported[3] in March 
2020 on systemd v243+v244. Hence systemd v248 is definitely not the 
first version introducing the vulnerable code.


In fact, I have reproduced the issue right now on both Debian buster 
(10.13) with systemd 241-7~deb10u10 and Debian bullseye (11.8) with 
systemd 247.3-7+deb11u4.


I assume the vulnerability was introduced with the initial version[4] of 
the `dns_transaction_requires_rrsig` function, which already read the 
flag from `t`. This would have been in systemd v229, but I did not test 
any version older than v241.


I would add this information to the GitHub issue, but it has been 
locked. Perhaps a systemd contributor could relay this update, so that 
the misleading information does not spread.


Regards,
Jan Erik Petersen

[0] 
https://github.com/systemd/systemd/commit/6f055e43b817b66e6d4f6e4022f0a115dc35651b
[1] 
https://github.com/systemd/systemd/commit/6f055e43b817b66e6d4f6e4022f0a115dc35651b#diff-d63d6fd38d6a715e4ca052fc0fb65eda859f3822dbddffa4a87a3ee872e25eafL2621
[2] 
https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1

[3] https://github.com/systemd/systemd/issues/15158
[4] 
https://github.com/systemd/systemd/commit/105e151299dc1208855380be2b22d0db2d66ebc6


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1055742: libnginx-mod-http-cache-purge: Segmentation fault caused by PURGE requests

[Jan Mojzis]

Hi,

how can I reproduce the segmentation fault?

I prepared a simple autopkg test
here: 
"https://salsa.debian.org/nginx-team/libnginx-mod-http-cache-purge/-/blob/main/debian/tests/purgetest?ref_type=heads;
but I didn't catch the segfault, the autopkgtest works with the 1.22.1 / 1.24.0 
nginx version.
The problem will probably be some special case related to the 
proxy_cookie_flags option.

Before applying the patch, I would like to have an autopkgtest to verify that 
the patch  works.

Jan

Bug#1058424: [PATCH] First step towards reproducibility

[Jan-Benedict Glaw]

Hi!

It seems this is a good part of what needs to be done:


diff --git a/Pristine/Tar/Delta/Tarball.pm b/Pristine/Tar/Delta/Tarball.pm
index 121b85e..e8b5ce0 100644
--- a/Pristine/Tar/Delta/Tarball.pm
+++ b/Pristine/Tar/Delta/Tarball.pm
@@ -26,7 +26,13 @@ sub write {
 }
   }
 
-  doit("tar", "czf", $deltafile, "-C", $tempdir, keys %$delta);
+  doit("tar", "--sort=name",
+  "--mtime=\@0",
+  "--owner=0",
+  "--group=0",
+  "--numeric-owner",
+  
"--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime",
+  "-czf", $deltafile, "-C", $tempdir, sort keys %$delta);
 
   return $delta;
 }


With this patch applied, invoking `GZIP=-n pristine-tar gendelta foo.tar.gz`
does almost do the right thing, except the "wrapper" file contained
within the delta file (tarball.) That "wrapper" is compressed with
pristine-tar's internal "zgz" tool and unfortunately still embeds a
timestamp into the "wrapper" file (with actually is a .gz, but just
generated with this `zgz` tool.)

MfG, JBG

-- 


signature.asc
Description: PGP signature

Bug#1058424: pristine-tar gendelta: Make output file reproducible

[Jan-Benedict Glaw]

Package: pristine-tar
Version: 1.50
Severity: wishlist

Running `pristine-tar gendelta` two times on the very same input
tarball generates two different delta files. They contain files in
filesystem order and with "current" timestamps.

  I suggest to use something along this:

   tar --sort=name  
   \
   --mtime="@${SOURCE_DATE_EPOCH:-$(date +%s)}" 
   \
   --owner=0
   \
   --group=0
   \
   --numeric-owner  
   \
   
--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
   -czf "${artifacts_dir}/${tarball_filename}" "${basename_dir}"


For $SOURCE_DATE_EPOCH, I suggest to use the tarball's mtime.  I'm
unfortunately not a Perl guy, but looking at the sources, it seems
it's just the sub write() in Pristine/Tar/Delta/Tarball.pm that needs
to be extended, and mtime being handed down all the way.

Thanks,
  Jan-Benedict

-- 


signature.asc
Description: PGP signature

Bug#1057260: iwlwifi: `N' invalid for parameter `enable_ini'

[Jan Stolarek]

Hi all,

Just to add to the discussion, I ran into the same problem after upgrading 
stable Debian from 12.2 
to 12.4, i.e. from kernel 6.1.0-13 to 6.1.0-15. Similary to others, I have in 
the past created a 
file /etc/modprobe.d/iwlwifi.conf with a single line:

  options iwlwifi enable_ini=N

Luckily, I have notes that record a rationale for this. Without this file, on 
every boot there 
were these spurious error messages:

  firmware: failed to load iwl-debug-yoyo.bin (-2)
  Direct firmware load for iwl-debug-yoyo.bin failed with error -2

Creating iwlwifi.conf with said contents silenced those messages. After the 
upgrade to 6.1.0-15:

  * the line "options iwlwifi enable_ini=N" prevents wifi from working
  * removing the file entirely enables wifi but also brings back above error 
messages about 
firmware
  * replacing "enable_ini=N" with "enable_ini=0" silences the messages and 
allows wifi to work

Hope this helps,
Janek

Bug#1055067: isc-dhcp-client: network-manager 1.44.2-3 changed path to nm-dhcp-helper, apparmor need update

[Jan Larres]

Package: isc-dhcp-client
Version: 4.4.3-P1-4
Followup-For: Bug #1055067

I can confirm this, after a recent upgrade I lost network connectivity
and it took some digging to determine the cause. Using dhclient with
NetworkManager is probably not uncommon (especially since it's
NetworkManager's default behaviour if dhclient is installed), so this
should probably be fixed soon so that other people don't suddenly lose
their network as well.

Cheers,

Jan



-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (102,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8),
LANGUAGE=en_NZ:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages isc-dhcp-client depends on:
ii debianutils 5.14
ii iproute2 6.6.0-1
ii libc6 2.37-12

Versions of packages isc-dhcp-client recommends:
ii isc-dhcp-common 4.4.3-P1-4

Versions of packages isc-dhcp-client suggests:
ii avahi-autoipd 0.8-13
pn isc-dhcp-client-ddns
ii systemd-resolved [resolvconf] 255~rc2-2

-- Configuration Files:
/etc/apparmor.d/sbin.dhclient changed [not included]

-- no debconf information

Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1

[Jan Wagner]

Hi,

Am 05.11.23 um 15:41 schrieb Jan Wagner:

Am 23.10.23 um 19:43 schrieb Holger Levsen:

On Mon, Oct 23, 2023 at 01:19:25PM +0200, Jan Wagner wrote:

[ Reason ]
As reported in #1033791, check_running_kernel fails to find version on
bookworm/(arm64|armhf).

[ Impact ]
check_running_kernel doesn't work on arm64 and armhf as expected, 
this is a

regression.

[ Tests ]
The patch was verified to work in #1033791
I've rebuild the package on arm64 and can confirm 
/usr/lib/nagios/plugins/check_running_kernel
now works on those arm64 systems where the version currently in 
bookworm does

not work.


is there anything I can do to get the package into bookworm?


I would enjoy to hear from the RM about this.

Thanks, Jan

Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1

[Jan Wagner]

Hi there,

Am 23.10.23 um 19:43 schrieb Holger Levsen:

On Mon, Oct 23, 2023 at 01:19:25PM +0200, Jan Wagner wrote:

[ Reason ]
As reported in #1033791, check_running_kernel fails to find version on
bookworm/(arm64|armhf).

[ Impact ]
check_running_kernel doesn't work on arm64 and armhf as expected, this is a
regression.

[ Tests ]
The patch was verified to work in #1033791

I've rebuild the package on arm64 and can confirm 
/usr/lib/nagios/plugins/check_running_kernel
now works on those arm64 systems where the version currently in bookworm does
not work.


is there anything I can do to get the package into bookworm?

Cheers, Jan

Bug#1054391: systemd-journal-remote aborts when getting remote messages complaining about field size

[Jan de Haan]

L.S.,

this turned out to be something really specific.

https://github.com/systemd/systemd/issues/29676

Root cause found, at least: as far as I can dig.

The system running the sink is connected to two networks and is accepting
journals from 1 system on one and 6 on the other network. All systems have
the above mentioned versions (Debian 12.2, kernel 6.1.0-13-amd64, systemd
252.17-1~deb12u1), all are using the systemd-journal-upload.

The six on the first network were working fine, dumping to their hearts
content.

The single system on the second was having the above mentioned problems.

Working with precision, the systemd-journal-remote.socket's ListenStreams
were configured to be listening on the ip addresses reserved for that
specific purpose. This was done with the edit/override possibility on the
socket:

$ sudo systemctl edit systemd-journal-remote.socket :
...
[Socket]
ListenStream=
ListenStream=10.0.0.202:19532
ListenStream=10.1.1.202:19532
...

Guess what: the 6 working clients were on the first ip, the 1 that didn't
on the second.

   - Changing the order resulted in 1 working and 6 failing clients.
   - Adding an additional ListenStream with 127.0.0.1 didn't change
   anything.
   - Removing all ListenStream settings resulting in listening on
   0.0.0.0:19532 made all 7 systems working.


JdH.

-- 
"Piracy is simply demand where supply does not exist."

Bug#1054401: bookworm-pu: package nagios-plugins-contrib/42.20230308+deb12u1

[Jan Wagner]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: monitoring-plug...@packages.debian.org
Control: affects -1 + src:nagios-plugins-contrib

[ Reason ]
As reported in #1033791, check_running_kernel fails to find version on 
bookworm/(arm64|armhf).


[ Impact ]
check_running_kernel doesn't work on arm64 and armhf as expected, this 
is a regression.


[ Tests ]
The patch was verified to work in #1033791

[ Risks ]
Low, trivial change.

[ Checklist ]
   [x] *all* changes are documented in the d/changelog
   [x] I reviewed all changes and I approve them
   [x] attach debdiff against the package in (old)stable
   [x] the issue is verified as fixed in unstable

[ Changes ]
The patch is required to fix check_running_kernel on arm64 and armhf.

[ Other info ]
This is a request for pre approval, if you are okay with the changes, 
I'll upload it.


Kind Regards,

Jan
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS 
PE Y++

PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y
--END GEEK CODE BLOCK--diff --git a/debian/changelog b/debian/changelog
index 1ce2330..2360b0b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+nagios-plugins-contrib (42.20230308+deb12u1) bookworm; urgency=medium
+
+  [ Manfred Stock ]
+  * [f5a0186] Extend fix for on-disk version detection on Bookworm
+(Closes: #1033791)
+
+ -- Jan Wagner   Mon, 23 Oct 2023 13:03:28 +0200
+
 nagios-plugins-contrib (42.20230308) unstable; urgency=high
 
   * [4ab7834] Adding d/p/dsa/check_running_kernel_bookworm_fix
diff --git a/debian/patches/dsa/check_running_kernel_bookworm_fix 
b/debian/patches/dsa/check_running_kernel_bookworm_fix
index fe5e75d..d98b929 100644
--- a/debian/patches/dsa/check_running_kernel_bookworm_fix
+++ b/debian/patches/dsa/check_running_kernel_bookworm_fix
@@ -9,3 +9,12 @@
if [ -x /usr/bin/lsb_release ] ; then
vendor=$(lsb_release -i -s)
if [ -n "$vendor" ] && [ "xDebian" != 
"x$vendor" ] ; then
+@@ -211,7 +211,7 @@
+   fi
+   fi
+   [ -z "$on_disk_version" ] || continue
+-  on_disk_version="`cat "$on_disk" | $STRINGS | grep 
'Linux version' | head -n1`"
++  on_disk_version="`cat "$on_disk" | $STRINGS | grep 
'Linux version' | tail -n1`"
+   [ -z "$on_disk_version" ] || continue
+ 
+   echo "UNKNOWN: Failed to get a version string from 
image $on_disk"

Bug#1053568: ITP: python-lib25519 -- Python wrapper around lib25519 library

[Jan Mojzis]

Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Jan Mojzis 
Severity: wishlist

* Package name: python-lib25519
  Version : 20231006
  Upstream Contact: Jan Mojzis 
* URL : https://github.com/janmojzis/python-lib25519
* License : CC0
  Programming Lang: Python
  Description : Python wrapper around lib25519 library


lib25519 is a microlibrary for the X25519 encryption system and the Ed25519
signature system, both of which use the Curve25519 elliptic curve.

lib25519 has a very simple stateless API based on the SUPERCOP API, with
wire-format inputs and outputs, providing functions that directly match the
central cryptographic operations in X25519 and Ed25519:

lib25519.x25519.keypair(pk, sk): X25519 key generation
lib25519.x25519.dh(k, pk, sk): shared-secret generation
lib25519.ed25519.keypair(pk, sk): Ed25519 key generation
lib25519.ed25519.sign(sm, , m, mlen, sk): signing
lib25519.ed25519.open(m, , sm, smlen, pk): verification + message recovery

This package is related to: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051553


I'm going to maintain the package using https://salsa.debian.org/
It is being prepared here: https://salsa.debian.org/janmojzis/python-lib25519
I need sponsor for the first upload (I'm DM).

Jan

Bug#1053569: ITP: python-mceliece -- Python wrapper around libmceliece library

[Jan Mojzis]

Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Jan Mojzis 
Severity: wishlist

* Package name: python-mceliece
  Version : 20231006
  Upstream Contact: Jan Mojzis 
* URL : https://github.com/janmojzis/python-mceliece
* License : CC0
  Programming Lang: Python
  Description : Python wrapper around libmceliece library


libmceliece is a Classic McEliece microlibrary.
libmceliece has a very simple stateless API based on the SUPERCOP API,
with wire-format inputs and outputs, providing functions that directly match
the KEM operations provided by Classic McEliece, such as functions

mceliece6960119.keypair()
mceliece6960119.enc()
mceliece6960119.dec()
for the mceliece6960119 KEM

This package is related to: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050531

I'm going to maintain the package using https://salsa.debian.org/
It is being prepared here: https://salsa.debian.org/janmojzis/python-mceliece
I need sponsor for the first upload (I'm DM).

Jan

Bug#1053557: squid: Squid autopkgtest failures prevents squid from entering testing

[Jan Wagner]

fcf-protection -march=native -c -o stub_fatal.o 
stub_fatal.cc
156s g++ -std=c++17 -DHAVE_CONFIG_H 
-DDEFAULT_CONFIG_FILE=\"/etc/squid.conf\" 
-DDEFAULT_SQUID_DATA_DIR=\"/usr/share\" 
-DDEFAULT_SQUID_CONFIG_DIR=\"/etc\"   -I.. -I../include -I../lib 
-I../src -I../include  -isystem /usr/include/mit-krb5   -I. 
-I/usr/include/libxml2  -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra 
-Wimplicit-fallthrough=5 -Wpointer-arith -Wwrite-strings -Wcomments 
-Wshadow -Wmissing-declarations -Woverloaded-virtual -Werror -pipe 
-D_REENTRANT -I/usr/include/p11-kit-1-g -O2 
-ffile-prefix-map=/tmp/autopkgtest-lxc.mpw063si/downtmp/build.lxu/src=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -march=native -c -o 
ESIExpressions.o ESIExpressions.cc
156s g++ -std=c++17 -DHAVE_CONFIG_H 
-DDEFAULT_CONFIG_FILE=\"/etc/squid.conf\" 
-DDEFAULT_SQUID_DATA_DIR=\"/usr/share\" 
-DDEFAULT_SQUID_CONFIG_DIR=\"/etc\"   -I.. -I../include -I../lib 
-I../src -I../include  -isystem /usr/include/mit-krb5   -I. 
-I/usr/include/libxml2  -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra 
-Wimplicit-fallthrough=5 -Wpointer-arith -Wwrite-strings -Wcomments 
-Wshadow -Wmissing-declarations -Woverloaded-virtual -Werror -pipe 
-D_REENTRANT -I/usr/include/p11-kit-1-g -O2 
-ffile-prefix-map=/tmp/autopkgtest-lxc.mpw063si/downtmp/build.lxu/src=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -march=native -c -o 
stub_libmem.o stub_libmem.cc
156s g++ -std=c++17 -DHAVE_CONFIG_H 
-DDEFAULT_CONFIG_FILE=\"/etc/squid.conf\" 
-DDEFAULT_SQUID_DATA_DIR=\"/usr/share\" 
-DDEFAULT_SQUID_CONFIG_DIR=\"/etc\"   -I.. -I../include -I../lib 
-I../src -I../include  -isystem /usr/include/mit-krb5   -I. 
-I/usr/include/libxml2  -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra 
-Wimplicit-fallthrough=5 -Wpointer-arith -Wwrite-strings -Wcomments 
-Wshadow -Wmissing-declarations -Woverloaded-virtual -Werror -pipe 
-D_REENTRANT -I/usr/include/p11-kit-1-g -O2 
-ffile-prefix-map=/tmp/autopkgtest-lxc.mpw063si/downtmp/build.lxu/src=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -march=native -c -o 
../src/esi/Expression.o ../src/esi/Expression.cc
157s make[1]: *** No rule to make target '../src/debug/libdebug.la', 
needed by 'ESIExpressions'.  Stop.
157s make[1]: Leaving directory 
'/tmp/autopkgtest-lxc.mpw063si/downtmp/build.lxu/src/test-suite'

157s make: *** [Makefile:1292: check-am] Error 2
157s make: Leaving directory 
'/tmp/autopkgtest-lxc.mpw063si/downtmp/build.lxu/src/test-suite'
157s autopkgtest [01:14:50]: test upstream-test-suite: 
---]
157s autopkgtest [01:14:50]: test upstream-test-suite:  - - - - - - - - 
- - results - - - - - - - - - -

157s upstream-test-suite  FAIL non-zero exit status 2
158s autopkgtest [01:14:51]: test squid: preparing testbed
201s autopkgtest [01:15:34]: testbed dpkg architecture: amd64
201s autopkgtest [01:15:34]: testbed apt version: 2.7.6
201s autopkgtest [01:15:34]:  test bed setup

Would be great to have that fixed soon, so squid can enter testing.

Thanks Jan.
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-@ s+:()>- a+ C$ UL$ P+ L$ !E--- W+++$ N+++ o++ K++ 
!w---? O M+

!V- PS+ PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y+
--END GEEK CODE BLOCK--

Bug#1052218: bookworm-pu: package monitoring-plugins/2.3.3-5+deb12u1

[Jan Wagner]

Am 23.09.23 um 21:42 schrieb Adam D. Barratt:

Control: tags -1 confirmed

On Tue, 2023-09-19 at 08:35 +0200, Jan Wagner wrote:

As reported in #1051768, check_disk has gotten very slow on a
machine
with a huge number of mount points (in excess of 16000).

[ Impact ]
check_disk used to take around 10 seconds on bullseye in this
scenario,
now it is more than one hour



Please go ahead.


monitoring-plugins_2.3.3-5+deb12u1 was uploaded to proposed-updates.

with best regards, Jan

Bug#1051768: [Pkg-nagios-devel] Bug#1051768: monitoring-plugins-basic: check_disk is very slow

[Jan Wagner]

Am 12.09.23 um 13:06 schrieb Arnaud Gomes:

Could you please cherry-pick commit 0dd1110 in a future release of the
package?


I've requested approval with #1052218 for this

Bug#1052218: bookworm-pu: package monitoring-plugins/2.3.3-5+deb12u1

[Jan Wagner]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: monitoring-plug...@packages.debian.org
Control: affects -1 + src:monitoring-plugins

[ Reason ]
As reported in #1051768, check_disk has gotten very slow on a machine 
with a huge number of mount points (in excess of 16000).


[ Impact ]
check_disk used to take around 10 seconds on bullseye in this scenario,
now it is more than one hour

[ Tests ]
Upstream test suite, It was verified to work in the upstream issue 
tracker 
(https://github.com/monitoring-plugins/monitoring-plugins/issues/1919#issuecomment-1715348368) 
and 2.3.3-6 has also this fix, which is since some time in testing.


[ Risks ]
Low, trivial change.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patch is required to speed up check_disk with a huge number of mount 
points.


[ Other info ]
This is a request for pre approval, if you are okay with the changes, 
I'll upload it.


Kind Regards,

Jan
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS 
PE Y++

PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y
--END GEEK CODE BLOCK--diff --git a/debian/changelog b/debian/changelog
index d938ad6..d0b7b5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+monitoring-plugins (2.3.3-5+deb12u1) bookworm; urgency=medium
+
+  * [85eed74] Adding d/p/22_check_disk_avoid_mount from upstream
+(Closes: #1051768)
+
+ -- Jan Wagner   Tue, 19 Sep 2023 07:54:14 +0200
+
 monitoring-plugins (2.3.3-5) unstable; urgency=medium
 
   * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
diff --git a/debian/patches/22_check_disk_avoid_mount 
b/debian/patches/22_check_disk_avoid_mount
new file mode 100644
index 000..49a7113
--- /dev/null
+++ b/debian/patches/22_check_disk_avoid_mount
@@ -0,0 +1,47 @@
+From 0dd11100aa92bab172293ec9615a8a56b0e35ee6 Mon Sep 17 00:00:00 2001
+From: Stefan Taferner 
+Date: Wed, 10 May 2023 19:28:05 +0200
+Subject: [PATCH] avoid mounting when searching for matching mount points
+
+---
+ lib/utils_disk.c | 17 +
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/utils_disk.c b/lib/utils_disk.c
+index 468769b19..582d3ea17 100644
+--- a/lib/utils_disk.c
 b/lib/utils_disk.c
+@@ -147,24 +147,25 @@ np_set_best_match(struct parameter_list *desired, struct 
mount_entry *mount_list
+ 
+   /* set best match if path name exactly matches a mounted device name */
+   for (me = mount_list; me; me = me->me_next) {
+-  if (get_fs_usage(me->me_mountdir, me->me_devname, ) < 0)
+-continue; /* skip if permissions do not suffice for accessing device 
*/
+-if (strcmp(me->me_devname, d->name)==0)
+-  best_match = me;
++if (strcmp(me->me_devname, d->name)==0) {
++  if (get_fs_usage(me->me_mountdir, me->me_devname, ) >= 0) {
++best_match = me;
++  }
++}
+   }
+ 
+   /* set best match by directory name if no match was found by devname */
+   if (! best_match) {
+ for (me = mount_list; me; me = me->me_next) {
+-if (get_fs_usage(me->me_mountdir, me->me_devname, ) < 0)
+-  continue; /* skip if permissions do not suffice for accessing 
device */
+   size_t len = strlen (me->me_mountdir);
+   if ((exact == FALSE && (best_match_len <= len && len <= name_len &&
+  (len == 1 || strncmp (me->me_mountdir, d->name, len) == 0)))
+  || (exact == TRUE && strcmp(me->me_mountdir, d->name)==0))
+   {
+-best_match = me;
+-best_match_len = len;
++if (get_fs_usage(me->me_mountdir, me->me_devname, ) >= 0) {
++  best_match = me;
++  best_match_len = len;
++}
+   }
+ }
+   }
diff --git a/debian/patches/series b/debian/patches/series
index ae89285..b024b25 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 14_check_curl_fix_SSL_with_multiple_IPs
 15_check_swap_remove_includes
 16_check_snmp_disable_multiplier_when_unused
+22_check_disk_avoid_mount

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

> 
> Great!
> 
> I have created it -- can you push everything there, and I will do a
> review via a merge request to that repository?
> 

Ready for the review:

Note:
- currently all ASM implementations are disabled,
so that we don't have a problem with a reproducible-build/symbols/PIC/etc... in 
the first phase

Jan

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

> I would be happy to help review, co-maintain and upload this package.

Great, thank You.


First prototype for review:
'https://salsa.debian.org/janmojzis/lib25519'

if it's ok
can you please create 'salsa.debian.org/debian/lib25519 
<http://salsa.debian.org/debian/lib25519>',
I will move it there.

Currently without autopkgtest,
I will add it when librandombytes package  arrives in unstable.


Thanks
Jan

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: lix25519
  Version : 20230630
  Upstream Authort: Daniel J. Bernstein
* URL : https://lib25519.cr.yp.to/
* License : LicenseRef-PD-hp OR CC0-1.0 OR 0BSD OR MIT-0 OR MIT
  Programming Lang: C
  Description : X25519 microlibrary


lib25519 is a microlibrary for the X25519 encryption system and the Ed25519 
signature system, both of which use the Curve25519 elliptic curve. Curve25519 
is the fastest curve in TLS 1.3, and the only curve in Wireguard, Signal, and 
many other applications (see Nicolai Brown's page 
https://ianix.com/pub/curve25519-deployment.html).

lib25519 has a very simple stateless API based on the SUPERCOP API, with 
wire-format inputs and outputs, providing functions that directly match the 
central cryptographic operations in X25519 and Ed25519:

lib25519_dh_keypair(pk,sk): X25519 key generation
lib25519_dh(k,pk,sk): shared-secret generation
lib25519_sign_keypair(pk,sk): Ed25519 key generation
lib25519_sign(sm,,m,mlen,sk): signing
lib25519_sign_open(m,,sm,smlen,pk): verification + message recovery
Internally, lib25519 includes implementations designed for performance on 
various CPUs, implementations designed to work portably across CPUs, and 
automatic run-time selection of implementations.

lib25519 is intended to be called by larger multi-function libraries, including 
libraries in other languages via FFI. The idea is that lib25519 will take 
responsibility for the details of X25519/Ed25519 computation, including 
optimization, timing-attack protection, and eventually verification, freeing up 
the calling libraries to concentrate on application-specific needs such as 
protocol integration. Applications can also call lib25519 directly.

I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#1051326: systemsettings: A lot of icons are just black squares

[Jan Gerber]

Package: systemsettings
Version: 4:5.27.7-1
Severity: important

Dear Maintainer,

opening systemsettings while running gnome-shell most of the interface
is just black squares. The Appearance tab is completly empty.
This also results in black squares in ohter Qt based applications like
kdenlive.


Opening systemsettings in a temrinal I get some errors that might be
relevant:

QSocketNotifier: Can only be used with threads started with QThread
kf.kirigami: Failed to find a Kirigami platform plugin
file:///usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/kirigami.2/ScrollablePage.qml:200:9:
 QML MouseArea: Binding loop detected for property "width"
file:///usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/kirigami.2/ScrollablePage.qml:200:9:
 QML MouseArea: Binding loop detected for property "width"
kf.kirigami: Failed to find a Kirigami platform plugin
QSGTextureAtlas: texture atlas allocation failed, code=501
QSGTextureAtlas: texture atlas allocation failed, code=501
qt.qpa.wayland: Wayland does not support QWindow::requestActivate()
org.kde.kf5.kwindowsystem.kwayland: This compositor does not support the Shadow 
interface



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-0-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemsettings depends on:
ii  kio 5.107.0-1
ii  kpackagetool5   5.107.0-1
ii  libc6   2.37-7
ii  libkf5activities5   5.107.0-1
ii  libkf5auth5 5.107.0-1
ii  libkf5authcore5 5.107.0-1
ii  libkf5completion5   5.107.0-1
ii  libkf5configcore5   5.107.0-1
ii  libkf5configgui55.107.0-1
ii  libkf5configwidgets55.107.0-2
ii  libkf5coreaddons5   5.107.0-1
ii  libkf5crash55.107.0-1
ii  libkf5dbusaddons5   5.107.0-1
ii  libkf5i18n5 5.107.0-1+b1
ii  libkf5iconthemes5   5.107.0-1+b1
ii  libkf5itemmodels5   5.107.0-1
ii  libkf5itemviews55.107.0-1
ii  libkf5kcmutils5 5.107.0-2
ii  libkf5kiocore5  5.107.0-1
ii  libkf5kiogui5   5.107.0-1
ii  libkf5kiowidgets5   5.107.0-1
ii  libkf5kirigami2-5   5.107.0-1+b1
ii  libkf5notifications55.107.0-1
ii  libkf5package5  5.107.0-1
ii  libkf5runner5   5.107.0-1
ii  libkf5service-bin   5.107.0-1
ii  libkf5service5  5.107.0-1
ii  libkf5widgetsaddons55.107.0-1
ii  libkf5windowsystem5 5.107.0-1
ii  libkf5xmlgui5   5.107.0-1+b1
ii  libkworkspace5-54:5.27.7-2
ii  libqt5core5a5.15.10+dfsg-3
ii  libqt5gui5  5.15.10+dfsg-3
ii  libqt5qml5  5.15.10+dfsg-2
ii  libqt5quick5-gles   5.15.10+dfsg-2
ii  libqt5quickwidgets5 5.15.10+dfsg-2
ii  libqt5widgets5  5.15.10+dfsg-3
ii  libstdc++6  13.2.0-3
ii  qml-module-org-kde-kcm  5.107.0-1
ii  qml-module-org-kde-kcmutils 5.107.0-2
ii  qml-module-org-kde-kirigami25.107.0-1+b1
ii  qml-module-org-kde-kitemmodels  5.107.0-1
ii  qml-module-org-kde-newstuff 5.107.0-1
ii  qml-module-qtquick-controls 5.15.10-2
ii  qml-module-qtquick-layouts  5.15.10+dfsg-2
ii  qml-module-qtquick-shapes   5.15.10+dfsg-2
ii  qml-module-qtquick2 5.15.10+dfsg-2

systemsettings recommends no packages.

systemsettings suggests no packages.

-- no debconf information

Bug#998834: Multiple subsystem options in sshd_config prevent sshd from starting

[Jan Wagner]

Hi,

Am 09.05.23 um 09:43 schrieb Jan Wagner:

https://bugzilla.mindrot.org/attachment.cgi?id=3591=diff==1=raw
 has a patch for this


what needs to happen to raise the chance to get that integrated? It's 
super annoying to work around this and (re)integrate this back after 
every dist upgrade. If Debian wants to be user friedly this is a feature 
which might underline it.
If there is anything I can help to move things forward, please let me 
know and I will try my best to do so.


Many thanks, Jan

Bug#1050186: [Pkg-nginx-maintainers] Bug#1050186: Bug#1050186: Bug#1050186: libnginx-mod-http-lua: depends on obsolete pcre3 library

[Jan Mojzis]

> https://github.com/swananan/lua-resty-core/tree/support_pcre2
uploaded: 0.1.27-2~exp1

> https://github.com/swananan/lua-nginx-module/commits/support_pcre2
uploaded: 1:0.10.25-2~exp2

> https://github.com/swananan/stream-lua-nginx-module/commits/support_pcre2
not in debian

Bug#1050186: [Pkg-nginx-maintainers] Bug#1050186: Bug#1050186: libnginx-mod-http-lua: depends on obsolete pcre3 library

[Jan Mojzis]

Hi,
I've uploaded experimental version with the PCRE2 patch included
1:0.10.25-2~exp1 to the experimental.

Jan


On Tue, 29 Aug 2023 15:50:52 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?= 
 wrote:
> Le mar. 29 août 2023 à 15:43, Thomas Ward  a écrit :
> 
> > I apoligize I was thinking Lua deps not PCRE.
> >
> > However, I did more digging. OpenResty has been on NGINX cofe version
> > 1.21.4 for the longest time.  They do not have PCRE2 support in their
> > system.  As this is an OpenResty-originating module the 4th requirement as
> > stated in the linked GitHub issue is not met.
> >
> > I would not be so sure that "next update" will have a fix if OpenResty
> > core does not support PRCE2 (1.21.5 nginx introduced PCRE2 core
> > requirement/build fixes, OpenResty never inccuded that).  The reason PCRE3
> > is still used here in the Lua module is the custom workaround of mixing
> > PCRE2 nginx and PCRE3 Lua which use different build flags at compile time
> > with the linking options.
> >
> > Therefore, we need to not make assumptions and watch this closely.  If
> > there is not movement in a reasonable time period, then we may have to drop
> > this module from Debian due to PCRE3 being obsolete.
> >
> 
> Actually, openresty has started supporting nginx 1.25.1 recently:
> 
> [feature: upgrade nginx core to 1.25.1 which supports HTTP3](
> https://github.com/openresty/openresty/commit/6278b1aeae0593b17d3143aeb60a216f73b6bb1d)[feature:
> [upgrade nginx core to 1.25.1](
> https://github.com/openresty/stream-lua-nginx-module/commit/d48f057f18eb1f33123bf62be49c735c5cb98f16
> )
> [upgrade nginx core to 1.25.1](
> https://github.com/openresty/lua-nginx-module/commit/e69fd3de281f31804857aa6dc0b8e79055716138
> )
> >
> >
> Considering the work of the author of these patches, I'd be surprised if it
> wasn't finished soon (right now, only stream-lua-nginx has no support for
> pcre2).

Bug#1050531: ITP: libmceliece -- Classic McEliece microlibrary

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libmceliece
  Version : 20230612
  Upstream Authort: Daniel J. Bernstein
* URL : https://lib.mceliece.org
* License : CC0
  Programming Lang: C
  Description : Classic McEliece microlibrary


libmceliece is a Classic McEliece microlibrary.
libmceliece has a very simple stateless API based on the SUPERCOP API,
with wire-format inputs and outputs, providing functions that directly match
the KEM operations provided by Classic McEliece, such as functions

mceliece6960119_keypair
mceliece6960119_enc
mceliece6960119_dec
for the mceliece6960119 KEM.

Internally, libmceliece is based on the official Classic McEliece software,
specifically the vec implementation (designed to work portably across CPUs) and
he avx implementation (designed for higher performance on Intel/AMD CPUs with
AVX2 instructions). libmceliece includes automatic run-time selection
of implementations.

libmceliece is intended to be called by larger multi-function libraries
(such as traditional cryptographic libraries), including libraries in other
languages via FFI. The idea is that libmceliece takes responsibility for
the details of Classic McEliece computation, including optimization,
timing-attack protection, and (in ongoing work) verification,
freeing up the calling libraries to concentrate on application-specific
needs such as protocol integration. Applications can also call libmceliece
directly.


I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#1050098: systemd: Using systemd-networkd as DHCP server static leases are ignored

[Jan Dorniak]

Package: systemd
Version: 252.12-1~deb12u1
Severity: normal
X-Debbugs-Cc: j...@dorniak.me

Dear Maintainer,

Using two Bookworm systems, one as a DHCP server, one as a DHCP client.

The server does not respect static leases. The issue has been fixed in
systemd 254.

For description, see: https://github.com/systemd/systemd/issues/21368
For the patch, see: https://github.com/systemd/systemd/pull/27313

Jan

-- Package-specific info:

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.108-1-pve (SMP w/32 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  libacl12.3.1-3
ii  libaudit1  1:3.0.9-1
ii  libblkid1  2.38.1-5+b1
ii  libc6  2.36-9+deb12u1
ii  libcap21:2.66-4
ii  libcryptsetup122:2.6.1-4~deb12u1
ii  libfdisk1  2.38.1-5+b1
ii  libgcrypt201.10.1-3
ii  libkmod2   30+20221128-1
ii  liblz4-1   1.9.4-1
ii  liblzma5   5.4.1-0.2
ii  libmount1  2.38.1-5+b1
ii  libp11-kit00.24.1-2
ii  libseccomp22.5.4-1+b3
ii  libselinux13.4-1+b6
ii  libssl33.0.9-1
ii  libsystemd-shared  252.12-1~deb12u1
ii  libsystemd0252.12-1~deb12u1
ii  libzstd1   1.5.4+dfsg2-5
ii  mount  2.38.1-5+b1

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.14.8-2~deb12u1
ii  systemd-timesyncd [time-daemon]  252.12-1~deb12u1

Versions of packages systemd suggests:
ii  libfido2-1 1.12.0-2+b1
pn  libqrencode4   
pn  libtss2-esys-3.0.2-0   
pn  libtss2-mu0
pn  libtss2-rc0
pn  polkitd | policykit-1  
pn  systemd-boot   
pn  systemd-container  
pn  systemd-homed  
pn  systemd-resolved   
pn  systemd-userdbd

Versions of packages systemd is related to:
pn  dbus-user-session  
pn  dracut 
pn  initramfs-tools
ii  libnss-systemd 252.12-1~deb12u1
ii  libpam-systemd 252.12-1~deb12u1
ii  udev   252.12-1~deb12u1

-- no debconf information

Bug#1050038: foomuuri: Package does not include any documentation

[Jan Prunk]

Package: foomuuri
Version: 0.19-2~bpo12+1
Severity: wishlist
X-Debbugs-Cc: janpr...@gmail.com

Dear Maintainer,

Package does not include any documentation inside /usr/share/doc/foomuuri/ .
Creating a file with mentioning (pointing to) the package official wiki would 
be usefull.
https://github.com/FoobarOy/foomuuri/wiki/

Best regards,
Jan

-- System Information:
Debian Release: 12.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-11-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages foomuuri depends on:
ii  nftables  1.0.6-2+deb12u1
ii  python3   3.11.2-1+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-gi3.42.2-3+b1
ii  python3-requests  2.28.1+dfsg-1
ii  python3-systemd   235-1+b2

Versions of packages foomuuri recommends:
ii  fping  5.1-1

Versions of packages foomuuri suggests:
ii  foomuuri-firewalld  0.19-2~bpo12+1

-- no debconf information

Bug#1049350: virtualbox-dkms: DKMS cannot build the module with Linux kernel 6.4.10 (and perhaps higher 6.4.x)

[Jan Volec]

Package: virtualbox-dkms
Version: 7.0.10-dfsg-2
Severity: important
Tags: patch
X-Debbugs-Cc: j...@ucw.cz

Dear Maintainer,

including  is required for DKMS to compile 
/usr/src/virtualbox-7.0.10/vboxnetflt/linux/VBoxNetFlt-linux.c
against the 6.4.10 linux kernel.

Since this was handled correctly for 6.5.x kernel, the following patch seems 
rather straightforward:

50c50
< #if RTLNX_VER_MIN(6,5,0)
---
> #if RTLNX_VER_MIN(6,4,10)


Cheers, Jan


-- System Information:
Debian Release: trixie/sid
  APT prefers experimental
  APT policy: (800, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.7-x64v4-xanmod1 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC, TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages virtualbox-dkms depends on:
ii  dkms  3.0.11-3

Versions of packages virtualbox-dkms recommends:
ii  virtualbox  7.0.10-dfsg-2

virtualbox-dkms suggests no packages.

-- no debconf information
50c50
< #if RTLNX_VER_MIN(6,5,0)
---
> #if RTLNX_VER_MIN(6,4,10)

Bug#1043458: libhttp-parser-dev multi-arch hints

[Jan Smets]

Package: libhttp-parser-dev
Version: 2.9.4-5

Hi!

Different arch flavors of libhttp-parser-dev can not be co-installed - this
would be convenient for unified cross-compilation environments.

Can you please add the Multi-Arch hints to the debian/control file.

This has already been reported by the 'multiarch hinter' back in 2016.

 Multiarch hinter reports 1 issue(s)normal
There are issues with the multiarch metadata for this package.
libhttp-parser-dev could be marked Multi-Arch: same

Thank you

-- 
Smets Jan
j...@smets.cx

Bug#1029435: The describes bug is fixed

[Jan Ries]

Dear Maintainers,

the aformentioned bug is fixed as of linux-image-amd64  6.1.38-1.

Thanks a lot!

Best regards

Jan

Bug#1042975: libnspr4-dev multi arch co-install

[Jan Smets]

Package: nspr
Version: 2:4.35-1.1

Hi!
Different arch flavors of libnspr4-dev can not be co-installed.
Please add the Multi-Arch: same  hints to the debian/control file
Also, nspr-config - which is a shell script - contains the library path -
making it different.

if test -z "$libdir"; then
libdir=/usr/lib/x86_64-linux-gnu
fi

This can be dynamically queried from dpkg-architecture -qDEB_HOST_MULTIARCH

Much appreciated.
Thank you

-- 
Smets Jan
j...@smets.cx

Bug#1042944: libboost multi-arch hints

[Jan Smets]

Package: boost1.81
Version: 1.81.0-6

Hi
Can you please add the multi-arch hints on to (-dev) packages, so these can
be co-installed for multi-arch development/cross compiling.

I'm specifically requesting libboost-python1.81(-dev)

The multi-arch hints can go here:
https://salsa.debian.org/debian/boost/-/blob/1.81.0/debian/control#L1074
https://salsa.debian.org/debian/boost/-/blob/1.81.0/debian/control#L1099

The content of the libboost-python1.81(-dev) arm64/amd64 packages does not
conflict.

These problems were also detected by the Multi Arch Hinter

 Multiarch hinter reports 5 issue(s)normal
There are issues with the multiarch metadata for this package.
libboost1.81-doc could be marked Multi-Arch: foreign
libboost-log1.81.0 could be marked Multi-Arch: same
libboost-mpi1.81.0 could be marked Multi-Arch: same
libboost-nowide1.81.0 could be marked Multi-Arch: same
libboost-python1.81.0 could be marked Multi-Arch: same

Thank you

-- 
Smets Jan
j...@smets.cx

Bug#1042106: Regression: CONFIG_VIDEO_V4L2_SUBDEV_API=y not present anymore, was present in 6.3.0-2

[Jan Binder]

Source: linux
Version: 6.4.0-1
Severity: normal

Dear Maintainer,

as of 6.4.0-1, the kernel is missing the previously enabled config
CONFIG_VIDEO_V4L2_SUBDEV_API=y
which is needed for some webcams on Intel Alder Lake laptops.

Please enable this config option again.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1041611: dmidecode --dump-bin segfaults

[Jan Nordholz]

Package: dmidecode
Version: 3.5-1

Hi,

dmidecode --dump-bin segfaults on 64-bit architectures because  does
not provide a declaration for fdopen() in ANSI mode, so the returned pointer
is implicitly truncated to int:

[...]
x86_64-linux-gnu-gcc -g -O2 -ffile-prefix-map=/tmp/dmidecode-3.5=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIE -Wdate-time 
-D_FORTIFY_SOURCE=2 -Os -ansi -c dmidecode.c -o dmidecode.o
dmidecode.c: In function ‘dmi_table_dump’:
dmidecode.c:5427:11: warning: assignment to ‘FILE *’ from ‘int’ makes pointer 
from integer without a cast [-Wint-conversion]
 5427 | f = fdopen(fd, "wb");
  |   ^
[...]

Cheers,

Jan

Bug#1040898: tp-smapi-dkms: Update to support Kernel 6.4+

[Jan Volec]

Package: tp-smapi-dkms
Version: 0.43-3
Severity: critical
Justification: breaks unrelated software
X-Debbugs-Cc: j...@ucw.cz

Dear Maintainer,

DKMS fails to compile the module with the 6.4 kernels; see 
https://github.com/linux-thinkpad/tp_smapi,
and the patch 
https://github.com/linux-thinkpad/tp_smapi/commit/0c3398b1acf2a2cabd9cee91dc3fe3d35805fa8b

Jan


-- System Information:
Debian Release: trixie/sid
  APT prefers experimental
  APT policy: (800, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.12-x64v4-xanmod1 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tp-smapi-dkms depends on:
ii  dkms  3.0.11-3

tp-smapi-dkms recommends no packages.

tp-smapi-dkms suggests no packages.

-- no debconf information

Bug#1039913: Please add hook for self-signing systemd-boot after upgrade

[Jan Naumann]

Package: systemd-boot
Version: 253-4
Severity: minor

Dear maintainers,

the systemd-boot package calls `bootctl update` after the upgrade of the
package. Therefore, it overwrites the currently installed systemd-boot image
(which could be signed for secure boot with a local key) on the ESP with a new,
but unsigned image.

Could you please add a hook to the postinst that either a local script can be
called on installation time which takes care of signing the image (similar to
the `/etc/kernel/postinst.d/ mechamism) or add some call to `sbsign` yourself if
e.g. the signing key is available at a specific path.

Thank you very much in advance
Jan Naumann

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd-boot depends on:
ii  libc6  2.36-9
ii  libsystemd-shared  253-4
ii  systemd-boot-efi   253-4

Versions of packages systemd-boot recommends:
ii  efibootmgr  17-2

systemd-boot suggests no packages.

-- no debconf information

Bug#1039741: libapache-poi-java: reproducible builds: timezone-specific timestamp in poi.jar

[Jan-Benedict Glaw]

On Wed, 2023-06-28 13:34:31 -0700, Vagrant Cascadian 
 wrote:
> diff --git a/debian/rules b/debian/rules
> index c94adb7..9ddad46 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -10,7 +10,7 @@ VERSION := $(shell echo $(DEB_VERSION_UPSTREAM) | sed 
> 's/+dfsg//')
>   dh $@ --with maven-repo-helper --with javahelper
>  
>  override_dh_auto_build:
> - dh_auto_build -- -Dversion.id=$(VERSION) -DDSTAMP=$(shell date 
> '--date=@$(SOURCE_DATE_EPOCH)' +%Y%m%d) jar maven-poms javadocs
> + dh_auto_build -- -Dversion.id=$(VERSION) -DDSTAMP=$(shell date '--utc 
> --date=@$(SOURCE_DATE_EPOCH)' +%Y%m%d) jar maven-poms javadocs
>  
>  override_dh_auto_test:
>  ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))

IMHO the `--utc` is misplaced within the `--date` quoting.

MfG, JBG

-- 


signature.asc
Description: PGP signature

Bug#1038385: linux-image-amd64: Please enable CONFIG_INTEL_SKL_INT3472 for the Intel Skylake power controller

[Jan Binder]

Package: linux-image-amd64
Version: 6.3.7-1
Severity: wishlist

Dear Maintainer,

please set CONFIG_INTEL_SKL_INT3472=m to build the intel-skl-int3472 module.

This module is necessary to use some cameras built into Intel Skylake laptops.


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-amd64 depends on:
ii  linux-image-6.3.0-1-amd64  6.3.7-1

linux-image-amd64 recommends no packages.

linux-image-amd64 suggests no packages.

-- no debconf information

Bug#1038264: wmusic: fails to display remaining time for songs longer than 35 minutes

[Jan]

Package: wmusic
Version: 2.1.0-2
Severity: normal

Dear Maintainer,

When I play a song that's longer than 35 minutes, the remaining time
indicator fails to display correctly. This is because it overflows the
length field. Attached is a patch to fix the bug.

Thank you,
Jan Hasebos

=
64c64
< void DrawTime(int time);
---
> void DrawTime(gint64 time);
601c601,602
<   int time = 0, length = 0, position = 100;
---
>   gint64 time = 0, length = 0;
>   int position = 100;
641c642
<   length = atoi(length_str);
---
>   length = g_ascii_strtoll(length_str, NULL, 10);
695c696
< void DrawTime(int time)
---
> void DrawTime(gint64 time)
710c711
<   sprintf(timestr, "%02d%02d", time / 60, time % 60);
---
>   sprintf(timestr, "%02" G_GINT64_FORMAT "%02" G_GINT64_FORMAT, 
> time / 60, time % 60);
714c715
<   sprintf(timestr, "%02d%02d", time / 3600,
---
>   sprintf(timestr, "%02" G_GINT64_FORMAT "%02" 
> G_GINT64_FORMAT, time / 3600,
=

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wmusic depends on:
ii  libc6  2.36-9
ii  libdockapp31:0.7.3-2+b1
ii  libglib2.0-0   2.74.6-2
ii  libplayerctl2  2.4.1-2
ii  libx11-6   2:1.8.4-2

wmusic recommends no packages.

wmusic suggests no packages.

-- no debconf information

Bug#1037450: procps: [pgrep] [regression]: >15 characters warning when long regex doesn't match

[Jan Braun]

Craig Small schrob:
>   I'm thinking of adding a quick and dirty check for a regex. A very quick
> set of characters to say "this is a regex" and suppress the warning.
> The first idea is just look for a '[' or a '|'. I think that covers most
> simple conditions. I'm not looking for some sort odd corner cases, just the
> main ones.

I agree. | and [ should catch the vast majority of regexes already, and
you'll always be able to add [] around a literal char just to disable the
warning in the remaining cases.

> I'm not even going to bother with checking if the regex is too long (e.g.
> somethingverylonghere|somethingelsethatisverylong) because this is a simple
> check.

Yes, you'd go mad trying to figure out things like
something(verylonghere|elsethatislong)
anyway. Better to just assume that people writing regexes know (or test)
what they're matching.

cheers,
Jan


signature.asc
Description: PGP signature

Bug#1037450: procps: [pgrep] [regression]: >15 characters warning when long regex doesn't match

[Jan Braun]

Package: procps
Version: 2:4.0.3-1
Severity: normal

Dear Maintainer,
Bug #896062 has come back from the grave:

| $ pgrep  "something|otherthing"
| pgrep: pattern that searches for process name longer than 15 characters will 
result in zero matches
| Try `pgrep -f' option to match against the complete command line.
| $

Note *the regex* is longer than 15 chars, what gets matched is shorter.

The 2018 fix was "new kernels have 64 char process names anyway", so I'm
surprised to see that I'm having process names limited to 15 chars in
2023. But regardless of the actual limit, the warning is bogus.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896062 for full
rationale; everything there applies again, including my offer to help.

Thank you for maintaining procps,
Jan

-- System Information:
Debian Release: 12.0
  APT prefers stable-debug
  APT policy: (800, 'stable-debug'), (800, 'stable'), (650, 'testing-debug'), 
(650, 'testing'), (550, 'unstable'), (10, 'experimental')
Architecture: armel (armv5tel)

Kernel: Linux 6.1.0-9-marvell (UP)
Locale: LANG=C.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)

Versions of packages procps depends on:
ii  init-system-helpers  1.65.2
ii  libc62.36-9
ii  libncursesw6 6.4-4
ii  libproc2-0   2:4.0.3-1
ii  libtinfo66.4-4

Versions of packages procps recommends:
ii  psmisc  23.6-1

procps suggests no packages.

-- no debconf information


signature.asc
Description: PGP signature

Bug#1037015: MOZ_APP_REMOTINGNAME should contain lowercase firefox-esr to have correct window icons with MOZ_ENABLE_WAYLAND=1 on KDE Wayland

[Jan Andre Ikenmeyer]

Package: firefox-esr
Version: 102.11.0esr-1

Debian's MOZ_APP_REMOTINGNAME is Firefox-esr, it should be lowercase 
firefox-esr as it is in builds from 
https://download.mozilla.org/?product=firefox-esr-latest-ssl=linux64.


MOZ_APP_REMOTINGNAME must match
- MOZ_APP_REMOTINGNAME.desktop to avoid 
https://bugzilla.mozilla.org/show_bug.cgi?id=1826330 on KDE Wayland

- StartupWMClass=MOZ_APP_REMOTINGNAME

$ cat /usr/share/applications/firefox-esr.desktop | grep StartupWMClass
> StartupWMClass=Firefox-esr

Wayland:
$ WAYLAND_DEBUG=1 MOZ_ENABLE_WAYLAND=1 firefox-esr |& grep 
'xdg_toplevel@[0-9]\+\.set_app_id'

> [ 947103.838]  -> xdg_toplevel@43.set_app_id("Firefox-esr")

About/Downloads/bookmarks windows have a wrong window icon (the Wayland 
W icon).

With browser.tabs.inTitlebar=0, the main window has a wrong icon as well.

X11 / Xwayland:
When the cursor becomes a "+", click on Firefox' window:
$ firefox-esr & xprop WM_CLASS
> WM_CLASS(STRING) = "Navigator", "Firefox-esr"

Proposed fix:
https://salsa.debian.org/mozilla-team/firefox/-/blob/b2698cd93ded2aa17bb6a2756ee85f015b63dbe8/debian/rules#L76
> export MOZ_APP_REMOTINGNAME := $(call uc_first,$($(PRODUCT)))

I assume MOZ_APP_REMOTINGNAME needs to become PRODUCT, without uc_first.

MOZ_APP_REMOTINGNAME is used by Firefox
to call `g_set_prgname(gAppData->remotingName);` for correct window icon 
and grouping on Wayland (it can be overridden with --name argument)
to call `gdk_set_program_class(gAppData->remotingName);` for correct 
window grouping on X11 (it can be overriden with --class argument)


And
https://salsa.debian.org/mozilla-team/firefox/-/blob/b2698cd93ded2aa17bb6a2756ee85f015b63dbe8/debian/browser.desktop.in#L103
> StartupWMClass=@MOZ_APP_REMOTINGNAME@

can become
StartupWMClass=@browser@


Offtopic, but further fixes for the .desktop file:
You can use the longer MimeType string from Mozilla's Nightly debian 
package (https://bugzilla.mozilla.org/show_bug.cgi?id=1836205#c3) to fix 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031041.
"MimeType" doesn't change default apps and its order doesn't matter 
(https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#mime-types).
You could also adopt "Actions" (plus "Desktop Action"s) and translations 
from it.

Bug#1036870: sane-backends: Please update .tarball-version

[Jan Binder]

Source: sane-backends
Version: 1.2.1-2
Severity: minor

Dear Maintainer,

please consider updating the .tarball-version file that 0040-remove_git.patch
creates to accurately reflect the version of the source code.

The version in that file does show up in debug traces.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.25+ (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#998834: Multiple subsystem options in sshd_config prevent sshd from starting

[Jan Wagner]

tags 998834 + patch
thanks

https://bugzilla.mindrot.org/attachment.cgi?id=3591=diff==1=raw 
has a patch for this

Bug#1035759: RFA: sniproxy -- Transparent TLS and HTTP layer 4 proxy with SNI support

[Jan Dittberner]

Package: wnpp
Severity: normal
X-Debbugs-Cc: snipr...@packages.debian.org
Control: affects -1 + src:sniproxy

I request an adopter for the sniproxy package.

The package description is:
 Proxies incoming HTTP and TLS connections based on the hostname contained in
 the initial request of the TCP session. This enables HTTPS name-based virtual
 hosting to separate backend servers without installing the private key on the
 proxy machine.

Bug#1035424: saods9: Connection to catalogs is not working

[Jan Strobl]

Package: saods9
Version: 8.2+repack-2
Severity: normal
X-Debbugs-Cc: str...@asu.cas.cz

Dear Maintainer,

The ds9 has problems connecting to the catalogs.

Reproduce it by opening a fits file with a valid WCS, then use 
Analysis->Catalogs->Optical->Tycho-2 (or any other catalog). The newly opened 
window claims "Status Loading", but nothing really happens. If you then hit the 
"Cancel" or "Close" button, the pop-up will appear with the message 'An 
internal error has been detected invalid command name "xml::parser"'.

Exactly the same happens when trying to use the "Name resolution" functionality 
(Analysis->Name Resolution).

The problem is related to all versions in Debian and Ubuntu as well. However, 
the binary version at the author's site 
(https://sites.google.com/cfa.harvard.edu/saoimageds9/download) doesn't suffer 
from this problem.

My guess - maybe there is a bug in compilation or missing dependency?

Cheers,

Jan Strobl.


-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-0.deb11.6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages saods9 depends on:
ii  libtk-img  1:1.4.13+dfsg-1
ii  tcl-awthemes   10.2.0-1
ii  tcl-signal 1.4.4-1
ii  tcl-tls1.7.22-2
ii  tcl-ttkthemes  3.2.0-1
ii  tcl-xpa2.1.20-1
ii  tclfitsy   8.2+repack-2
ii  tcliis 8.2+repack-2
ii  tcllib 1.20+dfsg-1
ii  tclxml 1:3.2.7-5
ii  tk 8.6.11+1
ii  tk-html1   1.04-2
ii  tk-mpeg1.0.9-1
ii  tk-table   2.10.6-1
ii  tkblt  3.2.23-1
ii  tkcon  2:2.7.3-1
ii  tksao  8.2+repack-2

Versions of packages saods9 recommends:
ii  saods9-doc  8.2+repack-2

Versions of packages saods9 suggests:
pn  python3-pyds9  
pn  xpa-tools  

-- no debconf information

Bug#1034871: podman: "sudo podman system reset" can delete current working directory

[Jan Hendrik Farr]

Package: podman
Version: 4.3.1+ds1-6+b2
Severity: normal
Tags: newcomer
X-Debbugs-Cc: deb...@jfarr.cc

Dear Maintainer,

if /etc/containers/storage.conf does not include the runRoot variable, then
running "sudo podman system reset" will delete the current working directory.
This is already fixed in upstream, I hope this can be backported and included
in Debian 12.

upstream issue: https://github.com/containers/podman/issues/18349
upstream fix: https://github.com/containers/storage/pull/1510


Including this fix in Debian 12 has a really low chance of affecting other
packages, but if this fix is not included there will inevitably be more people
like me that accidentally remove their home directory.


With kind regards
Jan



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.2.11 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages podman depends on:
ii  conmon   2.1.6+ds1-1
ii  crun 1.8.1-1+b1
ii  golang-github-containers-common  0.50.1+ds1-4
ii  libc62.36-9
ii  libdevmapper1.02.1   2:1.02.185-2
ii  libgpgme11   1.18.0-3+b1
ii  libseccomp2  2.5.4-1+b3
ii  libsubid41:4.13+dfsg1-1+b1
ii  runc 1.1.5+ds1-1+b1

Versions of packages podman recommends:
ii  buildah1.28.2+ds1-1+b2
ii  catatonit  0.1.7-1+b1
ii  dbus-user-session  1.14.6-1
ii  fuse-overlayfs 1.10-1
ii  slirp4netns1.2.0-1
ii  tini   0.19.0-1
ii  uidmap 1:4.13+dfsg1-1+b1

Versions of packages podman suggests:
pn  containers-storage  
pn  docker-compose  
ii  iptables1.8.9-2

-- no debconf information

Bug#1034781: [Pkg-nagios-devel] Bug#1034781: monitoring-plugins-contrib: Dependency 'bc' missing for check_ssl_cert

[Jan Wagner]

Hi Johannes,

Am 24.04.23 um 13:10 schrieb Drexl Johannes:

since a couple of versions check_ssl_cert uses bc to calculate floating
point values. The commit was

https://github.com/matteocorti/check_ssl_cert/commit/6bedeb49bd1523a1d90adeb3ef21e46b7190aada

Hence now bc needs to go from the Recommends section of the package to
actually being a dependency:

Depends: bc


looking into 
/usr/share/doc/monitoring-plugins-contrib/README.Debian.plugins:


Some plugins require additional libraries. To prevent you from having to
install dozens of further packages that you don't actually need, there 
is no strict dependency on those libraries. Rather, they are listed as 
recommenda-tions or suggestions.


apt-get(8) and aptitude(8) will install recommended packages 
automatically by default. If you did not disable this feature you will 
have everything in place to operate all plugins when installing the 
"nagios-plugins-contrib" package.
Else you have to install missing dependencies manually (see the section 
"Plugin dependencies" below).


So it's intention that bc is "just" a Recommend. See 
https://salsa.debian.org/nagios-team/nagios-plugins-contrib/-/commit/013199bb350af8e2a91213ecb1fc168d37405d94 
for this.


With kind regards, Jan
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-@ s+:()>- a+ C$ UL$ P+ L$ !E--- W+++$ N+++ o++ K++ 
!w---? O M+

!V- PS+ PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y+
--END GEEK CODE BLOCK--

Bug#1034800: lualib5.4 is missing expected symbols

[Jan Drögehoff]

Package: liblua5.4
Version: 5.4.4-3

liblua5.4.so.0.0.0 is not exporting symbols that are expected to be present in 
Lua 5.4.

Some examples:
- luaL_addgsub
- lua_closeslot
- lua_setcstacklimit
and likely many more

The header file from liblua5.4-dev still define those functions, leading to 
undefined references.

Bug#1034453: gcc-snaphot: Bad practice for LD_LIBRARY_PATH (and PATH)

[Jan-Benedict Glaw]

Package: gcc-snapshot

Hi!

Installing the `gcc-snapshot` binary package, there's README.Debian
(in the source package, this is README.snapshot), which (in two
places) shows how to assign LD_LIBRARY_PATH (and PATH) extended values
to allow to use the snapshot compiler.

  These two assignments are unintendedly wrong. While this usually
isn't a problem for PATH (as it is almost always set beforehand), is
actually is an issue for LD_LIBRARY_PATH:

LD_LIBRARY_PATH=/usr/lib/gcc-snapshot/lib:$LD_LIBRARY_PATH

With this assignment, the outcome will usually be

LD_LIBRARY_PATH=/usr/lib/gcc-snapshot/lib:

which has an empty path component at the end. While, in earlier days,
I believed that this would be ignored, it actually expands to the
current(!) directory. (With LD_LIBRARY_PATH exported, I had quite a
fun time tracking down a build problem when cross-building NetBSD
configured for amd64 from a Debian amd64 system. ld.so ended up using
freshly built target components from NetBSD to fulfill host tool's
library dependencies, but that target lib was then missing NetBSD's
libc.) I suggest to change it to:


LD_LIBRARY_PATH="/usr/lib/gcc-snapshot/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"

The same principle applies to PATH, but as previous PATH is typically
non-empty, this won't probably break in obscure ways.

Thanks,
  Jan-Benedict

-- 


signature.asc
Description: PGP signature

Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5

[Jan Wagner]

Hi,

Am 27.03.23 um 08:28 schrieb Jan Wagner:

here are the upstream fixes, related upstream CI pipelines and issues:


while we are at fixing bugs.

I'd also like to include 
https://patch-diff.githubusercontent.com/raw/monitoring-plugins/monitoring-plugins/pull/1850.patch, 
which fixes 
https://github.com/monitoring-plugins/monitoring-plugins/issues/1849 
(check_snmp: unit removed from check result)
https://github.com/monitoring-plugins/monitoring-plugins/actions/runs/4531646296/jobs/7982048943?pr=1850 
has a successfull upstream CI test run.


Thanks Jan

Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5

[Jan Wagner]

Hi Sebastian,

Am 26.03.23 um 19:36 schrieb Sebastian Ramacher:

Hi Jan

On 2023-03-25 16:58:12 +0100, Jan Wagner wrote:

Hi Sebastian,

Am 25.03.23 um 10:31 schrieb Sebastian Ramacher:

What's the rationale to include these patches? Do they fix bugs reported
in the BTS or upstream?


upstream


I was hoping to get some more details on the bugs and why fixing them
warrants an unblock.


here are the upstream fixes, related upstream CI pipelines and issues:

* [953ee52] Adding d/p/13_check_icmp_improvements from upstream

This is 
https://github.com/monitoring-plugins/monitoring-plugins/pull/1807 which 
fixes https://github.com/monitoring-plugins/monitoring-plugins/issues/1752.
https://github.com/monitoring-plugins/monitoring-plugins/actions/runs/4216517133/jobs/7318393872?pr=1807 
has a successfull CI run with running upstream testsuite on Debian testing.


* [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream

This is 
https://github.com/monitoring-plugins/monitoring-plugins/pull/1847 which 
fixes https://github.com/monitoring-plugins/monitoring-plugins/issues/1844.
https://github.com/monitoring-plugins/monitoring-plugins/actions/runs/4391896655/jobs/769170?pr=1847 
has a successfull CI run with running upstream testsuite on Debian testing.


* [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream

This is 
https://github.com/monitoring-plugins/monitoring-plugins/pull/1854 which 
fixes https://github.com/monitoring-plugins/monitoring-plugins/issues/1853.
https://github.com/monitoring-plugins/monitoring-plugins/actions/runs/4438159520/jobs/7788839977?pr=1854 
has a successfull CI run with running upstream testsuite on Debian testing.


If you need more information, I'm happy to provide those.

With kind regards, Jan

Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5

[Jan Wagner]

Hi Sebastian,

Am 25.03.23 um 10:31 schrieb Sebastian Ramacher:

What's the rationale to include these patches? Do they fix bugs reported
in the BTS or upstream?


upstream

With kind regards, Jan

Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5

[Jan Wagner]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pkg-nagios-de...@lists.alioth.debian.org
Control: affects -1 + src:monitoring-plugins

Please see these changes for monitoring-plugins. 2.3.3-4 is already 
uploaded into unstable (containing one fix from upstream) but is blocked 
due missing autopkgtests. I prepared another upload containing two fixes 
from upstream, which is not uploaded yet.


[ Reason ]
This release targets several fixes that should go into bookworm:

* [953ee52] Adding d/p/13_check_icmp_improvements from upstream
* [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
* [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream

[ Impact ]
Included patches fixes regressions from latest upstream release.

[ Tests ]
Upstream testsuite passes as well as Salsa CI 
(https://salsa.debian.org/nagios-team/monitoring-plugins/-/pipelines/514242) 
tests (ignoring the blhc).


[ Risks ]
The code changes are trivial enough to not expect regressions.

[ Checklist ]
 [x] all changes are documented in the d/changelog
 [x] I reviewed all changes and I approve them
 [x] attach debdiff against the package in testing

[ Other info ]

unblock monitoring-plugins/2.3.3-5diff --git a/debian/changelog b/debian/changelog
index caf2e31..c738c88 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+monitoring-plugins (2.3.3-5) unstable; urgency=medium
+
+  * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
+  * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream
+
+ -- Jan Wagner   Fri, 24 Mar 2023 19:16:16 +
+
+monitoring-plugins (2.3.3-4) unstable; urgency=medium
+
+  * [953ee52] Adding d/p/13_check_icmp_improvements from upstream
+
+ -- Jan Wagner   Tue, 07 Mar 2023 13:29:35 +
+
 monitoring-plugins (2.3.3-3) unstable; urgency=medium
 
   * [15d0c56] Adding d/p/12_check_curl_improvements from upstream
diff --git a/debian/patches/13_check_icmp_improvements b/debian/patches/13_check_icmp_improvements
new file mode 100644
index 000..0eb2748
--- /dev/null
+++ b/debian/patches/13_check_icmp_improvements
@@ -0,0 +1,200 @@
+From 413af1955538b06803458c628099f1ba9da1966b Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Fri, 4 Nov 2022 16:51:32 +0100
+Subject: [PATCH 1/5] Remove trailing whitespaces
+
+---
+ plugins-root/check_icmp.c | 24 
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index f8f153512..abd88c4e7 100644
+--- a/plugins-root/check_icmp.c
 b/plugins-root/check_icmp.c
+@@ -1,39 +1,39 @@
+ /*
+-* 
++*
+ * Monitoring check_icmp plugin
+-* 
++*
+ * License: GPL
+ * Copyright (c) 2005-2008 Monitoring Plugins Development Team
+ * Original Author : Andreas Ericsson 
+-* 
++*
+ * Description:
+-* 
++*
+ * This file contains the check_icmp plugin
+-* 
++*
+ * Relevant RFC's: 792 (ICMP), 791 (IP)
+-* 
++*
+ * This program was modeled somewhat after the check_icmp program,
+ * which was in turn a hack of fping (www.fping.org) but has been
+ * completely rewritten since to generate higher precision rta values,
+ * and support several different modes as well as setting ttl to control.
+ * redundant routes. The only remainders of fping is currently a few
+ * function names.
+-* 
+-* 
++*
++*
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+-* 
++*
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+-* 
++*
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-* 
+-* 
++*
++*
+ */
+ 
+ /* progname may change */
+
+From 7d074091dba8c1d4081971bf62e694d0b1a03d41 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+rincewinds...@users.noreply.github.com>
+Date: Fri, 4 Nov 2022 16:53:57 +0100
+Subject: [PATCH 2/5] Remove hardcoded DBL_MAX definition
+
+---
+ plugins-root/check_icmp.c | 4 
+ 1 file changed, 4 deletions(-)
+
+diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
+index abd88c4e7..0d10d22db 100644
+--- a/plugins-root/check_icmp.c
 b/plugins-root/check_icmp.c
+@@ -95,10 +95,6 @@ const char *email = "de...@monitoring-plugins.org";
+ # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
+ #endif
+ 
+-#ifnde

Bug#1032471: gxemul: non-working TAP networking support

[Jan-Benedict Glaw]

Hi!

How about adding the patch I suggested to gxemul's Debian package?
That works and makes gxemul _much_ more useable.

Thanks,
  Jan-Benedict

-- 


signature.asc
Description: PGP signature

Bug#1033184: AnyMeal: The desktop file is missing an additional category 'Viewer'

[Jan Wedekind]

On Sun, 19 Mar 2023, Joerg Schiermeier, Bielefeld/Germany wrote:


Hello!

The desktop file for Linux/Debian 
(/usr/share/applications/de.wedesoft.anymeal.desktop) is missing the additional 
category: 'Viewer'.

For further information please see the documentation about desktop files here:
<https://specifications.freedesktop.org/menu-spec/latest/apas02.html>

As a viwer for recipes this additional category should be added.

- --
Yours sincerely
Joerg Schiermeier


Hi,
Thanks for reporting the bug. I have fixed it upstream. I guess I need to 
wait for the end of the freeze before getting it uploaded to unstable.


Kind regards
Jan

Bug#1032942: ITS: tnetstring3

[Jan Niehusmann]

Hi Bastian!

On Tue, Mar 14, 2023 at 02:31:08PM +0100, Bastian Germann wrote:
> Source: tnetstring3
> Severity: important
> 
> I am filing this intend to salvage the tnetstring3 package which is 
> unmaintained.
> The ITS is meant to remove the package from the archive when the waiting 
> period is over.

No need to wait: I just reassigned 1028349 to ftp.debian.org, as
suggested by you in that ticket.

Sorry of not doing it earlier, and causing you additional work. I
obviously didn't care enough about that package. In fact I should have
removed it when the FTBFS bug was filed half a year ago.

Jan

Bug#1032517: [Pkg-nginx-maintainers] Bug#1032517:

[Jan Mojzis]

Unless we find a better solution,
then we will need to rollback the configuration back to nginx-common package.

Bug#516097: [Pkg-nagios-devel] Bug#516097: nagios-plugins-basic: Please implement --ignore-inaccessible: PR request merged.

[Jan Wagner]

Hi Hilmar,

Am 11.03.23 um 12:16 schrieb Hilmar Preusse:

Package: nagios-plugins-basic
Version: 2.3.3-4
Followup-For: Bug #516097

Please note that the PR related to the upstream issue was merged
to the master branch today so it will be part in one of the next
releases. Consider the patch in one of the next uploads.


thanks for picking up here. I'm closely monitoring upstream changes and 
will include this soon. As we are in freeze for bookworm now and this is 
(just) a new feature, it is very unlikely that it will make into 
bookworm itself.
But I'm planing to upload this short after the release into unstable and 
will backport it to bookworm-backports as well.


Cheers Jan.
P.S. Maybe uploads to experimental might happen
--
Never write mail to , you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GIT d-@ s+:()>- a+ C$ UL$ P+ L$ !E--- W+++$ N+++ o++ K++ 
!w---? O M+

!V- PS+ PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y+
--END GEEK CODE BLOCK--

Bug#1032471: Preliminary patch to fix tap networking under Linux

[Jan-Benedict Glaw]

Hi!

As a follow-up, I'm currenrly testing the attached patch. It basically
works, but a PMAX configuration running NetBSD won't be responsive on
the console during network I/O. However, I think that's not due to
this patch, but because limitatiins in the emulation. Will look into
this, but this (hackish) patch is at least in the ticket. (I've also
sent it to gxemul's author.)

MfG, JBG
-- 
diff --git a/src/net/net_tap.c b/src/net/net_tap.c
index 188276e..d920695 100644
--- a/src/net/net_tap.c
+++ b/src/net/net_tap.c
@@ -48,6 +48,11 @@
 #include "misc.h"
 #include "net.h"
 
+#ifdef __linux__
+#  include 
+#  include 
+#endif
+
 /*
  *  net_tap_rx_for_nic():
  *
@@ -166,7 +171,11 @@ bool net_tap_init(struct net *net, const char *tapdev)
 	int fd;
 	int one = 1;
 
+#ifdef __linux__
+	fd = open("/dev/net/tun", O_RDWR);
+#else
 	fd = open(tapdev, O_RDWR);
+#endif
 	if (fd < 0) {
 		debugmsg(SUBSYS_NET, "tap", VERBOSITY_ERROR,
 		"unable to open tap device '%s': %s",
@@ -174,6 +183,22 @@ bool net_tap_init(struct net *net, const char *tapdev)
 		return false;
 	}
 
+#ifdef __linux__
+	struct ifreq ifr;
+
+	memset(, 0, sizeof(ifr));
+	ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
+	strncpy(ifr.ifr_name, tapdev, IFNAMSIZ);
+
+	if (ioctl(fd, TUNSETIFF, ) < 0) {
+		debugmsg(SUBSYS_NET, "tap", VERBOSITY_ERROR,
+		"unable to attach to "
+		"tap device '%s': %s", tapdev, strerror(errno));
+		close(fd);
+		return false;
+	}
+#endif
+
 	if (ioctl(fd, FIONBIO, ) < 0) {
 		debugmsg(SUBSYS_NET, "tap", VERBOSITY_ERROR,
 		"unable to set non-blocking mode on "


signature.asc
Description: PGP signature

Bug#1032517: [Pkg-nginx-maintainers] Bug#1032517:

[Jan Mojzis]

> 
> Jan,
> Did default config files in /etc/nginx/  moved from nginx-common to nginx ?

Yes,
config files moved to the nginx package, and nginx-common is empty metapackage 
(since 1.22.1-6).

Jan

Bug#998708: Another vote for an update

[Jan-Benedict Glaw]

Hi!

Just tried to build Ghidra (with the goal of adding support for the
VAX processors), but I cannot even download the build dependencies due
to gradle being too old. Ghidra requests version 7.3+.  It would be
really nice to have this package updated. Anything I can help with?

Thanks,
  Jan-Benedict Glaw
-- 


signature.asc
Description: PGP signature

Bug#1032517:

[Jan Mojzis]

Hello,
can You please send me the steps how i can reproduce it
- packages list/versions before the upgrade
- exact apt/apt-get command
- packages list/versions after the upgrade

Jan

Bug#1032471: [gxemul] Fix tap device support

[Jan-Benedict Glaw]

Package: gxemul
Version: 0.7.0+dfsg-1+b1

Hi!

I couldn't get tap networking to work at all. Looking at the source
(net_tap_init()), my impression is that this is using the BSD
interface. Googling around, there are forks on eg. Github that
added/fixed tap networking so that it works with Linux. That would be
a great thing to have!

Thanks,
  Jan-Benedict
-- 


signature.asc
Description: PGP signature

Bug#1032156: gnome-multi-writer does not show connected USB sticks in LXDE on Debian

[Jan Girke]

Package: gnome-multi-writer
Version: 3.32.1-1
Severity: important
X-Debbugs-Cc: jangi...@gmail.com

Dear Maintainer,

* What led up to the situation?
I was trying to make a bootable USB stick.
* What exactly did you do (or not do) that was effective (or
ineffective)?
It just flat out would not work. No USB stick detection, I tried several.
The system detects them and even gnome-disk-utiliti has no problem finding
them.
* What outcome did you expect instead?
That the program shows the USB files.

Just drop me an email if you need more info like a screenshot.
It was a netinstall of debian 11 with LXDE as a desktop environment.


-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-multi-writer depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.38.0-2
ii  libc62.31-13+deb11u5
ii  libcanberra-gtk3-0   0.30-7
ii  libcanberra0 0.30-7
ii  libglib2.0-0 2.66.8-1
ii  libgtk-3-0   3.24.24-4+deb11u2
ii  libgudev-1.0-0   234-1
ii  libgusb2 0.3.5-1
ii  libpolkit-gobject-1-00.105-31+deb11u1
ii  libudisks2-0 2.9.2-2+deb11u1

gnome-multi-writer recommends no packages.

gnome-multi-writer suggests no packages.

-- no debconf information

Bug#1032155: gnome-multi-writer: Settings button not displayed in LXDE

[Jan Girke]

Package: gnome-multi-writer
Version: 3.32.1-1
Severity: important
X-Debbugs-Cc: jangi...@gmail.com

Dear Maintainer,

* What led up to the situation?
I was trying to make a bootable USB stick.
* What exactly did you do (or not do) that was effective (or
ineffective)?
It just flat out would not work. No settings button to choose an image file
like an ISO and no USB stick detection, but that is the other bug.
* What was the outcome of this action?
NA
* What outcome did you expect instead?
That the program shows the gearwheel menu to choose the file.

Just drop me an email if you need more info like a screenshot.
It was a netinstall of debian 11 with LXDE as a desktop environment.

Best, Jan Girke

-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-multi-writer depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.38.0-2
ii  libc62.31-13+deb11u5
ii  libcanberra-gtk3-0   0.30-7
ii  libcanberra0 0.30-7
ii  libglib2.0-0 2.66.8-1
ii  libgtk-3-0   3.24.24-4+deb11u2
ii  libgudev-1.0-0   234-1
ii  libgusb2 0.3.5-1
ii  libpolkit-gobject-1-00.105-31+deb11u1
ii  libudisks2-0 2.9.2-2+deb11u1

gnome-multi-writer recommends no packages.

gnome-multi-writer suggests no packages.

-- no debconf information

Bug#1032152: pcmanfm: Silent fail rightclick on ISO file "Disk Image Writer"

[Jan Girke]

Package: pcmanfm
X-Debbugs-Cc: jangi...@gmail.com
Version: 1.3.2-1
Severity: normal

Dear Maintainer,

   * What led up to the situation?
I right clicked an ISO file and it did nothing.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
See above
   * What was the outcome of this action?
Nothing
   * What outcome did you expect instead?
At least an error messagebox that tells me what's wrong.
Are permissions missing? Where and how can I add them? gnome-disk-utility
just works even in userspace.

This package is part of the bigger seudo package lxde the LXDE desktop
environment for Debian 11 something see below.
If you need more information write an email to me.

Best, Jan Girke

-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pcmanfm depends on:
ii  libatk1.0-0  2.36.0-2
ii  libc62.31-13+deb11u5
ii  libcairo21.16.0-5
ii  libfm-gtk4   1.3.2-1
ii  libfm4   1.3.2-1
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1+deb11u1
ii  libglib2.0-0 2.66.8-1
ii  libgtk2.0-0  2.24.33-2
ii  libpango-1.0-0   1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  libx11-6 2:1.7.2-1
ii  shared-mime-info 2.0-1

Versions of packages pcmanfm recommends:
ii  gnome-icon-theme 3.12.0-3
ii  gvfs-backends1.46.2-1
ii  gvfs-fuse1.46.2-1
ii  lxde-icon-theme  0.5.1-2.1
ii  lxpolkit [polkit-1-auth-agent]   0.5.5-2
ii  policykit-1-gnome [polkit-1-auth-agent]  0.105-7

pcmanfm suggests no packages.

-- no debconf information

Bug#1029720: [Pkg-nagios-devel] Bug#1029720: Bug#1029720: monitoring-plugins-contrib: false positive w bookworm kernel: "running kernel does not match on-disk kernel image'

[Jan Wagner]

Thanks for all your input.

As the release is coming closer and I'm very short on time at the moment 
patches are very appreciated.


Thanks Jan

Bug#983645: laminard: SIGPIPE kills it

[Jan-Benedict Glaw]

Hi!

I see that you already imported Laminar 1.2 into the Debian
repository. Thanks a lot for doing the work!  I'm really looking
forward for when it shows up in the Debian unstable repo!

Thanks,
  Jan-Benedict

-- 


signature.asc
Description: PGP signature

Bug#1029842: ITP: randombytes -- Library generating fresh randomness

[Jan Mojzis]

> On 28. 1. 2023, at 21:42, Sam Hartman  wrote:
> 
>>>>>> "Jan" == Jan Mojzis  writes:
> 
> * Package name: randombytes
>  Version : 20230126
>  Upstream Author : Daniel J. Bernstein
> * URL : https://randombytes.cr.yp.to/
> * License : Public domain
> 
> Public domain is problematic  as a license.
> At least under US copyright law, there are very few circumstances when
> something can actually be public domain.
> One example is software written by US government employees.
> But I don't think any of those circumstances apply to this library.
> So I'm not sure the license is okay.

If I understand it correctly, CC0-style public-domain declaration in 
debian/copyright solves the problem.
(learned here: https://lists.debian.org/debian-mentors/2017/09/msg00171.html)

~~~
License: public-domain-CC0-1.0
 Public domain.
 .
 Upstream library is marked as public-domain 
https://randombytes.cr.yp.to/index.html.
 .
 Public-domain mark does not have the same meaning in all jurisdictions,
 to avoid confusion, please follow CC0 1.0 Universal.
 The complete text of the CC0 license, version 1.0,
 can be found in /usr/share/common-licenses/CC0-1.0.
~~~

Or am I wrong?

> 
> I'll  also admit to being skepticle of the utility of such a library
> given the getrandom() API in libc.

The library internally uses getrandom().
The primary bonus is in portability and usability. The library (namely 
randombytes-kernel) uses one of the variants
getrandom(), getentropy(), "/dev/urandom" and the user/aplication doesn't need 
to care what resource is on a given operating system available.
And the user/aplication also doesn't have to worry about whether the system has 
enough entropy (e.g. /dev/urandom initialized).
Randombytes() simply waits/blocks until there is enough entropy.

Jan

Bug#1029720: [Pkg-nagios-devel] Bug#1029720: monitoring-plugins-contrib: false positive w bookworm kernel: "running kernel does not match on-disk kernel image'

[Jan Wagner]

Hi Holger,

Am 30.01.23 um 12:33 schrieb Holger Levsen:

$ scp ./nagios-plugins-contrib-38.20230124/dsa/checks/dsa-check-running-kernel 
osuosl168-amd64.debian.net:

and then there:

holger@osuosl168-amd64:~ $ bash dsa-check-running-kernel
WARNING: Running kernel does not match on-disk kernel image: [Linux version 
6.1.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 
12.2.0, GNU ld (GNU Binutils for Debian) 2.39.90.20221231) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07) != Linux version 6.1.0-1-amd64 
(debian-ker...@lists.debian.org) (gcc-12 (Debian 12.2.0-13) 12.2.0, GNU ld (GNU 
Binutils for Debian) 2.39.90.20221231) # SMP PREEMPT_DYNAMIC Debian 6.1.4-1 
(2023-01-07)]
holger@osuosl168-amd64:~ $ md5sum dsa-check-running-kernel
155205740a07f98f13bf6045b317c505  dsa-check-running-kernel

so, no, doesnt help.


thanks for confirming.

As I don't have a bookworm system (with running kernel) at hand, I can't 
go deeper into debugging this issue until I get hands on it.


Sorry Jan

Bug#1029720: [Pkg-nagios-devel] Bug#1029720: monitoring-plugins-contrib: false positive w bookworm kernel: "running kernel does not match on-disk kernel image'

[Jan Wagner]

Hi Holger,

Am 26.01.23 um 17:41 schrieb Holger Levsen:

on a system running bookworm and the latest amd64 kernel
/usr/lib/nagios/plugins/check_running_kernel warns me that the running kernel 
doesnt
match the on-disk kernel, while it*is*  running the latest kernel.
(line breaks added for better readability.)


thanks for your bugreport.

can you try the version from unstable 
(https://packages.debian.org/sid/nagios-plugins-contrib) which I 
uploaded a few days ago?


Thank Jan

Bug#1029931: pushpin: build-dependencies unsatisfiable on mips*, ppc64el and s390x.

[Jan Niehusmann]

On Sun, Jan 29, 2023 at 01:10:17PM +0200, Adrian Bunk wrote:
> Keeping it "Architecture: any" will automatically (re)add it on 
> architectures whenever they gain ring support.
[...]
> Yes, since there are no reverse (build) dependencies
> "reportbug ftp.debian.org" to remove the stale binaries
> on "mips64el mipsel ppc64el s390x" is all that is needed.

I came to the same conclusion and already opened
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029943

Jan

Bug#1029943: RM: pushpin [mips64el mipsel ppc64el s390x alpha hppa hurd-i386 ia64 kfreebsd-amd64 kfreebsd-i386 m68k powerpc ppc64 riscv64 sh4 sparc64] -- RoM; FTBFS

[Jan Niehusmann]

Package: ftp.debian.org

Dear ftpmasters,

please remove pushpin for the listed architectures from unstable.

It's currently not possible to build them, because a build-depencency,
librust-ring-0.16+default-dev, is not available there. See #1029931 for
details in case you are interested.

Jan

Bug#1029931: pushpin: build-dependencies unsatisfiable on mips*, ppc64el and s390x.

[Jan Niehusmann]

On Sun, Jan 29, 2023 at 04:28:54AM +, Peter Michael Green wrote:
> Package: pushpin
> Version: 1.36.0-1
> Severity: serious
> 
> The new version of pushpin added a dependency on jsonwebtoken,
> unfortunately jsonwebtoken depends in ring, which is only available
> on x86* and arm*. There is work upstream to make ring more
> portable but it seems unlikely to feature in a stable release before
> the bookworm freeze.
> 
> Not sure what can be done about this, I tried reverting the
> upstream commit in question using a Debian patch, but it did not
> seem to revert cleanly.

While I'm a huge fan of portable packages, I think in this case it's
better to just restrict the list of available architectures. I doubt
pushpin is actively used on any other architecture than amd64, in
practice.

Doing heavy changes to make pushpin portable to architectures which
don't provide ring may introduce bugs, even security issues, which would
affect users on all architectures.

So I'd say we should remove pushpin from the archive for all
architectures where librust-ring-0.16+default-dev is not available.

Bug#1029842: ITP: randombytes -- Library generating fresh randomness

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: randombytes
  Version : 20230126
  Upstream Author : Daniel J. Bernstein
* URL : https://randombytes.cr.yp.to/
* License : Public domain
  Programming Lang: C
  Description : Library generating fresh randomness


 librandombytes is a public-domain library providing a simple API for
 applications generating fresh randomness: include ,
 call randombytes(x, xbytes) whenever desired to generate fresh random bytes
 x[0], x[1], ..., x[xbytes-1], and link with -lrandombytes.
 .
 Random bytes are often used directly in applications. Random bytes are also
 the foundation of more complicated random objects, such as random integers
 in a limited interval, random floating-point numbers from a (nearly) normal
 distribution, and random keys used in public-key cryptosystems. librandombytes
 is dedicated to obtaining fresh random bytes in the first place, and leaves
 it to higher-level libraries to convert those bytes into other types of random
 objects.
 .
 librandombytes aims for the following stringent randomness goal: no feasible
 computation will ever be able to tell the difference between the output bytes
 and true randomness (independent uniformly distributed random bytes). This
 makes the randombytes() output suitable for use in applications ranging from
 simulations to cryptography.

I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#977294: nagios-plugins-contrib: (another) check_uptime is shipped with monitoring-plugins 2.3

[Jan Wagner]

Am 13.12.20 um 18:10 schrieb Jan Wagner:

Package: nagios-plugins-contrib
Severity: normal

Monitoring Plugins ships a check_uptime since version 2.3, see
https://github.com/monitoring-plugins/monitoring-plugins/commits/v2.3/plugins-scripts/check_uptime.pl

I would suggest to remove check_uptime from the package. If removing is
not an option, we should rename the script.


The check_uptime in monitoring-plugins is a script which has to be 
executed on the system that has to be monitored. The check_uptime of 
this package is working via SNMP and remote, so it's a completely 
different usecase.

Bug#1029435: linux-image-6.1.0-1-amd64: internal battery and removable battery have a switched priority order

[Jan]

Package: src:linux
Version: 6.1.4-1
Severity: normal
X-Debbugs-Cc: yan...@web.de

Dear Maintainer,

after upgrading from linx-5.19.x to linux-6.0.x the priority order of
the internal battery (nonremovable) and the removable battery have
switched. The internal battery is considered nr. 0 by `acpi -bi` and is
used first. This is not sensible and makes it impossible to switch the
removable battery upon depletion.

This happens on a thinkpad t470. Similiar problems seem to have cropped
up and were fixed according to the changelog.gz of the kernel package.
e.g.:

" - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for
Thinkpad Yoga 11e 4th gen"

I'd guess this is an upstream bug, but thought it sensible to run this
via debian.

I'll happyly test any fixes or run additional diagnostics.

Best regards

Jan

-- Package-specific info:
** Version:
Linux version 6.1.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 
12.2.0-13) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39.90.20221231) #1 SMP 
PREEMPT_DYNAMIC Debian 6.1.4-1 (2023-01-07)

** Command line:
BOOT_IMAGE=/vmlinuz-6.1.0-1-amd64 root=/dev/mapper/monster--vg-root ro quiet

** Not tainted

** Kernel log:
[54011.400926] ata3.00: ACPI cmd f5/00:00:00:00:00:a0(SECURITY FREEZE LOCK) 
filtered out
[54011.400938] ata3.00: ACPI cmd ef/10:03:00:00:00:a0(SET FEATURES) filtered out
[54011.401331] ata3.00: supports DRM functions and may not be fully accessible
[54011.404981] ata3.00: configured for UDMA/133
[54011.416011] ata3.00: Enabling discard_zeroes_data
[54011.475603] usb 1-7: reset full-speed USB device number 3 using xhci_hcd
[54011.835133] psmouse serio1: synaptics: queried max coordinates: x [..5676], 
y [..4690]
[54011.868310] psmouse serio1: synaptics: queried min coordinates: x [1266..], 
y [1162..]
[54011.987248] OOM killer enabled.
[54011.987251] Restarting tasks ... 
[54012.002371] Bluetooth: hci0: Bootloader revision 0.0 build 26 week 38 2015
[54012.003615] done.
[54012.003631] random: crng reseeded on system resumption
[54012.003636] Bluetooth: hci0: Device revision is 16
[54012.003639] Bluetooth: hci0: Secure boot is enabled
[54012.003641] Bluetooth: hci0: OTP lock is enabled
[54012.003642] Bluetooth: hci0: API lock is enabled
[54012.003643] Bluetooth: hci0: Debug lock is disabled
[54012.003645] Bluetooth: hci0: Minimum firmware build 1 week 10 2014
[54012.003649] Bluetooth: hci0: Found device firmware: intel/ibt-12-16.sfi
[54012.078037] PM: suspend exit
[54013.204341] mei_hdcp :00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: 
bound :00:02.0 (ops i915_hdcp_component_ops [i915])
[54013.544036] Bluetooth: hci0: Waiting for firmware download to complete
[54013.544514] Bluetooth: hci0: Firmware loaded in 1504754 usecs
[54013.544538] Bluetooth: hci0: Waiting for device to boot
[54013.557666] Bluetooth: hci0: Device booted in 12837 usecs
[54013.557682] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-12-16.ddc
[54013.560556] Bluetooth: hci0: Applying Intel DDC parameters completed
[54013.561558] Bluetooth: hci0: Firmware revision 0.1 build 19 week 44 2021
[54013.613881] Bluetooth: MGMT ver 1.22
[54016.132567] wlp4s0: authenticate with 3c:a6:2f:63:60:3d
[54016.142891] wlp4s0: send auth to 3c:a6:2f:63:60:3d (try 1/3)
[54016.288508] wlp4s0: authenticate with 3c:a6:2f:63:60:3d
[54016.288535] wlp4s0: send auth to 3c:a6:2f:63:60:3d (try 1/3)
[54016.346800] wlp4s0: authenticated
[54016.350881] wlp4s0: associate with 3c:a6:2f:63:60:3d (try 1/3)
[54016.354411] wlp4s0: RX AssocResp from 3c:a6:2f:63:60:3d (capab=0x1511 
status=0 aid=1)
[54016.357782] wlp4s0: associated
[54016.611609] IPv6: ADDRCONF(NETDEV_CHANGE): wlp4s0: link becomes ready
[54018.513393] wlp4s0: Limiting TX power to 27 (30 - 3) dBm as advertised by 
3c:a6:2f:63:60:3d
[58166.652144] sd 2:0:0:0: [sda] Synchronizing SCSI cache
[58166.655595] sd 2:0:0:0: [sda] Stopping disk
[58172.472157] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
[58172.475004] ata3.00: ACPI cmd f5/00:00:00:00:00:a0(SECURITY FREEZE LOCK) 
filtered out
[58172.475017] ata3.00: ACPI cmd ef/10:03:00:00:00:a0(SET FEATURES) filtered out
[58172.475568] ata3.00: supports DRM functions and may not be fully accessible
[58172.479657] ata3.00: ACPI cmd f5/00:00:00:00:00:a0(SECURITY FREEZE LOCK) 
filtered out
[58172.479669] ata3.00: ACPI cmd ef/10:03:00:00:00:a0(SET FEATURES) filtered out
[58172.480158] ata3.00: supports DRM functions and may not be fully accessible
[58172.483700] ata3.00: configured for UDMA/133
[58172.494034] sd 2:0:0:0: [sda] Starting disk
[58172.494761] ata3.00: Enabling discard_zeroes_data
[58196.095883] sd 2:0:0:0: [sda] Synchronizing SCSI cache
[58196.099331] sd 2:0:0:0: [sda] Stopping disk
[58197.040305] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
[58197.043178] ata3.00: ACPI cmd f5/00:00:00:00:00:a0(SECURITY FREEZE LOCK) 
filtered out
[58197.043191] ata3.00: ACPI cmd ef/10:03:00:00:00:a0(SET FEATURES) filtered out
[58197.043689] ata3.00: supports DRM

Bug#1029433: luajit2: new upstream version 2.1-20230119

[Jan Mojzis]

Package: luajit2
Version: 2.1-20220411-5
Severity: normal

Dear Maintainer,

the latest version of luajit2 2.1-20230119 has been released,
contains mostly bug fixes,
so it would be worth updating the debian version as well
before bookworm freeze.

Thanks
Jan

Bug#1004784: aiscm: FTBFS with ffmpeg 5.0

[Jan Wedekind]

Not sure how to orphan it. I read that I need to change the package 
maintainer to Debian QA Group but I can't create a new release any more 
since it won't build on Debian unstable because of FFPMEG 5.0 changes.


On Wed, 14 Dec 2022, Bastian Germann wrote:


Am 14.12.22 um 16:51 schrieb Jan Wedekind:

No, I didn't manage to fix it. Is it possible to remove the package?


Yes. But if you do not want to maintain it anymore, orphaning would usually 
the step that maintainers take.

Bug#1027845: kdevelop-python: Plugin crashes on encountering Python code

[Jan Kriho]

Package: kdevelop-python
X-Debbugs-Cc: erbur...@gmail.com
Version: 22.12.0-2
Severity: important

Dear Maintainer,

after the Python 3.11 transition, the Python plugin for KDevelop crashes on
on my setup after loading a Python code. I have filed an upstream
bugreport https://bugs.kde.org/show_bug.cgi?id=463802 which contains the
full backtrace.

Regards,
Jan Kriho


-- System Information:
Debian Release: bookworm/sid
 APT prefers testing
 APT policy: (950, 'testing'), (900, 'unstable'), (850,
'experimental'), (800, 'stable'), (500, 'testing-debug'), (500,
'stable-security')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8),
LANGUAGE=cs:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kdevelop-python depends on:
ii  kdevelop-python-data  22.12.0-2
ii  kdevelop510-libs  4:22.12.0-2
ii  libc6 2.36-7
ii  libkf5configcore5 5.101.0-1
ii  libkf5coreaddons5 5.101.0-1
ii  libkf5i18n5   5.101.0-1+b1
ii  libkf5parts5  5.101.0-1
ii  libkf5texteditor5 5.101.0-2
ii  libkf5threadweaver5   5.101.0-1
ii  libkf5widgetsaddons5  5.101.0-1
ii  libkf5xmlgui5 5.101.0-1+b1
ii  libpython3.11 3.11.1-2
ii  libqt5core5a  5.15.7+dfsg-2
ii  libqt5gui55.15.7+dfsg-2
ii  libqt5widgets55.15.7+dfsg-2
ii  libstdc++612.2.0-13
ii  python3.113.11.1-2

Versions of packages kdevelop-python recommends:
ii  kdevelop  4:22.12.0-2
ii  pycodestyle   2.10.0-1
ii  python3-autopep8  2.0.0-1

Versions of packages kdevelop-python suggests:
pn  kdevelop-python-l10n  

-- no debconf information