Bug#1063581: gnumed-client: checked by upstream

[Karsten Hilbert]

Package: gnumed-client
Version: 1.8.18+dfsg-1
Followup-For: Bug #1063581

I have checked and from an upstream point of view the dependancy
can be changed from p7zip-full to 7zip.

Thanks,
Karsten


-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'stable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 6.7-686-pae (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnumed-client depends on:
ii  aspell   0.60.8-4+b1
ii  file 1:5.44-3
ii  gnumed-common1.8.18+dfsg-1
ii  hunspell 1.7.1-1
ii  imagemagick  8:6.9.11.60+dfsg-1.6
ii  imagemagick-6.q16 [imagemagick]  8:6.9.11.60+dfsg-1.6
ii  ispell   3.4.05-1
ii  python3  3.11.2-1+b1
ii  python3-enchant  3.2.2-1
ii  python3-gnuplot  1.8-8
ii  python3-hl7  0.4.5-1
ii  python3-httplib2 0.20.4-3
ii  python3-lxml 4.9.2-1+b1
ii  python3-psutil   5.9.4-1+b1
ii  python3-pyudev   0.24.0-1
ii  python3-wxgtk4.0 4.2.0+dfsg-3
ii  texlive-latex-base   2022.20230122-3

Versions of packages gnumed-client recommends:
ii  aeskulap   0.2.2-beta2+git20190406.ef77f01-4+b1
ii  amide  1.0.6-1
ii  audiofile-tools0.3.6-5+b1
ii  chktex 1.7.8-1
ii  chromium [www-browser] 121.0.6167.160-1~deb12u1
ii  dcmtk  3.6.7-8+b1
ii  extract1:1.11-7
ii  firefox-esr [www-browser]  115.7.0esr-1~deb12u1
ii  gnumed-doc 1.8.18+dfsg-1
ii  gpg2.2.40-1.1
ii  gtklp  1.3.4-3+b1
ii  konqueror [www-browser]4:22.12.3-1
ii  lacheck1.26-17
ii  libimage-exiftool-perl 12.57+dfsg-1
ii  libreoffice-writer 4:7.4.7-1+deb12u1
ii  lynx [www-browser] 2.9.0dev.12-1
ii  p7zip-full 16.02+dfsg-8
ii  pdftk-java 3.3.2-1
ii  poppler-utils  22.12.0-2+b1
ii  python3-docutils   0.19+dfsg-6
ii  python3-pyqrcode   1.2.1-4
ii  python3-unidecode  1.3.6-1
ii  python3-vobject0.9.6.1-2
ii  qpdf   11.3.0-1+deb12u1
ii  systemd-timesyncd  252.22-1~deb12u1
ii  texlive-latex-extra2022.20230122-4
ii  texlive-latex-recommended  2022.20230122-3
ii  w3m [www-browser]  0.5.3+git20230121-2
ii  wgerman-medical20220425-1
ii  xdg-utils  1.1.3-4.1
ii  xmedcon0.23.0-gtk3+dfsg-1
ii  xsane  0.999-12+b1

Versions of packages gnumed-client suggests:
pn  autokey-qt | autokey-gtk
ii  edfbrowser  2.00+dfsg-1
ii  entangle3.0-3
ii  gnumed-server   22.28-1
pn  incron  
ii  kolourpaint 4:22.12.3-1
pn  konsolekalendar 
pn  korganizer  
ii  libchipcard-tools   5.1.6-1+b1
ii  nvram-wakeup1.1-4+b1
ii  python3-uno 4:7.4.7-1+deb12u1
ii  qrisk2  0.1.20150729-5
pn  shutdown-at-night   
pn  wakeonlan | etherwake | gwakeonlan  

-- no debconf information

Bug#1063669: gnumed-client-de: please demote libchipcard-tools from dep: to rec:

[Karsten Hilbert]

Package: gnumed-client-de
Version: latest
Severity: normal

As the Subject says -- prompted by

1062249: libchipcard: NMU diff for 64-bit time_t transition
 https://bugs.debian.org/1062249
1062362: libgwenhywfar: NMU diff for 64-bit time_t transition
 https://bugs.debian.org/1062362

I would like to ask for libchipcard-tools to be set
to Recommends: instead of Depends:.

Thanks,
Karsten
(upstream)


-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'stable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 6.7-686-pae (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnumed-client-de depends on:
ii  adduser3.134
ii  gnumed-client  1.8.18+dfsg-1
ii  libchipcard-tools  5.1.6-1+b1

Versions of packages gnumed-client-de recommends:
ii  dmtx-utils   0.7.6-1.1+b1
pn  hunspell-de-med  
ii  iec16022 0.2.4-3
ii  wgerman-medical  20220425-1

Versions of packages gnumed-client-de suggests:
pn  libctapimkt1  

Bug#1041089: thin-provisioning-tools FTBFS with googletest 1.13.0

[Karsten Kruse]

Hello,

Is there something else that needs to be done to get the package back into
testing?

My system prints a "missing binary: /usr/sbin/check_cache" at boot time
when assembling my lvmcache(7).

Thanks,
Karsten

Bug#1033967: mingw-w64: Cannot download mingw-w64-x86-64-dev_8.0.0-1_all.deb

[Karsten Koop]

Dear Maintainer,

as I still encounter this when building Docker images on our build 
server, I did some further investigations. A forum post suggested this 
could be caused by a virus scanner in the company network, which first 
downloads the file, scans it and only then allows the client to 
download. This seems to cause a timeout for this one file, where the 
scanner needs an unusual long time to scan (maybe caused by the many 
library files included in the package).


So my workaround for now is to call apt-get with increased timeout:

apt-get -y -o Acquire::http::Timeout=120 install gcc-mingw-w64-x86-64-posix

This seems to solve the problem for me, so the bug can be closed.

Best regards,
Karsten

Bug#1033967: mingw-w64: Cannot download mingw-w64-x86-64-dev_8.0.0-1_all.deb

[Karsten Koop]

Package: mingw-w64
Version: 8.0.0-1
Severity: normal

Dear Maintainer,

I cannot successfully download just this one package when building a Docker
image: mingw-w64-x86-64-dev_8.0.0-1_all.deb, full URL:
http://deb.debian.org/debian/pool/main/m/mingw-w64/mingw-w64-x86-64-dev_8.0.0-1_all.deb
The corresponding IP is different in different attempts, e.g. 199.232.190.132
or 146.75.118.132, but the problem persists, since several weeks now.

Error message is:
Err:43 http://deb.debian.org/debian bullseye/main amd64 mingw-w64-x86-64-dev 
all 8.0.0-1
  Connection timed out [IP: 146.75.118.132 80]
...
Fetched 126 MB in 2min 44s (769 kB/s)
E: Failed to fetch 
http://deb.debian.org/debian/pool/main/m/mingw-w64/mingw-w64-x86-64-dev_8.0.0-1_all.deb
  Connection timed out [IP: 146.75.118.132 80]

Download is possible in Firefox, but stays at 0 Bytes for about a minute before
it finally starts. I cannot make sense of this, as the .deb files are on 
different
servers, and other files in the same server directory can be downloaded without
problems.

Also building the Docker image based on sid, with mingw 10 instead of 8, works
fine.

-- System Information:
Debian Release: 11.6
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mingw-w64 depends on:
ii  g++-mingw-w64  10.2.1-6+24.2
ii  gcc-mingw-w64  10.2.1-6+24.2

mingw-w64 recommends no packages.

mingw-w64 suggests no packages.

-- no debconf information

Bug#1028343: u-boot-qemu 2023.01~rc4+dfsg-2: riscv64: FDT creation failed

[Karsten Merker]

Control: tags -1 upstream
X-Debbugs-CC: debian-ri...@lists.debian.org

On Wed, Jan 11, 2023 at 09:21:42AM -0800 Vagrant Cascadian wrote:

> Definitely would be good to mention to upstream. Please Cc me if you do!

I've sent the bugreport upstream:
https://lists.denx.de/pipermail/u-boot/2023-January/504466.html

Regards,
Karsten
-- 
Hiermit widerspreche ich ausdrücklich der Nutzung sowie der Weitergabe
meiner personenbezogenen Daten für Zwecke der Werbung sowie der Markt-
oder Meinungsforschung.

Bug#1028343: u-boot-qemu 2023.01~rc4+dfsg-2: riscv64: FDT creation failed

[Karsten Merker]

X-Debbugs-CC: debian-ri...@lists.debian.org

On Tue, Jan 10, 2023 at 09:22:02PM +0100 Karsten Merker wrote:

> I've also taken a look at the u-boot changelogs and there have
> been quite a few changes concerning u-boot's handling of
> device-trees between the working and the non-working versions. 
> Unfortunately I'm not familiar enough with the inner workings of
> u-boot to understand the implications of several of these
> changes.

Hello,

I've tried narrowing down the source of the issue by using
git bisect on the u-boot tree and that has resulted in
the following commit as the potential culprit:

  commit a56f663f07073713042bb0fd08053aeb667e717b
  Author: Simon Glass 
  Date:   Thu Oct 20 18:23:14 2022 -0600

vbe: Add info about the VBE device to the fwupd node

At present we put the driver in the /chosen node in U-Boot. This is a bit
strange, since U-Boot doesn't normally use that node itself. It is better
to put it under the bootstd node.

To make this work we need to copy create the node under /chosen when
fixing up the device tree. Copy over all the properties so that fwupd
knows what to do.

Update the sandbox device tree accordingly.

Signed-off-by: Simon Glass 

I'm not sure whether this is the actual culprit or just an
operation that happens to expose a problem elsewhere, though.
I'm inclined to forward the bug report to u-boot upstream unless
somebody has another idea how to get this narrowed down further.

Regards,
Karsten
-- 
Hiermit widerspreche ich ausdrücklich der Nutzung sowie der Weitergabe
meiner personenbezogenen Daten für Zwecke der Werbung sowie der Markt-
oder Meinungsforschung.

Bug#1028343: u-boot-qemu 2023.01~rc4+dfsg-2: riscv64: FDT creation failed

[Karsten Merker]

Control: found -1 2023.01+dfsg-1
X-Debbugs-CC: debian-ri...@lists.debian.org

On Tue, Jan 10, 2023 at 09:23:04AM -0800 Vagrant Cascadian wrote:
> On 2023-01-10, Cheng Li wrote:
[...]
> > Moving Image from 0x8400 to 0x8020, end=815d8000
> > ## Flattened Device Tree blob at ff733ef0
> >     Booting using the fdt blob at 0xff733ef0
> > Working FDT set to ff733ef0
> >     Using Device Tree in place at ff733ef0, end ff738dd2
> > Working FDT set to ff733ef0
> > ERROR: fdt fixup event failed: -22
> >   - must RESET the board to recover.
> >
> > FDT creation failed! hanging...### ERROR ### Please RESET the board ###
> 
> I wonder if this is relevent?
> 
>   docs/firmware: Update FW_JUMP documentation
>   
> https://github.com/riscv-software-src/opensbi/commit/7105c189f67028ef73720d7e9816c800ab53dda5
> 
> Basically changing the address offsets to avoid clobbering one another...

Hello,

some clobbering could indeed be the source of the problem, though
I currently fail to see why that would happen.  When running the
objdump dance on the working u-boot 2022.10, this gives me the
following address blocks:

0x802001a4
0x80200e60
0x80259bbc
0x80275a38
0x802769d1
0x802770c8
0x802778b8
0x80283d60
0x80283e70
0x80284628
0x80287f88
0x80288138
0x8029c2b0
0x8029d9a8
0x802a8008

On the non-working u-boot 2023.01 that is in unstable since today
this gives me

0x802001a4
0x80200e70
0x8025a604
0x802762f4
0x802772e8
0x802779ec
0x802781f4
0x802847a8
0x802848b8
0x80285098
0x80288a08
0x80288bb8
0x8029cf40
0x8029e6b0
0x802a8d08

i.e. the used area is a little bit larger in the non-working case, but still
way below one MB.  On the other hand OpenSBI's ./platform/generic/config.mk
contains

  FW_JUMP_FDT_ADDR=$(shell printf "0x%X" $$(($(FW_TEXT_START) + 0x220)))

i.e. AIUI it reserves an area of 0x220 bytes (34MB) for it's payload, so
there should be plenty of space and no clobbering should occur.


I've also taken a look at the u-boot changelogs and there have
been quite a few changes concerning u-boot's handling of
device-trees between the working and the non-working versions. 
Unfortunately I'm not familiar enough with the inner workings of
u-boot to understand the implications of several of these
changes.

Regards,
Karsten
-- 
Hiermit widerspreche ich ausdrücklich der Nutzung sowie der Weitergabe
meiner personenbezogenen Daten für Zwecke der Werbung sowie der Markt-
oder Meinungsforschung.

Bug#1028343: u-boot-qemu 2023.01~rc4+dfsg-2: riscv64: FDT creation failed

[Karsten Merker]

-8<--8<--8<--8<--8<-

OpenSBI v1.1
   _  _
  / __ \  / |  _ \_   _|
 | |  | |_ __   ___ _ __ | (___ | |_) || |
 | |  | | '_ \ / _ \ '_ \ \___ \|  _ < | |
 | |__| | |_) |  __/ | | |) | |_) || |_
  \/| .__/ \___|_| |_|_/|/_|
| |
|_|

Platform Name : riscv-virtio,qemu
Platform Features : medeleg
Platform HART Count   : 4
Platform IPI Device   : aclint-mswi
Platform Timer Device : aclint-mtimer @ 1000Hz
Platform Console Device   : uart8250
Platform HSM Device   : ---
Platform Reboot Device: sifive_test
Platform Shutdown Device  : sifive_test
Firmware Base : 0x8000
Firmware Size : 312 KB
Runtime SBI Version   : 1.0

Domain0 Name  : root
Domain0 Boot HART : 0
Domain0 HARTs : 0*,1*,2*,3*
Domain0 Region00  : 0x0200-0x0200 (I)
Domain0 Region01  : 0x8000-0x8007 ()
Domain0 Region02  : 0x-0x (R,W,X)
Domain0 Next Address  : 0x8020
Domain0 Next Arg1 : 0x8220
Domain0 Next Mode : S-mode
Domain0 SysReset  : yes

Boot HART ID  : 0
Boot HART Domain  : root
Boot HART Priv Version: v1.12
Boot HART Base ISA: rv64imafdch
Boot HART ISA Extensions  : time,sstc
Boot HART PMP Count   : 16
Boot HART PMP Granularity : 4
Boot HART PMP Address Bits: 54
Boot HART MHPM Count  : 16
Boot HART MIDELEG : 0x1666
Boot HART MEDELEG : 0x00f0b509


U-Boot 2022.10+dfsg-2 (Dec 23 2022 - 23:18:44 +)

CPU:   rv64imafdch_zicsr_zifencei_zihintpause_zba_zbb_zbc_zbs_sstc
Model: riscv-virtio,qemu
DRAM:  8 GiB
Core:  31 devices, 15 uclasses, devicetree: board
Flash: 32 MiB
Loading Environment from nowhere... OK
In:serial@1000
Out:   serial@1000
Err:   serial@1000
Net:   eth0: virtio-net#2
Hit any key to stop autoboot:  0 

Device 0: QEMU VirtIO Block Device
Type: Hard Disk
Capacity: 102400.0 MB = 100.0 GB (209715200 x 512)
... is now current device
Scanning virtio 0:1...
Found /boot/extlinux/extlinux.conf
Retrieving file: /boot/extlinux/extlinux.conf
U-Boot menu
1:  Debian GNU/Linux bookworm/sid 6.1.0-1-riscv64
2:  Debian GNU/Linux bookworm/sid 6.1.0-1-riscv64 (rescue target)
3:  Debian GNU/Linux bookworm/sid 6.0.0-6-riscv64
4:  Debian GNU/Linux bookworm/sid 6.0.0-6-riscv64 (rescue target)
5:  Debian GNU/Linux bookworm/sid 6.0.0-5-riscv64
6:  Debian GNU/Linux bookworm/sid 6.0.0-5-riscv64 (rescue target)
Enter choice: 1:Debian GNU/Linux bookworm/sid 6.1.0-1-riscv64
Retrieving file: /boot/initrd.img-6.1.0-1-riscv64
Retrieving file: /boot/vmlinux-6.1.0-1-riscv64
append: root=/dev/vda1 rw noquiet
Moving Image from 0x8400 to 0x8020, end=815e5000
## Flattened Device Tree blob at ff7344b0
   Booting using the fdt blob at 0xff7344b0
   Using Device Tree in place at ff7344b0, end ff738dea

Starting kernel ...

[0.00] Linux version 6.1.0-1-riscv64 (debian-ker...@lists.debian.org) 
(gcc-12 (Debian 12.2.0-11) 12.2.0, GNU ld (GNU Binutils for Debian) 
2.39.90.20221231) #1 SMP Debian 6.1.4-1 (2023-01-07)
[0.00] random: crng init done
[0.00] OF: fdt: Ignoring memory range 0x8000 - 0x8020
[0.00] Machine model: riscv-virtio,qemu
[...]

-8<------8<--8<--8<--8<-

Regards,
Karsten
-- 
Hiermit widerspreche ich ausdrücklich der Nutzung sowie der Weitergabe
meiner personenbezogenen Daten für Zwecke der Werbung sowie der Markt-
oder Meinungsforschung.

Bug#992592: lightdm fails to start after update to bullseye (missing '/var/lib/lightdm/data')

[karsten]

Am 15.10.22 um 19:21 schrieb Christoph Biedl:

# ... without rendering it completely unusable to everyone
severity 992592 important
tags 992592 moreinfo unreproducible
user debian-rele...@lists.debian.org
usertags 992592 + bsp-2022-10-de-karlsruhe
thank you

Pavel Sanda wrote...

Looking into that issue, I failed to reproduce it. So I started with
stretch and did both dist-upgrades up to bullseye, and still lightdm
starts up as expected.


That's interesting.


This is strange since in postinst, /var/lib/lightdm/ is created if
missing, and permissions are set as needed by lightdm. I'd expect
breakage only in conditions you would have noticed anyway - like
unfinished installation, or full disk.

In case you still have the files around (or still can reproduce the
problem), the content of /var/log/lightdm/ should contain more bits
what's going wrong. Out of curiosity, did you purge packages no longer
needed after the upgrade (as listed by deborphan)?


The problem occured on an PC that is running as a server.

I would say when this is not reproducible then simply close the bug.
When I encounter such a problem again I can reopen the bug.

Best regards and thank you
karsten

Bug#1006640: Asking for support at SA Bugzilla

[karsten]

Hopefully the questions can be answered here:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7961

Bug#1006640: Additional own rules are ignored

[karsten]

Package: sa-compile
Version: 3.4.6-1
Severity: normal

Hello,

please refer to this bug report: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006439
because there is no answer so far that helps to solve the problem.

How can be checked that the compiled rules are used by spamd instead of the 
*.cf files?

How it is possible to check which rules are compiled using re2c 
(https://re2c.org) ?

How own rules can be added that they are not overwritten by an package update ?

Please help to understand how the construct of spamassassin is working.

Best regards
karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1006439: Spamassasin is ignoring own rules

[karsten]

Hello Noah,

thank you for your support.

Am 26.02.22 um 18:25 schrieb Noah Meyerhans:

Control: tags -1 + moreinfo

How are you testing your rule?  Does spamassassin --lint report anything
notable?  Also consider adding the '-D' flag to generate copious
additional debug output.

I have done the following to test it, and things seem to work as
expected:

1. Install the rules:

root@a103ba41188a:/# cat > /etc/spamassassin/test.cf
header CONTAINS_SUB Subject =~
/(Sex|Potenz|Dating|Finanz|FFP-2|M[aä]dchen|Bett|ficken)/i
score CONTAINS_SUB 5
describe CONTAINS_SUB Betreff enthält Spam-Wörter


I tried
spamassassin --lint -D &> spam.log
and get

Feb 27 12:31:05.285 [2778089] dbg: config: read file /etc/spamassassin/local.cf
Feb 27 12:31:05.285 [2778089] dbg: config: read file 
/etc/spamassassin/myrules.cf
Feb 27 12:31:05.283 [2778089] dbg: config: read file 
/etc/spamassassin/sa-compile.pre
Feb 27 12:31:05.305 [2778089] dbg: pyzor: local tests only, disabling Pyzor
Feb 27 12:31:05.305 [2778089] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::Razor2 from @INC
Feb 27 12:31:05.308 [2778089] dbg: razor2: local tests only, skipping Razor
Feb 27 12:31:05.308 [2778089] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::SpamCop from @INC
Feb 27 12:31:05.311 [2778089] dbg: reporter: local tests only, disabling SpamCop

Feb 27 12:31:05.404 [2778089] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.004006/updates_spamassassin_org/10_default_prefs.cf
Feb 27 12:31:05.404 [2778089] dbg: config: using 
"/var/lib/spamassassin/3.004006/updates_spamassassin_org/10_default_prefs.cf" for included file
Feb 27 12:31:05.404 [2778089] dbg: config: read file 
/var/lib/spamassassin/3.004006/updates_spamassassin_org/10_default_prefs.cf
Feb 27 12:31:05.420 [2778089] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.004006/updates_spamassassin_org/10_hasbase.cf
Feb 27 12:31:05.420 [2778089] dbg: config: using "/var/lib/spamassassin/3.004006/updates_spamassassin_org/10_hasbase.cf" 
for included file



2. Construct a message to trigger the rule:

root@a103ba41188a:/# sed 's,Subject:.*,Subject: Potenz,; 
s,GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL,,' 
/usr/share/doc/spamassassin/examples/sample-spam.txt > /tmp/test.txt

3. Process the message with spamassassin. Note the report results at the
bottom:


I send an email from an external account to my server and the rules are ignored 
as you can see:

Delivery-date: Sun, 27 Feb 2022 12:36:49 +0100
Received: from mout.kundenserver.de ([212.227.126.134])
  ...
To: deb...@decotrain.de
...
X-Spam-Threshold: 5
X-Spam-Score: 4.9
X-Spam-Score-Int: 49
X-Spam-Bar: 
X-Spam-Flag: NO
X-Delivered-To: deb...@decotrain.de
X-Message-Age: 2
Subject: My Madchen does have more sex and dating

Again there is only ficken, Finanz and Potenz.


So the question is what rules are used by the spamd process?

Other "regular spam" is detected correct like:

X-Spam-Threshold: 5
X-Spam-Score: 9.4
X-Spam-Score-Int: 94
X-Spam-Bar: +
X-Spam-Flag: YES
X-Message-Age: 3
Subject: ***SPAM (9.4)*** 
_=?UTF-8?B?V2lyIGdyYXR1bGllcmVuX0lobmVuIHJlY2h0IGhlcnpsaWNoLlNpZV9nZWhvcmVuIHp1IGRlbl9BdXNlcndhaGx0ZW4gZnVyX2RpZV9UZXNsYS1VbWZyYWdlLg==?=_




If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN**C.34X


Every other test is successful too.

So the question is how i can implement my rules practical, because my rules are 
parsed in a test but are not active.
How i can check what is used within sa-compile?

Bug#1006439: Spamassasin is ignoring own rules

[karsten]

Package: spamassassin
Version: 3.4.6-1
Severity: normal

Hello,

i think this is not a bug and spamassassin is simply not using the rules.
First i have added my own rules to /etc/spamassassin/local.cf without success.
Because this has no effect i put the files in an extra file 
/etc/spamassassin/myrules.cf
This is ignored too.

The aim is to recognize additional german words that are not catched with the 
standard rules.
Special all this sexual content is really annoying. The rule is

header CONTAINS_SUB Subject =~ 
/(Sex|Potenz|Dating|Finanz|FFP-2|M[aä]dchen|Bett|ficken)/i
score CONTAINS_SUB 5
describe CONTAINS_SUB Betreff enthält Spam-Wörter

I could check that the file myrules.cf has been parsed with a manual start of 
spamassassin, but the rules are not used.
It seems that in reality a complete other configuration is used.

Is it possible that only this directory is used:
/var/lib/spamassassin/3.004006/updates_spamassassin_org/
But this will be overwritten in updates?

Additional the package sa-compile is installed.
How can i check wether the *.cf files are used or the compiled rules that seems 
to be in
/var/lib/spamassassin/compiled/5.032/3.004006/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
How can i check which rules are compiled using re2c (https://re2c.org) ?

Please help to understand where own rules must be placed so that they can work?

Best regards
karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1006217: Problem indentified

[karsten]

The reason for this bug is an entry found in 
/etc/apparmor.d/tunables/home.d/site.local
Here is an entry @{HOMEDIRS}=/srv/home/ that was not set manually.
After deleting this entry aa-genprof is working again.

This report can be closed.

Bug#1006217: aa-genprof does not find or record any event

[karsten]

Package: apparmor-utils
X-Debbugs-Cc: deb...@decotrain.de
Version: 2.13.6-10
Severity: important

Hello,

today i tried to create a profile for the opera browser.
So i started as root (german version):

>>>>>>>>>>>>>>>> snip
# aa-genprof /usr/bin/opera
Aktualisiertes Profil für /usr/lib/x86_64-linux-gnu/opera/opera wird 
geschrieben.
/usr/lib/x86_64-linux-gnu/opera/opera wird in den Complain-Modus versetzt.

Bevor Sie beginnen, möchten Sie vielleicht prüfen,
ob bereits ein Profil für das Programm besteht,
das Sie einschränken möchten. Weitere Informationen
können Sie auf der folgenden Wiki-Seite erhalten:
https://gitlab.com/apparmor/apparmor/wikis/Profiles

Profilerstellung: /usr/lib/x86_64-linux-gnu/opera/opera

Starten Sie die Anwendung, für die ein Profil erstellt werden soll, in
einem anderen Fenster, und führen Sie die Funktionalität jetzt aus.

Nach Abschluss dieses Vorgangs bitte unten »Durchsuchen« wählen,
um in den Systemprotokollen nach AppArmor-Ereignissen zu suchen.

Für jedes AppArmor-Ereignis haben Sie die Gelegenheit anzugeben,
ob der Zugriff zugelassen oder verweigert werden soll.

[(S)can system log for AppArmor events] / En(d)e
<<<<<<<<<<<<<<<< snap

I opened, used and closed Opera.
Afterwards i pressed s to scan the system log but nothing happens!
It's the same when i try this with another application.

A file /etc/apparmor.d/tunables/usr.lib.x86_64-linux-gnu.opera.opera was 
created.
/usr/bin/opera is a symbolic link to ../lib/x86_64-linux-gnu/opera/opera.

Please help to solve the problem.

Best regards
karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor-utils depends on:
ii  apparmor  2.13.6-10
ii  python3   3.9.2-3
ii  python3-apparmor  2.13.6-10

apparmor-utils recommends no packages.

Versions of packages apparmor-utils suggests:
pn  vim-addon-manager  

-- no debconf information

Bug#1005388: gnumed-client: new upstream available

[Karsten Hilbert]

Package: gnumed-client
Version: 1.8.6+dfsg-1
Severity: wishlist
Tags: upstream

Dear maintainers,

there's a new upstream version available.

Packaging would be greatly appreciated.

Thanks,
Karsten



-- System Information:
Debian Release: 11.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 
'stable-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 5.15.0-3-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnumed-client depends on:
ii  aspell   0.60.8-3
ii  file 1:5.39-3
ii  gnumed-common1.8.6+dfsg-1
ii  hunspell 1.7.0-3
ii  imagemagick  8:6.9.11.60+dfsg-1.3
ii  imagemagick-6.q16 [imagemagick]  8:6.9.11.60+dfsg-1.3
ii  ispell   3.4.02-2
ii  python3  3.9.2-3
ii  python3-enchant  3.2.0-1
ii  python3-gnuplot  1.8-8
ii  python3-hl7  0.4.1-1
ii  python3-httplib2 0.18.1-3
ii  python3-lxml 4.6.3+dfsg-0.1
ii  python3-psutil   5.8.0-1
ii  python3-pyudev   0.22.0-2
ii  python3-wxgtk4.0 4.0.7+dfsg-10
ii  texlive-latex-base   2020.20210202-3

Versions of packages gnumed-client recommends:
ii  aeskulap0.2.2-beta2+git20190406.ef77f01-3+b1
ii  amide   1.0.5-15
ii  audiofile-tools 0.3.6-5
ii  chktex  1.7.6-4
ii  dcmtk   3.6.5-1
ii  extract 1:1.11-2
ii  firefox [www-browser]   88.0.1-1
ii  firefox-esr [www-browser]   78.15.0esr-1~deb11u1
ii  ginkgocadx  3.8.8-5+b1
ii  gnumed-doc  1.8.6+dfsg-1
ii  gpg 2.2.27-2
ii  gtklp   1.3.1-1
ii  konqueror [www-browser] 4:20.12.0-4
ii  lacheck 1.26-17
ii  libimage-exiftool-perl  12.16+dfsg-2
ii  libreoffice-writer  1:7.0.4-4+deb11u1
ii  ntp 1:4.2.8p15+dfsg-1
ii  p7zip-full  16.02+dfsg-8
pn  pdftk   
ii  poppler-utils   20.09.0-3.1
ii  printer-driver-cups-pdf [cups-pdf]  3.0.1-9
ii  python3-docutils0.16+dfsg-4
ii  python3-pyqrcode1.2.1-4
ii  python3-unidecode   1.2.0-1
ii  python3-vobject 0.9.6.1-0.2
ii  qpdf10.1.0-1
ii  texlive-latex-extra 2020.20210202-3
ii  texlive-latex-recommended   2020.20210202-3
ii  w3m [www-browser]   0.5.3+git20210102-6
ii  wgerman-medical 20160103-5
ii  xdg-utils   1.1.3-4.1
ii  xmedcon 0.16.3+dfsg-1
ii  xsane   0.999-10

Versions of packages gnumed-client suggests:
pn  autokey-qt | autokey-gtk
ii  edfbrowser  1.81+dfsg-1
ii  entangle3.0-1+b1
pn  freediams   
pn  gimp | kolourpaint4 
ii  gnumed-server   22.15-1
pn  incron  
pn  konsolekalendar 
pn  korganizer  
ii  libchipcard-tools   5.1.5rc2-7
ii  nvram-wakeup1.1-4+b1
pn  pgadmin3
ii  python3-uno 1:7.0.4-4+deb11u1
ii  qrisk2  0.1.20150729-5
pn  shutdown-at-night   
pn  wakeonlan | etherwake | gwakeonlan  

-- no debconf information

Bug#733094: 20 GB senseless logfile

[karsten]

I have the same problem here with Debian 11 (bullseye).

The only solution seems to be
apt-get purge uvcdynctrl

After that my webcam still works.
So this package can be seen as unusable, harmful and dispensable.
This should not be installed and all dependencies snatched.

Best regards
karsten

Bug#1004284: tomcat9: postinst creates wrong userhome via systemd-sysusers

[Karsten Schöke]

Package: tomcat9
Version: 9.0.43-2~deb11u3
Severity: important

Dear Maintainer,

Debian creates in the postinst script via systemd-sysusers
a system user named tomcat whose home directory is /var/lib/tomcat. 
This directory does not exist, but /var/lib/tomcat9

-- System Information:
Debian Release: 11.2
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tomcat9 depends on:
ii  lsb-base11.1.0
ii  systemd 247.3-6
ii  tomcat9-common  9.0.43-2~deb11u3
ii  ucf 3.0043

Versions of packages tomcat9 recommends:
ii  libtcnative-1  1.2.26-1

Versions of packages tomcat9 suggests:
ii  tomcat9-admin 9.0.43-2~deb11u3
pn  tomcat9-docs  
pn  tomcat9-examples  
pn  tomcat9-user  

-- no debconf information

Bug#1003399: Correct configuration of Exim

[karsten]

Am 22.01.22 um 16:23 schrieb Marc Haber:

Maybe you are so kind to provide an example how you have included Spamassassin 
in Exim,
so that it will run with the packages of Debian 11?


Personally I am running spamassassin via the exiscan extension, using
the spamd_address option in main configuration and the spam option in
the data ACL. To get a report into the message you need to use, for
example, a system filter. See the exim specification chapter 45.2 for
more information.


Always only references to the documentation but no usable examples.
Specially for the introduced "tainted" problem.




Indeed i am thinking that maybe Postfix is a better choice as MTA, because Exim 
seems to be
more and more complicated to configure?


That depends on what you intend to do. postfix is like menu of a
restaurant: You can choose from the dishes if you like them. Exim is the
fully equipped kitchen: You can do anything you like but you need some
knowledge to do that.


Indeed. There is another software with such a concept: Asterix PBN.
But for Asterisk you can find many examples for detail problems out there.


I would define an virtual mail system as email server for different domains,
that can ideally be managed with entries in an database like Mariadb.


That is not enough defition, I am afraid. I guess defining this is
enough content for a Master's thesis.


What is a "Master's thesis" ?

Up to now i only know one standard virtual mail system integrated into 
https://www.ispconfig.de/

Greetings
karsten

Bug#1004241: System sounds can not be mapped to the correct output

[karsten]

Package: pulseaudio
X-Debbugs-Cc: deb...@decotrain.de
Version: 14.2-2
Severity: normal

Hello maintainer,

after the upgrade from Debian 10 to 11 the system sounds can not be mapped to 
the correct output any more.
You can see in the screenshot the missing drop-down element.

The PC has an old soundblaster soundcard with speaker for the 'normal sounds'.
Additional there is an (optional) USB WEILIANG 24BIT USB for hearing music in 
high quality.
When it is enabled all sound goes over the (new) USB device, but this sound 
should not be disturbed by system sound.

What can be done?

Best regards
karsten


-- Package-specific info:
File '/etc/default/pulseaudio' does not exist


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#732788: Processed (with 5 errors): 732788

[Carl Karsten]

How often should I ping you?

On Thu, Jan 13, 2022 at 2:13 PM Carl Karsten  wrote:
>
> On Mon, Jan 3, 2022 at 3:51 AM Carl Karsten  wrote:
> >
> > https://salsa.debian.org/cloud-team/cloud-initramfs-tools/-/merge_requests/5
>
> bump ^^^
>
> >
> > On Sat, Jan 1, 2022 at 8:28 AM Thomas Goirand  wrote:
> > >
> > > On 12/31/21 10:14 PM, Carl Karsten wrote:
> > > > What do I need to do to get overlayroot into unstable?
> > >
> > > Hi,
> > >
> > > Thanks for your explanation, now I get it.
> > >
> > > If you want to work on this yourself, you can simply provide a merge
> > > request in the Salsa repository over here:
> > > https://salsa.debian.org/cloud-team/cloud-initramfs-tools
> > >
> > > then ping me again in this bug.
> > >
> > > Cheers,
> > >
> > > Thomas Goirand (zigo)
> >
> >
> >
> > --
> > Carl K
> >
>
>
> --
> Carl K



-- 
Carl K

Bug#732788: Processed (with 5 errors): 732788

[Carl Karsten]

On Mon, Jan 3, 2022 at 3:51 AM Carl Karsten  wrote:
>
> https://salsa.debian.org/cloud-team/cloud-initramfs-tools/-/merge_requests/5

bump ^^^

>
> On Sat, Jan 1, 2022 at 8:28 AM Thomas Goirand  wrote:
> >
> > On 12/31/21 10:14 PM, Carl Karsten wrote:
> > > What do I need to do to get overlayroot into unstable?
> >
> > Hi,
> >
> > Thanks for your explanation, now I get it.
> >
> > If you want to work on this yourself, you can simply provide a merge
> > request in the Salsa repository over here:
> > https://salsa.debian.org/cloud-team/cloud-initramfs-tools
> >
> > then ping me again in this bug.
> >
> > Cheers,
> >
> > Thomas Goirand (zigo)
>
>
>
> --
> Carl K
>


-- 
Carl K

Bug#1003399: Correct configuration of Exim

[karsten]

Hello Marc,

thank you for the response.

Am 09.01.22 um 19:05 schrieb Marc Haber:

Yes - the other possibility is to prevent upgrades of this package.


That is a decidedly bad idea. Exim is a huge suid binary (a design one
out never choose today, the concept was valid 25 years ago) and you need
security updates for that.


That's of course true.
Hopefully the version of Exim will not change until the configuration could be 
adapted.
Security updates will not need a new version of Exim within this stable 
distribution?


But there are additional other problems like spamassasin does not work any more,
so the configuration must be updated in many kinds.


Spamassassin in YOUR configuration doesn't work any more. My systems
using spamassassin via exiscan-ACL have not even ridden a bump during
the upgrade.


Maybe you are so kind to provide an example how you have included Spamassassin 
in Exim,
so that it will run with the packages of Debian 11?


Is there a default configuration for a private virtual mail server on dynamic 
IP's ?


Not that I am aware of. But if you roll yourself, you need to be able to
take care of it. I think there might be solutions that might be better
suited to your needs than Exim.


Indeed i am thinking that maybe Postfix is a better choice as MTA, because Exim 
seems to be
more and more complicated to configure?


btw, this triggers me, as "virtual mail" does not have a definition, it
leaves like ten way to interpret the task at hand.


I would define an virtual mail system as email server for different domains,
that can ideally be managed with entries in an database like Mariadb.

Greetings
karsten

Bug#1003399: After distribution upgrade many mails are "tainted" and not delivered

[karsten]

Hello Marc,

Am 09.01.22 um 18:07 schrieb Marc Haber:

No - sorry - why should someone search and find important informations in other 
package News?


The same information is also in
/usr/share/doc/exim4-daemon-heavy/NEWS.Debian.gz, both binaries are
built from the same source. Most Debian systems are configured to show
this information prominently on package upgrade, and it is also a good
idea to look in the package docs and the BTS before asking a search
engine.


you are right - this is a good idea.


Most information one finds on a search engine is outdated and maybe even
wrong. And the current information regading brand new software is often
not indexed yet.


   .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
allow_insecure_tainted_data = yes
   .endif


This will only work as a temporary measure and will be removed in the
future. You should work on getting your configuration to work with the
tightened security features newer exims come.


Yes - the other possibility is to prevent upgrades of this package.
But there are additional other problems like spamassasin does not work any more,
so the configuration must be updated in many kinds.


If that are issues with Debian's default configuration please file bugs
so that we can fix them, if it's issues with your local configuration
you're on your own with that.


Is there a default configuration for a private virtual mail server on dynamic 
IP's ?

Cheers
karsten

Bug#1003399: After distribution upgrade many mails are "tainted" and not delivered

[karsten]

Hello Marc,

Am 09.01.22 um 17:15 schrieb Marc Haber:


The research of this error message leads to a big discussion without an 
solution here:


Did the research not lead you to the documentation in the package, such
as /usr/share/doc/exim4-base/NEWS.Debian.gz, which explains the issue?


No - sorry - why should someone search and find important informations in other 
package News?


Please feel free to re-open this bug if reading NEWS.Debian doesn't
help.


The 'trick' with $local_part_data did not help and only leads to more other 
problems ...

But your hint rescues the day - thank you very much!

For other desperate exim users - add to the exim4.conf configuration:

  .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
   allow_insecure_tainted_data = yes
  .endif


When there is the time the other hints will be used for a correction to the new 
configuration challenge.
You already closed the bug that is only "new features" - thanks

Best regards
karsten

Bug#1003399: After distribution upgrade many mails are "tainted" and not delivered

[karsten]

Package: exim4-daemon-heavy
Version: 4.94.2-7
Severity: important


Hello Maintainer,

after upgrading the server from Debian 9 to 11 there is a problem with (actual) 
no solution.
Here is an example from the paniclog:

2022-01-06 14:13:56 1n4NwM-00ASE5-Py == sys...@example.com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery 
transport) not permitted
2022-01-06 14:13:56 1n3cy0-008N8T-By == karsten@example-com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/m
ail/example.com/karsten/' (file or directory name for local_mysql_delivery 
transport) not permitted


The mainlog is full of messages like this for every local delivery:
2022-01-09 14:53:39 1n5pDL-000Z0k-OR == sys...@example.com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery 
transport) not permitted



The research of this error message leads to a big discussion without an 
solution here:

https://www.mail-archive.com/exim-users@exim.org/msg54866.html (another example)

This seems to be introduced in exim V 4.94:
https://www.mail-archive.com/exim-users@exim.org/msg54868.html

The documentation is not understandable:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_appendfile_transport.html#SECTfildiropt

Even other hints did not work, like this:
https://www.gentoo.org/support/news-items/2021-05-04-exim-transports-disallow-tainted.html



What must be done to get the mails de-tainted?
When there is no simple understandable solution an server version < 4.94 must 
be used.



The config for this part is this:

local_mysql_delivery:
  driver = appendfile
  directory = /srv/mail/${domain}/${local_part}/
  maildir_format
  delivery_date_add
  envelope_to_add
  return_path_add
  user = Debian-exim
  group = mail
  mode = 0660



Thank you for any hint to solve the problem.

Best regards
karsten



-- Package-specific info:
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC 
Event I18>
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql 
nis nis>

Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8


-- System Information:
Debian Release: 11.2
 APT prefers stable-updates
 APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1003398: After distribution upgrade many mails are "tainted" and not delivered

[Karsten Malcher]

Package: exim4-daemon-heavy
Version: 4.94.2-7
Severity: important


Hello Maintainer,

after upgrading the server from Debian 9 to 11 there is a problem with (actual) 
no solution.
Here is an example from the paniclog:

2022-01-06 14:13:56 1n4NwM-00ASE5-Py == sys...@example.com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery 
transport) not permitted
2022-01-06 14:13:56 1n3cy0-008N8T-By == karsten@example-com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/m
ail/example.com/karsten/' (file or directory name for local_mysql_delivery 
transport) not permitted


The mainlog is full of messages like this for every local delivery:
2022-01-09 14:53:39 1n5pDL-000Z0k-OR == sys...@example.com R=mysql_user 
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery 
transport) not permitted



The research of this error message leads to a big discussion without an 
solution here:

https://www.mail-archive.com/exim-users@exim.org/msg54866.html (another example)

This seems to be introduced in exim V 4.94:
https://www.mail-archive.com/exim-users@exim.org/msg54868.html

The documentation is not understandable:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_appendfile_transport.html#SECTfildiropt



What must be done to get the mails de-tainted?
When there is no simple understandable solution an server version < 4.94 must 
be used.



The config for this part is this:

local_mysql_delivery:
  driver = appendfile
  directory = /srv/mail/${domain}/${local_part}/
  maildir_format
  delivery_date_add
  envelope_to_add
  return_path_add
  user = Debian-exim
  group = mail
  mode = 0660



Thank you for any hint to solve the problem.

Best regards
karsten



-- Package-specific info:
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC 
Event I18>
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql 
nis nis>

Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8


-- System Information:
Debian Release: 11.2
 APT prefers stable-updates
 APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#992592: lightdm does not start / work any more after system upgrade

[Karsten Malcher]

Am 08.01.22 um 03:10 schrieb xiao sheng wen(肖盛文):

If you want use nodm, only run apt-get install nodm in enough.

lightdm and nodm can co-exist in the same machine.

When install nodm after lightdm, It'll display a prompt let user choise "Default 
display manager".

You may choice nodm to use.


Yes - thanks.
But a package that does not work and is useless can be purged.

Bug#992592: lightdm does not start / work any more after system upgrade

[Karsten Malcher]

There seems no solution in sight.

When there is only one user that can be automatically logged in the nodm 
display manager can solve the problem.

Use:
agt-get purge lightdm
apget install nodm

Best regards
karsten

Bug#1003158: [pkg-apparmor] Bug#1003158: apparmor: tunables/home seems to have wrong order of variables

[Karsten Hilbert]

Am Wed, Jan 05, 2022 at 09:13:12PM +0100 schrieb Christian Boltz:

> AppArmor rules are in most cases declarative so that the order doesn't
> matter (exception: before you can extend a variable with "+=" you have
> to initialize it with "=").
>
> The current definition is technically not a bug, "just" confusing.

I agree it is not *technically* a bug.

> However, I agree that defining @{HOMEDIRS} before using it would make
> sense to make it less confusing for human parsers ;-)

Nevertheless, intent-wise it is because it also makes @{HOME}
not include anything from /home/ because @{HOMEDIRS} is
undefined when @{HOME} is set up ?

> Since the change is more cosmetic,

Unless I misunderstand apparmor profile logic it is not
purely cosmetic. It excludes "/home/*/" from @{HOME}.

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#1003158: apparmor: tunables/home seems to have wrong order of variables

[Karsten Hilbert]

Package: apparmor
Version: 2.13.6-10
Severity: important

Dear Maintainers,

there seems to be a order-logic bug in

/etc/apparmor.d/tunables/home

That profile defines @{HOME} first:

@{HOME}=@{HOMEDIRS}/*/ /root/

and *later* defines @{HOMEDIRS}:

@{HOMEDIRS}=/home/

It seems that either the order of definitions needs to be switched or
else the second definition should be

@{HOMEDIRS}+=/home/ #(note the + sign)

?  Or am I missing something.

Thanks,
Karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 
'stable-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 5.15.0-2-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  libc6  2.33-1
ii  lsb-base   11.1.0

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  
pn  apparmor-utils   

-- debconf information:
  apparmor/homedirs:

Bug#992592: lightdm does not start / work any more after system upgrade

[Karsten]

Hello maintainer,

here i have the same problem after upgrading a server with XFCE from Debian 9 
to 10 and then to 11.

After the upgrade there is only a blinking cursor on the monitor.
I already did make an reinstall of the package lightdm.

The X-server and XFCE is working.
I have to get an user console with Ctrl-Alt-F1 and the login with the user.
After that i can call startx to start the X-Server and XFCE.

This package is unusable now.
Please help to solve the problem.

Best regards
karsten

Bug#988596: akonadi-server: bug still exists

[Karsten Hilbert]

Package: akonadi-server
Version: 4:20.08.3-3
Followup-For: Bug #988596


Dear Maintainers,

after an apt full-upgrade from Buster to Bullseye akonadiserver now has an
apparmor profile. That profile seems to prevent it from starting up, as
witnessed by DENY messages in the system log.

Likely, this happens because I have relocated home dirs:

<-->/home/
<--><-->user1 -link-> /somewhere/else/home.user1/
<--><-->user2 -link-> /somewhere/else/home.user2/
<--><-->...

and apparmor seems to not consider the link location as allowed via the
"@xdg_data_home/akonadi/" rules.

For the time being I have set the profile to complain mode but what is
the suggested way forward ?

Thanks,
Karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 
'stable-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 5.15.0-2-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages akonadi-server depends on:
ii  akonadi-backend-mysql4:20.08.3-3
ii  akonadi-backend-postgresql   4:20.08.3-3
ii  libaccounts-qt5-11.16-2
ii  libc62.33-1
ii  libgcc-s110.2.1-6
ii  libkf5akonadiprivate5abi2 [libkf5akonadiprivate5-20.08]  4:20.08.3-3
ii  libkf5akonadiwidgets5abi1 [libkf5akonadiwidgets5-20.08]  4:20.08.3-3
ii  libkf5configcore55.78.0-4
ii  libkf5coreaddons55.78.0-4
ii  libkf5crash5 5.78.0-3
ii  libkf5i18n5  5.78.0-2
ii  libqt5core5a 5.15.2+dfsg-9
ii  libqt5dbus5  5.15.2+dfsg-9
ii  libqt5gui5   5.15.2+dfsg-9
ii  libqt5network5   5.15.2+dfsg-9
ii  libqt5sql5   5.15.2+dfsg-9
ii  libqt5widgets5   5.15.2+dfsg-9
ii  libqt5xml5   5.15.2+dfsg-9
ii  libstdc++6   10.2.1-6

akonadi-server recommends no packages.

Versions of packages akonadi-server suggests:
ii  akonadi-backend-mysql   4:20.08.3-3
ii  akonadi-backend-postgresql  4:20.08.3-3
pn  akonadi-backend-sqlite  

-- no debconf information

Bug#732788: Processed (with 5 errors): 732788

[Carl Karsten]

https://salsa.debian.org/cloud-team/cloud-initramfs-tools/-/merge_requests/5

On Sat, Jan 1, 2022 at 8:28 AM Thomas Goirand  wrote:
>
> On 12/31/21 10:14 PM, Carl Karsten wrote:
> > What do I need to do to get overlayroot into unstable?
>
> Hi,
>
> Thanks for your explanation, now I get it.
>
> If you want to work on this yourself, you can simply provide a merge
> request in the Salsa repository over here:
> https://salsa.debian.org/cloud-team/cloud-initramfs-tools
>
> then ping me again in this bug.
>
> Cheers,
>
> Thomas Goirand (zigo)



-- 
Carl K

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 16:07 schrieb Matthias Andree:
> Am 02.01.22 um 14:03 schrieb Karsten:
>> Am 02.01.22 um 12:15 schrieb Matthias Andree:
>>>> I am the owner of the domain so nobody is hijacked!
>>> Are you the owner of "mydomain.de" or of the unnamed domain you intended
>>> not to show to the public?
>> Do you want to help with this new certificate issue or discuss the ownership 
>> of domains?
> 
> In this case, the latter. There are dedicated domain names for everyone
> to use for documentation and test purposes,
> https://datatracker.ietf.org/doc/html/rfc6761#section-6.5

Aha - O.K.

>> With the search "install OpenSSL trust store" i could find this article:
>> https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
>> that explains much of the stuff, but not how to use an self-signed 
>> certificate.
> 
> https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list/
> but check the fine print and lower rated comments, too -- for recent
> ca-certificates packages.

Thank you - that is very helpful.

> Basically you can install the self-signed certificate (if you or a
> trusted party signed it, and you have transmitted it over a secure
> channel, for instance, via SFTP or SCP) into the trust store (assuming
> it suits both the TLS server and the signing CA roles - which was set
> when you created it).

Just for understanding - the installation is the public certificate of the 
server,
or must be a special file derived from the private certificate?

>>
>> This worked for more then 5 years with TLS1.2 without any problem.
>> Why this must be a problem now?
> 
> Because "working" does not imply "working safely and securely".

Yes - but the connection was still encrypted and not plain text.
The connection was just not secure against all forms of attacks.

>> Take the example Mozilla and please explain why it works without an "OpenSSL 
>> trust store" ?
> 
> 
> Mozilla applications ship with their own trust store and do not use
> OpenSSL, but incorporate their own TLS library called NSS.

O.K. But how this helps to connect to a server with self-signed certificates?

>> O.K. Then you have no request to this CA-servers for every connect to a 
>> server with a certificate, but every private
>> server is registered there and every client will request the "trust" once to 
>> access the server.
>> So you can made a profil who is using a server. That's the simple goal of it.
> 
> 
> No, where does that access happen? The trust store is local to your
> computer and fetchmail might use your system's DNS resolver (which can
> have privacy implications) and will connect to the servers you point it to.

First you send your certificate to the public CA to sign it.
Then an client must connect the CA to proove that the public certificate is 
correct signed.

Correct or wrong?

> It uses OpenSSL's unless you override that (see man fetchmail for
> --ssl... options).

I promise to take the time to learn this part about using OpenSSL.

> I understand, but too many variables involved and neither of us has time
> for guesswork. I don't know how your CA (even if only implied for that
> certificate) is set up or whatever else is needed, and I don't intend to
> do consulting.

I only used this silly OpenSSL command to generate the self-signed certificate 
and filled the questions OpenSSL asked.
It should not be much more complicate to use a local trust store.

> Figuratively speaking, you need to learn how to fish, not be given the fish.

Fishing get's more and more complex.
But it's true and i must learn it.

>> When this is a standard procedure, why it is not possible to find existing 
>> examples how to handle it?
>> Why it is still possible to fetch Data with TLS1.2 from the FTP-Server 
>> without similar problems?
> 
> fetchmail doesn't do FTP, and FTP is being phased out because it's hard
> to get right with its two connections, active/passive mode,
> firewalls/NAT/conntrack, TLS being added afterwards and I guess it was
> superseded by many other protocols that either tunnel through SSH or use
> one TLS connection, for instance, DAV.

That's the way i thought it is working.
TLS is used to establish a secure encrypted connection and afterwards the rest 
is tunneled through it?
Then it is not crucial how complex the protocol is.
when two or more ports are needed then more secure connections must be 
established.

> It is probably not about TLS version numbers anyways, but generally
> tightened security. You upgraded the entire client system, and that
> brought a lot of changes.
> https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
> might also be involved.

I have to go through each different service that uses encryption, email, ftp, 
xmpp, etc.
Maybe i will find a general better way to manage the certificates for 
encryption.

Thank you for your invested time!
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 15:28 schrieb Matthias Andree:
>>> Untrue. Messages were fetched without proper protection from
>>> MITM/eavesdropping attacks, unless you were using *other* options to
>>> ensure authenticity of the server. Which I doubt, else you would have
>>> asked specific questions about fetchmail options.
>> That's true - but you change the privacy with an voluntary registration at 
>> an CA-authority.
> 
> I don't see anyone suggested that, but tell me how...

It started with Internet browsers wanting confirmation every time an https 
certificate is not publicly verifiable.
The key point of surveillance is to get people to disclose private 
communications and servers.

For example, with Tor, all traffic goes through only one or a few outbound 
servers, so it's easy to see who is using
such evil technology. Packets can be correlated over the time.

>> The people that can make MITM/eavesdropping attacks can fake an CA-authority 
>> too.
> 
> ...that CA certificate would make it into your trust store. There used
> to be ill-advised instructions by fourth parties that gave the wrong
> advise to download and storing the server's certificate into the trust
> store. If the faked CA authority certificate is not in your trust store,
> certificate validation will flag the missing trust anchor or issue
> "self-signed certificate" errors.

This point is not clear.
When you have a copy of the downloaded public certificate you can check against 
it or not?
So when somebody tries to fake the certificate without having the private 
certificate this should be conspicuous.
In this case i understand the sense of this trust store.

> 
> In practice, Linux and BSD distros usually deploy the CAs from Mozilla's
> CA Program https://blog.mozilla.org/security/category/ca-program/ and
> Mozilla have banned CAs that were abusive.

This is definitely a coin with two sides.

>> Do you think it is possible to make thousands of MITM/eavesdropping attacks 
>> parallel for every private server?
> 
> 
> You can safely bet it happens at scale, and million-fold each and every
> day. The question is who will make the faked CA authority trustworthy?

When possible you should check the fingerprint of the used certificate.
After checking this certificate and connection can be trusted. Right?

> Company networks with malware-scanning outside proxies, free WiFi sites,
> you name it.
> 
> You don't verify, you don't know.

Not for every website of course, but for a private account that is used daily.

>> Can you please recommend *other* options to ensure more security with self 
>> signed certificates?
> 
> See my previous messages, put the CA certificate (not private key) that
> signed your server's certificate into the OpenSSL trust store of the
> computer running fetchmail, or into a local place that you point
> fetchmail to. That won't work without reading documentation on how
> certification chains and trust delegation work. In the Debian world,
> things revolve around update-ca-certificates from the ca-certificates
> package.

Is there any documentation for DAU's (dumbest presumed user) out there?
With examples how to use it?

> That's not what I wrote, but the logic you refer to is why fetchmail 6.4
> - finally - forbids unverified certificates by default.
> Meaning: No more connection to sites with incomplete certification
> chains or where the certification chain cannot be anchored to a trusted CA.

I agree (in the meantime) that this is a useful pedagogical method. :-)

>> Why have older fetchmail versions made proper trust verification optional? 
>> :-)
> 
> 6.3 appeared in 2005, before E. Snowden hat blown the whistle and before
> web browsers started to flag sites with unverified certification chains
> as insecure - and 6.3.X has kept compatibility and defaults.

That was good for users like me.

> Before this turns into more gossip, I propose to close the bug report
> now. Do that by replying to 1002910-cl...@bugs.debian.org instead of the
> 1002910@ address.

Yes - this is a feature and not a bug.
But it would be still wonderful if the lazy users have a chance to use 
encryption without studying documentation for weeks.

Cheers
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 12:28 schrieb Matthias Andree:
> But it would be helpful for others what must be done to create and install 
> this new "client side certificate" that
>>>> appears about 2018?
>>>   I think the certificate issue was there right from the beginning.
>> Definitely no. Mails where fetched for about 5 years without any problem.
> Untrue. Messages were fetched without proper protection from
> MITM/eavesdropping attacks, unless you were using *other* options to
> ensure authenticity of the server. Which I doubt, else you would have
> asked specific questions about fetchmail options.

That's true - but you change the privacy with an voluntary registration at an 
CA-authority.
The people that can make MITM/eavesdropping attacks can fake an CA-authority 
too.
Do you think it is possible to make thousands of MITM/eavesdropping attacks 
parallel for every private server?

Can you please recommend *other* options to ensure more security with self 
signed certificates?

>>
>> I'm caring about safety and privacy, that's the reason encryption with 
>> private certificates are used.
> Nonsense. That's the reason why fetchmail 6.4.0 finally broke
> compatibility with broken sites and finally (far too late) enforces
> proper X.509 certificate chains to so-called trust anchors.

Can you explain this a little bit more please?

Using encryption with an self-signed certificate cannot be more nonsense then 
to use no encryption at all.
This makes no sense for me from a logic point.

>>> In this case the original private certificate from the server is needed?
>>>
>>> Why a client must have additional files now to access an server
>
> No. That's the wrong question to ask. Do not ask "why they are needed
> now", but "why have older fetchmail versions made proper trust
> verification optional" for so many years.

Why have older fetchmail versions made proper trust verification optional? :-)

> And another question to ask is "why do users ignore manuals and NEWS
> files of the applications they use"

That's a really good question.

When I think about it, the honest answer is probably laziness and to some 
extent disinterest.
You set up a server at a certain point in time and as soon as it is running 
smoothly, you don't change anything about it
- true to the motto "don't touch a running system".
To the best of the knowledge and understanding, you have installed encrypted 
communication and hope that this is both
sufficient and maintained through security updates.

> And a third one, to third parties and outside of this bug's context "how
> do we get proper yet concise certificate trust management documentation
> in prominent places?".

This is a very good question too!

The most important problem is that this encryption stuff is very complicate to 
avoid to say "to complicate".
You have to have the affinity to want to understand it, to really see through 
the details.

>
> One half is really OpenSSL basic usage and how to maintain its trust
> store, and one half is, sorry to be so blunt, a half-baked approach at
> trying to be your own CA without knowing what you are doing.

That's correct.
It is an unsuccessful attempt to bridge the gap between encryption in use and 
complete understanding of it.

> Fetchmail's expectation is that the server-presented single self-signed
> certificate, or normally certificate chain, traces back to a root
> signing certificate that is "trusted" and is installed in your local
> computer's OpenSSL trust store (the one running fetchmail), and trusted
> in a way that it properly verifies the sub-CAs it authenticates with
> respect to the policies and practices they implement. But this is all
> OpenSSL trust handling and, again, not specific to fetchmail.

Thank you for this explanation - that helps me to follow you.

Cheers
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 02.01.22 um 12:15 schrieb Matthias Andree:
>> I am the owner of the domain so nobody is hijacked!
> 
> Are you the owner of "mydomain.de" or of the unnamed domain you intended
> not to show to the public?

Do you want to help with this new certificate issue or discuss the ownership of 
domains?

>> A self signing certificate is absolutely sufficient and perfect for private 
>> use.
> 
> Then install your own CA or (if marked as CA-suitable) issuer
> certificate it into your fetchmail client's OpenSSL trust store, or a
> separate location, and move on.

I want to do this - what must be done?

>> The same TLS1.2 as before shall be used, so it is not understandable why 
>> addtional things are mandantory now?
>> Why old certificates cannot be used any more when the client that uses a 
>> server is upgraded?
> 
> It is not about certificates, but - as László pointed out - about
> repairing fetchmail's security requirements from substandard to "Stand
> der Technik". fetchmail 6.4.0 made --sslcertck the default, as various
> places of the documentation (man page, NEWS file) point out.

When this method is "state of the art", why it is not explained somewhere?

With the search "install OpenSSL trust store" i could find this article:
https://support.code42.com/CP/Admin/On-premises/6/Configuring/Use_OpenSSL_to_install_a_keystore
that explains much of the stuff, but not how to use an self-signed certificate.


> The standard use case for fetchmail is to fetch mail from "big sites"
> and those can be expected to handle proper certification chains.

I agree - but is a private mail-server something that must be eliminated?

> Your use case is "run my own TLS server"; in that case fetchmail can
> safely assume people are aware what they are doing and how to handle trust.

This worked for more then 5 years with TLS1.2 without any problem.
Why this must be a problem now?

>>>> In the Internet are a mass of similar problems with fetchmail, but no 
>>>> description what exactly must be done to solve
>>>> it.
>>> Because "similar problems" are usually a broken setup of either
>>> server-side certificates that don't trace back to commonly used and
>>> trusted stores (Mozilla's trusted CA package, mostly), or local broken
>>> setups.

Take the example Mozilla and please explain why it works without an "OpenSSL 
trust store" ?

>> This "stores" are a big problem of public monitoring, because every 
>> certificate causes requests to this central "stores".
> 
> Untrue. Mozilla's certificates are installed for offline use by Debian,
> Fedora, FreeBSD and derived distros under names such as ca-certificates,
> ca_root_nss or similar. AFAICS and up to and including OpenSSL 3.0.0,
> OpenSSL does not perform Online Certificate Status Protocol (OCSP)
> polls, so no calling home involved to date.

O.K. Then you have no request to this CA-servers for every connect to a server 
with a certificate, but every private
server is registered there and every client will request the "trust" once to 
access the server.
So you can made a profil who is using a server. That's the simple goal of it.

> https://manpages.debian.org/buster/ca-certificates/update-ca-certificates.8.en.html
> might be a starting point.

Thanks - but now i still have no idea where to search for the trust store of 
fetschmail?

Why it is not possible to give the needed commands like before, like
openssl req -x509 -newkey rsa:4096 -keyout /etc/exim4/exim.key.pem -out 
/etc/exim4/exim.cert.pem -days 365 -nodes ?

The reason is the lack of understanding what has changed and what must be done 
and not to bother you.

>> But it would be helpful for others what must be done to create and install 
>> this new "client side certificate" that
>> appears about 2018?
> 
> That's standard TLS library procedure and not specific to fetchmail. The
> only specific part is that fetchmail uses OpenSSL, so your self-signing
> server certificate belongs into OpenSSL's trust store, or you can use
> one or both of the --sslcert* options to fetchmail.

When this is a standard procedure, why it is not possible to find existing 
examples how to handle it?
Why it is still possible to fetch Data with TLS1.2 from the FTP-Server without 
similar problems?

Thank you for your help - we are coming to an solution in little steps.

Cheers
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Am 01.01.22 um 17:53 schrieb László Böszörményi (GCS):
> On Sat, Jan 1, 2022 at 2:30 PM Karsten  wrote:
>> But it would be helpful for others what must be done to create and install 
>> this new "client side certificate" that
>> appears about 2018?
>  I think the certificate issue was there right from the beginning.

Definitely no. Mails where fetched for about 5 years without any problem.

> OpenSSL might not have forced its usage or just ignored it if it
> wasn't present? But in modern times everyone should be aware of
> privacy and if s/he really connects to the valid server and not
> suffering a man in the middle attack. As noted, if you don't care
> about your own safety, just use fetchmail with --nosslcertck.

I'm caring about safety and privacy, that's the reason encryption with private 
certificates are used.

> You should already have your Certificate Authority (CA) key. The
> missing step documented there:
> https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/
> and is (where INFILE is your CA key in PKCS #12 format):
> openssl pkcs12 -in INFILE.p12 -out OUTFILE.crt -nokeys
> Then feed it to fetchmail with --sslcertfile. But I don't do it often,
> might be wrong as I don't even know your particular state.

In this case the original private certificate from the server is needed?

Why a client must have additional files now to access an server?

Sorry, but this basics are not understandable.

Cheers
karsten

Bug#1002723: Problem is identified

[Karsten]

Hello Chris,

thank you for your support.

The problem is identified by the firewall of a Fritzbox, that is not able to 
handle correct IPV6.
After disabling IPV6 the problem disappears.

This bug report can be closed.

Happy new year
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Hello Matthias,

Am 01.01.22 um 14:10 schrieb Matthias Andree:
> Notice something?

i notice everything. :-)

> 
> You hijack somebody else's domain for "anonymization" purposes and
> expect someone to help you, and you did not respond to hints the server
> CA's signing certificate might be missing from the trust store.

I am the owner of the domain so nobody is hijacked!

A self signing certificate is absolutely sufficient and perfect for private use.
Why everybody has to be forced to use official certificates?

> Checking with another computer that has a proper installation is
> impossible if you fake data.

Sorry for that, but we are talking about private data and this is an official 
portal here.

> Be sure to install and configure the ca-certificates package - in case
> you had installed fetchmail with --no-install-recommends.

The server has been upgraded from Debian 9 to Debian 11.
So nothing has been manually installed or configured, espacially any 
ca-certificates package.

The same TLS1.2 as before shall be used, so it is not understandable why 
addtional things are mandantory now?
Why old certificates cannot be used any more when the client that uses a server 
is upgraded?

>> In the Internet are a mass of similar problems with fetchmail, but no 
>> description what exactly must be done to solve it.
> 
> Because "similar problems" are usually a broken setup of either
> server-side certificates that don't trace back to commonly used and
> trusted stores (Mozilla's trusted CA package, mostly), or local broken
> setups.

This "stores" are a big problem of public monitoring, because every certificate 
causes requests to this central "stores".

Another problem is to work with certificates and networks, that have no 
internet connection.

> HTH - else you need to provide original data and more information.

I can send this private to your email address.

But it would be helpful for others what must be done to create and install this 
new "client side certificate" that
appears about 2018?

Best regards
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Hello Matthias,

Am 31.12.21 um 20:05 schrieb Matthias Andree:
>> What must be done to get it working again?

This question has not been answered.
I could only find out that this problems did arrive with the introduction of 
TLS1.3.

> Unless you own "mydomain.de" you've now hit innocent bystanders, and in
> that case, making up log data with a domain you do not own is not helpful.

The security relevant logdata is of course anonymized or altered.

>
> If Thunderbird can fetch, either it has a local trust setting, or you've
> missed installing the ca-certificates package, or, as László suggested,
> the certificate is self-signed and you have not installed the signing
> CA's certificate in the trust store.

The OS of the client PC with Thunderbird and of the mailserver has not been 
upgraded, so why there should appear any
problem?
The problem only appears on the upgraded server, that downloads the emails and 
provides them internally.
There where no problems with the upgrade of exim or dovecot, only with 
fetchmail.

In the Internet are a mass of similar problems with fetchmail, but no 
description what exactly must be done to solve it.
So maybe it would be a good idea to create such needed certificates with the 
upgrade scripts.

Happy new year
karsten

Bug#1002910: fetchmail is not able to work with an imap server with TLS1.2 encryption

[Karsten]

Package: fetchmail
Version: 6.4.16-4+deb11u1
Severity: important

I upgraded the server from Debian 9 to 11 and afterwards it seems not possible 
to get fetchmail to work.

I tried every possible option of ssl and sslproto, but fetchmail can't fetch 
the mails.
The log says:

fetchmail: Trying to connect to 185.11.xxx.xxx/993...connected.
fetchmail: Server certificate:
fetchmail: Issuer Organization: mydomain
fetchmail: Issuer CommonName: mydomain.de
fetchmail: Subject CommonName: mydomain.de
fetchmail: mydomain.de key fingerprint: 
7C:CA:43:33:2A:12:B6:8D:83:3C:6E:88:0F:40:4B:6F
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Missing trust anchor certificate:
/C=DE/ST=germany/L=here/O=mydomain/OU=Privacy/CN=mydomain.de/emailAddress=webmas...@mydomain.de
fetchmail: This could mean that the root CA's signing certificate is not in the 
trusted CA certificate location, or that
c_rehash needs to be run on the certificate directory. For details, please see 
the documentation of --sslcertpath and
--sslcertfile in the manual page. See README.SSL for details.
fetchmail: OpenSSL reported: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed
fetchmail: mydomain.de: SSL connection failed.


It is possible to work with Tunderbird (Debian11) direct with the mailserver 
(Dovecot on Debian 8), but not to download
the emails with fetchmail.

What must be done to get it working again?

Cheers
karsten


-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1002815: Connection problems to murmur server with older client V 1.3.0

[Karsten]

Package: mumble
Version: 1.3.4-1
Severity: normal

Hello,

please refer to this bug report at mumble:
https://github.com/mumble-voip/mumble/issues/5382

The connection of the client to the server is always rejected the first time.
Afterwards it connects with a "next server":

|2021-12-27 10:28:31.399 ServerHandler: connection attempt to 
[2001:4dd0:af1b:3a0f:ca0e:14ff:fee6:a090]:64738 failed:
Verbindung verweigert (0); trying next server |


With the older server V 1.2.18 this message does not appear.

A connection with the older client V 1.3.0 (within Debian 10) to the current 
server is generally not possible and always
rejected!

Maybe the maintainer can help with this problem?

Cheers
karsten



-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mumble depends on:
ii  libasound2    1.2.4-1.1
ii  libavahi-compat-libdnssd1 0.8-5
ii  libc6 2.31-13+deb11u2
ii  libgcc-s1 10.2.1-6
ii  libjack-jackd2-0 [libjack-0.125]  1.9.17~dfsg-1
ii  libprotobuf23 3.12.4-1
ii  libpulse0 14.2-2
ii  libqt5core5a  5.15.2+dfsg-9
ii  libqt5dbus5   5.15.2+dfsg-9
ii  libqt5gui5    5.15.2+dfsg-9
ii  libqt5network5    5.15.2+dfsg-9
ii  libqt5sql5    5.15.2+dfsg-9
ii  libqt5sql5-sqlite 5.15.2+dfsg-9
ii  libqt5svg5    5.15.2-3
ii  libqt5widgets5    5.15.2+dfsg-9
ii  libqt5xml5    5.15.2+dfsg-9
ii  libsndfile1   1.0.31-2
ii  libspeechd2   0.10.2-2+deb11u1
ii  libspeex1 1.2~rc1.2-1.1
ii  libspeexdsp1  1.2~rc1.2-1.1
ii  libssl1.1 1.1.1k-1+deb11u1
ii  libstdc++6    10.2.1-6
ii  libx11-6  2:1.7.2-1
ii  libxi6    2:1.7.10-1
ii  lsb-release   11.1.0

mumble recommends no packages.

Versions of packages mumble suggests:
pn  mumble-server  
ii  speech-dispatcher  0.10.2-2+deb11u1

-- no debconf information

Bug#1002737: Connection problems to murmur server with older client V 1.3.0

[Karsten]

Package: mumble
Version: 1.3.4-1
Severity: normal

Hello,

please refer to this bug report at mumble:
https://github.com/mumble-voip/mumble/issues/5382

The connection of the client to the server is always rejected the first time.
Afterwards it connects with a "next server":

|2021-12-27 10:28:31.399 ServerHandler: connection attempt to 
[2001:4dd0:af1b:3a0f:ca0e:14ff:fee6:a090]:64738 failed:
Verbindung verweigert (0); trying next server |


With the older server V 1.2.18 this message does not appear.

A connection with the older client V 1.3.0 (within Debian 10) to the current 
server is generally not possible and always
rejected!

Maybe the maintainer can help with this problem?

Cheers
karsten



-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mumble depends on:
ii  libasound2    1.2.4-1.1
ii  libavahi-compat-libdnssd1 0.8-5
ii  libc6 2.31-13+deb11u2
ii  libgcc-s1 10.2.1-6
ii  libjack-jackd2-0 [libjack-0.125]  1.9.17~dfsg-1
ii  libprotobuf23 3.12.4-1
ii  libpulse0 14.2-2
ii  libqt5core5a  5.15.2+dfsg-9
ii  libqt5dbus5   5.15.2+dfsg-9
ii  libqt5gui5    5.15.2+dfsg-9
ii  libqt5network5    5.15.2+dfsg-9
ii  libqt5sql5    5.15.2+dfsg-9
ii  libqt5sql5-sqlite 5.15.2+dfsg-9
ii  libqt5svg5    5.15.2-3
ii  libqt5widgets5    5.15.2+dfsg-9
ii  libqt5xml5    5.15.2+dfsg-9
ii  libsndfile1   1.0.31-2
ii  libspeechd2   0.10.2-2+deb11u1
ii  libspeex1 1.2~rc1.2-1.1
ii  libspeexdsp1  1.2~rc1.2-1.1
ii  libssl1.1 1.1.1k-1+deb11u1
ii  libstdc++6    10.2.1-6
ii  libx11-6  2:1.7.2-1
ii  libxi6    2:1.7.10-1
ii  lsb-release   11.1.0

mumble recommends no packages.

Versions of packages mumble suggests:
pn  mumble-server  
ii  speech-dispatcher  0.10.2-2+deb11u1

-- no debconf information

Bug#1002723: Connection problems to murmur server with older client V 1.3.0

[Karsten]

Package: mumble
X-Debbugs-Cc: deb...@decotrain.de
Version: 1.3.4-1
Severity: normal

Hello,

please refer to this bug report at mumble:
https://github.com/mumble-voip/mumble/issues/5382

The connection of the client to the server is always rejected the first time.
Afterwards it connects with a "next server":

|2021-12-27 10:28:31.399 ServerHandler: connection attempt to 
[2001:4dd0:af1b:3a0f:ca0e:14ff:fee6:a090]:64738 failed:
Verbindung verweigert (0); trying next server |


With the older server V 1.2.18 this message does not appear.

A connection with the older client V 1.3.0 (within Debian 10) to the current 
server is generally not possible and always
rejected!

Maybe the maintainer can help with this problem?

Cheers
karsten



-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mumble depends on:
ii  libasound2    1.2.4-1.1
ii  libavahi-compat-libdnssd1 0.8-5
ii  libc6 2.31-13+deb11u2
ii  libgcc-s1 10.2.1-6
ii  libjack-jackd2-0 [libjack-0.125]  1.9.17~dfsg-1
ii  libprotobuf23 3.12.4-1
ii  libpulse0 14.2-2
ii  libqt5core5a  5.15.2+dfsg-9
ii  libqt5dbus5   5.15.2+dfsg-9
ii  libqt5gui5    5.15.2+dfsg-9
ii  libqt5network5    5.15.2+dfsg-9
ii  libqt5sql5    5.15.2+dfsg-9
ii  libqt5sql5-sqlite 5.15.2+dfsg-9
ii  libqt5svg5    5.15.2-3
ii  libqt5widgets5    5.15.2+dfsg-9
ii  libqt5xml5    5.15.2+dfsg-9
ii  libsndfile1   1.0.31-2
ii  libspeechd2   0.10.2-2+deb11u1
ii  libspeex1 1.2~rc1.2-1.1
ii  libspeexdsp1  1.2~rc1.2-1.1
ii  libssl1.1 1.1.1k-1+deb11u1
ii  libstdc++6    10.2.1-6
ii  libx11-6  2:1.7.2-1
ii  libxi6    2:1.7.10-1
ii  lsb-release   11.1.0

mumble recommends no packages.

Versions of packages mumble suggests:
pn  mumble-server  
ii  speech-dispatcher  0.10.2-2+deb11u1

-- no debconf information

Bug#994230: Problem in KDE and not in XFCE

[Karsten]

Using XFCE the additional window opens, so this is an issue of KDE.

An bug report has been opened at https://bugs.kde.org/show_bug.cgi?id=442504

Bug#994230: Krusader Version 2.7.2 is showing no details for file transfer anymore

[Karsten]

Package: krusader
X-Debbugs-Cc: deb...@decotrain.de
Version: 2:2.7.2-2
Severity: minor

Hello maintainer,

this question has already been asked in a Debian forum without any answer.

Since Debian 11 (Bullseye) the Krusader version 2.7.2 "Peace of Mind", as well 
as a new service for notifications in KDE
is standard.

There is no option for file operations in the notifications and the Krusader 
does not appear among the applications
there either.

In Krusader itself there is no option to reactivate the old copy window.
This means that important details such as the current transfer speed and 
remaining copy time are omitted.
There is only a basic progress indicator with not details what is happening.

How the old copy window can be reactivated or additional informations be shown?

Thanks and best regards
karsten



-- System Information:
Debian Release: 11.0
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages krusader depends on:
ii  kinit  5.78.0-2
ii  kio    5.78.0-5
ii  libacl1    2.2.53-10
ii  libc6  2.31-13
ii  libkf5archive5 5.78.0-2
ii  libkf5bookmarks5   5.78.0-2
ii  libkf5codecs5  5.78.0-2
ii  libkf5completion5  5.78.0-3
ii  libkf5configcore5  5.78.0-4
ii  libkf5configgui5   5.78.0-4
ii  libkf5configwidgets5   5.78.0-2
ii  libkf5coreaddons5  5.78.0-4
ii  libkf5guiaddons5   5.78.0-3
ii  libkf5i18n5    5.78.0-2
ii  libkf5iconthemes5  5.78.0-2
ii  libkf5itemviews5   5.78.0-2
ii  libkf5jobwidgets5  5.78.0-2
ii  libkf5kiocore5 5.78.0-5
ii  libkf5kiofilewidgets5  5.78.0-5
ii  libkf5kiowidgets5  5.78.0-5
ii  libkf5notifications5   5.78.0-2
ii  libkf5parts5   5.78.0-3
ii  libkf5service-bin  5.78.0-2
ii  libkf5service5 5.78.0-2
ii  libkf5solid5   5.78.0-2
ii  libkf5textwidgets5 5.78.0-2
ii  libkf5wallet-bin   5.78.0-2
ii  libkf5wallet5  5.78.0-2
ii  libkf5widgetsaddons5   5.78.0-2
ii  libkf5windowsystem5    5.78.0-2
ii  libkf5xmlgui5  5.78.0-2
ii  libkf5xmlgui5  5.78.0-2
ii  libqt5core5a   5.15.2+dfsg-9
ii  libqt5dbus5    5.15.2+dfsg-9
ii  libqt5gui5 5.15.2+dfsg-9
ii  libqt5printsupport5    5.15.2+dfsg-9
ii  libqt5widgets5 5.15.2+dfsg-9
ii  libqt5xml5 5.15.2+dfsg-9
ii  libstdc++6 10.2.1-6
ii  zlib1g 1:1.2.11.dfsg-2


Versions of packages krusader recommends:
ii  kde-cli-tools   4:5.20.5-2
ii  keditbookmarks  20.12.0-2
ii  kio-extras  4:20.12.2-1

Versions of packages krusader suggests:
ii  arj 3.10.22-24
ii  ark 4:20.12.2-1
ii  bzip2   1.0.8-4
ii  cpio    2.13+dfsg-4
ii  hashdeep [md5deep]  4.4-7
ii  kate    4:20.12.2-1
ii  kdiff3  1.8.5-1
ii  kmail   4:20.08.3-1
ii  konsole 4:20.12.3-1
pn  krename 
ii  lhasa [lha] 0.3.1-3
ii  md5deep 4.4-5
ii  okteta  5:0.26.5-2
ii  p7zip   16.02+dfsg-8
ii  rar 2:5.5.0-1
pn  rpm 
pn  unace   
ii  unrar   1:6.0.3-1
ii  unzip   6.0-26
ii  zip 3.0-12

Bug#990192: unsolvable

[Karsten]

Thankful i tried to solve the problem with the help of the package maintainer.

But i can only say it is unsolvable, because there seems to be a couple of 
reasons for the problem.

The problem appears with an system update from 2021-03-27.
An older installation on another partition with the last update from 2021-02-14 
is still working without problems!

The PC has an Nvidia card GeForce GT 430.
It is only working with the nouveau driver, the nvidia-legacy-390xx-driver is 
not working.

The problem occurs by using the vdpau driver.
But it is not possible to say exact which library or package has changed that 
this is happening now.

Now there is a workaround by avoiding the vdpau driver:
Go into menu Tools-->preferences
Click the video icon and then select a video output.
Selecting XCB is working and videos are playing without freezing the system.

Bug#987063: gwenview: looses image metadata on jpg rotation

[Karsten Hilbert]

Am Sat, Apr 17, 2021 at 12:54:23PM +0900 schrieb Norbert Preining:

> On Fri, 16 Apr 2021, Nicholas D Steeves wrote:
> > Justification: loss of exif metadata.  A photographer would say "grave 
> > severity"!
>
> Uploaded a fixed version.

Works for me again.

Thanks !

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#987063: gwenview: looses image metadata on jpg rotation

[Karsten Hilbert]

Package: gwenview
Version: 4:20.12.3-1
Severity: normal
Tags: upstream

This release started to drop metadata from JPEG files after rotating
them. I do believe the following upstream commit is the culprit:


https://invent.kde.org/graphics/gwenview/commit/a401e66621bcffbdc75048d9eaded1a5f5a67137

because it "unconditionally" saves JPEGs thereby overwriting them w/o
carrying over metadata :(

Thanks,
Karsten

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-6-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gwenview depends on:
ii  kinit  5.78.0-2
ii  kio5.78.0-4
ii  libc6  2.31-11
ii  libcfitsio93.490-3
ii  libexiv2-270.27.3-3
ii  libgcc-s1  10.2.1-6
ii  libjpeg62-turbo1:2.0.6-4
ii  libkf5activities5  5.78.0-2
ii  libkf5baloo5   5.78.0-3
ii  libkf5completion5  5.78.0-3
ii  libkf5configcore5  5.78.0-4
ii  libkf5configgui5   5.78.0-4
ii  libkf5configwidgets5   5.78.0-2
ii  libkf5coreaddons5  5.78.0-4
ii  libkf5filemetadata35.78.0-2
ii  libkf5i18n55.78.0-2
ii  libkf5iconthemes5  5.78.0-2
ii  libkf5itemmodels5  5.78.0-2
ii  libkf5itemviews5   5.78.0-2
ii  libkf5jobwidgets5  5.78.0-2
ii  libkf5kdcraw5  20.12.0-1
ii  libkf5kiocore5 5.78.0-4
ii  libkf5kiofilewidgets5  5.78.0-4
ii  libkf5kiowidgets5  5.78.0-4
ii  libkf5kipi32.0.0   4:20.12.1-1
ii  libkf5notifications5   5.78.0-2
ii  libkf5parts5   5.78.0-3
ii  libkf5purpose-bin  5.78.0-2
ii  libkf5purpose5 5.78.0-2
ii  libkf5service-bin  5.78.0-2
ii  libkf5service5 5.78.0-2
ii  libkf5solid5   5.78.0-2
ii  libkf5widgetsaddons5   5.78.0-2
ii  libkf5xmlgui5  5.78.0-2
ii  liblcms2-2 2.12~rc1-2
ii  libphonon4qt5-44:4.11.1-3
ii  libpng16-161.6.37-3
ii  libqt5core5a   5.15.2+dfsg-5
ii  libqt5dbus55.15.2+dfsg-5
ii  libqt5gui5 5.15.2+dfsg-5
ii  libqt5printsupport55.15.2+dfsg-5
ii  libqt5svg5 5.15.2-2
ii  libqt5widgets5 5.15.2+dfsg-5
ii  libqt5x11extras5   5.15.2-2
ii  libstdc++6 10.2.1-6
ii  libtiff5   4.2.0-1
ii  libx11-6   2:1.7.0-2
ii  perl   5.32.1-3
ii  phonon4qt5 4:4.11.1-3

Versions of packages gwenview recommends:
pn  kamera 
ii  kio-extras 4:20.12.2-1
ii  qt5-image-formats-plugins  5.15.2-2

gwenview suggests no packages.

-- no debconf information

Bug#984933: powerdevil brakes play of sound when returning from energy saving of the monitor

[Karsten]

Package: powerdevil
Version: 4:5.14.5-1
Severity: normal

Hello,

i often hear music with clementine in the background.
The settings are to switch off the monitor after 15 min. and the music is still 
playing as wanted.

When you move the mouse and the PC is switching on the monitor again, the music 
is pausing for a second.
That's annoying and did not happen on Debian 8.
It would be fine if this would have the same behaviour in Debian 10.

Thanks and best regards
karsten



-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages powerdevil depends on:
ii  kio  5.54.1-1
ii  libc6    2.28-10
ii  libkf5activities5    5.54.0-1
ii  libkf5auth5  5.54.0-2
ii  libkf5completion5    5.54.0-1
ii  libkf5configcore5    5.54.0-1+deb10u1
ii  libkf5configgui5 5.54.0-1+deb10u1
ii  libkf5configwidgets5 5.54.0-1
ii  libkf5coreaddons5    5.54.0-1
ii  libkf5crash5 5.54.0-1
ii  libkf5dbusaddons5    5.54.0-1
ii  libkf5globalaccel-bin    5.54.0-1
ii  libkf5globalaccel5   5.54.0-1
ii  libkf5i18n5  5.54.0-1
ii  libkf5kiowidgets5    5.54.1-1
ii  libkf5networkmanagerqt6  5.54.0-1
ii  libkf5notifyconfig5  5.54.0-1
ii  libkf5service-bin    5.54.0-1
ii  libkf5service5   5.54.0-1
ii  libkf5solid5 5.54.0-1
ii  libkf5waylandclient5 4:5.54.0-1
ii  libkf5widgetsaddons5 5.54.0-1
ii  libkworkspace5-5 4:5.14.5.1-1
ii  libpowerdevilcore2   4:5.14.5-1
ii  libpowerdevilui5 4:5.14.5-1
ii  libqt5core5a 5.11.3+dfsg1-1+deb10u4
ii  libqt5dbus5  5.11.3+dfsg1-1+deb10u4
ii  libqt5gui5   5.11.3+dfsg1-1+deb10u4
ii  libqt5widgets5   5.11.3+dfsg1-1+deb10u4
ii  libqt5x11extras5 5.11.3-2
ii  libstdc++6   8.3.0-6
ii  libudev1 241-7~deb10u6
ii  libxcb-dpms0 1.13.1-2
ii  libxcb-randr0    1.13.1-2
ii  libxcb1  1.13.1-2
ii  powerdevil-data  4:5.14.5-1

powerdevil recommends no packages.

powerdevil suggests no packages.

-- no debconf information

Bug#984438: questionable dependency on python3-pip

[Karsten Hilbert]

Am Wed, Mar 03, 2021 at 08:33:57PM +0100 schrieb Matthias Klose:

> >> gnumed-client depends on python3-pip. Why?
> >>
> >> The only use is in external-tools/check-prerequisites.py trying to 
> >> download the
> >> pysvg module last updated in 2012, and not ported to Python3 ...
> >
> > The helper script external-tools/check-prerequisites.py
> > certainly does not do anything obnoxious like "trying to
> > download the pysvg module". It merely tells the user how to
> > retrieve the proper version thereof.
>
> well, then it can tell to install python3-pip as well.

It now does, thanks for the suggestiong.

> > Quite apart from that the dependency can safely be demoted to
> > Recommends:, or even Suggests:, if the former is still
> > coupling too tightly.
>
> just remove it, or package the dependency properly.

Is there anything fundamentally, conceptually *wrong*
(not just not recommendable) with

Suggests: python3-pip

?

Best,
Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#984438: questionable dependency on python3-pip

[Karsten Hilbert]

Am Wed, Mar 03, 2021 at 07:49:29PM +0100 schrieb Matthias Klose:

> gnumed-client depends on python3-pip. Why?
>
> The only use is in external-tools/check-prerequisites.py trying to download 
> the
> pysvg module last updated in 2012, and not ported to Python3 ...

The helper script external-tools/check-prerequisites.py
certainly does not do anything obnoxious like "trying to
download the pysvg module". It merely tells the user how to
retrieve the proper version thereof.

Quite apart from that the dependency can safely be demoted to
Recommends:, or even Suggests:, if the former is still
coupling too tightly.

Thanks,
Karsten (upstream)
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#984426: grub suddenly does not boot and ends up with "grub_register_command_lockdown not found"

[Karsten]

Am 03.03.21 um 18:00 schrieb Colin Watson:
> On Wed, Mar 03, 2021 at 05:20:39PM +0100, Karsten wrote:
>> there was no system update or an installation. It booted perfect.
> Since you're reporting this against grub-pc 2.02+dfsg1-20+deb10u4, and
> since the mentioned grub_register_command_lockdown symbol was only
> introduced in that version, then there must have been a system update,
> because we only released that version yesterday.

A search shows in /var/log/apt/history.log

Start-Date: 2021-03-03  09:28:01
Commandline: /usr/bin/unattended-upgrade
Upgrade: grub-common:amd64 (2.02+dfsg1-20+deb10u3, 2.02+dfsg1-20+deb10u4), 
grub2-common:amd64 (2.02+dfsg1-20+deb10u3,
2.02+dfsg1-20+deb10u4), grub-pc:amd64 (2.02+dfsg1-20+deb10u3, 
2.02+dfsg1-20+deb10u4), grub-pc-bin:amd64
(2.02+dfsg1-20+deb10u3, 2.02+dfsg1-20+deb10u4)
End-Date: 2021-03-03  09:28:36

Start-Date: 2021-03-03  17:03:42
Reinstall: grub-pc:amd64 (2.02+dfsg1-20+deb10u4)
End-Date: 2021-03-03  17:04:12


How can such "unattended-upgrade" be killed?


An upgrade on an other partition to Debian 11 (Testing) failed,
so it is not an good idea to use grub on an failed installation.

> What does "sudo debconf-show grub-pc" say?
>

  grub-pc/install_devices_empty: false
  grub2/device_map_regenerated:
  grub2/kfreebsd_cmdline_default: quiet
  grub-pc/disk_description:
  grub2/force_efi_extra_removable: false
  grub2/update_nvram: true
  grub-pc/install_devices_failed_upgrade: true
* grub-pc/install_devices: /dev/disk/by-id/ata-TOSHIBA_DT01ACA200_84H86A0GS
* grub2/linux_cmdline:
  grub-pc/partition_description:
  grub-pc/hidden_timeout: false
  grub-pc/install_devices_failed: false
  grub-pc/timeout: 5
  grub2/kfreebsd_cmdline:
  grub-pc/kopt_extracted: false
  grub-pc/mixed_legacy_and_grub2: true
  grub-pc/chainload_from_menu.lst: true
  grub-pc/postrm_purge_boot_grub: false
* grub-pc/install_devices_disks_changed: 
/dev/disk/by-id/ata-TOSHIBA_DT01ACA200_84H86A0GS-part3
* grub2/linux_cmdline_default: quiet

Bug#972820: Distribution of Debian cannot be upgraded from Buster to Bullseye

[Karsten]

Am 13.02.21 um 22:56 schrieb Phil Morrell:
> On Sat, Feb 13, 2021 at 05:02:19PM +0100, Karsten wrote:
>> Hi Phil,
>>
>> makes it sense to try a retest with the current Bullseye?
> Yes please, as I believe it's been fixed already.

It's done with good and bad news.

The good news are that the upgrade did go through this time.
I attached the output before the upgrade was running.
(So the solution was just to wait for the problem to go :-)

The bad news are that Debian 11 can boot, KDE is starting, but with errors.
All elements for navigation and starting applications are missing (crash of 
ksplashqml).

Best regards
karsten

# aptitude dist-upgrade
Die folgenden NEUEN Pakete werden zusätzlich installiert:
  alsa-topology-conf{a} alsa-ucm-conf{a} bind9-dnsutils{a} bind9-libs{a} bladerf{a} bsdextrautils bup{a} bup-doc{a} calendar 
  coinor-libcbc3{a} coinor-libcgl1{a} coinor-libclp1{a} coinor-libcoinmp1v5{a} coinor-libcoinutils3v5{a} coinor-libosi1v5{a} cpp-10{a} 
  digikam-data{a} enchant-2{a} fonts-liberation2{a} fonts-opensymbol{a} fonts-symbola{a} fonts-urw-base35{a} fuse3{ab} g++-10{a} 
  gcc-10{a} gcc-10-base{a} gcc-10-base:i386{a} gcc-9-base{a} gir1.2-harfbuzz-0.0{a} gir1.2-telepathyglib-0.12{a} 
  glib-networking:i386{a} gparted-common{a} gstreamer1.0-gtk3{a} gstreamer1.0-plugins-good:i386{a} gstreamer1.0-x:i386{a} hwdata{a} 
  ibus-data{a} icu-devtools{a} ipp-usb{ab} ipp-usb:i386{ab} kmailtransport-akonadi{a} kontrast{a} kpeople-vcard{a} kup-backup{a} 
  kuserfeedback-doc{a} lib32gcc-s1{a} libaa1:i386{a} libabsl20200923{a} libabw-0.1-1{a} libalglib3.17{a} libaliased-perl{a} libann0{a} 
  libany-uri-escape-perl{a} libaom2{a} libapt-pkg6.0{a} libarmadillo10{a} libasan6{a} libatopology2{a} libavc1394-0:i386{a} libavif9{a} 
  libbcg729-0{a} libbladerf2{a} libboost-atomic1.74-dev{a} libboost-atomic1.74.0{a} libboost-chrono1.74-dev{a} libboost-chrono1.74.0{a} 
  libboost-date-time1.74-dev{a} libboost-date-time1.74.0{a} libboost-filesystem1.74-dev{a} libboost-filesystem1.74.0{a} 
  libboost-iostreams1.74.0{a} libboost-locale1.74.0{a} libboost-program-options1.74-dev{a} libboost-program-options1.74.0{a} 
  libboost-regex1.74-dev{a} libboost-regex1.74.0{a} libboost-serialization1.74-dev{a} libboost-serialization1.74.0{a} 
  libboost-system1.74-dev{a} libboost-system1.74.0{a} libboost-test1.74-dev{a} libboost-test1.74.0{a} libboost-thread1.74-dev{a} 
  libboost-thread1.74.0{a} libboost1.74-dev{a} libbotan-2-17{a} libbpf0{a} libbrlapi0.8{a} libbrotli1:i386{a} libbz2-1.0:i386{a} 
  libc-devtools{a} libcaca0:i386{a} libcairo-gobject-perl{a} libcairo-gobject2:i386{a} libcapstone4{a} libcbor0{a} libcfitsio9{a} 
  libclass-data-inheritable-perl{a} libclucene-contribs1v5{a} libclucene-core1v5{a} libcmis-0.5-5v5{a} libcodec2-0.9{a} 
  libconfig-tiny-perl{a} libcpanel-json-xs-perl{a} libcppunit-1.15-0{a} libcrypt-dev{a} libcrypt1{a} libcrypt1:i386{a} libcrypto++8{a} 
  libctf-nobfd0{a} libctf0{a} libcurl3-gnutls:i386{a} libcurl4:i386{a} libcwidget4{a} libdap27{a} libdata-dpath-perl{a} 
  libdata-messagepack-perl{a} libdata-validate-domain-perl{a} libdatrie1:i386{a} libdav1d4{a} libdav1d5{a} libdc1394-25{a} 
  libdebuginfod1{a} libdeflate0{a} libdeflate0:i386{a} libdevel-size-perl{a} libdevel-stacktrace-perl{a} libdns-export1110{a} 
  libdouble-conversion3{a} libdv4:i386{a} libdvdread8{a} libdw1:i386{a} libe-book-0.1-1{a} libebml5{a} libemail-address-xs-perl{a} 
  libenchant-2-2{a} libeot0{a} libept1.6.0{a} libepubgen-0.1-1{a} libetonyek-0.1-1{a} libevent-2.1-7{a} libexception-class-perl{a} 
  libexiv2-27{a} libexttextcat-2.0-0{a} libexttextcat-data{a} libextutils-depends-perl{a} libextutils-pkgconfig-perl{a} libfaudio0{a} 
  libfaudio0:i386{a} libffi7{a} libffi7:i386{a} libfido2-1{a} libfile-find-rule-perl{a} libfilezilla11{a} libfluidsynth2{a} 
  libfont-ttf-perl{a} libfreehand-0.1-1{a} libfribidi0:i386{a} libfuse3-3{a} libgarcon-gtk3-1-0{a} libgav1-0{a} libgbm1:i386{a} 
  libgc1{a} libgcc-10-dev{a} libgcc-s1{a} libgcc-s1:i386{a} libgdal28{a} libgdbm-compat4:i386{a} libgdbm6:i386{a} libgdcm3.0{a} 
  libgdk-pixbuf-2.0-0{a} libgdk-pixbuf-2.0-0:i386{a} libgdk-pixbuf-xlib-2.0-0{a} libgdl-3-5{a} libgdl-3-common{a} libgeos-3.9.0{a} 
  libgeotiff5{a} libgit2-1.1{a} libglib-object-introspection-perl{a} libgmp-dev{a} libgmpxx4ldbl{a} libgnome-desktop-3-19{a} 
  libgnuradio-analog3.8.2{a} libgnuradio-audio3.8.2{a} libgnuradio-blocks3.8.2{a} libgnuradio-channels3.8.2{a} 
  libgnuradio-digital3.8.2{a} libgnuradio-dtv3.8.2{a} libgnuradio-fcdproplus3.8.0{a} libgnuradio-fec3.8.2{a} libgnuradio-fft3.8.2{a} 
  libgnuradio-filter3.8.2{a} libgnuradio-fosphor3.8.0{a} libgnuradio-iqbalance3.8.0{a} libgnuradio-osmosdr0.2.0{a} 
  libgnuradio-pmt3.8.2{a} libgnuradio-qtgui3.8.2{a} libgnuradio-runtime3.8.2{a} libgnuradio-trellis3.8.2{a} libgnuradio-uhd3.8.2{a} 
  libgnuradio-video-sdl3.8.2{a} libgnuradio-vocoder3.8.2{a} libgnuradio-wavelet3.8.2{a} libgnuradio-zeromq3.8.2{a} 
  libgnustep-base1.27{a} libgpiod2{a} libgps2

Bug#972820: Distribution of Debian cannot be upgraded from Buster to Bullseye

[Karsten]

Hi Phil,

makes it sense to try a retest with the current Bullseye?

Am 13.02.21 um 14:13 schrieb Phil Morrell:
> Hi Karsten, I'm afraid I can't reproduce this issue on a minimal
> installation, so either it's fixed or requires some other combination of
> packages.
> --
> Phil Morrell (emorrp1)

Bug#980937: Manual install of workbench in freecad

[Karsten]

The manual install can be done just be downloading
https://github.com/mwganson/ThreadProfile/archive/master.zip

and unpack the directory ThreadProfile to
/usr/share/freecad/Mod

Bug#974129: The fix does not help

[Karsten]

This fix does not help:
https://github.com/FreeCAD/FreeCAD/commit/258f9f1577e71e30f8696b266458df23042eefa5

Editing the file /usr/share/freecad/Mod/AddonManager/AddonManager.py
brings another result but it is still not working.


#!/usr/bin/env python
# -*- coding: utf-8 -*-

#***
#* *
#*   Copyright (c) 2015 Yorik van Havre   *
#* *
#*   This program is free software; you can redistribute it and/or modify  *
#*   it under the terms of the GNU Lesser General Public License (LGPL)*
#*   as published by the Free Software Foundation; either version 2 of *
#*   the License, or (at your option) any later version.   *
#*   for detail see the LICENCE text file. *
#* *
#*   This program is distributed in the hope that it will be useful,   *
#*   but WITHOUT ANY WARRANTY; without even the implied warranty of*
#*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the *
#*   GNU Library General Public License for more details.  *
#* *
#*   You should have received a copy of the GNU Library General Public *
#*   License along with this program; if not, write to the Free Software   *
#*   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  *
#*   USA   *
#* *
#***

from __future__ import print_function

__title__="FreeCAD Addon Manager Module"
__author__ = "Yorik van Havre","Jonathan Wiedemann","Kurt Kremitzki"
__url__ = "http://www.freecadweb.org;

'''
FreeCAD Addon Manager Module

It will fetch its contents from https://github.com/FreeCAD/FreeCAD-addons
You need a working internet connection, and the GitPython package
installed.
'''
import os
import re
import shutil
import stat
import sys
import tempfile

from PySide import QtCore, QtGui
import FreeCAD
import FreeCADGui
if sys.version_info.major < 3:
import urllib2
else:
import urllib.request as urllib2

from addonmanager_macro import Macro
from addonmanager_utilities import translate
from addonmanager_utilities import urlopen

NOGIT = False # for debugging purposes, set this to True to always use http downloads

MACROS_BLACKLIST = ["BOLTS","WorkFeatures","how to install","PartsLibrary","FCGear"]
OBSOLETE = ["assembly2"]

if sys.version_info.major < 3:
import StringIO as io
_stringio = io.StringIO
else:
import io
_stringio = io.BytesIO


def symlink(source, link_name):
if os.path.exists(link_name):
print("macro already exists")
else:
os_symlink = getattr(os, "symlink", None)
if callable(os_symlink):
os_symlink(source, link_name)
else:
import ctypes
csl = ctypes.windll.kernel32.CreateSymbolicLinkW
csl.argtypes = (ctypes.c_wchar_p, ctypes.c_wchar_p, ctypes.c_uint32)
csl.restype = ctypes.c_ubyte
flags = 1 if os.path.isdir(source) else 0
# set the SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE flag
# (see https://blogs.windows.com/buildingapps/2016/12/02/symlinks-windows-10/#joC5tFKhdXs2gGml.97)
flags += 2

if csl(link_name, source, flags) == 0:
raise ctypes.WinError()


def update_macro_details(old_macro, new_macro):
"""Update a macro with information from another one

Update a macro with information from another one, supposedly the same but
from a different source. The first source is supposed to be git, the second
one the wiki.
"""
if old_macro.on_git and new_macro.on_git:
FreeCAD.Console.PrintWarning('The macro "{}" is present twice in github, please report'.format(old_macro.name))
# We don't report macros present twice on the wiki because a link to a
# macro is considered as a macro. For example, 'Perpendicular To Wire'
# appears twice, as of 2018-05-05).
old_macro.on_wiki = new_macro.on_wiki
for attr in ['desc', 'url', 'code']:
if not hasattr(old_macro, attr):
setattr(old_macro, attr, getattr(new_macro, attr))


def install_macro(macro, macro_repo_dir):
"""Install a macro and all its related files

Returns True if the macro was installed correctly.

Parameters
--
- macro: a addonmanager_macro.Macro instance
"""
if not macro.code:
return False
macro_dir = FreeCAD.getUserMacroDir(True)
if not os.path.isdir(macro_dir):
try:

Bug#980937: Addon manager has no configure button

[Karsten]

Package: freecad
Version: 0.18~pre1+dfsg1-5
Severity: normal

Hello,

i want to install the ThreadProfile Workbench, but this is not possible, 
because the configure button is missing!
https://github.com/mwganson/ThreadProfile
How this can be done manually?


The button can be seen here:
https://wiki.freecadweb.org/Addon_Manager/de


Additional this is not working too: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974129

Cheers
karsten


-- System Information:
Debian Release: 10.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages freecad depends on:
ii  freecad-python2  0.18~pre1+dfsg1-5

Versions of packages freecad recommends:
ii  calculix-ccx  2.11-1+b3
ii  graphviz  2.40.1-6

Bug#979247: user-manager: holding back upgrade

[Karsten Hilbert]

Package: user-manager
Version: 4:5.19.5-3
Severity: wishlist
Tags: newcomer

Dear Maintainers,

may I kindly ask for 5.20-targeted recompilation ?

Many thanks for considering !

Karsten Hilbert


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug')
Architecture: i386 (i686)

Kernel: Linux 5.9.0-5-686-pae (SMP w/2 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages user-manager depends on:
ii  accountsservice   0.6.55-3
ii  kio   5.77.0-3
ii  libc6 2.31-6
ii  libcrypt1 1:4.4.17-1
ii  libkf5authcore5   5.77.0-3
ii  libkf5configcore5 5.77.0-2
ii  libkf5configwidgets5  5.77.0-2
ii  libkf5coreaddons5 5.77.0-2
ii  libkf5i18n5   5.77.0-2
ii  libkf5kiocore55.77.0-3
ii  libkf5widgetsaddons5  5.77.0-4
ii  libpwquality1 1.4.4-1
ii  libqt5core5a  5.15.2+dfsg-2
ii  libqt5dbus5   5.15.2+dfsg-2
ii  libqt5gui55.15.2+dfsg-2
ii  libqt5widgets55.15.2+dfsg-2
ii  libstdc++610.2.1-3

user-manager recommends no packages.

user-manager suggests no packages.

-- no debconf information

Bug#901148: New packages

[Karsten]

I have tested the new packages now:

https://www.joonet.de/sources/timidity/debian_buster/timidity_2.14.0-9~bpo10u1_amd64.deb
https://www.joonet.de/sources/timidity/debian_buster/timidity-daemon_2.14.0-9~bpo10u1_all.deb

All looks fine, the system daemon is deactivated and only the user daemon 
running.
The sound is working.

Cheers
karsten

Bug#901148: timidity breaks sound in different ways

[Karsten]

forcemerge 972689 901148


Hello together,

inspired from this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935081
i tried the same on the Desktop PC with the problems in this bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972689

Stopping timidity reactivates the sound in pulseaudio!


But after installing the packages from joachim there where 2 instances of 
timidity after boot:

timidity   791 1  0 15:45 ?    00:00:00 /usr/bin/timidity -Os -iAD
karsten   2603 1  0 15:48 ?    00:00:00 /usr/bin/timidity -iA -Os

I deactivated the system start of timidity with rcconf and now everything is 
fine.
This modifications must be part of the distributions.

Best regards
karsten

Bug#935081: No Intel sound

[Karsten]

Am 01.12.20 um 18:53 schrieb Elimar Riesebieter:
> What happens if you stop timidity daemon:
> # systemctl stop timidity
>
> ?
>
> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901148
>
> Elimar

Yes - timidity is the reason. Thank you very much!
Stopping timidity activates the intern sound.

I have no idea when timidity is used, but i installed the packages
https://www.joonet.de/sources/timidity/debian_buster/timidity_2.14.0-9~bpo10u1_amd64.deb
https://www.joonet.de/sources/timidity/debian_buster/timidity-daemon_2.14.0-9~bpo10u1_all.deb

This fixed the problem and the sound is working now.

This bug should be moved to timidity, it is not a problem of ALSA.

Best regards
karsten

Bug#935081: No sound after Debian 9

[Karsten]

That's the working configuration in Debian 9 with sound on the same Laptop but 
other partition.

(There are problems on the Desktop PC with Debian 10 too in pulseaudio.
It seems that Debian 9 was the last Debian distribution with sound ...)


ii  timidity  2.13.2-40.5   
 amd64    Software
sound renderer (MIDI sequencer, MOD player)
ii  timidity-daemon   2.13.2-40.5   
 all  runs
TiMidity++ as a system-wide MIDI sequencer



 Liste der Hardware-Geräte (PLAYBACK) 
Karte 0: Intel [HDA Intel], Gerät 0: STAC9205 Analog [STAC9205 Analog]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 0: Intel [HDA Intel], Gerät 1: STAC9205 Digital [STAC9205 Digital]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
 


default
    Playback/recording through the PulseAudio sound server
null
    Discard all samples (playback) or generate zero samples (capture)
pulse
    PulseAudio Sound Server
sysdefault:CARD=Intel
    HDA Intel, STAC9205 Analog
    Default Audio Device
front:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    Front speakers
surround21:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    2.1 Surround output to Front and Subwoofer speakers
surround40:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    4.0 Surround output to Front and Rear speakers
surround41:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Digital
    IEC958 (S/PDIF) Digital Audio Output
dmix:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    Direct sample mixing device
dmix:CARD=Intel,DEV=1
    HDA Intel, STAC9205 Digital
    Direct sample mixing device
dsnoop:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    Direct sample snooping device
dsnoop:CARD=Intel,DEV=1
    HDA Intel, STAC9205 Digital
    Direct sample snooping device
hw:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    Direct hardware device without any conversions
hw:CARD=Intel,DEV=1
    HDA Intel, STAC9205 Digital
    Direct hardware device without any conversions
plughw:CARD=Intel,DEV=0
    HDA Intel, STAC9205 Analog
    Hardware device with all software conversions
plughw:CARD=Intel,DEV=1
    HDA Intel, STAC9205 Digital
    Hardware device with all software conversions

Bug#935081: No Intel sound

[Karsten]

Sorry for the really late answer, but there was no email notification for the 
answer on this bug.

> What tells 'dpkg -l | grep timidity' ?

ii  timidity  2.14.0-8  
   amd64Software sound renderer (MIDI sequencer, MOD player)
ii  timidity-daemon   2.14.0-8  
   all  runs TiMidity++ as a system-wide MIDI sequencer

Bug#913864: KiCad is not usable, because cvpcb is not working

[Karsten]

Hello Carsten,

Am 29.11.20 um 07:17 schrieb Carsten Schoenert:
> Hello Karsten,
>
> next time please start a new bug report. Now there is a cloned old
> report there the old history is completely indpendent from your issue.
> This makes it not easier to follow the red line.

O.K.

>> i am talking about the features behind the button "Assign PCB
>> footprints to schematic symbols" (see screenshot).
> It's obvious to me what you are talking about. I know what CvPcb is
> doing.

Not for all of us under every circumstances.

>> Fact is that this part of KiCad seems to be very buggy.
> I disagree. I don't know any upstream bug report about CvPcb or from the
> KiCad forum from about the last two years.

But you can see the reported bugs.
You can define them as nonsense, but that will not fix the problem.

> If you think your issue is related to the original report why don't you
> have written about this in first place? The other report has a lot of
> information how the library symbol clashing can be found and which
> library/symbol is the right combination. Have you really tried out these
> steps at your own?

This all makes no difference when you say it is running for you and there is no 
bug.

>> It's fine that it is running stable on your system.
>> But this is no explanation that it must be stable everywhere.
>> On the other hand i think that you can't do anything to solve this bugs.
> If your issue is really a upstream issue than it needs to be reported
> to the upstream developers. The KiCad team is really responsive and quick
> to fix such things once they have understand what problem is responsible
> for the visible behavior.

The standard answer from developers is: "Have you tried the actual version".
There is no support of bugs in older versions as used in an stable distribution.
This point of view is understandable, but does not help the user.

>
>> We must wait until this bugs are solved in newer versions of Kicad.
>> Version 5.1.8 seems to be on the way ...
> You mean 5.1.9 for sure.

I mean 5.1.8+dfsg1-1~bpo10+1 from the backports.
We will see what will happen in later releases.

>
> I believe this report will start bit rotting, searching a possible issue
> in this rather old version is exhausting and mostly useless in my eyes
> as the current supported version is 5.1.8.

Yes - thank you for your support so far!

>  Te current rules of the
> release team makes it hard to update the version of kicad in stable due
> rather big source code changes that are not related to the baisc rules
> for updates of packages in stable.
> I don't have really time to jump into work which nobody will use and
> honor somehow in the end.

That's understandable.

Besides Debian 10 is running less stable than Debian 8.
There are many detail issues, but Debian 8 is not supported any more ...
An upgrade to testing did fail too - maybe it is possible now.

> You have found a newer version in backport where you don't have problems
> with. And the backports archive is exactly the use case for newer
> versions with newer and improved features like KiCad upstream does within
> their release for the stable cycle.

Yes - but first i didn't remember to look at the backports.
It seems new that the pinning does not automatically update to a newer version 
when it exists.
So it must be done manual for every main package.

Best regards
karsten

Bug#913864: Workaround

[Karsten]

Hello,

there is a workaround to install the backport package 5.1.8+dfsg1-1~bpo10+1.
In this version the cvpcb is working.

Best regards
karsten

Bug#913864: KiCad is not usable, because cvpcb is not working

[Karsten]

Package: kicad
Version: 5.0.2+dfsg1-1
Severity: important


Hello Carsten,

i have made my circuit diagram, but cvpcb is not working.
The window opens, but when you click on a library, the component list is not 
actualized in the window right.

So you can't assign the footprints to the components.
KiCad is unusable, because at this point you can't proceed to layout.

Best regards
karsten



-- System Information:
Debian Release: 10.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-11-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#974212: Acknowledgement (kwin-x11 crashes, windows missing decorations)

[Karsten Hilbert]

The latest KDE in testing fixes the problem for me.

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#974529: gnumed-client: new upstream available

[Karsten Hilbert]

Package: gnumed-client
Version: 1.8.3+dfsg-1
Severity: wishlist
Tags: upstream

Dear maintainers,

upstream has released 1.8.4 which fixes a few bugs.

We kindly ask for packaging, as time allows.

This also applies to gnumed-server.

Is there anything we can do to fix the watchfile ?

Thanks,
Karsten

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug')
Architecture: i386 (i686)

Kernel: Linux 5.9.0-1-686-pae (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnumed-client depends on:
ii  aspell   0.60.8-1
ii  file 1:5.38-5
ii  gnumed-common1.8.3+dfsg-1
ii  hunspell 1.7.0-3
ii  imagemagick  8:6.9.11.24+dfsg-1+b1
ii  imagemagick-6.q16 [imagemagick]  8:6.9.11.24+dfsg-1+b1
ii  ispell   3.4.00-8
ii  python3  3.8.6-1
ii  python3-enchant  3.0.1-1
ii  python3-gnuplot  1.8-8
ii  python3-hl7  0.4.1-1
ii  python3-httplib2 0.18.1-1
ii  python3-lxml 4.6.1-1
ii  python3-pip  20.1.1-2
ii  python3-psutil   5.7.3-1
ii  python3-pyudev   0.21.0-3
ii  python3-wxgtk4.0 4.0.7+dfsg-6+b1
ii  texlive-latex-base   2020.20200925-1

Versions of packages gnumed-client recommends:
ii  aeskulap0.2.2-beta2+git20190406.ef77f01-3
ii  amide   1.0.5-13+b1
ii  audiofile-tools 0.3.6-5
ii  chktex  1.7.6-3
ii  dcmtk   3.6.4-2.1+b1
ii  elinks [www-browser]0.13.2-1
ii  extract 1:1.10-1
ii  firefox-esr [www-browser]   78.3.0esr-2
ii  ginkgocadx  3.8.8-4
ii  gnumed-doc  1.8.3+dfsg-1
ii  gpg 2.2.20-1
ii  gtklp   1.3.1-1
ii  konqueror [www-browser] 4:20.04.3-1
ii  lacheck 1.26-17
ii  libimage-exiftool-perl  12.09+dfsg-1
ii  libreoffice-writer  1:7.0.3-3
ii  ntp 1:4.2.8p15+dfsg-1
ii  p7zip-full  16.02+dfsg-8
pn  pdftk   
ii  poppler-utils   20.09.0-3
ii  printer-driver-cups-pdf [cups-pdf]  3.0.1-6
ii  python3-docutils0.16+dfsg-3
ii  python3-pyqrcode1.2.1-4
ii  python3-unidecode   1.1.1-3
ii  python3-vobject 0.9.6.1-0.2
ii  qpdf10.0.3-1
ii  texlive-latex-extra 2020.20200925-1
ii  texlive-latex-recommended   2020.20200925-1
ii  w3m [www-browser]   0.5.3-38+b1
ii  wgerman-medical 20160103-4
ii  xdg-utils   1.1.3-2
ii  xmedcon 0.16.2+dfsg-1
ii  xsane   0.999-9

Versions of packages gnumed-client suggests:
pn  autokey-qt | autokey-gtk
ii  edfbrowser  1.79+dfsg-1
ii  entangle3.0-1+b1
pn  freediams   
pn  gimp | kolourpaint4 
ii  gnumed-server   22.13-1
ii  incron  0.5.12-2
pn  konsolekalendar 
pn  korganizer  
ii  libchipcard-tools   5.1.5rc2-4
ii  nvram-wakeup1.1-4+b1
pn  pgadmin3
ii  python3-uno 1:7.0.3-3
ii  qrisk2  0.1.20150729-5
pn  shutdown-at-night   
pn  wakeonlan | etherwake | gwakeonlan  

-- no debconf information

Bug#974212: kwin-x11 crashes, windows missing decorations

[Karsten Hilbert]

Package: kwin-x11
Version: 4:5.17.5-4
Severity: important

Plama desktop shows but applications lack their window decoration and are
only partially responsive. The taskbar looses auto-hide functionality
(not the setting).

This is similar to #864222 which also has a followup from Nov 10th 2020.

Karsten


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 5.9.0-1-686-pae (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kwin-x11 depends on:
ii  kwin-common4:5.17.5-4
ii  libc6  2.31-4
ii  libepoxy0  1.5.4-1
ii  libgcc-s1  10.2.0-16
ii  libkf5configcore5  5.74.0-2
ii  libkf5coreaddons5  5.74.0-2
ii  libkf5crash5   5.74.0-2
ii  libkf5i18n55.74.0-3
ii  libkf5quickaddons5 5.74.0-2
ii  libkf5waylandserver5   4:5.74.0-2
ii  libkf5windowsystem55.74.0-2
ii  libkwineffects12   4:5.17.5-4
ii  libkwinglutils12   4:5.17.5-4
ii  libkwinxrenderutils12  4:5.17.5-4
ii  libqt5core5a   5.15.1+dfsg-2
ii  libqt5gui5 5.15.1+dfsg-2
ii  libqt5widgets5 5.15.1+dfsg-2
ii  libqt5x11extras5   5.15.1-2
ii  libstdc++6 10.2.0-16
ii  libx11-6   2:1.6.12-1
ii  libxcb-composite0  1.14-2
ii  libxcb-cursor0 0.1.1-4
ii  libxcb-keysyms10.4.0-1+b2
ii  libxcb-randr0  1.14-2
ii  libxcb-render0 1.14-2
ii  libxcb-shape0  1.14-2
ii  libxcb-xfixes0 1.14-2
ii  libxcb11.14-2
ii  libxi6 2:1.7.10-1

kwin-x11 recommends no packages.

kwin-x11 suggests no packages.

-- no debconf information

Bug#973612: orthanc: libcivetweb version mismatch

[Karsten Hilbert]

Package: orthanc
Version: 1.8.0+dfsg-1
Severity: important

Dear maintainers,

something is odd. Orthanc won't start up:

 root@hermes:~# systemctl status orthanc.service
 • orthanc.service - Lightweight, RESTful DICOM server for healthcare and 
medical research
  Loaded: loaded (/lib/systemd/system/orthanc.service; enabled; vendor 
preset: enabled)
  Active: failed (Result: exit-code) since Mon 2020-11-02 14:57:04 CET; 
23min ago
Docs: man:orthanc(8)
  https://book.orthanc-server.com/index.html
 Process: 18285 ExecStart=/usr/sbin/Orthanc --logdir=/var/log/orthanc 
/etc/orthanc (code=exited, status=127)
Main PID: 18285 (code=exited, status=127)

 Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Scheduled restart job, 
restart counter is at 5.
 Nov 02 14:57:04 hermes systemd[1]: Stopped Lightweight, RESTful DICOM server 
for healthcare and medical research.
 Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Start request repeated too 
quickly.
 Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Failed with result 
'exit-code'.
 Nov 02 14:57:04 hermes systemd[1]: Failed to start Lightweight, RESTful DICOM 
server for healthcare and medical research.


 journalctl:

  Nov 02 14:57:04 hermes systemd[1]: Started Lightweight, RESTful DICOM server 
for healthcare and medical research.
  Nov 02 14:57:04 hermes Orthanc[18285]: /usr/sbin/Orthanc: error while loading 
shared libraries: libcivetweb.so.1.11.0: cannot open shared object file: No 
such file or directory
  Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Main process exited, 
code=exited, status=127/n/a
  Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Failed with result 
'exit-code'.
  Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Scheduled restart job, 
restart counter is at 5.
  Nov 02 14:57:04 hermes systemd[1]: Stopped Lightweight, RESTful DICOM server 
for healthcare and medical research.
  Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Start request repeated 
too quickly.
  Nov 02 14:57:04 hermes systemd[1]: orthanc.service: Failed with result 
'exit-code'.
  Nov 02 14:57:04 hermes systemd[1]: Failed to start Lightweight, RESTful DICOM 
server for healthcare and medical research.

 Depends: ..., libcivetweb1 (>= 1.12+dfsg), ...

 libcivetweb1:
   Installiert:   1.13+dfsg-2
   Installationskandidat: 1.13+dfsg-2
   Versionstabelle:
  *** 1.13+dfsg-2 990
 990 https://deb.debian.org/debian bullseye/main i386 Packages
 100 /var/lib/dpkg/status

Seems like it is linked against a specific version (1.11.0) while
Depends: says something else (>= 1.12) which is actually fulfilled
(1.13).

Karsten


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug')
Architecture: i386 (i686)

Kernel: Linux 5.9.0-1-686-pae (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages orthanc depends on:
ii  adduser3.118
ii  dcmtk  3.6.4-2.1+b1
ii  init-system-helpers1.58
ii  libboost-filesystem1.71.0  1.71.0-7+b1
ii  libboost-iostreams1.71.0   1.71.0-7+b1
ii  libboost-locale1.71.0  1.71.0-7+b1
ii  libboost-regex1.71.0 [libboost-regex1.71.0-icu67]  1.71.0-7+b1
ii  libboost-thread1.71.0  1.71.0-7+b1
ii  libc6  2.31-4
ii  libcivetweb1   1.13+dfsg-2
ii  libcurl4   7.72.0-1
ii  libdcmtk14 3.6.4-2.1+b1
ii  libgcc-s1  10.2.0-15
ii  libjpeg62-turbo1:2.0.5-1.1
ii  libjsoncpp11.7.4-3.1
ii  liblua5.3-05.3.3-1.1+b1
ii  libpng16-161.6.37-3
ii  libpugixml1v5  1.10-1
ii  libsqlite3-0   3.33.0-1
ii  libssl1.1  1.1.1h-1
ii  libstdc++6 10.2.0-15
ii  libuuid1   2.36-3+b1
ii  locales2.31-4
ii  lsb-base   11.1.0
ii  tzdata 2020d-1
ii  zlib1g 1:1.2.11.dfsg-2

orthanc recommends no packages.

orthanc suggests no packages.

-- Configuration Files:
/etc/init.d/orthanc changed [not included]
/etc/orthanc/orthanc.json changed [not included]
/etc/o

Bug#972689: Next version of PulseAudio

[Karsten]

The next version of PulseAudio makes the promise to be "stable now".

==

Hi everyone,

We found a few more papercuts in 13.99.2 than we'd hoped for, so here's one 
more RC to make sure things are stable now.

tarball: 
https://www.freedesktop.org/software/pulseaudio/releases/pulseaudio-13.99.3.tar.xz
sha256: 60fdb5f619c85dfe3e018ad0ee1d8f6fe9041885c2e8b6ded724c855880276c8

Since 13.99.2, we've fixed some issues that came up with mixer configuration, 
availability groups being populated correctly, some jitter while streaming with 
the experimental GStreamer RTP backend, a couple of use-after-free crashes, and 
some default sink/source routing corner cases. Thanks to everyone who 
participated in testing, debugging and ironing these out!

Please do test, and assuming things are quiet, I'll roll out 14.0 next week. As 
before, the plan is to roll out some more SoF-related fixes in 14.1.

Cheers,
Arun
___
pulseaudio-discuss mailing list
pulseaudio-disc...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss

Bug#972833: intel-media-va-driver: SIGSEGV's on use (vlc, finch for example)

[Karsten Hilbert]

On Fri, Oct 30, 2020 at 10:30:47AM +0100, Sebastian Ramacher wrote:

> > anything I can do or anyone I can prod to improve upon the situation ?
> >
> > If I understand things correctly "some driver" is supposed to
> > reconsider its compile flags for parts of its code (esp. init) ?
>
> Yes, indeed. Until that's fixed, you can force libva to use a specific
> driver by setting the LIBVA_DRIVER environment variable, e.g.
>
> export LIBVA_DRIVER=i965

For the record:

On my system it needs to be "LIBVA_DRIVER_NAME" and "i915",
but, yeah, that helps :-)

I put that into my .bashrc for the time being as

export LIBVA_DRVER_NAME=i915

Thanks !

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#972689: Some more details

[Karsten]

I got an answer from pulseaudio-disc...@lists.freedesktop.org.
The suggestion ist to run the script
https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/raw/master/src/utils/pa-info
and open a bug at PulseAudio.


The interesting thing is that this script should be part of the package 
pulseaudio-utils,
but this package is installed and the script is not existant?

# apt-file search pa-info
pulseaudio-utils: /usr/bin/pa-info


So i downloaded the script and the result of it is attached.

A corresponding bug is opened now at PulseAudio
https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/1021


> pulseaudio_ps_do
karsten   3312  0.1  0.3 1734412 25964 ?   S which pulseaudio
/usr/bin/pulseaudio

> pidof pulseaudio
3312

> pulseaudio --version
pulseaudio 12.2

> pactl info
Server String: unix:/run/user/1000/pulse/native
Library Protocol Version: 32
Server Protocol Version: 32
Is Local: yes
Client Index: 40
Tile Size: 65472
User Name: karsten
Host Name: kommerz
Server Name: pulseaudio
Server Version: 12.2
Default Sample Specification: s16le 2ch 44100Hz
Default Channel Map: front-left,front-right
Default Sink: alsa_output.pci-_04_05.0.analog-stereo
Default Source: alsa_input.pci-_04_05.0.analog-stereo
Cookie: d2ec:0966

> pactl list
Module #0
	Name: module-device-restore
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Automatically restore the volume/mute state of devices"
		module.version = "12.2"

Module #1
	Name: module-stream-restore
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Automatically restore the volume/mute/device state of streams"
		module.version = "12.2"

Module #2
	Name: module-card-restore
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Automatically restore profile of cards"
		module.version = "12.2"

Module #3
	Name: module-augment-properties
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Augment the property sets of streams with additional static information"
		module.version = "12.2"

Module #4
	Name: module-switch-on-port-available
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "David Henningsson"
		module.description = "Switches ports and profiles when devices are plugged/unplugged"
		module.version = "12.2"

Module #5
	Name: module-udev-detect
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Detect available audio hardware and load matching drivers"
		module.version = "12.2"

Module #6
	Name: module-alsa-card
	Argument: device_id="1" name="pci-_02_00.1" card_name="alsa_card.pci-_02_00.1" namereg_fail=false tsched=yes fixed_latency_range=no ignore_dB=no deferred_volume=yes use_ucm=yes card_properties="module-udev-detect.discovered=1"
	Usage counter: 0
	Properties:
		module.author = "Lennart Poettering"
		module.description = "ALSA Card"
		module.version = "12.2"

Module #7
	Name: module-alsa-card
	Argument: device_id="2" name="pci-_04_05.0" card_name="alsa_card.pci-_04_05.0" namereg_fail=false tsched=yes fixed_latency_range=no ignore_dB=no deferred_volume=yes use_ucm=yes card_properties="module-udev-detect.discovered=1"
	Usage counter: 0
	Properties:
		module.author = "Lennart Poettering"
		module.description = "ALSA Card"
		module.version = "12.2"

Module #8
	Name: module-native-protocol-unix
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Native protocol (UNIX sockets)"
		module.version = "12.2"

Module #9
	Name: module-default-device-restore
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "Automatically restore the default sink and source"
		module.version = "12.2"

Module #10
	Name: module-rescue-streams
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Lennart Poettering"
		module.description = "When a sink/source is removed, try to move its streams to the default sink/source"
		module.version = "12.2"

Module #11
	Name: module-always-sink
	Argument: 
	Usage counter: n/a
	Properties:
		module.author = "Colin Guthrie"
		module.description = "Hält stets ein Ziel geladen, selbst wenn dies ein Null-Ziel ist"
		module.version = "12.2"

Module #12
	Name: module-intended-roles
	Argu

Bug#972637: finch: crashes on startup with "illegal instruction"

[Karsten Hilbert]

On Mon, Oct 26, 2020 at 11:04:42PM +0100, Bernhard Übelacker wrote:

> From wikipedia [1] the pminud instruction at 0x...6fb got
> introduced with sse4.1 which seem not supported from your
> flags line (while on the other side intel says [2] it is a Penryn).

OTOH, apparently wikipedia knows better than Intel itself :-)

https://en.wikipedia.org/wiki/SSE4#Name_confusion

> (Might there be a bios switch?)

Unfortunately not.

Karsten

> [2] 
> https://ark.intel.com/content/www/de/de/ark/products/37253/intel-pentium-processor-t4300-1m-cache-2-10-ghz-800-mhz-fsb.html
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#972637: finch: crashes on startup with "illegal instruction"

[Karsten Hilbert]

Hello Bernhard,

thanks for your work.

I have (also) filed a bug against intel-media-va-driver which
was invovked from VLC. They have forwarded the issue upstream:

https://github.com/intel/libva/issues/466

My CPU is Penryn, so it supports "less" SSE than what's
attempted to be used by the VA driver at which point the
SIGILL occurrs.

> Therefore it would be interesting to know with which CPU you
> are getting this SIGILL (e.g. 'lscpu' or 'cat /proc/cpuinfo').

processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Pentium(R) Dual-Core CPU   T4300  @ 2.10GHz
stepping: 10
microcode   : 0xa0b
cpu MHz : 1545.084
cache size  : 1024 KB
physical id : 0
siblings: 2
core id : 0
cpu cores   : 2
apicid  : 0
initial apicid  : 0
fdiv_bug: no
f00f_bug: no
coma_bug: no
fpu : yes
fpu_exception   : yes
cpuid level : 13
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe nx lm constant_tsc 
arch_perfmon pebs bts cpuid aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 
cx16 xtpr pdcm xsave lahf_lm dtherm
bugs: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds 
swapgs itlb_multihit
bogomips: 4189.35
clflush size: 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual
power management:

> Otherwise finch seems not to depend directly from intel-media-va-driver,

Yeah, I certainly wondered about that, too, it being a console app.

> and from the package description if your CPU is older than "Broadwell",
> then you might even not benefit from this package. Therefore a
> workaround might be to uninstall intel-media-va-driver if no
> other dependencies require it?

Other deps do (see vlc above).

The stranger thing is that running vlc from either an xterm
or the desktop environment fails, while clvc only fails when
running under X and does not fail on the console.

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#972953: How to disable PulseAudio in KDE when it is not working?

[Karsten]

Package: kde-plasma-desktop
Version: 5:102
Severity: normal

Hello KDE maintainer,

can you please help to solve this bug?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972689

There are multiple problems around PulseAudio and it is only a gain for KDE 
when it is working.
If not then Multimedia is dead.
https://www.linuxquestions.org/questions/slackware-14/disabling-pulseaudio-4175563797/
Up to now i was not able to deinstall or stop PulseAudio in Debian Buster with 
a working sound direct over ALSA.

Even i was not able to test the situation in Debian Bullseye
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972820

Can you help please?

Best regards
karsten


-- System Information:
Debian Release: 10.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-11-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kde-plasma-desktop depends on:
ii  kde-baseapps  4:17.08.3+5.102
ii  plasma-desktop    4:5.14.5.1-1
ii  plasma-workspace  4:5.14.5.1-1
ii  udisks2   2.8.1-4
ii  upower    0.99.10-1

Versions of packages kde-plasma-desktop recommends:
ii  kwin-x11  4:5.14.5-1
ii  sddm  0.18.0-1
ii  xserver-xorg  1:7.7+19

Versions of packages kde-plasma-desktop suggests:
ii  kdeconnect  1.3.3-2

-- no debconf information

Bug#972689: Some more details

[Karsten]

After the last experiments and rebooting this time there is a new situation 
without sound.

The soundblaster card is now card 2 and ALSA is working with
aplay -D hw:2,0 /usr/share/sounds/sound-icons/canary-long.wav

As you can see in the screenshot the card has been found by pulseaudio,
but when it is moved up to the first position it cannot be used when you click 
on test.
The error says that the device cannot be selected.

What is going on with PulseAudio here?


I tried to contact pulseaudio-disc...@lists.freedesktop.org with this problem 
and linked this bug ...



$ aplay -l
 Liste der Hardware-Geräte (PLAYBACK) 
Karte 0: SB [HDA ATI SB], Gerät 0: VT1708S Analog [VT1708S Analog]
  Sub-Geräte: 0/1
  Sub-Gerät #0: subdevice #0
Karte 0: SB [HDA ATI SB], Gerät 1: VT1708S Digital [VT1708S Digital]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 1: NVidia [HDA NVidia], Gerät 3: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 1: NVidia [HDA NVidia], Gerät 7: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 1: NVidia [HDA NVidia], Gerät 8: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 1: NVidia [HDA NVidia], Gerät 9: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: AudioPCI [Ensoniq AudioPCI], Gerät 0: ES1371/1 [ES1371 DAC2/ADC]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: AudioPCI [Ensoniq AudioPCI], Gerät 1: ES1371/2 [ES1371 DAC1]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0

Bug#972689: Some more details

[Karsten]

Regarding the Debian documentation https://wiki.debian.org/PulseAudio

Setting "autospawn = no" in /etc/pulse/client.conf has no effect!
I did also try

cp /etc/pulse/client.conf ~/.config/pulse/

pulseaudio --kill


You always have this process "00:00:00 /usr/bin/pulseaudio --daemonize=no"


I tried to delete the configuration in ~/.config/pulse/ without no effect.


When you rename /usr/bin/pulseaudio then pulseaudio cannot start but you don't 
have any sound in KDE!

What must be done to get rid of pulseaudio and to get direct sound with ALSA?


When you try to remove the package there are to much dependencies:

# apt-get purge pulseaudio
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.  
Statusinformationen werden eingelesen Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr 
benötigt:
  freeglut3 g++-6 gnuradio gnuradio-dev gr-fcdproplus gr-fosphor gr-iqbal 
gr-osmosdr libairspy0 libairspyhf1 libbladerf1
  libboost-atomic1.67-dev libboost-chrono1.67-dev libboost-chrono1.67.0 
libboost-date-time-dev libboost-date-time1.67-dev
  libboost-date-time1.67.0 libboost-filesystem-dev libboost-filesystem1.67-dev 
libboost-program-options-dev
  libboost-program-options1.67-dev libboost-regex1.67.0 
libboost-serialization1.67-dev libboost-serialization1.67.0
libboost-system-dev
  libboost-system1.67-dev libboost-test-dev libboost-test1.67-dev 
libboost-test1.67.0 libboost-thread-dev
libboost-thread1.67-dev
  libboost-timer1.67.0 libboost1.67-dev libcomedi0 libcppunit-1.14-0 
libcppunit-dev libfreesrp0 libglfw3
libgnuradio-analog3.7.13
  libgnuradio-atsc3.7.13 libgnuradio-audio3.7.13 libgnuradio-blocks3.7.13 
libgnuradio-channels3.7.13
libgnuradio-comedi3.7.13
  libgnuradio-digital3.7.13 libgnuradio-dtv3.7.13 libgnuradio-fcd3.7.13 
libgnuradio-fcdproplus3.7.11 libgnuradio-fec3.7.13
  libgnuradio-fft3.7.13 libgnuradio-filter3.7.13 libgnuradio-fosphor3.7.12 
libgnuradio-iqbalance3.7.11
libgnuradio-noaa3.7.13
  libgnuradio-osmosdr0.1.4 libgnuradio-pager3.7.13 libgnuradio-pmt3.7.13 
libgnuradio-qtgui3.7.13 libgnuradio-runtime3.7.13
  libgnuradio-trellis3.7.13 libgnuradio-uhd3.7.13 libgnuradio-video-sdl3.7.13 
libgnuradio-vocoder3.7.13
libgnuradio-wavelet3.7.13
  libgnuradio-wxgui3.7.13 libgnuradio-zeromq3.7.13 libhackrf0 libhamlib2 
libjs-jquery-ui liblimesuite18.06-1
liblog4cpp5-dev liblog4cpp5v5
  libmirisdr0 libnorm1 libosmosdr0 libpgm-5.2-0 libpulsedsp libqt4-help 
libqt4-scripttools libqt4-test
libqtassistantclient4 libqwt-qt5-6
  librtaudio6 librtlsdr0 libsoapysdr0.6 libsodium23 libstdc++-6-dev 
libuhd3.13.1 libvolk1-bin libvolk1-dev libvolk1.4
libzmq5
  limesuite-udev pkg-config pulseaudio-utils python-cheetah python-cycler 
python-gobject-2 python-gtk2 python-kiwisolver
python-matplotlib
  python-matplotlib2-data python-networkx python-opengl python-pygraphviz 
python-pyparsing python-qt4 python-scipy
python-subprocess32
  python-yaml python-zmq rtkit rtl-sdr soapyosmo-common0.6 
soapysdr0.6-module-airspy soapysdr0.6-module-all
soapysdr0.6-module-audio
  soapysdr0.6-module-bladerf soapysdr0.6-module-hackrf soapysdr0.6-module-lms7 
soapysdr0.6-module-osmosdr
soapysdr0.6-module-redpitaya
  soapysdr0.6-module-remote soapysdr0.6-module-rtlsdr soapysdr0.6-module-uhd 
uhd-host

Bug#972833: intel-media-va-driver: SIGSEGV's on use (vlc, finch for example)

[Karsten Hilbert]

On Sat, Oct 24, 2020 at 10:39:09PM +0200, Sebastian Ramacher wrote:

> > Okt 24 17:56:50 hermes kernel: traps: vlc[27504] trap invalid opcode 
> > ip:89c9d6fb sp:8e550370 error:0 in iHD_drv_video.so[899dc000+3c2000]
>
> Which Intel CPU/GPU do you have? If the instruction is not supported, libva
> shouldn't load the driver for your's.

Architecture:i686
CPU op-mode(s):  32-bit, 64-bit
Byte Order:  Little Endian
Address sizes:   36 bits physical, 48 bits virtual
CPU(s):  2
On-line CPU(s) list: 0,1
Thread(s) per core:  1
Core(s) per socket:  2
Socket(s):   1
Vendor ID:   GenuineIntel
CPU family:  6
Model:   23
Model name:  Pentium(R) Dual-Core CPU   T4300  @ 2.10GHz
Stepping:10
CPU MHz: 1342.405
CPU max MHz: 2100.
CPU min MHz: 1200.
BogoMIPS:4189.84
L1d cache:   64 KiB
L1i cache:   64 KiB
L2 cache:1 MiB
Vulnerability Itlb multihit: KVM: Mitigation: VMX unsupported
Vulnerability L1tf:  Mitigation; PTE Inversion
Vulnerability Mds:   Vulnerable: Clear CPU buffers attempted, no 
microcode; SMT disabled
Vulnerability Meltdown:  Vulnerable
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1:Mitigation; usercopy/swapgs barriers and 
__user pointer sanitization
Vulnerability Spectre v2:Mitigation; Full generic retpoline, STIBP 
disabled, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort:   Not affected
Flags:   fpu vme de pse tsc msr pae mce cx8 apic sep 
mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe nx lm 
constant_tsc arch_perfmon pebs bts cpuid aperfmperf pni dtes64 monitor ds_cpl 
est tm2 ssse3 cx16 xtpr pdcm xsave lahf_lm dtherm


00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset 
Integrated Graphics Controller (rev 09) (prog-if 00 [VGA controller])
Subsystem: ASUSTeK Computer Inc. Mobile 4 Series Chipset Integrated 
Graphics Controller
Flags: bus master, fast devsel, latency 0, IRQ 16
Memory at fe40 (64-bit, non-prefetchable) [size=4M]
Memory at d000 (64-bit, prefetchable) [size=256M]
I/O ports at dc00 [size=8]
Expansion ROM at 000c [virtual] [disabled] [size=128K]
Capabilities: [90] MSI: Enable- Count=1/1 Maskable- 64bit-
Capabilities: [d0] Power Management version 3
Kernel driver in use: i915
Kernel modules: i915


Does that help ?

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#972689: Some more details

[Karsten]

In the Multimediasettingsof KDE you can see that the soundblaster card is 
greyed out - why?
This is the card that is working in ALSA, but only sometimes with pulseaudio in 
KDE.

I tried to create an installation of Debian Bullseye, but this is not possible 
too ...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972820

Bug#972833: intel-media-va-driver: SIGSEGV's on use (vlc, finch for example)

[Karsten Hilbert]

Package: intel-media-va-driver
Version: 20.3.0+dfsg1-1
Severity: important
Tags: upstream

This happens when running vlc (or finch, for that matter):

VLC media player 3.0.11.1 Vetinari (revision 3.0.11.1-0-g52483f3ca2)
[006aabe0] main libvlc: VLC wird mit dem Standard-Interface ausgeführt. 
Benutzen Sie 'cvlc', um VLC ohne Interface zu verwenden.
[991bf220] gl gl: Initialized libplacebo v2.72.0 (API v72)
libva info: VA-API version 1.9.0
libva info: Trying to open /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so 
Ungültiger Maschinenbefehl

journalctl -b:

Okt 24 17:56:50 hermes kernel: traps: vlc[27504] trap invalid opcode 
ip:89c9d6fb sp:8e550370 error:0 in iHD_drv_video.so[899dc000+3c2000]

gdb:

ncq@hermes:/media/ncq/SIMMAX/ccc$ gdb --args vlc 
36c3-10961-eng-deu-fra-Boeing_737MAX_Automated_Crashes_sd.mp4
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from vlc...
(No debugging symbols found in vlc)
(gdb) run
Starting program: /usr/bin/vlc 
36c3-10961-eng-deu-fra-Boeing_737MAX_Automated_Crashes_sd.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
VLC media player 3.0.11.1 Vetinari (revision 3.0.11.1-0-g52483f3ca2)
[New Thread 0xb4b6fb40 (LWP 7805)]
[New Thread 0xb435db40 (LWP 7806)]
[New Thread 0xaff9ab40 (LWP 7807)]
[New Thread 0xa3dffb40 (LWP 7808)]
[New Thread 0xa3bffb40 (LWP 7809)]
[00405be0] main libvlc: VLC wird mit dem Standard-Interface ausgeführt. 
Benutzen Sie 'cvlc', um VLC ohne Interface zu verwenden.
[New Thread 0x9d37bb40 (LWP 7810)]
[New Thread 0x9d027b40 (LWP 7811)]
[Thread 0xa3bffb40 (LWP 7809) exited]
[New Thread 0xa3bffb40 (LWP 7812)]
[New Thread 0xa39ffb40 (LWP 7814)]
[Thread 0xa39ffb40 (LWP 7814) exited]
[New Thread 0xa37f2b40 (LWP 7815)]
[Thread 0xa3dffb40 (LWP 7808) exited]
[Thread 0xa3bffb40 (LWP 7812) exited]
[New Thread 0xa3bffb40 (LWP 7817)]
[New Thread 0x9de08b40 (LWP 7819)]
[New Thread 0x9a5a5b40 (LWP 7820)]
[New Thread 0x99da4b40 (LWP 7821)]
[New Thread 0x995a3b40 (LWP 7822)]
[New Thread 0xa3dffb40 (LWP 7823)]
[New Thread 0xa39ffb40 (LWP 7824)]
[New Thread 0x9d4ffb40 (LWP 7825)]
[Thread 0x9d4ffb40 (LWP 7825) exited]
[New Thread 0x8d40 (LWP 7826)]
[New Thread 0x8d1ffb40 (LWP 7827)]
[New Thread 0x8c9feb40 (LWP 7828)]
[New Thread 0x9d4ffb40 (LWP 7829)]
[Thread 0xa39ffb40 (LWP 7824) exited]
[New Thread 0xa39ffb40 (LWP 7831)]
[New Thread 0x8b7ffb40 (LWP 7832)]
[New Thread 0x8abbeb40 (LWP 7833)]
[New Thread 0x8a3bdb40 (LWP 7834)]
[New Thread 0x89bbcb40 (LWP 7835)]
[New Thread 0x893bbb40 (LWP 7836)]
[9f7c4c20] gl gl: Initialized libplacebo v2.72.0 (API v72)
libva info: VA-API version 1.9.0
libva info: Trying to open /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so

Thread 25 "vlc" received signal SIGILL, Illegal instruction.
[Switching to Thread 0x8b7ffb40 (LWP 7832)]
0x86f9d6fb in ?? () from /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
(gdb) bt
#0  0x86f9d6fb in ?? () from /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#1  0x86f9fb61 in ?? () from /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#2  0x86ceb0a6 in ?? () from /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#3  0xb7fe5e9c in call_init (l=, argc=argc@entry=2, 
argv=argv@entry=0xb224, env=0xb230) at dl-init.c:72
#4  0xb7fe5fa2 in call_init (env=0xb230, argv=0xb224, argc=2, 
l=) at dl-init.c:30
#5  _dl_init (main_map=, argc=2, argv=0xb224, 
env=0xb230) at dl-init.c:119
#6  0xb7fe92a7 in call_dl_init (closure=0x8b7fe660) at dl-open.c:469
#7  0xb7e9f524 in __GI__dl_catch_exception (exception=, 
operate=, args=) at dl-error-skeleton.c:182
#8  0xb7fea08d in dl_open_worker (a=) at dl-open.c:758
#9  0xb7e9f4c9 in __GI__dl_catch_exception (exception=0x8b7fe790, 
operate=0xb7fe9990 , args=0x8b7fe79c) at dl-error-skeleton.c:208
#10 0xb7fe95e6 in _dl_open (file=0x87752e50 
"/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so", mode=-2147479294, 
caller_dlopen=0x8dc67cc3, nsid=, argc=2, argv=0xb224, 
env=0xb230) at dl-open.c:837
#11 0xb7f4a2c8 in dlopen_doit (a=0x8b7fe99c) at dlopen.c:66
#12 0xb7e9f4c9 in __GI__dl_catch_exception (exception=0x8b7fe930, 
operate=0xb7f4a250 , args=0x8b7fe99c) at dl-error-skeleton.c:208
#13 0xb7e9f590 in __GI__dl_catch_error (objname=0xa06fbb0c, 
errstring=0xa06fbb10, mallocedp=0xa06fbb08, 

Bug#972820: Distribution of Debian cannot be upgraded from Buster to Bullseye

[Karsten]

The correct count is 1295 packages that where not correct upgraded.
A new try to upgrade fails with this message:

# apt-get upgrade  
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.  
Statusinformationen werden eingelesen Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr 
benötigt:
  libdevel-globaldestruction-perl libdsm3 libkgantt2-l10n libsugarext-data 
python-mutagen python3-asn1crypto
python3-entrypoints
  python3-gst-1.0 python3-keyring python3-keyrings.alt python3-secretstorage 
vlc-plugin-notify vlc-plugin-samba
x11proto-input-dev
  x11proto-kb-dev
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden Pakete sind zurückgehalten worden:
  accountsservice accountwizard akonadi-backend-mysql akonadi-contacts-data 
akonadi-mime-data akonadi-server akregator
alsa-tools
  alsa-utils apparmor-utils apper appstream apt apt-utils aptitude 
aptitude-common ark aspell atril audacity audacity-data
  avidemux-plugins avidemux-qt avrdude baloo-kf5 bc bind9-host binutils 
binutils-common binutils-x86-64-linux-gnu
bluedevil bluez breeze
  breeze-cursor-theme breeze-gtk-theme bsdmainutils bsdutils build-essential 
clementine colord coreutils cpp cpp-8 cups
cups-browsed
  cups-bsd cups-client cups-core-drivers cups-daemon cups-filters 
cups-filters-core-drivers cups-ipp-utils cups-ppdc cutecom
  debconf-kde-data debconf-kde-helper dh-python digikam-private-libs dirmngr 
dnsmasq-base dnsutils dolphin dragonplayer
drkonqi e2fsprogs
  e2fsprogs-l10n enblend enfuse espeak-ng-data evince evince-common exim4-base 
exim4-config exim4-daemon-light exo-utils
fbreader ffmpeg
  fig2dev filezilla filezilla-common frameworkintegration ftp g++ g++-8 gawk 
gcc gcc-8 gcc-8-base gcc-8-base:i386 gcr
gdal-bin gdal-data
  gdb-minimal gdisk ghostscript gimp gimp-data gir1.2-evince-3.0 
gir1.2-freedesktop gir1.2-glib-2.0
gir1.2-gst-plugins-base-1.0
  gir1.2-gstreamer-1.0 gir1.2-gtk-3.0 gir1.2-javascriptcoregtk-4.0 
gir1.2-packagekitglib-1.0 gir1.2-pango-1.0
gir1.2-polkit-1.0
  gir1.2-rsvg-2.0 gir1.2-soup-2.4 gir1.2-sugarext-1.0 gir1.2-vte-2.91 
gir1.2-webkit2-4.0 glib-networking
glib-networking-services
  gnome-desktop3-data gnupg gnupg-agent gnupg-l10n gnupg-utils gnupg2 gnuradio 
gnuradio-dev gnustep-base-common
gnustep-base-runtime
  gparted gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv 
gpsbabel gqrx-sdr gr-fcdproplus gr-fosphor
gr-iqbal gr-osmosdr
  graphviz groff-base gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-libav 
gstreamer1.0-plugins-bad
gstreamer1.0-plugins-base
  gstreamer1.0-plugins-base:i386 gstreamer1.0-plugins-good 
gstreamer1.0-plugins-ugly gstreamer1.0-pulseaudio
gstreamer1.0-rtsp
  gstreamer1.0-tools gstreamer1.0-vaapi gstreamer1.0-x gvfs gvfs-common 
gvfs-daemons gvfs-libs gwenview haveged hplip
hplip-data html2text
  hugin hugin-data hugin-tools i965-va-driver iftop inkscape 
intel-media-va-driver iproute2 iptables isc-dhcp-client juk
k3b k3b-data
  kaccounts-providers kactivities-bin kactivitymanagerd kaddressbook kaffeine 
kamera kate kcalc kchmviewer kcolorchooser
kde-baseapps
  kde-cli-tools kde-cli-tools-data kde-config-gtk-style 
kde-config-mailtransport kde-config-screenlocker kde-config-sddm
  kde-plasma-desktop kde-spectacle kde-standard kde-style-breeze 
kde-style-oxygen-qt5 kde-style-qtcurve-qt5
kdeaccessibility kdeconnect
  kded5 kdepim-addons kdepim-runtime kdepim-themeeditors kdeplasma-addons-data 
kdialog kdiff3 kdoctools5 keditbookmarks
  kf5-kdepim-apps-libs-data kf5-messagelib-data kfind kgamma5 khelpcenter 
khotkeys khotkeys-data kicad
kimageformat-plugins kinfocenter
  kinit kio kio-audiocd kio-extras kio-extras-data kio-ldap kipi-plugins 
kipi-plugins-common kmag kmahjongg kmail
kmenuedit kmousetool
  kmouth knotes konq-plugins konqueror konsole konsole-kpart korganizer 
kpackagelauncherqml kpackagetool5 kronometer
kross krusader
  kscreen ksshaskpass ksudoku ksysguard ksysguard-data ksysguardd 
ktexteditor-data ktexteditor-katepart kwalletmanager
kwayland-data
  kwayland-integration kwin-common kwin-data kwin-decoration-oxygen 
kwin-style-breeze kwin-x11 kwrite kwrited lame lftp
lib32stdc++6
  libaccountsservice0 libalglib3.14 libalgorithm-diff-xs-perl libappstream4 
libappstreamqt2 libapt-pkg-perl libarchive13
libarmadillo9
  libarpack2 libasan5 libasound2 libasound2:i386 libasound2-data 
libasound2-plugins libaspell15 libass9 libastro1 libatomic1
  libatomic1:i386 libatrildocument3 libatrilview3 libavcodec58 libavdevice58 
libavfilter7 libavformat58 libavresample4
libavutil56
  libayatana-ido3-0.4-0 libayatana-indicator3-7 libb-hooks-op-check-perl 
libbabl-0.1-0 libbasicusageenvironment1
libbind9-161 libbinutils
  libblockdev-part2 libbluray2 libboost-date-time-dev libboost-filesystem-dev 
libboost-program-options-dev
libboost-system-dev
  libboost-test-dev libboost-thread-dev libbrotli1 libc-bin libc-dev-bin libc6 
libc6:i386 libc6-dev 

Bug#972820: Distribution of Debian cannot be upgraded from Buster to Bullseye

[Karsten]

I tried everything.
With aptitude the process did not end and was killed with Ctrl-C:

# aptitude upgrade
Auflösen der Abhängigkeiten ...
offen: 91831;
geschlossen: 108907;
zurückgestellt: 353;
Konflikte:3108 (there are 3108 conflicts!)

I think after an reboot this installation is dead ...
What must be done?
 

Bug#972820: Distribution of Debian cannot be upgraded from Buster to Bullseye

[Karsten]

Package: libgcc-8-dev
Version: 8.3.0-6
Severity: important

Hello,

i try to upgrade an copy of Debian Buster on another partition to Debian 
Bullseye, but it fails with this message:
(sorry i don't know how to switch the output to english)

# apt-get dist-upgrade
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.  
Statusinformationen werden eingelesen Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fehler!
Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass
Sie eine unmögliche Situation angefordert haben oder, wenn Sie die
Unstable-Distribution verwenden, dass einige erforderliche Pakete noch
nicht erstellt wurden oder Incoming noch nicht verlassen haben.
Die folgenden Informationen helfen Ihnen vielleicht, die Situation zu lösen:

Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 libc6-dev : Beschädigt: libgcc-8-dev (< 8.4.0-2~) aber 8.3.0-6 soll 
installiert werden
E: Fehler: Unterbrechungen durch pkgProblemResolver::Resolve hervorgerufen; 
dies könnte durch zurückgehaltene Pakete
verursacht worden sein.



Before there where about 1117 packages been updated successfully with
# apt-get upgrade



With aptitude there is this result:
(I think there is more than one package and reason involved)

# aptitude dist-upgrade
Die folgenden NEUEN Pakete werden zusätzlich installiert:
  alsa-topology-conf{a} alsa-ucm-conf{a} bind9-dnsutils{a} bind9-libs{a} 
bladerf{a} bsdextrautils{a} calendar{a} cpp-10{a}
  digikam-data{a} enchant-2{a} fonts-liberation2{a} fonts-opensymbol{a} 
fonts-symbola{a} fonts-urw-base35{a} fuse3{ab}
g++-10{a}
  gcc-10{a} gcc-10-base{a} gcc-10-base:i386{a} gcc-9-base{a} 
gir1.2-harfbuzz-0.0{a} gir1.2-telepathyglib-0.12{a}
  glib-networking:i386{a} gparted-common{a} gstreamer1.0-gtk3{a} 
gstreamer1.0-plugins-good:i386{a} gstreamer1.0-x:i386{a}
  i965-va-driver:i386{a} icu-devtools{a} intel-media-va-driver:i386{a} 
ipp-usb{ab} ipp-usb:i386{ab} lib32gcc-s1{a}
libaa1:i386{a}
  libaliased-perl{a} libann0{a} libany-uri-escape-perl{a} libaom2{a} 
libaom2:i386{a} libapt-pkg6.0{a}
libaribb24-0:i386{a} libasan6{a}
  libatopology2{a} libavc1394-0:i386{a} libavcodec58:i386{a} 
libavutil56:i386{a} libbladerf2{a} libboost-atomic1.71-dev{a}
  libboost-atomic1.71.0{a} libboost-chrono1.71-dev{a} libboost-chrono1.71.0{a} 
libboost-date-time1.71-dev{a}
  libboost-date-time1.71.0{a} libboost-filesystem1.71-dev{a} 
libboost-filesystem1.71.0{a} libboost-iostreams1.71.0{a}
  libboost-locale1.71.0{a} libboost-program-options1.71-dev{a} 
libboost-program-options1.71.0{a} libboost-regex1.71-dev{a}
  libboost-regex1.71.0{a} libboost-serialization1.71-dev{a} 
libboost-serialization1.71.0{a} libboost-system1.71-dev{a}
  libboost-system1.71.0{a} libboost-test1.71-dev{a} libboost-test1.71.0{a} 
libboost-thread1.71-dev{a}
libboost-thread1.71.0{a}
  libboost1.71-dev{a} libbrlapi0.8{a} libbrotli1:i386{a} libbz2-1.0:i386{a} 
libcaca0:i386{a} libcairo-gobject-perl{a}
  libcairo-gobject2:i386{a} libcbor0{a} libcfitsio9{a} 
libclass-data-inheritable-perl{a} libclucene-contribs1v5{a}
  libclucene-core1v5{a} libcmis-0.5-5v5{a} libcodec2-0.9{a} 
libcodec2-0.9:i386{a} libconfig-tiny-perl{a}
libcpanel-json-xs-perl{a}
  libcppunit-1.15-0{a} libcrypt-dev{a} libcrypt1{a} libcrypt1:i386{a} 
libctf-nobfd0{a} libctf0{a} libcurl3-gnutls:i386{a}
  libcurl4:i386{a} libcwidget4{a} libdata-dpath-perl{a} 
libdata-messagepack-perl{a} libdata-validate-domain-perl{a}
libdatrie1:i386{a}
  libdav1d4{a} libdav1d4:i386{a} libdc1394-25{a} libdevel-size-perl{a} 
libdevel-stacktrace-perl{a} libdns-export1110{a}
  libdouble-conversion3{a} libdv4:i386{a} libdvdread8{a} libdw1:i386{a} 
libebml5{a} libemail-address-xs-perl{a}
libenchant-2-2{a}
  libeot0{a} libept1.6.0{a} libevent-2.1-7{a} libexception-class-perl{a} 
libexiv2-27{a} libexttextcat-2.0-0{a}
libexttextcat-data{a}
  libextutils-depends-perl{a} libextutils-pkgconfig-perl{a} libfaudio0{a} 
libfaudio0:i386{a} libfdk-aac2:i386{a} libffi7{a}
  libffi7:i386{a} libfido2-1{a} libfile-find-rule-perl{a} libfluidsynth2{a} 
libfont-ttf-perl{a} libfribidi0:i386{a}
libfuse3-3{a}
  libgarcon-gtk3-1-0{a} libgbm1:i386{a} libgc1{a} libgcc-10-dev{a} libgcc-s1{a} 
libgcc-s1:i386{a} libgdal27{a}
libgdbm-compat4:i386{a}
  libgdbm6:i386{a} libgdcm3.0{a} libgdk-pixbuf2.0-0:i386{a} libgdl-3-5{a} 
libgdl-3-common{a} libgeos-3.8.1{a}
libgeotiff5{a}
  libgit2-28{a} libglib-object-introspection-perl{a} libgmp-dev{a} 
libgmpxx4ldbl{a} libgnome-desktop-3-19{a}
libgnuradio-analog3.8.2{a}
  libgnuradio-audio3.8.2{a} libgnuradio-blocks3.8.2{a} 
libgnuradio-channels3.8.2{a} libgnuradio-digital3.8.2{a}
libgnuradio-dtv3.8.2{a}
  libgnuradio-fcdproplus3.8.0{a} libgnuradio-fec3.8.2{a} 
libgnuradio-fft3.8.2{a} libgnuradio-filter3.8.2{a}
libgnuradio-fosphor3.8.0{a}
  libgnuradio-iqbalance3.8.0{a} libgnuradio-osmosdr0.2.0{a} 
libgnuradio-pmt3.8.2{a} libgnuradio-qtgui3.8.2{a}
  

Bug#972689: Sound output is only working randomly

[Karsten]

Package: pulseaudio
Version: 12.2-4+deb10u1
Severity: important

Maybe this this bug is already reported, but i could not find an open or fixed 
solution for it.
Maybe this is similar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787286
or https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972654 (pipewire is not 
installed)

It is not possible to use Debian 10 as desktop environment, because sound is 
only sometimes available.
Alsa is working, because i get a sound with some sound like
aplay -D hw:0,1 /usr/share/sounds/sound-icons/canary-long.wav
But when i try speaker-test i can see in pavucontrol that there is signal, but 
even switching it to the correct output
the sound keeps dead.

I have no idea what can be done and why it is working only sometimes?
I can only say that i have to boot Debian 8 to get always sound!
But Debian 8 is somehow outdated now ...

Please help - this is more than annoying.

Regards
karsten


$ aplay -l
 Liste der Hardware-Geräte (PLAYBACK) 
Karte 0: AudioPCI [Ensoniq AudioPCI], Gerät 0: ES1371/1 [ES1371 DAC2/ADC]
  Sub-Geräte: 0/1
  Sub-Gerät #0: subdevice #0
Karte 0: AudioPCI [Ensoniq AudioPCI], Gerät 1: ES1371/2 [ES1371 DAC1]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 1: SB [HDA ATI SB], Gerät 0: VT1708S Analog [VT1708S Analog]
  Sub-Geräte: 0/1
  Sub-Gerät #0: subdevice #0
Karte 1: SB [HDA ATI SB], Gerät 1: VT1708S Digital [VT1708S Digital]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: NVidia [HDA NVidia], Gerät 3: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: NVidia [HDA NVidia], Gerät 7: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: NVidia [HDA NVidia], Gerät 8: HDMI 0 [HDMI 0]
  Sub-Geräte: 1/1
  Sub-Gerät #0: subdevice #0
Karte 2: NVidia [HDA NVidia], Gerät 9: HDMI 0 [HDMI 0]
  Sub-Geräte: 0/1
  Sub-Gerät #0: subdevice #0

$ aplay -L
null
    Discard all samples (playback) or generate zero samples (capture)
jack
    JACK Audio Connection Kit
pulse
    PulseAudio Sound Server
default
    Playback/recording through the PulseAudio sound server
sysdefault:CARD=AudioPCI
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Default Audio Device
front:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Front speakers
rear:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC1
    Rear speakers
surround40:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    4.0 Surround output to Front and Rear speakers
iec958:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    IEC958 (S/PDIF) Digital Audio Output
dmix:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Direct sample mixing device
dmix:CARD=AudioPCI,DEV=1
    Ensoniq AudioPCI, ES1371 DAC1
    Direct sample mixing device
dsnoop:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Direct sample snooping device
dsnoop:CARD=AudioPCI,DEV=1
    Ensoniq AudioPCI, ES1371 DAC1
    Direct sample snooping device
hw:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Direct hardware device without any conversions
hw:CARD=AudioPCI,DEV=1
    Ensoniq AudioPCI, ES1371 DAC1
    Direct hardware device without any conversions
plughw:CARD=AudioPCI,DEV=0
    Ensoniq AudioPCI, ES1371 DAC2/ADC
    Hardware device with all software conversions
plughw:CARD=AudioPCI,DEV=1
    Ensoniq AudioPCI, ES1371 DAC1
    Hardware device with all software conversions
usbstream:CARD=AudioPCI
    Ensoniq AudioPCI
    USB Stream Output
sysdefault:CARD=SB
    HDA ATI SB, VT1708S Analog
    Default Audio Device
front:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    Front speakers
surround21:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    2.1 Surround output to Front and Subwoofer speakers
surround40:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    4.0 Surround output to Front and Rear speakers
surround41:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Digital
    IEC958 (S/PDIF) Digital Audio Output
dmix:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    Direct sample mixing device
dmix:CARD=SB,DEV=1
    HDA ATI SB, VT1708S Digital
    Direct sample mixing device
dsnoop:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    Direct sample snooping device
dsnoop:CARD=SB,DEV=1
    HDA ATI SB, VT1708S Digital
    Direct sample snooping device
hw:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog
    Direct hardware device without any conversions
hw:CARD=SB,DEV=1
    HDA ATI SB, VT1708S Digital
    Direct hardware device without any conversions
plughw:CARD=SB,DEV=0
    HDA ATI SB, VT1708S Analog

Bug#972637: Acknowledgement (finch: crashes on startup with "illegal instruction")

[Karsten Hilbert]

Installing the dbg syms for my intel graphics gives a bit more detail:

 Thread 1 "finch" received signal SIGILL, Illegal instruction.

 0xad45d6fb in std::__cxx11::basic_string, 
std::allocator >::compare (this=0x7bcde0, __str="VIDEO_DEC_H264", 
this=0x7bcde0, __str="VIDEO_DEC_H264") at 
/usr/include/c++/10/bits/basic_string.h:2852

 warning: Source file is more recent than executable.

 2852  compare(const basic_string& __str) const

Backtrace:

 #0  0xad45d6fb in std::__cxx11::basic_string, 
std::allocator >::compare (this=0x7bcde0, __str="VIDEO_DEC_H264", 
this=0x7bcde0,
 __str="VIDEO_DEC_H264") at /usr/include/c++/10/bits/basic_string.h:2852
 #1  std::operator< , std::allocator > 
(__rhs="VIDEO_DEC_H264", __lhs="VIDEO_DEC_HEVC") at 
/usr/include/c++/10/bits/basic_string.h:6270
 #2  std::less, 
std::allocator > >::operator() (__y="VIDEO_DEC_H264", 
__x="VIDEO_DEC_HEVC",
this=0xad8c78b0 ::GetCreators[abi:cxx11]()::creators>) at 
/usr/include/c++/10/bits/stl_function.h:386
 #3  std::_Rb_tree, 
std::allocator >, std::pair, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)>, 
std::_Select1st, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> >, std::less, std::allocator > >, 
std::allocator, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> > >::_M_get_insert_unique_pos 
(__k="VIDEO_DEC_HEVC", this=0xad8c78b0 ::GetCreators[abi:cxx11]()::creators>)
 at /usr/include/c++/10/bits/stl_tree.h:2101
 #4  std::_Rb_tree, 
std::allocator >, std::pair, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)>, 
std::_Select1st, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> >, std::less, std::allocator > >, 
std::allocator, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> > 
>::_M_emplace_unique, std::allocator >, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> > (
 this=0xad8c78b0 ::GetCreators[abi:cxx11]()::creators>) at 
/usr/include/c++/10/bits/stl_tree.h:2419
 #5  0xad45fb61 in std::map, std::allocator >, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*), std::less, std::allocator > >, 
std::allocator, std::allocator > const, DdiMediaDecode* 
(*)(DDI_DECODE_CONFIG_ATTR*)> > 
>::insert, 
std::allocator >, DdiMediaDecode* (*)(DDI_DECODE_CONFIG_ATTR*)> > 
(__x=..., this=0xad8c78b0 ::GetCreators[abi:cxx11]()::creators>)
 at /usr/include/c++/10/bits/stl_map.h:816
 #6  MediaDdiFactory::RegisterCodec (key="VIDEO_DEC_HEVC")
 at ./media_driver/linux/common/ddi/media_ddi_factory.h:67
 #7  0xad1ab0a6 in __static_initialization_and_destruction_0 (__initialize_p=1, 
__priority=65535) at /usr/include/c++/10/bits/char_traits.h:322
 #8  _GLOBAL__sub_I_media_ddi_decode_hevc.cpp(void) () at 
./media_driver/linux/common/codec/ddi/media_ddi_decode_hevc.cpp:967
 #9  0xb7fe5e9c in call_init (l=, argc=argc@entry=1, 
argv=argv@entry=0xb634, env=0xb63c) at dl-init.c:72
 #10 0xb7fe5fa2 in call_init (env=0xb63c, argv=0xb634, argc=1, 
l=) at dl-init.c:30
 #11 _dl_init (main_map=, argc=1, argv=0xb634, 
env=0xb63c) at dl-init.c:119
 #12 0xb7fe92a7 in call_dl_init (closure=0xbfffe870) at dl-open.c:469
 #13 0xb79a9524 in __GI__dl_catch_exception (exception=, 
operate=, args=) at dl-error-skeleton.c:182
 #14 0xb7fea08d in dl_open_worker (a=) at dl-open.c:758
 #15 0xb79a94c9 in __GI__dl_catch_exception (exception=0xbfffe9a0, 
operate=0xb7fe9990 , args=0xbfffe9ac) at dl-error-skeleton.c:208
 #16 0xb7fe95e6 in _dl_open (file=0x7bc970 
"/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so", mode=-2147479294, 
caller_dlopen=0xad918cc3, nsid=, argc=1,
 argv=0xb634, env=0xb63c) at dl-open.c:837
 #17 0xb78652c8 in dlopen_doit (a=0xbfffebac) at dlopen.c:66
 #18 0xb79a94c9 in __GI__dl_catch_exception (exception=0xbfffeb40, 
operate=0xb7865250 , args=0xbfffebac) at dl-error-skeleton.c:208
 #19 0xb79a9590 in __GI__dl_catch_error (objname=0x45d68c, errstring=0x45d690, 
mallocedp=0x45d688, operate=0xb7865250 , args=0xbfffebac)
at dl-error-skeleton.c:227
 #20 0xb7865b11 in _dlerror_run (operate=0xb7865250 , 
args=0xbfffebac) at dlerror.c:170
 #21 0xb7865364 in __dlopen (file=0x7bc970 
"/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so", mode=4354) at dlopen.c:87
 #22 0xad918cc3 in ?? () from /usr/lib/i386-linux-gnu/libva.so.2
 #23 0xad919f90 in vaInitialize () from /usr/lib/i386-linux-gnu/libva.so.2
 #24 0xada1b525 in ?? () from /usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
 #25 0xada1bfe7 in ?? () from /usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
 #26 0xada1c3b9 in ?? () from /usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
 #27 0xada15568 in ?? () from /usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so

Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B

Bug#972637: finch: crashes on startup with "illegal instruction"

[Karsten Hilbert]

Package: finch
Version: 2.13.0-2.2+b1
Severity: important

Dear maintainers,

on startup this happens (taken from systemd journal):

kernel: traps: finch[25048] trap invalid opcode ip:ad38b6fb sp:bfb44fc0 
error:0 in iHD_drv_video.so[ad0ca000+3c2000]

Running under gdb and backtracing:

Thread 1 "finch" received signal SIGILL, Illegal instruction.
 0xad45d6fb in ?? 
() from /usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
(gdb) bt
#0  0xad45d6fb in ?? () from 
/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#1  0xad45fb61 in ?? () from 
/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#2  0xad1ab0a6 in ?? () from 
/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so
#3  0xb7fe5e9c in call_init (l=, argc=argc@entry=1, 
argv=argv@entry=0xb634, env=0xb63c) at dl-init.c:72
#4  0xb7fe5fa2 in call_init (env=0xb63c, argv=0xb634, argc=1, 
l=) at dl-init.c:30
#5  _dl_init (main_map=, argc=1, argv=0xb634, 
env=0xb63c) at dl-init.c:119
#6  0xb7fe92a7 in call_dl_init (closure=0xbfffe870) at dl-open.c:469
#7  0xb79a9524 in __GI__dl_catch_exception (exception=, 
operate=, args=) at dl-error-skeleton.c:182
#8  0xb7fea08d in dl_open_worker (a=) at dl-open.c:758
#9  0xb79a94c9 in __GI__dl_catch_exception (exception=0xbfffe9a0, 
operate=0xb7fe9990 , args=0xbfffe9ac) at dl-error-skeleton.c:208
#10 0xb7fe95e6 in _dl_open (file=0x7bc970 
"/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so", mode=-2147479294, 
caller_dlopen=0xad918cc3, nsid=, argc=1, argv=0xb634, 
env=0xb63c) at dl-open.c:837
#11 0xb78652c8 in dlopen_doit (a=0xbfffebac) at dlopen.c:66
#12 0xb79a94c9 in __GI__dl_catch_exception (exception=0xbfffeb40, 
operate=0xb7865250 , args=0xbfffebac) at dl-error-skeleton.c:208
#13 0xb79a9590 in __GI__dl_catch_error (objname=0x45d68c, 
errstring=0x45d690, mallocedp=0x45d688, operate=0xb7865250 , 
args=0xbfffebac) at dl-error-skeleton.c:227
#14 0xb7865b11 in _dlerror_run (operate=0xb7865250 , 
args=0xbfffebac) at dlerror.c:170
#15 0xb7865364 in __dlopen (file=0x7bc970 
"/usr/lib/i386-linux-gnu/dri/iHD_drv_video.so", mode=4354) at dlopen.c:87
#16 0xad918cc3 in ?? () from /usr/lib/i386-linux-gnu/libva.so.2
#17 0xad919f90 in vaInitialize () from 
/usr/lib/i386-linux-gnu/libva.so.2
#18 0xada1b525 in ?? () from 
/usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
#19 0xada1bfe7 in ?? () from 
/usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
#20 0xada1c3b9 in ?? () from 
/usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
#21 0xada15568 in ?? () from 
/usr/lib/i386-linux-gnu/gstreamer-1.0/libgstva.so
#22 0xb7e4d26e in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#23 0xb7e4f24e in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#24 0xb7e5d0cd in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#25 0xb7e5e05b in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#26 0xb7e5e33e in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#27 0xb7e5fe8e in gst_update_registry () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#28 0xb7df10be in ?? () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#29 0xb7c7569b in g_option_context_parse () from 
/usr/lib/i386-linux-gnu/libglib-2.0.so.0
#30 0xb7df1d25 in gst_init_check () from 
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0
#31 0x0042e5a8 in finch_sound_init () at ././finch/gntsound.c:383
#32 0x004313ed in gnt_ui_init () at ././finch/gntui.c:68
#33 0xb7ac2c29 in purple_core_init () from /usr/lib/libpurple.so.0
#34 0x0040f344 in init_libpurple (argv=0xb634, argc=1) at 
././finch/finch.c:383
#35 gnt_start (argc=, argv=) at 
././finch/finch.c:434
#36 main (argc=, argv=) at 
././finch/finch.c:456
(gdb)

Thanks,
Karsten



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug')
Architecture: i386 (i686)

Kernel: Linux 5.8.0-3-686-pae (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages finch depends on:
ii  libc6  2.31-4
ii  libglib2.0-0   2.66.1-2
ii  libgstreamer1.0-0  1.18.0-3
ii  libncursesw6   6.2+20200918-1
ii  libpurple0 2.13.0-2.2+b1
ii  libtinfo6  6.2+20200918-1
ii  libxml22.9.10+dfsg-6.1
ii  pidgin-data2.13.0-2.2

finch recommends no packages.

Versions of packages finch suggests:
ii  libx11-6  2:1.6.12-1

-- no debconf information

Bug#857554: Backup of Debian installation cannot be installed on another partition

[Karsten]

Followup-For: Bug #857554
Package: lightdm 1.26.0-4


Hello,

this bug seems to be existant since Debian 9.

An installation of Debian only works new from ground up.
Before up to Debian 8 you could make simply an backup with tar of the partition 
booting another Linux.
Then you could untar it on another PC and it worked just changing the needed 
hardware details.
But now this makes problems even you untar on an other partition of the same PC.

In this case my SSD dies and so i untared my Backup of the working Debian 10 on 
the HDD.
It is working so far now, but sometimes i have a blank screen after booting 
without an login.
Maybe there is a problem with using 2 monitors, but i can say that it worked 
before on the SSD.
The login window is showed randomly on one of the monitors even it is switched 
off.
Today i simply waited and entered the password and then KDE started, but with a 
messed up initialization of the graphics.

So something has happened after Debian 8 so that this process is not stable any 
more.
How can this be debugged?

Cheers
karsten



System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-10-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lightdm depends on:
ii  adduser    3.118
ii  dbus   1.12.20-0+deb10u1
ii  debconf [debconf-2.0]  1.5.71
ii  libaudit1  1:2.8.4-3
ii  libc6  2.28-10
ii  libgcrypt20    1.8.4-5
ii  libglib2.0-0   2.58.3-2+deb10u2
ii  libpam-systemd [logind]    241-7~deb10u4
ii  libpam0g   1.3.1-5
ii  libxcb1    1.13.1-2
ii  libxdmcp6  1:1.1.2-3
ii  lightdm-gtk-greeter [lightdm-greeter]  2.0.6-1
ii  lsb-base   10.2019051400

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+19

Versions of packages lightdm suggests:
ii  accountsservice  0.6.45-2
ii  upower   0.99.10-1
pn  xserver-xephyr   

-- debconf information:
* shared/default-x-display-manager: sddm
  lightdm/daemon_name: /usr/sbin/lightdm

Bug#972200: Thunderbird Collects Data

[Karsten]

Package: thunderbird
Version: 1:78.3.1-2~deb10u2
Severity: normal

Hello,

is there any way to stop Thunderbird from collecting and sending data?

https://www.mozilla.org/en-US/privacy/thunderbird/
https://support.mozilla.org/kb/thunderbird-telemetry


Thunderbird Collects Data To:

Thunderbird collects telemetry data by default to help improve the performance 
and stability of Thunderbird. There are
two types of telemetry data: interaction data and technical data.

*Interaction data*: Thunderbird receives data about your interactions with the 
application, such as whether calendars
and filters are being used, and how many email accounts a user has.

*Technical data*: Thunderbird also receives basic information about your device 
and application version, including,
hardware configuration, device operating system, and language preference. When 
Thunderbird sends technical data to us,
your IP address is temporarily collected as part of our server logs.


Thunderbird collects your email domain and other technical data to set-up and 
configure your email account. Other
information, like your name, your email messages, and your account’s address 
book are stored locally on your computer
and never sent to us. Learn more here 
.

*Email domain*: Thunderbird receives your email address domain. Your full email 
address is never processed or stored on
our servers (unless you choose to share it when you send a crash report).

*Technical data*: Thunderbird also receives information about the application’s 
version and device operating system.
When Thunderbird sends technical data to us, your IP address is temporarily 
collected as part of our server logs.

Bug#971660: ModuleNotFoundError: No module named 'wx'

[Karsten]

Hello Scott,

you assume right.
The aim is to run Quisk.

> I'm assuming based on your ModuleNotFoundError that you want to use wxPython 
> with Python 3.  In that case, the correct
> Debian package to install is python3-wxgtk4.0.

Yes - thank you very much!
This package is the simple secret that solves the problem.
I misinterpret the 3.0 in python-wxgtk3.0 that this package is for python 3 - 
sorry for that.


Now i have to solve problems within Quisk to get started ...

Is it possible to roll back this broken installation of "pip install -U 
wxPython" ?


Best regards
karsten

Bug#971660: 2nd compilation

[Karsten]

After installing the package libgtk-3-dev
and "pip install python-config"

running "pip install --upgrade wxPython" results in

--gtk3 --python="/usr/bin/python" --out=build/waf/2.7/gtk3 configure build
  Setting top to   : /tmp/pip-install-nNxPM7/wxPython
  Setting out to   : 
/tmp/pip-install-nNxPM7/wxPython/build/waf/2.7/gtk3
  Checking for 'gcc' (C compiler)  : /usr/bin/gcc
  Checking for 'g++' (C++ compiler)    : /usr/bin/g++
  Checking for program 'python'    : /usr/bin/python
  Checking for python version >= 2.7.0 : 2.7.16
  python-config    : not found
  Checking for library python2.7 in LIBDIR : not found
  Checking for library python2.7 in python_LIBPL : yes
  Checking for header Python.h   : Distutils not installed? 
Broken python installation? Get
python-config now!
  The configuration failed
  (complete log in 
/tmp/pip-install-nNxPM7/wxPython/build/waf/2.7/gtk3/config.log)
  Command '"/usr/bin/python" /tmp/pip-install-nNxPM7/wxPython/bin/waf-2.0.19
--wx_config=/tmp/pip-install-nNxPM7/wxPython/build/wxbld/gtk3/wx-config --gtk3 
--python="/usr/bin/python"
--out=build/waf/2.7/gtk3 configure build ' failed with exit code 1.
  Finished command: build_py (0.936s)
  Finished command: build (8m26.930s)
  Command '"/usr/bin/python" -u build.py build' failed with exit code 1.
 
  
  Failed building wheel for wxPython

Bug#971660: ModuleNotFoundError: No module named 'wx'

[Karsten]

Package: python-wxgtk3.0
Version: 3.0.2.0+dfsg-8
Severity: important

What is the secret to get this module running in Debian 10?

First i installed this package python-wxgtk3.0 without success.
Then i tried additional python-wxtools without success.

Afterwards i tried it with "pip install -U wxPython"
but this always ends up with

Collecting wxPython
  Using cached
https://files.pythonhosted.org/packages/cb/4f/1e21d3c079c973ba862a18f3be73c2bbe2e6bc25c96d94df605b5cbb494d/wxPython-4.1.0.tar.gz
...
    *** Could not run GTK+ test program, checking why...
    *** The test program failed to compile or link. See the file config.log for 
the
    *** exact error that occurred. This usually means GTK+ is incorrectly 
installed.
    configure: error:
    The development files for GTK+ were not found. For GTK+ 2, please
    ensure that pkg-config is in the path and that gtk+-2.0.pc is
    installed. For GTK+ 1.2 please check that gtk-config is in the path,
    and that the version is 1.2.3 or above. Also check that the
    libraries returned by 'pkg-config gtk+-2.0 --libs' or 'gtk-config
    --libs' are in the LD_LIBRARY_PATH or equivalent.
   
    Error running configure
    ERROR: failed building wxWidgets
    Traceback (most recent call last):
  File "build.py", line 1471, in cmd_build_wx
    wxbuild.main(wxDir(), build_options)
  File "/tmp/pip-install-92qm35/wxPython/buildtools/build_wxwidgets.py", 
line 373, in main
    "Error running configure")
  File "/tmp/pip-install-92qm35/wxPython/buildtools/build_wxwidgets.py", 
line 85, in exitIfError
    raise builder.BuildError(msg)
    BuildError
...
Can't roll back wxPython; was not uninstalled
Command "/usr/bin/python -u -c "import setuptools,
tokenize;__file__='/tmp/pip-install-92qm35/wxPython/setup.py';f=getattr(tokenize,
 'open',
open)(__file__);code=f.read().replace('\r\n', 
'\n');f.close();exec(compile(code, __file__, 'exec'))" install --record
/tmp/pip-record-u1LhGT/install-record.txt --single-version-externally-managed 
--compile" failed with error code 1 in
/tmp/pip-install-92qm35/wxPython/


I have no idea what gtk packages must be installed?

There has been already installed:
python2.7-dev python-wxgtk2.8 fftw3-dev libasound2-dev portaudio19-dev
python2.7-dev fftw3-dev libasound2-dev portaudio19-dev
libpulse-dev libgstreamer-plugins-base1.0-dev libgstreamer1.0-dev 
python3-gst-1.0

Best regards
karsten

Bug#971588: solution for this pc

[Karsten]

The reason that the problem occured now could be found.

The USB keyboard must be plugged in one special USB-port to be found for grub.
It does not work on other USB-ports.

The keyboard has been disconnected to install some hardware.
Now it seems to be plugged in the same port as before.

Bug#971588: grub is not responding to the keyboard

[Karsten]

Package: grub2-common
Version: 2.02+dfsg1-20+deb10u2
Severity: important

Please refer to this bug https://savannah.gnu.org/bugs/index.php?57010
and description 
https://askubuntu.com/questions/423036/grub-not-responding-to-keyboard

Suddenly it was not possible any more to boot any other partition, because the 
keyboard does not work for grub.
It is possible to enter the bios setup and to login after boot.

You need an old keyboard with RS-232 instead of an USB-keyboard to select 
anything in grub.

Bug#968787: No printer can be installed in cups

[Karsten]

Hi,

Am 23.08.20 um 09:50 schrieb intrigeri:
> Control: tag -1 + moreinfo
>
> Hi,
>
> Karsten (2020-08-23):
>> Yes. But the interesting thing is the output when trying to use cups.
>>
>> Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:58): 
>> apparmor="DENIED" operation="mknod"
>> profile="/usr/sbin/cupsd" name="/srv/ssd3/var/spool/cups/" pid=612 
>> comm="cupsd" requested_mask="c"
>> denied_mask="c" fsuid=0 ouid=0
> It seems you have symlinks from /var/{log,spool} to
> /srv/ssd3/{log,spool}, or similar. Could you please confirm?

Yes - that's true, because /var and /home are on an HDD and the OS is on an SSD.

> AppArmor resolves symlinks before applying policy. This is necessary
> to avoid anyone bypassing the policy merely by creating a symlink to
> a confined program. There's of course no way the default policy
> shipped in Debian knows about all the symlinks users may choose to set
> up, so some local adjustment will be needed to cope with this
> non-standard setup. I consider this as a general usability problem of
> AppArmor vs. non-standard setup, rather than a bug in this specific
> AppArmor profile.
>
> I think your options are:
>
> A) Use bind-mounts instead of symlinks; I believe this is the cheapest
>option, both in terms of initial setup and in terms of maintenance.
>This avoids AppArmor having to do anything special, because the
>canonical path of /var/{log,spool}/cups will be the one that's
>already supported in the default AppArmor policy.

Thanks a lot. This could be a solution.

> B) Use the AppArmor "alias" functionality in
>/etc/apparmor.d/tunables/alias, so that AppArmor knows the mapping
>between standard canonical paths and your custom local ones.
>
>For example, something like this:
>
>  alias /var/spool/cups/ -> /srv/ssd3/var/spool/cups/,
>
> Please try one of these :)

I tried this option and it works. Thank you.
Now an printer can be added.

Is there a way to get the working of apparmot more transparent?
There seems only aa-status on the command line.

Cheers
karsten

Bug#968787: No printer can be installed in cups

[Karsten]

Hello Bernhard,

> From which debian version did you upgrade to Debian 10?

As i remember this installation was upgraded from Debian 9.

> Did the upgrade went through successfully?

Yes. It is possible to work with this installation.
But the sound and many details are not working so stable as Debian 8.
So when i want to work stable i boot Debian 8 and not Debian 10.

> Is journalctl -f giving some output, when started before
> trying to access localhost:631 ?

Yes. But the interesting thing is the output when trying to use cups.

Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/cupsd"
name="/var/spool/cups/" pid=612 comm="cupsd" requested_mask="c" 
denied_mask="c" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="open" 
profile="/usr/sbin/cupsd"
name="/var/log/cups/error_log" pid=612 comm="cupsd" requested_mask="rac" 
denied_mask="rac" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="chown" 
profile="/usr/sbin/cupsd" name="/var/log/cups/"
pid=612 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="open" 
profile="/usr/sbin/cupsd"
name="/var/log/cups/error_log" pid=612 comm="cupsd" requested_mask="rac" 
denied_mask="rac" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="open" 
profile="/usr/sbin/cupsd"
name="/var/log/cups/access_log" pid=612 comm="cupsd" requested_mask="rac" 
denied_mask="rac" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="chown" 
profile="/usr/sbin/cupsd" name="/var/log/cups/"
pid=612 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 23 00:59:15 pc audit[612]: AVC apparmor="DENIED" operation="open" 
profile="/usr/sbin/cupsd"
name="/var/log/cups/access_log" pid=612 comm="cupsd" requested_mask="rac" 
denied_mask="rac" fsuid=0 ouid=0
Aug 23 00:59:15 pc cupsd[612]: Unable to change ownership of "/var/log/cups" - 
Permission denied
Aug 23 00:59:15 pc cupsd[612]: Unable to open log file 
"/var/log/cups/error_log" - Permission denied
Aug 23 00:59:15 pc cupsd[612]: Unable to change ownership of "/var/log/cups" - 
Permission denied
Aug 23 00:59:15 pc cupsd[612]: Unable to open log file 
"/var/log/cups/access_log" - Permission denied
Aug 23 00:59:15 pc kernel: kauditd_printk_skb: 46 callbacks suppressed
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:58): 
apparmor="DENIED" operation="mknod"
profile="/usr/sbin/cupsd" name="/srv/ssd3/var/spool/cups/" pid=612 
comm="cupsd" requested_mask="c"
denied_mask="c" fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:59): 
apparmor="DENIED" operation="open"
profile="/usr/sbin/cupsd" name="/var/log/cups/error_log" pid=612 comm="cupsd" 
requested_mask="rac" denied_mask="rac"
fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:60): 
apparmor="DENIED" operation="chown"
profile="/usr/sbin/cupsd" name="/var/log/cups/" pid=612 comm="cupsd" 
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:61): 
apparmor="DENIED" operation="open"
profile="/usr/sbin/cupsd" name="/var/log/cups/error_log" pid=612 comm="cupsd" 
requested_mask="rac" denied_mask="rac"
fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:62): 
apparmor="DENIED" operation="open"
profile="/usr/sbin/cupsd" name="/var/log/cups/access_log" pid=612 comm="cupsd" 
requested_mask="rac" denied_mask="rac"
fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:63): 
apparmor="DENIED" operation="chown"
profile="/usr/sbin/cupsd" name="/var/log/cups/" pid=612 comm="cupsd" 
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 23 00:59:15 pc kernel: audit: type=1400 audit(1598137155.941:64): 
apparmor="DENIED" operation="open"
profile="/usr/sbin/cupsd" name="/var/log/cups/access_log" pid=612 comm="cupsd" 
requested_mask="rac" denied_mask="rac"
fsuid=0 ouid=0


So this is a problem of apparmor.
I should move this bug to it.

Cheers
karsten