Bug#1081920: should use ConditionVirtualization=no
Package: powertop Version: 2.15-3 Severity: normal Tags: patch Please add ConditionVirtualization to powertop.service because it does not make any sense to run powertop in a VM or container. -- ciao, Marco signature.asc Description: PGP signature
Bug#1081921: should use ConditionVirtualization=!container
Package: console-setup Version: 1.230 Severity: normal Tags: patch Please add ConditionVirtualization to keyboard-setup.service and console-setup.service, because containers do not have a keyboard or a console. -- ciao, Marco signature.asc Description: PGP signature
Bug#1080459: update initramfs did not help. REverting to 6.10.4-amd64 worked
On Sep 11, ael wrote: > initrd.img-6.10.6-amd64 (8.1M) Try rebuilding this initrd (update-initramfs -u -k 6.10.6-amd64). -- ciao, Marco signature.asc Description: PGP signature
Bug#754809: informational IETF draft
On Sep 09, Andrea Pappacoda wrote: > It does not contain any magical solution, but might be a good starting point > for someone wanting to figure out what is happening and eventually working > on a fix. There is nothing to be figured out: the BTS just has to stop to send mail using the sender's 822.from. -- ciao, Marco signature.asc Description: PGP signature
Bug#1080459: kmod: Option parameters under /etc/modprobe.d are not obeyed on system initialization
On Sep 04, ael wrote: > Or could there be another explanation? Puzzled. This suspiciously looks like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663436 . -- ciao, Marco signature.asc Description: PGP signature
Bug#1080459: kmod: Option parameters under /etc/modprobe.d are not obeyed on system initialization
On Sep 04, ael wrote: > # cat /boot/initrd.img-6.10.6-amd64 | cpio -t These are multiple concatenated archives. Use lsinitramfs. -- ciao, Marco signature.asc Description: PGP signature
Bug#1080459: kmod: Option parameters under /etc/modprobe.d are not obeyed on system initialization
On Sep 04, ael wrote: > Yet manually correcting with > > # modprobe -r snd_hda_intel > # modprobe snd_hda_intel Unpack your initramfs and check: - if snd_hda_intel is there (so it is probably loaded in early boot) - if so, if the module parameter configuration is there too -- ciao, Marco signature.asc Description: PGP signature
Bug#1033394: Bind v9.18.12+ unmarshall xml error
Control: notfound -1 0.7.0-3 On Aug 09, Marco d'Itri wrote: > > I am also affected by this bug on Debian bullseye (current old stable) since > > bind9 has been updated to 1:9.16.50-1~deb11u1 from bullseye-security. > I am seeing this on stable too, with a supposedly fixed version: My bad: actually I was using an older version. -- ciao, Marco signature.asc Description: PGP signature
Bug#1080344: ITP: bcachfs-tools -- bcachefs userspace tools
On Sep 02, Daniel Gröber wrote: > Based on publically available [information], my previous and recent > interactions with upstream this happend more due to personal > differences with upstream than for technical reasons and I hope to be > able to rebuild that damaged bridge. Based on my own personal experience with trying to package another big Rust application a few years ago (Routinator) Jonathan is completely right and the common Rust practices of dealing with dependencies are rotten and hostile to distributions, but I wish you the best luck. :-) > I would very much appreciate anyone willing to co-maintain the package > with me. Especially someone with any serious Rust experience would be > very helpful. LOL (sorry). -- ciao, Marco signature.asc Description: PGP signature
Bug#1079627: kmod: Build fixes and improvements
On Aug 25, Guillem Jover wrote: > Here are several fixes and improvements for the build and packaging. Looks good! > - Preserved the environment CC if set in the autopkgtest, but > pondered simply hardcoding gcc (not sure whether the intention was > to be able to support stuff like clang). It was. > diff --git a/debian/.gitignore b/debian/.gitignore Until tag2upload will build the packages then I prefer to not ignore these files to be sure that they will not end up in .debian.tar.xz. > Subject: [PATCH 6/9] Perform full /usr-move on all absolute paths https://github.com/kmod-project/kmod/issues/85 discusses why --with-module-directory cannot be changed. I will not further change the init script, maybe it's time to just remove it for good. -- ciao, Marco signature.asc Description: PGP signature
Bug#1066077: usr-is-merged fails to install on a /usr-merged system
Control: tag -1 wontfix On Mar 12, David W wrote: > In the end, it turned out to be because /usr itself was a symlink, and > although this causes no issues for either the merging process or any > running software, since the check is using "readlink -f" it erroneously > fails. I understand the issue, but right now I cannot see a simple way to make the check work with your setup. Development of usrmerge started 10 years ago and the program will be retired with the next Debian release: at this point I do not feel like introducing major changes anymore for marginal use cases. You can easily rename /usr by installing busybox-static and then running "busybox ash": you will get a shell which magically uses all the busybox built-in commands. -- ciao, Marco signature.asc Description: PGP signature
Bug#1079658: RM: rpki-client [armel armhf] -- ANAIS; does not support 32 bit architectures anymore
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: rpki-cli...@packages.debian.org Control: affects -1 + src:rpki-client User: ftp.debian@packages.debian.org Usertags: remove rpki-client now build-depends on architecture-is-64-bit. -- ciao, Marco signature.asc Description: PGP signature
Bug#1079022: kmod: symbol lookup error: /usr/lib/dracut/dracut-install: undefined symbol: kmod_module_get_weakdeps, version LIBKMOD_5
The quick and easy solution would be to rebuild dracut-install, but the release team refused to binNMU it (#1079038). The stupid solution would be to revert the change, and I will not do it because I do not want to diverge from upstream. The elegant solution would be to keep for a while both symbols in the library, but I am not good enough with ld(1) and could not actually manage to do it myself. The nuclear solution would be to make a new upload with "Breaks: dracut-install (<= 103-1)", which at least would make libkmod2 not installable until somebody will be forced to do a new sourceful upload of dracut-install. So I will wait for a while to see if anybody can help with #3, and if not then I will proceed with #4. -- ciao, Marco signature.asc Description: PGP signature
Bug#1079038: nmu: dracut_103-1
On Aug 19, Sebastian Ramacher wrote: > Reserve dependencies failing with unresolved symbols is a sign that > libkmod is missing a SONAME bump. Why hasn't that been done? To make a long story short, upstream did not believe that anything actually used the symbol, and I do not want to have a critical library diverge from upstream. -- ciao, Marco signature.asc Description: PGP signature
Bug#1079038: nmu: dracut_103-1
Package: release.debian.org Severity: normal X-Debbugs-Cc: dra...@packages.debian.org Control: affects -1 + src:dracut User: release.debian@packages.debian.org Usertags: binnmu nmu dracut_103-1 . ANY . bookworm . -m "Rebuild against the latest libkmod" Upstream broke backward compatibility and it looks like my latest kmod upload is a bit more toxic than I tought, and systems will not boot. I think that the easiest solution is to NMU dracut-install. -- ciao, Marco signature.asc Description: PGP signature
Bug#1079022: kmod: symbol lookup error: /usr/lib/dracut/dracut-install: undefined symbol: kmod_module_get_weakdeps, version LIBKMOD_5
On Aug 19, Christoph Anton Mitterer wrote: > With the new version, initramfs generation gives: I know, the plan it to rebuild dracut-install. -- ciao, Marco signature.asc Description: PGP signature
Bug#1076995: New root anchors
On Jul 25, Chris Hofstaedtler wrote: > IANA has published new DNSSEC trust anchors, please see > https://lists.dns-oarc.net/pipermail/dns-operations/2024-July/022636.html > and update the shipped data, for unstable but also stable. While IANA has published the new trust anchors, the KSK itself will actually be published in the root zone only in next January, so there is nothing to do right now because we cannot have the KSK yet. In theory I could still make a new upload with only an updated root.ds file, but it would be quite pointless because only dnsmasq uses it of all of our resolvers. -- ciao, Marco signature.asc Description: PGP signature
Bug#925349: src:dns-root-data: Should automate root key transitions (at job? systemd timer?)
On Mar 23, Daniel Kahn Gillmor wrote: > Instead, we could ship all the files that we know about based on their > transition times, and find some way to do an automated transition > between those files. Not really: the only legitimate mechanism for receiving in-band updates of the trust anchors is RFC 5011, which I am not sure how it could be implemented in this package since it tends to be implemented by the resolver themselves. -- ciao, Marco signature.asc Description: PGP signature
Bug#1078773: the backspace binding does not work anymore
Package: mutt Version: 2.2.13-1 Severity: normal mutt by default binds backspace to previous-line in the pager, but since the latest release it does not work anymore. -- Package-specific info: Mutt 2.2.13 (2024-03-09) Copyright (C) 1996-2023 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 6.10.4-amd64 (x86_64) ncurses: ncurses 6.5.20240427 (compiled with 6.5) libidn2: 2.3.7 (compiled with 2.3.7) hcache backend: tokyocabinet 1.4.48 Compiler: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-linux-gnu/14/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 14.1.0-5' --with-bugurl=file:///usr/share/doc/gcc-14/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2,rust --prefix=/usr --with-gcc-major-version-only --program-suffix=-14 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/libexec --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-libstdcxx-backtrace --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/reproducible-path/gcc-14-14.1.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/reproducible-path/gcc-14-14.1.0/debian/tmp-gcn/usr --enable-offload-defaulted --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=3 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 14.1.0 (Debian 14.1.0-5) Configure options: --build=x86_64-linux-gnu --prefix=/usr '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules '--libdir=${prefix}/lib/x86_64-linux-gnu' --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --with-mailpath=/var/mail --enable-compressed --enable-debug --enable-fcntl --enable-hcache --enable-gpgme --enable-imap --enable-smtp --enable-pop --enable-sidebar --enable-dotlock --disable-fmemopen --with-curses --with-gnutls --with-gss --with-idn2 --with-mixmaster --with-gsasl --without-gdbm --without-bdb --without-qdbm --with-tokyocabinet build_alias=x86_64-linux-gnu 'CFLAGS=-g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/mutt-2.2.13=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/mutt-2.2.13=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection Compile options: -DOMAIN +DEBUG -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK +USE_POP +USE_IMAP +USE_SMTP -USE_SSL_OPENSSL +USE_SSL_GNUTLS -USE_SASL +USE_GSASL +USE_GSS +HAVE_GETADDRINFO +HAVE_REGCOMP -USE_GNU_REGEX +HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET +HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +HAVE_FUTIMENS +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV +ICONV_NONTRANS -HAVE_LIBIDN +HAVE_LIBIDN2 +HAVE_GETSID +USE_HCACHE +USE_SIDEBAR +USE_COMPRESSED +USE_INOTIFY -ISPELL SENDMAIL="/usr/sbin/sendmail" MAILPATH="/var/mail" PKGDATADIR="/usr/share/mutt" SYSCONFDIR="/etc" EXECSHELL="/bin/sh" MIXMASTER="mixmaster" To contact the developers, please mail to . To report a bug, please contact the Mutt maintainers via gitlab: https://gitlab.com/muttmua/mutt/issues -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.10.4-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sy
Bug#1078349: probably should be declared Multi-Arch: foreign
Package: python3-dns Version: 4.0.2-2 Severity: normal Md: yes, rbldnsd B-D on python3-dns which might be a candidate for M-A:foreign python3-dns is arch:all so it's impossible to install the host-arch version of the package (arch:all packages are implicitly treated as being of the native architecture) should I open a bug on python3-dns? yes, its maintainer will know whether python3-dns is doing anything crazy or not -- ciao, Marco signature.asc Description: PGP signature
Bug#1033394: Bind v9.18.12+ unmarshall xml error
On Jul 29, Nicolas Peugnet wrote: > I am also affected by this bug on Debian bullseye (current old stable) since > bind9 has been updated to 1:9.16.50-1~deb11u1 from bullseye-security. I am seeing this on stable too, with a supposedly fixed version: bind_exporter, version 0.7.0 (branch: debian/sid, revision: 0.7.0-3) build user: team+pkg...@tracker.debian.org build date: 20240312-13:14:23 go version: go1.22.1 platform: linux/amd64 tags: unknown BIND 9.18.28-1~deb12u2-Debian (Extended Support Version) Aug 09 09:52:34 attila bind_exporter[1800625]: time="2024-08-09T09:52:34+02:00" level=error msg="Couldn't retrieve BIND stats: failed to unmarshal XML response: strconv.ParseUint: parsing \"-1\": invalid syntax" source="bind_exporter.go:391" -- ciao, Marco signature.asc Description: PGP signature
Bug#1076491: base-files: file clash with libc6
On Jul 31, Santiago Vila wrote: > Marco: Before I go ahead and apply the patch proposed by Helmut, do you have > any comments? I have not actually tested it, but everything looks reasonable. -- ciao, Marco signature.asc Description: PGP signature
Bug#712770: sash: Support xz compression
On Jun 19, Ariel wrote: > I don't know how hard it would be, but perhaps sash should support xz along > with gzip. (And perhaps bzip2 as well.) It would require taking something like minilzma and integrating it, but the big question is: what is the purpose of sash nowadays? I think that for just about all purposes it can be replaced by busybox-static. -- ciao, Marco signature.asc Description: PGP signature
Bug#897277: decrease e2fsprogs' Priority: required
Let's remind Ted about this... On Dec 13, Faidon Liambotis wrote: > Hi Ted, > > On Wed, Aug 18, 2021 at 01:41:36AM +0300, Faidon Liambotis wrote: > > I haven't received a response for this. We are now at the beginning of > > the aforementioned bookworm cycle, so I thought it may be a good > > opportunity to bump this :) Do you have any thoughts? > > It's now been 2½ years since I last followed up on this bug, and 5½ > since your last response where you said you'd "batch it with some other > bug fixes in the next e2fsprogs minor release" and that would happen "by > early June [2018] at the latest". > > Has this fallen through the cracks? Have you changed your mind? Would it > be possible to get an update here? > > Thanks, > Faidon -- ciao, Marco signature.asc Description: PGP signature
Bug#1076017: purity-off: autopkgtest regression on arm64: output keeps growing
On Jul 13, Paul Gevers wrote: > On the ci.d.n infrastructure our nodes run bookworm and use the lxc backend. > Do you do that too? No, I just run it on bare metal. -- ciao, Marco signature.asc Description: PGP signature
Bug#1076222: tcpd,tcm: install program with same name (tcpd)
reassign -1 tcm On Jul 12, Chris Hofstaedtler wrote: > Please find a solution for your packages. Ideas: /usr/sbin/tcpd has been there since 1990 and is basically a public API. tcm is unmaintained abandonware and its popcon count has been declining for 15 years. -- ciao, Marco signature.asc Description: PGP signature
Bug#1076017: purity-off: autopkgtest regression on arm64: output keeps growing
On Jul 11, Paul Gevers wrote: > You have an arm64 system? If yes, good to know it's not systematic and > apparently only happening on the ci.d.n infrastructure. It would be > interesting to figure out what the differences in setup (hardware) are. Yes. It's a Banana Pi M5 and I cannot see how this could be hardware-dependent. > I realized that. But apparently only arm64 is broken. So it's probably a > (indirect) dependency that broke your test on arm64. Have a look at the test: it just uses purity and perl. I should be able to check on the ci infrastructure myself in two weeks. -- ciao, Marco signature.asc Description: PGP signature
Bug#1076017: purity-off: autopkgtest regression on arm64: output keeps growing
On Jul 09, Paul Gevers wrote: > Your package has an autopkgtest, great. However, on arm64 it recently > started to fill the entire disk with its output file in $AUTOPKGTEST_TMP (in > testing and unstable, I haven't checked stable). On an otherwise empty host, > there's 63 GB free, a watchdog kicks in at 95% disk usage and prevents most > damage, but the current scheduled job for purity-off on arm64 never > finishes. Can you please investigate the situation and fix it? The output > only shows the first test passes: OK: 100. I am not sure of how I can investigate this, since it works fine on my system. The test is written in shell and Perl, so I do not expect it to be architecture-dependent. The package is even "Architecture: all". md:purity-off$ sadt -bv cannot parse package relationship "@", returning it raw -- everything -- O: OK: 100 O: OK: 1500 O: OK: 400 O: OK: 500 O: OK: dabney O: OK: new100 O: OK: pt100 -- everything: PASS OK (tests=1) md:purity-off$ -- ciao, Marco signature.asc Description: PGP signature
Bug#1074791: be_enabled only checks for init scripts and upstart services
Control: reassign -1 ruby-serverspec Wrong package, sorry... -- ciao, Marco signature.asc Description: PGP signature
Bug#1074791: be_enabled only checks for init scripts and upstart services
Package: ruby-specinfra Version: 2.89.0-1 Severity: important Tags: upstream varnish does not ship an init script anymore because it was a bugs generator, but the varnish modules packages uses be_enabled in their autopkgtests and now they fail because ruby-specinfra does not know about systemd. ruby-specinfra needs to support services which only have a systemd unit. e.g.: Failures: 1) Service "varnish" is expected to be enabled Failure/Error: it { should be_enabled } expected Service "varnish" to be enabled /bin/sh -c ls\ /etc/rc3.d/\ \|\ grep\ --\ \'\^S..varnish\$\'\ \|\|\ grep\ \'\^\ \*start\ on\'\ /etc/init/varnish.conf # ./spec/varnish-modules/install_spec.rb:12:in `block (2 levels) in ' -- ciao, Marco signature.asc Description: PGP signature
Bug#1074171: RM: rpki-client [i386 hurd-i386] -- ROM; does not support 32 bit time_t anymore
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: rpki-cli...@packages.debian.org Control: affects -1 + src:rpki-client User: ftp.debian@packages.debian.org Usertags: remove rpki-client 9.1 does not support anymore systems with a 32 bit time_t. Note: this was a request for a partial removal from testing, converted in one for unstable -- ciao, Marco signature.asc Description: PGP signature
Bug#1054393: Informational: stable/bookworm/12, ...: #1072035 Re: Bug#1054393: dns-root-data: New IPs for b.root-servers-net
On Jun 08, Santiago Ruano Rincón wrote: > > For oldstable bullseye 11 ... > > I'm not spotting it yet on: > > https://release.debian.org/proposed-updates/oldstable.html > > But presumably that will occur via #1072035, etc. It has been uploaded a few days ago, it only needs to be approved. > I will handle the update dns-root-data for buster LTS and the ELTS > releases. Is there any objection to push the changes to the dns-team > repository? I am not sure. Anyway, please do not push to the debian/bullseye and debian/bookworm branches which are waiting to be pulled from my fork. -- ciao, Marco signature.asc Description: PGP signature
Bug#1072516: "command -v" prints to the terminal
Package: mailcap Version: 3.71gg Severity: important X-Debbugs-Cc: jcris...@debian.org, anto...@debian.org Control: affects -1 mutt After upgrading mailcap, when opening a message with mutt I see strings like "/usr/bin/vim" and "/usr/bin/evince" printed in random places. Looks like it is caused by this change: 79285fc update-mime: convert .desktop file's TryExec to a test= field for the mailcap entry (Closes: #964173) On a more general note, I am not sure that it is a good idea to automatically add entries for text/plain since they cause a useless shell exec in mutt every time a message is opened (maybe the mutt maintainer can add some insight?). -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.11-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mailcap depends on: ii media-types 10.1.0 ii perl 5.38.2-5 Versions of packages mailcap recommends: ii bzip2 1.0.8-5.1 ii file 1:5.45-3 ii xz-utils 5.6.1+really5.4.5-1 mailcap suggests no packages. -- Configuration Files: /etc/mailcap.order changed [not included] -- no debconf information -- ciao, Marco signature.asc Description: PGP signature
Bug#1072035: bookworm-pu: package dns-root-data/2024041801
On May 30, Emilio Pozuelo Monfort wrote: > This looks reasonable to me. Should a similar update be proposed for bullseye? Yes, uploaded. diff --git a/debian/changelog b/debian/changelog index 97fdbf8..98e603c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,28 @@ +dns-root-data (2024041801) unstable; urgency=medium + + * Add myself to the Uploaders field, as discussed with Ondřej. + * Fix the package description. (Closes: #1064829) + * Update the expired Verisign GRS PGP key. + * Update the root hints file to version 2024041801, with: ++ updated A and records for B. (Closes: #1054393) + + -- Marco d'Itri Tue, 21 May 2024 16:25:44 +0200 + +dns-root-data (2023010101) unstable; urgency=medium + + * merge current root hints and signatures (same contents as before) + * d/copyright: bump to 2023 + + -- Daniel Kahn Gillmor Wed, 11 Jan 2023 10:00:11 -0500 + +dns-root-data (2022120101) unstable; urgency=medium + + * Updated upstream root data (same contents as before) + * d/copyright: update for 2022 + * Standards-Version: bump to 4.6.1 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 20 Dec 2022 18:51:44 -0500 + dns-root-data (2021011101) unstable; urgency=medium * updated upstream root data (same contents as before) diff --git a/debian/control b/debian/control index ac3736a..cd14d8a 100644 --- a/debian/control +++ b/debian/control @@ -4,6 +4,7 @@ Priority: optional Maintainer: dns-root-data packagers Uploaders: Daniel Kahn Gillmor , + Marco d'Itri , Ondřej Surý , Robert Edmonds , Build-Depends: @@ -13,7 +14,7 @@ Build-Depends: openssl, unbound-anchor, xml2, -Standards-Version: 4.5.1 +Standards-Version: 4.7.0.0 Homepage: https://data.iana.org/root-anchors/ Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data @@ -24,7 +25,7 @@ Architecture: all Multi-Arch: foreign Depends: ${misc:Depends}, -Description: DNS root data including root zone and DNSSEC key +Description: DNS root hints and DNSSEC trust anchor This package contains various root zone related data as published by IANA to be used by various DNS software as a common source of DNS root zone data, namely: diff --git a/debian/copyright b/debian/copyright index 83463f6..d389c35 100644 --- a/debian/copyright +++ b/debian/copyright @@ -3,7 +3,7 @@ Upstream-Name: IANA Root Zone Management Source: https://www.iana.org/domains/root/files Files: * -Copyright: Copyright (c) 2010-2018 Internet Corporation For Assigned Names and Numbers +Copyright: Copyright (c) 2010-2023 Internet Corporation For Assigned Names and Numbers License: ICANN-Public ICANN asserts no property rights to any of the IANA registries or public keys we maintain. You are free to redistribute the IANA @@ -14,7 +14,7 @@ License: ICANN-Public Files: debian/* Copyright: 2014 Ondřej Surý , - 2018 Daniel Kahn Gillmor + 2018-2023 Daniel Kahn Gillmor License: Expat License: Expat diff --git a/registry-admin.key b/registry-admin.key index 9c0fb78..22f087a 100644 Binary files a/registry-admin.key and b/registry-admin.key differ diff --git a/root-anchors.p7s b/root-anchors.p7s index ff40c7a..fc6cd07 100644 Binary files a/root-anchors.p7s and b/root-anchors.p7s differ diff --git a/root.hints b/root.hints index 6d39aad..f0a0934 100644 --- a/root.hints +++ b/root.hints @@ -8,9 +8,9 @@ ; file/domain/named.cache ; on server FTP.INTERNIC.NET ; -OR-RS.INTERNIC.NET -; -; last update: January 11, 2021 -; related version of root zone: 2021011101 +; +; last update: April 18, 2024 +; related version of root zone: 2024041801 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,8 +21,8 @@ A.ROOT-SERVERS.NET. 360 2001:503:ba3e::2:30 ; FORMERLY NS1.ISI.EDU ; .360 NSB.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 360 A 199.9.14.201 -B.ROOT-SERVERS.NET. 360 2001:500:200::b +B.ROOT-SERVERS.NET. 360 A 170.247.170.2 +B.ROOT-SERVERS.NET. 360 2801:1b8:10::b ; ; FORMERLY C.PSI.NET ; diff --git a/root.hints.sig b/root.hints.sig index 389c1ac..630ff8a 100644 Binary files a/root.hints.sig and b/root.hints.sig differ -- ciao, Marco signature.asc Description: PGP signature
Bug#1072035: bookworm-pu: package dns-root-data/2024041801
On May 27, Jonas Meier wrote: > [ ] attach debdiff against the package in (old)stable diff -Nru dns-root-data-2023010101/debian/changelog dns-root-data-2024041801~deb12u1/debian/changelog --- dns-root-data-2023010101/debian/changelog 2023-01-11 16:00:11.0 +0100 +++ dns-root-data-2024041801~deb12u1/debian/changelog 2024-05-30 14:02:49.0 +0200 @@ -1,3 +1,19 @@ +dns-root-data (2024041801~deb12u1) bookworm; urgency=medium + + * Rebuild for bookworm. (Closes: #1072035) + + -- Marco d'Itri Thu, 30 May 2024 14:02:49 +0200 + +dns-root-data (2024041801) unstable; urgency=medium + + * Add myself to the Uploaders field, as discussed with Ondřej. + * Fix the package description. (Closes: #1064829) + * Update the expired Verisign GRS PGP key. + * Update the root hints file to version 2024041801, with: ++ updated A and records for B. (Closes: #1054393) + + -- Marco d'Itri Tue, 21 May 2024 16:25:44 +0200 + dns-root-data (2023010101) unstable; urgency=medium * merge current root hints and signatures (same contents as before) diff -Nru dns-root-data-2023010101/debian/control dns-root-data-2024041801~deb12u1/debian/control --- dns-root-data-2023010101/debian/control 2022-12-21 00:52:11.0 +0100 +++ dns-root-data-2024041801~deb12u1/debian/control 2024-05-21 16:25:42.0 +0200 @@ -4,6 +4,7 @@ Maintainer: dns-root-data packagers Uploaders: Daniel Kahn Gillmor , + Marco d'Itri , Ondřej Surý , Robert Edmonds , Build-Depends: @@ -13,7 +14,7 @@ openssl, unbound-anchor, xml2, -Standards-Version: 4.6.1 +Standards-Version: 4.7.0.0 Homepage: https://data.iana.org/root-anchors/ Vcs-Git: https://salsa.debian.org/dns-team/dns-root-data.git Vcs-Browser: https://salsa.debian.org/dns-team/dns-root-data @@ -24,7 +25,7 @@ Multi-Arch: foreign Depends: ${misc:Depends}, -Description: DNS root data including root zone and DNSSEC key +Description: DNS root hints and DNSSEC trust anchor This package contains various root zone related data as published by IANA to be used by various DNS software as a common source of DNS root zone data, namely: Binary files /tmp/osYYJAlpQA/dns-root-data-2023010101/registry-admin.key and /tmp/1ohQbBsBE0/dns-root-data-2024041801~deb12u1/registry-admin.key differ diff -Nru dns-root-data-2023010101/root.hints dns-root-data-2024041801~deb12u1/root.hints --- dns-root-data-2023010101/root.hints 2023-01-11 08:22:00.0 +0100 +++ dns-root-data-2024041801~deb12u1/root.hints 2024-05-21 16:25:42.0 +0200 @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR-RS.INTERNIC.NET ; -; last update: January 01, 2023 -; related version of root zone: 2023010101 +; last update: April 18, 2024 +; related version of root zone: 2024041801 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,8 +21,8 @@ ; FORMERLY NS1.ISI.EDU ; .360 NSB.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 360 A 199.9.14.201 -B.ROOT-SERVERS.NET. 360 2001:500:200::b +B.ROOT-SERVERS.NET. 360 A 170.247.170.2 +B.ROOT-SERVERS.NET. 360 2801:1b8:10::b ; ; FORMERLY C.PSI.NET ; Binary files /tmp/osYYJAlpQA/dns-root-data-2023010101/root.hints.sig and /tmp/1ohQbBsBE0/dns-root-data-2024041801~deb12u1/root.hints.sig differ -- ciao, Marco signature.asc Description: PGP signature
Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
On May 28, Andreas Metzler wrote: > I think it is bad choice to deliberately have different behavior for > freshly installed and upgraded systems. Offering upgrades has always > been one of the major selling points of Debian, and imho this > implicitely includes that you do not get a worse or second class Debian > installation when you upgrade it than if you installed from scratch. I strongly disagree: it is a bad choice to change on upgrades a default which may cause data loss. -- ciao, Marco signature.asc Description: PGP signature
Bug#1033012:
On Jan 12, Yangfl wrote: > Please kindly check 2.3.4-1 to see if that fixed your problem. It does not. The problem is that TasksMax in miniupnpd.service is set too low. Set it to something like 10, because it makes no sense to count every single process and it is hard anyway when spawning shell scripts. -- ciao, Marco signature.asc Description: PGP signature
Bug#1070472: Uses the obsolete /sbin/route without a dependency
Package: miniupnpd Version: 2.3.1-1 Severity: serious Tags: patch Pseudo-patch for miniupnpd.config: - MiniUPnPd_EXTERNAL_INTERFACE=$(LC_ALL=C /sbin/route | grep -m 1 default | awk -- '{ print $8 }') + MiniUPnPd_EXTERNAL_INTERFACE=$(LC_ALL=C ip -o route show | sed -nre '/^default /s/^default .*dev ([^ ]+).*/\1/p') -- ciao, Marco signature.asc Description: PGP signature
Bug#1036908: expect: Broken use of \c in man page
On May 29, Helge Kreutzmann wrote: > The usage of \c is in mkpasswd(1) is incorrect. It fails when trying > to use po4a to provide translations of the man pages. Im currently > "patching around this" in manpages-l10n. > > For a full explanation of the problem (the man page is different, but > the problem is the same) see Debian #1036826 and the explanations by I have read #1036826 and tested multiple proposed solutions but I could not managed to reproduce the original output. Are you able to propose a patch which does not change the generated man page? > Bjarni, especially in message #25. That solution has been rejected by Branden. -- ciao, Marco signature.asc Description: PGP signature
Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
On Apr 26, Michael Tokarev wrote: > So, should I disable module utils in busybox-udeb now? I think so. > Is kmod udeb ready and used in d-i already, or does it need some > prep first? AFAIK it works. -- ciao, Marco signature.asc Description: PGP signature
Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
On Jan 06, Michael Tokarev wrote: > Yes, some utils in busybox aren't as good as regular implementations. For Yes. Nowadays kmod has many more features related to compressed modules and verification of signatures. Can we agree that kmod should provide these programs for d-i? Or can the d-i maintainers just tell us what they want? -- ciao, Marco signature.asc Description: PGP signature
Bug#1056156: varnish: CVE-2023-44487: VSV00013 Varnish HTTP/2 Rapid Reset Attack
On Apr 04, Salvatore Bonaccorso wrote: > While I do agree (and it was filled with this severity), the bug > severity would not be RC, varnish currently seem to lack active > maintainership. Not anymore: https://salsa.debian.org/md/varnish/ . -- ciao, Marco signature.asc Description: PGP signature
Bug#782691: varnishncsa sometimes does not start after reboot
On Apr 16, Oskar Liljeblad wrote: > varnishncsa sometimes does not start after reboot. > I suspect varnishncsa fails because it cannot contact varnish, which has not > started completely yet. This bug is 9 years old: can you still reproduce it? -- ciao, Marco signature.asc Description: PGP signature
Bug#1068311: tcp-wrappers: Can anything be done to avoid the libnsl dependency?
On Apr 03, Colin Watson wrote: > I wondered if anything could be done to avoid this or refactor it > somehow? Sure: I think that it makes sense to just disable NETGROUP (which is the conditional for yp_get_default_domain), because I do not think that anybody in 2024 still uses NIS and if they do then we are only doing them a favour by disabling netgroups support here. -- ciao, Marco signature.asc Description: PGP signature
Bug#1056156: varnish: CVE-2023-44487: VSV00013 Varnish HTTP/2 Rapid Reset Attack
Control: found -1 5.0.0-1 Control: fixed -1 7.4.2 On Nov 17, Salvatore Bonaccorso wrote: > CVE-2023-44487[0]: > | The HTTP/2 protocol allows a denial of service (server resource > | consumption) because request cancellation can reset many streams > | quickly, as exploited in the wild in August through October 2023. Fixing this issue would require backporting a significant amount of new features in varnish and I do not believe that it would be practical. I am inclined to downgrade this bug because: - this is just a DoS attack - it only concerns people using hitch for TLS termination instead of a full web server like nginx or haproxy nginx in stable is also vulnerable, BTW. -- ciao, Marco signature.asc Description: PGP signature
Bug#1068184: RM: gup -- ROM; popcon 0
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: g...@packages.debian.org Control: affects -1 + src:gup User: ftp.debian@packages.debian.org Usertags: remove As much as I like retrocomputing, let's not waste space in the archive. -- ciao, Marco signature.asc Description: PGP signature
Bug#1067932: usrmerge is dangerous : lost bash and other commands
On Mar 29, Denis Migdal wrote: > Maybe I was better off reinstalling, indeed, but I prefer to properly > plan/prepare for it. This is why the conversion procedure stopped. Then you started thinkering with your system to "fix" it and did worse. > It'd help me if, at least, usrmerge printed the number of duplicates and sym > links. Maybe with a more explicit error message, indicating what to do, "we > strongly advise to reinstall your system", "remove duplicates, but be > careful of symlinks", or whatever. This does not happen frequently enough (only you reported this) to justify investing development resources. -- ciao, Marco signature.asc Description: PGP signature
Bug#1041552: HFS/HFS+ are insecure
On Mar 13, Michael Biebl wrote: > > So I propose this content for a file like > > /usr/lib/udev/rules.d/75-insecure-fs.rules: > Just curious: Why did you pick priority 75? I can't remember. -- ciao, Marco signature.asc Description: PGP signature
Bug#1064798: kmod: installs same filename to both bin and sbin
On Mar 09, ca...@allfreemail.net wrote: > I believe the fix is incomplete, because both /usr/bin/lsmod and > /usr/sbin/lsmod are still being created. Actually it has been this way at least since Debian 7. I will not break compatibility for no good reason. -- ciao, Marco signature.asc Description: PGP signature
Bug#1061516: Please add a sshd@.service template for socket activation
On Mar 04, Colin Watson wrote: > Does this patch look workable? It mostly just resurrects the template > unit we used to ship, under a different name. Looks good to me! -- ciao, Marco signature.asc Description: PGP signature
Bug#1065192: RM: gortr -- ROM; abandoned by upstream
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: go...@packages.debian.org Control: affects -1 + src:gortr User: ftp.debian@packages.debian.org Usertags: remove Development of cfrpki and gortr has been discontinued by the upstream maintainers, so there is no reason to keep them in Debian. Users can migrate to rpki-client and stayrtr as suggested by upstream. Another bug has been filed for removal of cfrpki. -- ciao, Marco signature.asc Description: PGP signature
Bug#1065191: RM: cfrpki -- ROM; abandoned by upstream
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: cfr...@packages.debian.org Control: affects -1 + src:cfrpki User: ftp.debian@packages.debian.org Usertags: remove Development of cfrpki and gortr has been discontinued by the upstream maintainers, so there is no reason to keep them in Debian. Users can migrate to rpki-client and stayrtr as suggested by upstream. Another bug has been filed for removal of gortr. -- ciao, Marco signature.asc Description: PGP signature
Bug#1061516: Please add a sshd@.service template for socket activation
On Jan 25, Marco d'Itri wrote: > systemd currently expects the template to be named sshd@.service > (because that is what Fedora uses), but if you prefer to keep the > ssh@.service name then I suppose that we could patch systemd as well. Is there any way I can help with this? The major issue is deciding how you want the template to be called. -- ciao, Marco signature.asc Description: PGP signature
Bug#1064798: kmod: installs same filename to both bin and sbin
On Feb 26, ca...@allfreemail.net wrote: > This causes a problem on a filesystem layout where bin and sbin are > merged into a single real directory, typically by sbin being a symlink > to bin. Such a filesystem layout has become standard on some > distributions now, and others are moving onto in their next releases. This is not supported by Debian and we have no such plans. But obviously it is still a bug, and I will fix in whenever I will do a new upload. -- ciao, Marco signature.asc Description: PGP signature
Bug#1063804: FTBFS: depmod: FATAL: could not search modules: No such file or directory
On Feb 12, Salvatore Bonaccorso wrote: > --with-module-directory=/usr/lib/modules > > Looping in Marco for comments. I can revert it if it causes too much trouble, but maybe this is just the right time to switch the kernel packages to /usr/lib/modules/ as well? Please let me know if I am missing anything... -- ciao, Marco signature.asc Description: PGP signature
Bug#1063476: the sanesecurity configuration is not suitable for a release
Source: fangfrisch Version: 1.7.0-1 Severity: grave Tags: upstream Control: forwarded -1 https://github.com/rseichter/fangfrisch/issues/30 The sanesecurity section of default configuration, if enabled, relies on an unofficial HTTP mirror which is seriously overloaded and probably seriously expensive for their operators, since it is located in Australia. The only other known HTTP mirror is mentioned on https://wiki.gentoo.org/wiki/ClamAV_Unofficial_Signatures, with a vague note about it being available to the public. Until fangfrisch will implement rsync support, I do not think that it is safe to include fangfrisch in a Debian release due to the possible effect on unsuspecting third party mirrors. This has also been discussed upstream: https://github.com/rseichter/fangfrisch/issues/30 -- ciao, Marco signature.asc Description: PGP signature
Bug#1061516: Please add a sshd@.service template for socket activation
Package: openssh-server Version: 1:9.6p1-3 Severity: normal Control: affects -1 systemd The next release of systemd will contain support to connect to the system with SSH over an AF_VSOCK socket: https://github.com/systemd/systemd/pull/30777/files The server side of this uses what Ubuntu currently ships as ssh@.service, i.e. a template for socket activation of per-connection sshd daemons. systemd currently expects the template to be named sshd@.service (because that is what Fedora uses), but if you prefer to keep the ssh@.service name then I suppose that we could patch systemd as well. -- ciao, Marco signature.asc Description: PGP signature
Bug#1054393: dns-root-data: New IPs for b.root-servers-net 2023-11-27
This is annoying and needs to be fixed in stable too. Do you want me to make a NMU? -- ciao, Marco signature.asc Description: PGP signature
Bug#1061178: usrmerge: Usrmerge fails with a staticly-linked cp command
On Jan 20, Ajax Dong wrote: > Days ago I upgraded one of my machines (I use sudo machinectl shell > network-service to get its shell) from Debian Buster to Debian Bookworm. > The cp and mv command on that machine was staticly-linked and > self-contained. (It does not require any shared library.) UseMerge This does not look like any Debian system I know. > Because /bin/cp is staticly linked, ldd exited with error, $fh is not Not on any of the Debian 10, 11 and 12 systems that I checked: md:~$ ldd /sbin/ldconfig statically linked md:~$ And this ldd output does not cause early_conversion_files() to fail. What's up then? -- ciao, Marco signature.asc Description: PGP signature
Bug#1041552: HFS/HFS+ are insecure
On Jan 10, Michael Biebl wrote: > While we could ship such a udev rule for udisks, I don't think it will > properly solve the issue. The device will still show up in nautilus, plasma > etc and mounting is just an additional click away. The threat model here is: somebody connects a crafted USB stick to a computer with a locked screen. Also, the listed file systems are not used or not used anymore on removable devices. Certainly not on removable devices used by regular users. -- ciao, Marco signature.asc Description: PGP signature
Bug#1060002: usrmerge: support working with a moved coreutils and policycoreutils
On Jan 04, Helmut Grohne wrote: > the way usrmerge works now prevents us from moving /bin/cp and > /sbin/restorecon to /usr for DEP17. I'm attaching a patch that makes > both of them movable and thus decouples their move from when base-files > switches. Do you have any objections? Please just describe in detail why these changes will be needed. -- ciao, Marco signature.asc Description: PGP signature
Bug#1059920: DEP17: move all kmod files to /usr
On Jan 03, Helmut Grohne wrote: > We want to finalize the /usr-merge transition via DEP17 by moving all > the files to /usr. kmod is involved now, because it is installed by > debootstrap. Hence, I'm sending you a patch for the move. I don't think > this is going to cause any flags from dumat, but the patch is > non-trivial nonetheless, so I recommend doing an experimental upload in > order to have other QA systems and volunteer testers try it. I also note I like to keep unstable unstable... But what about d-i? Is it merged now? -- ciao, Marco signature.asc Description: PGP signature
Bug#1059841: DDPO: backports-new show in the wrong column
Package: qa.debian.org Severity: normal I have uploaded fort-validator 1.6.1-1~bpo12+2 to bookworm-backports, but it is shown in the testing/unstable column instead of in the stable one. -- ciao, Marco signature.asc Description: PGP signature
Bug#1059768: CapabilityBoundingSet breaks fileOwner/fileGroup
Package: rsyslog Version: 8.2310.0-1 Severity: normal Tags: upstream forwarded -1 https://github.com/rsyslog/rsyslog/pull/5223 affects -1 inn inn2 CapabilityBoundingSet in /usr/lib/systemd/system/rsyslog.service lacks CAP_DAC_OVERRIDE, which is needed to make fileOwner/fileGroup work. -- ciao, Marco signature.asc Description: PGP signature
Bug#1059745: ITP: cryptsetup-2fa -- 2FA plugin for cryptsetup
On Dec 31, YunQiang Su wrote: > Upstream Contact: YunQiang Su > * URL : https://github.com/wzssyqa/cryptsetup-2fa/ What are the benefits of this compared to systemd-cryptenroll? -- ciao, Marco signature.asc Description: PGP signature
Bug#1058761: cheese segfaulted
Package: cheese Version: 44.1-1 Severity: normal Tags: upstream I do not remember exactly what I did to cause this. #0 0x7f5d4cf46c83 in find_root (node=0xdd74dc3c3606beee) at ../../../glib/gsequence.c:1615 Download failed: Invalid argument. Continuing without source file ./debian/build/deb/../../../glib/gsequence.c. 1615../../../glib/gsequence.c: No such file or directory. [Current thread is 1 (Thread 0x7f5d4ad32ac0 (LWP 1474281))] (gdb) where #0 0x7f5d4cf46c83 in find_root (node=0xdd74dc3c3606beee) at ../../../glib/gsequence.c:1615 #1 node_get_last (node=) at ../../../glib/gsequence.c:1682 #2 get_sequence (node=) at ../../../glib/gsequence.c:187 #3 g_sequence_iter_get_sequence (iter=) at ../../../glib/gsequence.c:1193 #4 0x7f5d4d3f783f in iter_is_valid (iter=iter@entry=0x7ffe4e42cba0, list_store=0x56334ae4f9c0 [GtkListStore]) at ../../../gtk/gtkliststore.c:398 #5 0x7f5d4d3f7fb0 in gtk_list_store_get_value (tree_model=, iter=0x7ffe4e42cba0, column=1, value=0x7ffe4e42c9f0) at ../../../gtk/gtkliststore.c:678 #6 0x7f5d4d51153e in gtk_tree_model_get_valist (tree_model=tree_model@entry=0x56334ae4f9c0, iter=iter@entry=0x7ffe4e42cba0, var_args=var_args@entry=0x7ffe4e42caa0) at ../../../gtk/gtktreemodel.c:1810 #7 0x7f5d4d5118e1 in gtk_tree_model_get (tree_model=0x56334ae4f9c0, iter=iter@entry=0x7ffe4e42cba0) at ../../../gtk/gtktreemodel.c:1774 #8 0x563349f78184 in ___lambda6_ (device=0x56334ac7b020 [CheeseCameraDevice], _data2_=0x56334acd21f0) at src/cheese.p/cheese-preferences.c:1050 #9 lambda6__gfunc (data=0x56334ac7b020, self=0x56334acd21f0) at src/cheese.p/cheese-preferences.c:1075 #10 0x7f5d4cef0cda in g_ptr_array_foreach --Type for more, q to quit, c to continue without paging--c (array=array@entry=0x56334a65b000, func=func@entry=0x563349f78110, user_data=user_data@entry=0x56334acd21f0) at ../../../glib/garray.c:2690 #11 0x563349f78428 in cheese_preferences_dialog_on_camera_update_num_camera_devices (self=0x56334addf500 [CheesePreferencesDialog]) at src/cheese.p/cheese-preferences.c:1145 #12 _cheese_preferences_dialog_on_camera_update_num_camera_devices_g_object_notify (_sender=, pspec=, self=0x56334addf500) at src/cheese.p/cheese-preferences.c:217 #17 0x7f5d4da40243 in (instance=instance@entry=0x56334ac146b0, signal_id=, detail=) at ../../../gobject/gsignal.c:3675 #13 0x7f5d4da25540 in g_closure_invoke (closure=0x56334add9290, return_value=0x0, n_param_values=2, param_values=0x7ffe4e42cf10, invocation_hint=0x7ffe4e42ce60) at ../../../gobject/gclosure.c:832 #14 0x7f5d4da38afc in signal_emit_unlocked_R (node=node@entry=0x7ffe4e42cfe0, detail=detail@entry=4464, instance=instance@entry=0x56334ac146b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe4e42cf10) at ../../../gobject/gsignal.c:3980 #15 0x7f5d4da3a501 in signal_emit_valist_unlocked (instance=instance@entry=0x56334ac146b0, signal_id=signal_id@entry=1, detail=detail@entry=4464, var_args=var_args@entry=0x7ffe4e42d140) at ../../../gobject/gsignal.c:3612 #16 0x7f5d4da40186 in g_signal_emit_valist (instance=0x56334ac146b0, signal_id=1, detail=4464, var_args=0x7ffe4e42d140) at ../../../gobject/gsignal.c:3355 #18 0x7f5d4da29734 in g_object_dispatch_properties_changed (object=0x56334ac146b0 [CheeseCamera], n_pspecs=, pspecs=) at ../../../gobject/gobject.c:1427 #19 0x7f5d4da2c790 in g_object_notify_by_spec_internal (pspec=, object=0x56334ac146b0 [CheeseCamera]) at ../../../gobject/gobject.c:1551 #20 g_object_notify_by_pspec (object=0x56334ac146b0 [CheeseCamera], pspec=) at ../../../gobject/gobject.c:1657 #25 0x7f5d4da40243 in (instance=instance@entry=0x56334a9ebc30, signal_id=, detail=detail@entry=0) at ../../../gobject/gsignal.c:3675 #21 0x7f5d4da25540 in g_closure_invoke (closure=0x56334ac2b510, return_value=0x0, n_param_values=2, param_values=0x7ffe4e42d450, invocation_hint=0x7ffe4e42d3a0) at ../../../gobject/gclosure.c:832 #22 0x7f5d4da38afc in signal_emit_unlocked_R (node=node@entry=0x7ffe4e42d520, detail=detail@entry=0, instance=instance@entry=0x56334a9ebc30, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe4e42d450) at ../../../gobject/gsignal.c:3980 #23 0x7f5d4da3a501 in signal_emit_valist_unlocked (instance=instance@entry=0x56334a9ebc30, signal_id=signal_id@entry=384, detail=detail@entry=0, var_args=var_args@entry=0x7ffe4e42d680) at ../../../gobject/gsignal.c:3612 #24 0x7f5d4da40186 in g_signal_emit_valist (instance=0x56334a9ebc30, signal_id=384, detail=0, var_args=0x7ffe4e42d680) at ../../../gobject/gsignal.c:3355 #26 0x7f5d4dbe9c6a in cheese_camera_device_monitor_removed (device=, monitor=0x56334a9ebc30 [CheeseCameraDevic
Bug#1058760: assertion failed in isc_signal_stop()
Package: bind9-host Version: 1:9.19.17-1 Severity: normal Tags: upstream This happened after I pressed ^C: #0 __pthread_kill_implementation (threadid=, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c. 44 ./nptl/pthread_kill.c: No such file or directory. [Current thread is 1 (Thread 0x7f04feaf0480 (LWP 1416976))] (gdb) where #0 __pthread_kill_implementation (threadid=, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44 #1 0x7f04ffaa815f in __pthread_kill_internal (signo=6, threadid=) at ./nptl/pthread_kill.c:78 #2 0x7f04ffa5a472 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x7f04ffa444b2 in __GI_abort () at ./stdlib/abort.c:79 #4 0x7f04fffc9355 in isc_assertion_failed ( file=file@entry=0x7f058129 "signal.c", line=line@entry=78, type=type@entry=isc_assertiontype_require, cond=cond@entry=0x7f051480 "((signal) != ((void *)0) && ((const isc__magic_t *)(signal))->magic == ((('S') << 24 | ('I') << 16 | ('G') << 8 | (' '") at ./lib/isc/assertions.c:49 #5 0x7f04fffe8521 in isc_signal_stop (signal=) at ./lib/isc/signal.c:78 #6 0x7f04fffdd89e in isc_loopmgr_blocking (loopmgr=0x7f04fc208600) at ./lib/isc/loop.c:587 #7 0x5624a7a1b056 in get_address (host=0x7f04fc272a00 "127.0.0.1", myport=53, sockaddr=0x7f04fc29f7d8) at ./bin/dig/dighost.c:4521 #8 0x5624a7a1d31d in start_udp (query=) at ./bin/dig/dighost.c:3263 #9 0x5624a7a1e8ef in clear_current_lookup () at ./bin/dig/dighost.c:1820 #10 0x5624a7a2028a in recv_done (handle=0x7f04fc29fa80, eresult=, region=0x7fffab553870, arg=0x7f04fc29f700) --Type for more, q to quit, c to continue without paging--c at ./bin/dig/dighost.c:3915 #11 0x7f04fffbadfc in isc___nm_readcb (arg=) at netmgr/netmgr.c:1783 #12 isc__nm_readcb (sock=sock@entry=0x7f04fc274800, uvreq=, eresult=eresult@entry=ISC_R_SHUTTINGDOWN, async=async@entry=false) at netmgr/netmgr.c:1798 #13 0x7f04fffc8146 in isc__nm_udp_failed_read_cb (sock=0x7f04fc274800, result=ISC_R_SHUTTINGDOWN, async=false) at netmgr/udp.c:865 #14 0x7f04ffef767b in uv_walk (loop=loop@entry=0x7f04fc272020, walk_cb=walk_cb@entry=0x7f04fffb8b10 , arg=arg@entry=0x0) at ./src/uv-common.c:549 #15 0x7f04fffbb758 in networker_teardown (arg=0x7f04fc20f2f0) at netmgr/netmgr.c:140 #16 0x7f04fffc96a7 in isc__async_cb (handle=) at ./lib/isc/async.c:111 #17 0x7f04ffef8633 in uv__async_io (loop=0x7f04fc272020, w=, events=) at ./src/unix/async.c:176 #18 0x7f04fff0c065 in uv__io_poll (loop=loop@entry=0x7f04fc272020, timeout=) at ./src/unix/linux.c:1476 #19 0x7f04ffef92f8 in uv_run (loop=loop@entry=0x7f04fc272020, mode=mode@entry=UV_RUN_DEFAULT) at ./src/unix/core.c:447 #20 0x7f04fffdbd30 in loop_thread (arg=0x7f04fc272000) at ./lib/isc/loop.c:282 #21 0x5624a7a14fc8 in main (argc=2, argv=0x7fffab557dd8) at ./bin/dig/host.c:914 (gdb) -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-4-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9-host depends on: ii bind9-libs 1:9.19.17-1 ii libc6 2.37-13 ii libidn2-0 2.3.4-1+b1 bind9-host recommends no packages. bind9-host suggests no packages. -- no debconf information -- ciao, Marco signature.asc Description: PGP signature
Bug#1057089: bullseye-pu: package usrmerge/37~deb12u1
On Nov 29, Andreas Beckmann wrote: > Improve the usrmerge experience in bookworm. Great idea, thank you for working on this! -- ciao, Marco signature.asc Description: PGP signature
Bug#1056698: should not depend on the Javascript libraries
Package: restic Version: 0.16.2-1 Severity: normal Having a 100% console-based backup program depend on tens of MBs of Javascript libraries and fonts just for the HTML manual that almost nobody will access there is really wasteful. Please make these recommends, or else move the HTML to a restic-doc package. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-4-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages restic depends on: ii libc62.37-12 ii libjs-jquery 3.6.1+dfsg+~3.5.14-1 ii libjs-sphinxdoc 7.2.6-2 ii sphinx-rtd-theme-common 2.0.0~rc3+dfsg-2 Versions of packages restic recommends: ii fuse3 [fuse] 3.14.0-4 restic suggests no packages. -- no debconf information -- ciao, Marco signature.asc Description: PGP signature
Bug#810018: New Essential package procps-base
On Nov 20, Craig Small wrote: > Also why is killall5 not a candidate too? Probably because it makes no sense outside of sysvinit, except that as a footgun. (Also, is it equivalent to pkill --inverse?) -- ciao, Marco signature.asc Description: PGP signature
Bug#706918: pppd stopped passing ipparam value to /etc/ppp/ip-up after an upgrade to Wheezy
On May 06, Evgeny Kapun wrote: > Package: ppp > Version: 2.4.5-5.1+b1 > > If ipparam option is supplied to pppd, pppd is supposed to pass its > argument to scripts like /etc/ppp/ip-up. However, after a system > upgrade from Squeeze to Wheezy, this stopped working. Previously, > ip-up was invoked like this: Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#736851: ppp: Please ship logcheck rules
Control: severity -1 wishlist Control: tag -1 help On Jan 27, Jonathan Wiltshire wrote: > Please ship snippets for consumption by the logcheck package. Please provide sensible rules. -- ciao, Marco signature.asc Description: PGP signature
Bug#514274: Bad ppp frames for certain TCP package lengths
On Feb 05, Eckhart Wörner wrote: > With a UMTS connection to o2 Germany, connections sometimes dropped. Looking > into that issue with wireshark, I found out that the > connection drops because a TCP package of length 187 + k * 240 bytes (with k > in 0,1,...) never makes it to the TCP stack of the > receiver (i.e. the computer where PPP is running). This can be reproduced > using netcat and a 187 byte file. Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#555477: /usr/sbin/pppd: ppp with persist does not redial after error
On Nov 09, Alex S Kurilo wrote: > ppp does not redial if pppoe server return 'No client slots available' > (persist turned on, after other errors it tries to reconnect) > The following line appears in the syslog before pppd dies: > > PADS: System-Error: RP-PPPoE: Server: No client slots available Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#650634: pppd eats all cpu in tdb_allocate()
On Dec 01, onehalf3544 wrote: > Problem is reproducible (nobody is able to establish connection =(( ). > I'll continue debugging, but would appreciate any advice. Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#451363: ppp: radius plugin stops talking to radius server
On Nov 15, B Thompson wrote: > I am having problems with the radius plugin supplied with ppp (I am using this > to authenticate users of my (poptop) pptp vpn. Here are the logs from a failed > login :- Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#384998: rp-pppoe plugin and MLPPP don't play well together - tiny fragments are sent
On Aug 28, James Harper wrote: > When using the rp-pppoe plugin and pppoe, the fragments used are tiny (8 > bytes of ppp data), and consequently the link behaves really really poorly. > The correct behaviour is that MLPPP fragments should be (packet size) / > (number of links), but less than MTU. When using /usr/sbin/pppoe, it works > fine. Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#374698: pppd exits despite 'persist' option
On Jun 20, Claus Fischer wrote: > Summary: The persist option does not work properly. Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#203620: ppp: pppstats returns 0 for IN (incoming bytes) after a while
On Jul 31, Christian Schoenebeck wrote: > I encountered that pppstats displays 0 for incoming bytes after a while. Here > is an example output of pppstats: Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#325746: pppd 2.4.3 (+pptpd) bug - error count recive and transmit bytes
On Aug 30, Женя Дрюков wrote: > Error count VPN traffic client disconnect after 10 secconds width only > Send bytes 113 Megabytes !!! Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#518624: /usr/sbin/pppd: ppp authentication mschapv2 doesn't work after upgrading winbind to 2:3.2.5-4
On Mar 07, Sergey Dorofeev wrote: > Both upgraded. > Windows clients also affected. Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#627088: ppp: reconnect after hangup fails with many Protocol-Reject messages
On May 17, Richard wrote: > after upgrading to wheezy a previously functioning PPTP connection has > problems. > when the connection hangs up and the daemon tries to reconnect, the > connection fails > with the following log messages: Are you still able to reproduce this issue? -- ciao, Marco signature.asc Description: PGP signature
Bug#1034053: segfaulted on quit
Control: version -1 2.2.12-0.1 Again: #0 0x7f4fd963a11a in __GI___libc_free (mem=0x54495f7469) at ./malloc/malloc.c:3344 Download failed: Argomento non valido. Continuing without source file ./malloc/./malloc/malloc.c. 3344./malloc/malloc.c: File o directory non esistente. (gdb) where #0 0x7f4fd963a11a in __GI___libc_free (mem=0x54495f7469) at ./malloc/malloc.c:3344 #1 0x55b62120b685 in safe_free (ptr=0x55b622c3c7d0) at ../../lib.c:198 #2 0x55b6211f0bf0 in rfc822_free_address (p=0x55b622ee2da0) at ../../rfc822.c:140 #3 0x55b62120e9a0 in mutt_free_envelope (p=0x55b622ee2d80) at ../../muttlib.c:875 #4 0x55b62120edf7 in mutt_free_body (p=0x55b622d46c38) at ../../muttlib.c:208 #5 0x55b62120ee0c in mutt_free_body (p=0x55b622d46ac8) at ../../muttlib.c:211 #6 0x55b62120ebba in mutt_free_header (h=0x55b622d66500) at ../../muttlib.c:382 #7 0x55b6211d70e1 in mx_fastclose_mailbox (ctx=ctx@entry=0x55b621fa95d0) at ../../mx.c:736 #8 0x55b6211d7bab in mx_close_mailbox (ctx=0x55b621fa95d0, index_hint=index_hint@entry=0x7fff63f24274) at ../../mx.c:1014 #9 0x55b6211ac799 in mutt_index_menu () at ../../curs_main.c:1414 #10 0x55b62118c157 in main (argc=1, argv=0x7fff63f25508, environ=) at ../../main.c:1400 (gdb) -- ciao, Marco signature.asc Description: PGP signature
Bug#1053156: libmnl is 18 months out of date
Source: libmnl Version: 1.0.4-3 Severity: wishlist 1.0.5 was released in April 2022. -- ciao, Marco signature.asc Description: PGP signature
Bug#704435: varnish: Pushing vcls failed:#012CLI communication error (hdr)
On Apr 01, "Rune K. Svendsen" wrote: > Apr 1 06:40:17 raspberrypi varnishd[28809]: Pushing vcls failed:#012CLI > communication error (hdr) This bug is 10 years old: can you still reproduce this? -- ciao, Marco signature.asc Description: PGP signature
Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var
On Sep 17, Bill Allombert wrote: > Does not that would break users expectation that the system image contains > /var > before the first boot ? I am not aware of such expectations. > A lot of things in /var are caches that are mostly instance-independent and > can > be prefilled, but for that, users expect a minimal directory hierarchy to be > present before first boot. Can you show some examples of how this would work in practice? > It seems your scheme favors some usecase over some others. There are always tradeoffs, but my use case does not forbid the other one: worst case it requires one more mkdir while copying that data. -- ciao, Marco signature.asc Description: PGP signature
Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var
On Sep 17, Russ Allbery wrote: > (I am a little confused by this wording, but I think what you're saying is > that /usr is encrypted and read-only, and /var is recreated on each boot. > That at least is my understanding of the pattern that you're trying to > enable.) The general idea is to be able to create /var on the first boot. If /var can be populated programmatically then a system can be trivially replicated by sharing (or copying) /usr and by copying /etc. BTW, I do not expect that tmpfiles.d(5) will be the standard method used to create most directories below /var. Usually the CacheDirectory, LogsDirectory and StateDirectory directives are more convenient and flexible. > The benefit we gain from this is attribution of the directories in the > dpkg database, which is useful (although I understand that one can argue > about how useful). Not enough to justify having multiple sources of truth is my opinion. -- ciao, Marco signature.asc Description: PGP signature
Bug#885698: What licenses should be included in /usr/share/common-licenses?
On Sep 10, Enrico Zini wrote: > I like this. I'd say that even if a license is shorter than 25 lines I'd > appreciate to be able to link to it instead of copypasting it. Me too. > I like to be able to fill the license field with a value, after checking > that the upstream license didn't diverge from what it looks like. I'd > love to use SPDX IDs there, for example. In an ideal world, I'd like to > autofill debian/copyright with SPDX IDs from upstream metadata. Having a > link to a file goes closer to having a declarative license ID. Agreed. -- ciao, Marco signature.asc Description: PGP signature
Bug#1050901: libc6:amd64: install /usr/lib64 without including it
> As the issue is actually introduced by the usrmerge package, I am > reassigning the bug there. I am also tagging it wontfix as I don't > believe the usrmerge maintainer will want to rollback the usrmerge > transition, but feel free to change that if I am wrong. Indeed. I have used TSM for many years but I have never noticed this issue because the upstream Debian packages are so much awful that I repackaged the software: https://github.com/rfc1036/tivsm-deb . -- ciao, Marco signature.asc Description: PGP signature
Bug#1043456: tecla: shows nothing and segfaults on keypress
On Sep 07, Jeremy Bícha wrote: > This popup window is Tecla. Does it work correctly? This way it does not crash anymore. Still, it should be fixed to either not crash or not start if it can only be called by gnome-control-center. (BTW, it does not react to left-alt, while it correctly reports pressing right-alt as Alt_R / Meta_R.) -- ciao, Marco signature.asc Description: PGP signature
Bug#1043456: tecla: shows nothing and segfaults on keypress
Control: reopen -1 Still broken. ||/ Name Version Architecture Description +++-==---==> ii tecla 45~rc-1 amd64keyboard layout viewer for the GNO> [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `tecla'. Program terminated with signal SIGSEGV, Segmentation fault. warning: Section `.reg-xstate/1963868' in core file too small. #0 tecla_model_get_keycode_key (model=0x0, keycode=24) at ../src/tecla-model.c:338 Download failed: Argomento non valido. Continuing without source file ./obj-x86_64-linux-gnu/../src/tecla-model.c. 338 ../src/tecla-model.c: File o directory non esistente. [Current thread is 1 (Thread 0x7effd81ee2c0 (LWP 1963868))] (gdb) where #0 tecla_model_get_keycode_key (model=0x0, keycode=24) at ../src/tecla-model.c:338 #1 0x55e0f78b72a8 in key_pressed_cb (controller=, keyval=, keycode=, modifiers=, view=0x55e0f84828c0 [TeclaView]) at ../src/tecla-view.c:343 #6 0x7effdb17a243 in (instance=instance@entry=0x55e0f8516490, signal_id=, detail=detail@entry=0) at ../../../gobject/gsignal.c:3675 #2 0x7effdb4bcb0b in _gtk_marshal_BOOLEAN__UINT_UINT_FLAGSv (closure=, return_value=0x7ffe1c328650, instance=, args=, marshal_data=, n_params=, param_types=0x55e0f85113c0) at gtk/gtkmarshalers.c:1748 #3 0x7effdb15f749 in _g_closure_invoke_va (closure=0x55e0f85663c0, return_value=0x7ffe1c328650, instance=0x55e0f8516490, args=0x7ffe1c328750, n_params=3, param_types=0x55e0f85113c0) at ../../../gobject/gclosure.c:895 #4 0x7effdb173913 in signal_emit_valist_unlocked (instance=instance@entry=0x55e0f8516490, signal_id=signal_id@entry=99, detail=detail@entry=0, var_args=var_args@entry=0x7ffe1c328750) at ../../../gobject/gsignal.c:3516 #5 0x7effdb17a186 in g_signal_emit_valist (instance=0x55e0f8516490, signal_id=99, detail=0, var_args=0x7ffe1c328750) --Type for more, q to quit, c to continue without paging--c at ../../../gobject/gsignal.c:3355 #7 0x7effdb53c0fd in gtk_event_controller_key_handle_event (controller=0x55e0f8516490 [GtkEventControllerKey], event=, x=, y=) at ../../../gtk/gtkeventcontrollerkey.c:121 #8 0x7effdb53b09a in gtk_event_controller_handle_event (controller=controller@entry=0x55e0f8516490 [GtkEventControllerKey], event=event@entry=0x55e0f8e5c7b0 [GdkKeyEvent], target=target@entry=0x55e0f84828c0 [TeclaView], x=x@entry=0, y=y@entry=0) at ../../../gtk/gtkeventcontroller.c:362 #9 0x7effdb67e55c in gtk_widget_run_controllers (widget=widget@entry=0x55e0f84828c0 [TeclaView], event=event@entry=0x55e0f8e5c7b0 [GdkKeyEvent], target=target@entry=0x55e0f84828c0 [TeclaView], x=0, y=0, phase=phase@entry=GTK_PHASE_BUBBLE) at ../../../gtk/gtkwidget.c:4581 #10 0x7effdb685db1 in gtk_widget_event (widget=widget@entry=0x55e0f84828c0 [TeclaView], event=event@entry=0x55e0f8e5c7b0 [GdkKeyEvent], target=target@entry=0x55e0f84828c0 [TeclaView]) at ../../../gtk/gtkwidget.c:4775 #11 0x7effdb5ac5de in gtk_propagate_event_internal (widget=widget@entry=0x55e0f84828c0 [TeclaView], event=event@entry=0x55e0f8e5c7b0 [GdkKeyEvent], topmost=) at ../../../gtk/gtkmain.c:1947 #12 0x7effdb5ac676 in gtk_propagate_event (widget=widget@entry=0x55e0f84828c0 [TeclaView], event=event@entry=0x55e0f8e5c7b0 [GdkKeyEvent]) at ../../../gtk/gtkmain.c:1997 #13 0x7effdb5acd03 in gtk_main_do_event (event=0x55e0f8e5c7b0 [GdkKeyEvent]) at ../../../gtk/gtkmain.c:1689 #14 0x7effdb6921f0 in surface_event (surface=surface@entry=0x55e0f858c730 [GdkX11Toplevel], event=, widget=) at ../../../gtk/gtkwindow.c:4830 #15 0x7effdb80a5ea in _gdk_marshal_BOOLEAN__POINTER (closure=closure@entry=0x55e0f82bb050, return_value=return_value@entry=0x7ffe1c328c90, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0x7ffe1c328d20, invocation_hint=invocation_hint@entry=0x7ffe1c328c70, marshal_data=marshal_data@entry=0x0) at gdk/gdkmarshalers.c:258 #21 0x7effdb17a243 in (instance=instance@entry=0x55e0f858c730, signal_id=, detail=detail@entry=0) at ../../../gobject/gsignal.c:3675 #16 0x7effdb87f5f3 in gdk_surface_event_marshaller (closure=0x55e0f82bb050, return_value=0x7ffe1c328c90, n_param_values=2, param_values=0x7ffe1c328d20, invocation_hint=0x7ffe1c328c70, marshal_data=0x0) at ../../../gdk/gdksurface.c:433 #17 0x7effdb15f540 in g_closure_invoke (closure=0x55e0f82bb050, return_value=0x7ffe1c328c90, n_param_values=2, param_values=0x7ffe1c328d20, invocation_hint=0x7ffe1c328c70) at ../../../gobject/gclosure.c:832 #18 0x7effdb172afc in signal_emit_unlocked_R (node=node@entry=0x7ffe1c328df0, detail=detail@entry=0, instance=instance@entry=0x55e0f858c730, emission_return=emis
Bug#1051119: NM reports fake Wi-Fi BSSIDs
Package: network-manager Version: 1.44.0-1 Severity: important "nmcli device wifi list" reports obviously fake BSSIDs for all networks to which I have not connected to: IN-USE BSSID SSIDMODE CHAN RATE SIGNAL > B4:4B:D6:..:..:.. (omitted) Infra 2 65 Mbit/s 87 > 00:01:02:00:03:90 (omitted) Infra 2 65 Mbit/s 77 > 00:01:02:00:03:91 WOW FI - FASTWEBInfra 2 65 Mbit/s 77 > 00:01:02:00:03:FD (omitted) Infra 2 65 Mbit/s 75 > * B4:4B:D6:..:..:.. (omitted) Infra 3665 Mbit/s 59 > 00:01:02:00:03:B3 (omitted) 461 Infra 2 65 Mbit/s 57 > 00:01:02:00:03:8E FRITZ!Box 7530 WB Infra 2 65 Mbit/s 55 > 82:8F:34:..:..:.. Vodafone-WiFi Infra 3 65 Mbit/s 54 > 00:01:02:00:03:93 TIM-29740309Infra 2 65 Mbit/s 35 > 00:01:02:00:03:96 (omitted) 045 Infra 2 65 Mbit/s 30 > 00:01:02:00:04:AE Sala da pranzo.v, Infra 2 65 Mbit/s 27 > 00:01:02:00:04:71 (omitted) Infra 2 65 Mbit/s 25 > 00:01:02:00:04:BC (omitted) Infra 2 65 Mbit/s 25 > 00:01:02:00:04:A1 (omitted) Infra 2 65 Mbit/s 20 > (The real BSSIDs and the non-generic SSIDs have been elided for paranoia reasons.) This breaks the Mozilla Location Services API (used, among others, by Firefox and Geoclue), which once it sees at least two of these 00:01:02:00:03:* BSSIDs it will happily geolocate me either in Vietnam or (less frequently) in Germany. I do not believe this to be a kernel issue because "iwlist scanning" properly reports the BSSIDs of all networks. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.4.0-2-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages network-manager depends on: ii adduser 3.137 ii dbus [default-dbus-system-bus] 1.14.10-1 ii dbus-broker [dbus-system-bus] 33-1 ii libaudit1 1:3.1.1-1 ii libbluetooth3 5.69-1 ii libc6 2.37-7 ii libcurl3-gnutls 8.2.1-2 ii libglib2.0-02.77.2-1 ii libgnutls30 3.8.1-4 ii libjansson4 2.14-2 ii libmm-glib0 1.20.6-2 ii libndp0 1.8-1 ii libnewt0.52 0.52.23-1+b1 ii libnm0 1.44.0-1 ii libpsl5 0.21.2-1 ii libreadline88.2-1.3 ii libselinux1 3.5-1 ii libsystemd0 254.1-3 ii libteamdctl01.31-1 ii libudev1254.1-3 ii policykit-1 123-1 ii polkitd 123-1 ii udev254.1-3 Versions of packages network-manager recommends: ii dnsmasq-base [dnsmasq-base] 2.89-1 ii libpam-systemd 254.1-3 pn modemmanager ii ppp 2.4.9-1+1.1+b1 ii wireless-regdb 2022.06.06-1 ii wpasupplicant2:2.10-15 Versions of packages network-manager suggests: ii iptables 1.8.9-2 pn libteam-utils Versions of packages network-manager is related to: ii isc-dhcp-client 4.4.3-P1-2 -- Configuration Files: /etc/NetworkManager/NetworkManager.conf changed [not included] /etc/NetworkManager/dispatcher.d/01-ifupdown changed [not included] -- no debconf information -- ciao, Marco signature.asc Description: PGP signature
Bug#1050681: bookworm-pu: package inn2/2.7.1-1~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: i...@packages.debian.org Control: affects -1 + src:inn2 This stable upload contains two patches backported from the upstream repository on request of the upstream maintainer. The patches are also part of the package which is currently in testing. One patch fixes hangs in nnrpd, while the other allows the package to process the high-precision syslog timestamps format which is currently the default for Debian. The package also contains a minor security fix which changes the default permissions of two configuration files which contain secrets, which has already been added to the next unstable upload. For a better view of the changes please see https://salsa.debian.org/md/inn2/-/commits/bookworm . -- ciao, Marco diff -Nru inn2-2.7.1/debian/changelog inn2-2.7.1/debian/changelog --- inn2-2.7.1/debian/changelog 2023-05-01 19:25:42.0 +0200 +++ inn2-2.7.1/debian/changelog 2023-08-28 02:04:59.0 +0200 @@ -1,3 +1,13 @@ +inn2 (2.7.1-1~deb12u1) bookworm; urgency=medium + + * Added patch backport_a1f2e9323: this upstream commit fixes nnrpd hangs +when compression is enabled. + * Added patch backport_f7d111aad: this upstream commit adds support for +high-precision syslog timestamps which now are the default in Debian. + * Made inn-{radius,secrets}.conf not world readable. + + -- Marco d'Itri Mon, 28 Aug 2023 02:04:59 +0200 + inn2 (2.7.1-1) unstable; urgency=medium * New upstream release. diff -Nru inn2-2.7.1/debian/patches/backport_a1f2e9323 inn2-2.7.1/debian/patches/backport_a1f2e9323 --- inn2-2.7.1/debian/patches/backport_a1f2e9323 1970-01-01 01:00:00.0 +0100 +++ inn2-2.7.1/debian/patches/backport_a1f2e9323 2023-08-28 02:04:59.0 +0200 @@ -0,0 +1,154 @@ +From: Enrik Berkhan +Subject: nnrpd: avoid hang due to misplaced select() +Origin: upstream, commit:a1f2e932338a17eb4111243f29fcade52d39e0a7 + +The select() call in nnrpd's input data processing is moved right +before the related read() call to avoid blocking when it shouldn't. + +Without this change, there could still remain data to be inflated, that +has already been read, if compression had been activated. The select() +can then time out because the client might already have sent all data +before, and the yet to be inflated data will not be used until after +the timeout. + +Resolves: #269 + +diff --git a/nnrpd/line.c b/nnrpd/line.c +index fc68b15dd..6c048720c 100644 +--- a/nnrpd/line.c b/nnrpd/line.c +@@ -79,12 +79,11 @@ line_reset(struct line *line) + } + + /* +-** Timeout is used only if HAVE_OPENSSL is defined. + ** Returns -2 on timeout, -1 on read error, and otherwise the number of + ** bytes read. + */ + static ssize_t +-line_doread(void *p, size_t len, int timeout UNUSED) ++line_doread(void *p, size_t len, int timeout) + { + ssize_t n; + +@@ -122,6 +121,22 @@ line_doread(void *p, size_t len, int timeout UNUSED) + } + #endif /* HAVE_ZLIB */ + ++/* It seems that the SSL_read cannot be mixed with select() ++ * as in the current code. TLS communicates in its own data ++ * blocks and handshaking. The line_doread using SSL_read ++ * could return, but still with a partial line in the SSL_read ++ * buffer. Then the server TLS routine would sit there waiting ++ * for completion of that data block while nnrpd sat at the ++ * select() routine waiting for more data from the server. ++ * ++ * Here, we decide to just bypass the select() wait. Unlike ++ * innd with multiple threads, the select on nnrpd is just ++ * waiting on a single file descriptor, so it is not really ++ * essential with blocked read like SSL_read. Using an alarm ++ * signal around SSL_read for non active timeout, TLS works ++ * without dead locks. However, without the select() wait, ++ * the IDLE timer stat won't be collected... ++ */ + #ifdef HAVE_OPENSSL + if (tls_conn) { + int err; +@@ -152,9 +167,38 @@ line_doread(void *p, size_t len, int timeout UNUSED) + xsignal(SIGALRM, SIG_DFL); + } else + #endif /* HAVE_OPENSSL */ ++{ ++fd_set rmask; ++int i; ++ ++/* Wait for activity on stdin, updating timer stats as we go. */ ++do { ++struct timeval t; ++ ++FD_ZERO(&rmask); ++FD_SET(STDIN_FILENO, &rmask); ++t.tv_sec = timeout; ++t.tv_usec = 0; ++TMRstart(TMR_IDLE); ++i = select(STDIN_FILENO + 1, &rmask, NULL, NULL, &t); ++TMRstop(TMR_IDLE); ++if (i == -1 && errno != EINTR) { ++syswarn("%s can't select", Client.host); ++
Bug#1050586: kmod: Updating to kmod to 30+20230601-1 results in a non booting system modules cannot be decompressed
Control: retitle -1 kmod does not work with XZ in-kernel module decompression On Aug 27, Jon Westgate wrote: > Note that I already had "Support in-kernel module decompression" selected > when the compression method was XZ. > > Would you like me to try without it? No need to: we know that everything works fine without in-kernel decompression, because this is how the Debian kernel is configured. -- ciao, Marco signature.asc Description: PGP signature
Bug#1041552: HFS/HFS+ are insecure
On Aug 27, Diederik de Haas wrote: > While I agree that "orphan" does mean that it is NOT actively maintained, > AFAICT the situation is a bit more blurry for "odd fixes". All these file systems are either rare enough and/or not used on removable media, so I do not believe that it is unreasonable to ask the few users that want them to be mounted automatically to disable this policy with a symlink like ln -s /dev/null /etc/udev/rules.d/75-insecure-fs.rules . > Previously not knowing about that status, I looked up the commits where the > status was set to "odd fixes" and found that for some the reason was that the > maintainer didn't have the hardware to test it themselves. > I do not think that's the same as 'unmaintained'. It means that they are not tested enough... > I'm not sure if it would actually result in unbootable systems, but I do think > a bit more care should be taken before blacklisting modules. Did you actually read the thread? No modules are being blacklisted, the plan is just to stop udisks2 from automatically mounting such removable media. I am quite sure that routers file systems are not mounted with udisks2. -- ciao, Marco signature.asc Description: PGP signature
Bug#1050586: kmod: Updating to kmod to 30+20230601-1 results in a non booting system modules cannot be decompressed
On Aug 26, Jon Westgate <0...@fsck.tv> wrote: > The error message it gave was "decompresson failed with status 6" Status 6 is XZ_OPTIONS_ERROR, which means "Input was encoded with settings that are not supported by this XZ decoder". So it looks like you have compressed the modules (how?) with XZ settings which are supported by the userspace loader but not by the kernel one. -- ciao, Marco signature.asc Description: PGP signature
Bug#1041552: HFS/HFS+ are insecure
Control: reassign -1 udisks2 Control: retitle -1 do not mount automatically unmaintained file systems On Jul 20, md wrote: > You are totally correct. > Kernel team, please blacklist HFS/HFS+ for automounting. As discussed on debian-devel@, this policy should not be handled by the kernel because modules autoloading of file systems drivers should not be disabled. So I propose this content for a file like /usr/lib/udev/rules.d/75-insecure-fs.rules: # Do not automatically mount these file systems because their drivers are # marked as "orphan" or "odd fixes" in the kernel MAINTAINERS file and so # are more at risk of having security-sensitive defects which could be # exploited by a crafted file system. SUBSYSTEM!="block", GOTO="udisks_insecure_fs_end" ENV{ID_FS_TYPE}=="affs", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="ecryptfs", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="efs", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="hfs", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="hfsplus", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="jffs2", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="jfs", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="qnx6", ENV{UDISKS_AUTO}="0" ENV{ID_FS_TYPE}=="sysv", ENV{UDISKS_AUTO}="0" LABEL="udisks_insecure_fs_end" -- ciao, Marco signature.asc Description: PGP signature
Bug#1050586: kmod: Updating to kmod to 30+20230601-1 results in a non booting system modules cannot be decompressed
On Aug 26, Jon Westgate wrote: > Yes I am using compressed modules And are these modules compressed with xz or something else? This new code was introduced in the latest snapshot, and apparently it fails when used with kernels with compressed modules support enabled (which so far is not the default for Debian kenrels). -- ciao, Marco signature.asc Description: PGP signature
Bug#1050582: kmod update corrupts systemd uefi boot
On Aug 26, antonio wrote: > Kernel: Linux 6.4.12-1-liquorix-amd64 (SMP w/24 CPU threads; PREEMPT) I see that you are using a custom kernel. What is the status of the CONFIG_MODULE_COMPRESS_* kernel configuration options? -- ciao, Marco signature.asc Description: PGP signature
Bug#1050586: kmod: Updating to kmod to 30+20230601-1 results in a non booting system modules cannot be decompressed
On Aug 26, Jon Westgate <0...@fsck.tv> wrote: > Kernel: Linux 6.4.11 (SMP w/12 CPU threads; PREEMPT) I see that you are using a custom kernel. What is the status of the CONFIG_MODULE_COMPRESS_* kernel configuration options? -- ciao, Marco signature.asc Description: PGP signature