Bug#1070983: supertuxkart: symbol lookup error: undefined symbol
Hi Bernd, thanks for your report. This looks like #1029939 (https://bugs.debian.org/1029939) in shaderc. supertuxkart 1.4+dfsg-4, which uses the shaderc package instead of a bundled copy, has migrated to testing before shaderc 2023.8-1, which fixes the linking problem. Can you please try upgrading shaderc to 2023.8-1 (from unstable)? Thanks and kind regards, Reiner signature.asc Description: PGP signature
Bug#1057463: marked as pending in supertuxkart
Hi Vincent, On Fri, Apr 26, 2024 at 06:03:51AM -0700, Vincent Cheng wrote: > Hi Reiner, > > On Sat, Jan 6, 2024 at 1:03 PM Reiner Herrmann > wrote: > > > > Use system shaderc instead of embedded copy > > > > Closes: #1057463, #1031387 > > > > Just wanted to sanity check before uploading, is it ok for me to > upload what's currently in salsa to close out #1057463 (and #995771), > or are there other blockers / were you waiting on something else? > Either way, thanks for fixing these bugs in supertuxkart! at the time when I fixed it, there were still some strange linking errors. But I just did another test build and it was successful. The reason is probably the new version of shaderc (which mentions linking fixes in the changelog). So I don't see any blocker, please upload it. Thanks! Kind regards, Reiner
Bug#1063360: RM: ruby-ami -- RoQA; low popcon, no upstream activity, orphaned
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: ruby-...@packages.debian.org Control: affects -1 + src:ruby-ami Dear ftpmasters, recently ruby-ami has been orphaned [0]. It has no reverse (build) dependencies and a very low popcon. The only maintainer upload was in 2016. 2016 was also the last time there was an upstream commit. The previous maintainer is also okay with an RM [0]. Thanks and kind regards, Reiner [0] #1063021
Bug#1063021: O: ruby-ami -- Ruby client library for the Asterisk Management Interface
Hi Joost, > A not yet packaged new upstream is available, since 2016. Upstream has not > commited any code after 2016. > > ruby-ami has no reverse-depends in our archives, no package build-depends > upon ruby-ami. This sounds like it can also be removed instead of being orphaned? Kind regards, Reiner
Bug#1062814: ITP: pioneer -- space adventure game set in the Milky Way galaxy
Package: wnpp Severity: wishlist Owner: Reiner Herrmann X-Debbugs-Cc: debian-de...@lists.debian.org, debian-devel-ga...@lists.debian.org * Package name: pioneer Version : 20240203 * URL : https://pioneerspacesim.net/ * License : GPL-3 (code), CC-BY-SA-3.0 (data) Programming Lang: C/C++ Description : space adventure game set in the Milky Way galaxy > Pioneer is a space adventure game set in our galaxy at the > turn of the 31st century. > > The game is open-ended, and you are free to eke out whatever > kind of space-faring existence you can think of. Explore > and trade between millions of star systems. Turn to a > life of crime as a pirate, smuggler or bounty hunter. > Travel through the territories of various factions > fighting for power, freedom or self-determination. The > universe is whatever you make of it. I intend to maintain it in the Games team.
Bug#1059445: RM: cataclysm-dda [i386 armel armhf] -- ROM; 32 bit architectures no longer supported by upstream
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: cataclysm-...@packages.debian.org Control: affects -1 + src:cataclysm-dda Hi, please remove the i386 / armel / armhf builds of src:cataclysm-dda, as upstream is aware of issues with 32-bit architectures, but unable to support it [0]. Thanks! Kind regards, Reiner [0] https://github.com/CleverRaven/Cataclysm-DDA/issues/64504#issuecomment-1481920922
Bug#1055639: surf: flaky autopkgtest: Too few characters detected (0)
Hi Paul, On Thu, Nov 09, 2023 at 02:16:47PM +0100, Paul Gevers wrote: > I looked at the results of the autopkgtest of your package. I noticed that > it regularly fails (in this case because it's blocking migration of > src:autopkgtest), mostly on armhf and a bit on ppc64el and s390x. > > Because the unstable-to-testing migration software now blocks on > regressions in testing, flaky tests, i.e. tests that flip between > passing and failing without changes to the list of installed packages, > are causing people unrelated to your package to spend time on these > tests. The fails don't look regular to me. Most of the times they are passing. It's difficult to figure out why it sometimes doesn't draw anything on the weaker architectures (the screenshot that is used for OCR is blank). I'm going to mark the test as flaky now. > PS: why does it even use text from a different and very unrelated package? > If there's not enough text in it's own source, couldn't it use something > that's installed on all Debian systems, such that it doesn't need to be > installed additionally and trigger migration runs? The autopkgtest documentation is available in HTML and plaintext (rst) format. That's needed to compare the OCR'd HTML-text against. It was the first example I could find, and I thought as autopkgtest is installed on systems running the tests, I could use it. If you are aware of other packages that are installed by default that ship documentation in HTML and some plaintext, then I could switch to it in the test. Kind regards, Reiner
Bug#1057825: zabbix-server-mysql: configuration file is world-readable
Package: zabbix-server-mysql Version: 1:6.0.14+dfsg-1+b1 Severity: important Tags: security Dear maintainer, after installing zabbix-server-mysql, I noticed that the configuration file /etc/zabbix/zabbix_server.conf, where one is supposed to configure database credentials, is world-readable by default: > -rw-r--r-- 1 root root 25860 Dec 8 23:38 zabbix_server.conf I have now manually set the group to zabbix and the mode to 0640, which is still sufficient for zabbix to start up. Kind regards, Reiner
Bug#1054621: lutris: new dependencies
Control: forwarded -1 https://github.com/lutris/lutris/issues/5138 I have forwarded the issue upstream. I think they were accidentally added to Depends, as upstream is probably not that familiar with Debian packaging. According to policy's description of Depends and Recommends they would be better suited as Recommends. Kind regards, Reiner
Bug#1055185: vim-editorconfig: package still needed?
Source: vim-editorconfig Version: 0.3.3+dfsg-2.1 Dear maintainer, I noticed that the editorconfig vim plugin is meanwhile included by the upstream vim project and therefore already available when vim is installed: $ dpkg -L vim-runtime | grep editorconfig /usr/share/vim/vim90/pack/dist/opt/editorconfig ... Currently it is even available in version 1.1.1, while src:vim-editorconfig ships the outdated version 0.3.3 of the plugin. I think this package no longer provides any benefit. Maybe it should be RM'd? Thanks for considering and maintaining it so far! Kind regards, Reiner signature.asc Description: PGP signature
Bug#1054621: lutris: new dependencies
Source: lutris Version: 0.5.14-1 Dear maintainer, while upgrading lutris I noticed that it has some new dependencies, like fluidsynth and xdg-desktop-portal-*. They were added in the "release" commit [0], without explaining why they were added or documenting the change in the changelog. Did you add them accidentally? And are they real hard dependencies? The previous version of lutris was running fine without having them installed. Unless the new upstream version changed something that makes them mandatory, they should probably be declared as Recommends or even Suggests. Can you please consider loosening the dependency? Kind regards, Reiner [0]: https://salsa.debian.org/games-team/lutris/-/commit/013050e8c8def0f571d2e8a57670ef4f1425965d
Bug#1041248: keepassxc: Update to 2.7.5
Control: retitle -1 keepassxc: new upstream version Control: severity -1 wishlist Dear maintainer, meanwhile also 2.7.6 has been released, which introduces support for the NitroKey 3. It would be great if you could upload the new upstream release. Thanks! Kind regards, Reiner
Bug#1042347: cool-retro-term: FTBFS: make[2]: *** No rule to make target 'qml/fonts/1979-atari-400-800/AtariClassic-Regular.ttf', needed by 'qrc_resources.cpp'.
Control: tags -1 + patch
Dear maintainer,
attached is a patch that fixes the FTBFS in cool-retro-term.
The reason for the FTBFS is that fonts-atarismall now ships
an .otf file, instead of .ttf, so the file is no longer found
during build.
Kind regards,
Reiner
diff --git a/debian/clean b/debian/clean
index ed69580..aa7c397 100644
--- a/debian/clean
+++ b/debian/clean
@@ -14,3 +14,4 @@ qmltermwidget/*.o
qmltermwidget/moc*.cpp
app/Makefile
app/qml/fonts/1971-ibm-3278/3270-Regular.ttf
+app/qml/fonts/1979-atari-400-800/AtariClassic-Regular.otf
diff --git a/debian/control b/debian/control
index bc00ca5..c6be944 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper-compat (= 13), qmlscene,
qml-module-qtquick-localstorage, qml-module-qtquick-window2,
qtchooser, qtquickcontrols2-5-dev,
fonts-inconsolata, fonts-3270, qml-module-termwidget, fonts-agave,
- fonts-sixtyfour, fonts-pc, fonts-pc-extra, fonts-amiga, fonts-atarismall
+ fonts-sixtyfour, fonts-pc, fonts-pc-extra, fonts-amiga, fonts-atarismall (>= 2.3-1)
Vcs-Browser: https://salsa.debian.org/tar/cool-retro-term
Vcs-Git: https://salsa.debian.org/tar/cool-retro-term.git
Homepage: https://github.com/Swordfish90/cool-retro-term
diff --git a/debian/patches/atari-small.patch b/debian/patches/atari-small.patch
new file mode 100644
index 000..b3625e2
--- /dev/null
+++ b/debian/patches/atari-small.patch
@@ -0,0 +1,44 @@
+--- a/app/qml/FontPixels.qml
b/app/qml/FontPixels.qml
+@@ -88,7 +88,7 @@
+ ListElement {
+ name: "ATARI_400"
+ text: "Atari 400-800 (1979)"
+-source: "fonts/1979-atari-400-800/AtariClassic-Regular.ttf"
++source: "fonts/1979-atari-400-800/AtariClassic-Regular.otf"
+ lineSpacing: 3
+ pixelSize: 8
+ baseScaling: 3.5
+--- a/app/qml/FontScanlines.qml
b/app/qml/FontScanlines.qml
+@@ -88,7 +88,7 @@
+ ListElement {
+ name: "ATARI_400"
+ text: "Atari 400-800 (1979)"
+-source: "fonts/1979-atari-400-800/AtariClassic-Regular.ttf"
++source: "fonts/1979-atari-400-800/AtariClassic-Regular.otf"
+ lineSpacing: 3
+ pixelSize: 8
+ baseScaling: 3.5
+--- a/app/qml/Fonts.qml
b/app/qml/Fonts.qml
+@@ -121,7 +121,7 @@
+ ListElement {
+ name: "ATARI_400_SCALED"
+ text: "Atari 400-800 (1979)"
+-source: "fonts/1979-atari-400-800/AtariClassic-Regular.ttf"
++source: "fonts/1979-atari-400-800/AtariClassic-Regular.otf"
+ lineSpacing: 3
+ pixelSize: 8
+ baseScaling: 3.5
+--- a/app/qml/resources.qrc
b/app/qml/resources.qrc
+@@ -33,7 +33,7 @@
+ fonts/modern-fixedsys-excelsior/FSEX301-L2.ttf
+ ../icons/32x32/cool-retro-term.png
+ Components/SizedLabel.qml
+-fonts/1979-atari-400-800/AtariClassic-Regular.ttf
++fonts/1979-atari-400-800/AtariClassic-Regular.otf
+ fonts/1982-commodore64/C64_Pro_Mono-STYLE.ttf
+ fonts/1981-ibm-pc/PxPlus_IBM_BIOS.ttf
+ fonts/1985-ibm-pc-vga/PxPlus_IBM_VGA8.ttf
diff --git a/debian/patches/series b/debian/patches/series
index 6628c05..b5a80a6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
+atari-small.patch
qmltermwidget-is-external
diff --git a/debian/rules b/debian/rules
index ab32425..ba9ffd7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,6 +14,7 @@ export QT_SELECT=qt5
override_dh_auto_configure:
ln -s /usr/share/fonts/truetype/3270/3270-Regular.ttf app/qml/fonts/1971-ibm-3278/3270-Regular.ttf
+ ln -s /usr/share/fonts/truetype/fonts-atarismall/AtariSmall.otf app/qml/fonts/1979-atari-400-800/AtariClassic-Regular.otf
dh_auto_configure
override_dh_missing:
signature.asc
Description: PGP signature
Bug#990913: ausweisapp2: creates config in '~/.config/Unknown Organization'
Hi, I just used it for the first time (version 1.26.6-1), and it still created ~/.config/Unknown Organization/. Kind regards, Reiner signature.asc Description: PGP signature
Bug#1040944: ITP: cdogs-sdl -- classic overhead run-and-gun game
Package: wnpp
Severity: wishlist
Owner: Reiner Herrmann
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: cdogs-sdl
Version : 1.4.2
Upstream Contact: Cong Xu
* URL : https://cxong.github.io/cdogs-sdl/
* License : GPL-2+/BSD-2-Clause (code), CC0-1.0/CC-BY-{3,4}.0 (data)
Programming Lang: C
Description : classic overhead run-and-gun game
> C-Dogs SDL is an overhead shoot-em-up which lets players work alone and
> cooperatively during missions or fight against each other in the
> "dogfight" deathmatch mode.
>
> Customize your player, choose from many weapons, and blast, slide and
> slash your way through over 100 user-created campaigns.
I intend to maintain it in the Games team.
Bug#1040487: libnanopb-dev: please include FindNanopb.cmake
Package: libnanopb-dev Version: 0.4.7-2 Severity: wishlist Dear maintainer, the upstream source of nanopb contains the file extra/FindNanopb.cmake, but it is not installed in the -dev package. The file contains some useful functions to use nanopb via cmake, and is needed by something I'm trying to package. Can you please include it? Thanks and kind regards, Reiner
Bug#1040061: git-buildpackage: clone --all creates origin branch
Package: git-buildpackage Version: 0.9.31 Hi, I sometimes use the salsa tool from devscripts to clone repositories from salsa. It uses "gbp clone --all" to do that. I noticed that I have branches named "origin" that were created by gbp (they don't exist in the remote repository). For example: $ gbp clone --all -v https://salsa.debian.org/reiner/deheader gbp:debug: ['git', 'rev-parse', '--show-cdup'] gbp:info: Cloning from 'https://salsa.debian.org/reiner/deheader' gbp:debug: ['git', 'clone', '--quiet', 'https://salsa.debian.org/reiner/deheader'] gbp:debug: ['git', 'rev-parse', '--show-cdup'] gbp:debug: ['git', 'rev-parse', '--is-bare-repository'] gbp:debug: ['git', 'rev-parse', '--git-dir'] gbp:debug: ['git', 'rev-parse', '--show-cdup'] gbp:debug: ['git', 'rev-parse', '--is-bare-repository'] gbp:debug: ['git', 'rev-parse', '--git-dir'] gbp:debug: ['git', 'for-each-ref', '--format=%(refname:short)', 'refs/remotes/'] gbp:debug: ['git', 'show-ref', '--verify', 'refs/heads/origin'] gbp:debug: ['git', 'branch', 'origin', 'origin'] gbp:debug: ['git', 'show-ref', '--verify', 'refs/heads/master'] gbp:debug: ['git', 'show-ref', '--verify', 'refs/heads/pristine-tar'] gbp:debug: ['git', 'branch', 'pristine-tar', 'origin/pristine-tar'] gbp:debug: ['git', 'show-ref', '--verify', 'refs/heads/upstream'] gbp:debug: ['git', 'branch', 'upstream', 'origin/upstream'] gbp:debug: ['git', 'show-ref', '--verify', 'refs/remotes/master'] gbp:debug: ['git', 'ls-tree', '-z', '-r', '-l', 'HEAD', '--'] $ cd deheader/ $ git branch * master origin pristine-tar upstream $ git for-each-ref '--format=%(refname:short)' 'refs/remotes/' origin/HEAD origin/master origin/pristine-tar origin/upstream Kind regards, Reiner signature.asc Description: PGP signature
Bug#986582: nethack-x11: Missing symlink /usr/games/nethack-x11 -> /usr/lib/games/nethack/nethack-x11.sh
Hi Tobi, there is actually a symlink to nethack-x11.sh, it's just called xnethack (and not nethack-x11). xnethack is also used in the .desktop file to start the game. I think there are historical reasons why it's called that way. Do you think an additional symlink (and .desktop file) would make sense? Or should we just keep xnethack? Kind regards, Reiner signature.asc Description: PGP signature
Bug#1038393: supertux: improve d/watch file
Hi Patrick, thank you for the watch file improvement. With your change the auto-generated tarball from Github is getting downloaded, not the official release tarball (e.g. SuperTux-v0.6.3-Source.tar.gz), which also contains the git submodules (some of them are needed in the build). Can you please try to change it so that the official tarball can be downloaded? Thanks! Kind regards, Reiner signature.asc Description: PGP signature
Bug#1034591: firejail-profiles: SuperTuxKart cannot cope with existing supertuxkart savefile
Hi Rishi, On Tue, Apr 18, 2023 at 06:26:24PM -0700, Rishi Cutchin wrote: > Attempting to run 'supertuxkart' with an existing savefile will lead to > the game not launching, with errors related to the rendering engine, creating > a new user and launching supertuxkart > does allow it to start, not sure how I would go about working around > this as it appears that supertuxkart has access to everything it should > need. thanks for the report. I can't reproduce that right now. I already have a saved supertuxkart (1.4) game, and run it with firejail: $ firejail supertuxkart It launches fine. Can you please send the output of the command on the terminal? Kind regards, Reiner
Bug#1015817: firejail: Calibre doesn't start Evince
Hi John,
On Sun, Jan 08, 2023 at 09:28:25PM +0300, John Wick wrote:
> It works well with 0.9.64.4-1~bpo10+1.
>
> Yet Evince always opens a pdf book at page 1 while normally it opens where
> you have stopped reading it.
>
> From
> https://superuser.com/questions/1724959/evince-in-wsl2-doesnt-remember-last-visited-page:
> 'You are absolutely right that Evince uses GVfs (the Gnome Virtual File
> System) to store its bookmarks.'
thanks for the link. After installing gvfs my evince is now also
remembering the last page.
And I also saw that it was not working in a firejailed calibre.
I figured out that the following lines added to
/etc/firejail/calibre.local will allow evince started from firejailed
calibre to remember the page:
> noblacklist ${HOME}/.local/share/gvfs-metadata
> ignore private-tmp
You can try adding it to your calibre.local as well.
I'm not sure if this should get submitted upstream, as not every
calibre user is using evince as a PDF viewer, or wants to grant it
access to gvfs (which can also contain sensitive data of other
applications).
Kind regards,
Reiner
Bug#1016015: firejail: The --read-write option fails to enable file mods to persist after the sandbox is gone
Control: severity -1 normal
Control: tags -1 + unreproducible
Hi,
On Mon, Jul 25, 2022 at 12:31:56PM +0200, anonymous coward wrote:
> The command tootle was first executed outside firejail to establish a
> working config file. This was motivated to work around bug
> 1015816. After tootle proved to function outside of firejail, it was
> relaunched within firejail as follows:
>
> $ firejail --net=vnet0 --dns="$(ip address show dev vnet0 | awk
> '/inet\>/{gsub(/[/].*/,""); print $2 }')"\
> --env=XDG_CONFIG_HOME="$HOME"/my_config_files\
> --whitelist="$(readlink
> $HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
> --noblacklist="$(readlink
> $HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
> --read-write="$(readlink
> $HOME/.config)"com.github.bleakgrey.tootle/accounts.json\
> tootle
>
> $HOME/.config is a symblic link to "$HOME"/my_config_files, and the
> above configuration is crafted to ensure that firejail receives no
> references to a symbolic file or directory.
>
> Tootle was able to read the config file and make use of it within
> firejail. Tootle was also able to update the config file during that
> session, proven by its ability to add new accounts and interact with
> them. But when the session ended, the config file updates were not
> persistent and new accounts were lost.
I just tried to reproduce it with firejail from bullseye (0.9.64.4), but
could not reproduce your problem.
I used a bit simplified approach:
> (outside) $ mkdir -p my_config_files/com.github.bleakgrey.tootle
> (outside) $ echo "from outside" >
> my_config_files/com.github.bleakgrey.tootle/accounts.json
> (outside) $ firejail
> --whitelist="/home/reiner/my_config_files/com.github.bleakgrey.tootle/accounts.json"
>
> --noblacklist="/home/reiner/my_config_files/com.github.bleakgrey.tootle/accounts.json"
>
> --read-write="/home/reiner/my_config_files/com.github.bleakgrey.tootle/accounts.json"
> ...
> (inside) $ cat my_config_files/com.github.bleakgrey.tootle/accounts.json
> from outside
> (inside) $ echo "from inside" >>
> my_config_files/com.github.bleakgrey.tootle/accounts.json
> (inside) $ cat my_config_files/com.github.bleakgrey.tootle/accounts.json
> from outside
> from inside
> (inside) $ exit
>
> Parent is shutting down, bye...
> (outside) $ cat my_config_files/com.github.bleakgrey.tootle/accounts.json
> from outside
> from inside
> (outside) $
As you can see, firejail does not prevent something inside the jail from
modifying the file, and the modifications persist after the jail is
closed.
I think something else is happening on your system. Were you using the
--private= option by chance, which creates a temporary home directory?
Please provide an example that is easier to reproduce and debug.
Kind regards,
Reiner
Bug#1015817: firejail: Calibre doesn't start Evince
Control: severity -1 normal Control: tags -1 unreproducible Hi John, On Thu, Jul 21, 2022 at 09:43:13PM +0300, John wrote: > When trying to read a pdf book from Calibre, Calibre doesn't open it. > > My terminal shows this: > evince: util.c:927: create_empty_file_as_root: Assertion `s.st_uid == 0' > failed. > > When run /usr/bin/calibre as have been written at > https://github.com/netblue30/firejail/issues/5222 it opens it. I just tried to reproduce your problem, but for me running calibre with evince as PDF viewer is working fine. Can you please try to run a newer firejail version? E.g. 0.9.64.4-1~bpo10+1 from the oldstable backports, or if you are meanwhile running stable 0.9.70-2~bpo11+1 from the stable backports? > Also Evince doesn't save metadata - the last read page as an example. I think Evince doesn't support this in general. Also when running Evince without Calibre and outside of firejail, it does not save the last page. Or am I missing some setting to turn that on? Kind regards, Reiner
Bug#1028138: arandr: no longer starts: module 'inspect' has no attribute 'getargspec'
Package: arandr Version: 0.1.10-1.1 Severity: serious Dear maintainer, since I updated some Python packages recently, arandr is no longer starting: > $ arandr > Traceback (most recent call last): > File "/usr/bin/arandr", line 41, in > from screenlayout.gui import main > File "/usr/lib/python3/dist-packages/screenlayout/gui.py", line 76, in > > class Application: > File "/usr/lib/python3/dist-packages/screenlayout/gui.py", line 185, in > Application > @actioncallback > ^^ > File "/usr/lib/python3/dist-packages/screenlayout/gui.py", line 48, in > actioncallback > argnames = inspect.getargspec(function)[0] >^^ > AttributeError: module 'inspect' has no attribute 'getargspec'. Did you mean: > 'getargs'? Kind regards, Reiner
Bug#1027999: xscreensaver: xscreensaver-systemd does not start: "inhibit sleep failed: Permission denied"
Package: xscreensaver Version: 6.02+dfsg1-2 Hi, I enabled the xscreensaver user service, but noticed that it fails to start xscreensaver-systemd. In the log I could only find: Jan 05 19:22:58 hostname xscreensaver[4360]: xscreensaver-systemd: 19:22:58: inhibit sleep failed: Permission denied Jan 05 19:22:58 hostname xscreensaver[4354]: xscreensaver: 19:22:58: pid 4360: xscreensaver-systemd exited unexpectedly with status 1 Figuring out what was going wrong was a bit difficult. strace didn't really reveal anything that had been denied. dbus-monitor also didn't contain anything obvious. After some time I found out that I need to install polkitd for it to work properly. After installing it, it automagically worked, my user now has permissions to start xscreensaver-systemd. Maybe you can add polkitd to Suggests, or document somewhere that it is needed for xscreensaver-systemd. Kind regards, Reiner
Bug#1026928: wget: “Cannot write to ‘myfile.mp3’ (Permission denied).” when using the default profile.
Hi, On Fri, Dec 23, 2022 at 11:01:20PM -0500, debbug.firej...@sideload.33mail.com wrote: > There is no problem if the --noprofile option is given. But if > firejail is allowed to use the default profile > (/etc/firejail/wget.profile), fetched files cannot be written to the > local directory. [...] > Cannot write to ‘myfile.mp3’ (Permission denied). I can't reproduce it yet. What do you mean with "local directory"? Your home directory? Is there anything special about this directory? Please provide full output when running firejail with --debug. Kind regards, Reiner
Bug#1025386: firejail: cannot use gdb with --allow-debuggers --profile=firefox
On Thu, Dec 22, 2022 at 08:41:26PM +0100, Vincent Lefevre wrote: > On 2022-12-22 19:27:37 +0100, Reiner Herrmann wrote: > > You can install gdb-minimal. It does not have Python-support and works > > with your original "firejail --allow-debuggers --profile=firefox gdb" > > command line. > > But it is not co-installable with gdb. This is silly! > > gdb-minimal apparently doesn't have source highlighting, > so I would need both. Or there should be a 3rd package > gdb-nopython. Please consider opening a bug against the gdb package then. I think there is nothing I could change in firejail. Regards, Reiner
Bug#1025386: firejail: cannot use gdb with --allow-debuggers --profile=firefox
On Thu, Dec 22, 2022 at 07:20:07PM +0100, Vincent Lefevre wrote: > Hi Reiner, > > On 2022-12-10 18:48:39 +0100, Reiner Herrmann wrote: > > Debugging tools that have dependencies (like in your example gdb -> python3) > > need to be handled additionally (either by asking gdb to not use the > > python3 extensions, or by adding parameters that whitelist it). > > > > With the following command line I was able to get a gdb shell: > > > $ firejail --allow-debuggers --include=/etc/firejail/allow-python3.inc > > > --profile=firefox gdb > > > [...] > > > (gdb) > > However, this is not a good solution from a security point of view. > There's a difference between allowing Python completely and just > embedding in some given application. This was just a suggestion to show that it is possible to run gdb. If the permissions are too broad for you, you can create your own include that is more narrow and only allows what is needed by gdb. > This could also be an issue in gdb. There should be a way to disable > Python, or have Python automatically disabled when not available. You can install gdb-minimal. It does not have Python-support and works with your original "firejail --allow-debuggers --profile=firefox gdb" command line. Kind regards, Reiner
Bug#1025386: firejail: cannot use gdb with --allow-debuggers --profile=firefox
Hi Vincent, On Sat, Dec 03, 2022 at 07:59:43PM +0100, Vincent Lefevre wrote: > zira:~> firejail --allow-debuggers --profile=firefox gdb [...] > Could not find platform independent libraries > Could not find platform dependent libraries > Consider setting $PYTHONHOME to [:] > Python path configuration: > PYTHONHOME = (not set) > PYTHONPATH = (not set) > program name = '/usr/bin/python' > isolated = 0 > environment = 1 > user site = 1 > import site = 1 > sys._base_executable = '/usr/bin/python' > sys.base_prefix = '/usr' > sys.base_exec_prefix = '/usr' > sys.platlibdir = 'lib' > sys.executable = '/usr/bin/python' > sys.prefix = '/usr' > sys.exec_prefix = '/usr' > sys.path = [ > '/usr/lib/python310.zip', > '/usr/lib/python3.10', > '/usr/lib/lib-dynload', > ] > Fatal Python error: init_fs_encoding: failed to get the Python codec of the > filesystem encoding > Python runtime state: core initialized > ModuleNotFoundError: No module named 'encodings' > > Current thread 0x7f32e84a9640 (most recent call first): > According to the firejail manpage, --allow-debuggers only takes care of allowing system calls commonly used by debugging tools (e.g. ptrace). It it not a parameter to broadly allow any debugger including their dependency chains. Debugging tools that have dependencies (like in your example gdb -> python3) need to be handled additionally (either by asking gdb to not use the python3 extensions, or by adding parameters that whitelist it). With the following command line I was able to get a gdb shell: > $ firejail --allow-debuggers --include=/etc/firejail/allow-python3.inc > --profile=firefox gdb > [...] > (gdb) Kind regards, Reiner
Bug#997184: ncurses-hexedit: FTBFS: init.c:390:10: error: format not a string literal and no format arguments [-Werror=format-security]
user debian-rele...@lists.debian.org
usertags 997184 + bsp-2022-10-de-karlsruhe
tags 997184 + patch
thank you
Hi,
the attached patch fixes the build errors caused by the new
GCC version.
Kind regards,
Reiner
From 8525b3f41ef3acf2130167cc0072c38452253cc0 Mon Sep 17 00:00:00 2001
From: Reiner Herrmann
Date: Sun, 16 Oct 2022 19:32:38 +0200
Subject: [PATCH] Fix FTBFS with GCC 12
Closes: #997184
---
debian/patches/gcc12.patch | 246 +
debian/patches/series | 1 +
2 files changed, 247 insertions(+)
create mode 100644 debian/patches/gcc12.patch
diff --git a/debian/patches/gcc12.patch b/debian/patches/gcc12.patch
new file mode 100644
index 000..540c788
--- /dev/null
+++ b/debian/patches/gcc12.patch
@@ -0,0 +1,246 @@
+Author: Reiner Herrmann
+Bug-Debian: https://bugs.debian.org/997184
+Description: Fix FTBFS with GCC 12
+ - make sure global variables are declared in only one place
+ to fix "multiple definition" linking errors
+ - use fixed format string to prevent format string vulnerabilities
+
+--- a/src/hexedit.h
b/src/hexedit.h
+@@ -343,7 +343,7 @@
+
+
+/* Global structure, keep most global variables here. */
+-struct
++struct Global
+ {
+WINDOW *wmain, *wstatus, *whelp; /* three windows used throughout. */
+unsigned long filesize; /* size of the file buffer. */
+@@ -365,7 +365,7 @@
+ /* buf end. */
+int beeping; /* Allow beeping or not. */
+int help_msg_count; /* Number of messages in help menu. */
+-} Globals;
++};
+
+
+ struct foundit
+@@ -400,7 +400,7 @@
+int s;
+struct Change *base;
+struct Change *top;
+-} UndoStack;
++};
+
+
+ struct FileNames
+--- a/src/init.c
b/src/init.c
+@@ -35,6 +35,9 @@
+
+ extern char **environ;
+
++struct Global Globals;
++extern struct ChangeLog UndoStack;
++
+
+/* This is called once at the start of the program. Handles HEXEDIT
+ * Environment variable, command line arguments, sets up signal
+@@ -385,7 +388,7 @@
+ box (wpopup, 0, 0);
+ wmove (wpopup, 1, (FILE_ERR_WIDTH / 2)
+ - (strlen (msg) / 2));
+- wprintw (wpopup, (char *) msg);
++ wprintw (wpopup, "%s", (char *) msg);
+ wmove (wpopup, FILE_ERR_HEIGHT - 3, (FILE_ERR_WIDTH / 2) -
+ (strlen (strerror (errno)) + strlen ("Reason: ")) / 2);
+ wprintw (wpopup, "Reason: %s",
+--- a/src/misc.c
b/src/misc.c
+@@ -26,6 +26,8 @@
+ #endif
+ #endif
+
++extern struct Global Globals;
++extern struct ChangeLog UndoStack;
+
+ int
+ mappos (int pos)
+--- a/src/undo.c
b/src/undo.c
+@@ -15,6 +15,8 @@
+ #include "hexedit.h"
+ #include
+
++struct ChangeLog UndoStack;
++extern struct Global Globals;
+
+ void
+ pushUndo (int type, unsigned long offset,
+--- a/src/widgets.c
b/src/widgets.c
+@@ -14,6 +14,8 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
++
+ #define S_BOX_COLOR (COLOR_PAIR(4) | A_BOLD)
+
+
+@@ -366,7 +368,7 @@
+if (!rstr.str)
+{
+ wmove (win, 4, boxleft);
+- wprintw (win, (char *) NOT_ENOUGH_MEMORY);
++ wprintw (win, "%s", (char *) NOT_ENOUGH_MEMORY);
+ getch ();
+ return NULL;
+}
+--- a/src/windows.c
b/src/windows.c
+@@ -14,6 +14,7 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
+
+/* Brings up Jump to offset window, to relocate to a different part
+ * of the file. Uses one string box and takes input in octal, decimal,
+--- a/src/calc.c
b/src/calc.c
+@@ -14,6 +14,8 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
++
+/* Used only for redraw function after Control-C */
+ struct calcEntryBox *bbox;
+ struct calcEntryBox *obox;
+--- a/src/print.c
b/src/print.c
+@@ -14,6 +14,8 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
++
+ static long findNewline (unsigned long);
+ static void drawAscii (unsigned long off);
+ static void drawAsciiDump (unsigned long, unsigned long *);
+--- a/src/calckeys.c
b/src/calckeys.c
+@@ -14,6 +14,7 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
+
+ void
+ calcNumberKey (struct calcEntryBox *binbox, struct calcEntryBox *octbox,
+--- a/src/edit.c
b/src/edit.c
+@@ -15,6 +15,8 @@
+ #include "hexedit.h"
+ #include
+
++extern struct Global Globals;
++
+ /* The routines in this file are very messy and ugly and not much thought
+ * went into thinking how to minimize the amount of code, I only did it
+ * real fast, making every case I could think of a separate code block,
+--- a/src/file.c
b/src/file.c
+@@ -30,6 +30,8 @@
+
+ #include "hexedit.h"
+
++extern struct Global Globals;
++
+ struct FileNames *fp = NULL; /* used to traverse the list of files */
+ struct FileNames **pages = NULL; /* node th
Bug#997174: netdiag: FTBFS: statnet.c:471:32: error: format not a string literal and no format arguments [-Werror=format-security]
Control: tags -1 + pending
Control: tags -1 + patch
Dear maintainer,
I've prepared an NMU for netdiag (versioned as 1.2-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -u netdiag-1.2/debian/changelog netdiag-1.2/debian/changelog
--- netdiag-1.2/debian/changelog
+++ netdiag-1.2/debian/changelog
@@ -1,3 +1,10 @@
+netdiag (1.2-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use fixed format strings in mvprintw calls. (Closes: #997174)
+
+ -- Reiner Herrmann Sun, 16 Oct 2022 15:28:17 +0200
+
netdiag (1.2-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -u netdiag-1.2/debian/patches/series netdiag-1.2/debian/patches/series
--- netdiag-1.2/debian/patches/series
+++ netdiag-1.2/debian/patches/series
@@ -8,3 +8,4 @@
clang-ftbfs.diff
gcc-10.diff
pcap_init.diff
+gcc12.patch
only in patch2:
unchanged:
--- netdiag-1.2.orig/debian/patches/gcc12.patch
+++ netdiag-1.2/debian/patches/gcc12.patch
@@ -0,0 +1,51 @@
+Author: Reiner Herrmann
+Bug-Debian: https://bugs.debian.org/997174
+Description: Use fixed format string in mvprintw to prevent format string vulnerabilities
+
+--- a/statnet-3.8/statnet.c
b/statnet-3.8/statnet.c
+@@ -467,7 +467,7 @@
+ #define min(a,b) (((a) > (b)) ? (b) : (a))
+ if( COLS < 25 + min( 25, strlen( StatMem->servername ) ) )
+ {
+-mvprintw (0, (COLS - min( 25, strlen( StatMem->servername ) )) / 2,
++mvprintw (0, (COLS - min( 25, strlen( StatMem->servername ) )) / 2, "%s",
+ StatMem->servername);
+ }
+ else
+@@ -475,13 +475,13 @@
+ if( ((COLS/2) + 14) > COLS - min( 25, strlen( StatMem->servername )+1 ) )
+ {
+ mvprintw (0, 0, "STATISTICS OF NETWORKS");
+- mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )),
++ mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )), "%s",
+ StatMem->servername);
+ }
+ else
+ {
+ mvprintw (0, (COLS - 22) / 2, "STATISTICS OF NETWORKS");
+- mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )),
++ mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )), "%s",
+ StatMem->servername);
+ }
+ }
+--- a/netwatch-1.3.1-2/dispdata.c
b/netwatch-1.3.1-2/dispdata.c
+@@ -1488,7 +1488,7 @@
+ fprintf (fpspeclog, "%s\n", ttt);
+ else
+ //!!mvprintw (yact, xleft, "%s",ttt);
+- mvprintw (yact, xleft, ttt);
++ mvprintw (yact, xleft, "%s", ttt);
+ attron (col4);
+ if (current->update)
+ {
+@@ -1736,7 +1736,7 @@
+ fprintf (fpspeclog, "%s\n", ttt);
+ else
+ //!!mvprintw (yact, xright,"%s", ttt);
+- mvprintw (yact, xright, ttt);
++ mvprintw (yact, xright, "%s", ttt);
+ attron (col4);
+ if (current->update)
+ {
Bug#984037: doscan: ftbfs with GCC-11
Control: tags -1 + pending
Dear maintainer,
I've prepared an NMU for doscan (versioned as 0.3.3-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -u doscan-0.3.3/debian/changelog doscan-0.3.3/debian/changelog
--- doscan-0.3.3/debian/changelog
+++ doscan-0.3.3/debian/changelog
@@ -1,3 +1,11 @@
+doscan (0.3.3-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix FTBFS by drop dynamic exception specification, which are no longer
+possible in C++17. (Closes: #984037)
+
+ -- Reiner Herrmann Sat, 15 Oct 2022 18:55:04 +0200
+
doscan (0.3.3-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -u doscan-0.3.3/debian/patches/series doscan-0.3.3/debian/patches/series
--- doscan-0.3.3/debian/patches/series
+++ doscan-0.3.3/debian/patches/series
@@ -1 +1,2 @@
fix-gcc6-FTBFS.patch
+gcc12.patch
only in patch2:
unchanged:
--- doscan-0.3.3.orig/debian/patches/gcc12.patch
+++ doscan-0.3.3/debian/patches/gcc12.patch
@@ -0,0 +1,29 @@
+Author: Reiner Herrmann
+Bug-Debian: https://bugs.debian.org/984037
+Description: Drop dynamic exception specification
+ Since GCC 11 C++17 is used by default.
+ Dynamic exception specifications were long deprecated
+ and got removed in C++17.
+
+--- a/src/rx.cc
b/src/rx.cc
+@@ -23,7 +23,7 @@
+
+ // rx
+
+-rx::rx(const char* pattern, int options) throw (error)
++rx::rx(const char* pattern, int options)
+ {
+ const char *err;
+ int offset;
+--- a/src/rx.h
b/src/rx.h
+@@ -38,7 +38,7 @@
+ int offset() const;
+ };
+
+- rx(const char*, int options = 0) throw (error);
++ rx(const char*, int options = 0);
+ ~rx();
+
+ unsigned captures() const;
Bug#1017136: ksirk: diff for NMU version 4:21.08.0-1.1
Hi Aurélien, On Sat, Oct 15, 2022 at 07:29:11PM +0200, Aurélien COUDERC wrote: > Would you go as far as posting the change as an MR against the salsa repo ? 🙂 > https://salsa.debian.org/qt-kde-team/kde/ksirk I just opened a MR with the changes from the NMU: https://salsa.debian.org/qt-kde-team/kde/ksirk/-/merge_requests/2 Kind regards, Reiner
Bug#1012888: acm: diff for NMU version 6.0+20200416-1.1
Control: tags 1012888 + patch
Control: tags 1012888 + pending
Dear maintainer,
I've prepared an NMU for acm (versioned as 6.0+20200416-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -Nru acm-6.0+20200416/debian/changelog acm-6.0+20200416/debian/changelog
--- acm-6.0+20200416/debian/changelog 2020-11-17 12:52:56.0 +0100
+++ acm-6.0+20200416/debian/changelog 2022-10-15 18:55:51.0 +0200
@@ -1,3 +1,12 @@
+acm (6.0+20200416-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Make sure that objects are built reproducibly with the same build flags
+(provided by dpkg-buildflags) and increase size of buffer for sprintf
+output. (Closes: #1012888)
+
+ -- Reiner Herrmann Sat, 15 Oct 2022 18:55:51 +0200
+
acm (6.0+20200416-1) unstable; urgency=medium
* Switch to new upstream source,
diff -Nru acm-6.0+20200416/debian/patches/fix_buffer_size.patch acm-6.0+20200416/debian/patches/fix_buffer_size.patch
--- acm-6.0+20200416/debian/patches/fix_buffer_size.patch 1970-01-01 01:00:00.0 +0100
+++ acm-6.0+20200416/debian/patches/fix_buffer_size.patch 2022-10-15 18:55:51.0 +0200
@@ -0,0 +1,16 @@
+Author: Reiner Herrmann
+Bug-Debian: https://bugs.debian.org/1012888
+Description: Increase buffer size to have space for maximum possible output
+ VColor.c:91:9: note: ‘sprintf’ output between 8 and 11 bytes into a destination of size 8
+
+--- a/src/V/VColor.c
b/src/V/VColor.c
+@@ -87,7 +87,7 @@
+
+ char * VColor_getName(VColor_Type *c)
+ {
+- static char s[8];
++ static char s[11];
+ sprintf(s, "#%02u%02u%02u", c->red, c->green, c->blue);
+ return s;
+ }
diff -Nru acm-6.0+20200416/debian/patches/hardening1.patch acm-6.0+20200416/debian/patches/hardening1.patch
--- acm-6.0+20200416/debian/patches/hardening1.patch 2020-11-17 12:52:56.0 +0100
+++ acm-6.0+20200416/debian/patches/hardening1.patch 2022-10-15 18:55:51.0 +0200
@@ -85,3 +85,14 @@
return 0;
}
+--- a/src/V/Makefile
b/src/V/Makefile
+@@ -4,6 +4,8 @@
+ CFLAGS := -Wall -Werror -g -fmax-errors=99 -Wuninitialized -Wmissing-prototypes -Wredundant-decls
+ LIBS :=
+
++include Makefile-include.txt
++
+ .PHONY: all
+ all:
+ make Alib.o VColor.o VGlyph.o VObjects.o VPoly.o VRoman.o Vlib.o Vlibmath.o
diff -Nru acm-6.0+20200416/debian/patches/series acm-6.0+20200416/debian/patches/series
--- acm-6.0+20200416/debian/patches/series 2020-11-17 12:52:56.0 +0100
+++ acm-6.0+20200416/debian/patches/series 2022-10-15 18:55:51.0 +0200
@@ -3,3 +3,4 @@
set_default_object_dir.patch
fix_paths_in_acm_tcl.patch
hardening1.patch
+fix_buffer_size.patch
Bug#1013011: opensc: diff for NMU version 0.22.0-2.1
Control: tags 1013011 + patch
Control: tags 1013011 + pending
Dear maintainer,
I've prepared an NMU for opensc (versioned as 0.22.0-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -Nru opensc-0.22.0/debian/changelog opensc-0.22.0/debian/changelog
--- opensc-0.22.0/debian/changelog 2022-01-31 07:02:55.0 +0100
+++ opensc-0.22.0/debian/changelog 2022-10-15 18:26:16.0 +0200
@@ -1,3 +1,10 @@
+opensc (0.22.0-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Import patch to fix usage of pointer after realloc (Closes: #1013011)
+
+ -- Reiner Herrmann Sat, 15 Oct 2022 18:26:16 +0200
+
opensc (0.22.0-2) unstable; urgency=medium
[ Debian Janitor ]
diff -Nru opensc-0.22.0/debian/patches/gcc12.patch opensc-0.22.0/debian/patches/gcc12.patch
--- opensc-0.22.0/debian/patches/gcc12.patch 1970-01-01 01:00:00.0 +0100
+++ opensc-0.22.0/debian/patches/gcc12.patch 2022-10-15 18:26:16.0 +0200
@@ -0,0 +1,31 @@
+From 0f7082ea46562b15221f428860b993e0519c6cbd Mon Sep 17 00:00:00 2001
+From: Veronika Hanulikova
+Date: Wed, 16 Feb 2022 11:59:27 +0100
+Bug-Debian: https://bugs.debian.org/1013011
+Subject: [PATCH] Fix usage of pointer after realloc
+
+---
+ src/sm/sm-iso.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c
+index 5baded77c6..2c3f6bcabd 100644
+--- a/src/sm/sm-iso.c
b/src/sm/sm-iso.c
+@@ -181,13 +181,14 @@ static int format_le(size_t le, struct sc_asn1_entry *le_entry,
+
+ static int prefix_buf(u8 prefix, u8 *buf, size_t buflen, u8 **cat)
+ {
+- u8 *p;
++ u8 *p = NULL;
++ int ptr_same = *cat == buf;
+
+ p = realloc(*cat, buflen + 1);
+ if (!p)
+ return SC_ERROR_OUT_OF_MEMORY;
+
+- if (*cat == buf) {
++ if (ptr_same) {
+ memmove(p + 1, p, buflen);
+ } else {
+ /* Flawfinder: ignore */
diff -Nru opensc-0.22.0/debian/patches/series opensc-0.22.0/debian/patches/series
--- opensc-0.22.0/debian/patches/series 2022-01-31 07:02:55.0 +0100
+++ opensc-0.22.0/debian/patches/series 2022-10-15 18:26:16.0 +0200
@@ -1 +1,2 @@
0001-Use-sysconfdir-opensc-for-opensc.conf.patch
+gcc12.patch
Bug#1016229: rapidjson: diff for NMU version 1.1.0+dfsg2-7.1
Control: tags 1016229 + patch
Control: tags 1016229 + pending
Dear maintainer,
I've prepared an NMU for rapidjson (versioned as 1.1.0+dfsg2-7.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -Nru rapidjson-1.1.0+dfsg2/debian/changelog rapidjson-1.1.0+dfsg2/debian/changelog
--- rapidjson-1.1.0+dfsg2/debian/changelog 2021-01-07 14:45:27.0 +0100
+++ rapidjson-1.1.0+dfsg2/debian/changelog 2022-10-15 18:10:14.0 +0200
@@ -1,3 +1,10 @@
+rapidjson (1.1.0+dfsg2-7.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix FTBFS with GCC 12. (Closes: #1016229)
+
+ -- Reiner Herrmann Sat, 15 Oct 2022 18:10:14 +0200
+
rapidjson (1.1.0+dfsg2-7) unstable; urgency=medium
* Do not use -arch=native on ppc64 and cross-compilation:
diff -Nru rapidjson-1.1.0+dfsg2/debian/patches/gcc12_encdedstreamtest.patch rapidjson-1.1.0+dfsg2/debian/patches/gcc12_encdedstreamtest.patch
--- rapidjson-1.1.0+dfsg2/debian/patches/gcc12_encdedstreamtest.patch 1970-01-01 01:00:00.0 +0100
+++ rapidjson-1.1.0+dfsg2/debian/patches/gcc12_encdedstreamtest.patch 2022-10-15 18:10:14.0 +0200
@@ -0,0 +1,22 @@
+From 2b2c80450031028439ba2a17a09ef5aa10f2159b Mon Sep 17 00:00:00 2001
+From: Tom Briden
+Date: Sun, 15 May 2022 10:20:21 +0100
+Subject: [PATCH] encdedstreamtest: fix use-after-free compile error with
+ gcc-12
+
+---
+ test/unittest/encodedstreamtest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/test/unittest/encodedstreamtest.cpp
b/test/unittest/encodedstreamtest.cpp
+@@ -113,8 +113,8 @@
+ EXPECT_EQ(expected, actual);
+ }
+ EXPECT_EQ('\0', s.Peek());
+-free(data);
+ EXPECT_EQ(size, eis.Tell());
++free(data);
+ }
+ }
+
diff -Nru rapidjson-1.1.0+dfsg2/debian/patches/gcc12_valuetest.patch rapidjson-1.1.0+dfsg2/debian/patches/gcc12_valuetest.patch
--- rapidjson-1.1.0+dfsg2/debian/patches/gcc12_valuetest.patch 1970-01-01 01:00:00.0 +0100
+++ rapidjson-1.1.0+dfsg2/debian/patches/gcc12_valuetest.patch 2022-10-15 18:10:14.0 +0200
@@ -0,0 +1,34 @@
+From 1f59c69cd18cd508395fe0bb5c2f8ee909e3c48d Mon Sep 17 00:00:00 2001
+From: Tom Briden
+Date: Sun, 15 May 2022 10:15:26 +0100
+Subject: [PATCH] valuetest: fix potential write of terminating nul past the
+ end of the destination
+
+Fixes 2 compile errors with gcc-12, eg:
+
+tesunittest/valuetest.cpp:1516:30: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
+test/unittest/valuetest.cpp:1516:20: note: 'sprintf' output between 2 and 11 bytes into a destination of size 10
+---
+ test/unittest/valuetest.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/test/unittest/valuetest.cpp
b/test/unittest/valuetest.cpp
+@@ -1512,7 +1512,7 @@
+ {
+ int i = 0;
+ for (auto& m : x.GetObject()) {
+-char name[10];
++char name[11];
+ sprintf(name, "%d", i);
+ EXPECT_STREQ(name, m.name.GetString());
+ EXPECT_EQ(i, m.value.GetInt());
+@@ -1523,7 +1523,7 @@
+ {
+ int i = 0;
+ for (const auto& m : const_cast(x).GetObject()) {
+-char name[10];
++char name[11];
+ sprintf(name, "%d", i);
+ EXPECT_STREQ(name, m.name.GetString());
+ EXPECT_EQ(i, m.value.GetInt());
diff -Nru rapidjson-1.1.0+dfsg2/debian/patches/series rapidjson-1.1.0+dfsg2/debian/patches/series
--- rapidjson-1.1.0+dfsg2/debian/patches/series 2021-01-07 14:42:47.0 +0100
+++ rapidjson-1.1.0+dfsg2/debian/patches/series 2022-10-15 18:10:14.0 +0200
@@ -10,3 +10,5 @@
0001-support-IBM-PowerPC-ppc64-ppc64le-and-XL-compiler.patch
0001-CMake-do-not-pass-march-native-or-mcpu-native-when-c.patch
deal-with-Werror-type-limits.patch
+gcc12_encdedstreamtest.patch
+gcc12_valuetest.patch
Bug#1017136: ksirk: diff for NMU version 4:21.08.0-1.1
Control: tags 1017136 + patch Control: tags 1017136 + pending Dear maintainer, I've prepared an NMU for ksirk (versioned as 4:21.08.0-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Reiner diff -Nru ksirk-21.08.0/debian/changelog ksirk-21.08.0/debian/changelog --- ksirk-21.08.0/debian/changelog 2021-08-16 09:25:30.0 +0200 +++ ksirk-21.08.0/debian/changelog 2022-10-15 17:58:28.0 +0200 @@ -1,3 +1,10 @@ +ksirk (4:21.08.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Import patch to use new KNewStuff header location. (Closes: #1017136) + + -- Reiner Herrmann Sat, 15 Oct 2022 17:58:28 +0200 + ksirk (4:21.08.0-1) unstable; urgency=medium [ Norbert Preining ] diff -Nru ksirk-21.08.0/debian/patches/knewstuff.patch ksirk-21.08.0/debian/patches/knewstuff.patch --- ksirk-21.08.0/debian/patches/knewstuff.patch 1970-01-01 01:00:00.0 +0100 +++ ksirk-21.08.0/debian/patches/knewstuff.patch 2022-10-15 17:58:28.0 +0200 @@ -0,0 +1,21 @@ +From 459f18191e11e7a1d38b61cd0114bd881a110539 Mon Sep 17 00:00:00 2001 +From: Ahmad Samir +Date: Thu, 26 May 2022 15:49:27 +0200 +Bug-Debian: https://bugs.debian.org/1017136 +Subject: [PATCH] Use KNewStuff FowardingHeaders + +--- + ksirk/Dialogs/newGameDialogImpl.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/ksirk/Dialogs/newGameDialogImpl.cpp b/ksirk/Dialogs/newGameDialogImpl.cpp +@@ -28,7 +28,7 @@ + #include + #include + #include +-#include ++#include + + #include + #include diff -Nru ksirk-21.08.0/debian/patches/series ksirk-21.08.0/debian/patches/series --- ksirk-21.08.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ ksirk-21.08.0/debian/patches/series 2022-10-15 17:58:28.0 +0200 @@ -0,0 +1 @@ +knewstuff.patch
Bug#1017304: libmateweather: diff for NMU version 1.26.0-1.1
Control: tags 1017304 + patch Control: tags 1017304 + pending Dear maintainer, I've prepared an NMU for libmateweather (versioned as 1.26.0-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Reiner diff -Nru libmateweather-1.26.0/debian/changelog libmateweather-1.26.0/debian/changelog --- libmateweather-1.26.0/debian/changelog 2021-12-10 23:02:01.0 +0100 +++ libmateweather-1.26.0/debian/changelog 2022-10-15 17:45:15.0 +0200 @@ -1,3 +1,10 @@ +libmateweather (1.26.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Update spelling of Kiev/Kyiv to match tzdata (Closes: #1017304) + + -- Reiner Herrmann Sat, 15 Oct 2022 17:45:15 +0200 + libmateweather (1.26.0-1) unstable; urgency=medium [ Martin Wimpress ] diff -Nru libmateweather-1.26.0/debian/patches/series libmateweather-1.26.0/debian/patches/series --- libmateweather-1.26.0/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ libmateweather-1.26.0/debian/patches/series 2022-10-15 17:45:08.0 +0200 @@ -0,0 +1 @@ +timezones.patch diff -Nru libmateweather-1.26.0/debian/patches/timezones.patch libmateweather-1.26.0/debian/patches/timezones.patch --- libmateweather-1.26.0/debian/patches/timezones.patch 1970-01-01 01:00:00.0 +0100 +++ libmateweather-1.26.0/debian/patches/timezones.patch 2022-10-15 17:45:08.0 +0200 @@ -0,0 +1,32 @@ +Author: Reiner Herrmann +Bug-Debian: https://bugs.debian.org/1017304 +Description: Update spelling of Kiev/Kyiv to match tzdata + tzdata 2022b-1 changed it from Kiev to Kyiv. + +--- a/data/Locations.xml.in b/data/Locations.xml.in +@@ -20618,13 +20618,13 @@ + UA + UP + +- ++ + Europe/Simferopol + Europe/Uzhgorod + Europe/Zaporozhye + + +- Europe/Kiev ++ Europe/Kyiv + + + Boryspil' +@@ -20700,7 +20700,7 @@ + "Kiev" is the traditional English name. + The local name in Ukrainian is "Kyyiv". + --> +-Kiev ++Kyiv + 50.43 30.516667 + + Kyiv
Bug#1020520: cxxtools: ftbfs with GCC-12
user debian-rele...@lists.debian.org usertags 1020520 + bsp-2022-10-de-karlsruhe tags 1020520 + fixed-upstream thank you A fix (including time.h) is available in the upstream repo: https://github.com/maekitalo/cxxtools/commit/6e1439a108ce3892428e95f341f2d23ae32a590e
Bug#1012888: acm: ftbfs with GCC-12
user debian-rele...@lists.debian.org
usertags 1012888 + bsp-2022-10-de-karlsruhe
control tags 1012888 + patch
thank you
Hi,
there are actually two problems that are fixed by the attached patch.
1. the src/V/Makefile did not include Makefile-include.txt like the
other Makefiles, so it did not use the dpkg-buildflags.
This caused a fallback to the upstream CFLAGS that include -Werror
(and misses other flags set by dpkg-buildflags).
Because VColor.o can get generated from two different directories,
it's not deterministic (because of parallelism), with which flags
the object is compiled.
2. src/V/VColor.c uses a potentially too small buffer for sprintf,
which causes the warning (and because of 1 an error).
Kind regards,
Reiner
diff -Nru acm-6.0+20200416/debian/patches/fix_buffer_size.patch acm-6.0+20200416/debian/patches/fix_buffer_size.patch
--- acm-6.0+20200416/debian/patches/fix_buffer_size.patch 1970-01-01 01:00:00.0 +0100
+++ acm-6.0+20200416/debian/patches/fix_buffer_size.patch 2022-10-15 15:40:22.0 +0200
@@ -0,0 +1,16 @@
+Author: Reiner Herrmann
+Bug-Debian: https://bugs.debian.org/1012888
+Description: Increase buffer size to have space for maximum possible output
+ VColor.c:91:9: note: ‘sprintf’ output between 8 and 11 bytes into a destination of size 8
+
+--- a/src/V/VColor.c
b/src/V/VColor.c
+@@ -87,7 +87,7 @@
+
+ char * VColor_getName(VColor_Type *c)
+ {
+- static char s[8];
++ static char s[11];
+ sprintf(s, "#%02u%02u%02u", c->red, c->green, c->blue);
+ return s;
+ }
diff -Nru acm-6.0+20200416/debian/patches/hardening1.patch acm-6.0+20200416/debian/patches/hardening1.patch
--- acm-6.0+20200416/debian/patches/hardening1.patch 2020-11-17 12:52:56.0 +0100
+++ acm-6.0+20200416/debian/patches/hardening1.patch 2022-10-15 15:40:22.0 +0200
@@ -85,3 +67,14 @@
return 0;
}
+--- a/src/V/Makefile
b/src/V/Makefile
+@@ -4,6 +4,8 @@
+ CFLAGS := -Wall -Werror -g -fmax-errors=99 -Wuninitialized -Wmissing-prototypes -Wredundant-decls
+ LIBS :=
+
++include Makefile-include.txt
++
+ .PHONY: all
+ all:
+ make Alib.o VColor.o VGlyph.o VObjects.o VPoly.o VRoman.o Vlib.o Vlibmath.o
diff -Nru acm-6.0+20200416/debian/patches/series acm-6.0+20200416/debian/patches/series
--- acm-6.0+20200416/debian/patches/series 2020-11-17 12:52:56.0 +0100
+++ acm-6.0+20200416/debian/patches/series 2022-10-15 15:40:22.0 +0200
@@ -3,3 +3,4 @@
set_default_object_dir.patch
fix_paths_in_acm_tcl.patch
hardening1.patch
+fix_buffer_size.patch
Bug#1016229: rapidjson: FTBFS: memorystream.h:47:59: error: pointer used after ‘void free(void*)’ [-Werror=use-after-free]
user debian-rele...@lists.debian.org
usertags 1016229 + bsp-2022-10-de-karlsruhe
tags 1016229 + patch
thank you
Hi,
the failures to build the tests are already fixed in the
upstream repository.
I attached a patch that imports the two fixes.
Kind regards,
Reiner
>From 9953f3cddd2bf3dfcd46d2e0be5e03879daa4e71 Mon Sep 17 00:00:00 2001
From: Reiner Herrmann
Date: Sat, 15 Oct 2022 14:56:08 +0200
Subject: [PATCH] Import patches to fix FTBFS of unittests
Closes: #1016229
---
debian/patches/gcc12_encdedstreamtest.patch | 22 +
debian/patches/gcc12_valuetest.patch| 34 +
debian/patches/series | 2 ++
3 files changed, 58 insertions(+)
create mode 100644 debian/patches/gcc12_encdedstreamtest.patch
create mode 100644 debian/patches/gcc12_valuetest.patch
diff --git a/debian/patches/gcc12_encdedstreamtest.patch b/debian/patches/gcc12_encdedstreamtest.patch
new file mode 100644
index 000..e585491
--- /dev/null
+++ b/debian/patches/gcc12_encdedstreamtest.patch
@@ -0,0 +1,22 @@
+From 2b2c80450031028439ba2a17a09ef5aa10f2159b Mon Sep 17 00:00:00 2001
+From: Tom Briden
+Date: Sun, 15 May 2022 10:20:21 +0100
+Subject: [PATCH] encdedstreamtest: fix use-after-free compile error with
+ gcc-12
+
+---
+ test/unittest/encodedstreamtest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/test/unittest/encodedstreamtest.cpp
b/test/unittest/encodedstreamtest.cpp
+@@ -113,8 +113,8 @@
+ EXPECT_EQ(expected, actual);
+ }
+ EXPECT_EQ('\0', s.Peek());
+-free(data);
+ EXPECT_EQ(size, eis.Tell());
++free(data);
+ }
+ }
+
diff --git a/debian/patches/gcc12_valuetest.patch b/debian/patches/gcc12_valuetest.patch
new file mode 100644
index 000..dc77db5
--- /dev/null
+++ b/debian/patches/gcc12_valuetest.patch
@@ -0,0 +1,34 @@
+From 1f59c69cd18cd508395fe0bb5c2f8ee909e3c48d Mon Sep 17 00:00:00 2001
+From: Tom Briden
+Date: Sun, 15 May 2022 10:15:26 +0100
+Subject: [PATCH] valuetest: fix potential write of terminating nul past the
+ end of the destination
+
+Fixes 2 compile errors with gcc-12, eg:
+
+tesunittest/valuetest.cpp:1516:30: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
+test/unittest/valuetest.cpp:1516:20: note: 'sprintf' output between 2 and 11 bytes into a destination of size 10
+---
+ test/unittest/valuetest.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/test/unittest/valuetest.cpp
b/test/unittest/valuetest.cpp
+@@ -1512,7 +1512,7 @@
+ {
+ int i = 0;
+ for (auto& m : x.GetObject()) {
+-char name[10];
++char name[11];
+ sprintf(name, "%d", i);
+ EXPECT_STREQ(name, m.name.GetString());
+ EXPECT_EQ(i, m.value.GetInt());
+@@ -1523,7 +1523,7 @@
+ {
+ int i = 0;
+ for (const auto& m : const_cast(x).GetObject()) {
+-char name[10];
++char name[11];
+ sprintf(name, "%d", i);
+ EXPECT_STREQ(name, m.name.GetString());
+ EXPECT_EQ(i, m.value.GetInt());
diff --git a/debian/patches/series b/debian/patches/series
index a2e78c3..a2d3247 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,5 @@ python3.diff
0001-support-IBM-PowerPC-ppc64-ppc64le-and-XL-compiler.patch
0001-CMake-do-not-pass-march-native-or-mcpu-native-when-c.patch
deal-with-Werror-type-limits.patch
+gcc12_encdedstreamtest.patch
+gcc12_valuetest.patch
--
2.37.2
Bug#1005272: libxt6: out-of-date copyright file
Control: tags -1 + patch pending This is already fixed in git: https://salsa.debian.org/xorg-team/lib/libxt/-/commit/1c6d55358db3825bdc27a9c0101bbef5cff3d04e
Bug#1017136: ksirk: FTBFS: newGameDialogImpl.cpp:31:10: fatal error: downloaddialog.h: No such file or directory
user debian-rele...@lists.debian.org usertags -1 + bsp-2022-10-de-karlsruhe tags -1 + patch thank you Hi, this FTBFS is already fixed upstream in commit [459f18]. I attached a patch that imports the fix with the new header location. Kind regards, Reiner [459f18] https://invent.kde.org/games/ksirk/-/commit/459f18191e11e7a1d38b61cd0114bd881a110539 >From 287d66ef9d77309e82f9d88f7650ce800fa2c22b Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Sat, 15 Oct 2022 13:22:49 +0200 Subject: [PATCH] Import patch to use new KNewStuff header location Closes: #1017136 --- debian/patches/knewstuff.patch | 21 + debian/patches/series | 1 + 2 files changed, 22 insertions(+) create mode 100644 debian/patches/knewstuff.patch create mode 100644 debian/patches/series diff --git a/debian/patches/knewstuff.patch b/debian/patches/knewstuff.patch new file mode 100644 index 000..a651efd --- /dev/null +++ b/debian/patches/knewstuff.patch @@ -0,0 +1,21 @@ +From 459f18191e11e7a1d38b61cd0114bd881a110539 Mon Sep 17 00:00:00 2001 +From: Ahmad Samir +Date: Thu, 26 May 2022 15:49:27 +0200 +Bug-Debian: https://bugs.debian.org/1017136 +Subject: [PATCH] Use KNewStuff FowardingHeaders + +--- + ksirk/Dialogs/newGameDialogImpl.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/ksirk/Dialogs/newGameDialogImpl.cpp b/ksirk/Dialogs/newGameDialogImpl.cpp +@@ -28,7 +28,7 @@ + #include + #include + #include +-#include ++#include + + #include + #include diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000..b2e6ac4 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +knewstuff.patch -- 2.37.2
Bug#1017304: libmateweather: FTBFS: Invalid timezones in ./Locations.xml.in: Europe/Kiev
user debian-rele...@lists.debian.org usertags -1 + bsp-2022-10-de-karlsruhe tags -1 + patch thank you Hi, the build fails because the script check-timezones.sh checks for locations/timezones that are not availabe in the tzdata database. tzdata 2022b-1 renamed Kiev to Kyiv, which causes the check to fail now. The attached patch updates the Locations.xml.in file to match tzdata again. Kind regards, Reiner From 785d1fc604e4ccb918ad527b2ec5f804485257f9 Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Sat, 15 Oct 2022 12:52:20 +0200 Subject: [PATCH] Update spelling of Kiev/Kyiv to match tzdata Closes: #1017304 --- debian/patches/series | 1 + debian/patches/timezones.patch | 32 2 files changed, 33 insertions(+) create mode 100644 debian/patches/series create mode 100644 debian/patches/timezones.patch diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000..ab7d170 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +timezones.patch diff --git a/debian/patches/timezones.patch b/debian/patches/timezones.patch new file mode 100644 index 000..b5cf901 --- /dev/null +++ b/debian/patches/timezones.patch @@ -0,0 +1,32 @@ +Author: Reiner Herrmann +Bug-Debian: https://bugs.debian.org/1017304 +Description: Update spelling of Kiev/Kyiv to match tzdata + tzdata 2022b-1 changed it from Kiev to Kyiv. + +--- a/data/Locations.xml.in b/data/Locations.xml.in +@@ -20618,13 +20618,13 @@ + UA + UP + +- ++ + Europe/Simferopol + Europe/Uzhgorod + Europe/Zaporozhye + + +- Europe/Kiev ++ Europe/Kyiv + + + Boryspil' +@@ -20700,7 +20700,7 @@ + "Kiev" is the traditional English name. + The local name in Ukrainian is "Kyyiv". + --> +-Kiev ++Kyiv + 50.43 30.516667 + + Kyiv -- 2.37.2
Bug#1017440: pahole: Several tools just segfault
user debian-rele...@lists.debian.org usertags -1 + bsp-2022-10-de-karlsruhe thank you Hi, one of the crashes is fixed upstream in commit [49a2dd], already released in 1.24. There are several more crashes fixed upstream, so updating to the newest release would make sense. Though unfornately not all crashes are fixed yet, and they don't look trivial to fix without knowing the code better. Kind regards, Reiner [49a2dd] https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=49a2dd
Bug#1013011: opensc: ftbfs with GCC-12
user debian-rele...@lists.debian.org
usertags -1 + bsp-2022-10-de-karlsruhe
thankyou
Hi,
the attached patch imported from the upstream repository fixes the FTBFS.
Kind regards,
Reiner
From bdca5c7fe4d6f3a23287f62e0be044bef3de1974 Mon Sep 17 00:00:00 2001
From: Reiner Herrmann
Date: Fri, 14 Oct 2022 19:27:01 +0200
Subject: [PATCH] Import upstream patch to fix pointer usage after realloc
Closes: #1013011
---
debian/patches/gcc12.patch | 31 +++
debian/patches/series | 1 +
2 files changed, 32 insertions(+)
create mode 100644 debian/patches/gcc12.patch
diff --git a/debian/patches/gcc12.patch b/debian/patches/gcc12.patch
new file mode 100644
index ..029da4af
--- /dev/null
+++ b/debian/patches/gcc12.patch
@@ -0,0 +1,31 @@
+From 0f7082ea46562b15221f428860b993e0519c6cbd Mon Sep 17 00:00:00 2001
+From: Veronika Hanulikova
+Date: Wed, 16 Feb 2022 11:59:27 +0100
+Bug-Debian: https://bugs.debian.org/1013011
+Subject: [PATCH] Fix usage of pointer after realloc
+
+---
+ src/sm/sm-iso.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c
+index 5baded77c6..2c3f6bcabd 100644
+--- a/src/sm/sm-iso.c
b/src/sm/sm-iso.c
+@@ -181,13 +181,14 @@ static int format_le(size_t le, struct sc_asn1_entry *le_entry,
+
+ static int prefix_buf(u8 prefix, u8 *buf, size_t buflen, u8 **cat)
+ {
+- u8 *p;
++ u8 *p = NULL;
++ int ptr_same = *cat == buf;
+
+ p = realloc(*cat, buflen + 1);
+ if (!p)
+ return SC_ERROR_OUT_OF_MEMORY;
+
+- if (*cat == buf) {
++ if (ptr_same) {
+ memmove(p + 1, p, buflen);
+ } else {
+ /* Flawfinder: ignore */
diff --git a/debian/patches/series b/debian/patches/series
index b5adf2fc..a583014f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-Use-sysconfdir-opensc-for-opensc.conf.patch
+gcc12.patch
--
2.37.2
Bug#1013326: Tests: please add isolation-machine restriction for smoke-tests
Hi Paride, On Wed, Jun 22, 2022 at 12:03:50PM +0200, Paride Legovini wrote: > I'll take care of merging 0.9.70-1 in Ubuntu, keeping the aforementioned > delta. If you end up adding skip-not-installable (or any other > workaround for the lack of firefox package on some Ubuntu archs) feel > free to ping me and I'll bring the package back in sync, so it will also > auto-sync in the future. I have just uploaded firejail 0.9.70-2 to unstable, which has the architecture restriction in the autopkgtest from the Ubuntu diff. Can you please enable syncing again? Thanks and kind regards, Reiner signature.asc Description: PGP signature
Bug#1003775: ansible-mitogen: not working with ansible from experimental
Package: ansible-mitogen Version: 0.3.1-1 Dear maintainer, thanks for updating ansible-mitogen which is now compatible with newer ansible releases. In the update you also added a dependency on ansible << 2.13. Unfortunately this is no longer installable with ansible from experimental, because the packaging has recently changed there. src:ansible-core now contains the ansible binaries (2.12.0 currently) and src:ansible contains the collections, which is versioned with 4.6.0-1 in experimental. Can you please update the dependency to allow newer ansible versions, but keep the << 2.13 restriction for ansible-core? Kind regards, Reiner signature.asc Description: PGP signature
Bug#1003650: firejail-profiles: Chromium running under the current profile cannot play sound
On Sat, Jan 15, 2022 at 11:07:30AM +0800, Mad Horse wrote:
> I do not have any custom setup on my pipewire, nor custom firejail profile
> for chromium.
Do I understand it correctly that you are also using pipewire?
> Started within firejail, chromium reported:
>
> > [10:46:0115/104317.720203:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> > libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed
> > [56:56:0115/104317.772250:ERROR:sandbox_linux.cc(378)]
> > InitializeSandbox() called with multiple threads in process gpu-process.
> > [10:85:0115/104317.887055:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> > [10:85:0115/104317.887112:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> > [10:85:0115/104317.887169:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> > [10:85:0115/104317.887206:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> > [10:85:0115/104317.887235:ERROR:bus.cc(397)] Failed to connect to the
> > bus: Failed to connect to socket /run/firejail/mnt/dbus/system:
> > Permission denied
> /run/firejail/mnt/dbus/system do have permission 600, owned by root.
I think they are not related. I see these messages as well, but sound is
working for me.
> When trying to play sound, chromium in firejail reported:
>
> > Failed to create secure directory (/run/user/1000/pulse): Operation not
> > permitted
> > ALSA lib dlmisc.c:337:(snd_dlobj_cache_get0) Cannot open shared library
> > libasound_module_pcm_pulse.so
> > (/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so:
> > cannot open shared object file: Permission denied)
> > [307:307:0115/104404.402900:ERROR:alsa_util.cc(204)] PcmOpen: default,No
> > such device or address
> > ALSA lib dlmisc.c:337:(snd_dlobj_cache_get0) Cannot open shared library
> > libasound_module_pcm_pulse.so
> > (/usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so:
> > cannot open shared object file: Permission denied)
> > [307:307:0115/104404.404678:ERROR:alsa_util.cc(204)] PcmOpen:
> > plug:default,No such device or address
>
> but there is a unix domain socket /run/user/1000/pulse/native, owned by UID
> 1000, with permission 666,
> and the permission of
> /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pulse.so is
> root,644.
> Both were inspected inside firejail for chromium.
>
> Do you have any idea about these?
Assuming that you are using pipewire, can you please add the following
to your chromium.profile (or chromium.local):
> whitelist ${RUNUSER}/pipewire-?
> whitelist /usr/share/pipewire
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#1003650: firejail-profiles: Chromium running under the current profile cannot play sound
Hi Mad Horse,
On Thu, Jan 13, 2022 at 05:07:38PM +0800, Mad Horse wrote:
> After upgraded to 97.0.4692.71-0.1, Chromium running inside firejail can no
> longer play sound (e.g. when playing an online video), while bare Chromium
> can. It is shown with PulseAudio Manager that the Chromium running inside
> firejail cannot connect to the sound server while the bare Chromium can.
I had a similar issue initially as well. But it turned out to be related
to my custom sound setup (using pipewire with run directory in ~/pipewire).
There are also no sound-related Chromium issue known in the upstream
firejail bug tracker.
So I think it also has to be related to your setup.
It might be related to some whitelist in the chromium{-common}.profile,
as this causes the parent directory to get blocked.
Can you please try to figure out which path needs to be whitelisted
on your system to get it working again?
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#944667: firejail-profiles: ansible cannot run ssh with default profile
Control: tags -1 - moreinfo unreproducible Control: forward -1 https://github.com/netblue30/firejail/issues/4440 While trying to again reproduce this issue I'm now also having problems with ansible when ssh is firejailed. It's not the issue from the original post, which I think was related to known_hosts, but the problem is now that ansible starts ssh with ControlMaster/ControlPath which keeps an ssh process running in the jail (in the background). Because of this ansible "hangs" at the first step because the "firejail ssh" process does not terminate. There are some related upstream issues about this: https://github.com/netblue30/firejail/issues/1518 https://github.com/netblue30/firejail/issues/3491 https://github.com/netblue30/firejail/issues/4440 Might be fixed/worked-around by https://github.com/netblue30/firejail/pull/4635 in the next release. signature.asc Description: PGP signature
Bug#1003407: bitlbee-mastodon: new upstream release
Source: bitlbee-mastodon Version: 1.4.4-1 Severity: wishlist Dear maintainer, a new upstream version of bitlbee-mastodon is available (1.4.5). It was not detected by uscan because of new paths used by github. This watch file fixes upstream version detection: > version=4 > https://github.com/kensanata/bitlbee-mastodon/tags > .*/v?@ANY_VERSION@@ARCHIVE_EXT@ Kind regards, Reiner signature.asc Description: PGP signature
Bug#1002998: firejail-profiles: telegram-desktop not working with firejail
Hi, On Sun, Jan 02, 2022 at 02:58:26PM +, piorunz wrote: > Before upgrade to Testing, everything was working fine. > Something is wrong with firejail profile? > I request assistance. Thank you. This sounds similar to this upstream issue: https://github.com/netblue30/firejail/issues/4488 This was fixed by adding "whitelist /usr/share/TelegramDesktop" to the telegram.profile. Can you please check if that also works for you? Thanks. Kind regards, Reiner signature.asc Description: PGP signature
Bug#1001700: ansible-mitogen: not working with ansible >= 2.11
Package: ansible-mitogen Version: 0.3.0-1 Severity: important Dear maintainer, ansible-mitogen is not working with newer versions of ansible. > ERROR! Your Ansible version (2.11.6) is too recent. The most recent version > supported by Mitogen for Ansible is (2, 10).x. Please check the Mitogen > release notes to see if a new version is available, otherwise > subscribe to the corresponding GitHub issue to be notified when > support becomes available. ansible-core in unstable is at version 2.12.0. Kind regards, Reiner signature.asc Description: PGP signature
Bug#1001040: ansible-core: No such file or directory: '/usr/lib/python3.10/dist-packages/ansible/module_utils/ansible_release.py'
Source: ansible-core Version: 2.12.0-1 Severity: important Dear maintainer, while upgrading ansible-core from 2.11.6-1 to 2.12.0-1, I get the following error during postinst: > Setting up ansible-core (2.12.0-1) ... > [Errno 2] No such file or directory: > '/usr/lib/python3.10/dist-packages/ansible/module_utils/ansible_release.py'dpkg: > error processing package ansible-core (--configure): > installed ansible-core package post-installation script subprocess returned > error exit status 1 Because of this error the package stays unconfigured. $ ls -l /usr/lib/python3.10/dist-packages/ansible/module_utils/ansible_release.py lrwxrwxrwx 1 root root 13 Nov 18 13:42 /usr/lib/python3.10/dist-packages/ansible/module_utils/ansible_release.py -> ../release.py $ ls -l /usr/lib/python3.10/dist-packages/ansible/release.py ls: cannot access '/usr/lib/python3.10/dist-packages/ansible/release.py': No such file or directory Kind regards, Reiner signature.asc Description: PGP signature
Bug#995771: supertuxkart: Please depends on angelscript-dev
Control: block -1 by 997062 angelscript now also builds successfully on arm64 (and therefore on all release architectures). I have asked in #997062 for a backport of angelscript. After that we can switch STK to the archive version. signature.asc Description: PGP signature
Bug#997062: angelscript: please provide backport
Source: angelscript Severity: wishlist Dear maintainer, now that angelscript is also building successfully on arm64, it would be nice to have it also available in backports. Currently supertuxkart is using an embedded copy of angelscript, but when it is available in backports we can switch to the version from the archive. Kind regards, Reiner signature.asc Description: PGP signature
Bug#980559: angelscript: FTBFS on arm64: test error
On Thu, Oct 14, 2021 at 05:46:30PM +0200, Reiner Herrmann wrote: > I was able to fix it by including arm64 in the "buggy archs" list > in debian/rules (see below). FTR I tested my change based on 2.35.1+ds-1 (not -2). signature.asc Description: PGP signature
Bug#980559: angelscript: FTBFS on arm64: test error
Hi Boyuan, I was able to reproduce the build error while compiling the tests on my Raspberry Pi 4. I was able to fix it by including arm64 in the "buggy archs" list in debian/rules (see below). Kind regards, Reiner --- angelscript-2.35.1+ds/debian/rules 2021-10-06 14:09:19.0 + +++ angelscript-2.35.1+ds/debian/rules 2021-10-06 14:09:19.0 + @@ -13,7 +13,7 @@ export VERSION := $(shell echo '$(DEB_VERSION_UPSTREAM)' | sed -e 's/\+.*//') # buggy archs -ifneq (,$(filter $(DEB_HOST_ARCH), armhf mips64el sparc64 x32)) +ifneq (,$(filter $(DEB_HOST_ARCH), armhf arm64 mips64el sparc64 x32)) DEB_CXXFLAGS_MAINT_APPEND += -DAS_MAX_PORTABILITY endif signature.asc Description: PGP signature
Bug#995771: supertuxkart: Please depends on angelscript-dev
Hi, I intend to keep the bundled angelscript for now, until the packaged angelscript is also available on arm64, i.e. bug #980559 is fixed. As we also provide backports of supertuxkart, but angelscript is not yet available there, someone would also need to backport angelscript. Regards, Reiner signature.asc Description: PGP signature
Bug#992908: awesome: autopkgtest regression between 20 and 23 August 2021: Could not resolve keysym
Control: severity -1 important Hi Uli, On Sun, Sep 19, 2021 at 10:22:43AM +0200, Uli Schlachter wrote: > I took a look at run.sh (the script that integration.sh actually runs) > and as far as I can tell, this script exited successfully. > > The end of [0] is: > > autopkgtest [19:16:07]: summary > integration.sh FAIL stderr: The XKEYBOARD keymap compiler > (xkbcomp) reports: > > So... is the autopkgtest failing because xkbcomp prints something on > stderr...? Not because something actually failed...? Yes, that is correct. The autopkgtest fails because it does not allow output on stderr, and recently xkbcomp started printing these errors. I don't fully understand why this is the case, it might also be related to some other x11-related library (in a previous similar case, also #953032, a rebuild of libx11 fixed it. Something similar is suggested in a upstream bug [0]). > If so, I wonder how this test ever passed. I don't think I ever xkbcomp > being quiet and not complaining about something. In the past it was actually the case that the whole test was stderr-clean (see old logs in [1]). :-) > Would "just pipe the output of xkbcomp to /dev/null" be a valid fix then? This problem could be fixed by either: 1) allowing stderr in the test run (adding the allow-stderr restriction in debian/tests/control). 2) filtering only these temporarily expected errors from stderr 3) getting rid of the whole xkbcomp output as you suggested, as it's unrelated to awesome functionality. 4) waiting until xkbcomp is fixed. I don't want to do 1 and 2, as 1 could hide other problems in the future, and 2 is just a hack for a temporary problem. So far I tried waiting for xkbcomp (#953032) to get fixed, as awesome is still working fine, and the failure should resolve itself eventually. If you as upstream think that xkbcomp's output is never relevant for the test suite result, we could apply your suggestion. Though so far I couldn't find where/how xkbcomp is invoked. If you have an idea, I could upload a fix. Though I also don't mind waiting for a fix in xkbcomp. @Paul / Release Team: I'm lowering the severity, as the failure is not a regression of awesome, but a test regression caused by another package. Solutions for this regression are mentioned above. If you disagree with the lowered severity, please raise it again. I will then filter/drop xkbcomp's output. Kind regards, Reiner [0] https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/137 [1] https://ci.debian.net/packages/a/awesome/ signature.asc Description: PGP signature
Bug#992908: awesome: autopkgtest regression between 20 and 23 August 2021: Could not resolve keysym
Hi,
I can reproduce the autopkgtest failure on my system after only
upgrading xkb-data from 2.29-2 to 2.33-1.
I noticed that the xkb-data build has been changed to meson [1], and
it is no longer instructed to install xfree86 symlinks.
And also according to a debdiff, xfree86-related symlinks are now
dropped:
> Files in first .deb but not in second
> -
> lrwxrwxrwx root/root /usr/share/X11/xkb/rules/xfree86 -> base
> lrwxrwxrwx root/root /usr/share/X11/xkb/rules/xfree86.lst -> base.lst
> lrwxrwxrwx root/root /usr/share/X11/xkb/rules/xfree86.xml -> base.xml
But even with manually restoring the symlinks, the errors still appear
("Could not resolve keysym XF86RightUp" etc).
@Timo, do you have an idea why XF86* keysyms are no longer available
with the new xkb-data?
The actual output on stderr seems to come from xkbcomp.
Kind regards,
Reiner
[1]
https://salsa.debian.org/xorg-team/data/xkeyboard-config/-/commit/89b2833a2271d5cac9ede6dfe506ae811db299fe
signature.asc
Description: PGP signature
Bug#992908: awesome: autopkgtest regression between 20 and 23 August 2021: Could not resolve keysym
Hi Paul, On Tue, Aug 24, 2021 at 10:56:25PM +0200, Paul Gevers wrote: > Your package has an autopkgtest, great! However, since this week > (somewhere between 20 August and 23 August 2021) it started to fail [1]. > Can you look at it and fix the situation? [...] > [1] https://ci.debian.net/packages/a/awesome/testing/amd64/ > > autopkgtest [13:23:59]: test integration.sh: [--- > awesome_log: /tmp/tmp.Tu7TMRXwgL/_awesome_test.log > The XKEYBOARD keymap compiler (xkbcomp) reports: > > Internal error: Could not resolve keysym XF86BrightnessAuto [...] > > Internal error: Could not resolve keysym XF86KbdLcdMenu5 Thanks for the information. At a first glance this looks very similar to a test failure from last year, which was caused by Xorg-related packages, see #953032. The bug has already been re-opened, as someone else also noticed that this issue re-appeared. Below is a diff of installed packages between runs [2] and [3]. I will try to figure out what exactly is causing it. Kind regards, Reiner [2] https://ci.debian.net/data/autopkgtest/testing/amd64/a/awesome/14741180/log.gz [3] https://ci.debian.net/data/autopkgtest/testing/amd64/a/awesome/14793442/log.gz @@ -16,25 +16,21 @@ gcc-10 10.2.1-6 gcc 4:10.2.1-1 gir1.2-atk-1.0 2.36.0-2 -gir1.2-freedesktop 1.66.1-1+b1 +gir1.2-freedesktop 1.68.0-2 -gir1.2-gdkpixbuf-2.0 2.42.2+dfsg-1 +gir1.2-gdkpixbuf-2.0 2.42.6+dfsg-2 -gir1.2-glib-2.0 1.66.1-1+b1 +gir1.2-glib-2.0 1.68.0-2 -gir1.2-gtk-3.0 3.24.24-4 +gir1.2-gtk-3.0 3.24.30-1 gir1.2-harfbuzz-0.0 2.7.4-1 gir1.2-pango-1.0 1.46.2-3 -glib-networking 2.66.0-2 -glib-networking-common 2.66.0-2 -glib-networking-services 2.66.0-2 groff-base 1.22.4-6 -gsettings-desktop-schemas 3.38.0-2 -gtk-update-icon-cache 3.24.24-4 +gtk-update-icon-cache 3.24.30-1 hicolor-icon-theme 0.17-2 libasan6 10.2.1-6 libatk1.0-0 2.36.0-2 libatk1.0-data 2.36.0-2 libatk-bridge2.0-0 2.38.0-1 libatomic1 10.2.1-6 -libatspi2.0-0 2.38.0-4 +libatspi2.0-0 2.40.3-3 libavahi-client3 0.8-5 libavahi-common3 0.8-5 libavahi-common-data 0.8-5 @@ -49,22 +45,22 @@ libcups2 2.3.3op2-3+deb11u1 libdatrie1 0.2.13-1 libdconf1 0.38.0-2 -libdeflate0 1.7-1 +libdeflate0 1.7-2 libdrm2 2.4.104-1 libdrm-amdgpu1 2.4.104-1 libdrm-common 2.4.104-1 libdrm-intel1 2.4.104-1 libdrm-nouveau2 2.4.104-1 libdrm-radeon1 2.4.104-1 -libepoxy0 1.5.5-1 +libepoxy0 1.5.8-1 libfontconfig1 2.13.1-4.2 libfontenc1 1:1.1.4-1 libfreetype6 2.10.4+dfsg-1 libfribidi0 1.0.8-2 libgcc-10-dev 10.2.1-6 -libgdk-pixbuf-2.0-0 2.42.2+dfsg-1 +libgdk-pixbuf-2.0-0 2.42.6+dfsg-2 -libgdk-pixbuf2.0-common 2.42.2+dfsg-1 +libgdk-pixbuf2.0-common 2.42.6+dfsg-2 -libgirepository-1.0-1 1.66.1-1+b1 +libgirepository-1.0-1 1.68.0-2 libgl1 1.3.2-1 libgl1-mesa-dri 20.3.5-1 libglapi-mesa 20.3.5-1 @@ -74,8 +70,8 @@ libglx-mesa0 20.3.5-1 libgomp1 10.2.1-6 libgraphite2-3 1.3.14-1 -libgtk-3-0 3.24.24-4 +libgtk-3-0 3.24.30-1 -libgtk-3-common 3.24.24-4 +libgtk-3-common 3.24.30-1 libharfbuzz0b 2.7.4-1 libice6 2:1.0.10-1 libicu67 67.1-7 @@ -83,8 +79,6 @@ libitm1 10.2.1-6 libjbig0 2.1-3.1+b2 libjpeg62-turbo 1:2.0.6-4 -libjson-glib-1.0-0 1.6.2-1 -libjson-glib-1.0-common 1.6.2-1 liblcms2-2 2.12~rc1-2 libllvm11 1:11.0.1-2 liblsan0 10.2.1-6 @@ -100,22 +94,17 @@ libpipeline1 1.5.3-1 libpixman-1-0 0.40.0-1 libpng16-16 1.6.37-3 -libproxy1v5 0.4.17-1 -libpsl5 0.21.0-1.2 libpthread-stubs0-dev 0.4-1 libquadmath0 10.2.1-6 -librest-0.7-0 0.8.1-1.1 libsensors5 1:3.6.0-7 libsensors-config 1:3.6.0-7 libsm6 2:1.2.3-1 -libsoup2.4-1 2.72.0-4 -libsoup-gnome2.4-1 2.72.0-4 libstartup-notification0 0.12-6+b1 libstdc++-10-dev 10.2.1-6 -libthai0 0.1.28-3 +libthai0 0.1.28-4 -libthai-data 0.1.28-3 +libthai-data 0.1.28-4 libtiff5 4.2.0-1 -libtirpc-dev 1.3.1-1 +libtirpc-dev 1.3.2-2 libtsan0 10.2.1-6 libubsan1 10.2.1-6 libuchardet0 0.0.7-1 @@ -192,7 +181,7 @@ menu 2.1.48 shared-mime-info 2.0-1 x11-apps 7.7+8 -x11-common 1:7.7+22 +x11-common 1:7.7+23 x11proto-dev 2020.1-1 x11-utils 7.7+5 x11-xkb-utils 7.7+5 @@ -201,8 +190,8 @@ xfonts-base 1:1.0.5 xfonts-encodings 1:1.0.4-2.1 xfonts-utils 1:7.7+6 -xkb-data 2.29-2 +xkb-data 2.33-1 xorg-sgml-doctools 1:1.11-1.1 xserver-common 2:1.20.11-1 -xterm 366-1 +xterm 368-2 xvfb 2:1.20.11-1 signature.asc Description: PGP signature
Bug#991335: unblock: supertuxkart (pre-approval)
Control: tags -1 - moreinfo Hi Sebastian, On Sun, Jul 25, 2021 at 04:50:17PM +0200, Sebastian Ramacher wrote: > Thanks, please go ahead. Once the new version is available in unstable, > please remove the moreinfo tag. the new version is now available in unstable. Thanks for the unblock approval! Kind regards, Reiner signature.asc Description: PGP signature
Bug#991335: unblock: supertuxkart (pre-approval)
td8/supertuxkart-1.2+ds/debian/asset-replacements/karts/sara_the_wizard/icon-sara.png and /tmp/JTPOFCV03m/supertuxkart-1.2+ds2/debian/asset-replacements/karts/sara_the_wizard/icon-sara.png differ Binary files /tmp/Bjy0baotd8/supertuxkart-1.2+ds/debian/asset-replacements/sfx/jump.ogg and /tmp/JTPOFCV03m/supertuxkart-1.2+ds2/debian/asset-replacements/sfx/jump.ogg differ Binary files /tmp/Bjy0baotd8/supertuxkart-1.2+ds/debian/asset-replacements/sfx/plopp.ogg and /tmp/JTPOFCV03m/supertuxkart-1.2+ds2/debian/asset-replacements/sfx/plopp.ogg differ Binary files /tmp/Bjy0baotd8/supertuxkart-1.2+ds/debian/asset-replacements/tracks/stk_enterprise/img_0572.png and /tmp/JTPOFCV03m/supertuxkart-1.2+ds2/debian/asset-replacements/tracks/stk_enterprise/img_0572.png differ diff -Nru supertuxkart-1.2+ds/debian/changelog supertuxkart-1.2+ds2/debian/changelog --- supertuxkart-1.2+ds/debian/changelog2021-01-30 16:44:06.0 +0100 +++ supertuxkart-1.2+ds2/debian/changelog 2021-07-25 12:48:11.0 +0200 @@ -1,3 +1,21 @@ +supertuxkart (1.2+ds2-1) unstable; urgency=medium + + * Team upload. + * Repack upstream tarball to drop non-free assets: (Closes: #990368) +- the karts beastie and hexley have been removed +- remove unused files with unknown license status: + roof_test.png, stone-gloss.jpg, window.png +- replace assets with unknown license status: + img_0572.png, icon-sara.png, jump.ogg, plopp.ogg + * d/copyright: Sync license and copyright information with upstream +stk-assets repo. Thanks to deve and benau for license investigations and +asset replacements. + * d/rules: Copy replaced assets into data directory. + * Cherry-pick upstream patches to keep network compatibility when official +karts are missing. + + -- Reiner Herrmann Sun, 25 Jul 2021 12:48:11 +0200 + supertuxkart (1.2+ds-2) unstable; urgency=medium * Team upload. diff -Nru supertuxkart-1.2+ds/debian/copyright supertuxkart-1.2+ds2/debian/copyright --- supertuxkart-1.2+ds/debian/copyright2021-01-30 16:44:06.0 +0100 +++ supertuxkart-1.2+ds2/debian/copyright 2021-07-25 12:48:11.0 +0200 @@ -15,6 +15,16 @@ lib/glew lib/libsquish lib/mcpp + data/karts/beastie + data/karts/hexley + data/tracks/stk_enterprise/img_0572.png + data/tracks/stk_enterprise/stone-gloss.jpg + data/tracks/stk_enterprise/window.png + data/library/stklib_aztecHouse_a/roof_test.png + data/sfx/jump.ogg + data/sfx/plopp.ogg + data/karts/sara_the_wizard/icon-sara.png + data/karts/sara_the_racer/icon-sara.png Files: * Copyright: 2006-2019 SuperTuxKart-Team @@ -180,8 +190,8 @@ 2015 Dawid Gan 2016 GaryShearer 2015 Thomas Glamsch -License: -Comment: Appears to be (partially) generated by a program, according to SVN log. +License: public-domain +Comment: generated images from Blender scene Files: data/supertuxkart.appdata.xml Copyright: SuperTuxKart Team @@ -225,16 +235,21 @@ Files: data/models/gift-loop-gloss.png Copyright: 2014 Marianne "Auria" Gagnon -License: +License: CC-BY-SA-3.0 Files: data/models/bubblegum-nolok.spm data/models/bubblegum-nolok-low.spm - data/models/bubblegum_nolok.jpg data/models/bubblegum_shield_nolok.spm data/models/bubblegum_shield_nolok.png Copyright: 2013 Marianne Gagnon -License: +License: CC-BY-SA-3.0 + +Files: data/models/bubblegum_nolok.jpg +Copyright: + 2013 MiniBjorn + 2013 Marianne Gagnon +License: CC-BY-SA-3.0 Files: data/models/bubblegum_shield.spm @@ -242,26 +257,22 @@ Copyright: 2013 johannesr1 2013 Marianne Gagnon -License: -Comment: Possibly ineligible for copyright protection since it's just a sphere and a single solid-color texture. +License: CC-BY-SA-3.0 Files: data/models/balldimpleddark.jpg Copyright: 2012 Hero License: CC-BY-SA-3.0 -Files: data/models/banana.spm +Files: + data/models/banana.spm + data/models/banana.png Copyright: 2008 Thomas Oppl (Horace) License: CC-BY-SA-3.0 - -Files: data/models/banana.png -Copyright: -License: -Comment: See r2366. Maybe by Thomas Oppl? Who knows? +Comment: See r2366. Files: data/models/bowling.spm Copyright: 2008, 2013 Marianne Gagnon -License: -Comment: Does this even qualify for copyright? It's just a textured icosphere. +License: CC-BY-SA-3.0 Files: data/models/christmas_hat.spm @@ -312,7 +323,7 @@ 2008 donconso 2009 MiniBjorn 2013 Jean-Manuel Clémençon -License: CC-BY-SA +License: CC-BY-SA-3.0 Comment: I don't know what MiniBjorn changed to put this under his choice of license... Jean-Manuel Clémençon redid the textures. @@ -362,10 +373,10 @@ Files: data/models/warning.png Copyright: 2008 Constantin Pelikan (donconso) -License: +License: CC-BY-SA-3.0 Files: data/models/zipper.png -Copyright: 2000 Steve Baker (?) +Copyright: 2000 Steve Baker License: GPL-2 Files: @@ -386,9 +397,9 @@ Comment: Excerpt (and, I think, amplif
Bug#990368: Supertuxkart has proprietary data
I have asked the release team in #991335 for pre-approval of a upstream tarball repack which removes the non-free karts, includes the suggested patches by upstream and will either clarify the remaining open copyright questions or replace the assets with alternatives. I'm currently in contact with an upstream contributor working with others on the license questions. Kind regards, Reiner signature.asc Description: PGP signature
Bug#991335: unblock: supertuxkart (pre-approval)
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team,
this is a request for pre-approval of a supertuxkart upload.
The upstream tarball of supertuxkart 1.2+ds-2 currently includes data
files that are not free (#990368). Additionaly the d/copyright file is
lacking license information for a few additional resources (only data files).
To fix this bug, the two non-free karts will get removed from the upstream
tarball. But as removal of these files would cause a regression in online
multiplayer games, upstream provided two patches (+1 patch that fixes a
memory leak in one of these patches) that keep network compatibility with
other players intact.
Additionaly I'm currently in contact with an upstream contributor who is
investigating the remaining copyright/license issues.
To fix them, the plan is to amend d/copyright where possible
(investigations are currently ongoing), or to replace unknown/non-free files
with free alternatives.
I noticed that supertuxkart is marked for autoremoval on August 3rd
currently, which is probably after the bullseye release.
Does this mean supertuxkart 1.2+ds-2 will be part of bullseye and can
then still be fixed by a stable-proposed-update? Or does the upload
and migration to bullseye have to happen before July 31st?
Below is the full list of files that would get removed from the upstream
tarball:
data/karts/beastie/beastie-icon.png
data/karts/beastie/beastie.spm
data/karts/beastie/beastie_kart_colorizationMask.png
data/karts/beastie/beastie_kart_diffuse.png
data/karts/beastie/beastie_kart_gloss.png
data/karts/beastie/beastie_kart_leftDoor.png
data/karts/beastie/beastie_kart_leftDoor_colorizationMask.png
data/karts/beastie/beastie_kart_leftDoor_gloss.png
data/karts/beastie/beastie_n_kart_wheel_colorizationMask.png
data/karts/beastie/beastie_n_kart_wheel_diffuse.png
data/karts/beastie/beastie_n_kart_wheel_gloss.png
data/karts/beastie/beastie_shadow.png
data/karts/beastie/beastie_texture.png
data/karts/hexley/hexley.spm
data/karts/hexley/hexley_dashboard_diffuse.png
data/karts/hexley/hexley_dashboard_gloss.png
data/karts/hexley/hexley_diffuse.png
data/karts/hexley/hexley_gloss.png
data/karts/hexley/hexley_kart_Normal.png
data/karts/hexley/hexley_kart_colorizationMask.png
data/karts/hexley/hexley_kart_diffuse.png
data/karts/hexley/hexley_kart_frontGlass.png
data/karts/hexley/hexley_kart_gloss.png
data/karts/hexley/hexley_shadow.png
data/karts/hexley/hexley_wheel_Normal.png
data/karts/hexley/hexley_wheel_colorizationMask.png
data/karts/hexley/hexley_wheel_diffuse.png
data/karts/hexley/hexley_wheel_gloss.png
data/karts/hexley/hexley_window.png
data/karts/hexley/hexleyicon.png
data/karts/hexley/hexleyicon32.png
Attached are the mentioned upstream patches.
Kind regards,
Reiner
From 851290d4c866130abb22ee61114016378af4cb45 Mon Sep 17 00:00:00 2001
From: Benau
Date: Sun, 18 Jul 2021 00:49:49 +0800
Subject: [PATCH] Add code to generate official karts list
---
data/official_karts.xml | 21 ++
sources.cmake| 2 +-
src/karts/official_karts.cpp | 128 +++
src/karts/official_karts.hpp | 20 ++
src/main.cpp | 9 +++
5 files changed, 179 insertions(+), 1 deletion(-)
create mode 100644 data/official_karts.xml
create mode 100644 src/karts/official_karts.cpp
create mode 100644 src/karts/official_karts.hpp
diff --git a/data/official_karts.xml b/data/official_karts.xml
new file mode 100644
index 000..671aadf369e
--- /dev/null
+++ b/data/official_karts.xml
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/sources.cmake b/sources.cmake
index d4f28ae4de4..ba4868d717e 100644
--- a/sources.cmake
+++ b/sources.cmake
@@ -1,5 +1,5 @@
# Modify this file to change the last-modified date when you add/remove a file.
-# This will then trigger a new cmake run automatically.
+# This will then trigger a new cmake run automatically.
file(GLOB_RECURSE STK_HEADERS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "src/*.hpp")
file(GLOB_RECURSE STK_SOURCES RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "src/*.cpp")
file(GLOB_RECURSE STK_SHADERS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "data/shaders/*")
diff --git a/src/karts/official_karts.cpp b/src/karts/official_karts.cpp
new file mode 100644
index 000..c8d7b9f38b7
--- /dev/null
+++ b/src/karts/official_karts.cpp
@@ -0,0 +1,128 @@
+#include "karts/official_karts.hpp"
+
+#include "karts/kart_properties_manager.hpp"
+#include "io/file_manager.hpp"
+#include "io/xml_node.hpp"
+#include "karts/kart_model.hpp"
+#include "karts/kart_properties.hpp"
+#include "utils/file_utils.hpp"
+#include "utils/log.hpp"
+#include "utils/vec3.hpp"
+
+#include
+#include
+#include
+#include
+
+namespace OfficialKarts
+{
+//
+struct OfficialKart
+{
+std::st
Bug#989746: musl: should include musl-fts
Hi Helmut, sorry for replying a bit late. On Fri, Jun 11, 2021 at 08:05:25PM +0200, Helmut Grohne wrote: > I've notices that musl lacks a #include that glibc provides. Of > course for every glibc header there is a user in Debian and it happens > that libselinux uses this. Obviously libselinux fails to build. Luckily, > we're not the first ones to notice this issue. All the other embedded > distros already know. Just why does musl lack it? The FAQ[1] has an > outdated answer. It's outdated, because glibc now provides fts64. > Anyway, the answer of other embedded distributions is a separate > musl-fts[2] that provides the missing functionality. > > I see basically two options now. One is that src:musl includes musl-fts > and that musl-dev also provides musl-fts. That would make things most > simple, because we don't get into any bootstrap dependency weirdness nor > any other issues. > > The other option is packaging musl-fts separately. New source package. > New binary package. fts.h users would likely have to depend on a new > libc-fts-dev virtual package provided by libc6-dev and musl-fts-dev. > > Do you have any preference here? Can you take care of musl-fts? Yes, my preference is including musl-fts in src:musl, as that is a simple solution and is also easy to undo once musl-fts gets merged upstream. A new source package for a .c and .h file is in my opinion a bit overkill. I will take care of it in the next upload, though I can't give you an exact timeline right now (probably at one of the coming weekends). Also thanks for poking upstream about this issue. Kind regards, Reiner signature.asc Description: PGP signature
Bug#968382: element-desktop: /var/lib/flatpak/exports/share/dconf/profile/user: Permission denied
Hi Hans, On Fri, Aug 14, 2020 at 07:57:00PM +0200, Hans-Christoph Steiner wrote: > Adding this to element-desktop.profile made the Permission denied error > go away, but it still didn't start: > > whitelist /var/lib/flatpak/exports/share/dconf/profile/user > > > So it seems the /dev/shm error is the notable one. I tried adding > "ignore nodbus" at the end of element-desktop.profile, at the beginning > of element-desktop.profile, and both. None of those changed the /dev/shm > error. And Element never started. I just upgraded element-desktop (to 1.7.30) and it seems to run fine with firejail now (tested with firejail 0.9.64.4). Do you still have problems with it? Kind regards, Reiner signature.asc Description: PGP signature
Bug#989223: vim: unavailable URL in README.Debian
Source: vim Version: 2:8.2.2434-3 Dear maintainer, README.Debian contains a link to http://pkg-vim.alioth.debian.org/vim-policy.html/ which is no longer available (does not resolve). Please update it with its new location. Kind regards, Reiner signature.asc Description: PGP signature
Bug#988502: fonts-terminus: version number in filename
Package: fonts-terminus Version: 1.1.1+git20200723-2 Hi, I noticed that the filename of the Terminus ttf file contains a version number: TerminusTTF-4.46.0.ttf This makes it difficult for other packages to depend on the font and symlink to it (as the version can easily change). Can you please use a stable filename without version number? Or is the version supposed to be fixed and will never change? Kind regards, Reiner signature.asc Description: PGP signature
Bug#987045: skypeforlinux fails to start using supplied profile
Hi Phil, On Wed, May 05, 2021 at 03:41:43PM +0200, phil.night...@gmail.com wrote: > Disable /var/cache/home/nightowl/chromium (requested > /home/nightowl/.cache/chromium) > Disable /var/cache/home/nightowl/keepassxc (requested > /home/nightowl/.cache/keepassxc) > Disable /var/cache/home/nightowl/mozilla (requested > /home/nightowl/.cache/mozilla) > Error: tmpfs outside $HOME is only available for root > Error: proc 7050 cannot sync with peer: unexpected EOF > Peer 7051 unexpectedly exited with status 1 the problem seems to be related to your specific setup. Somehow your ~/.cache/ is inside /var/cache (by using symlinks?)? The skypeforlinux profile includes the electron profile, which has the line: private-cache This asks firejail to create a private cache (~/.cache) directory, which is implemented by mounting a tmpfs directory over the original .cache directory. But as your .cache directory is not actually inside your home directory, firejail refuses to do that, because non-root users are not allowed to mount tmpfs directories outside their home. To keep your cache setup you can try the following: Create a file /etc/firejail/skypeforlinux.local and add the following line into it: ignore private-cache This will ask firejail while reading the profiles to ignore the "private-cache" setting. It should then no longer try to mount a tmpfs over it. (This will also cause your cache to be no longer private, i.e. skypeforlinux could read other cached files.) Kind regards, Reiner signature.asc Description: PGP signature
Bug#987045: skypeforlinux fails to start using supplied profile
Control: found -1 0.9.64.4-1 Hi Phil, On Fri, Apr 16, 2021 at 01:03:16PM +0200, Phil Nightowl wrote: > Launching skypeforlinux version 8.71.0.36 using supplied profile fails with > the following error: > > Error: tmpfs outside $HOME is only available for root > Error: proc 13576 cannot sync with peer: unexpected EOF > > Downgrading skype to 8.67.0.87 does not help, earlier versions are not > available any longer. > > I also tried disabling AppArmor as suggested in upstream's issue #2933 > (https://github.com/netblue30/firejail/issues/2933) by creating > /etc/firejail/skypeforlinux.local containing > > ignore apparmor > > This did not help for me, as in fact expected, since the errors mentioned > in that issue are different. > > I assume this has to be fixed upstream anyway. I'm not sure why it tries to use tmpfs outside home. Can you please show the output of "firejail --debug skypeforlinux"? Kind regards, Reiner signature.asc Description: PGP signature
Bug#986049: firejail: Chromium profile breaks webext-browserpass
Control: forwarded -1 https://github.com/netblue30/firejail/pull/4240 Hi Ralf, On Sun, Mar 28, 2021 at 06:53:50PM +0200, Ralf Jung wrote: > some time earlier this year, Chromium started to show an error message on > each start that the "browserpass" extension could not be properly loaded. > I finally got around to investigate this, and realized it is caused by > firejail: something changed in firejail or the extension, such that extension > paths are not longer available to chromium. thank you for the report. I was able to reproduce your observation and submitted a fix upstream. If you want to workaround it temporarily until it is fixed in a new version, you can add the following to /etc/firejail/chromium.local: whitelist /usr/share/mozilla/extensions Kind regards, Reiner signature.asc Description: PGP signature
Bug#947193: please coordinate the provider of crypt.h
Hi Helmut, Marco, during a discussion on IRC today another option has been presented. Upstream mentioned [0] some time ago that it is possible to link with libxcrypt without using musl's crypt functions: > You can just not install the musl crypt.h. > Linking libxcrypt should automatically cause > it to get used instead of the functions in libc. I like this option as it would allow programs using musl to also use newer crypt methods from libxcrypt. In order to prevent accidental usage of musl's crypt functions (e.g. by forgetting to pass -lcrypt), I will disable/remove the functions in libc.so. And additionaly musl's crypt.h will not be shipped. Kind regards, Reiner [0] https://www.openwall.com/lists/musl/2019/11/08/10 signature.asc Description: PGP signature
Bug#987490: falkon FTBFS: dh_install: error: missing files, aborting
Hi Georges, On Sun, Apr 25, 2021 at 05:48:47PM +0200, Georges Khaznadar wrote: > I believe that the bug is fixed with the newly uploaded release. > > Should I do something else to get falkon included in bullseye, or is it > enough to wait a few days? thanks for fixing it. You need to file an unblock request (reportbug release.debian.org) and attach a diff between the version in testing and unstable. If you prefer, I can also take care of that. Kind regards, Reiner signature.asc Description: PGP signature
Bug#957892: ucarp: ftbfs with GCC-10
Control: tags -1 + patch Hi, the attached patch fixes the FTBFS with GCC 10. Instead of creating a packed struct, the old code created a global variable named "__packed". Kind regards, Reiner --- ucarp-1.5.2.orig/src/ip_carp.h +++ ucarp-1.5.2/src/ip_carp.h @@ -70,7 +70,7 @@ u_int16_t carp_cksum; u_int32_t carp_counter[2]; unsigned char carp_md[20];/* SHA1 HMAC */ -} __packed; +} __attribute__ ((packed)); #define CARP_DFLTTL 255 signature.asc Description: PGP signature
Bug#957366: intercal: ftbfs with GCC-10
Control: forward -1 https://gitlab.com/esr/intercal/-/issues/4 Control: tags -1 + patch Hi, the attached patch fixes the FTBFS with GCC 10. Kind regards, Reiner diff -u intercal-0.30/debian/rules intercal-0.30/debian/rules --- intercal-0.30/debian/rules +++ intercal-0.30/debian/rules @@ -1,5 +1,6 @@ #!/usr/bin/make -f +export DEB_CFLAGS_MAINT_APPEND=-fno-toplevel-reorder DPKG_EXPORT_BUILDFLAGS=1 include /usr/share/dpkg/buildflags.mk only in patch2: unchanged: --- intercal-0.30.orig/src/perpet.c +++ intercal-0.30/src/perpet.c @@ -85,7 +85,7 @@ /* function created by yacc */ extern int yyparse(void); -int yydebug; +extern int yydebug; /* compilation options */ bool compile_only; /* just compile into C, don't run the linker */ signature.asc Description: PGP signature
Bug#987539: RM: mozplugger -- RoQA; unmaintained, broken
Package: ftp.debian.org Severity: normal Hi, please remove mozplugger from the archive. It is orphaned since 2013 and has seen no update since then. It has an RC bug since 2018, as it is not working with new browsers. Modern browsers already provide its functionality out of the box (embedded viewing of PDFs, videos etc.). Kind regards, Reiner
Bug#987490: falkon FTBFS: dh_install: error: missing files, aborting
Hi Georges, On Sat, Apr 24, 2021 at 05:56:45PM +0300, Adrian Bunk wrote: > ... >dh_install -a > dh_install: warning: Cannot find (any matches for) "usr/bin" (tried in ., > debian/tmp) > > dh_install: warning: falkon missing files: usr/bin > dh_install: warning: Cannot find (any matches for) "usr/lib/*-linux-gnu*/*" > (tried in ., debian/tmp) > > dh_install: warning: falkon missing files: usr/lib/*-linux-gnu*/* > dh_install: warning: Cannot find (any matches for) "usr/share" (tried in ., > debian/tmp) > > dh_install: warning: falkon missing files: usr/share > dh_install: error: missing files, aborting > make: *** [debian/rules:15: binary-arch] Error 25 > sorry, my patch for #987455 was incomplete. Now that falkon is the only binary package, cmake will directly install into debian/falkon/ (instead of debian/tmp). This also means that debian/falkon.install is now unnecessary, as the contents of debian/falkon/ will be packed into the package. I quickly tested building it with the .install file removed and compared the resulting .deb package with debdiff. The file list is identical with falkon 3.1.0+dfsg1-9. Kind regards, Reiner signature.asc Description: PGP signature
Bug#987483: RM: pdmenu -- RoQA; unmaintained, no longer useful
Package: ftp.debian.org Severity: normal Hi, please remove pdmenu from the archive. Its last upload was in 2014, when it was orphaned. And its main purpose is to use the obsolete menu system. As most packages have migrated to .desktop files, it is no longer very useful. Kind regards, Reiner signature.asc Description: PGP signature
Bug#987168: fluidsynth: diff for NMU version 2.1.7-1.1
Control: tags 987168 + patch
Control: tags 987168 + pending
Dear maintainer,
I've prepared an NMU for fluidsynth (versioned as 2.1.7-1.1) and
uploaded it to DELAYED/3. Please feel free to tell me if I
should delay it longer.
Regards,
Reiner
diff -Nru fluidsynth-2.1.7/debian/changelog fluidsynth-2.1.7/debian/changelog
--- fluidsynth-2.1.7/debian/changelog 2021-02-09 21:43:23.0 +0100
+++ fluidsynth-2.1.7/debian/changelog 2021-04-24 13:37:51.0 +0200
@@ -1,3 +1,11 @@
+fluidsynth (2.1.7-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Import patch that fixes use-after-free vulnerability. (CVE-2021-28421)
+(Closes: #987168)
+
+ -- Reiner Herrmann Sat, 24 Apr 2021 13:37:51 +0200
+
fluidsynth (2.1.7-1) unstable; urgency=medium
* New upstream version 2.1.7
diff -Nru fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch
--- fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch 1970-01-01 01:00:00.0 +0100
+++ fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch 2021-04-24 13:35:20.0 +0200
@@ -0,0 +1,84 @@
+From 005719628aef0bd48dc7b2f860c7e4ca16b81044 Mon Sep 17 00:00:00 2001
+From: Tom M
+Date: Mon, 15 Mar 2021 20:12:51 +0100
+Subject: [PATCH] Invalid generators were not removed from zone list (#810)
+Bug: https://github.com/FluidSynth/fluidsynth/issues/808
+Bug-Debian: https://bugs.debian.org/987168
+
+fluid_list_remove() should receive the beginning of a list, so it can adjust the predecessor of the element to be removed. Otherwise the element would remain in the list, which in this case led to a use-after-free afterwards.
+---
+ src/sfloader/fluid_sffile.c | 20
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/sfloader/fluid_sffile.c b/src/sfloader/fluid_sffile.c
+index 001a0a0a4..47ab98d97 100644
+--- a/src/sfloader/fluid_sffile.c
b/src/sfloader/fluid_sffile.c
+@@ -1355,7 +1355,7 @@ static int load_pmod(SFData *sf, int size)
+ * --- */
+ static int load_pgen(SFData *sf, int size)
+ {
+-fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
++fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
+ SFZone *z;
+ SFGen *g;
+ SFGenAmount genval;
+@@ -1369,7 +1369,7 @@ static int load_pgen(SFData *sf, int size)
+ /* traverse through all presets */
+ gzone = FALSE;
+ discarded = FALSE;
+-p2 = ((SFPreset *)(p->data))->zone;
++start_of_zone_list = p2 = ((SFPreset *)(p->data))->zone;
+
+ if(p2)
+ {
+@@ -1516,11 +1516,13 @@ static int load_pgen(SFData *sf, int size)
+ }
+ else
+ {
++p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
+ FLUID_LOG(FLUID_WARN, "Preset '%s': Discarding invalid global zone",
+ ((SFPreset *)(p->data))->name);
+-*hz = fluid_list_remove(*hz, p2->data);
+-delete_zone((SFZone *)fluid_list_get(p2));
++fluid_list_remove(start_of_zone_list, z);
++delete_zone(z);
++continue;
+ }
+ }
+
+@@ -1864,7 +1866,7 @@ static int load_imod(SFData *sf, int size)
+ /* load instrument generators (see load_pgen for loading rules) */
+ static int load_igen(SFData *sf, int size)
+ {
+-fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
++fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
+ SFZone *z;
+ SFGen *g;
+ SFGenAmount genval;
+@@ -1878,7 +1880,7 @@ static int load_igen(SFData *sf, int size)
+ /* traverse through all instruments */
+ gzone = FALSE;
+ discarded = FALSE;
+-p2 = ((SFInst *)(p->data))->zone;
++start_of_zone_list = p2 = ((SFInst *)(p->data))->zone;
+
+ if(p2)
+ {
+@@ -2024,11 +2026,13 @@ static int load_igen(SFData *sf, int size)
+ }
+ else
+ {
++p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
+ FLUID_LOG(FLUID_WARN, "Instrument '%s': Discarding invalid global zone",
+ ((SFInst *)(p->data))->name);
+-*hz = fluid_list_remove(*hz, p2->data);
+-delete_zone((SFZone *)fluid_list_get(p2));
++fluid_list_remove(start_of_zone_list, z);
++delete_zone(z);
++continue;
+ }
+ }
+
diff -Nru fluidsynth-2.1.7/debian/patches/series fluidsynth-
Bug#987471: unblock: fluidsynth/2.1.7-1.1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: utka...@debian.org, debian-multime...@lists.debian.org
Please unblock package fluidsynth
I intend to NMU version 2.1.7-1.1 to DELAYED/3, which imports
an upstream security fix.
[ Reason ]
The package has a use-after-free vulnerability.
[ Impact ]
Arbitrary code execute or denial of service.
[ Tests ]
I tested that it compiles, installs and tested running it
against the vulnerable example file from the upstream bug
tracker. With the patch applied, it no longer crashes.
unblock fluidsynth/2.1.7-1.1
diff -Nru fluidsynth-2.1.7/debian/changelog fluidsynth-2.1.7/debian/changelog
--- fluidsynth-2.1.7/debian/changelog 2021-02-09 21:43:23.0 +0100
+++ fluidsynth-2.1.7/debian/changelog 2021-04-24 13:37:51.0 +0200
@@ -1,3 +1,11 @@
+fluidsynth (2.1.7-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Import patch that fixes use-after-free vulnerability. (CVE-2021-28421)
+(Closes: #987168)
+
+ -- Reiner Herrmann Sat, 24 Apr 2021 13:37:51 +0200
+
fluidsynth (2.1.7-1) unstable; urgency=medium
* New upstream version 2.1.7
diff -Nru fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch
--- fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch 1970-01-01 01:00:00.0 +0100
+++ fluidsynth-2.1.7/debian/patches/CVE-2021-28421.patch 2021-04-24 13:35:20.0 +0200
@@ -0,0 +1,84 @@
+From 005719628aef0bd48dc7b2f860c7e4ca16b81044 Mon Sep 17 00:00:00 2001
+From: Tom M
+Date: Mon, 15 Mar 2021 20:12:51 +0100
+Subject: [PATCH] Invalid generators were not removed from zone list (#810)
+Bug: https://github.com/FluidSynth/fluidsynth/issues/808
+Bug-Debian: https://bugs.debian.org/987168
+
+fluid_list_remove() should receive the beginning of a list, so it can adjust the predecessor of the element to be removed. Otherwise the element would remain in the list, which in this case led to a use-after-free afterwards.
+---
+ src/sfloader/fluid_sffile.c | 20
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/sfloader/fluid_sffile.c b/src/sfloader/fluid_sffile.c
+index 001a0a0a4..47ab98d97 100644
+--- a/src/sfloader/fluid_sffile.c
b/src/sfloader/fluid_sffile.c
+@@ -1355,7 +1355,7 @@ static int load_pmod(SFData *sf, int size)
+ * --- */
+ static int load_pgen(SFData *sf, int size)
+ {
+-fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
++fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
+ SFZone *z;
+ SFGen *g;
+ SFGenAmount genval;
+@@ -1369,7 +1369,7 @@ static int load_pgen(SFData *sf, int size)
+ /* traverse through all presets */
+ gzone = FALSE;
+ discarded = FALSE;
+-p2 = ((SFPreset *)(p->data))->zone;
++start_of_zone_list = p2 = ((SFPreset *)(p->data))->zone;
+
+ if(p2)
+ {
+@@ -1516,11 +1516,13 @@ static int load_pgen(SFData *sf, int size)
+ }
+ else
+ {
++p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
+ FLUID_LOG(FLUID_WARN, "Preset '%s': Discarding invalid global zone",
+ ((SFPreset *)(p->data))->name);
+-*hz = fluid_list_remove(*hz, p2->data);
+-delete_zone((SFZone *)fluid_list_get(p2));
++fluid_list_remove(start_of_zone_list, z);
++delete_zone(z);
++continue;
+ }
+ }
+
+@@ -1864,7 +1866,7 @@ static int load_imod(SFData *sf, int size)
+ /* load instrument generators (see load_pgen for loading rules) */
+ static int load_igen(SFData *sf, int size)
+ {
+-fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
++fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
+ SFZone *z;
+ SFGen *g;
+ SFGenAmount genval;
+@@ -1878,7 +1880,7 @@ static int load_igen(SFData *sf, int size)
+ /* traverse through all instruments */
+ gzone = FALSE;
+ discarded = FALSE;
+-p2 = ((SFInst *)(p->data))->zone;
++start_of_zone_list = p2 = ((SFInst *)(p->data))->zone;
+
+ if(p2)
+ {
+@@ -2024,11 +2026,13 @@ static int load_igen(SFData *sf, int size)
+ }
+ else
+ {
++p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
+ FLUID_LOG(FLUID_WARN, "Instrument '%s': Discarding invalid global zone",
+ ((SFInst *)(p-&g
Bug#987455: falkon-plugin-wallet is empty
Control: tags -1 + patch
I think falkon-plugin-wallet can/should be dropped. The main falkon binary
package now includes KDEFrameworksIntegration.so, which seems to be the
plugin for KDE/KWallet integration.
debian/rules also tries to install GnomeKeyringPasswords.so, which
requires gnome-keyring-1.pc to build. But this is no longer available
in the archive.
The attached patch drops the unused falkon-plugin-wallet package,
and also old transitional packages that are no longer required.
Regards,
Reiner
diff --git a/debian/control b/debian/control
index 99e1b87..ab7f904 100644
--- a/debian/control
+++ b/debian/control
@@ -41,7 +41,6 @@ Depends: libqt5sql5-sqlite,
Conflicts: qupzilla (<< 3.0.0~)
Replaces: qupzilla (<< 3.0.0~)
Provides: www-browser
-Recommends: falkon-plugin-wallet
Suggests: qtwebengine5-dev-tools
Description: lightweight web browser based on Qt WebEngine
Falkon is a new and very fast Qt Webengine browser. It aims to be a
@@ -52,30 +51,3 @@ Description: lightweight web browser based on Qt WebEngine
that, you can manage RSS feeds with an included RSS reader, block ads
with a builtin AdBlock plugin, block Flash content with Click2Flash
and edit the local CA Certificates database with an SSL Manager.
-
-Package: falkon-plugin-wallet
-Architecture: amd64 arm64 armhf i386 mipsel
-Depends: ${misc:Depends}, ${shlibs:Depends}
-Conflicts: qupzilla-plugin-wallet (<< 3.0.0~)
-Replaces: qupzilla-plugin-wallet (<< 3.0.0~)
-Description: adds password management to Falkon
- Falkon is a new and very fast Qt Webengine browser. It aims to be a
- lightweight web browser available through all major platforms.
- .
- This plugin allows one to let KWallet manage the saved passwords.
-
-Package: qupzilla
-Depends: falkon, ${misc:Depends}
-Architecture: amd64 arm64 armhf i386 mipsel
-Section: oldlibs
-Priority: optional
-Description: transitional package for qupzilla
- This is a transitional package. It can safely be removed.
-
-Package: qupzilla-plugin-kwallet
-Depends: falkon-plugin-wallet, ${misc:Depends}
-Architecture: amd64 arm64 armhf i386 mipsel
-Section: oldlibs
-Priority: optional
-Description: transitional package for qupzilla-plugin-kwallet
- This is a transitional package. It can safely be removed.
diff --git a/debian/rules b/debian/rules
index ce4b008..5b04c5d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -29,15 +29,3 @@ override_dh_auto_clean:
# remove eventually previously created symlinks
rm -f src/lib/data/html/jquery.js src/lib/data/html/jquery-ui.js
dh_auto_clean
-
-override_dh_install:
- dh_install
- # move some plugins to the separate package falkon-plugin-wallet
- for f in KWalletPasswords.so GnomeKeyringPasswords.so; do \
- found=$$(find debian/falkon -name $$f); \
- if [ -n "$${found}" ]; then \
- dest=$$(echo $${found} | sed 's%debian/falkon%debian/falkon-plugin-wallet%'); \
- mkdir -p $$(dirname $${dest}); \
- mv $${found} $$(dirname $${dest}); \
- fi; \
- done
signature.asc
Description: PGP signature
Bug#986747: unblock: bouncy/0.6.20071104-8
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package bouncy
[ Reason ]
A missing dependency on a python3 module prevented the program from starting.
[ Impact ]
Without python3-future installed, bouncy does not start and the user
would need to install the missing dependency manually.
[ Tests ]
I tested running the program with and without the new dependency
and can confirm that it does not start without it, and starts/runs
successfully with it.
[ Risks ]
Low risk, no code changes, only new runtime dependency.
unblock bouncy/0.6.20071104-8
diff -Nru bouncy-0.6.20071104/debian/changelog
bouncy-0.6.20071104/debian/changelog
--- bouncy-0.6.20071104/debian/changelog2019-09-15 18:17:45.0
+0200
+++ bouncy-0.6.20071104/debian/changelog2021-04-10 15:55:51.0
+0200
@@ -1,3 +1,12 @@
+bouncy (0.6.20071104-8) unstable; urgency=medium
+
+ * Team upload.
+ * Add dependency on python3-future.
+Thanks to Jérôme Bouat for the report, Hans Joachim Desserud for the fix.
+(Closes: #986577) (LP: #1922504)
+
+ -- Reiner Herrmann Sat, 10 Apr 2021 15:55:51 +0200
+
bouncy (0.6.20071104-7) unstable; urgency=medium
* Team upload.
diff -Nru bouncy-0.6.20071104/debian/control bouncy-0.6.20071104/debian/control
--- bouncy-0.6.20071104/debian/control 2019-09-15 18:17:45.0 +0200
+++ bouncy-0.6.20071104/debian/control 2021-04-10 15:55:51.0 +0200
@@ -21,6 +21,7 @@
Architecture: all
Depends:
fonts-dejavu-core,
+ python3-future,
python3-opengl,
python3-pygame,
${misc:Depends},
Bug#986578: nethack-console: ncurses not enabled in build
Hi Tobias,
$ NETHACKOPTIONS=windowtype:curses nethack
this worked here for me with only nethack-console being installed.
Then I installed also nethack-x11 and got the same error as you.
Though when directly invoking nethack-console, it still works:
$ NETHACKOPTIONS=windowtype:curses nethack-console
(When starting it via .desktop it should also work, as this
executes nethack-console)
I think the problem is that nethack-x11 has a higher alternative
priority for "nethack", and the wrapper script
(/usr/lib/games/nethack/nethack-x11.sh or
/usr/lib/games/nethack/nethack-x11-tty.sh)
calls the nethack-x11 binary which does not have ncurses support
enabled. (And I'm not sure if nethack-x11/-qt should support it.)
Other frontends have a similar problem.
E.g. when nethack-qt and nethack-x11 are installed and you try to start
the Qt version:
$ NETHACKOPTIONS=windowtype:qt nethack
* Window type qt not recognized. Choices are: tty, X11.
I'm not sure if you are supposed so set this option.
Is this documented somewhere?
When you want to choose a different frontend you could
just run the wrapper scripts (nethack-{console,x11,qt}).
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#986309: surf: Please update embedded copy of the AppArmor gstreamer abstraction
Hi intrigeri, On Fri, Apr 02, 2021 at 09:39:32PM +0200, intrig...@debian.org wrote: > This autopkgtest: > > Test-Command: cmp /etc/apparmor.d/abstractions/surf-gstreamer > /etc/apparmor.d/abstractions/gstreamer > > … fails since I've uploaded apparmor-profiles-extra 1.32, > which modifies /etc/apparmor.d/abstractions/gstreamer. > > This blocks the migration of apparmor-profiles-extra to testing. > > Could you please update your copy of that file? Thanks for the notice. I just uploaded a new revision which includes your updated file. > (Longer term, this makes me less convinced that the strategy chosen in > #901416 and #912026 a few years back is ideal. If you'd like to > re-consider this, e.g. to replace the copied abstraction with > a dependency on apparmor-profiles-extra at some point, let me know if > there's anything you need from me.) I don't really want to add a dependency, as surf is perfectly usable without AppArmor. I also think the current solution is not ideal, but so far the updates to the gstreamer abstraction were rare, and thanks to autopkgtest quickly detectable. Let's keep the current state for now. :-) Kind regards, Reiner signature.asc Description: PGP signature
Bug#983746: firejail: with --private=, an existing "bin" directory is read-only
Control: forward -1 https://github.com/netblue30/firejail/issues/4026
Control: severity -1 normal
Hi Vincent,
On Tue, Mar 02, 2021 at 12:22:09AM +0100, Vincent Lefevre wrote:
> This is misused in the case of a private home directory. This rule
> should apply against the original home directory, not the private
> home directory.
>
> The same should apply to all the other "read-only ${HOME}/..." rules
> as well.
I've raised the question upstream what the intended behaviour of ${HOME}
is, whether is should apply to the private home as well or not.
I can imagine that one would also be interested in having ${HOME} rules
apply to the private directory. You could still have sensitive files
inside a private home directory that you want to protect from
processes running in there.
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#983746: firejail: with --private=, an existing "bin" directory is read-only
Hi Vincent,
On Mon, Mar 01, 2021 at 02:49:32AM +0100, Vincent Lefevre wrote:
> When using --private=, an existing "bin" directory in
> is read-only. This is silly: this means that one cannot restart
> a firejail session:
>
[...]
>
> I don't see the point to have "bin" read-only in this case, as the
> purpose of "--private=" is that this "bin" directory is specific to
> the firejail session.
The reason why the bin directory is mounted read-only is the
disable-common.inc file that is included in the default and many other
profiles:
read-only ${HOME}/bin
It's writable the first time, because it does not exist yet when the
jail is created.
If you want to allow writing in this directory, you can add a local
override in the file /etc/firejail/disable-common.local with this line:
ignore read-only ${HOME}/bin
Alternatively you can create your own profile that does not include
disable-common.inc.
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#968551: whitelist also doesn't help
Control: forwarded -1 https://github.com/netblue30/firejail/issues/3982 Hi Hans, I tried to reproduce your issue with Firefox and Thunderbird, but I was not successful so far with reproducing it. I also opened Firefox with firejail, but then I can open websites in new tabs in the running session by clicking links in a firejailed Thunderbird, or with the commands you provided. (firejail --profile=thunderbird xdg-open https://f-droid.org) I tried it with 0.9.64 and 0.9.64.4. A similar report exists upstream, but there is also no solution currently. Regards, Reiner signature.asc Description: PGP signature
Bug#982029: imgui: crash with floating point exception
Source: imgui
Version: 1.79+ds-1
Severity: serious
Hi,
I tried to build an application that uses imgui, but it crashes
with a "Floating point exception".
Then I tried to build the examples included in the libimgui-dev package
and noticed that they crash as well in the same function.
Steps to reproduce:
$ mkdir /tmp/imgui
$ cp
/usr/share/doc/libimgui-dev/examples/{example_null/main.cpp,imgui_impl_opengl3.*}
/tmp/imgui/
$ cd /tmp/imgui
$ g++ main.cpp imgui_impl_opengl3.cpp $(pkg-config imgui glew stb --cflags
--libs)
$ ./a.out
Floating point exception
$ gdb ./a.out
(gdb) run
Starting program: /tmp/imgui/a.out
Program received signal SIGFPE, Arithmetic exception.
0x77e2773f in stbrp__skyline_find_best_pos (height=64, width=64,
c=0x5560fbb0) at stb_rect_pack.c:350
350 stb_rect_pack.c: No such file or directory.
(gdb) bt
#0 0x77e2773f in stbrp__skyline_find_best_pos (height=64, width=64,
c=0x5560fbb0) at stb_rect_pack.c:350
#1 stbrp__skyline_pack_rectangle (height=64, width=65, context=0x5560fbb0)
at stb_rect_pack.c:447
#2 stbrp_pack_rects (context=0x5560fbb0, rects=0x5560fde0,
num_rects=2) at stb_rect_pack.c:563
#3 0x55596563 in ImFontAtlasBuildPackCustomRects(ImFontAtlas*, void*)
()
#4 0x555999e8 in ImFontAtlasBuildWithStbTruetype(ImFontAtlas*) ()
#5 0x5559a53f in ImFontAtlas::GetTexDataAsAlpha8(unsigned char**,
int*, int*, int*) ()
#6 0x5559a5f5 in ImFontAtlas::GetTexDataAsRGBA32(unsigned char**,
int*, int*, int*) ()
#7 0x7e15 in main ()
(gdb) p *c
$1 = {
width = 511,
height = 32767,
align = 0,
init_mode = 0,
heuristic = 0,
num_nodes = 21845,
active_head = 0x211,
free_head = 0x77ab1be0 ,
extra = {{
x = 7136,
y = 63403,
next = 0x0
}, {
x = 0,
y = 0,
next = 0x41077b4210bb410f
}}
}
stb_rect_pack.h from libstb-dev (0.0~git20200713.b42009b-1) contains the
function stbrp__skyline_find_best_pos:
static stbrp__findresult stbrp__skyline_find_best_pos(stbrp_context *c, int
width, int height)
{
...
width -= width % c->align;
As seen above in gdb, c->align is 0, so this line will cause a division by zero,
which triggers the exception.
I'm not sure if the problem is really in imgui which does not initialize the
stb context properly, or if it's a problem in libstb.
Kind regards,
Reiner
signature.asc
Description: PGP signature
Bug#980487: pipewire: multiarch for pipewire-audio-client-libraries
Package: pipewire-audio-client-libraries Version: 0.3.19-2 Severity: wishlist Hi, the pipewire-audio-client-libraries package currently ships libraries like: /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_ctl_pipewire.so /usr/lib/x86_64-linux-gnu/alsa-lib/libasound_module_pcm_pipewire.so /usr/lib/x86_64-linux-gnu/pipewire-0.3/jack/libjack.so.0.319.0 /usr/lib/x86_64-linux-gnu/pipewire-0.3/jack/libjacknet.so.0.319.0 /usr/lib/x86_64-linux-gnu/pipewire-0.3/jack/libjackserver.so.0.319.0 It would nice if the package was multiarch-installable, so that it's possible to install the i386 versions of these libraries as well (to use pipewire with i386 binaries playing sound via alsa). This is currently not possible because of /usr/bin/pw-jack. Could this binary maybe also be moved to pipewire-bin? Kind regards, Reiner signature.asc Description: PGP signature
Bug#980308: ITP: open-roms -- ROM files for retro computers
Hi László, On Sun, Jan 17, 2021 at 07:03:06PM +0100, László Böszörményi wrote: > On Sun, Jan 17, 2021 at 5:21 PM Reiner Herrmann wrote: > > * Package name: open-roms > [...] > > With these ROM files in main, this would also allow vice (maintainer CC'ed) > > to move from contrib to main, as it can then be used meaningfully with only > > free software. > Good point! I don't know when they can finish with C64 kernal and > basic ROMs, but I guess it will take time. :( > Ping me if you have anything to share. The ROMs are actually already quite usable. The kernal has most features implemented, but in basic some commands are still missing. But it is sufficient to already run several games with it. If you want to give it a try, the package is available on salsa: https://salsa.debian.org/reiner/open-roms The package will install these three files: /usr/share/open-roms/C64/basic /usr/share/open-roms/C64/chargen /usr/share/open-roms/C64/kernal To use them with vice: $ x64 -basic /usr/share/open-roms/C64/basic -kernal /usr/share/open-roms/C64/kernal -chargen /usr/share/open-roms/C64/chargen Kind regards, Reiner signature.asc Description: PGP signature
Bug#980308: ITP: open-roms -- ROM files for retro computers
Package: wnpp Severity: wishlist Owner: Reiner Herrmann X-Debbugs-Cc: debian-de...@lists.debian.org, g...@debian.org * Package name: open-roms Version : git snapshot Upstream Author : Roman Standzikowski, Paul Gardner-Stephen * URL : https://github.com/MEGA65/open-roms * License : LGPL-3+ Programming Lang: 6502 assembly Description : ROM files for retro computers Using emulators for old retro computers (like the Commodore 64) requires code and data (kernal, basic, characters sets) that was stored in their ROM chips. . This project contains reverse-engineered fully open-source ROMs that can be used with emulators. . Currently the only supported platform is the C64, but as the code is very modular, support for additional platforms might be added in the future. I tested the ROMs with a couple of games/applications, and many were already working fine (though some are not starting or crashing). With these ROM files in main, this would also allow vice (maintainer CC'ed) to move from contrib to main, as it can then be used meaningfully with only free software. signature.asc Description: PGP signature
Bug#969885: megadown: [python] is required and it's not installed
Control: severity -1 grave Raising the severity, as the package is currently not usable. signature.asc Description: PGP signature
Bug#978647: [Pkg-matrix-maintainers] Bug#978647: matrix-mirage: wrong config path in README.Debian
Hi Jonas, On Tue, Dec 29, 2020 at 07:02:07PM +0100, Jonas Smedegaard wrote: > > > On Debian, binary is renamed to "matrix-mirage". > > > Correspondingly, config path is changed to "$XDG_CONFIG_HOME/mirage/". > > > > But the config path is actually also different. On my system the > > configuration is stored in "$XDG_CONFIG_HOME/matrix-mirage/". > > Whoops, that's a typo: The intended message is that config path is > changed too - but then I accidentally pased the old path without editing > it. I also just noticed two mirage-related cache directories. I have one directory ~/.cache/matrix-mirage, but also ~/.cache/mirage which contains qmlcache files. Maybe the path needs to be adjusted in another place as well. Kind regards, Reiner signature.asc Description: PGP signature
Bug#978647: matrix-mirage: wrong config path in README.Debian
Package: matrix-mirage Version: 0.6.4~dfsg+~hsluv1.0.0-2+b2 Severity: minor Dear maintainer, the README.Debian file mentions: > On Debian, binary is renamed to "matrix-mirage". > Correspondingly, config path is changed to "$XDG_CONFIG_HOME/mirage/". But the config path is actually also different. On my system the configuration is stored in "$XDG_CONFIG_HOME/matrix-mirage/". Kind regards, Reiner signature.asc Description: PGP signature
Bug#978554: vice: no man page installed
Package: vice Version: 3.5.0.dfsg-1 Dear maintainer, I noticed that since 3.5.0.dfsg-1 the vice manpage is no longer included. The symlinks from e.g. x64.1.gz to vice.1.gz are still there, but the file vice.1.gz is missing. Also the other manpages from 3.4.0.dfsg-1 are missing: c1541.1.gz, cartconv.1.gz, petcat.1.gz I also noticed that the ROM images are now in /usr/share/vice instead of /usr/lib/vice. I have now manually copied them as documented, but I'm wondering what will happen when I upgrade vice. As some "dummy" files are now part of the package, they will probably get overwritten again with each update, so I have to copy them over again. Is this still the recommended way (as documented in README.ROMs)? Thanks and kind regards, Reiner signature.asc Description: PGP signature
Bug#977455: firejail-profiles: media keys do not work with rhythmbox
Hi Hans, On Tue, Dec 15, 2020 at 11:12:58AM +0100, Hans-Christoph Steiner wrote: > When starting rhythmbox under firejail, the Play/Pause, Previous, and > Skip media keys to not work. They work fine when starting rhythmbox > without firejail. This is on a Dell laptop, and the keys work out of > box without extra configuration. > > My guess is this is due to dbus restrictions. I have forwarded your problem upstream and asked for suggestions [0], as I'm not able to reproduce it (I don't have a keyboard with multimedia keys). To figure out if really dbus is the problem, rusty-snake suggested to try: > $ firejail --ignore="dbus-user filter" rhythmbox Can you please check if that fixes your problem? Another idea by rusty-snake was: > MPRIS is implemented via plugin. Maybe firejail blocks > loading,enabling,executing,... of it I assume you don't have any local/global overrides that could mess with it? Kind regards, Reiner [0] https://github.com/netblue30/firejail/issues/3822 signature.asc Description: PGP signature
Bug#976654: pipewire: please provide pipewire-pulse
Hi, I just noticed that pipewire-pulse is only available in a newer upstream version (since 0.3.16). I manually built 0.3.17 with pipewire-pulse and was able to use it successfully as PulseAudio-replacement. Kind regards, Reiner signature.asc Description: PGP signature
