Bug#1081794: E: /usr/bin/ssh-askpass[39]: too many open files (3 -> 212): Success

[Thorsten Glaser]

Hi Timo,

>$ ssh-keygen -t ed25519 -f /tmp/test
>$ ssh-add /tmp/test < /dev/null
>E: /usr/bin/ssh-askpass[39]: too many open files (3 -> 212): Success
>$ echo $?
>1
>
>key is not added to the agent

this is quite puzzling.

First guess: is $DISPLAY set and points to a usable X11 server?

Second guess: /usr/bin/pinentry points to a real one, not to
pinentry-kwallet, right? (Otherwise, there can be recursion.)

Third… please put “set -xv” in the top of the script and retry,
for debugging. Out of ideas, otherwise.

Thanks,
//mirabilos
-- 
15:39⎜«mika:#grml» mira|AO: "mit XFree86® wär’ das nicht passiert" - muhaha
15:48⎜ also warum machen die xorg Jungs eigentlich alles
kaputt? :)15:49⎜ thkoehler: weil sie als Kinder nie den
gebauten Turm selber umschmeissen durften?  -- ~/.Xmodmap wonders…

Bug#1081501: musescore3: Buttons too big

[Thorsten Glaser]

On Thu, 12 Sep 2024, Paul Menzel wrote:

> Using Debian sid/unstable with *gnome-shell* 47~rc-3 from the suite
> *experimental*, and scaling the screen content to 200 %, the buttons
> are too big in MuseScore as seen in the attachment.

Hmm.

Asides from this potentially being a GNOME issue, there’s a few
things you can do on the mscore side.

First, start it with the -D option and the actual dpi. If it then
looks the same, you’ll know that GNOME sets the dpi correctly,
otherwise you’ll have a knob to try.

Second, there’s the -x option for GUI scaling, you could try
something like -x 0.5 and see what happens.

Third, if you go to E̲dit → P̲references… then in the General tab,
option group Theme, there’s icon width/height, to be set in pixels.
It might be that GNOME scales “just” those, nothing else; if so,
halve the values there to match GNOME’s settings.

Fourth, you could see whether there’s anything to configure in
the system-wide (per-user, probably) Qt5 settings. I admit I have
no idea about those.

Unfortunately, autodetection of these things only seems to work
in basic cases, and desktop environments have always been inventing
their own knobs which then only work well in their own applications,
so I’m afraid there isn’t anything we can do on the code side,
except if you find that this is something fixed in mu͒3.7 Evolution
(to soon be packaged as musescore-snapshot, but I’m not there yet),
in which case we could backport the fix.

I’d ask you to please try out the above things and report back,
but, unless someone finds a commit to backport, I’ll handle this
as user support request* and not as bugreport.

*) Upstream notably doesn’t support 2.x/3.x any more, but the
   forums on musescore.org and third-party boards like
   https://www.notensatzforum.net/f2-MuseScore-Forum.html and
   https://www.musiker-board.de/forum/musescore.934/ still have
   active enough communities around this, and there’s likely
   someone there who also uses GNOME (I don’t personally use a
   desktop environment, just a window manager) and possibly has
   experience with it.

Good luck,
//mirabilos
-- 
22:59⎜ glaub ich termkit is kompliziert | glabe nicht das man
damit schneller arbeitet | reizüberflutung │ wie windows │ alles evil
zuviel bilder │ wie ein spiel | 23:00⎜ die meisten raffen auch
nicht mehr von windows | 23:01⎜ bilderbücher sind ja auch nich
wirklich verbreitet als erwachsenen literatur   ‣ who needs GUIs thus?

Bug#1081331: /usr/share/man/man1/cvs.1.gz: some commands missing from headings?

[Thorsten Glaser]

Hi наб,

>Quoth cvs(1):

the manpage is autogenerated from *parts* of the
texinfo source, using arcane and weird scripts.

>  suck, update, server & pserver, CVS commands
> suck‒Download RCS ,v file raw
>  suck module/pa/th
> [...]
>
>  update, , suck, CVS commands
> update‒Bring work tree in sync with repository
>  update [-ACdflPpR] [-I name] [-j rev [-j rev]] [-k kflag] [-r 
> tag[:date] | -D date] [-W spec] files...
> [...]

Ouch!

I suppose the scripts don’t deal well with some of the
texinfo-level bugfixes I had to do.

New:

release, server & pserver, rdiff, CVS commands
   release—Indicate that a directory is no longer in use
   • release [-d] directories...

Old:

release
   Indicate that a directory is no longer in use
   • release [-d] directories...

So it’s “only” the subsection heading cleanup that needs
some love.

The corresponding texinfo part looks:

@node release, server & pserver, rdiff, CVS commands
@appendixsec release---Indicate that a directory is no longer in use

doc/mkman.pl (which also probably needs to have all those
"See node \\(aq$content\\(aq in the CVS manual" replaced with
"See node \\(aq$content\\(aq in cvs(GNU)" for the HTML-level
links to work… hmm…) does:

# Chapter headers.
$last_header = $1 if s/^\@node\s+(.*)$/.SH "$1"/;
if (/^\@appendix\w*\s+(.*)$/)
{
[…]

I believe replacing the two (.*) with (.*?)(,.*)? or so
ought to do (most of) the trick… though… the old code had…

@node release
@appendixsec release---Indicate that a directory is no longer in use

… hmm, ah okay, the --- is converted to \(em and the Perl
code matches with ^$last_header so that’s not correct… so
it probably suffices to change the first (.*) RE for this
to work again.

However.

It’s widely known that the generation process for the manpage
is problematic, and that the result is missing some basic-ish
information. I’d rather write a small -mdoc replacement but
haven’t gotten around to actually doing so, and the Cederqvist
is basically always needed to get the full docs. You *will*
find more things like that, should you wish to dig deeper in
the manpage.

Small fixes like this one are easy enough, but I don’t have
the capacity to fix it all…

I suggest to just read the texinfo page (or its rendered
versions as per /usr/share/doc-base/cvs-doc* registrations)
and blame RMS or something. (Though the actual content of
it is an actual book, not the “usual” GNU texinfo-format
fare ☻ and there’s a PDF.)

Of course you can also just throw CVS questions into my
general direction, like you already did on Fedi.

Good luck,
//mirabilos
-- 
13:22⎜«neurodamage» mira, what's up man? I have a CVS question for you in #cvs
13:22⎜«neurodamage» since you're so good w. it │ «neurodamage:#cvs» i love you
13:28⎜«neurodamage:#cvs» you're a handy guy to have around for systems stuff ☺
16:06⎜ Thank god I found you =)   20:03│«bioe007:#cvs» mira2k: ty
17:14⎜ Thanks big help you are :-)mira|nwt: ty again
18:35⎜«alturiak:#cvs» mirabilos: aw, nice. thanks :o
18:36⎜«ThunderChicken:#cvs» mirabilos FTW!  23:03⎜«mithraic:#cvs» aaah. thanks
18:41⎜«alturiak:#cvs» phew. thanks a bunch, guys. you just made my weekend :-)
18:10⎜«sumit:#cvs» mirabilos: oh ok.. thanks for that
21:57⎜ yeah, I really appreciate help
18:50⎜«grndlvl:#cvs» thankyou18:50⎜«grndlvl:#cvs» worked perfectly
20:50⎜ i see. mirabilos, thnks for your support
00:36⎜«halirutan:#cvs» ok, the obvious way:-) thx
18:44⎜«arcfide:#cvs» mirabilos, I am running OpenBSD. 18:59⎜«arcfide:#cvs»
Hrm, yes, I see what you mean. 19:01⎜«arcfide:#cvs» Yeah, thanks for the help.
21:33⎜«CardinalFang:#cvs» Ugh.  Okay.  Sorry for the dumb question.  Thank you
21:34⎜ mirabilos: whoa that's sweet
21:52⎜«garrett__:#cvs» much appreciated  «garrett__:#cvs» thanks for your time
23:39⎜ this worked, thank you very much 16:26⎜ ok
thx, i'll try that 20:00⎜«stableable:#cvs» Thank you.20:50⎜«s833:#cvs»
mirabilos: thanks a lot.19:34⎜ Thanks for confirming :)
20:08⎜ ...works like a charm.. thanks mirabilos

Bug#1081156: hunspell-en-gb: no /var/lib/dictionaries-common/hunspell/ file

[Thorsten Glaser]

Package: hunspell-en-gb
Version: 1:7.1.0~rc3-3
Severity: normal
X-Debbugs-Cc: t...@x61p.mirbsd.org

Not sure whether this is an actual problem, but
/var/lib/dictionaries-common/hunspell/ contains
what I think are registration files for both
hunspell-en-us and myspell-de-de-1901 but
hunspell-en-gb is curiously missing one, in sid
as well.


-- System Information:
Debian Release: 11.11
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-32-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages hunspell-en-gb depends on:
ii  dictionaries-common  1.28.4

hunspell-en-gb recommends no packages.

Versions of packages hunspell-en-gb suggests:
pn  hunspell
ii  libreoffice-writer  1:7.0.4-4+deb11u10

-- no debconf information

Bug#1079399: linux: things written to tty vanish after a day or two

[Thorsten Glaser]

Package: src:linux
Version: 5.10.223-1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

In /etc/rc.local I write a text file to /dev/tty11.
I have getty on 1-6 as usual and syslog on 12.

After booting the system, I can confirm this works.

A day or two later (I have not timed this exactly),
I can still Ctrl-Alt-F12 to read syslog, but trying
Ctrl-Alt-F11 does nothing, i.e. it does not even
switch from the syslog tty to the one with the text.


-- Package-specific info:
** Version:
Linux version 5.10.0-32-amd64 (debian-ker...@lists.debian.org) (gcc-10 (Debian 
10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP 
Debian 5.10.223-1 (2024-08-10)

** Command line:
BOOT_IMAGE=/SDcardBoot/vmlinuz-5.10.0-32-amd64 
root=/dev/mapper/vg--cSD-lv--root ro net.ifnames=0 vga=792 TZ=:Europe/Berlin

** Tainted: OE (12288)
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
Unable to read kernel log; any relevant messages should be attached

** Model information
sys_vendor: LENOVO
product_name: 7674D67
product_version: ThinkPad X61
chassis_vendor: LENOVO
chassis_version: Not Available
bios_vendor: LENOVO
bios_version: 7NET30WW (1.11 )
board_vendor: LENOVO
board_name: 7674D67
board_version: Not Available

** Loaded modules:
fuse
tun
ctr
ccm
cpufreq_ondemand
binfmt_misc
cpufreq_powersave
tp_smapi(OE)
thinkpad_ec(OE)
snd_hda_codec_analog
snd_hda_codec_generic
i915
snd_hda_intel
snd_intel_dspcfg
soundwire_intel
soundwire_generic_allocation
snd_soc_core
iwl4965
snd_compress
iwlegacy
soundwire_cadence
coretemp
snd_hda_codec
mac80211
snd_hda_core
kvm_intel
snd_hwdep
soundwire_bus
thinkpad_acpi
drm_kms_helper
kvm
cfg80211
snd_pcm
pcmcia
cec
ppdev
nvram
snd_timer
drm
ledtrig_audio
snd
iTCO_wdt
evdev
irqbypass
intel_pmc_bxt
yenta_socket
soundcore
i2c_algo_bit
pcmcia_rsrc
libarc4
rfkill
iTCO_vendor_support
watchdog
serio_raw
pcmcia_core
pcspkr
parport_pc
sg
parport
ac
acpi_cpufreq
button
ecb
aes_generic
libaes
crypto_simd
cryptd
glue_helper
xts
dm_crypt
dm_mod
ext4
crc16
mbcache
jbd2
crc32c_generic
mmc_block
sd_mod
t10_pi
crc_t10dif
crct10dif_generic
crct10dif_common
sr_mod
cdrom
sdhci_pci
cqhci
ata_generic
ahci
uhci_hcd
ehci_pci
libahci
ata_piix
e1000e
sdhci
libata
ehci_hcd
ptp
i2c_i801
scsi_mod
psmouse
usbcore
i2c_smbus
mmc_core
lpc_ich
usb_common
pps_core
battery
video

** PCI devices:
not available

** USB devices:
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 17ef:1000 Lenovo ThinkPad X6 UltraBase
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0483:2016 STMicroelectronics Fingerprint Reader
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-32-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages linux-image-5.10.0-32-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.140
ii  kmod28-1
ii  linux-base  4.6

Versions of packages linux-image-5.10.0-32-amd64 recommends:
pn  apparmor 
ii  firmware-linux-free  20200122-1

Versions of packages linux-image-5.10.0-32-amd64 suggests:
pn  debian-kernel-handbook  
ii  grub-pc 2.06-3~deb11u6
pn  linux-doc-5.10  

Versions of packages linux-image-5.10.0-32-amd64 is related to:
pn  firmware-amd-graphics 
pn  firmware-atheros  
pn  firmware-bnx2 
pn  firmware-bnx2x
pn  firmware-brcm80211
pn  firmware-cavium   
pn  firmware-intel-sound  
pn  firmware-intelwimax   
pn  firmware-ipw2x00  
pn  firmware-ivtv 
ii  firmware-iwlwifi  20210315-3
pn  firmware-libertas 
pn  firmware-linux-nonfree
pn  firmware-misc-nonfree 
pn  firmware-myricom  
pn  firmware-netxen   
pn  firmware-qlogic   
pn  firmware-realtek  
pn  firmware-samsung  
pn  firmware-siano
pn  firmware-ti-connectivity  
pn  xen-hypervisor

-- no debconf information

Bug#1079393: lintian: mismatched-override cannot be overridden

[Thorsten Glaser]

Package: lintian
Version: 2.118.0
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

I have trouble creating an override file that works for all
architectures.

On some architectures, lintian (correctly) issues:
mksh: statically-linked-binary [bin/lksh]
I can override this.

But on other architectures, lintian (wrongly) issues…
mksh: shared-library-lacks-prerequisites [bin/lksh]
… instead (for static-PIE executables).
I can override this as well.

But when I put in both overrides, I get one of…
mksh: mismatched-override statically-linked-binary [bin/lksh]
mksh: mismatched-override shared-library-lacks-prerequisites [bin/lksh]
… obviously.

I tried putting…
mksh: mismatched-override statically-linked-binary [bin/lksh] *
mksh: mismatched-override shared-library-lacks-prerequisites [bin/lksh] *
… but they did not take.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 
'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages lintian depends on:
ii  binutils2.43-2
ii  bzip2   1.0.8-5.1
ii  diffstat1.66-1
ii  dpkg1.22.11
ii  dpkg-dev1.22.11
ii  file1:5.45-3
ii  gettext 0.22.5-2
ii  gpg 2.2.43-8
ii  intltool-debian 0.35.0+20060710.6
ii  iso-codes   4.16.0-1
ii  libapt-pkg-perl 0.1.40+b5
ii  libarchive-zip-perl 1.68-1
ii  libberkeleydb-perl  0.64-2+b3
ii  libcapture-tiny-perl0.48-2
ii  libclass-xsaccessor-perl1.19-4+b3
ii  libclone-perl   0.46-1+b2
ii  libconfig-tiny-perl 2.30-1
ii  libconst-fast-perl  0.014-2
ii  libcpanel-json-xs-perl  4.38-1
ii  libdata-dpath-perl  0.59-1
ii  libdata-validate-domain-perl0.10-1.1
ii  libdata-validate-uri-perl   0.07-3
ii  libdevel-size-perl  0.84-1
pn  libdigest-sha-perl  
ii  libdpkg-perl1.22.11
ii  libemail-address-xs-perl1.05-1+b3
ii  libencode-perl  3.21-1+b1
ii  libfile-basedir-perl0.09-2
ii  libfile-find-rule-perl  0.34-3
ii  libfont-ttf-perl1.06-2
ii  libhtml-html5-entities-perl 0.004-3
ii  libhtml-tokeparser-simple-perl  3.16-4
ii  libio-interactive-perl  1.025-1
ii  libipc-run3-perl0.049-1
ii  libjson-maybexs-perl1.004008-1
ii  liblist-compare-perl0.55-2
ii  liblist-someutils-perl  0.59-1
ii  liblist-utilsby-perl0.12-2
ii  libmldbm-perl   2.05-4
ii  libmoo-perl 2.005005-1
ii  libmoox-aliases-perl0.001006-2
ii  libnamespace-clean-perl 0.27-2
ii  libpath-tiny-perl   0.146-1
ii  libperlio-gzip-perl 0.20-1+b3
ii  libperlio-utf8-strict-perl  0.010-1+b2
ii  libproc-processtable-perl   0.636-1+b2
ii  libregexp-wildcards-perl1.05-3
ii  libsereal-decoder-perl  5.004+ds-1+b2
ii  libsereal-encoder-perl  5.004+ds-1+b2
ii  libsort-versions-perl   1.62-3
ii  libsyntax-keyword-try-perl  0.29-2
ii  libterm-readkey-perl2.38-2+b3
ii  libtext-levenshteinxs-perl  0.03-5+b3
ii  libtext-markdown-discount-perl  0.16-1+b2
ii  libtext-xslate-perl 3.5.9-2
ii  libtime-duration-perl   1.21-2
ii  libtime-moment-perl 0.44-2+b3
ii  libtimedate-perl2.3300-2
ii  libunicode-utf8-perl0.62-2+b2
ii  liburi-perl 5.28-1
ii  libwww-mechanize-perl   2.18-1
ii  libwww-perl 6.77-1
ii  libxml-libxml-perl  2.0207+dfsg+really+2.0134-4
ii  libyaml-libyaml-perl0.89+ds-1+b1
ii  lzip [lzip-decompressor]1.24.1-2
ii  lzop1.04-2
ii  man-db  2.12.1-3
ii  patchutils  0.4.2-1
ii  perl [libencode-perl]   5.38.2-5
ii  t1utils 1.41-4
ii  unzip   6.0-28
ii  xz-utils5.6.2-2

lintian recommends no packages.

Versions of packages lintian suggests:
pn  binutils-multiarch 
pn  libtext-template-perl  

-- no debconf information

Bug#1079165: ansiweather: illegible time format

[Thorsten Glaser]

Package: ansiweather
Version: 1.11-1.1
Severity: normal
Tags: l10n
X-Debbugs-Cc: t...@mirbsd.de

ansiweather insists on using the weird AM/PM format
used by a vast minority of people instead of 24-hour
clock format for e.g. sunrise/sundown, even if I set
the metric option or the locale.


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages ansiweather depends on:
ii  bc1.07.1-2+b2
ii  curl  7.88.1-10+deb12u5~bpo11+0wtf1
ii  jq1.6-2.1

ansiweather recommends no packages.

ansiweather suggests no packages.

-- no debconf information

Bug#856877: Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Simon McVittie dixit:

>I was not aware of any mips* buildds still on 4.9 (Debian 9 kernel). The
>only mips family architecture listed on buildd.debian.org is mips64el, for

I think 4.9 is some mipsel buildds. Shortly after the discussion,
which I’m attaching as I don’t know where it’s otherwise archived,
mipsel was removed from sid with no fanfare or announcement, so I
think those now only build for the old releases’ security support,
but the porters/buildd admins would know. Also unsure whether any
derivative distro still has mipsel with sid packages (but it then
is their problem to obtain newer kernels).

>If there are unofficial mips* buildds outside the buildd.debian.org
>infrastructure, then I would hope that either they can be upgraded to a
>Debian 10 or later kernel, or they can run a Debian 12 or older user-space
>(in particular, not keeping up with the latest sbuild).

Or that.

>However, if I'm
>reading kernel git history correctly, the patch proposed on #1079124
>should in principle work with any 4.7+ kernel (not tested). This would
>not have been broad enough compatibility in 2017, but seems OK now.

Yes, certainly.

Thanks,
//mirabilos
-- 
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival--- Begin Message ---

Hi,

On 2023-08-04 21:40, Thorsten Glaser wrote:
> Hi,
> 
> some of the buildds still use Linux 4.19 but klibc has started to
> require Linux 5.1-specific features with the latest sid upload.
> This has implications on mksh (for the mksh-static and lksh binaries
> and for passing the testsuite) as well.
> 
> Could we please get the buildds to run with the stable or at least
> the oldstable kernel?

Unfortunately newer kernels do not work on those buildds:

https://lists.debian.org/debian-mips/2023/07/msg00052.html

Regards
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://aurel32.net
--- End Message ---
--- Begin Message ---
On Fri, 2023-08-04 at 23:58 +0200, Aurelien Jarno wrote:
> Hi,
> 
> On 2023-08-04 21:40, Thorsten Glaser wrote:
> > Hi,
> > 
> > some of the buildds still use Linux 4.19 but klibc has started to
> > require Linux 5.1-specific features with the latest sid upload.
> > This has implications on mksh (for the mksh-static and lksh binaries
> > and for passing the testsuite) as well.
> > 
> > Could we please get the buildds to run with the stable or at least
> > the oldstable kernel?
> 
> Unfortunately newer kernels do not work on those buildds:
> 
> https://lists.debian.org/debian-mips/2023/07/msg00052.html

I have to wonder why this did not disqualify mips{,64}el as release
architectures for bookworm.

The error messages are coming from of_irq_parse_pci(), which wasn't
called at all in the buster kernel because we didn't enable CONFIG_OF
or CONFIG_OF_IRQ.  That changed with:

commit 8a788b0708ba1593f1fd4f3c585b7d5466a29f16
Author: YunQiang Su 
Date:   Sat May 23 23:17:42 2020 +0800
 
Enable CONFIG_OF and CONFIG_SERIAL_OF_PLATFORM for Loongson-3

Loongson64, aka loongson-3 switch to devicetree, and the console
cannot accept input anymore due to SERIAL_OF_PLATFORM is
not enabled.

While SERIAL_OF_PLATFORM depends on OF, we need to enable it
at the same time.

These options can only work with 5.7+.

Do you have an FDT for these systems, and is the boot loader passing
it?  I'm guessing not, because we currently don't build or package any
FDTs in the kernel.  In 6.1 these sources are available:

arch/mips/boot/dts/loongson/loongson64_2core_2k1000.dts
arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts
arch/mips/boot/dts/loongson/loongson64c_4core_rs780e.dts *
arch/mips/boot/dts/loongson/loongson64c_8core_rs780e.dts *
arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dts
arch/mips/boot/dts/loongson/loongson64v_4core_virtio.dts

Hopefully one of those marked with an asterisk would be suitable.

Relatedly, I see that eller is also running a 4.19 kernel.  What's the
story there?

Ben.

-- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
On Sat, 2023-08-05 at 02:09 +0200, Ben Hutchings wrote:
[...]
> Do you have an FDT for these systems, and is the boot loader passing
> it?  I'm guessing not, because we currently don't build or package any
> FDTs in the kernel.
[...]

That has actually been fixed post-bookworm, but should probably be
backported to bookworm:
https://salsa.debian.org/kernel-team/linux/-/commit/7b4954db782

Bug#1006451: drop mimimi-maven-plugin as its only user was removed

[Thorsten Glaser]

reassign 1006451 ftp.debian.org
retitle 1006451 RM: minify-maven-plugin -- RoM; only remaining user gone
severity 1006451 normal
thanks

guacamole-client was RoQA'd in #926276
so this can be garbage-collected

Bug#856877: Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Simon McVittie dixit:

>was rather recent at that time, but hopefully we no longer have any
>machines that are running Debian 8 kernels...

The varios MIPS buildds run 4.19 and some even 4.9 kernels
(AFAIHH due to hardware/patch constraints), which has led
to problems (e.g. I had to disable klibc builds of mksh on
them because klibc now uses Linux 5.1 features). AIUI this
is being worked on, but not yet resolved.

>(As far as I can see, the fstab configuration in dsa-puppet is intended to
>add some lines to schroot's defaults, rather than forcing specific handling
>for /dev/pts, but it forces specific handling for /dev/pts as a side-effect
>because it's overwriting the whole file.)

Ah, ouch. Those config tools where doing that is easier than
doing the actual manipulation…

Thanks again for digging into this,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
 -- Henry Nelson, March 1999

Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Hi Simon,

thanks for testing.

>I'm using Thorsten's regression report in #983423 as my representative
>sample of a package that regressed with schroot 1.6.13-4, because mksh
>builds much more quickly than gcc-14

(You can add mksh-firstbuilt to DEB_BUILD_OPTIONS so it doesn’t build
and test binaries for dietlibc/klibc/musl.)

>, but I suspect that the same would
>apply equally to Adrian's regression report in #856877: the important
>factor is probably just "any package that wants to run script(1)
>or expect(1)".

I think so.

>I was not able to reproduce the mksh build failure, so there must be
>some relevant difference in setup (other than CPU architecture, which

Oh, okay. Adrian?

bye,
//mirabilos
-- 
 you introduced a merge commit│ % g rebase -i HEAD^^
 sorry, no idea and rebasing just fscked │ Segmentation
 should have cloned into a clean repo  │  fault (core dumped)
 if I rebase that now, it's really ugh │ wuahh

Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Simon McVittie dixit:

>> as well as open("/dev/tty", O_RDWR, 0)
>
>Asserting that /dev/tty is the correct device node and has appropriate
>permissions should cover that.

Totally not, unfortunately: it only works when it actually has a ctty.

>> and later F_DUPFD and F_SETFD, FD_CLOEXEC fcntl
>
>Those are basic syscalls that act on any valid fd (not just terminals)
>so if they somehow fail then we already have much, much worse problems.

Yeah, these are granted.

>> Perhaps isolating that as a small C or Perl program to use
>> for those tests?
>
>It looks like even perl-base (which is Essential) should have
>POSIX::isatty, so that's probably the most convenient.

That and the builtin open to open /dev/tty ought to do,
but I’m not a Perl monk, so feel free to ;-)

Thanks,
//mirabilos
-- 
> Wish I had pine to hand :-( I'll give lynx a try, thanks.

Michael Schmitz on nntp://news.gmane.org/gmane.linux.debian.ports.68k
a.k.a. {news.gmane.org/nntp}#news.gmane.linux.debian.ports.68k in pine

Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Simon McVittie dixit:

>On Mon, 19 Aug 2024 at 16:27:24 +0000, Thorsten Glaser wrote:
>> mksh actually does things inside script(1) that use the tty
>
>For the purposes of having a test-case for schroot that doesn't require
>mksh, perhaps a good approximation to this would be asserting that
>tty(1) from coreutils exits successfully and prints the path to a char
>device that exists and is rw?

Unsure. It also requires and accesses /dev/tty, it doesn’t just
do isatty on stdio.

>For a manual smoke-test for this change, having a known-good version
>of mksh build and pass its test suite seems like a better indicator
>that the terminal is indeed working, but I think that's too large and
>involved to make a reasonable autopkgtest for schroot to guard against
>this maybe regressing.

Right.

Looking at the code, it seems we need isatty(0) && isatty(2)
to succeed as well as open("/dev/tty", O_RDWR, 0) to succeed
(and later F_DUPFD and F_SETFD, FD_CLOEXEC fcntl).

Perhaps isolating that as a small C or Perl program to use
for those tests?

>on a pty or tty, or produce some other output if not?

Produce some other output (error messages) if not.

$ echo true | sudo chroot /tmp/a /sh -i; echo
W: /sh: can't find controlling tty: Permission denied
W: /sh: won't have full job control
# #

The two warning lines are absent if the tty is present.
They look different in older versions, though.

bye,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc

Bug#911312: firefox-esr: automatical download of libgmpopenh264.so with default settings

[Thorsten Glaser]

Package: firefox-esr
Version: 115.14.0esr-1~deb11u1
Followup-For: Bug #911312
X-Debbugs-Cc: t...@mirbsd.de
Control: severity -1 serious

The binary plugin is still automatically downloaded (and likely used).
This is likely a violation of “main” rules.


-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-32-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages firefox-esr depends on:
ii  debianutils  4.11.2
ii  fontconfig   2.13.1-4.2
ii  libasound2   1.2.4-1.1
ii  libatk1.0-0  2.36.0-2
ii  libc62.31-13+deb11u11
ii  libcairo-gobject21.16.0-5
ii  libcairo21.16.0-5
ii  libdbus-1-3  1.12.28-0+deb11u1
ii  libdbus-glib-1-2 0.110-6
ii  libevent-2.1-7   2.1.12-stable-1
ii  libffi7  3.3-6
ii  libfontconfig1   2.13.1-4.2
ii  libfreetype6 2.10.4+dfsg-1+deb11u1
ii  libgcc-s110.2.1-6
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1+deb11u2
ii  libglib2.0-0 2.66.8-1+deb11u4
ii  libgtk-3-0   3.24.24-4+deb11u4
ii  libpango-1.0-0   1.46.2-3
ii  libstdc++6   10.2.1-6
ii  libx11-6 2:1.7.2-1+deb11u2
ii  libx11-xcb1  2:1.7.2-1+deb11u2
ii  libxcb-shm0  1.14-3
ii  libxcb1  1.14-3
ii  libxcomposite1   1:0.4.5-1
ii  libxdamage1  1:1.1.5-2
ii  libxext6 2:1.3.3-1.1
ii  libxfixes3   1:5.0.3-2
ii  libxrandr2   2:1.5.1-1
ii  libxtst6 2:1.2.3-1
ii  procps   2:3.3.17-5
ii  zlib1g   1:1.2.11.dfsg-2+deb11u2

Versions of packages firefox-esr recommends:
ii  libavcodec58  7:4.3.7-0+deb11u1

Versions of packages firefox-esr suggests:
pn  fonts-lmodern  
pn  fonts-stix | otf-stix  
pn  libcanberra0   
ii  libgssapi-krb5-2   1.18.3-6+deb11u5
pn  pulseaudio 

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/lib/firefox-esr/browser/omni.ja (from firefox-esr 
package)
debsums: changed file /usr/lib/firefox-esr/omni.ja (from firefox-esr package)

Bug#983423: schroot: regression presumably in 1.6.13-4 after fixing #983423

[Thorsten Glaser]

Simon McVittie dixit:

>On Sun, 18 Aug 2024 at 23:44:57 +0000, Thorsten Glaser wrote:
>> On three buildds, mksh FTBFS already because the whole
>> /dev/ptmx and /dev/pts stuff is malfunctioning again
>
>Which buildds? Are you referring to -ports builds
>https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=powerpc&ver=59c-39&stamp=1724031073&raw=0,
>https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=ppc64&ver=59c-39&stamp=1724031078&raw=0,
>https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=sparc64&ver=59c-39&stamp=1724031447&raw=0
>each of which reported
>"script: failed to create pseudo-terminal: Permission denied"?

Yes, indeed.

>-powerpc, -sparc teams: how are those buildds
>(debian-project-be-1.buildd.org, blaauw.buildd.org, sompek.debian.net)
>set up?
>* host system suite: testing? unstable? other?
>* kernel: seems to be 6.9.12 in each case, presumably from testing/unstable
>* schroot: 1.6.13-4 or some sort of backport?
>* is there any container/chroot/other confinement between the host system
>  and sbuild+schroot?
>* any special schroot or kernel configuration?

→ cbmuser et al.

>Thorsten, I see that
>https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=m68k&ver=59c-39&stamp=1724031130&raw=0,
>https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=sh4&ver=59c-39&stamp=1724031300&raw=0
>seem to be running script(1) successfully, but failing with an error
>that looks different (possibly related to using qemu-user on an amd64
>system). Can I assume that those are out-of-scope here?

Right, these are from the failure to set argv[0] again,
which is somehow on-again off-again with these hosts,
despite qemu having been fixed ages ago.

>> have you actually tested that this works?
>
>I initially provided the patch that was recently applied to schroot back
>in 2017, and unfortunately I don't completely remember what I did 7 years

Fair.

>ago, but I think my usual reproducer for "do pseudo-terminals work?" was
>to run something like "script -c 'cat /etc/os-release' /dev/null" inside
>a schroot. Is that a good mockup of what mksh needs to do, or is there

Half of it: mksh actually does things inside script(1) that use the tty.

I cannot test this in that environment currently, but something like…

case $(script -c 'echo true | env -i /bin/mksh-static -i' 2>&1) in
*[!\ \#\$]*) echo fail ;;
esac

… or, if you can guarantee running as nōn-root (root ignores PS1 if
it does not contain an octothorpe),

case $(script -c 'echo true | env -i PS1=X /bin/mksh-static -i' 2>&1) in
*[!X]*) echo fail ;;
esac

could work (i.e. test whether the returned text is just the prompt).
The -i after the shell is important.

You could also check for the warning message, but their format is
not guaranteed to be fixed.

Or just inspect this interactively.

>I have not been continually testing that patch for 7 years, and I didn't
>make the decision to integrate it now, so I can't speak to what testing
>was done before the upload that integrated it.

tbh I was more addressing the uploader with this, but I was rather
tired yesternight when I found this and just wanted to throw the
ball to “someone”.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#983423: schroot (1.6.13-4) unstable; urgency=medium

[Thorsten Glaser]

Hi,

have you actually tested that this works?

On three buildds, mksh FTBFS already because the whole
/dev/ptmx and /dev/pts stuff is malfunctioning again,
after like 15 years of it working after having had to
fight for packages being allowed to depend on it to
obtain a pty/tty for tests during build with script(1).

Not sure it’s related, jrtc27 pointed out it’s a recent
change that might be, and cbmuser would be the one to
recreate the chroots there. I have about negative band‐
width to debug this myself right now, so… please.

Bug#1079020: lintian: bin-sbin-mismatch vs. shells

[Thorsten Glaser]

Package: lintian
Version: 2.118.0

lintian reports now, after dh_movetousr:

X: mksh: bin-sbin-mismatch bin/mksh -> usr/bin/mksh 
[usr/share/doc/mksh/examples/uhr]

I can only assume that this is due to the #!/bin/mksh shebang
in that file. If so, please carry a list of interpreters in
lintian whose canonical path is in /bin/ (or /sbin/) instead
of the /usr/-moved locations, so that people won’t mistakenly
change the canonical #!/bin/mksh shebang to the unportable,
broken #!/usr/bin/mksh[sic!].

Bug#1078772: pmake: “bmake: no system rules (sys.mk).”

[Thorsten Glaser]

Santiago Vila dixit:

> El 15/8/24 a las 22:49, Thorsten Glaser escribió:
>> a package that Build-Depends on pmake and uses it
>> in its debian/rules build targets in a clean bullseye chroot
>
> Did you really mean bmake (not pmake) here?

No, pmake.

> If yes: Can you provide an example of package in the
> described set?

https://debr.mirbsd.org/repos/wtf/dists/bullseye/wtf/Pkgs/host/

> I ask because I rebuilt the whole of bullseye one month ago,
> and among the few packages still pending to be reported,
> none of them uses bmake.

Yeah, this is not uploaded to Debian proper. I use pmake quite
a lot, though.

bye,
//mirabilos
-- 
13:22⎜«neurodamage» mira, what's up man? I have a CVS question for you in #cvs
16:06⎜ Thank god I found you =)   20:03│«bioe007:#cvs» mira2k: ty
17:14⎜ Thanks big help you are :-)mira|nwt: ty again
18:36⎜«ThunderChicken:#cvs» mirabilos FTW!  23:03⎜«mithraic:#cvs» aaah. thanks

Bug#1078772: pmake: “bmake: no system rules (sys.mk).” under qemu-user

[Thorsten Glaser]

retitle 1078772 pmake: “bmake: no system rules (sys.mk).” under qemu-user
severity 1078772 important
thanks

Dixi quod…

>Hm, but I just tested with pmake_1.111-3.2_armel.deb from
>the archive, and it also failed.
>
>Is it possible that it doesn’t work right under qemu-user?

Apparently, this is it, so it doesn’t break for everyone.
My Pi 1 running armel is apparently building this fine, if
sloowly.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1078772: pmake: “bmake: no system rules (sys.mk).”

[Thorsten Glaser]

Dixi quod…

>stracing shows that, despite the -m option being passed by
>the pmake wrapper, it still accesses /usr/share/mk/.

Hm, but I just tested with pmake_1.111-3.2_armel.deb from
the archive, and it also failed.

Is it possible that it doesn’t work right under qemu-user?
(Which would also be possibly devastating…)

Or under cowbuilder (same)?

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#1078772: pmake: “bmake: no system rules (sys.mk).”

[Thorsten Glaser]

Package: bmake
Version: 20200710-14+deb11u1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: t...@mirbsd.de

Building a package that Build-Depends on pmake and uses it
in its debian/rules build targets in a clean bullseye chroot
completely fails with:

bmake: no system rules (sys.mk).

stracing shows that, despite the -m option being passed by
the pmake wrapper, it still accesses /usr/share/mk/.

I’ve not yet tested whether bookworm+ are also affected.


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages bmake depends on:
ii  libc6  2.31-13+deb11u10

bmake recommends no packages.

bmake suggests no packages.

-- no debconf information

Bug#1073608: Request for clarification on RC-ness of DEP17 bugs

[Thorsten Glaser]

Paul Gevers dixit:

> The Release Team considers packages that ship files in /usr-merged aliased
> locations RC buggy.
>
> We have put our trust in Helmut to come up with the right solutions during the
> preparation for trixie

Hmpf. He’s doing the dirty work for Md and bluca now.

>, so I'm asking you to either convince him of a better approach

Tried that, didn’t work.

>, or apply the patches he proposes.

So, then. Give me a patch that:

• does not rely on the version of the packages (considering
  there are packages in external repos with higher version
  numbers that do not move)
  → even when later upgrading to such one (e.g. in case
someone has trixie but also the external repo’s bookworm
in sources.list, where the latter ships mksh with a
higher version but without the move) ⚠
• ensures /bin/lksh is never nōn-existent on upgrades and
  downgrades

Then I’ll grudgingly apply it.

bye,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

Helmut Grohne dixit:

>> Maybe the protective diversions also protect against this problem as well
>> as the problem of moved files?  I unfortunately failed to spot where the
>> protective diversions were added in dh_movetouser (if that even is the
>> right place to be looking), so I'm fairly sure I'm missing something.
>
>dh_movetousr has nothing to do with protective diversions. It does not
>add nor remove diversions nor does it change any. All it changes is
>locations of files in the data.tar of a .deb. All of the protective
>diversions that we ever installed for DEP17 are managed in maintainer
>scripts and dh_movetousr does not touch maintainer scripts at all.

Huh? So the lots of diversions to /sbin/something.moved-to-usr I’ve
been seeing come from maintainer scripts?

But at what point does dpkg remove /bin/mksh vs. rename
/usr/bin/mksh.dpkg-new to /usr/bin/mksh? I thought the diversions
were needed so the latter doesn’t then get renamed?

Agh, this is all so complex and fragile. Are you really surprised
that maintainers are very much against this?

>In the first bug, Andrew stated that selecting the shell via debconf
>wasn't supported.

Still salty about this, as it worked in lenny and before, and the
Canonical agents who made dash the default shell unilaterally broke
this, refused cross-shell communication, ignored suggested patches
and sat out the rc bugs for 2 releases until we just gave up.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

(Another data point is that there’s versions of mksh with
version numbers larger than what’s in sid around in my own
repo, for those wanting to follow CVS snapshots more closely,
backported to all versions up to sarge, so bookworm users
can very well have mksh packages with a version number that
is greater than what will be in trixie so anything that relies
on version numbers for transitioning will also not work.)

Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

Helmut Grohne dixit:

>that the way people tend to use mksh is by adding a local diversion for

Unfortunately not.

The way we have to do it since squeeze, when dash unilaterally broke
cross-package coordination, is:

dpkg-reconfigure dash ⇒ remove its owning of /bin/sh
 (so it reverts to bash)
ln -sf lksh /bin/sh

This cleanly persists across upgrades, bash was never problematic
wrt this.

>I don't think the CTTE has actually issued a ruling on DEP17 or
>/usr-move short of repealing the moratorium in order to enable moving
>forward.

That, and that UsrMove via symlinks /bin etc. is to be instated.

There is absolutely no reason to force files to move, given they
are now aliased already *anyway*.

bye,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

Russ Allbery dixit:

>Thorsten Glaser  writes:
>
>> You got your merged /usr already, and to force packages to move their
>> files WILL break users’ systems. In particular, mksh as /bin/sh is a
>> supported configuration.
>
>Could you explain how this would break a user's system?  From your second
>sentence I'm guessing that you're anticipating some problem related to
>diversions, but I can't put the pieces together without some more details.

If I have a link from /bin/sh to a binary from the mksh package,
then on normal upgrades dpkg updates it atomically. Diverting the
binary in /bin/ away will leave the symlink from /bin/sh (which
is managed by the local admin because the dash package ignored two(!)
rc bugs regarding its changed /bin/sh management behaviour, when they
broke it, for more than two releases so the bug got eventually closed
so mksh couldn’t offer package-controlled /bin/sh management that was
coordinated with bash post-lenny) dangling.

Despite all this, running with mksh (the /bin/lksh binary) as /bin/sh
is a supported configuration (Policy 10.4), and I’ve read of many
users who are doing this.

This means that, hypothetically, should someone upload mksh with the
suggested move, which would divert the /bin/ files away in preinst,
users would need to be told to manually change their /bin/sh back to
bash for a bit, upgrade then, and then switch it back, or have their
system break on upgrade.

This is fragile, and the “benefits” are nowhere even near worth it:
/usr-merge per top-level symlinks per CTTE was forced on all systems,
so we got that now, and it is absolutely unnecessary for packages that
are not part of the pseudo-Essential set to move their files because
their implicit Pre-Depends on the Essential set will ensure that the
/bin symlink is already in place so this is a total nōn-issue.

bye,
//mirabilos
-- 
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence.  -- Coywolf Qi Hunt

Bug#1073608: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

Helmut Grohne dixit:

>I expect this policy change to come into effect before trixie is
>released and the current mksh and pax will be violating said policy.

I’m veto’ing this.

>> 1. the /bin symlink
>>
>> The implicit Pre-Depends on the Essential set being unpacked,
>> where base-files contains the /bin symlink, is sufficient to
>> avoid /bin ending up as a directory. No action needs to be
>> taken in the packages that are not part of the (Pseudo‑)Essential
>> set.
>
>This relies on undefined behaviour in dpkg. Guillem is working on
>improving metadata tracking and accurately tracking metadata will make
>this break. It is not enough to rely on the implicit essential
>dependency.

Then the tracking could be aware of this and DTRT.

>> Au contraire, moving the files WILL break users’ systems, as
>> having /bin/sh be a symlink to lksh is a supported configuration,
>> and I am a̲b̲s̲o̲̲l̲u̲t̲e̲l̲̲y̲ ̲N̲O̲T̲ taking a possible convoluted thing to
>> work around this. mksh is continuously backported (not in bpo)
>> as well, I’m totally not going to break things.
>
>I recommend using dh_movetousr or dh-sequence-movetousr in order to

And that works how? By diverting the files away temporarily,
leaving users with a dangling /bin/sh symlink during the pak‐
kage upgrade which almost certainly will lead to a failing
upgrade which will leave the user with a hosed system.

>I kindly request that you reopen these bugs for tracking purpose. I

As an issue reporter, there comes a time when you are of the
opinion that what you opened is a bug, but the maintainer dis‐
agrees. This is such a case. This is not a bug in mksh, and
even if it were, the fix would lead to broken users’ systems
and therefore isn’t worth it. Alternative ways to fix this,
#2 in dpkg and #1 is currently a nōn-issue (and if dpkg’s new
metadata tracking is being written, it can be written to account
for this, as I have the right of having been here first).

bye,
//mirabilos
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

Bug#1073608: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

[Thorsten Glaser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384

Helmut Grohne dixit:

>I would like to take the opportunity make you aware of a Debian policy
>change #1074014 about merged-/usr. I mentioned your approach in mksh and
>pax and the consensus among discussion participants was that policy
>should not allow for such interpretation. We have six seconds on the
>following diff now:
>
>- To support merged-/usr systems, packages must not install files in both
>- /path and /usr/path. For example, a package must not install both
>- /bin/example and /usr/bin/example.
>+ Since base-files implements mandatory merged-/usr by installing the
>+ aliasing symbolic links, other packages must not install files into
>+ aliased paths such as /bin, /lib, /lib* or /sbin. The package manager is
>+ not prepared to deal with such aliasing and in prohibiting the
>+ installation into aliased locations, we avoid triggering undefined
>+ behaviour. Conversely, packages may assume that /bin, /lib and /sbin are
>+ symlinks at all times and that their files below /usr/bin, /usr/lib and
>+ /usr/sbin are also accessible via their aliased locations.

This is dangerous, and I’d like to officially veto this policy change.

You got your merged /usr already, and to force packages to move their
files WILL break users’ systems. In particular, mksh as /bin/sh is a
supported configuration.

bye,
//mirabilos

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (MirBSD)
Comment: ☃ ЦΤℱ—８　☕☂☄

iQIcBAEBCQAGBQJmspuTAAoJEHa1NLLpkAfg4cUP/1yEiYQSl+TQBe0WdF4JR0CQ
YLx2v/vAO4WWmUOgvZ4eFhsxQOucaTnWSBA+wq+NsUi7xVP7soOCEVG1CqgEo92W
rIBpqxYUegFGTZUdbSf/Eut5fPCug8JoEuTGUVSVFnij6AoQ8GZtkJldGbOfe3oO
4J7ArKTJ3+8k7VvYYgohxebp7RPpC+KRKk0oNe2iec3csW71eQriiDINV2kRC9ZK
S9cV16Uda8pw6P/u0ioyjYnRiKYBXCJg+HPFuioI4zefsRVfqoLFN0O7WmE99zKJ
sb8JBnvVoA3eUcSPBBfqHIFbhdUO6F8KxXtUyqxZNgKigbHCAzAyUu9qH95pwltZ
7vMVeCM15kfhdWRT5vRYgSYHwryawi2gc22W1gpuAba68FgNnz1O0qaNTY/Lcfdi
zKRDAUDFRWUmpDuPEHFyNZgiRpv6kAEad378FRUv4ESOqEbGKLeJmLIRjdsgPrBl
7L3Yp/eKOC/5O2XPQcBI48cMc9zrREFgDKZXOcer2nUX+xR39/8qRNV5u0DPUUk5
/xseGZhYVah1q8Y2j6sUP1lEm3w62tGq1+fBEFdLKVo6WZtHnpO5ZWIIXMPHs9Sb
j9//r8gdeb7W10qwxZKoTnMPSeQyt8Rn7fzwpPRnA54hXMtjzBcB9dulxrQLyg6l
IAOF5fwerKsRufeCPy8h
=PRWD
-END PGP SIGNATURE-

Bug#919265: RFH: xloadimage -- Graphics file viewer under X11

[Thorsten Glaser]

submitter 919265 !
retitle 919265 RFH: xloadimage -- Graphics file viewer under X11
thanks

I’m taking over xloadimage and fixing the RC and some of the other
bugs, but I originally wanted to reduce, not increase, my involvement
in post-bullseye Debian, and I don’t know X11 programming well, so
I would like to request help by people who do. I do use xloadimage
basically daily, though.

Bug#1077944: musescore3: musescore4 packaging

[Thorsten Glaser]

retitle 1077944 FAQ: musescore4 packaging
tags 1077944 = wontfix
thanks

Hi Tuxicoman,

>I wonder if Musescore 4 will be packaged in Debian or if there are any concerns
>preventing it ?

yes, there are concerns. They’ve arrived too late for bookworm, but the
https://packages.debian.org/sid/musescore3 current description of the
package documents them:

Mu͒seScore Studio 4 relies on proprietary, binary-only downloadable
content for most functionality, so no Debian package is currently
planned for the releases by the new (Muse Group) owners.

As Mu͒seScore Studio 2 and 3 packager, I won’t stand in the way of
others wanting to package 4, however I believe it will be a disservice
to users because they w̲i̲l̲l̲ be wanting those proprietary plugins, as
the “core” functionality (e.g. playback) otherwise is w̲o̲r̲s̲e̲ than in 3,
plus I have vague concerns, sometimes more, sometimes less, regarding
the new owners, their development process, amount of community involve‐
ment, etc. and being involved in various musicians’ fora, I see quite
an amount of users unhappy with 4.x

I’ll personally keep musescore2, musescore3 and musescore-snapshot
(which will soon be a package of Mu͒seScore Evolution 3.7, a true
community effort) working, and the different versions are coïnstallable
anyway (because you need 2.x to work on a 2.x score, etc., to avoid
having to invest h̲o̲u̲r̲s̲ to relayout for the new version).

Any 4.x packager would do well to ensure to keep the proprietary
content, telemetry, and other phone-home content (such as the start
centre loading a webpage controlled by upstream that contains Yandex,
Google, etc. trackers) patched out (a neverending battle).

As I see this becoming a FAQ, I’ll keep this “bugreport” open.

bye,
//mirabilos
-- 
 exceptions: a truly awful implementation of quite a nice idea.
 just about the worst way you could do something like that, afaic.
 it's like anti-design.   that too… may I quote you on that?
 sure, tho i doubt anyone will listen ;)

Bug#1077676: pcscd: unprivileged users not authorised to access OpenPGP smart cards

[Thorsten Glaser]

On Thu, 1 Aug 2024, Mark Hindley wrote:

>On Thu, Aug 01, 2024 at 09:02:07AM +0200, Gian Piero Carrubba wrote:

>> The problem is registering an xdm-initiated session with elogind.
>> /etc/pam.d/xdm includes /etc/pam.d/common-session that calls
>> libpam-elogind, so in this sense xdm uses elogind.

That’s… very convoluted and doubly indirected, and xdm does not
itself provide /etc/pam.d/common-session, so I’d categorically
refute this statement (not that that’s grounds to not try and
fix this, but I want to make this point clear first.

>> So, if the $x-display-manager is standardized by the Debian Policy
>> (i.e., all the display managers define the facility)
>
>I think most do, but it is no longer policy.

This ought to suffice.

>> tested), the solution should be for elogind to include
>> 
>>  # X-Start-Before: $x-display-manager

Yes.

>I am not averse to this, but I am not sure it addresses all cases. In
>particular non-graphical login to a console.

The getty(8)s are only started after the run commands have
all finished, so console login is anyway only possible after
that.

I always found it weird that Debian started the graphical
login managers “too early” and had problems with that in
the lenny/hardy time myself, so I tended to wait for a few
minutes or did a quick Ctrl-Alt-F1 to see if rc was finished
then Ctrl-Alt-F7, on the work desktops.

I remember this was introduced in a time when the operating
systems raced for quick boot times (a time that spawned much
bad design and decisions); Microsoft cheated, too, by making
the user able to login before half their background services
were started just to be able to prove their assumed superiority
(that the system was laggy and barely usable the first minutes
after login was carefully not mentioned), and I guess that the
“modern” GNU/Linux desktop crowd just followed suit.

Given how the latter are now using systemd anyway, I think it
prudent to make sure that any graphical login manager is ran
as late as possible in the boot sequence, if not last, always.
People using sysvinit and consorts tend to have reliability as
of a higher worth than perceived speed so are unlikely to com‐
plain, anyway. (I know I revert sysvinit to sequential boot on
a̲n̲y̲ ̲a̲n̲d̲ ̲a̲l̲l̲ systems.)

bye,
//mirabilos
-- 
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen

Bug#1077201: mod_autoindex: IndexOptions FoldersFirst does not work

[Thorsten Glaser]

Package: apache2-bin
Version: 2.4.61-1~deb11u1
Severity: normal

Adding “IndexOptions FoldersFirst” to a .htaccess does have the
(desired) effect to disable fancy indexing, but the sorting the
directories first does not work (it does in Apache httpd 1.3.x).


-- Package-specific info:

-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-31-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.0-6+deb11u2
ii  libaprutil1  1.6.1-5+deb11u1
ii  libaprutil1-dbd-sqlite3  1.6.1-5+deb11u1
ii  libaprutil1-ldap 1.6.1-5+deb11u1
ii  libbrotli1   1.0.9-2+b2
ii  libc62.31-13+deb11u10
ii  libcrypt11:4.4.18-4
ii  libcurl4 7.88.1-10+deb12u5~bpo11+0wtf1
ii  libjansson4  2.13.1-1.1
ii  libldap-2.4-22.4.57+dfsg-3+deb11u1
ii  liblua5.3-0  5.3.3-1.1+deb11u1
ii  libnghttp2-141.43.0-1+deb11u1
ii  libpcre3 2:8.39-13
ii  libssl1.11.1.1w-0+deb11u1
ii  libxml2  2.9.10+dfsg-6.7+deb11u4
ii  perl 5.32.1-4+deb11u3
ii  zlib1g   1:1.2.11.dfsg-2+deb11u2

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
ii  apache2-doc 2.4.61-1~deb11u1
pn  apache2-suexec-pristine | apache2-suexec-custo  
ii  lynx [www-browser]  2.9.0rel.1-0.2
ii  w3m [www-browser]   0.5.3+git20210102-6+deb11u1

Versions of packages apache2 depends on:
ii  apache2-data 2.4.61-1~deb11u1
ii  apache2-utils2.4.61-1~deb11u1
ii  dpkg 1.20.13
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4+deb11u3
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
ii  apache2-doc 2.4.61-1~deb11u1
pn  apache2-suexec-pristine | apache2-suexec-custo  
ii  lynx [www-browser]  2.9.0rel.1-0.2
ii  w3m [www-browser]   0.5.3+git20210102-6+deb11u1

Versions of packages apache2-bin is related to:
ii  apache2  2.4.61-1~deb11u1
ii  apache2-bin  2.4.61-1~deb11u1

-- no debconf information

Bug#1076149: debootstrap: distro-info shall be at *most* Recommends

[Thorsten Glaser]

Package: debootstrap
Version: 1.0.136
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

It is a useless dependency, only used when no script is given
after all (thankfully; the Depends gave me a shock thinking newer
debootstrap versions can no longer just be used on any Linux).


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 
'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages debootstrap depends on:
ii  distro-info  1.7
ii  wget 1.24.5-1

Versions of packages debootstrap recommends:
pn  arch-test   
ii  debian-archive-keyring  2023.4
ii  gnupg   2.2.43-7
ii  mount   2.40.2-1

Versions of packages debootstrap suggests:
ii  binutils2.42.50.20240710-1
pn  squid-deb-proxy-client  
pn  ubuntu-archive-keyring  
ii  xz-utils5.6.2-2
ii  zstd1.5.6+dfsg-1

-- no debconf information

Bug#1010627: molly-guard: check cryptsetup passwords on shutdown

[Thorsten Glaser]

Package: molly-guard
Version: 0.7.2
Followup-For: Bug #1010627
X-Debbugs-Cc: t...@mirbsd.de

You could scan the crypttab on nōn-systemd services for devices
with “initramfs” in the last field, and/or offer an /etc/defaults/
file where one could list their crypt devices to check (the raw
names, i.e. something like /dev/sda2, LABEL=foo or UUID=foo) and
then iterate over them with:

cryptsetup --test-passphrase luksOpen $device


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages molly-guard depends on:
ii  procps  2:3.3.17-5

molly-guard recommends no packages.

molly-guard suggests no packages.

-- no debconf information

Bug#1076100: /usr/share/initramfs-tools/hooks/cryptroot: replaces stable LABEL=… lines in crypttab with unstable UUID=… entries

[Thorsten Glaser]

Package: cryptsetup-initramfs
Version: 2:2.3.7-1+deb11u1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

The /cryptroot/crypttab file in the initramfs contains lines like:

cPV UUID=---- none discard,luks,initramfs

This is bad because these are less stable than the LABEL=… lines I put
into crypttab(5): the UUID changes then you do a restore from backup,
whereas the LABEL can be easily made to stay the same.

It should not do so for LABEL= lines. (I can understand wishing to do
so for others, but even GRUB has a GRUB_DISABLE_LINUX_UUID=true option
because they realise UUIDs can be troubling.)


-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-5.10.0-30-amd64 root=/dev/mapper/vg---lv--root ro 
rootdelay=5 net.ifnames=0 
ip=6,0,eth0,.mirbsd.org,2a02:::::1/64,fe80::1 nomodeset TZ=:UTC

-- /etc/crypttab
# 
cPV LABEL=cPV   nonediscard,luks,initramfs
cswp1   /dev/vg-/lv-swp1/dev/random 
discard,cipher=aes-xts-plain64,size=256,plain,swap
cswp2   /dev/vg-/lv-swp2/dev/random 
discard,cipher=aes-xts-plain64,size=256,plain,swap

-- /etc/fstab
/dev/vg-/lv-root  / ext4   
defaults,auto_da_alloc,relatime,lazytime  0  2
LABEL=-boot   /boot ext4   
defaults,auto_da_alloc,noatime,lazytime,nodev,noexec  0  1
swap  /tmp  tmpfs  
defaults,noatime,lazytime,nosuid,nodev0  0
/dev/vg-/lv-mbsd  /var/anoncvs  ext4   
defaults,auto_da_alloc,noatime,lazytime,nodev 0  3
/dev/mapper/cswp1 swap  swap   sw,discard=once  
 0  0
/dev/mapper/cswp2 swap  swap   sw,discard=once  
 0  0

swap  /var/log/apache2  tmpfs  
size=37748736,async,noatime,lazytime,auto,nodev,noexec,nosuid,rw,nouser,uid=0,gid=4,mode=2750
  0  0

-- lsmod
Module  Size  Used by
nft_reject_inet16384  7
nf_reject_ipv4 16384  1 nft_reject_inet
nf_reject_ipv6 20480  1 nft_reject_inet
nft_reject 16384  1 nft_reject_inet
nf_tables 274432  56 nft_reject_inet,nft_reject
libcrc32c  16384  1 nf_tables
nfnetlink  20480  1 nf_tables
joydev 28672  0
drm_kms_helper278528  0
evdev  28672  2
cec61440  1 drm_kms_helper
sg 36864  0
serio_raw  20480  0
pcspkr 16384  0
drm   634880  1 drm_kms_helper
virtio_balloon 24576  0
qemu_fw_cfg20480  0
button 24576  0
dm_crypt   57344  3
dm_mod163840  19 dm_crypt
ext4  942080  3
crc16  16384  1 ext4
mbcache16384  1 ext4
jbd2  151552  1 ext4
crc32c_generic 16384  0
hid_generic16384  0
usbhid 65536  0
hid   151552  2 usbhid,hid_generic
crc32_pclmul   16384  0
crc32c_intel   24576  7
sd_mod 61440  3
t10_pi 16384  1 sd_mod
crc_t10dif 20480  1 t10_pi
crct10dif_generic  16384  0
crct10dif_pclmul   16384  1
crct10dif_common   16384  3 crct10dif_generic,crc_t10dif,crct10dif_pclmul
virtio_scsi24576  2
virtio_net 61440  0
net_failover   24576  1 virtio_net
failover   16384  1 net_failover
ghash_clmulni_intel16384  0
ata_generic16384  0
uhci_hcd   57344  0
ata_piix   36864  0
libata299008  2 ata_piix,ata_generic
ehci_hcd   98304  0
aesni_intel   372736  6
scsi_mod  270336  4 virtio_scsi,sd_mod,libata,sg
libaes 16384  1 aesni_intel
crypto_simd16384  1 aesni_intel
cryptd 24576  5 crypto_simd,ghash_clmulni_intel
glue_helper16384  1 aesni_intel
psmouse   184320  0
virtio_pci 28672  0
virtio_ring36864  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
virtio 16384  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
i2c_piix4  28672  0
usbcore   331776  3 usbhid,ehci_hcd,uhci_hcd
usb_common 16384  3 usbcore,ehci_hcd,uhci_hcd
floppy 90112  0


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages cryptsetup-initramfs depends on:
ii  busybox 1:1.30.1-6+b3
ii  cryp

Bug#1030998: [PATCH] dietlibc: Drop hppa/parisc specific MADV_* constants

[Thorsten Glaser]

Helge Deller dixit:

>* Thorsten Glaser :
>>
>> Maybe other 5/6-argument syscalls also need review…
>
>Yes, and basically I tink it's stupid to try to distinguish syscalls
>with 1-4 arguments from those which use 5 or 6 arguments.
>With every added syscall someone needs to check again.

Agreed.

>That way we don't need to distinguish and it will always work.
>The downside is some small overhead for every syscall, but I
>think this is neglectable.

I think this is a good solution. Squeezing every last instruction
out is something for active projects with large manpower or something.

>Maybe you can apply it?

Uploaded, thanks.

>(btw, upstream dietlibc is dead?)

dead-ish, but in general, unresponsive to requests to apply the
patches we have in Debian; I tried to reach out multiple times
over the years since 2011 and never got a response. Our entire
ARM support totally differs from upstream’s by now even… 🙀
however it works, so I’ve not switched to the latter.

I think, by now, it’s mostly on life support but works good enough
to justify not throwing it away.

bye,
//mirabilos
-- 
[...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but
what about xfs, and if only i had waited until reiser4 was ready... in the be-
ginning, there was ffs, and in the middle, there was ffs, and at the end, there
was still ffs, and the sys admins knew it was good. :)  -- Ted Unangst über *fs

Bug#1030998: [PATCH] dietlibc: Drop hppa/parisc specific MADV_* constants

[Thorsten Glaser]

Helge Deller dixit:

> The attached patch fixes the dietlibc testsuite crash on hppa
> in the socketfns testcase.

Thanks, applied.

> So, instead of adding and ifdef for hppa/syscall6_weak, simply
> drop the weak function and call the normal __unified_syscall6.

Looking at the nm output of libc.a, it seems to use the 6 version
for sendto but not recvfrom. Huh.

Maybe other 5/6-argument syscalls also need review…

> I think it was simply luck why the testcase succeeded on physical machines.

OK, I reverted the marking as expect-fail and uploaded your patch.

Thanks,
//mirabilos
-- 
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

Bug#1075820: libklibc-dev: unusable on hppa with recent Linux: conflicting types for 'sigset_t'

[Thorsten Glaser]

Helge Deller dixit:

> Maybe sigset_t needs to be removed from
> klibc/include/arch/parisc/klibc/archsignal.h ?

That (with a versioned Depends on the newer kernel headers)
or with a #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 9, 0)
(which will end up causing similar hassle should the change
be backported to stable kernels).

But, yes, such changes to the headers generally require
changes to klibc, as it subsumes those headers explicitly.
This bugreport was intended to signal to the developers
to please do so ☻

bye,
//mirabilos
-- 
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

Bug#1075820: libklibc-dev: unusable on hppa with recent Linux: conflicting types for 'sigset_t'

[Thorsten Glaser]

Package: libklibc-dev
Version: 2.0.13-4
Severity: important
X-Debbugs-Cc: t...@mirbsd.de, Helge Deller 

] In file included from /usr/lib/klibc/include/signal.h:14,
]  from /usr/lib/klibc/include/sys/select.h:11,
]  from /usr/lib/klibc/include/unistd.h:13,
]  from conftest.c:9:
] /usr/lib/klibc/include/arch/parisc/klibc/archsignal.h:17:3: error: 
conflicting types for 'sigset_t'; have 'struct '
]17 | } sigset_t;
]   |   ^~~~
] In file included from 
/usr/lib/klibc/include/arch/parisc/klibc/archsignal.h:11:
] /usr/lib/klibc/include/asm/signal.h:72:3: note: previous declaration of 
'sigset_t' with type 'sigset_t'
]72 | } sigset_t;
]   |   ^~~~

This is with linux-libc-dev_6.9.7-1

Bug#1030998: [PATCH] dietlibc: Drop hppa/parisc specific MADV_* constants

[Thorsten Glaser]

Helge Deller dixit:

> Beside the kernel & glibc patches some qemu-user patches will probably
> be necessary as well.

I think so, given how it basically interposes for both.

> I think disabling such tests is probably best right now.

OK. I’ll try debootstrapping an hppa chroot in qemu and see
if I can reproduce it locally.

You’re not on IRC (OFTC), are you?

bye,
//mirabilos
-- 
18:47⎜ well channels… you see, I see everything in the
same window anyway  18:48⎜ i know, you have some kind of
telnet with automatic pong 18:48⎜ haha, yes :D
18:49⎜ though that's more tinyirc – sirc is more comfy

Bug#1030998: [PATCH] dietlibc: Drop hppa/parisc specific MADV_* constants

[Thorsten Glaser]

Helge Deller dixit:

> I just did a give-back, and this time the build succeeded (on the
> "c8000" buildd server). The last build failed on the "pasta" buildd
> server, which is a qemu-user based build machine, while "c8000" is
> a physical server which runs the *very latest* stable native
> Linux kernel (v6.9.7).

Aaah, that could of course be a thing.

> Of course I will try to reproduce it on "pasta" again just to

If this can be reproduced under qemu-user but not on native hardware
I can mark that test as expected to fail under qemu-user. There’s a
few of them already.

Perhaps qemu-user does not yet support the new constants from those
patches?

bye,
//mirabilos
-- 
Gast: „Ein Bier, bitte!“
Wirt: „Geht auch alkoholfrei?“
Gast: „Geht auch Spielgeld?“

Bug#1030998: [PATCH] dietlibc: Drop hppa/parisc specific MADV_* constants

[Thorsten Glaser]

Helge Deller dixit:

> Ok, so we have to wait until at least the oldstable kernels are "new" enough.

Given hppa is a ports architecture and this had some time to percolate,
I applied the patches now.

However, I get a (possibly unrelated) build failure on hppa now
(dietlibc in experimental): debian/unittests/socketfns.c segfaults.

I thought I could have a look on a porterbox, but unfortunately,
the one that says porterbox is also used as a buildd and so has
no CPU percentage to spare for interactive use, and the one that
says porterbox/buildd doesn’t accept my SSH key, so perhaps you
could have at this on some of your machine(s)?

Thanks in advance,
//mirabilos
-- 
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...

Bug#1069365: dietlibc: FTBFS on arm64: E: Build killed with signal TERM after 150 minutes of inactivity

[Thorsten Glaser]

tags 1069365 + confirmed pending
thanks

Lucas Nussbaum dixit:

>> E: Build killed with signal TERM after 150 minutes of inactivity

Indeed, it busy-spins in diet(1):

include/sys/cdefs.h:#define __likely(foo) __expect((foo),1)

29  size_t strlen(const char *s)
30  {
42  register size_t i;
43  for (i=0; __likely(*s); ++s) ++i;
44  return i;

So, something miscompiles this.

While I don’t speak arm64 assembly, my best guess is…

Dump of assembler code for function strlen:
   0x00401800 <+0>: bti c
   0x00401804 <+4>: adrpx1, 0x41 
   0x00401808 <+8>: mov x3, x0
   0x0040180c <+12>:mov x2, x0
   0x00401810 <+16>:ldr w1, [x1, #776]
   0x00401814 <+20>:cbz w1, 0x401830 
   0x00401818 <+24>:b   0x401800 

… that GCC optimises the for loop into a call to strlen,
for which I have multiple ideas.

Thanks,
//mirabilos
-- 
 you introduced a merge commit│ % g rebase -i HEAD^^
 sorry, no idea and rebasing just fscked │ Segmentation
 should have cloned into a clean repo  │  fault (core dumped)
 if I rebase that now, it's really ugh │ wuahh

Bug#1074595: dygraphs: Move from jsdoc-toolkit to node-jsdoc2

[Thorsten Glaser]

Bastian Germann dixit:

> Please move from to-be-removed jsdoc-toolkit to node-jsdoc2.

Aah!

(Translation: can the nodejs world even do *anything* stable?)

Given I’m also now upstream but have practically no idea about
jsdoc-whatever, a patch would be welcome, even if just as a
starting point (otherwise I pretty much have no idea about this).

bye,
//mirabilos
-- 
21:12⎜ sogar bei opensolaris haben die von der community so
ziemlich jeden mist eingebaut │ man sollte unices nich so machen das
desktopuser zuviel intresse kriegen │ das macht die code base kaputt
21:13⎜ linux war früher auch mal besser :D

Bug#1074346: Trixie and later on i386 will no longer support UEFI Secure Boot

[Thorsten Glaser]

Steve McIntyre dixit:

>we no longer have a signed
>shim. Signed GRUB and fwupd-efi packages will also be removed soon.

Might want to note this on amd64 as well, for those
64-bit systems with 32-bit EFI.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1073608: mksh: move aliased files from / to /usr (DEP17)

[Thorsten Glaser]

Hi Guillem,

>These directories are included because the package should be
>self-contained and ship all required parent directories, otherwise
>dpkg would fail to unpack as you mentioned (even though there's

right.

>generally the Essential set in play), and so that the directory
>"ref-counting" (as a shared resource) works and the last package
>shipping it that gets removed/purged (regardless of the order) can
>properly remove all owned entries. Also for «dpkg -S»'s sake.

If I omit just the top-level directories (bin, etc, usr),
these things all still work (see my previous message), and
I specifically tested dpkg -S both on unmerged bookworm (a
buildd chroot, hence unmerged) and merged sid (chroot).

>> Hmh, lintian warns, and dpkg needs the directories present if
>> not in the .deb, but most likely we c̲a̲n̲ skip top-level dirs.
>
>It looks like you went in this direction for the packages in Debian.

No, I have not uploaded anything yet. I only attached as experiment…
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1073608;filename=mksh_59c-38_amd64.deb;msg=39
… to this bugreport, for inspection by Helmut and others to see
whether this approach will suffice as I refuse to introduce trouble
for users by moving the files around.

Could you please have a look at it, compared with 59c-37 in sid,
to see whether this would work for you? My tests indicate so.

Directory refcounting is not a problem as a package that does not
ship say /bin in its data.tar can create a symlink in /bin/ as part
of the maintainer scripts. The top-level directories are Essential.

>But I'd ask you to please stop doing that, as I consider this to also
>be breaking dpkg assumptions. And as part of the filesystem metadata

Huh, then we’re at an impasse… although, again, the implicit
“base-files has to be extracted first” with base-files containing
the /bin symlink will suffice for any normal operation, and as to
Helmut saying that “dpkg-deb -x” will cause problems, I’ll have to
defer this to you as dpkg maintainer to fix.

>In the future my plan is to add a special dpkg filesystem metadata type
[…]

That’d be good, except…

>parent). So the data.tar would contain /usr/bin/, the package

… no, data.tar should still be able to contain /bin/.
The CTTE decision for the installed OS to be usrmerged has no
bearing on individual packages’ layout after all, and the .deb
files could conceivably also be used on nōn-usrmerged systems,
so this entire “fun” needs to be done outside of packages (other
than base-files and the Essential set, of course).

bye,
//mirabilos
-- 
 Beware of ritual lest you forget the meaning behind it.
 yeah but it means if you really care about something, don't
ritualise it, or you will lose it. don't fetishise it, don't
obsess. or you'll forget why you love it in the first place.

Bug#1073608: mksh: move aliased files from / to /usr (DEP17)

[Thorsten Glaser]

Dixi quod…

>Or, better yet, absence of that entry in the ustar (possibly
>combined with a Pre-Depends). It’s ridiculous that every pak‐
>kage ships all those directory entries anyway. That avoids

Hmh, lintian warns, and dpkg needs the directories present if
not in the .deb, but most likely we c̲a̲n̲ skip top-level dirs.
I’ll experiment later when less headaches.

🐈‍⬛,
//mirabilos
-- 
 den AGP stecker anfeilen, damit er in den slot aufm 440BX board passt…
oder netzteile, an die man auch den monitor angeschlossen hat und die dann für
ein elektrisch aufgeladenes gehäuse gesorgt haben […] für lacher gut auf jeder
LAN party │  damals, als der pizzateig noch auf dem monior "gegangen" ist

Bug#1073608: Bug#1073622: Bug#1073608: mksh: move aliased files from / to /usr (DEP17)

[Thorsten Glaser]

Dixi quod…

>If your only concern is the “undeclared symlink conflict”,
>I’d be willing to entertain considering adding a Pre-Depends
>and/or changing the top-level “bin” in the data.tar.xz member

Or, better yet, absence of that entry in the ustar (possibly
combined with a Pre-Depends). It’s ridiculous that every pak‐
kage ships all those directory entries anyway. That avoids
trouble when extracting without the ‘h’ option of tar as well
as trouble from moving files around.

Meow,
//mirabilos
-- 
[...] if maybe ext3fs wasn't a better pick, or jfs, or maybe reiserfs, oh but
what about xfs, and if only i had waited until reiser4 was ready... in the be-
ginning, there was ffs, and in the middle, there was ffs, and at the end, there
was still ffs, and the sys admins knew it was good. :)  -- Ted Unangst über *fs

Bug#1073608: Bug#1073622: Bug#1073608: mksh: move aliased files from / to /usr (DEP17)

[Thorsten Glaser]

Helmut Grohne dixit:

>There is a significant difference here. mksh has an undeclared directory
>vs symlink conflict with base-files about /bin. This is known to cause
>problems.

But there’s handling in installers to deal with that,
and by keeping the files in mksh in the same location,
there won’t be any of the problems with possibly missing
files, symlinks, etc.

(This is worse for mksh because it’s often used as /bin/sh
as well.)

> In principle, what happens with the location is dependent on
>the unpack order though all practical installations will unpack
>base-files before mksh.

See.

>For another dpkg-deb -x mksh.deb / will break a /usr-merged system.

That is not my problem but that of those who decided to use
a filesystem layout that dpkg doesn’t support.

>a different one than the one I requested, but the status quo is not
>something we can continue using as is.

Why? You systemd iconoclasts got your filesystem layout, so
no need to break even more stuff by hurriedly moving stuff
around that doesn’t need to be moved.

I very much disagree with this.

If your only concern is the “undeclared symlink conflict”,
I’d be willing to entertain considering adding a Pre-Depends
and/or changing the top-level “bin” in the data.tar.xz member
of the .deb ar archive to a symbolic link when building for
trixie and newer only. AIUI, this shouldn’t make a difference
when the system is already poetteringised, which, by requirement
for fully upgraded bookworm systems, it is.

bye,
//mirabilos
-- 
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

Bug#1073608: mksh: move aliased files from / to /usr (DEP17)

[Thorsten Glaser]

close 1073608
close 1073622
thanks

Helmut Grohne dixit:

>This package is part of the /usr-move (DEP17) transition, because it
>contains files in aliased locations and should have those files moved to

No. The files in both packages are in their canonical location.
And if you use a usrmerged system, it does not make any practical
difference anyway.

For mksh, this is even worse as I regularily backport to before
bookworm so newer version numbers must be able to stay in their
current canonical (i.e. /bin/) location.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1073508: libxml2: just another API+ABI break; please bump soname

[Thorsten Glaser]

On Mon, 17 Jun 2024, Aron Xu wrote:

>Control: tags -1 - pending

Oops, right.

>It looks that this libxml2 update is causing more troubles than
>expected, I would like to ask for your opinion whether it's better to
>revert to an older version for the moment?

Might be useful while you ask upstream what they’re doing there
with regards to both API and ABI, and/or someone diffs the API
and ABI surface of the old and new version and figures out whether
there are any other such surprises. Security fixes might need
backporting though.

Maybe they haven’t realised themselves and decide they need to
bump to libxml3 upstream at some point.

bye,
//mirabilos
-- 
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen

Bug#1073508: another libxml2 ABI break, might need RM attention (Re: Bug#1073313: gnustep-base: FTBFS: GSXML.m:2674:22: error: ‘xmlEntity’ {aka ‘struct _xmlEntity’} has no member named ‘checked’)

[Thorsten Glaser]

On Sun, 16 Jun 2024, Thorsten Glaser wrote:

>Better prevent this from landing in trixie until the package
>gets its soname bumped.

In fact, unless someone has the tuits to diff every single
API and ABI surface of the package between trixie (ideally
bookworm) and sid versions, it would be best if any package
built against libxml2 >2.12 be binNMU’d in trixie, and once
2.12 is renamed to libxml3 or something, they are to be rebuilt
in sid anyway.

Who knows what other API and ABI breaks are hiding herein…

bye,
//mirabilos
-- 
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen

Bug#1073313: gnustep-base: FTBFS: GSXML.m:2674:22: error: ‘xmlEntity’ {aka ‘struct _xmlEntity’} has no member named ‘checked’

[Thorsten Glaser]

clone 1073313 -1
reassign -1 libxml2
found -1 2.12.7+dfsg-3
retitle -1 libxml2: just another API+ABI break; please bump soname
severity -1 serious
tags -1 sid
thanks

On Sun, 16 Jun 2024, Thorsten Glaser wrote:

>This is not the first time in *very* recent history that libxml2
>has an ABI break (e.g. LibreOffice ran into that), and… I wonder
[…]
>Looking at the other context in that commit, the “flags” member
>definitely does *not* replace the “checked” member in a compatible
>way. Rather, the functionality that used to be behind “checked”
>is gone in its entirety.

Better prevent this from landing in trixie until the package
gets its soname bumped.

bye,
//mirabilos
-- 
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen

Bug#1073313: gnustep-base: FTBFS: GSXML.m:2674:22: error: ‘xmlEntity’ {aka ‘struct _xmlEntity’} has no member named ‘checked’

[Thorsten Glaser]

On Sun, 16 Jun 2024, Yavor Doganov wrote:

>IMVHO removing a public struct member constitutes an API break.

Definitely. I just took a peek at this.

>It is also an ABI break, because if a program or a library accesses
>such member and is compiled against an old libxml2 version that is
>supposed to be ABI-compatible (like 2.9.14+dfsg-1.3 in trixie), it
>will crash at runtime with the new library version.

I thought “could be, could be not” from:

@@ -56,10 +58,8 @@ struct _xmlEntity {
 struct _xmlEntity *nexte;  /* unused */
 const xmlChar   *URI;  /* the full URI as computed */
 intowner;  /* does the entity own the childrens */
-int checked;   /* was the entity content 
checked */
-   /* this is also used to count entities
-* references done from that entity
-* and if it contains '<' */
+intflags;   /* various flags */
+unsigned long   expandedSize;   /* expanded size */
 };
 
 /*

… but then I looked at the git history and saw:

commit f34f184f8e957e6f9a6eda9859ce85e883c77e5f
Author: Nick Wellnhofer 
Date:   Mon Dec 19 15:24:53 2022 +0100

entities: Add "flags" member to struct xmlEntity

This will hold various flags and eventually replace the "checked"
member.

[…]
--- a/include/libxml/entities.h
+++ b/include/libxml/entities.h
@@ -60,6 +60,7 @@ struct _xmlEntity {
/* this is also used to count entities
 * references done from that entity
 * and if it contains '<' */
+intflags;   /* various flags */
 };
 
 /*

This is not the first time in *very* recent history that libxml2
has an ABI break (e.g. LibreOffice ran into that), and… I wonder
what kind of shitshow upstream runs when they commit things like
that‽

commit ce76ebfd1312459951d555ad9d87fb9a89eede55
Author: Nick Wellnhofer 
Date:   Mon Dec 19 20:56:23 2022 +0100

entities: Stop counting entities

This was only used in the old version of xmlParserEntityCheck.

[…]
--- a/include/libxml/entities.h
+++ b/include/libxml/entities.h
@@ -56,10 +56,6 @@ struct _xmlEntity {
 struct _xmlEntity *nexte;  /* unused */
 const xmlChar   *URI;  /* the full URI as computed */
 intowner;  /* does the entity own the childrens */
-int checked;   /* was the entity content 
checked */
-   /* this is also used to count entities
-* references done from that entity
-* and if it contains '<' */
 intflags;   /* various flags */
 unsigned long   expandedSize;   /* expanded size */
 };

Looking at the other context in that commit, the “flags” member
definitely does *not* replace the “checked” member in a compatible
way. Rather, the functionality that used to be behind “checked”
is gone in its entirety.

bye,
//mirabilos
-- 
Infrastrukturexperte • Qvest Digital AG
Am Dickobskreuz 10, D-53121 Bonn • https://www.qvest-digital.com/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 18196 • USt-ID (VAT): DE274355441
Vorstand: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Vorsitzender Aufsichtsrat: Peter Nöthen

Bug#1073062: e2fsprogs: orphan_file option not even documented

[Thorsten Glaser]

Theodore Ts'o dixit:

>That being said, a quick Google search would have turned up this
>explanation of the orphan_file feature, from the kernel documentation:
>
>  
> https://www.kernel.org/doc/html/latest/filesystems/ext4/globals.html#orphan-file

Yes, that’s what I found later as well, when I was still wondering
what it was good for.

The use case I was thinking of when looking in manpages was to
figure out the exact syntax for tune2fs from a rescue system of
some kind while offline.

>The TL;DR is[…]

Right, it does make sense.

>So first of all, I very much doubt that the Debian Release Managers
>would consider a documentation addition to be critical enough to
>warrant a backport to Debian Stable, since that seems to be reserved
>for critical bug fixes, especially those that are security related.  I

Right… but perhaps if you have to update it anyway, or so…

>Secondly, while I do backport from Debian Testing (trixie) to Debian
>Backports (bookworm-backports), there is certainly no policy which
>mandates that a package be backported.

Of course not, but given you already backported from testing(bookworm)
to bullseye, Backports policy indicates that the backport should be
kept in sync with later updates to then-testing or at least be brought
up to the version now in bookworm-as-stable.

>I suppose if I had time I could try to wrangle an upload to
>bullseye-backports-sloppy, although I've generally not bothered to do
>backports to Debian oldstable.

That gets old really soon, yes, but the existing backport in
bullseye-backports (not -sloppy) should be updated at least.

This would give the world a slightly better-than-average chance
at obtaining a tune2fs and e2fsck capable of working with that.
(For example, I can install most bullseye packages on the live
ISO I use as it was cut from testing not too long before the
release… I actually have been considering trying to re-roll it
based on the bullseye release, with all security and other fixes
applied and a few more packages included.)

I do know that adding changes unrelated to backporting is also
frowned upon, but the second-to-last entry in /u/s/d/e/c.D.gz
will at least contain the two magic words needed, and that may
be enough.

Thanks,
//mirabilos
-- 
08:05⎜ mika: Does grml have an tool to read Apple
 ⎜System Log (asl) files? :)
08:08⎜ yeah. /bin/rm. ;)   08:09⎜ hexdump -C
08:31⎜ ft, mrud: *g*

Bug#1073062: e2fsprogs: orphan_file option not even documented

[Thorsten Glaser]

Package: e2fsprogs
Version: 1.47.1~rc2-1
Severity: normal
Tags: bookworm trixie sid
X-Debbugs-Cc: t...@mirbsd.de

Looking at the whole metadata_csum_seed and orphan_file thing,
I wanted to see in the manpages where they are described, also
so I can find them for copy/pasting later for disabling where
needed.

metadata_csum_seed was easily found, but I could not find
orphan_file in ext4(5) nor tune2fs(8) nor (in raising levels
of panic) mkfs.ext4(8), and not even in mke2fs.conf(5).

In a slightly less unideal world, this would be documented
there, also in bookworm, and the fix also included should
you wish to follow Debian Backports policy and update the
bullseye-backports version to the bookworm one.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 
'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages e2fsprogs depends on:
ii  libblkid1  2.40-8
ii  libc6  2.37-19
ii  libcom-err21.47.1~rc2-1
ii  libext2fs2t64  1.47.1~rc2-1
ii  libss2 1.47.1~rc2-1
ii  libuuid1   2.40-8
ii  logsave1.47.1~rc2-1

Versions of packages e2fsprogs recommends:
pn  e2fsprogs-l10n  

Versions of packages e2fsprogs suggests:
pn  e2fsck-static  
pn  fuse2fs
pn  gpart  
ii  parted 3.6-4

-- no debconf information

Bug#1072804: mod_autoindex: should default to XHTML and send the charset in the document

[Thorsten Glaser]

Package: apache2
Version: 2.4.59-1~deb11u1
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: t...@mirbsd.de

The W3C validator is not quite happy with the default directory indicēs.

Applying the following change to its config…

-   IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* 
DescriptionWidth=* Charset=UTF-8
+   IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* 
DescriptionWidth=* Charset=UTF-8 XHTML

… makes it a little happier, only one warning left (no HTML
meta element to declare the charset, which would involve
patching the C source to emit…
("\n", 
whateverCharsetVar);
… as well (the whateverCharsetVar is the content of the 「Charset=UTF-8」
config from IndexOptions).


-- Package-specific info:

-- System Information:
Debian Release: 11.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages apache2 depends on:
ii  apache2-bin  2.4.59-1~deb11u1
ii  apache2-data 2.4.59-1~deb11u1
ii  apache2-utils2.4.59-1~deb11u1
ii  dpkg 1.20.13
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4+deb11u3
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  lynx [www-browser]   2.9.0rel.1-0.2

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.0-6+deb11u2
ii  libaprutil1  1.6.1-5+deb11u1
ii  libaprutil1-dbd-pgsql1.6.1-5+deb11u1
ii  libaprutil1-dbd-sqlite3  1.6.1-5+deb11u1
ii  libaprutil1-ldap 1.6.1-5+deb11u1
ii  libbrotli1   1.0.9-2+b2
ii  libc62.31-13+deb11u10
ii  libcrypt11:4.4.18-4
ii  libcurl4 7.88.1-10+deb12u5~bpo11+0wtf1
ii  libjansson4  2.13.1-1.1
ii  libldap-2.4-22.4.57+dfsg-3+deb11u1
ii  liblua5.3-0  5.3.3-1.1+deb11u1
ii  libnghttp2-141.43.0-1+deb11u1
ii  libpcre3 2:8.39-13
ii  libssl1.11.1.1w-0+deb11u1
ii  libxml2  2.9.10+dfsg-6.7+deb11u4
ii  perl 5.32.1-4+deb11u3
ii  zlib1g   1:1.2.11.dfsg-2+deb11u2

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  lynx [www-browser]   2.9.0rel.1-0.2

Versions of packages apache2 is related to:
ii  apache2  2.4.59-1~deb11u1
ii  apache2-bin  2.4.59-1~deb11u1

-- Configuration Files:
/etc/apache2/conf-available/charset.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/mods-available/autoindex.conf changed [not included]
/etc/apache2/mods-available/mpm_prefork.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
/etc/apache2/sites-available/default-ssl.conf changed [not included]
/etc/logrotate.d/apache2 changed [not included]

-- no debconf information

Bug#1072768: debian-installer: menu item to select to install oldstable gone

[Thorsten Glaser]

Package: debian-installer
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso

I was booting in expert mode and expecting between the mirror select
and the installing of the base system there to be an option to select
which release to install (oldstable, stable, testing, unstable), as
I have been using occasionally for years.

This menu did not show up.


-- System Information:
Debian Release: 11.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-29-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#1072165: ftpmasters: please decide on sunrpc in dietlibc

[Thorsten Glaser]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: christ...@iwakd.de, t...@mirbsd.de, bastian.germ...@gmx.de
Control: blocks -1 1067946 1069365

Dear ftpmasters,

in #1067946 it was reported that some consider the sunrpc code as
included in dietlibc nōn-free.

Given that the actual wording is…

> […] Users
> * may copy or modify Sun RPC without charge, but are not authorized
> * to license or distribute it to anyone else except as part of a product or
> * program developed by the user.

… and that we receive dietlibc as “a product or program developed by”
Fefe (upstream author) under GPL, I think differently, and this *has*
passed review in the past.

Ultimately, *our* options are closing this as not a problem, removing
dietlibc (not very favourable), and excising the code in question
hoping not to break any downstream users. The reporter has also sent
this to upstream, which is the correct place where to apply the fix
suggested (replace with a different implementation), but there hasn’t
yet been any response or decision either way.

Now I don’t just want to close it or play bug pingpong, so I’d prefer
there to be an official decision either way, so that we can decide
what to do. (And then, I can invest some time to look at the other RC
reported and try to reproduce it on a porterbox etc. but I prefer to
do this when there’s not a sword of possible removal hanging over us.)

Thanks in advance!

Bug#1067946: dietlibc: Includes non-free Sun RPC

[Thorsten Glaser]

Bastian Germann dixit:

>> Do you have a link?
>
> No. It is not a public address.

Ah, yes, that is unfortunate. I used to be subscribed and have no
idea why I’m not, but I re-subscribed (though have not yet seen any
traffic in the last couple of days).

>> What did upstream say?
>
> No upstream response up to now.

OK.

I just asked in #d-ftp whether we can get an official statement
on whether “we received this as part of dietlibc (a product or
program developed by user” (i.e. Fefe) under GPL will suffice
(which I personally consider true).

If they say yes, I’ll fix that the block is missing from d/copyright
and have a look at #1069365 (unless Christian prefers to).

If they say no, we’ll have to inform reverse dependencies of this,
ask upstream again with some more urgency, and prepare for removal
of this meanwhile (I don’t think we can just swap out such much code
in the packaging)… or possibly excise the sunrpc code and hope this
doesn’t break any users.

Until then… no idea. Wait and drink tea, or something?

bye,
//mirabilos
-- 
18:47⎜ well channels… you see, I see everything in the
same window anyway  18:48⎜ i know, you have some kind of
telnet with automatic pong 18:48⎜ haha, yes :D
18:49⎜ though that's more tinyirc – sirc is more comfy

Bug#1070860: musescore3: CVE-2023-44428

[Thorsten Glaser]

Moritz Mühlenhoff dixit:

>Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
>> This is a bit like the limited security support for binutils,
>> I suppose. Could/should we document that in the same places?
>
>Sure thing, this sounds similar to what was done for Lilypond,

Ah, okay.

>best to simply ship a similar README.Debian.security within

I was thinking a README.Debian with:

-snip-
Note on possible security issues from untrusted input:

Upstream has never considered it on scope that the software
cannot “crash” on incorrect input, unfortunately. There is
also no security or other support for this version branch
from upstream. Please consider this and don’t expose the
software to untrusted, possibly incorrect, input files to
avoid triggering DoS or possible security problems in its
parsers without suitable confining measures. This is even
more true for import filters than for the native formats’
parsers (and includes the MusicXML import).

Mu͒seScore Studio was designed to operate as an unconnected
desktop program and not as a remotely accessible service,
so please take care.
-snap-

I’ll accept suggestions to improve, of course; I think I’ll
add the magic word “sandboxing” to the last paragraph?

bye,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
 -- Henry Nelson, March 1999

Bug#1070860: musescore3: CVE-2023-44428

[Thorsten Glaser]

Dixi quod…

>Huh. MuseScore (Studio) is a desktop application.

I’ll add a README.Debian note about that fact and that upstream
has never considered crashes on invalid input a bug and that it
hasn’t been designed as a remotely accessible service, but as a
desktop application, and that users should confine suitably.

The Capella import is a vast minority feature and incomplete
anyway, so I douby many users use it directly.

It’ll also document that these versions receive no support
(security or otherwise) from upstream any more (they’ve gone
open-core, proprietary-extension, version 4, which I don’t
intend to package), though there’s a 3.x community effort
whose initiator I know, which I’ve been intending to package
as musescore-snapshot (it’s “tip of the git branch” without
releases to avoid looking official due to the use of the
well-known name) and with whom I’ll cooperate.

This is a bit like the limited security support for binutils,
I suppose. Could/should we document that in the same places?

>I will have to investigate whether they mean indeed this
>or the musescore.com site or mobile äpps or something.

Given the lack of further information, I’ve contacted the ZDI
to get some; otherwise I can run it with valgrind a bit, but
without a reproducer testcase it’s not very likely to find it.

I’ll keep the bugreport informed.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1070860: musescore3: CVE-2023-44428

[Thorsten Glaser]

Moritz Mühlenhoff dixit:

>| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
>| Execution Vulnerability. This vulnerability allows remote attackers

Huh. MuseScore (Studio) is a desktop application.
I will have to investigate whether they mean indeed this
or the musescore.com site or mobile äpps or something.

But if there’s a fix for a parsing issue, I’ll backport it
(also to musescore2 if applicable).

Thanks for noticing,
//mirabilos
-- 
 exceptions: a truly awful implementation of quite a nice idea.
 just about the worst way you could do something like that, afaic.
 it's like anti-design.   that too… may I quote you on that?
 sure, tho i doubt anyone will listen ;)

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dmitry Shachnev dixit:

>Will you be able to forward your patch upstream when you finalize it?

Sort of. I can do the CLA, Gerrit, etc. dance, but I probably cannot
respond well if they want me to test things with vanilla upstream
(instead of the packaging), or if they have requests I as a C (but
not C++) developer don’t understand.

(The other half of fixing things is even more challenging. I got a
confirmation that Mu͒seScore Evolution upstream cannot upgrade their
Qt versions so they’ll need a different fix subclassing and overriding
the library functions for some cases. If anyone sufficiently proficient
in C++ is interested in helping with that, once we got the fix for Qt
itself going, ping me. Alternatively, helping to figure out how to patch
and rebuild the exact versions they use for Win/Mac or upgrade their
versions without losing Win7 and qtwebengine, IIUC — AIUI their Mac OSX
builds are still at Qt 5.9 for that reason…)

>> +static inline int roundForBbox(qreal v)
>> +{
>> +return (v < 0) ? floor(v) : ceil(v);
>> +}
>
>I see you are passing negated values to this function, e.g. roundForBbox(-x).

Not only them. And roundForBbox is basically just the canonical
“round away from zero / towards ±infinity for integer results”.

The negation in the callers is to convert *some* Qt coordinates
to PS/PDF coordinates, but only for the Y axis, as the X axis is
the same for them.

>I see why you moved properties to the top, but is moving postscriptName
>needed? Maybe leave it where it was to minimize the diff?

It’s not. I moved the whole block to make it easier to read,
but good point.

>You are passing scalep pointer here only to multiply it by this value?

Yes.

>It looks like fontEngine is a public member of QFontSubset, so you can
>do it in the calling code.

Yes, except it’s the callee that determines the scaling factor,
not the caller. By passing it back like this, nothing would have
to change in the caller should the callee ever decide to not scale.


Sune Stolborg Vuorela dixit:

>I can't find any references to something that look like a "OS/2" table
>in the pdf spec.

That’s because we’re talking about OTF/TTF-format tables here.

The problem exists at two different layers.

One is that, when embedding and subsetting a font, Qt generates
a PDF font descriptor whose bounding box is wrong.

The other is that, when embedding and subsetting a font, Qt
converts it to quadratic-spline TTF and scales it to 2048 ppem,
then embedding the resulting TTF in the data object corresponding
to the above-mentioned font descriptor (the data object itself,
when extracted, is a fully functional .ttf font file). The OTF/TTF
file format has description tables, and Qt does not correctly adjust
all values in all tables it includes when scaling the font itself.

>Just to help me double check, how is is the OS/2 table described in the
>font in the pdf ?

The references I’ve been using are:

PDF: 
https://opensource.adobe.com/dc-acrobat-sdk-docs/pdfstandards/pdfreference1.0.pdf
TTF: https://learn.microsoft.com/en-us/typography/opentype/spec/

The OS/2 table specifically is documented at:
https://learn.microsoft.com/en-us/typography/opentype/spec/os2

bye,
//mirabilos
-- 
18:47⎜ well channels… you see, I see everything in the
same window anyway  18:48⎜ i know, you have some kind of
telnet with automatic pong 18:48⎜ haha, yes :D
18:49⎜ though that's more tinyirc – sirc is more comfy

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dixi quod…
>Dmitry Shachnev dixit:
>>Now that you dug so deeply, maybe you can try to replace qRound in those
>>three lines that you mentioned with TO_TTF, and check if it fixes the bug
>
>That *and* figure out somehow how to fix the PDF /FontBBox, at
>least… (though I binary-patched the hhea ascender in the PDF and
>it made Atril happy, so it “should”, despite the still-wrong OS/2
>table values some of which are notably used in clipping by some
>softwares…)

Yes, that worked. I’m attaching the final patch in entirety again
for your convenience.

>I’m trying this (attached). That does both (by letting toTruetype()
>adjust the already-existing scaling factor in the caller) and
>applies suitable rounding (normal for normal values, away from zero
>for the bounding box so it’s guaranteed to encompass all possible
>values). I’ll build it now so I don’t know if it even compiles yet…

It still does not address the OS/2 table, but it does manage to
fix both the PDF-side and font-side hhea table metrics, which is
enough for Atril at least. (Not sure whether it’s enough for my
gf’s printer, I’ll have to test. Or extend the patch to fix the
OS/2 table as well, which I probably should anyway; I have to find
the time for that sometime within the next few days.)

bye,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.miscDescription: scale /FontBBox and hhea table when scaling fonts
 for embedding (the OS/2 table needs handling XXX TODO)
Author: mirabilos 
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070406

--- a/src/gui/painting/qpdf.cpp
+++ b/src/gui/painting/qpdf.cpp
@@ -1870,11 +1870,20 @@ void QPdfEnginePrivate::writeAttachmentR
 "endobj\n");
 }
 
+static inline int roundForBbox(qreal v)
+{
+return (v < 0) ? floor(v) : ceil(v);
+}
+
 void QPdfEnginePrivate::embedFont(QFontSubset *font)
 {
+QFontEngine::Properties properties = font->fontEngine->properties();
+QByteArray postscriptName = properties.postscriptName.replace(' ', '_');
+qreal scale = 1000/properties.emSquare.toReal();
+
 //qDebug() << "embedFont" << font->object_id;
 int fontObject = font->object_id;
-QByteArray fontData = font->toTruetype();
+QByteArray fontData = font->toTruetype(&scale);
 #ifdef FONT_DUMP
 static int i = 0;
 QString fileName("font%1.ttf");
@@ -1891,11 +1900,7 @@ void QPdfEnginePrivate::embedFont(QFontS
 int toUnicode = requestObject();
 int cidset = requestObject();
 
-QFontEngine::Properties properties = font->fontEngine->properties();
-QByteArray postscriptName = properties.postscriptName.replace(' ', '_');
-
 {
-qreal scale = 1000/properties.emSquare.toReal();
 addXrefEntry(fontDescriptor);
 QByteArray descriptor;
 QPdf::ByteStream s(&descriptor);
@@ -1909,15 +1914,15 @@ void QPdfEnginePrivate::embedFont(QFontS
 s <<  '+' << postscriptName << "\n"
 "/Flags " << 4 << "\n"
 "/FontBBox ["
-  << properties.boundingBox.x()*scale
-  << -(properties.boundingBox.y() + 
properties.boundingBox.height())*scale
-  << (properties.boundingBox.x() + 
properties.boundingBox.width())*scale
-  << -properties.boundingBox.y()*scale  << "]\n"
+  << roundForBbox(properties.boundingBox.x()*scale)
+  << roundForBbox(-(properties.boundingBox.y() + 
properties.boundingBox.height())*scale)
+  << roundForBbox((properties.boundingBox.x() + 
properties.boundingBox.width())*scale)
+  << roundForBbox(-properties.boundingBox.y()*scale)  << "]\n"
 "/ItalicAngle " << properties.italicAngle.toReal() << "\n"
-"/Ascent " << properties.ascent.toReal()*scale << "\n"
-"/Descent " << -properties.descent.toReal()*scale << "\n"
-"/CapHeight " << properties.capHeight.toReal()*scale << "\n"
-"/StemV " << properties.lineWidth.toReal()*scale << "\n"
+"/Ascent " << qRound(properties.ascent.toReal()*scale) << "\n"
+"/Descent " << qRound(-properties.descent.toReal()*scale) << "\n"
+"/CapHeight " << qRound(properties.capHeight.toReal()*scale) << 
"\n"
+"/StemV " << qRound(properties.lineWidth.toReal()*scale) << "\n"
 "/FontFile2 " << fontstream << "0 R\n"
 "/CIDSet " << cidset << "0 R\n"
 ">>\nendobj\n";
--- a/src/gui/text/qfontsubset.cpp
+++ b/src/gui/text/qfontsubset.cpp
@@ -1162,13 +1162,14 @@ static QByteArray bindFont(const QVector
   if really required.
 */
 
-QByteArray QFontSubset::toTruetype() const
+QByteArray QFontSubset::toTruetype(qreal *scalep) const
 {
 qttf_font_tables font;
 memset(&font, 0, sizeof(qttf_font_tables));
 
 qreal ppem = fontEngine->fontDef.pixelSize;
 #define TO_TTF(x) qRound(x * 2048. / ppem

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dixi quod…

>values). I’ll build it now so I don’t know if it even compiles yet…

font.hhea.ascender = TO_TTF(properties.ascent.toReal());
font.hhea.descender = TO_TTF(-properties.descent.toReal());
font.hhea.lineGap = TO_TTF(properties.leading.toReal());

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dixi quod…

>>Now that you dug so deeply, maybe you can try to replace qRound in those
>>three lines that you mentioned with TO_TTF, and check if it fixes the bug
>
>That *and* figure out somehow how to fix the PDF /FontBBox, at

I’m trying this (attached). That does both (by letting toTruetype()
adjust the already-existing scaling factor in the caller) and
applies suitable rounding (normal for normal values, away from zero
for the bounding box so it’s guaranteed to encompass all possible
values). I’ll build it now so I don’t know if it even compiles yet…

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)diff -Nru qtbase-opensource-src-5.15.2+dfsg/debian/changelog 
qtbase-opensource-src-5.15.2+dfsg/debian/changelog
--- qtbase-opensource-src-5.15.2+dfsg/debian/changelog  2021-07-02 
17:58:04.0 +0200
+++ qtbase-opensource-src-5.15.2+dfsg/debian/changelog  2024-05-05 
23:58:03.0 +0200
@@ -1,3 +1,10 @@
+qtbase-opensource-src (5.15.2+dfsg-9.0.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches/bug1070406.diff
+
+ -- Thorsten Glaser   Sun, 05 May 2024 23:58:03 +0200
+
 qtbase-opensource-src (5.15.2+dfsg-9) unstable; urgency=medium
 
   * Revert adding fix-misplacement-of-placeholder-text-in-QLineEdit.diff.
diff -Nru qtbase-opensource-src-5.15.2+dfsg/debian/patches/bug1070406.diff 
qtbase-opensource-src-5.15.2+dfsg/debian/patches/bug1070406.diff
--- qtbase-opensource-src-5.15.2+dfsg/debian/patches/bug1070406.diff
1970-01-01 01:00:00.0 +0100
+++ qtbase-opensource-src-5.15.2+dfsg/debian/patches/bug1070406.diff
2024-05-05 23:57:53.0 +0200
@@ -0,0 +1,107 @@
+Description: scale /FontBBox and hhea table when scaling fonts
+ for embedding (the OS/2 table needs handling XXX TODO)
+Author: mirabilos 
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070406
+
+--- a/src/gui/painting/qpdf.cpp
 b/src/gui/painting/qpdf.cpp
+@@ -1870,11 +1870,20 @@ void QPdfEnginePrivate::writeAttachmentR
+ "endobj\n");
+ }
+ 
++static inline int roundForBbox(qreal v)
++{
++return (v < 0) ? floor(v) : ceil(v);
++}
++
+ void QPdfEnginePrivate::embedFont(QFontSubset *font)
+ {
++QFontEngine::Properties properties = font->fontEngine->properties();
++QByteArray postscriptName = properties.postscriptName.replace(' ', '_');
++qreal scale = 1000/properties.emSquare.toReal();
++
+ //qDebug() << "embedFont" << font->object_id;
+ int fontObject = font->object_id;
+-QByteArray fontData = font->toTruetype();
++QByteArray fontData = font->toTruetype(&scale);
+ #ifdef FONT_DUMP
+ static int i = 0;
+ QString fileName("font%1.ttf");
+@@ -1891,11 +1900,7 @@ void QPdfEnginePrivate::embedFont(QFontS
+ int toUnicode = requestObject();
+ int cidset = requestObject();
+ 
+-QFontEngine::Properties properties = font->fontEngine->properties();
+-QByteArray postscriptName = properties.postscriptName.replace(' ', '_');
+-
+ {
+-qreal scale = 1000/properties.emSquare.toReal();
+ addXrefEntry(fontDescriptor);
+ QByteArray descriptor;
+ QPdf::ByteStream s(&descriptor);
+@@ -1909,15 +1914,15 @@ void QPdfEnginePrivate::embedFont(QFontS
+ s <<  '+' << postscriptName << "\n"
+ "/Flags " << 4 << "\n"
+ "/FontBBox ["
+-  << properties.boundingBox.x()*scale
+-  << -(properties.boundingBox.y() + 
properties.boundingBox.height())*scale
+-  << (properties.boundingBox.x() + 
properties.boundingBox.width())*scale
+-  << -properties.boundingBox.y()*scale  << "]\n"
++  << roundForBbox(properties.boundingBox.x()*scale)
++  << roundForBbox(-(properties.boundingBox.y() + 
properties.boundingBox.height())*scale)
++  << roundForBbox((properties.boundingBox.x() + 
properties.boundingBox.width())*scale)
++  << roundForBbox(-properties.boundingBox.y()*scale)  << "]\n"
+ "/ItalicAngle " << properties.italicAngle.toReal() << "\n"
+-"/Ascent " << properties.ascent.toReal()*scale << "\n"
+-"/Descent " << -properties.descent.toReal()*scale << "\n"
+-"/CapHeight " << properties.capHeight.toReal()*scale << "\n"
+-"/StemV " << properties.lineWidth.toReal()*scale << "\n"
++"/Ascent " << qRound(properties.ascent.toReal()*scale) << "\n"
++"/Descent " << qRound(-properties.descent.toReal()*scale) << "\n"

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Hi Dmitry,

(you use Googlemail, which is problematic, I picked your reply
from the BTS; perhaps send to 1070406-submitter@b.d.o instead
which should arrive)

>I checked Qt 4 history [1] and there this code dates back to “Long live Qt!”
>commit from 2009. So it’s unlikely that we can find the original developer

Thanks for checking.

>and ask why it is like that and whether we actually need the OS/2 table.

Yeah. Some renderers might benefit from it in some cases probably.
It contains about 17 or so values that need to be scaled, and it
has multiple versions… I could probably write something…

>(and does not break anything else)?

Chances are extremely slim that fixing the metrics will break
anything ;-)

>Now that you dug so deeply, maybe you can try to replace qRound in those
>three lines that you mentioned with TO_TTF, and check if it fixes the bug

That *and* figure out somehow how to fix the PDF /FontBBox, at
least… (though I binary-patched the hhea ascender in the PDF and
it made Atril happy, so it “should”, despite the still-wrong OS/2
table values some of which are notably used in clipping by some
softwares…)

I think I can try that, though my weekend’s about up by now. I’d
try it with one of the versions (most likely bullseye’s) if that
is okay for you.

For the Mu͒seScore side, things get trickier though as they likely
won’t be able to obtain fixed Qt builds for all platforms. I wonder
whether it would be possible to subclass and just override the
faulty code (or do post-fixups somehow) and patch it to just do
that (if the bug is still present in the used Qt version)… I’m not
even a C++ programmer… *sigh*

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dixi quod…

>correct… but it only changes the metrics in the head table, not
>in the OS/2 or hhea tables (as can be seen when loading the font
>from the PDF in FontForge). Furthermore, the /FontBBox in the PDF
>is constructed from the values from the original font.

And Atril uses the values from the hhea table (found by hexediting).

#define TO_TTF(x) qRound(x * 2048. / ppem)

This is used in things like…

font.hhea.maxAdvanceWidth = TO_TTF(fontEngine->maxCharWidth());

… but not in…

font.hhea.ascender = qRound(properties.ascent);
font.hhea.descender = -qRound(properties.descent);
font.hhea.lineGap = qRound(properties.leading);

… and of course not when the OS/2 table is copied:

if (!noEmbed) {
QTtfTable os2;
os2.tag = MAKE_TAG('O', 'S', '/', '2');
os2.data = fontEngine->getSfntTable(os2.tag);
if (!os2.data.isEmpty())
tables.append(os2);
}

(all examples from stretch’s Qt, as the oldest I had at hand)

bye,
//mirabilos
-- 
15:39⎜«mika:#grml» mira|AO: "mit XFree86® wär’ das nicht passiert" - muhaha
15:48⎜ also warum machen die xorg Jungs eigentlich alles
kaputt? :)15:49⎜ thkoehler: weil sie als Kinder nie den
gebauten Turm selber umschmeissen durften?  -- ~/.Xmodmap wonders…

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Dixi quod…

>$ atril moo.pdf

Further debugging reveals the cause:

When Qt5 embeds a font, it scales it to 2048 ppem, no matter if
it was 1000 ppem (PS/CFF) or 1024 ppem (TTF) before. I think this
is because [QTBUG-586] it cannot embed CFF fonts, so it always
converts to TTF (apparently even if it was TTF already).

The conversion is done not incompetently, the new metrics are
correct… but it only changes the metrics in the head table, not
in the OS/2 or hhea tables (as can be seen when loading the font
from the PDF in FontForge). Furthermore, the /FontBBox in the PDF
is constructed from the values from the original font.

I can confirm that if I prescale the font to 2048 ppem, ceteris
paribus, the bug no longer appears.

QPdfEnginePrivate::embedFont calls font->toTruetype()
but later uses font->fontEngine->properties() for metrics.

QFontSubset::toTruetype does the conversion to 2048 ppem
and others, saying it does not need to add an OS/2 table,
only to later copy the one from the original font if present
without adjusting its values.

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#1070406: Qt5: badly clips some fonts when rendering to PDFs

[Thorsten Glaser]

Package: qtbase5-dev
Version: 5.15.10+dfsg-7.2+b1
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de
Control: found -1 5.15.2+dfsg-9
Control: found -1 5.7.1+dfsg-3+deb9u4
Control: affects -1 musescore
Control: affects -1 musescore3

I’ve received reports that PDFs generated by Mu͒seScore when
viewed in Atril (but not in Okular or mupdf!) have the top
of the treble clef cut off. I found that the same happens
for glyphs of the font I use for URLs and copyright notices
(attached), but only from Mu͒seScore, not from LibreOffice.

I first reported this to Atril both because I couldn’t find
anything wrong with the font metrics (or after fixing what
could have been, I tried multiple variants) upstream at
https://github.com/mate-desktop/atril/issues/610 where a
helpful soul found that there’s some clip path in the PDFs
which Atril honours that clips off the rendering but that
under that the glyphs are fully present.

Then I dug into the Mu͒seScore Studio source code, but could
not find anything suspicious, so I extracted an MWE from its
source code (under GPLv2 though I doubt the example below is
actually nōntrivial enough to be copyrightable) to generate
a PDF and, voilà, the top of the text is cut off in Atril but
not in mupdf.

I’m attaching the MWE (qex.pro + qex.cc) and the font file
(SIL OFL, currently the .otf is the source) so you can
reproduce this. It reproduces for me on stretch, bullseye and
sid, probably universally. (Make sure $DISPLAY is set. Put the
.otf into ~/.local/share/fonts/ to test.)

$ QT_SELECT=5 qmake qex.pro && make && ./qex
$ mupdf moo.pdf
$ atril moo.pdf

Please forward this bug upstream as suitable. Thanks in advance!
(I don’t have the means to test with upstream’s versions.)

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unreleased'), (500, 
'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, x32

Kernel: Linux 5.10.0-26-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages qtbase5-dev depends on:
ii  libegl-dev 1.7.0-1+b1
ii  libgl-dev  1.7.0-1+b1
ii  libglu1-mesa-dev [libglu-dev]  9.0.2-1.1+b1
ii  libqt5concurrent5t64   5.15.10+dfsg-7.2+b1
ii  libqt5core5t64 5.15.10+dfsg-7.2+b1
ii  libqt5dbus5t64 5.15.10+dfsg-7.2+b1
ii  libqt5gui5t64  5.15.10+dfsg-7.2+b1
ii  libqt5network5t64  5.15.10+dfsg-7.2+b1
ii  libqt5printsupport5t64 5.15.10+dfsg-7.2+b1
ii  libqt5sql5t64  5.15.10+dfsg-7.2+b1
ii  libqt5test5t64 5.15.10+dfsg-7.2+b1
ii  libqt5widgets5t64  5.15.10+dfsg-7.2+b1
ii  libqt5xml5t64  5.15.10+dfsg-7.2+b1
ii  libvulkan-dev  1.3.280.0-1
ii  libxext-dev2:1.3.4-1+b1
ii  qt5-qmake  5.15.10+dfsg-7.2+b1
ii  qtbase5-dev-tools  5.15.10+dfsg-7.2+b1
ii  qtchooser  66-2

Versions of packages qtbase5-dev recommends:
pn  libqt5opengl5-dev  

Versions of packages qtbase5-dev suggests:
pn  default-libmysqlclient-dev  
pn  firebird-dev
pn  libpq-dev   
pn  libsqlite3-dev  
pn  unixodbc-dev

-- no debconf information
#include 

#include 
#include 
#include 
#include 
#include 
#include 

#define ensure(what) if (!(what)) errx(1, "%s", #what)

int main(int argc, char *argv[]) {
QGuiApplication MyApp(argc, argv);
QPdfWriter printerDev("moo.pdf");
QPainter p;
ensure(p.begin(&printerDev));
p.setRenderHint(QPainter::Antialiasing, true);
p.setRenderHint(QPainter::TextAntialiasing, true);

QPointF ofs(100, 1000);
QFont font("Inconsolatazi4varl_qu", 72);
p.setFont(font);
p.drawText(ofs, "foi Test 0'l");

p.end();
errx(0, "done");
}
CONFIG += debug
SOURCES += qex.cc
TARGET = qex


Inconsolatazi4varl_qu-Regular.otf
Description: application/vnd.ms-opentype

Bug#1067946: dietlibc: Includes non-free Sun RPC

[Thorsten Glaser]

Hi Bastian,

>I have already informed upstream about it.

did you do that on a mailing list? Do you have a link?
What did upstream say?

Still unconvinced,
//mirabilos
-- 
If Harry Potter gets a splitting headache in his scar
when he’s near Tom Riddle (aka Voldemort),
does Tom get pain in the arse when Harry is near him?
-- me, wondering why it’s not Jerry Potter………

Bug#1067196: qpdf: contrary to the documentation, fix-qdf aborts on removed objects

[Thorsten Glaser]

Jay Berkenbilt dixit:

>How's that?

That explains it very well and not ambiguous to nōn-native
speakers (I hope).

Thanks,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#789401: Proposed patch to solve the issue.

[Thorsten Glaser]

Hi Georgios,

why not just ensure the parent directory of the chroot is not
traversable for just any normal user?

That would allow preserving /tmp/buildd as build place as well
as retaining stuff under /run which packages create and which
is, in practice, often needed for chroots where initscripts are
not run.

In addition, I often do use the access to the /tmp in the chroot
for debugging and bootstrapping, so maybe create a new system
group, chown 0:_pbuilder /var/cache/pbuilder/build; chmod 0750
that directory, and good is? (Untested.)

Then, I could add my user to that group and continue doing so.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1069697: lintian: debian-changelog-line-too-short CVEs

[Thorsten Glaser]

Richard Lewis dixit:

>would it make a difference if the somewhat ambiguous line "CVEs" was
>changed to "Fixes the following CVEs:" ?

It’s very much not ambiguous, as the entire entry is a list of
fixes, that’d be reducing the signal:noise ratio (besides this
part of the changelog is copy-pasted from the upstream release
announcement).

I find that lintian is overly opinionated here. I could agree,
were this just a single line (given the tag’s stated purpose),
but not for multi-line or lists.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1068024: revert to version that does not contain changes by bad actor

[Thorsten Glaser]

Christoph Anton Mitterer dixit:

>So Thorsten, in case you or someone else is aware of any [intermediate]
>results from these task forces ([9[) it would be nice to hear about
>them or better even in form of some "official" statement from Debian.

JFTR I’m not involved in those myself.

bye,
//mirabilos
-- 
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival

Bug#1069697: lintian: debian-changelog-line-too-short CVEs

[Thorsten Glaser]

Package: lintian
Version: 2.117.0

P: openjdk-8-doc: debian-changelog-line-too-short CVEs 
[usr/share/doc/openjdk-8-doc/changelog.Debian.gz:4]

The changelog in question is:

  * New upstream release
  * CVEs
- CVE-2024-21011
- CVE-2024-21085
- CVE-2024-21068
- CVE-2024-21094
  * Security fixes
[…]

I find this a little opinionated anyway, but here not quite
appropriate as the changelog “line” spans more than a physical
line. Maybe, if you won’t consider the space until the next
/^  \* / a “line”, then at least exclude itemisations from that tag?

Thanks.

Bug#1069678: openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094

[Thorsten Glaser]

tags 1069678 + pending
thanks

I’m working on it. Upload should come RSN.

AIUI the security team can feel free to ignore openjdk-8
as it’s in sid for bootstrapping and preparing ELTS upgrades
and downstreams purposes, and not “as is” security-supported
in Debian, so if it helps lowering the workload…

Bug#1068324: lintian: patch-not-forwarded-upstream for upstream patches

[Thorsten Glaser]

Hi Nilesh,

>Right. AFAICS, lintian spews that warning because the header in that patch in
>incomplete. It also needs a "From" and "Subject" (which can be same as commit

this is not entirely correct.

The full patch header is:

Description: fix typeset -p confusion between empty and unset
Origin: commit:10065BC69BE555D6721

Description is the standard name for Subject (the same way
Author is the standard DEP 3 name for From), and it’s present,
and when Origin indicates an upstream commit (as shown here),
Author does not need to be present, per DEP 3.

bye,
//mirabilos
-- 
If Harry Potter gets a splitting headache in his scar
when he’s near Tom Riddle (aka Voldemort),
does Tom get pain in the arse when Harry is near him?
-- me, wondering why it’s not Jerry Potter………

Bug#1068873: openjdk-21: more m68k patches

[Thorsten Glaser]

Dixi quod…

>>I’ll recompile with re-enabled alignment on the missing base
>
>Seems to be only one.
>
>--- src/hotspot/share/memory/allocation.hpp~   2024-04-12 23:52:54.0 
>+
>+++ src/hotspot/share/memory/allocation.hpp2024-04-12 23:52:56.0 
>+
>@@ -276,7 +276,7 @@ class CHeapObj {
>   void operator delete [] (void* p) {
> CHeapObjBase::operator delete[](p);
>   }
>-};
>+} __attribute__ ((aligned (4)));
> 
> // Base class for objects allocated on the stack only.
> // Calling new or delete will result in fatal error.
>
>>classes like we have in 17. But if someone has ideas ’til then…
>
Yes, with this, the build gets much further, so I’d be glad if you
could include this in the next -21 upload (and -20 if you do any
more of these, but probably not, and not necessary on my account).

Thanks,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1067196: qpdf: contrary to the documentation, fix-qdf aborts on removed objects

[Thorsten Glaser]

Jay Berkenbilt dixit:

>As it happens, I am upstream.

Oh, nice ☻ in that case, thanks for qpdf.

>---
>It is not generally practical to remove objects from QDF files without
>messing up object numbering, but if you remove all indirect references
>to an object (without removing the object itself), this will leave the
>object unreferenced. Then you can run qpdf on the file (after running
>:command:`fix-qdf`), and qpdf will omit the now-orphaned object.
>---

That fixes the ambiguity but leaves the reader¹ wondering, on two
reading passes, what other references than indirect there are.
The reader who has not digested the PDF spec in and out, at least.

If you s/ indirect//, would it still be correct? That would be
less possibly-ambiguous, I think.

bye,
//mirabilos
① or at least me right now
-- 
 Beware of ritual lest you forget the meaning behind it.
 yeah but it means if you really care about something, don't
ritualise it, or you will lose it. don't fetishise it, don't
obsess. or you'll forget why you love it in the first place.

Bug#1067639: sasl2-bin: terminates with smashed stack and kills qemu-user?!

[Thorsten Glaser]

Bernhard Übelacker dixit:

> On Thu, 4 Apr 2024 21:00:59 + (UTC) Thorsten Glaser  
> wrote:
>> Sometimes, it does not crash with a smashed stack but instead:
>>
>> Setting up sasl2-bin (2.1.28+dfsg1-6+b1) ...
>> BDB0002 __fop_file_setup:  Retry limit (100) exceeded
>> saslpasswd2: generic failure
>
> This looks to be a result of the pre-existing /etc/__db.sasldb2.
> If this file gets removed the stack smashing occurs again.

Right, I got there as well but not any further.

> By some experimenting I could convince gdb to load the debug symbols.

Massive detective work, thanks!

> And the stack seems to point into function __os_unique_id from libdb-5.3.so.
>
> Unfortunately I am not sure where the canary gets overwritten.

I had an immediate hunch as I saw this:

> 38  __os_gettime(env, &v, 1);

And:

> (gdb) ptype /o v
> type = struct {
> /*  0  |   8 */time_t tv_sec;
> /*  8  |   4 */long tv_nsec;
>
>   /* total size (bytes):   12 */
> }

This is, in the source:

typedef struct {
time_t  tv_sec; /* seconds */
#ifdef HAVE_MIXED_SIZE_ADDRESSING
int32_t tv_nsec;
#else
longtv_nsec;/* nanoseconds */
#endif
} db_timespec;

Compare the newer system header:

struct timespec
{
#ifdef __USE_TIME_BITS64
  __time64_t tv_sec;/* Seconds.  */
#else
  __time_t tv_sec;  /* Seconds.  */
#endif
#if __WORDSIZE == 64 \
  || (defined __SYSCALL_WORDSIZE && __SYSCALL_WORDSIZE == 64) \
  || (__TIMESIZE == 32 && !defined __USE_TIME_BITS64)
  __syscall_slong_t tv_nsec;/* Nanoseconds.  */
#else
# if __BYTE_ORDER == __BIG_ENDIAN
  int: 32;   /* Padding.  */
  long int tv_nsec;  /* Nanoseconds.  */
# else
  long int tv_nsec;  /* Nanoseconds.  */
  int: 32;   /* Padding.  */
# endif
#endif
};

This is actually longer and (IMHO) really stupid. But Linux has:

struct __kernel_timespec {
__kernel_time64_t   tv_sec; /* seconds */
long long   tv_nsec;/* nanoseconds */
};

So this is actually expected. *checks POSIX* which says:

| The  header shall declare the timespec structure, which shall
| include at least the following members:
|
| time_t tv_sec Whole seconds.
| long tv_nsec  Nanoseconds [0, 999 999 999].

So both the kernel definition (tv_nsec must be long, not long long,
which is incompatible on ILP32 big endian platforms) and the one by
db5.3 (struct timespec may include extra members and be in any order)
actually violate POSIX… *sigh*

And yes, it does cast to struct timespec and passes it
to clock_gettime().

But it does give us a possible fix, which I’ll be testing.

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#1068873: openjdk-21: more m68k patches

[Thorsten Glaser]

Dixi quod…
>I’ll recompile with re-enabled alignment on the missing base

Seems to be only one.

--- src/hotspot/share/memory/allocation.hpp~2024-04-12 23:52:54.0 
+
+++ src/hotspot/share/memory/allocation.hpp 2024-04-12 23:52:56.0 
+
@@ -276,7 +276,7 @@ class CHeapObj {
   void operator delete [] (void* p) {
 CHeapObjBase::operator delete[](p);
   }
-};
+} __attribute__ ((aligned (4)));
 
 // Base class for objects allocated on the stack only.
 // Calling new or delete will result in fatal error.

>classes like we have in 17. But if someone has ideas ’til then…

gn8,
//mirabilos
-- 
This space for rent.

Bug#1068873: openjdk-21: more m68k patches

[Thorsten Glaser]

Dixi quod…

>>(This is what I found trying to build openjdk-20, but it’ll be
>>needed in 21 as well. Even getting to this point took 13½ days
>>already…)
>
>And turns out that this isn’t the cause.
>
>In 17, we’ve got src/hotspot/share/memory/allocation.hpp to
>align all CHeapObj, StackObj, MetaspaceObj, etc. classes; this
>is gone in 21. So this needs to be brought back instead.

Hmmhmm. Since I’m having to build/debug 20 first…

… in 20, StackObj has its alignment bumped manually,
but CHeapObj doesn’t. MetaspaceObj does, ResourceObj
and ArenaObj don’t, AnyObj does.

So I’m guessing we will want to fix up the allocators instead?
(Though raising the alignment for cases where people allocate
them on the stack may still be useful…)

ArenaObj… is not allocated‽

resource_allocate_bytes uses Thread::current()->resource_area()->allocate_bytes
which uses Amalloc which seems to align well.

AllocateHeap uses os::malloc which uses ::malloc (C function?)
in NMT and normal cases. Huh. MallocHeader is 16 bytes, also okay.
The glibc texinfo docs say…
| The address of a block returned by ‘malloc’ or ‘realloc’ in GNU systems
| is always a multiple of eight (or sixteen on 64-bit systems).  If you
… so that should *also* be okay?! Unless that’s not true, anyway…

#define SIZE_SZ (sizeof (INTERNAL_SIZE_T))
#define MALLOC_ALIGNMENT (2 * SIZE_SZ < __alignof__ (long double) \
  ? __alignof__ (long double) : 2 * SIZE_SZ)

… it should.

So where does the unaligned _futex_barrier member in the
class LinuxWaitBarrier : public CHeapObj come from?

AFAICS, the caller is:

WaitBarrier* SafepointSynchronize::_wait_barrier;
  _wait_barrier = new WaitBarrier(vmthread);

With:

typedef LinuxWaitBarrier WaitBarrierDefault;
template 
class WaitBarrierType : public CHeapObj {
  WaitBarrierImpl _impl;
…
}
typedef WaitBarrierType WaitBarrier;

So the “new WaitBarrier” should call CHeapObj::operator new(size_t size)
TTBOMK (IANAC++Programmer) which calls CHeapObjBase::operator new(size, 
mtInternal)
= AllocateHeap(size, mtInternal)…

Hmmm. But, oops, I see something more:

src/hotspot/share/services/mallocTracker.hpp:  static const size_t 
overhead_per_malloc = sizeof(MallocHeader) + sizeof(uint16_t);

That would dealign things… but MallocTracker::record_malloc
only adds sizeof(MallocHeader) and has an assert (unsure if
NDEBUG though) that checks alignment…

I am lost. I can *see* an under-aligned futex barrier in strace.

19270 futex(0xcf80078a, FUTEX_WAKE_PRIVATE, 2147483647) = -1 EINVAL (Invalid 
argument)

I cannot see how, though.

FWIW, /tmp/buildd/openjdk-20-20.0.2+9/build/jdk/bin/java \
-XX:NativeMemoryTracking=summary -version also crashes, same
with an explicit -XX:NativeMemoryTracking=off :/

I’ll recompile with re-enabled alignment on the missing base
classes like we have in 17. But if someone has ideas ’til then…

Mraw,
//mirabilos
-- 
 exceptions: a truly awful implementation of quite a nice idea.
 just about the worst way you could do something like that, afaic.
 it's like anti-design.   that too… may I quote you on that?
 sure, tho i doubt anyone will listen ;)

Bug#1068873: openjdk-21: more m68k patches

[Thorsten Glaser]

Dixi quod…

>(This is what I found trying to build openjdk-20, but it’ll be
>needed in 21 as well. Even getting to this point took 13½ days
>already…)

And turns out that this isn’t the cause.

In 17, we’ve got src/hotspot/share/memory/allocation.hpp to
align all CHeapObj, StackObj, MetaspaceObj, etc. classes; this
is gone in 21. So this needs to be brought back instead.

Bug#1068629: testng7 backport for bullseye needed for latest Java LTS releases

[Thorsten Glaser]

Hi Vladimir,

if you have any suggestions as to what to do best with openjdk-8,
feel free to say.

In Debian, it’s only relevant in unstable, ELTS stretch and jessie,
but for Ubuntu it’s used in more.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1068873: openjdk-21: more m68k patches

[Thorsten Glaser]

Source: openjdk-21
X-Debbugs-Cc: t...@mirbsd.de, debian-...@lists.debian.org

Please add the following patch e.g. to debian/patches/m68k-support.diff
for more making implicit alignment assumptions (here by the futex
syscall) explicit:

--- src/hotspot/os/linux/waitBarrier_linux.hpp~ 2024-04-12 18:24:38.584686322 
+0200
+++ src/hotspot/os/linux/waitBarrier_linux.hpp  2024-04-12 18:24:46.768716977 
+0200
@@ -29,7 +29,7 @@
 #include "utilities/globalDefinitions.hpp"
 
 class LinuxWaitBarrier : public CHeapObj {
-  volatile int _futex_barrier;
+  volatile int _futex_barrier __attribute__((__aligned__(4)));
 
   NONCOPYABLE(LinuxWaitBarrier);
 

Thanks!

(This is what I found trying to build openjdk-20, but it’ll be
needed in 21 as well. Even getting to this point took 13½ days
already…)

Bug#1068615: pbuilder will overwrite LANG/LC_ALL if they are set via config file

[Thorsten Glaser]

Sergio Durigan Junior dixit:

>-export LANG=C
>-export LC_ALL=C
>+export LANG="${LANG:-C}"
>+export LC_ALL="${LC_ALL:-C}"

Ouch, no.

IMHO, they ought to really be unset for sane build environments,
and if the thing to be built needs locales, it can set its own.

Passing environment variables, even “just” the locale, from the
outside into the build environment is a dark path.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1067196: qpdf: contrary to the documentation, fix-qdf aborts on removed objects

[Thorsten Glaser]

Jay Berkenbilt dixit:

>Can you tell me where in the docs it says what you're describing?
>Here's a direct quote from the current qpdf documentation:
>
>It is not generally practical to remove objects from QDF files without
>messing up object numbering, but if you remove all references to an
>object, you can run qpdf on the file (after running fix-qdf), and qpdf
>will omit the now-orphaned object.

Yes, I meant that. At least two people assumed that “remove all
references” includes the object itself, but now that you point it
out, it likely doesn’t, but we are no native speakers, so I don’t
know which of the two interpretations is more likely to them or
if even both are possible.

Maybe, if you have good connections to upstream, suggest to them
to add “(but not the object itself)” to behind “all references to
an object”, but the bug can then be closed.

Thanks for looking into it,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1068326: bookworm-pu: package mksh/59c-28+deb12u1

[Thorsten Glaser]

Jonathan Wiltshire dixit:

>Please go ahead.

Thanks. Do you need a blurb for the point release notes
or something?

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1068350: [musl] Re: Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie → seems to be a toolchain bug after all, it does too hit glibc

[Thorsten Glaser]

Rich Felker dixit:

>Is there anything weird about how these objects were declared that
>might have caused ld not to resolve them statically like it should? It
>seems odd that these data symbols, but not any other ones, would be
>left as symbolic relocations.

I don’t think so?

In  I already
posted the short version; the actual source is (mirrored):

The initcoms array is here:
https://github.com/MirBSD/mksh/blob/b0219da8e6dfc7b16e923e220dc6933c5ed9b326/main.c#L77

Tdr is defined at:
https://github.com/MirBSD/mksh/blob/b0219da8e6dfc7b16e923e220dc6933c5ed9b326/sh.h#L3055

The u_ops array is declared a few lines above that and defined at:
https://github.com/MirBSD/mksh/blob/b0219da8e6dfc7b16e923e220dc6933c5ed9b326/funcs.c#L160

initvsn is defined at…
https://github.com/MirBSD/mksh/blob/b0219da8e6dfc7b16e923e220dc6933c5ed9b326/sh.h#L713
… with the EXTERN and E_INIT macros from…
https://github.com/MirBSD/mksh/blob/b0219da8e6dfc7b16e923e220dc6933c5ed9b326/sh.h#L657
where main.c defines EXTERN, so the string is embedded into the file using it.

Is there perhaps a misunderstanding with the gcc/binutils/glibc developers
as to what static-pie is meant to be?

bye,
//mirabilos
-- 
 cool ein Ada Lovelace Google-Doodle. aber zum 197. Geburtstag? Hätten
die nicht noch 3 Jahre warten können?  bis dahin gibts google nicht
mehr  ja, könnte man meinen. wahrscheinlich ist der angekündigte welt-
untergang aus dem maya-kalender die globale abschaltung von google ☺ und darum
müssen die die doodles vorher noch raushauen

Bug#1068350: [musl] Re: Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie → seems to be a toolchain bug after all, it does too hit glibc

[Thorsten Glaser]

Markus Wichmann dixit:

>I may not really know what I am talking about, so take this with a grain
>of salt, but isn't this missing a -Bsymbolic somewhere? Ironically, that
>switch causes ld to not emit symbolic relocations. I seem to remember
>reading long ago in Rich's initial -static-pie proposal that that was
>one of the switches added to the linker command line.

When searching for which architectures support static PIE in the first
place (sadly, there doesn’t seem a consistent list), I found one saying
it’s no longer necessart after some point, so I didn’t check it.

>In any case, the emission of non-relative relocations is the issue here,
>and it is coming from the linker.

They are present in the glibc static-pie binary as well, though.
And tbh they look to me like “just plug the absolute address of
the symbol here, please”, which is perfectly fine for things like
an array of strings when the actual string has already its own symbol.

(Disclaimer: I know… barely anything about Unix relocation types,
a bit more about those on DOS and even TOS.)

bye,
//mirabilos
-- 
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival

Bug#1068350: [musl] Re: Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie → seems to be a toolchain bug after all, it does too hit glibc

[Thorsten Glaser]

Markus Wichmann dixit:

>can check with readelf -r what the relocation types are. If they are not
>relative, they will not be processed.

Gotcha! They are all R_390_RELATIVE except for:

00045ff0  00110016 R_390_64  00042c58 u_ops + 70
00045ff8  00110016 R_390_64  00042c58 u_ops + 0
00047020  00110016 R_390_64  00042c58 u_ops + 80
00047088  00110016 R_390_64  00042c58 u_ops + 80
000470a8  00110016 R_390_64  00042c58 u_ops + b8
00047220  00110016 R_390_64  00042c58 u_ops + 80
00046900  00260016 R_390_64  00015af8 c_command + 0
00046940  00070016 R_390_64  00017238 c_exec + 0
00046ab0  00200016 R_390_64  00016a80 c_trap + 0
00047090  00250016 R_390_64  000430ac initvsn + 0
00047278  00550016 R_390_64  00047438 null_string + 2

That’s our missing strings.

>Is it possible you are linking in the wrong start file? gcc -v should
>output the command line it feeds to the linker.

Should be correct:

 /usr/libexec/gcc/s390x-linux-gnu/13/collect2 -fno-lto -dynamic-linker 
/lib/ld-musl-s390x.so.1 -nostdlib -static -static -pie --no-dynamic-linker -o 
mksh /usr/lib/s390x-linux-musl/rcrt1.o /usr/lib/s390x-linux-musl/crti.o 
/usr/lib/gcc/s390x-linux-gnu/13/crtbeginS.o -L/usr/lib/s390x-linux-musl -L 
/usr/lib/gcc/s390x-linux-gnu/13/. -z relro -z now --as-needed -z text 
--eh-frame-hdr lalloc.o edit.o eval.o exec.o expr.o funcs.o histrap.o jobs.o 
lex.o main.o misc.o shf.o syn.o tree.o var.o ulimit.o --start-group 
/usr/lib/gcc/s390x-linux-gnu/13/libgcc.a 
/usr/lib/gcc/s390x-linux-gnu/13/libgcc_eh.a -lc --end-group 
/usr/lib/gcc/s390x-linux-gnu/13/crtendS.o /usr/lib/s390x-linux-musl/crtn.o

HTH & HAND,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Bug#1067752: anacrontab(5) incorrectly says the only @period is @monthly (@yearly also supported)

[Thorsten Glaser]

Hi,

I don’t think a /etc/cron.yearly/ should be created as directory,
given that the default /etc/crontab never executes anything in it
even if anacron may do.

bye,
//mirabilos
-- 
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert… wer konnte ahnen, daß SIE so
reagier’n… gestern Nacht ist mein IRC-Netzwerk explodiert~~~
(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie → seems to be a toolchain bug after all, it does too hit glibc

[Thorsten Glaser]

Dixi quod…

>Now I (or someone) is going to have to reduce that to a testcase, so

No success with that, unfortunately.

>But this does seem to be a toolchain bug: adding -static-pie to the
>glibc dynamic-pie link command and…
>
>(gdb) print initcoms
>$1 = {0xda494 "typeset", 0x0, 0x0, 0x0, 0xda494 "typeset", 0x0, 0xd942c 
>"HOME", 0xda7d8 "PATH",

Wait, what?

(gdb) b main
Breakpoint 1 at 0xd820: file ../../main.c, line 785.
(gdb) print initcoms
$1 = {0xda494 "typeset", 0x0, 0x0, 0x0, 0xda494 "typeset", 0x0, 0xd942c "HOME", 
0xda7d8 "PATH",
[…]
(gdb) r
Starting program: /home/tg/mksh-59c/builddir/full/mksh

Breakpoint 1, main (argc=1, argv=0x3ffa4d8) at ../../main.c:785
785 {
(gdb) print initcoms
$2 = {0x3fff7eda494 "typeset", 0x3fff7ee4548  "-r",
  0x3fff7ee4ae0  "KSH_VERSION=@(#)MIRBSD KSH R59 2024/02/01 +Debian", 
0x0, 0x3fff7eda494 "typeset",
[…]

While in musl:

(gdb) print initcoms
$1 = {0x414a4 "typeset", 0x0, 0x0, 0x0, 0x414a4 "typeset", 0x0, 0x40478 "HOME", 
0x41d42 "PATH",
[…]
(gdb) r
Starting program: /home/tg/mksh-59c/builddir/static-musl/mksh

Breakpoint 1, main (argc=1, argv=0x3ffa498) at ../../main.c:785
785 {
(gdb) print initcoms
$2 = {0x3fff7fc14a4 "typeset", 0x0, 0x0, 0x0, 0x3fff7fc14a4 "typeset", 0x0, 
0x3fff7fc0478 "HOME",
[…]

So the existing ones did get relocated, but the nullptrs stayed thusly.

Apparently, it *is* supported on glibc on s390x, mjt (qemu maintainer)
also said so in 2023.

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#1068348: xz-utils: Should activate trigger to force regenerating initramfs

[Thorsten Glaser]

Sebastian Andrzej Siewior dixit:

>the older "previous" kernel has it.

And that won’t be fixed even with a trigger.

Used to be -uk all would, but (#1065698) that doesn’t work any more.

Given how widespread the info already is and that it affects sid and
a subset of trixie users, maybe go with just a NEWS.Debian entry for
that?

(I’d be more interested of what other backdoors there might be like
joeyh indicated.)

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie → seems to be a toolchain bug after all, it does too hit glibc

[Thorsten Glaser]

Dixi quod…

>Hmm, actually… I could… test whether that one fixes static-pie
>on zelenka. Or at least the same approach. I’ll get back with
>report from that.

Having looked at the spec file, the only extra things the stock
specs do that the overriding specs don’t is:

*link:
[…] %{!static|static-pie:--eh-frame-hdr} […] %{static-pie:-static -pie 
--no-dynamic-linker -z text} […]

instead of:

[…] %{static-pie:-static -pie --no-dynamic-linker} […]

The -Wl,-z,text makes TEXTRELs an error. Granted.
The -Wl,--eh-frame-hdr is added for anything that’s not a normal
static executable, however adding that to a musl build doesn’t
fix the problem either.

A bit of gdb-ing shows the problem, though: the source code has…

#define Ttypeset "typeset"
#define Tdr "-r"
//… (a variant of this is used for string sharing on ancient Unix)

static const char *initcoms[] = {
Ttypeset, Tdr, initvsn, NULL,
Ttypeset, Tdx, "HOME", TPATH, TSHELL, NULL,
  […]
};

It then iterates over these commands with:

for (wp = initcoms; *wp != NULL; wp++) {
c_builtin(wp);
while (*wp != NULL)
wp++;
}

This is where the extra output happens:

(gdb) print initcoms
$3 = {0x3fff7fc14a4 "typeset", 0x0, 0x0, 0x0, 0x3fff7fc14a4 "typeset", 0x0, 
0x3fff7fc0478 "HOME", 
[…]

Notice the nullptrs there where string pointers are expected.
It shows the same output when just loading the executable, i.e. this
isn’t a runtime issue.

Linking the exact same .o files with the exact same command minus
-static-pie gives:

(gdb) print initcoms
$1 = {0x103cb34 "typeset", 0x103e368  "-r", 
  0x103e73c  "KSH_VERSION=@(#)MIRBSD KSH R59 2024/02/01 +Debian", 0x0, 
0x103cb34 "typeset", 

But this does seem to be a toolchain bug: adding -static-pie to the
glibc dynamic-pie link command and…

(gdb) print initcoms
$1 = {0xda494 "typeset", 0x0, 0x0, 0x0, 0xda494 "typeset", 0x0, 0xd942c "HOME", 
0xda7d8 "PATH",

Now I (or someone) is going to have to reduce that to a testcase, so
we can detect static-pie viability before it’s committed to being used…

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#1067639: sasl2-bin: terminates with smashed stack and kills qemu-user?!

[Thorsten Glaser]

Sometimes, it does not crash with a smashed stack but instead:

Setting up sasl2-bin (2.1.28+dfsg1-6+b1) ...
BDB0002 __fop_file_setup:  Retry limit (100) exceeded
saslpasswd2: generic failure
dpkg: error processing package sasl2-bin (--configure):
 installed sasl2-bin package post-installation script subprocess returned error 
exit status 1

(I tried rebuilding it, but that didn’t fix it either.)

Bug#1068350: [musl] Re: Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie

[Thorsten Glaser]

Rich Felker dixit:

>I seem to recall the musl-gcc wrapper does not handle static-pie
>right.

Hmm. Inhowfar? And it does seem to work fine on the other
architectures.

>A real cross toolchain should.

I fear that that’s out of question for Debian.

I’ve got a github action test setup for mksh though, which also
uses jirutka/setup-alpine to set up chroots of Alpine Linux for
various architectures and uses them to build natively under
qemu-user. I could use that to check static-pie? IIUC, these use
“a real cross toolchain”, if natively; qemu-user adds an extra
potential failure dimension though…

>If there's an easy fix for the wrapper I'd be happy to merge it.

Together with the MIPS fix?

Hmm, actually… I could… test whether that one fixes static-pie
on zelenka. Or at least the same approach. I’ll get back with
report from that.

bye,
//mirabilos
-- 
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence.  -- Coywolf Qi Hunt

Bug#1068350: musl: miscompiles (runtime problems) on riscv64 and s390x with static-pie

[Thorsten Glaser]

Szabolcs Nagy dixit:

>the next culprit is gcc (each target can have their own

gcc-13_13.2.0-23

>static pie specs) or the way you invoked gcc (not visible

As I wrote earlier, though with more flags. Dropping all the -D…
and -W… and -I… and other irrelevant ones:

musl-gcc -Os -g -fPIE -fno-lto -fno-asynchronous-unwind-tables
-fno-strict-aliasing -fstack-protector-strong -fwrapv -c …
musl-gcc -Os -g -fPIE -fno-lto -fno-asynchronous-unwind-tables
-fno-strict-aliasing -fstack-protector-strong -fwrapv
-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -static -static-pie
-fno-lto -o mksh  *.o

Same for both. You can see the full log by activating the
[64]Installed and [71]Installed links respectively on
https://buildd.debian.org/status/package.php?p=mksh and
skipping to 'compilation of mksh in static-musl' to get to
the beginning of the configure phase for that.

>are you sure static pie works on these targets?

No ;-) That’s why I reported this issue. I had just
enabled it for the musl builds, as the security people
like that more than normal static.

Thanks for looking,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc