Bug#336645: php4: not only dependent on register_globals

Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 http://www.hardened-php.net/index.76.html This page explains why the so-called 'globals overwrite' bug matters, even regardless of the register_globals setting. To put it briefly, the $GLOBALS array can be accessed directly by other

Bug#336645: php4: here is the patch

Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 here is a patch that applies cleanly on sarge: http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.2r2=1.543.2.51.2.3ty=h I append a modified patch that will apply cleanly on the sarge tree. I hope this

Bug#336645: php4: not only dependent on register_globals

On Thu Nov 17, 2005 at 11:15:05PM -0800, Steve Langasek wrote: On Thu, Nov 17, 2005 at 07:38:18PM -0500, Antoine Beaupre wrote: Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 http://www.hardened-php.net/index.76.html This page explains why the so-called 'globals

Bug#580949: libnetgraph4: netgraph completely broken

Package: libnetgraph4 Version: 8.0-4 Severity: grave Justification: renders package unusable I can't get netgraph to work under Debian/kFreeBSD. I was able to get ngctl to compile using a simple hack to work around #522773 and #522774 (#define __unused) but it's completely refusing to start:

Bug#705000: cryptsetup now says: evms_activate is not available

Control: tag -1 moreinfo It seems I had partition alignment issues on this drive. I am finishing the restore of the partitions, but in the meantime, maybe this should be ignored... A. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe.

Bug#854616: scdaemon cannot access yubikey using ccid driver without pcscd

Package: scdaemon Version: 2.1.18-3 Severity: grave In Bug#854005, I have described a distinct issue I have experience with my Yubikey since the upgrade of the GnuPG suite from 2.1.17 to 2.1.18, and in the case of pcscd, from 1.8.19-1 to 1.8.20-1. I am not sure what exactly is going on here.

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Package: calibre Version: 2.71.0+dfsg-1 Severity: critical File: /usr/bin/ebook-viewer Tags: security Hi, Someone pointed me to this note in the 2.75.1 changelog: E-book viewer: Prevent javascript in the book from accessing files on the computer using XMLHttpRequest. The ticket link

Bug#855588: memory leak could lead to Denial Of Service

Package: atheme-services Version: 7.2.7 Severity: grave Tags: security Upstream changelog says: This is a security release closing a memory leak that could be exploited by attackers to potentially cause a denial of service. Release 7.2.7 is affected; older releases are

Bug#816063: emacs24: TLS certificate validation is silently broken

tags -1 -unreproducible I can reproduce issues with certification verification in Emacs 24.5+1-8 in Debian Stretch. As documented here: https://glyph.twistedmatrix.com/2015/11/editor-malware.html The following script will yield an error: (let ((bad-hosts (cl-loop for bad in

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never

Bug#854703: disappears and never returns?

Package: pcscd Version: 1.8.20-1 Severity: grave Since I upgraded from 1.8.19-1 to 1.8.20-1 (or maybe it is because of scdaemon 2.1.18, unclear), I cannot reliably use pcscd for multiple days. After a while, the pcscd daemon just disappears, and then scdaemon cannot talk to it anymore: fév 09

Bug#858402: hangs on install when trying to start

Package: docker.io Version: 1.11.2~ds1-6 Severity: grave I tried to install docker.io in Debian stretch (I know, it's banned, but I figured I'd try my luck) and it completely hangs apt-get install: $ LANG=C sudo dpkg --configure -a Setting up docker.io (1.11.2~ds1-6) ... addgroup: The group

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Fri, May 19, 2017 at 10:46:35AM -0500, Michael Shuler wrote: > On 05/19/2017 10:07 AM, Chris Lamb wrote: > > I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5: > > > > ca-certificates (20161130+nmu1) unstable; urgency=medium > > > > * Non-maintainer upload. > > * Add

Bug#867986: [Pkg-ipsec-tools-devel] Bug#867986: CVE-2016-10396

On Tue, Jul 18, 2017 at 01:53:09PM -0400, Noah Meyerhans wrote: > Control: tags -1 + pending patch > > On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote: > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396 > > > > I believe that the attached

Bug#866790: postfix rules yield error and fail

Package: apparmor Version: 2.11.0-3 Severity: grave Right now, in debian stretch, any apparmor command will yield: $ sudo aa-disable usr.bin.irssi ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found ... if apparmor-profiles is installed. This, obviously, is an error in

Bug#863897: sudo: Further issue in parsing /proc/[pid]/stat when process name contains newline

On Mon, Jun 05, 2017 at 06:32:11AM +0200, Salvatore Bonaccorso wrote: > Hi! > > On Sun, Jun 04, 2017 at 08:35:05PM +0200, Salvatore Bonaccorso wrote: > > Hi Bdale > > > > Since time is pressing a bit for the release of stretch, any problem > > in if I would prepare a NMU for both stretch

Bug#867477: poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service

Package: poppler X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security patch upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=100774 Hi, the following vulnerability was published for poppler. CVE-2017-9865[0]: | The

Bug#856645: docker.io: can't install in sid: docker.io 1.11 depends on runc which breaks docker < 1.12

Control: fixed -1 1.13.1~ds1-2 On Fri, Mar 03, 2017 at 11:11:36AM +0200, Dov Feldstern wrote: > Current versions of docker.io and runc conflict; docker.io depends on runc, > but: > > runc : Breaks: docker.io (< 1.12) but 1.11.2~ds1-6 is to be installed I believe this is now fixed: I

Bug#865975: docker.io breaks (bridged) network for VMs

Control: tags -1 +moreinfo On Mon, Jun 26, 2017 at 11:16:56AM +0200, Roland Kammerer wrote: > Package: docker.io > Version: 1.13.1~ds1-2 > Severity: critical > Tags: upstream > Justification: breaks unrelated software > > Dear Maintainer, > > * What led up to the situation? > Any docker command

Bug#855208: [pkg-go] Bug#855208: docker still broken

Control: fixed -1 1.0.0~rc2+git20170201.1 On Fri, Feb 24, 2017 at 10:39:00PM +0100, Vincent Bernat wrote: > ❦ 24 février 2017 12:34 -0800, Norbert Kiesel  : > > > What else can I do to get docker working again? > > You can install the one from experimental. It works fine

Bug#858402: hangs on install when trying to start

Control: fixed -1 1.13.1~ds1-2 Just tested the sid package in stretch and it installs fine so I guess this is solved now. A. signature.asc Description: PGP signature

Bug#853248: docker.io: cannot be purged (at least not on first try)

Control: tags -1 +unreproducible Control: fixed -1 1.13.1~ds1-2 I cannot reproduce this here. Can you provide a step-by-step procedure to reproduce this on a clean system? A. signature.asc Description: PGP signature

Bug#864377: docker.io: Failure to install (cannot start daemon)

Control: notfound -1 1.13.1~ds1-2 Control: tags -1 unreproducible On Fri, Jun 09, 2017 at 04:28:41PM -0300, Antonio Terceiro wrote: > On Wed, 07 Jun 2017 14:19:16 -0400 Robbie Harwood > wrote: > > Package: docker.io > > Version: 1.13.1~ds1-2 > > Severity: grave > >

Bug#853258: docker.io: uses sleep to query user in maintainer script

Control: fixed -1 1.13.1~ds1-2 On Mon, Jan 30, 2017 at 09:31:38PM +0100, Dominik George wrote: > One of the maintainer scripts asks the user whether it is ok to “nuke” > docker containers using a message followed by a sleep. Where? I don't see such a sleep here: root@marcos:~# dpkg -l docker.io

Bug#873088: git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976)

Package: git-annex X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for git-annex. CVE-2017-12976[0]: | git-annex before 6.20170818 allows remote attackers to execute | arbitrary

Bug#888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow

Control: tags -1 +patch Since a fix was published in upstream 18.00-beta, I looked at the source there and was able to produce a simple patch for wheezy, which should be trivial to port to jessie and easy to port to stretch:

Bug#888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow

On Fri, Jan 26, 2018 at 04:10:54PM -0500, Antoine Beaupre wrote: > Control: tags -1 +patch > > Since a fix was published in upstream 18.00-beta, I looked at the source > there and was able to produce a simple patch for wheezy, which should be > trivial to port to jessie a

Bug#888236: torbrowser-launcher: broken by Tor Browser 7.5: No such file or directory: '.../Docs/sources/versions'

This bug makes torbrowser-launcher completely unusable on Debian stretch, as soon as the browser is updated (as it should). What's expected from stable users here? Is there going to be a stable update for this? Thanks! A. -- C'est la nuit qu'il est beau de croire à la lumière

Bug#890604: frontaccounting: CVE-2018-7176

Package: frontaccounting X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for frontaccounting. CVE-2018-7176[0]: | FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a | user account via admin/users.php (aka

Bug#891575: elinks: CVE-2012-6709

Package: elinks Version: 0.12~pre5-9 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for elinks. CVE-2012-6709[0]: | ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate | Validation. If you fix the vulnerability

Bug#849308: state of wireguard mainline inclusion?

On Mon, Jun 18, 2018 at 09:09:05PM +0200, Jason A. Donenfeld wrote: > As such, dkg suggested closing this bug to enact the following: > > - Migration of package into testing, on a rolling basis. > - Backporting of package into stable-backports, on a rolling basis. > > The long term plan, once

Bug#906879: security issue with the PASS command and duplicate server instances

Source: charybdis Version: 4.1-1 Severity: grave Tags: security Upstream released Charybdis 4.0.1 and 4.1.1 fixing a security issue which, apparently, is "with the PASS command and duplicate server instances", at least according to the NEWS file:

Bug#907370: TypeError: object of type 'int' has no len()

Package: python3-sh Version: 1.11-1 Severity: grave I found a regression in the python3-sh package. I have yet to find exactly what is going on, but it looks to me like something changed in Python 3.6 that broke the sh module in some way: $ lwn get -o blog/2017-12-13-kubecon-overview.mdwn

Bug#907414: twitter-bootstrap3: CVE-2018-14040 CVE-2018-14041 CVE-2018-14042

Package: twitter-bootstrap3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for twitter-bootstrap3. CVE-2018-14040[0]: | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent | attribute. CVE-2018-14041[1]:

Bug#908057: docker.io: CVE-2018-10892

Package: docker.io X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for docker.io. CVE-2018-10892[0]: | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby | from 1.11 to current does not block /proc/acpi

Bug#908055: docker.io: CVE-2017-14992

Package: docker.io X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Control: clone -1 -2 Control: reassign -2 golang-github-vbatts-tar-split Hi, The following vulnerability was published for docker.io. CVE-2017-14992[0]: | Lack of content verification in Docker-CE (Also

Bug#896313: python-pymediainfo: pymediainfo fails to import

On Fri, Apr 20, 2018 at 10:01:07PM +0200, Helmut Grohne wrote: > After installing python-pymediainfo importing the module pymediainfo > into a python interpreter fails with the following error: > > Traceback (most recent call last): > File "", line 1, in > File

Bug#894404: memcached: CVE-2018-1000127

Package: memcached X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for memcached: CVE-2018-1000127[0]: | memcached version prior to 1.4.37 contains an Integer Overflow | vulnerability in items.c:item_free() that can result in

Bug#891982: xchat: Intent to file removal bug

On Sun, Mar 04, 2018 at 05:50:15PM +0100, John Paul Adrian Glaubitz wrote: > >> I don't think a rant posted on reddit by the author of a fork > >> is justified enough to ask for a package to be removed from > >> the archive. > > > > The author posted his opinion to his personal blog and did not >

Bug#864827: Please go ahead adding explanations to the wiki

On Fri, Sep 21, 2018 at 08:48:20AM -0400, Stefan Monnier wrote: > >> This bug basically makes the package unusable. > > Unfortunately that's true. > >> I understand that adapting the packaging to the new structure of > >> Zotero-5 will take some time, but in the mean time, could someone add > >>

Bug#911418: missing dependency: ImportError: cannot import name 'sip'

Package: rapid-photo-downloader Version: 0.9.12-1 Severity: grave I got this backtrace after upgrading to 0.9.12 on debian buster today: [992]anarcat@curie:~$ rapid-photo-downloader Traceback (most recent call last): File "/usr/bin/rapid-photo-downloader", line 11, in

Bug#867719: phpldapadmin: CVE-2017-11107

Control: tags 867719 +patch The attached patch fixes the issue and was applied to the wheezy and jessie versions of the package. It comes from the Ubuntu version of this same bug: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 ---

Bug#913530: crashes because of html5lib incompatibility

Package: python3-bleach Version: 2.1.3-1 Severity: critical In current Debian buster, with the Python 3.6 interpreter, bleach completely fails to load as a module: $ python3 Python 3.6.7 (default, Oct 21 2018, 08:08:16) [GCC 8.2.0] on linux Type "help", "copyright", "credits" or "license" for

Bug#907835: newer version in stable

Source: xen Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 Severity: serious The version of the Xen packages in unstable and buster is lower than the one in Debian stretch. That seems highly irregular and will obviously break upgrades to buster. The reason this is marked as "serious" is

Bug#909549: cannot download... None details from PyPI: ContentTypeError

Package: pypi2deb Version: 2.20180318 Severity: grave File: /usr/share/pypi2deb/py2dsp Running py2dsp on Debian buster completely fails in my tests right now: $ py2dsp internetarchive W: py2dsp pypi:54: cannot download internetarchive None details from PyPI: ContentTypeError("0,

Bug#909673: python2.7: CVE-2018-1000802

Package: python2.7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Control: fixed -1 2.7.9-2+deb8u2 Hi, The following vulnerability was published for python2.7. CVE-2018-1000802[0]: | Python Software Foundation Python (CPython) version 2.7 contains a | CWE-77: Improper

Bug#902367: monkeysphere: test/keytrans depends on older GnuPG format

Control: tags -1 +patch This is fixed in git, in patch dfab82a -- Wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Radio operates exactly the same way: you send signals here, they receive them there. The only difference is

Bug#899060: FTBFS: even if tests pass, dh_auto_test fails

On Fri, May 18, 2018 at 08:40:56PM +0200, Adam Borowski wrote: > If no random problem happens, the build still fails with: > > . > ## > Monkeysphere basic tests completed successfully! > ## > ###

Bug#918268: bugs-everywhere build depends on monotone that is currently not in buster

On Fri, Jan 04, 2019 at 10:19:17PM +0200, Adrian Bunk wrote: > Source: bugs-everywhere > Version: 1.1.1-4 > Severity: serious > Tags: ftbfs > Control: block -1 by 888612 889556 > > bugs-everywhere build depends on monotone that is currently > not in buster due to #888612 and #889556. I'm tempted

Bug#919232: wireguard-dkms: Wireguard dkms module does not buuld against linux kernel 5.0-rc1 commit 7b55851367136b1efd84d98fea81ba57a98304cf

Control: severity -1 important Hi! Thank you for your bug report. It seems to me this problem affects only builds against the 5.0-rc1 Linux kernel version. Is that correct? Since that kernel version is not currently shipped in Debian, as far as I know, I do not believe the severity of that bug

Bug#920227: invalid file format generated for dependencies

Package: sbuild Version: 0.78.0-2 Severity: grave Tags: upstream Since the 0.78 upgrade, sbuild cannot build packages in jessie (and maybe other suites). The build during the setup phase, while trying to install the build-dependencies, with this error message: W: Failed to fetch

Bug#924409: removing hiera from debian? or do not ship with buster

Package: hiera Version: 3.2.0-2 Severity: serious I see that Hiera in Puppet is at version 3.2.0 in buster. That's at least two minor versions behind upstream, which is (unofficially) at 3.5: https://github.com/puppetlabs/hiera/releases That said, Hiera itself is deprecated as a standalone

Bug#921128: mailman3-web fails to initialize mysql: Specified key was too long

Package: mailman3-web Version: 0+20180916-2~bpo9+1 Severity: grave I can't seem to install mailman3-web, at least from backports: Paramétrage de mailman3-web (0+20180916-2~bpo9+1) ... Determining localhost credentials from /etc/mysql/debian.cnf: succeeded. dbconfig-common: writing config to

Bug#921137: emails sent from /etc/mailname, ignoring configured domain

Package: mailman3 Version: 3.2.0-4~bpo9+1 Severity: grave I'm finding it difficult to use the "domain" feature of Mailman 3. From what I understand, it allows you to have two distinct mailing lists named "test" on (say) t...@example.com and t...@example.net. Here I'm specifically using the

Bug#921128: mailman3-web fails to initialize mysql: Specified key was too long

Package: mailman3-web Followup-For: Bug #921128 I have tried to reproduce this in buster and at first I seem to recall I did reproduce it, but now I somewhat managed to get through and have it installed correctly. Also note this might be a bug specific to MySQL: running the dbconfig stuff with a

Bug#920304: mailman3-web: mailman3web / django does not like python3-pymysql

Package: mailman3-web Version: 0+20180916-4 Followup-For: Bug #920304 This actually also occurs in buster at the time of writing and should definitely be fixed in unstable, not just in backports. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500,

Bug#921284: build-using should only include copylefted files

Package: dh-golang Version: 1.39 Severity: serious My first submissions for the dmarc-cat package (#920385) were refused by the FTP masters because the built-using field did not respect §7.8 of the Debian policy. Extract from #debian-ftp: 16:55:59 Built-Using is only meant to be used when the

Bug#909165: linkchecker-gui: linkcheker-gui does not start

Control: merge 909165 901780 This is a duplicate of #901780 which was reported in june 2018 and fixed, although no fix has been done in stretch yet. A. On Wed, Sep 19, 2018 at 09:40:28AM +0200, jEsuSdA wrote: > Package: linkchecker-gui > Version: 9.3-4 > Severity: important > > Dear

Bug#927481: .help fails with "Sorry! Something went wrong."

Package: sopel Version: 6.6.2-1 Severity: grave Sopel, in stable and testing right now, cannot provide a "help" to its users. It makes it really hard to use (hence the "grave" severity). I'm also marking this as grave because upstream keeps on churning out "patch" releases (according to semver)

Bug#926042: torbrowser-launcher should not be included in Buster

On Sat, Mar 30, 2019 at 07:14:38PM +0100, intrig...@debian.org wrote: > Source: torbrowser-launcher > Version: 0.3.1-2 > Severity: serious > > Hi, > > for basically the same reasons that made us not include > torbrowser-launcher in Stretch, IMO it should not be part of Buster > either: [...all

Bug#931235: shutdown reboots immediately without dbus

Package: systemd-sysv Version: 241-5 Severity: grave I have somehow managed to install a buster system with systemd-sysv (so it boots under systemd) and without dbus (probably because I installed without recommends). This has all sorts of ... er... interesting properties. The most noticeable

Bug#935313: missing ebtables dependency

Package: libvirt-daemon Version: 5.0.0-4 Severity: grave File: /usr/sbin/libvirtd Vagrant, using the libvirt backend, started failing me recently, with something like this: anarcat@curie:stretch64(master)$ vagrant up --provider libvirt Bringing machine 'default' up with 'libvirt' provider... ==>

Bug#943405: unsuitable for release: no upstream patch releases

Package: sopel Version: 6.6.2-1 Severity: serious Tags: upstream In bug #927481, I was bit by a bug that wasn't solved upstream in a simple patch release. It would force me to maintain a fork of the project for every supported debian release to fix any bug, because upstream doesn't follow the

Bug#942114: cache fails to store capabilities correctly

Package: ganeti-instance-debootstrap Version: 0.16-6 Severity: grave It seems that ganeti-instance-deboostrap fails to properly cache the filesystem after the first creation. This leads to stuff like `/usr/bin/ping` having the wrong permissions. On a healthy system, installed without caching, it

Bug#955979: does not work with magit in Debian

Package: elpa-magit-todos Version: 1.5.2-1 Severity: grave magit-todos, as packaged in Debian, does not work. It seems to assume a magit version that is not present in Debian. When I run "M-x magit-todos" I get the error: magit-todos-list-internal: Symbol’s function definition is void:

Bug#981009: charybdis abandoned upstream, do not ship in bullseye

Package: charybdis Severity: serious Tags: upstream After a somewhat long period of uncertainty, Charybdis has been finally abandoned upstream. The official git repository here: https://github.com/charybdis-ircd/charybdis .. is marked as "archived by the owner [and] read-only". It is unclear

Bug#987683: crashes with "Wrong type argument: (or eieio-object class), nil, obj"

Package: elpa-esup Version: 0.7.1-3 Severity: grave Tags: upstream This package is unusable in Debian 11 bullseye in its current state. In my Emacs 1:27.1+1-3.1 session, i run M-x esup and I get: error in process sentinel: Wrong type argument: (or eieio-object class), nil, obj *Messages* has

Bug#994203: fails to start with silent_jack_error_callback

Package: jackd Version: 5+nmu1 Severity: grave I have tried to use jackd in bullseye (because pipewire was giving me problems in ardour) and it seems I can't start it at all: anarcat@curie:~(main)$ jackd jackd: symbol lookup error: jackd: undefined symbol: silent_jack_error_callback I also

Bug#1000322: locking issues can lead to complete mail spool destruction

Package: syncmaildir Version: 1.3.0-1 Severity: grave Tags: upstream Forwarded: https://github.com/gares/syncmaildir/issues/18 I have experienced, twice, a situation in which SMD has attempted to destroy my entire mail spool. In both cases I noticed before it managed to delete it all, but it did

Bug#1006633: procmail is unmaintained and a security liability

Package: procmail Version: 3.22-26 Severity: critical Tags: security X-Debbugs-Cc: Debian Security Team procmail is a security liability and completely unmaintained upstream. there are viable alternatives, and it should be removed from debian. details below. # unmaintained procmail is

Bug#1051717: split wtf(6) in a separate package?

Package: bsdgames Version: 2.17-29+b1 Severity: critical I wonder if wtf(6) should be split in a separate package. It's a genuinely useful package (as opposed to a "game") that I have only discovered recently, even though I have been familiar with BSD games for more than a few decades at this

Bug#1011545: please version the Conflicts: with gitsome

Package: gh Version: 2.4.0+dfsg1-2 Severity: serious I have fixed gitsome so that it doesn't ship a /usr/bin/gh binary in gitsome/0.8.0+ds-7.1 (which closed #1005858). Please fix the Conflicts: so that it is versioned << 0.8.0+ds-7.1. This is marked as "serious" because I believe that

Bug#1024326: bullseye to bookworm upgrade failure: Could not locate dkms.conf file

Package: zfs-dkms Version: 2.1.6-3 Severity: serious I have tried to upgrade to bookworm today and kernel builds fail on zfs-dkms. It fails with: dkms: running auto installation service for kernel 6.0.0-4-amd64:Error! Could not locate dkms.conf file. File:

Bug#1030039: crashes on startup with "cannot be cast to class schema.core.FnSchema"

Package: puppetserver Version: 7.9.3-3 Severity: grave *Something* this weekend broke my Puppetserver. I'm not sure what. It's now failing to start (repeatedly) with: jan 29 06:57:07 marcos systemd[1]: Starting Puppet Server... jan 29 06:57:10 marcos java[1079416]: WARNING: update-vals already

Bug#1032287: SystemError: PY_SSIZE_T_CLEAN macro must be defined for '#' formats

Package: python3-qrencode Version: 1.2-5+b8 Severity: grave X-Debbugs-Cc: debian-pyt...@lists.debian.org It looks like the qrencode Python library is currently unusable in Debian bookworm. Here's a simple example: anarcat@angela:paperbackup$ python3 -c 'import qrencode ; version, size, data =

Bug#1037954: please ship upstream themes/

Package: foot Version: 1.13.1-2 Severity: critical X-Debbugs-Cc: please ship upstream themes Upstream has a bunch of themes in the source tree. Those can be included with a simple, say: [main] include=/usr/share/foot/themes/gruvbox-light.ini yet we don't ship those themes! Wouldn't it be great

Bug#1035947: fresh build from git fails with cannot access local variable 'new_file'

Source: firefox Severity: serious Tags: patch ftbfs Justification: fails to build from source (but built successfully in the past) I'm trying to build Firefox 113 from the git repository. I have pulled the package with: debcheckout firefox Then tried to download the latest tarballs with:

Bug#1036359: crashes with (wrong-type-argument consp nil)

Package: elpa-markdown-toc Version: 0.1.5-2 Severity: grave In Debian bookworm, markdown-toc is currently unusable. Given the following markdown buffer: ``` # Background ## Why migrate? ## Gitolite and GitWeb inventory # Proposal ``` markdown-toc-generate-toc crashes with: Debugger

Bug#1058702: pius fails completely on bookworm and up

Package: pius Version: 3.0.0-5 Severity: grave I've been trying to use pius to sign things, and it's completely failing me: anarcat@angela:~$ pius -s BBB6CD4C98D74E1358A752A602293A6FA4E53473 D477040C70C2156A5C298549BB7E9101495E6BF7 Welcome to PIUS, the PGP Individual UID Signer. Usage: pius

Bug#1057067: new upstream release (1.65)

Source: rclone Severity: critical Debian is somewhat lagging behind upstream. Unstable currently has 1.60.1 (2022-11-17, uploaded to unstable on 2022-12-13) while upstream is at 1.65.0 (released 2022-11-26). It looks like upstream does a release roughly every two months, is there a plan to

Bug#1070077: ships files directly in /usr/onionprobe

Package: onionprobe Version: 1.0.0+ds-2.1+deb12u1 Severity: serious The Debian package shipped in bookworm right now changed the path to the examples/ directory. It used to be: /usr/lib/python3/dist-packages/onionprobe/examples/tpo.py and now seems to be: /usr/onionprobe/examples/tpo.py