Bug#897668: [breeze-cursor] Severe Visibility Issue
Package: breeze-cursor-theme Version: 4:5.12.4-1 Severity: important Dear maintainer, I'm setting severity to important because the visibility of a cursor theme is really important. The problematic cursor is the cross cursor of Breeze and Breeze_Snow, which are located at the svg files in source tree: ./cursors/Breeze_Snow/src/cursors.svg ./cursors/Breeze/src/cursors.svg They look good, but when we actually use the cross cursor in a low-contrast background it is definitely a pain to find the location of cursor on the screen. For example, my cursor theme is Breeze. When I'm taking a screenshot with flameshot, the whole screen is shadowed, according to source code, the cursor will be set to the cross. However, unlike other breeze cursors which are padded with a white margin, the cross cursor is padded with nothing. In this case the cursor has a very low contrast to the background hence very hard to caught by eyes. Similarly, I checked Breeze_Snow. And I guess the cross cursor will also be hard to find when the background is basically grey or white. I suggest a fix with high-contrast margin added to the cross cursor. Thanks.
Bug#897667: qt4-x11: Please add support for new architecture "riscv64"
Source: qt4-x11 Version: 4:4.8.7+dfsg-15 Severity: normal Tags: patch upstream User: debian-ri...@lists.debian.org Usertags: riscv64 Hello, We need support in this package to bootstrap the riscv64 architecture. Yes, I know that you want to get rid of Qt4 once and for all and ASAP, and I fully agree with the goal. However, a bazillion of packages depend on qt4-x11 indirectly, for example libsdl2 needs it (through fcitx, then cmake-extra-modules, then qt5-qmake, then qtchooser that depends on Qt4 stuff); many package still need it directly; etc. So without support in this package, progress becomes impossible at an early stage. I am attaching a patch that adds support for the architecture. AFAIK (please confirm) upstream doesn't accept patches since long ago, so no point in sending it there. For Qt5 we're already sending it upstream, e.g. webkit stuff. It would be great if you could include these changes and release a new version for unstable, for the time being the patched version lives in "unreleased". Thanks and cheers. -- Manuel A. Fernandez Montecelodiff -Nru qt4-x11-4.8.7+dfsg/debian/changelog qt4-x11-4.8.7+dfsg/debian/changelog --- qt4-x11-4.8.7+dfsg/debian/changelog 2018-04-18 22:45:31.0 +0200 +++ qt4-x11-4.8.7+dfsg/debian/changelog 2018-04-27 21:01:58.0 +0200 @@ -1,3 +1,10 @@ +qt4-x11 (4:4.8.7+dfsg-15+0.riscv64.1) unreleased; urgency=medium + + * Non-maintainer upload. + * riscv64 support + + -- Manuel A. Fernandez Montecelo Fri, 27 Apr 2018 21:01:58 +0200 + qt4-x11 (4:4.8.7+dfsg-15) unstable; urgency=medium * Actually upload it to unstable. diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/riscv64-support.patch qt4-x11-4.8.7+dfsg/debian/patches/riscv64-support.patch --- qt4-x11-4.8.7+dfsg/debian/patches/riscv64-support.patch 1970-01-01 01:00:00.0 +0100 +++ qt4-x11-4.8.7+dfsg/debian/patches/riscv64-support.patch 2018-04-27 21:01:58.0 +0200 @@ -0,0 +1,86 @@ +--- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h +@@ -167,6 +167,15 @@ + #define WTF_CPU_BIG_ENDIAN 1 + #endif + ++/* CPU(RISCV64) - RISC-V 64-bit */ ++#if defined(__riscv) ++#if (__riscv_xlen == 64) ++#define WTF_CPU_RISCV64 1 ++#elif (__riscv_xlen == 32) ++#define WTF_CPU_RISCV32 1 ++#endif ++#endif ++ + /* CPU(SH4) - SuperH SH-4 */ + #if defined(__SH4__) + #define WTF_CPU_SH4 1 +@@ -919,7 +928,7 @@ + #endif + + #if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64) +-#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS) || OS(SOLARIS) || OS(HPUX))) || (CPU(IA64) && !CPU(IA64_32)) || CPU(ALPHA) || CPU(AIX64) || CPU(SPARC64) || CPU(MIPS64) || CPU(AARCH64) || CPU(S390X) ++#if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS) || OS(SOLARIS) || OS(HPUX))) || (CPU(IA64) && !CPU(IA64_32)) || CPU(ALPHA) || CPU(AIX64) || CPU(SPARC64) || CPU(MIPS64) || CPU(AARCH64) || CPU(S390X) || CPU(RISCV64) + #define WTF_USE_JSVALUE64 1 + #elif CPU(ARM) || CPU(PPC64) + #define WTF_USE_JSVALUE32 1 +--- a/src/3rdparty/webkit/Source/JavaScriptCore/wtf/Platform.h b/src/3rdparty/webkit/Source/JavaScriptCore/wtf/Platform.h +@@ -187,6 +187,15 @@ + #define WTF_CPU_BIG_ENDIAN 1 + #endif + ++/* CPU(RISCV64) - RISC-V 64-bit */ ++#if defined(__riscv) ++#if (__riscv_xlen == 64) ++#define WTF_CPU_RISCV64 1 ++#elif (__riscv_xlen == 32) ++#define WTF_CPU_RISCV32 1 ++#endif ++#endif ++ + /* CPU(SH4) - SuperH SH-4 */ + #if defined(__SH4__) + #define WTF_CPU_SH4 1 +@@ -1000,6 +1009,7 @@ + #if (CPU(X86_64) && (OS(UNIX) || OS(WINDOWS))) \ + || (CPU(IA64) && !CPU(IA64_32)) \ + || CPU(ALPHA) \ ++|| CPU(RISCV64) \ + || CPU(SPARC64) \ + || CPU(S390X) \ + || CPU(PPC64) \ +--- a/src/corelib/arch/qatomic_arch.h b/src/corelib/arch/qatomic_arch.h +@@ -76,6 +76,8 @@ + # include "QtCore/qatomic_parisc.h" + #elif defined(QT_ARCH_POWERPC) + # include "QtCore/qatomic_powerpc.h" ++#elif defined(QT_ARCH_RISCV64) ++# include "QtCore/qatomic_generic.h" + #elif defined(QT_ARCH_S390) + # include "QtCore/qatomic_s390.h" + #elif defined(QT_ARCH_SPARC) +--- /dev/null b/src/corelib/arch/riscv64/arch.pri +@@ -0,0 +1,8 @@ ++# ++# RISC-V 64 architecture ++# ++ ++unix:SOURCES += ../generic/qatomic_generic_unix.cpp ++win32:SOURCES += ../generic/qatomic_generic_windows.cpp ++ ++QMAKE_CXXFLAGS += -fpermissive +--- a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp +@@ -73,7 +73,7 @@ + static bool isDebugging; + #define qDBusDebug if (!::isDebugging); else qDebug + +-Q_GLOBAL_STATIC_WITH_ARGS(const QString, orgFreedesktopDBusString, (QLatin1String(DBUS_SERVICE_DBUS))) ++Q_GLOBAL_STATIC_WITH_ARGS(QString, orgFreedesktopDBusString, (QLatin1String(DBUS_SERVICE_DBUS))) + + static inline QString dbusServiceString() + { return *orgFreedesktopDBusString(); } diff -Nru qt4-x11-4.8.7+dfsg/debian/patches/series
Re: CVE-2018-10380: kwallet-pam: Access to privileged files
¡Hola Moritz! El 2018-05-03 a las 22:56 +0200, Moritz Muehlenhoff escribió: On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote: Hi, Following up the upstream announcement of a security flaw in kwallet-pam [1] I would like to upload the upstream fixes to stretch. All the versions prior the (not yet released) 5.12.6 are affected by this. The fix was backported by upstream to plasma 5.8, which is what we shipped in stretch. The latest 5.8 upstream version (5.8.9), only has a version bump, and a minor translation update, which are not relevant. [2] I have already uploaded the fixes to unstable. I'm attaching the corresponding debdiff. Looks good. Please build with -sa since kwallet-pam is new in stretch-security and upload to security-master. I'll take care of the DSA. Uploaded, thanks for taking care of this! Happy hacking, -- "La duración de un minuto depende de que lado del baño estés." -- Ley de la Relatividad (Burke) Saludos /\/\ /\ >< `/ signature.asc Description: PGP signature
Re: CVE-2018-10380: kwallet-pam: Access to privileged files
On Thu, May 03, 2018 at 07:29:42PM +0200, Maximiliano Curia wrote: > Hi, > > Following up the upstream announcement of a security flaw in > kwallet-pam [1] I would like to upload the upstream fixes to > stretch. All the versions prior the (not yet released) 5.12.6 are > affected by this. The fix was backported by upstream to plasma 5.8, > which is what we shipped in stretch. > > The latest 5.8 upstream version (5.8.9), only has a version bump, > and a minor translation update, which are not relevant. [2] > > I have already uploaded the fixes to unstable. > > I'm attaching the corresponding debdiff. Looks good. Please build with -sa since kwallet-pam is new in stretch-security and upload to security-master. I'll take care of the DSA. Cheers, Moritz
Bug#897649: kdeclarative: Please update symbols for riscv64
Source: kdeclarative Version: 5.42.0-2 Severity: normal Tags: patch User: debian-ri...@lists.debian.org Usertags: riscv64 Hi, We are in the process of bootstrapping a Debian port for the riscv64 architecture (https://wiki.debian.org/RISC-V). The symbols need to be updated for this arch, please see the patch attached. We would appreciate if you could upload a version soonish to unstable including this fix, to keep the delta as small as possible. If you need help or want us to NMU, etc., please tell. Thanks and cheers. -- Manuel A. Fernandez Montecelodiff -Nru kdeclarative-5.44.0/debian/changelog kdeclarative-5.44.0/debian/changelog --- kdeclarative-5.44.0/debian/changelog2018-03-21 14:40:36.0 +0100 +++ kdeclarative-5.44.0/debian/changelog2018-05-02 19:16:47.0 +0200 @@ -1,3 +1,10 @@ +kdeclarative (5.44.0-1+0.riscv64.1) unreleased; urgency=medium + + * Non-maintainer upload. + * riscv64: symbols update + + -- Manuel A. Fernandez Montecelo Wed, 02 May 2018 19:16:47 +0200 + kdeclarative (5.44.0-1) sid; urgency=medium * New upstream release (5.44.0). diff -Nru kdeclarative-5.44.0/debian/libkf5declarative5.symbols kdeclarative-5.44.0/debian/libkf5declarative5.symbols --- kdeclarative-5.44.0/debian/libkf5declarative5.symbols 2018-03-21 14:40:36.0 +0100 +++ kdeclarative-5.44.0/debian/libkf5declarative5.symbols 2018-05-02 19:16:47.0 +0200 @@ -1,4 +1,4 @@ -# SymbolsHelper-Confirmed: 5.25.0 alpha amd64 arm64 armel armhf hppa hurd-i386 i386 mips mips64el mipsel powerpc ppc64el s390x x32 +# SymbolsHelper-Confirmed: 5.25.0 alpha amd64 arm64 armel armhf hppa hurd-i386 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x x32 libKF5Declarative.so.5 libkf5declarative5 #MINVER# _ZN12KDeclarative12KDeclarative10initializeEv@Base 4.96.0 _ZN12KDeclarative12KDeclarative13setupBindingsEv@Base 4.96.0 @@ -67,42 +67,42 @@ _ZNK12KDeclarative9QmlObject6sourceEv@Base 4.96.0 _ZNK12KDeclarative9QmlObject6statusEv@Base 5.12.0 _ZNK12KDeclarative9QmlObject7packageEv@Base 5.7.0+git20150305.0804+15.04 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE10_M_destroyEv@Base 5.12.0 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE10_M_disposeEv@Base 5.12.0 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE14_M_get_deleterERKSt9type_info@Base 5.12.0 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED0Ev@Base 5.12.0 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED1Ev@Base 5.12.0 - (optional=templinst|arch=armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED2Ev@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EED0Ev@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EED1Ev@Base 5.12.0 - (optional=templinst|arch=!armel)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EED2Ev@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE10_M_destroyEv@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE10_M_disposeEv@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EE14_M_get_deleterERKSt9type_info@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED0Ev@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED1Ev@Base 5.12.0 + (optional=templinst|arch=armel riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE1EED2Ev@Base 5.12.0 + (optional=templinst|arch=!armel !riscv64)_ZNSt23_Sp_counted_ptr_inplaceI10QQmlEngineSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv@Base 5.12.0 + (optional=templinst|arch=!armel
Bug#897338: Tested on hardware
El jueves, 3 de mayo de 2018 06:17:14 -03 Maximiliano Curia escribió: > ¡Hola Александр! > > El 2018-05-03 a las 07:54 +0300, Александр Керножицкий escribió: > > I tried Debian Testing on real hardware and SDDM seems to work there. So I > > can reproduce the bug only on VirtualBox. > It seems that the new sddm requires virtualbox-guest-dkms and > virtualbox-guest-x11 to run inside a virtualbox, I'm not sure why. OpenGL probably? Wild guess here... -- 11: En Word, como se hace para pasar al proximo renglon si se alcanzo el extramo derecho de la hoja. * Se reinicia la maquina, se abre el Guord, se va a archivo, Nuevo renglon, Preferencias, Abajo del otro renglon, Poner el cursor al proncipio del nuevo renglon, Elegir misma letra que el anterior, respetar la pagina anterior, respetar el margen anterior, respetar numeracion de pagina, comenzar a escribir, click en "Ok deseo comenzar a escribir", click en "Esta seguro que desea comenzar a Escribir", click en "Ultima advertencia", click en "Comience a escribir" Damian Nadales http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
CVE-2018-10380: kwallet-pam: Access to privileged files
Hi, Following up the upstream announcement of a security flaw in kwallet-pam [1] I would like to upload the upstream fixes to stretch. All the versions prior the (not yet released) 5.12.6 are affected by this. The fix was backported by upstream to plasma 5.8, which is what we shipped in stretch. The latest 5.8 upstream version (5.8.9), only has a version bump, and a minor translation update, which are not relevant. [2] I have already uploaded the fixes to unstable. I'm attaching the corresponding debdiff. Happy hacking, [1]: https://marc.info/?l=kde-announce=152534806103730=2 [2]: https://cgit.kde.org/kwallet-pam.git/log/?h=Plasma/5.8 -- "If it ain't broke, don't fix it" -- Bert Lance "If we can't fix it, it ain't broke" -- Lieutenant Colonel Walt Weir Saludos /\/\ /\ >< `/ diff -Nru kwallet-pam-5.8.4/debian/changelog kwallet-pam-5.8.4/debian/changelog --- kwallet-pam-5.8.4/debian/changelog 2016-11-23 18:36:40.0 +0100 +++ kwallet-pam-5.8.4/debian/changelog 2018-05-03 19:01:35.0 +0200 @@ -1,3 +1,11 @@ +kwallet-pam (5.8.4-1+deb9u1) stretch-security; urgency=high + + * CVE-2018-10380 fix +Add upstream patches Move-salt-creation-to-an-unprivileged-process.patch +and Move-socket-creation-to-unprivileged-codepath.patch. + + -- Maximiliano CuriaThu, 03 May 2018 19:01:35 +0200 + kwallet-pam (5.8.4-1) unstable; urgency=medium * New upstream release (5.8.4) diff -Nru kwallet-pam-5.8.4/debian/patches/Move-salt-creation-to-an-unprivileged-process.patch kwallet-pam-5.8.4/debian/patches/Move-salt-creation-to-an-unprivileged-process.patch --- kwallet-pam-5.8.4/debian/patches/Move-salt-creation-to-an-unprivileged-process.patch 1970-01-01 01:00:00.0 +0100 +++ kwallet-pam-5.8.4/debian/patches/Move-salt-creation-to-an-unprivileged-process.patch 2018-05-03 19:01:35.0 +0200 @@ -0,0 +1,201 @@ +From: Albert Astals Cid +Date: Tue, 1 May 2018 12:29:02 +0200 +Subject: Move salt creation to an unprivileged process + +Opening files for writing as root is very tricky since through the power +of symlinks we can get tricked to write in places we don't want to and +we don't really need to be root to create the salt file +--- + pam_kwallet.c | 120 ++ + 1 file changed, 71 insertions(+), 49 deletions(-) + +diff --git a/pam_kwallet.c b/pam_kwallet.c +index 809ab9a..2617311 100644 +--- a/pam_kwallet.c b/pam_kwallet.c +@@ -61,7 +61,7 @@ const static char *envVar = "PAM_KWALLET_LOGIN"; + + static int argumentsParsed = -1; + +-int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key); ++int kwallet_hash(pam_handle_t *pamh, const char *passphrase, struct passwd *userInfo, char *key); + + static void parseArguments(int argc, const char **argv) + { +@@ -282,7 +282,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons + } + + char *key = malloc(sizeof(char) * KWALLET_PAM_KEYSIZE); +-if (kwallet_hash(password, userInfo, key) != 0) { ++if (kwallet_hash(pamh, password, userInfo, key) != 0) { + pam_syslog(pamh, LOG_ERR, "%s: Fail into creating the hash", logPrefix); + return PAM_IGNORE; + } +@@ -306,6 +306,26 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons + return PAM_SUCCESS; + } + ++static int drop_privileges(struct passwd *userInfo) ++{ ++/* When dropping privileges from root, the `setgroups` call will ++* remove any extraneous groups. If we don't call this, then ++* even though our uid has dropped, we may still have groups ++* that enable us to do super-user things. This will fail if we ++* aren't root, so don't bother checking the return value, this ++* is just done as an optimistic privilege dropping function. ++*/ ++setgroups(0, NULL); ++ ++//Change to the user in case we are not it yet ++if (setgid (userInfo->pw_gid) < 0 || setuid (userInfo->pw_uid) < 0 || ++setegid (userInfo->pw_gid) < 0 || seteuid (userInfo->pw_uid) < 0) { ++return -1; ++} ++ ++return 0; ++} ++ + static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], int envSocket) + { + //In the child pam_syslog does not work, using syslog directly +@@ -320,18 +340,8 @@ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toW + //This is the side of the pipe PAM will send the hash to + close (toWalletPipe[1]); + +-/* When dropping privileges from root, the `setgroups` call will +-* remove any extraneous groups. If we don't call this, then +-* even though our uid has dropped, we may still have groups +-* that enable us to do super-user things. This will fail if we +-* aren't root, so don't bother checking the return value, this +-* is just done as an optimistic privilege dropping function. +-*/ +-setgroups(0,
kwallet-pam_5.12.1-2_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 03 May 2018 18:26:15 +0200 Source: kwallet-pam Binary: libpam-kwallet-common libpam-kwallet4 libpam-kwallet5 Architecture: source all amd64 Version: 5.12.1-2 Distribution: unstable Urgency: medium Maintainer: Debian/Kubuntu Qt/KDE MaintainersChanged-By: Maximiliano Curia Description: libpam-kwallet-common - KWallet integration with PAM (common files) libpam-kwallet4 - KWallet (KDE 4) integration with PAM libpam-kwallet5 - KWallet (Kf5) integration with PAM Changes: kwallet-pam (5.12.1-2) unstable; urgency=medium . * CVE-2018-10380 fix Add upstream patches Move-salt-creation-to-an-unprivileged-process.patch and Move-socket-creation-to-unprivileged-codepath.patch. * Release to unstable Checksums-Sha1: e9654565f5a1a6f30ba880f2f2c496e5b10ac47f 2246 kwallet-pam_5.12.1-2.dsc 2a88f514ddaa10b7c9a34d0aa75c4ce833e26011 12236 kwallet-pam_5.12.1-2.debian.tar.xz a33d1befe1c06a785862e7ccf47bed85d286586d 12449 kwallet-pam_5.12.1-2_amd64.buildinfo 5ae5ce3e83e800ee2d147e37a5083b7c0ca95e32 6468 libpam-kwallet-common_5.12.1-2_all.deb 76853fdc7beb001f7bd0528ba8a008b4bb405f50 17644 libpam-kwallet4-dbgsym_5.12.1-2_amd64.deb c66380c5c5d328d14477bacdb7e48cd878cbd0eb 11612 libpam-kwallet4_5.12.1-2_amd64.deb dbf8cc1e3e70458f919c3689e8577d9d2c82cfdb 17652 libpam-kwallet5-dbgsym_5.12.1-2_amd64.deb 4248ffdafff263a569280ebf734b43735b180f53 11580 libpam-kwallet5_5.12.1-2_amd64.deb Checksums-Sha256: b261f33235fc74059ab963b79dae12788d17c894f27c323c2ec2561cb6ce5840 2246 kwallet-pam_5.12.1-2.dsc 473c1be9ecd7f4d5a36379cd736b28a8791e8e684fe06eef87fea853d071 12236 kwallet-pam_5.12.1-2.debian.tar.xz b014a25a104238ed97701398a29d1d41ae681c262aa73ac8534c4745893d2241 12449 kwallet-pam_5.12.1-2_amd64.buildinfo cb930dd6010b734a7c3acaea0f0755b5ff85b43094ce89625b5f282d6eba97f1 6468 libpam-kwallet-common_5.12.1-2_all.deb 360b1bf286d3de880361760896ea392e20f06331d0817a25a840a145e3d78f86 17644 libpam-kwallet4-dbgsym_5.12.1-2_amd64.deb 68c82601dab0abd960125ba1100fa9b8e0477cac3930bda296d04fbf712b80ee 11612 libpam-kwallet4_5.12.1-2_amd64.deb 9b888fb53ada7ac5e7ff205bd12621d615514548aa885b7df44686fd7cf18a96 17652 libpam-kwallet5-dbgsym_5.12.1-2_amd64.deb 0bb072b935cdf29a2429dc71d2e138e194e71bb19f4446823f20526f2879239e 11580 libpam-kwallet5_5.12.1-2_amd64.deb Files: daa78c7ba04dd0d6805ed6be33a221ae 2246 kde optional kwallet-pam_5.12.1-2.dsc b03644b298fd21b36e3f1d184cc3a1df 12236 kde optional kwallet-pam_5.12.1-2.debian.tar.xz d572ffdc23f024311d73315270f14321 12449 kde optional kwallet-pam_5.12.1-2_amd64.buildinfo a802aa5518ca7bbbf48a8ce1d7223152 6468 kde optional libpam-kwallet-common_5.12.1-2_all.deb ed3104c9c89e8462df098c8a20a7f22f 17644 debug optional libpam-kwallet4-dbgsym_5.12.1-2_amd64.deb 982eaa13a83eb9e8a390d4dabd7d4be2 11612 kde optional libpam-kwallet4_5.12.1-2_amd64.deb 61021eb33ed50616c4f06bd108bc8402 17652 debug optional libpam-kwallet5-dbgsym_5.12.1-2_amd64.deb b2a8343eb21f35aa3c682ff5fdf50a28 11580 kde optional libpam-kwallet5_5.12.1-2_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlrrOOcACgkQxxl2mbKb IyqDlw//YN+vjYOA7Mk8pU8hV5xjvt6Xa5UY7J1A6wSV7QKozzHVX50qXa9FGdBO poyoom16hJbST5KCM7PHPs3CKYwMEyJ5oo1eVJsNLpxWpwwLXP88v1OGWY0dE7fx T1ip0tS6lU5Rfadh+4tb8/jXB60x/eSlgiFuPxwtOrQj8OnrLcp9L1SoQyJmBn7E jKqSbILa5JveY6ALzlEvcumnEaxaBjwiAO1qAUhY/vosusGRhWV0mI+f93gmB58O sgk0dpEgFIKZEXhwWq6dhbEPmAuogfmlAkai9tkKfpJaK3MfwdffEgyUcHPDzkTZ 451Cr+4vQ1Ze2tdpOGiedrjSTrUX7dSrlDitx5giY4AEDkKy1+2RvrHR3R3SkifC 0E7+8K/CNxQRvfB02jQAkLQae8M0ueEUX9MsfAesZFtCr4bgMJZRNuai/mrzjpVX eA9YCvFDM0iW/N6fnhCeDD/6IsXzbSbHG2mAagzflw3HQWgN6yKcMh1Jd0V+2oj9 wHvX7R6ogHVAgVG5WoFUrArYImrgbd+ZrgY1Kf1SKW4pORvvEaNuz5xKWmTPFMz9 DMo8h9o8QIaYZEdMNxSPaDGP1p7vLKaxdgXCo88PbFBz+YFxwu+DECdgVgcz9aM3 Odp6+nIL4OINNcGQmqMZvLQwUV4dmylyMzLuLikp7D6vZHJquyc= =9QSd -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of kwallet-pam_5.12.1-2_amd64.changes
kwallet-pam_5.12.1-2_amd64.changes uploaded successfully to localhost along with the files: kwallet-pam_5.12.1-2.dsc kwallet-pam_5.12.1-2.debian.tar.xz kwallet-pam_5.12.1-2_amd64.buildinfo libpam-kwallet-common_5.12.1-2_all.deb libpam-kwallet4-dbgsym_5.12.1-2_amd64.deb libpam-kwallet4_5.12.1-2_amd64.deb libpam-kwallet5-dbgsym_5.12.1-2_amd64.deb libpam-kwallet5_5.12.1-2_amd64.deb Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#897221: Session logout doesn't TERMinate all processes
¡Hola Didier! El 2018-04-30 a las 12:21 +0200, Didier 'OdyX' Raboud escribió: Package: sddm Version: 0.17.0-1 Severity: important Tags: upstream I routinely run two sessions in parallel (pro & private); and I noticed that sddm (which I assume is handling the logind session) doesn't coherently TERMinate (or KILL after some delay) processes from a logged-out session. Some of these consume ressources (akonadiserver is the usual culprit), but more importantly; keeping these alive will break subsequent sessions for the same user (plasma, akonadi, etc). I guess akonadiserver is started as a detached process, so ksmserver doesn't know about it. Anyway the problem are the processes that are in the systemd concept of session but not in the kde concept of session, those are the ones that systemd is waiting for, and ksmserver has long forgotten about them. Please check loginctl session-status (The id can be obtained with loginctl list-sessions) Running: # loginctl terminate-user circumvents the issue, but that should really be done by the login manager. Please tell me if there's something I can do to help here. Mmh, this is a complex problem. Debian systemd reverts the default logind configuration KillUserProcesses, that effectively terminates the session when the user logs out, and most desktop environments assume this is set to it's default value, so they don't have to deal with the processes started by systemd --user, which, by the way, the desktop environment had nothing to do with. Also, kde does nothing to remember which processes were started as autostart desktop files. Gnome "fixes" this by terminating the logind session, as if KillUserProcesses was set, at the cost of breaking tmux and screen (which is the reason why Debian reverts the KillUserProcesses setting on the first place). So, either we need to fix tmux and screen to they can be detached from the logind session, or fix the kde concept of session so it matches better what logind expects. Happy hacking, -- "I decry the current tendency to seek patents on algorithms. There are better ways to earn a living than to prevent other people from making use of one's contributions to computer science." -- Donald Knuth Saludos /\/\ /\ >< `/ signature.asc Description: PGP signature
Bug#897338: Tested on hardware
¡Hola Александр! El 2018-05-03 a las 07:54 +0300, Александр Керножицкий escribió: I tried Debian Testing on real hardware and SDDM seems to work there. So I can reproduce the bug only on VirtualBox. It seems that the new sddm requires virtualbox-guest-dkms and virtualbox-guest-x11 to run inside a virtualbox, I'm not sure why. Happy hacking, -- "We must be very careful when we give advice to younger people: sometimes they follow it!" -- Edsger W. Dijkstra Saludos /\/\ /\ >< `/ signature.asc Description: PGP signature