Bug#1010684: Boot parameter to specify directory of filesystem.squashfs (other than /boot)

[Stefan Baur]

Hello Ben,

Am 10.05.22 um 00:56 schrieb Ben Westover:

>> 
>> mentions "findiso" and "fromiso" as well as "live-media|bootfrom" and
>> "live-media-path".

[...]

>> Using the live-media*-Parameters should make it possible to use a
>> squashfs file directly, without having to wrap it into an iso. I haven't
>> tried this myself lately, though.
> 
> From how I understood the explanation of live-media/bootfrom, it looks
> like it wants you to specify a device to look inside /live of. I would
> need to create a separate partition for every squashfs, /live in each.
> 
> I don't believe there are currently any options that allow me to achieve
> my goal without wrapping the squashfs. Thank you for your help!

Like I said, I haven't tried this myself lately, but live-media-path
allows you to change exactly the "/live" part, according to the manpage.

So you could have something like
live-media-path=/mycoolsquashfsgoeshere/ for your custom squashfs and
live-media-path=/officialdebiansquashfsgoeshere/ for an official image,
for example.

You will probably have to combine that with live-media=removable-usb so
it will scan removable USB media only.

I don't see why you would need a different partition for each image, you
should be able to use different live-media-path entries instead (one per
boot menu entry).

Kind Regards,
Stefan Baur

Bug#1010733: linux-image-5.10.0-13-amd64: see Bug 215079 no sound after dist-upgrade - Thinkpad specific

[Salvatore Bonaccorso]

Control: tags -1 + moreinfo

Hi

On Sun, May 08, 2022 at 01:39:13PM -0400, william wrote:
> Package: src:linux
> Version: 5.10.106-1
> Severity: important
> X-Debbugs-Cc: piob...@mindspring.com
> 
> Dear Maintainer,
> 
> 
> 
>* What led up to the situation?
> did an "apt-get dist-upgrade" from Buster to Bullseye
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> pavucontrol does not report any input or output devices
> audacity successfully records from an external (USB) microphone
> Rebooted the machine. At bootup, scrolled down to boot from Buster instead of 
> Bullseye
>   Booting from Buster provided sound output. Note: The Thinkpad internal 
> microphone has never worked with Debian. Audacity reports that it is there, 
> but fails to record.
> lspci reports "00:1f.3 Audio device: Intel Corporation Cannon Point-LP High 
> Definition Audio Controller (rev 11)"
>* What outcome did you expect instead?
> Expected the OS to recognize the internal microphone and speaker
> *** End of the template - remove these template lines ***

Please be a bit more specific next time about "Bug 215079" ;-). I
suspect you mean https://bugzilla.kernel.org/show_bug.cgi?id=215079 ?

Regards,
Salvatore

Bug#1010657: google-oauth-client-java: CVE-2021-22573 - IdTokenVerifier does not verify the signature of ID Token

[tony mancill]

On Fri, May 06, 2022 at 09:46:24AM +0100, Neil Williams wrote:
> Source: google-oauth-client-java
> Version: 1.28.0-2
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> 
> The following vulnerability was published for google-oauth-client-java.
> 
> CVE-2021-22573[0]:
>
> (SNIP)
> 
> Fixed in upstream release 1.33.3
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-22573
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22573
> 
> Please adjust the affected versions in the BTS as needed.

Upstream version 1.33.3 requires a minor update to the Debian packaging
of google-http-client-java that I am working on now.

I will upload a package for 1.33.3 in the next day or so.

Cheers,
tony

Bug#1010793: globus-gass-copy-progs: GSIFTP uploads fail with globus_l_ftp_control_send_cmd_cb: gss_init_sec_context failed to generate output token

[Christoph Anton Mitterer]

Package: globus-gass-copy-progs
Version: 10.10-1
Severity: important


Hey.

Since a while now, uploads with globus-url-copy fail.

$ globus-url-copy -p 1 -vb -dbg file:///bin/bash 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/
Source: file:///bin/
Dest:   gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/
  bash
debug: starting to put 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/bash
debug: connecting to 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/bash

debug: response from 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/bash:
220 GSI FTP door ready

debug: authenticating with 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/bash
debug: fault on connection to 
gsiftp://lcg-lrz-ftp.grid.lrz.de/pnfs/lrz-muenchen.de/data/atlas/bash: 
globus_l_ftp_control_send_cmd_cb: gss_init_sec_context failed to generate 
output token

debug: data callback, error globus_l_ftp_control_send_cmd_cb: 
gss_init_sec_context failed to generate output token
, buffer 0x7f9ac4210010, length 0, offset=0, eof=true
debug: operation complete

error: globus_l_ftp_control_send_cmd_cb: gss_init_sec_context failed to 
generate output token


Could some rebuilt be needed? IIRC that was required some weeks ago for xrdcp.

Cheers,
Chris.



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages globus-gass-copy-progs depends on:
ii  libc6 2.33-7
ii  libglobus-common0 18.11-1
ii  libglobus-ftp-client2 9.6-1
ii  libglobus-gass-copy2  10.10-1
ii  libglobus-gass-transfer2  9.3-1
ii  libglobus-gsi-sysconfig1  9.4-1
ii  libglobus-gssapi-error2   6.2-1
ii  libglobus-gssapi-gsi4 14.17-1
ii  libglobus-io3 12.3-1
ii  libltdl7  2.4.7-4
ii  libssl1.1 1.1.1o-1

globus-gass-copy-progs recommends no packages.

globus-gass-copy-progs suggests no packages.

-- no debconf information

Bug#1010686: golang-github-boltdb-bolt: ftbfs issue on riscv64 arch

[Bo YU]

Source: golang-github-boltdb-bolt
Followup-For: Bug #1010686
X-Debbugs-Cc: debian-ri...@lists.debian.org, debian...@lists.debian.org


These package's upstream had switched to bbolt:
* golang-github-blevesearch-bleve
* influxdb
* golang-github-hashicorp-raft-boltdb

So can these packages dependencs switch from golang-github-boltdb-bolt-dev to
golang-github-coreos-bbolt?

The snapd package's upstream import bolt that was maintained by snap project:
https://github.com/snapcore/bolt. It seems to support riscv64 also.

These packages is switching to bblot:
* nomad
* vuls
* golang-github-micromdm-scep

BR,
Bo

Bug#1010792: RFS: psi-notify/1.2.1-2 [ITP] -- Alert when your machine is becoming oversaturated

[Michel Alexandre Salim]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "psi-notify":

 * Package name: psi-notify
   Version : 1.2.1-2
   Upstream Author : Chris Down 
 * URL : https://github.com/cdown/psi-notify
 * License : MIT
 * Vcs : https://salsa.debian.org/michel/psi-notify
   Section : utils

The source builds the following binary packages:

  psi-notify - Alert when your machine is becoming oversaturated

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/psi-notify/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/p/psi-notify/psi-notify_1.2.1-2.dsc

Changes for the initial release:

 psi-notify (1.2.1-2) unstable; urgency=medium
 .
   * Add debian/watch file (Closes: #1010778)

Regards,

-- 
Michel Alexandre Salim
identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2


signature.asc
Description: PGP signature

Bug#1010791: RFS: distrobox/1.2.15-2 [ITP] -- Another tool for containerized command line environments on Linux

[Michel Alexandre Salim]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "distrobox":

 * Package name: distrobox
   Version : 1.2.15-2
   Upstream Author : Luca Di Maio 
 * URL : https://distrobox.privatedns.org/
 * License : GPL-3.0
 * Vcs : https://salsa.debian.org/michel/distrobox
   Section : admin

The source builds the following binary packages:

  distrobox - Another tool for containerized command line environments on Linux

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/distrobox/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/d/distrobox/distrobox_1.2.15-2.dsc

Changes for the initial release:

 distrobox (1.2.15-2) unstable; urgency=low
 .
   * Add watch and VCS field. Closes: #1008291

Regards,

-- 
Michel Alexandre Salim
identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2


signature.asc
Description: PGP signature

Bug#1010790: xgammon: reproducible-builds: embedded build paths in /usr/games/xgammon

[Vagrant Cascadian]

Source: xgammon
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in /usr/games/xgammon:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/xgammon.html

  /build/1st/xgammon-0.99.1128/src/xgammon.c:286
  vs.
  /build/2/xgammon-0.99.1128/2nd/src/xgammon.c:286


The attached patch to debian/rules fixes this by passing CFLAGS to make.

Alternately, updating the packaging to use dh/debhelper at a recent
compat level would also likely fix this.


With this patch applied, xgammon should build reproducibly on
tests.reproducible-builds.org!


live well,
  vagrant
From 60b8556299e2e12bbebbe38e463757f2635a72b8 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Tue, 10 May 2022 02:27:23 +
Subject: [PATCH] debian/rules: Pass CFLAGS to make.

---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 3ea1ac6..f63f8c8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,7 +9,7 @@ build: build-stamp
 build-stamp:
 	dh_testdir
 	cd src && imake -I/usr/lib/X11/config
-	cd src && $(MAKE) 
+	cd src && $(MAKE) CFLAGS="$(CFLAGS)"
 	touch build-stamp
 
 clean:
-- 
2.36.0



signature.asc
Description: PGP signature

Bug#986320: Stronger advice on when to use native packages

[Jonathan Nieder]

Hi,

Russ Allbery wrote:

> Currently, Debian Policy is silent on when it's appropriate to use a
> native package, but there may be a project consensus aganist using
> native packages when the software has an existence outside of Debian.

I agree about this (modulo the bits discussed elsewhere in this bug
about using native packages as a workaround to issues with the format
of non-native packages).

> Even if that consensus does not exist, there is probably consensus
> that native packages are a poor match for large packages (because of
> the inefficiency of making small updates to the packaging of native
> packages),

Do you mean large packages with a separate upstream existence, or
large packages in general?  I don't think there's such a consensus for
large packages in general: if Debian is the canonical place for a
particular package to be released (e.g., as is true for dpkg), then it
doesn't seem like it would be worth the overhead of making two
releases, one upstream and one for packaging, whenever updating that
package.

[...]
> (See #542288 for some of this discussion.)

Because I'm lazy: :) that's a pretty long bug --- did you have a
particular comment in it in mind?

Thanks,
Jonathan

Bug#1010789: xarclock: reproducible-builds: embedded build paths in /usr/bin/xarclock

[Vagrant Cascadian]

Source: xarclock
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in /usr/bin/xarclock:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/xarclock.html

  /build/1st/xarclock-1.0/xarclock.c:151
  vs.
  /build/2/xarclock-1.0/2nd/xarclock.c:151


The attached patch to debian/rules fixes this by passing CFLAGS to
dh_auto_build.


With this patch applied, xarclock should build reproducibly on
tests.reproducible-builds.org!


live well,
  vagrant
From 5a7f01285d8bc22d9e7e758d00b71b8c564a383f Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Tue, 10 May 2022 01:23:39 +
Subject: [PATCH 1/4] debian/rules: Pass CFLAGS to dh_auto_build.

---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 77c0408..9431470 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,4 +7,4 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 override_dh_auto_build:
 	xmkmf
-	dh_auto_build
+	dh_auto_build -- CFLAGS="$(CFLAGS)"
-- 
2.35.1



signature.asc
Description: PGP signature

Bug#1010778: ITP: psi-notify -- Alert when your machine is becoming over-saturated

[Michel Alexandre Salim]

On Tue, May 10, 2022 at 08:42:43AM +0800, Paul Wise wrote:
> On Mon, 2022-05-09 at 21:14 +, Michel Alexandre Salim wrote:
> 
> > I plan to maintain this myself - I'm new to Debian packaging, this is my
> > second package (currently also working on getting distrobox
> > sponsored)
> 
> I need this, so I will be happy to sponsor you. Once the package is
> ready, please follow the usual mentors procedures (RFS etc) and I will
> review the package when I read the RFS mail.
> 
Thanks Paul! I'm doing some sanity tests on the package right now, I'll
likely upload to mentors and mail the RFS tomorrow.

Best regards,

-- 
Michel Alexandre Salim
identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2


signature.asc
Description: PGP signature

Bug#1010755: qbs: FTBFS on riscv64

[Lisandro Damián Nicanor Pérez Meyer]

Hi!

On Mon, 9 May 2022 at 11:51, John Paul Adrian Glaubitz
 wrote:
>
> Hi Bo!
>
> On 5/9/22 16:27, Bo YU wrote:
> s error just means that the symbols file(s) have to be updated, see [1].
> >>
> > Before I filed the bug, I realized the ftbfs issue might be with the
> > symbols file as you point.
> > `apt source qbs` and the debian/symbols file has the symbols:
> > ```
> > _ZN6QDebuglsEPKc@Base 1.22.0
> >  _ZN6QDebuglsERK7QString@Base 1.22.0
> >  _ZN7QStringD1Ev@Base 1.22.0
> >  _ZN7QStringD2Ev@Base 1.22.0
> > ```
> > It seems the symbols file is ok and I try to build it on riscv64
> > hardware locally and it is ok :)
> >
> > Or I am misunderstanding the buildd log error hint？
>
> It might be that the symbols file mismatch is considered a fatal error on the 
> buildd but
> not for your local builds. Or the buildd was building with different build 
> dependencies,
> we can try to trigger a rebuild on the buildd.

Missing non-optional symbols is fatal. But in this case:

$ c++filt _ZN6QDebuglsERK7QString
QDebug::operator<<(QString const&)

And:

$ grep -Rn QDebug /usr/include/qbs/*
/usr/include/qbs/tools/codelocation.h:90:QDebug operator<<(QDebug
debug, const CodeLocation );

As you can see the signatures do not match, so the missing symbol must
come from some private header and it's not exposed to the user.

The maintainer will probably add the required changes in the next
upload, as usual.

-- 
Lisandro Damián Nicanor Pérez Meyer
https://perezmeyer.com.ar/

Bug#1010714: sane-pixma: sane can't find scanner

[Alexandre Lymberopoulos]

Hi, Jörg!

I appreciate your promptness and will to help. Thanks again!

Best, Alexandre

On May 09 2022, Jörg Frings-Fürst wrote:
> tags 1010714 - moreinfo
> thanks
> 
> Hello Alexandre, 
> 
> glad I could help you.
> 
> CU
> Jörg
> 
> 
> 
> -- 
> New:
> GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
> GPG key (long) : 09F89F3C8CA1D25D
> GPG Key: 8CA1D25D
> CAcert Key S/N : 0E:D4:56
> 
> Old pgp Key: BE581B6E (revoked since 2014-12-31).
> 
> Jörg Frings-Fürst
> D-54470 Lieser
> 
> 
> git:  https://jff.email/cgit/
> 
> Threema: SYR8SJXB
> Wire: @joergfringsfuerst
> Skype: joergpenguin
> Ring: jff
> Telegram: @joergfringsfuerst
> 
> 
> My wish list: 
>  - Please send me a picture from the nature at your home.
> 
> 
> 
> Am Sonntag, dem 08.05.2022 um 17:24 -0300 schrieb Alexandre
> Lymberopoulos:
> > Hi!
> > 
> > It worked adding the fixed IP I setup on the router. Commenting that
> > line makes scanner invisible to sane again. (all of this with the
> > proprietary software uninstalled).
> > 
> > Thanks!
> > 
> > Best, Alexandre
> > 
> > On May 08 2022, Jörg Frings-Fürst wrote:
> > > Hello,
> > > 
> > > thanks for your answer.
> > > 
> > > Please add something like this
> > > 
> > > bjnp://ScannerIP
> > > 
> > > into your pixma.conf
> > > 
> > > For the exact syntax and further parameters please look in 'man
> > > sane-
> > > pixma'.
> > > 
> > > CU
> > > Jörg
> > > 
> [...]



-- 
===
Alexandre Lymberopoulos - lym...@gmail.com
===

Bug#1010788: spades: Mismatch correction / --careful mode broken by Debian patch

[Carl Suster]

Package: spades
Version: 3.15.4+dfsg-1
Severity: normal

Dear Maintainer,

Using spades with the --careful flag triggers the following error:

Traceback (most recent call last):
  File "/usr/libexec/spades/spades.py", line 683, in 
main(sys.argv)
  File "/usr/libexec/spades/spades.py", line 621, in main
cfg, dataset_data, command_line = parse_args(args, log)
  File "/usr/libexec/spades/spades.py", line 257, in parse_args
options, cfg, dataset_data = options_parser.parse_args(log, bin_home, 
spades_home,
  File "/usr/share/spades/spades_pipeline/options_parser.py", line 1157, in 
parse_args
add_to_cfg(cfg, log, bin_home, spades_home, options_storage.args)
  File "/usr/share/spades/spades_pipeline/options_parser.py", line 995, in 
add_to_cfg
if which("bwa-spades"):
NameError: name 'which' is not defined

Reproducible with e.g.:

f="$(mktemp .fq)"
echo -e "@a\nA\n+\n!" > "$f"
spades --careful --12 "$f" -o "/tmp"

The code path related to that flag in options_parser.py has been patched in
Debian to add the call to which():


https://salsa.debian.org/med-team/spades/-/blob/d3c54b2ae8f0ee29a639fe0246d670fcad54b45b/debian/patches/0003_accept-system-bwa.patch#L82-L95

When the patch was initially created in this commit:


https://salsa.debian.org/med-team/spades/-/commit/ac1cfa145bf4066ca7f3af47db1aae6dd28ac5ab

the call and definition of which() were both in spades.py but the call was
later moved to options_parser.py while the definition was left behind unused.
Rather than adding multiple definitions of which() in the patch, the single
version in support.py could be imported wherever it needs to be used.


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages spades depends on:
ii  bamtools   2.5.1+dfsg-10+b1
ii  bwa0.7.17-7
ii  libc6  2.33-7
ii  libgcc-s1  12.1.0-1
ii  libgomp1   12.1.0-1
ii  libnlopt0  2.7.1-4+b1
ii  libssw01.1-13
ii  libstdc++6 12.1.0-1
ii  python33.10.4-1+b1
ii  python3-distutils  3.9.12-1
ii  python3-joblib 0.17.0-4
ii  python3-yaml   5.4.1-1+b1
ii  samtools   1.13-4
ii  zlib1g 1:1.2.11.dfsg-4

spades recommends no packages.

spades suggests no packages.

-- no debconf information

Bug#1010778: ITP: psi-notify -- Alert when your machine is becoming over-saturated

[Paul Wise]

On Mon, 2022-05-09 at 21:14 +, Michel Alexandre Salim wrote:

> I plan to maintain this myself - I'm new to Debian packaging, this is my
> second package (currently also working on getting distrobox
> sponsored)

I need this, so I will be happy to sponsor you. Once the package is
ready, please follow the usual mentors procedures (RFS etc) and I will
review the package when I read the RFS mail.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#783396: python3-irc: New upstream version 20.0.0

[Ben Finney]

Control: block -1 by 1010782 1010783 1010784
Control: noowner 1010782
Control: noowner 1010783
Control: noowner 1010784

-- 
 \  “Compulsory unification of opinion achieves only the unanimity |
  `\of the graveyard.” —Justice Roberts in 319 U.S. 624 (1943) |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#783396: python3-irc: new upstream version depends on more unpackaged Python libraries

[Ben Finney]

Control: submitter 1010782 !
Control: submitter 1010783 !
Control: submitter 1010784 !

On 10-May-2022, Ben Finney wrote:

> I am creating new WNPP bug reports for the dependencies that are not
> yet in Debian.

-- 
 \ “My girlfriend has a queen sized bed; I have a court jester |
  `\   sized bed. It's red and green and has bells on it, and the ends |
_o__) curl up.” —Steven Wright |
Ben Finney 


signature.asc
Description: PGP signature

Bug#1010787: sgml-base-doc: reproducible builds: Build date embedded in documentation

[Vagrant Cascadian]

Source: sgml-base-doc
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build date is embedded in various documentation:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/sgml-base-doc.html

  /usr/share/doc/sgml-base-doc/sgml_layout.html/ch-Other.html


  23·April·2022
  vs.
  26·May·2023


The attached patch fixes this in debian/rules by setting the
DEBIANDOC_DATE environment variable based on SOURCE_DATE_EPOCH.

Alternately, this variable could also be set to an empty value, which
results in no date of any kind.


With this patch applied, sgml-base-doc should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining sgml-base-doc!


live well,
  vagrant
From af442a242fb76dce0fa1cbe81ff3585574ba53ed Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Tue, 10 May 2022 00:08:56 +
Subject: [PATCH] debian/rules: Set DEBIANDOC_DATE based on SOURCE_DATE_EPOCH.

https://tests.reproducible-builds.org/debian/issues/unstable/debiandoc_sgml_timestamp_issue.html
---
 debian/rules | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/rules b/debian/rules
index 0714fa7..d3778ac 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,8 @@
 PACKAGE  = sgml-base-doc
 PKG_DOCS = sgml_layout.html sgml_layout.pdf sgml_layout.txt
 
+# Ensure reproducible date
+export DEBIANDOC_DATE = $(shell date --utc --date=@$(SOURCE_DATE_EPOCH) '+%Y-%m-%d')
 
 .SUFFIXES: .html .pdf .sgml .txt
 .sgml.html:
-- 
2.36.0



signature.asc
Description: PGP signature

Bug#783396: python3-irc: New upstream version 20.0.0

[Ben Finney]

Control: block -1 1010782 1010783 1010784
Control: summary 1010782 Upstream source for this package is published at 
https://pypi.org/project/jaraco.logging/
Control: outlook 1010782
Control: summary 1010783 Upstream source for this package is published at 
https://pypi.org/project/jaraco.stream/
Control: outlook 1010783
Control: summary 1010784 Upstream source for this package is published at 
https://pypi.org/project/rst.linker/
Control: outlook 1010784

On 10-May-2022, Ben Finney wrote:

> I am creating new WNPP bug reports for the dependencies that are not
> yet in Debian.

Those dependencies will need to be packaged before this bug can be
fixed.

-- 
 \ “Yesterday I parked my car in a tow-away zone. When I came back |
  `\  the entire area was missing.” —Steven Wright |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#1006245: libwebsockets: FTBFS with OpenSSL 3.0

[Bastian Germann]

Upstream's changelog says in v4.2.0:
"prepared for openssl v3 compatibility, for main function and GENCRYPTO"

So please import that or a later version.

Bug#1010786: RFP: swugenerator -- Generates SWU update packages for SWUpdate

[Bastian Germann]

Package: wnpp
Severity: wishlist

* Package name: swugenerator
  Upstream Author : Stefano Babic 
* URL : https://github.com/sbabic/swugenerator
* License : GPL-3
  Programming Lang: Python
  Description : Generates SWU update packages for SWUpdate

Debian has the package swupdate already in the archive.
The creation of update packages for swupdate is not trivial,
which is why swugenerator was created.

swugenerator is a tool running on host to create and modify SWUpdate's Update 
files (SWU).
SWU files contain a meta description of the release (sw-description), and swugenerator adds 
components to a template passed from command line. It is goal of the tool to fill the gap with 
Yocto/OE, where SWU generation is done by classes in the meta-swupdate layer but Debian has no tools 
to create a SWU.


The tool signs the SWU and can encrypt the artifacts. The tool parses the 
libconf based sw-description.

Bug#1010785: gdome2: reproducible-builds: embedded build paths libgdome.so.*

[Vagrant Cascadian]

Source: gdome2
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in /usr/lib/libgdome.so.0.8.1:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/gdome2.html

  /build/1st/gdome2-0.8.1+debian/libgdome/gdome.c:65
  vs.
  /build/2/gdome2-0.8.1+debian/2nd/libgdome/gdome.c:65


The attached patch to debian/rules fixes this by passing
-ffile-prefix-map in CFLAGS and ensuring CFLAGS is passed to configure.

Alternately, updating the packaging to use dh/debhelper at a recent
compat level would also likely fix this.


With this patch applied, gdome2 should build reproducibly on
tests.reproducible-builds.org!


live well,
  vagrant
From 65c23dfcbf5fd3a59d4a3141430247225e4d4413 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 9 May 2022 23:06:56 +
Subject: [PATCH] debian/rules: add -ffile-prefix-map to CFLAGS and ensure
 CFLAGS are passed in the configure phase.

---
 debian/rules | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 5e25754..ae361d7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,13 +11,15 @@ ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
 INSTALL_PROGRAM += -s
 endif
 
+CFLAGS += -ffile-prefix-map=$(CURDIR)=.
+
 configure: configure-stamp
 configure-stamp:
 	dh_testdir
 	cp /usr/share/misc/config.sub /usr/share/misc/config.guess .
 	libtoolize -c -f
 	autoreconf -f -i
-	./configure --prefix=/usr \
+	CFLAGS="$(CFLAGS)" ./configure --prefix=/usr \
 		--mandir=\$${prefix}/share/man \
 		--infodir=\$${prefix}/share/info \
 		--with-html-dir=\$${prefix}/share/doc/libgdome2-dev 
-- 
2.36.0



signature.asc
Description: PGP signature

Bug#783396: python3-irc: new upstream version depends on more unpackaged Python libraries

[Ben Finney]

Control: outlook -1 0
Control: retitle -1 python-irc: New upstream version 20.0.0
Control: clone -1 -2
Control: retitle -2 RFP: python3-jaraco.logging -- Functions to integrate 
argparse with logging — Python 3
Control: reassign -2 wnpp
Control: clone -1 -3
Control: retitle -3 RFP: python3-jaraco.stream -- Functions for handling 
streaming data — Python 3
Control: reassign -3 wnpp
Control: clone -1 -4
Control: retitle -4 RFP: python3-sphinx-rst-linker -- Sphinx extension for 
custom URL replacement — Python 3
Control: reassign -4 wnpp

The recent upstream versions depend on additional Python libraries
that are not yet packaged in Debian.

On 03-May-2020, Iain Learmonth wrote:

> I just went to hack on something with the python3-irc package, but it
> turns out that Debian is 10 versions behind.

Thanks for asking. This is tracked in Debian bug#783396.

> Is there some reason that we've held back the version of python3-irc?

As described in that bug report, many new dependencies have arisen for
the upstream ‘irc’ library in recent versions.

> Can I help?

I am creating new WNPP bug reports for the dependencies that are not
yet in Debian.

-- 
 \  “I lost a button-hole.” —Steven Wright |
  `\   |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#1010781: ragel: reproducible-builds: embedded build paths in /usr/bin/ragel

[Vagrant Cascadian]

Source: ragel
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in /usr/bin/ragel:

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/ragel.html

  /build/1st/ragel-6.10/ragel/main.cpp:462
  vs.
  /build/2/ragel-6.10/2nd/ragel/main.cpp:462


The attached patch to debian/rules fixes this by also setting CXXFLAGS
and passing it to configure.

Alternately, updating the packaging to use dh/debhelper at a recent
compat level would also likely fix this, or passing
-ffile-prefix-map=$(CURDIR)=. in CFLAGS and CXXFLAGS.


With this patch applied, ragel should build reproducibly on
tests.reproducible-builds.org!


live well,
  vagrant
From 55b5bcf491bca1cf98f73819da71a8830741b869 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 9 May 2022 23:26:49 +
Subject: [PATCH] debian/rules: Also pass CXXFLAGS to configure.

---
 debian/rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index c695e62..d3b512f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 
 CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
+CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS)
 LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
 
 # for the m68k hack
@@ -9,7 +10,7 @@ export DEB_BUILD_ARCH
 
 config.status: configure
 	dh_testdir
-	CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --prefix=/usr --mandir=\$${prefix}/share/man 
+	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --prefix=/usr --mandir=\$${prefix}/share/man 
 
 build: build-arch build-indep
 build-arch: build-stamp
-- 
2.36.0



signature.asc
Description: PGP signature

Bug#1010780: htop: markup of deleted executables not updated on change of color scheme

[Kacper Gutowski]

Package: htop
Version: 3.2.0-1
Severity: minor

Recently htop started to highlight processes with deleted executables or 
libraries with a color which depends on the color scheme (red and yellow 
in the Default one). Also the command name is highlighted with a color 
when merged exe/comm/cmdline view is used.


Changing colors through the Setup > Color menu at the runtime does not 
immediately update these. For example, after switching from Default to 
Monochrome, the processes with deleted files are still marked with red 
and yellow and command names are magenta despite everything else 
displaying gray and white. Restarting htop or toggling some of the 
display options (e.g. the path display) updates it bringing display to a 
consistent state.


It would be expected for color scheme to apply consistently all the time.

-k


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (900, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-3-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages htop depends on:
ii  libc6 2.33-7
ii  libncursesw6  6.3+20220423-1
ii  libnl-3-200   3.5.0-0.1
ii  libnl-genl-3-200  3.5.0-0.1
ii  libtinfo6 6.3+20220423-1

htop recommends no packages.

Versions of packages htop suggests:
ii  lm-sensors  1:3.6.0-7
ii  lsof4.95.0-1
ii  strace  5.10-1

-- no debconf information

Bug#1010684: Boot parameter to specify directory of filesystem.squashfs (other than /boot)

[Ben Westover]

Hello Stefan,



mentions "findiso" and "fromiso" as well as "live-media|bootfrom" and
"live-media-path".


Yeah, I read the manpage right before making this bug.


One way is to stuff your squashfs into an ISO image (nothing else needed
in there, just the subdirectory /live containing your squashfs), and use
one of the iso parameters.


I didn't think of using the ISO parameters that way, smart idea.
If my idea of having just SquashFSes in their own folders doesn't work, 
I'll try this out.



Using the live-media*-Parameters should make it possible to use a
squashfs file directly, without having to wrap it into an iso. I haven't
tried this myself lately, though.


From how I understood the explanation of live-media/bootfrom, it looks 
like it wants you to specify a device to look inside /live of. I would 
need to create a separate partition for every squashfs, /live in each.


I don't believe there are currently any options that allow me to achieve 
my goal without wrapping the squashfs. Thank you for your help!

--
Ben Westover


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010779: ITP: ros2-rcutils -- C Utilities and Data Structures for ROS 2

[Timo Röhling]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: roehl...@debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Subject: ITP: ros2-rcutils -- C Utilities and Data Structures for ROS 2
Package: wnpp
Owner: Timo Röhling 
Severity: wishlist
X-Debbugs-CC: debian-de...@lists.debian.org

* Package name: ros2-rcutils
  Version : 5.2.0
  Upstream Author : Open Source Robotics Foundation, Inc
* URL : https://github.com/ros2/rcutils
* License : BSD-2-clause, Apache-2
  Programming Lang: Python, C++, C
  Description : C Utilities and Data Structures for ROS 2

This package is part of ROS 2, the Robot Operating System. 
It provides basic macros, functions, and data structures for the ROS 2
codebase.

The package will be team-maintained under the umbrella of
Debian Robotics Team 
at https://salsa.debian.org/robotics-team/ros2-rcutils


-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmJ5m6MACgkQ+C8H+466
LVlQQQv/ZQrWYhkA/aUCScvan/HJ3BVGS4PC7eZt5/aWElHI0AFDsZuwRF7uGlhi
jBoDXJz3L0IsiDOLN0v48r5MPdj2bz1b2vL5UKMiLmO69Ko7Ky4GRYuNZkwp21tp
95xnDO7/s0GZoDZBf9x2YzjcoTW9Wn+KQp58gZICvDD3DpVueTUsjs9fqN1qymwi
WJKWAKnjc0MCt04mPXQ1IPTVXH+dntL6GwrAZ2ZCojTDWBR6xPSas/hiT0oP/j/Q
ZLzUeVw7rinj1bMQidlOu/zxdYNdRXg/PM7p3foLs/Ux8rbEEjHCceS2WhMP95+L
WolE+vHsc8e1+aq+DxdlWHsFohfQW/R3vpPgnCefUZ1m1gcEZZAbt2rDGTp/DM7y
kb71hltwgAZlCMnEQQO1cbPge3bSTwhnnqiV4mdESk0xeSnS2Yc5RX9AYcCI7UaR
PQrrWmWHtpVqf+7CbheLjF9by2dmZDfJU8BRI8IrfMI4XPbwES6SO4AAkXBNOHil
1Cyo4V4y
=X9GS
-END PGP SIGNATURE-

Bug#1010177: Realtek r8168 8.050.0

[Ian Hastie]

As of 2022/04/28 there is a new version 8.050.0 of the r8168 driver 
available from Realtek.  It compiles and works with 5.17 of Linux.

Bug#1010778: ITP: psi-notify -- Alert when your machine is becoming over-saturated

[Michel Alexandre Salim]

Package: wnpp
Severity: wishlist
Owner: Michel Alexandre Salim 
X-Debbugs-Cc: debian-de...@lists.debian.org, mic...@michel-slm.name

* Package name: psi-notify
  Version : 1.2.1
  Upstream Author : Chris Down 
* URL : https://github.com/cdown/psi-notify
* License : MIT
  Programming Lang: C
  Description : Alert when your machine is becoming over-saturated

psi-notify is a minimal unprivileged notifier for system-wide resource pressure 
using PSI. This can help you to identify misbehaving applications on your 
machine before they start to severely impact system responsiveness, in a way 
which MemAvailable, CPU graphs, I/O utilisation graphs and other metrics cannot.

Features

- Runs unprivileged
- Minimal resource usage
- Works with any notifier using Desktop Notifications

I use this daily on my Fedora and CentOS machines, and would like to
have this in Debian too.

I plan to maintain this myself - I'm new to Debian packaging, this is my
second package (currently also working on getting distrobox sponsored)

Bug#1010777: RFP: qflipper -- application for updating Flipper Zero firmware

[Francois Marier]

Package: wnpp
Severity: wishlist

* Package name: qflipper
  Version : 1.0.2
  Upstream Author : Georgii Surkov 
* URL : https://github.com/flipperdevices/qFlipper
* License : GPL-3.0
  Programming Lang: C++
  Description : application for updating Flipper Zero firmware

qFlipper is a graphical desktop application for updating Flipper Zero
firmware.
.
Features:
.
- Update Flipper's firmware and supplemental data with a press of one button
- Repair a broken fimware installation
- Stream Flipper's display and control it remotely
- Install firmware from a .dfu file
- Backup and restore settings, progress and pairing data
- Automatic self-update feature
- Command line interface

Bug#1010776: zbarcam-gtk: please provide .desktop entry for zbarcam-gtk

[Agathe Porte]

Package: zbarcam-gtk
Version: 0.23.92-4+b2
Severity: normal
Tags: upstream
X-Debbugs-Cc: deb...@microjoe.org

Dear Maintainer,

When installing graphical software like zbarcam-gtk, one is expected to
be able to find it using their favourite desktop environment. This is
usually done with the help of a desktop file [1].

This bug has been reported to upstream in 2020 [2] without any action
taken. If you agree I can take the time to draft a zbar-gtk.desktop file
so that you can provide it in the zbarcam-gtk package, and we can
propose it to upstream after that.

[1] https://specifications.freedesktop.org/desktop-entry-spec/latest/
[2] https://github.com/mchehab/zbar/issues/95

Cheers,

Agata.

Bug#1010775: wpasupplicant 2:2.10-8~bpo11+1 in bullseye-backports creates an unmet dependency issue with network-manager 1.30.0-2 in bullseye

[Miga]

Package: wpasupplicant

Version: 2:2.10-8~bpo11+1



Hello,


The version of wpasupplicant (2:2.10-8~bpo11+1) in bullseye-backports is 
incompatible with network-manager (currently 1.30.0-2 in bullseye, no backports 
package available) which creates an unmet dependency issue when trying to 
install network-manager, which in turn is creating the following issue:

 wpasupplicant : Breaks: network-manager (< 1.36.4-2~) but 1.30.0-2 is going to 
be installed



-Miga

Bug#1010771: suricata: recieve erros after adding rule list

[Sascha Steinbiss]

Hi,

[...]

9/5/2022 -- 14:20:21 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
Complete IP space negated. Rule address range is NIL. Probably have a !any or
an address range that supplies a NULL address range


This seems to indicate that in the rule below, the expression 
![$SMTP_SERVERS,$DNS_SERVERS] (most likely) negates the whole IP space. 
So this depends on what was set in these variables in your 
suricata.conf. How did you configure those? For example, when at least 
one of these is set to "any" then this situation will occur.


Please note that Suricata is unlikely to work "out of the box" without 
any additional configuration that tailors the installation to your 
system (e.g. at least setting monitoring interfaces, etc.) which is 
_not_ done when installing the Debian package.


Best regards
Sascha

Bug#1010376: RFS: rinetd/0.73-0.1 [NMU] [ITA] -- Internet TCP/UDP redirection server

[Helmar Gerloni]

Upload #3 is now on Mentors:

  * Non-maintainer upload.
  * New upstream release (Closes: #1010732).
  * Added systemd service file debian/rinetd.service.
  * Added debian/watch.
  * debian/rules: CHANGES renamed to CHANGES.md.
  * debian/docs: README renamed to README.md.
  * debian/init: Added Description.
  * debian/copyright: Update to DEP5 format.
  * Removed debian/compat (9).
  * debian/control:
+ Added Homepage.
+ Removed debhelper (>= 9.0) from Build-Depends.
+ Added debhelper-compat (= 13) to Build-Depends.
+ Added procps to Depends (for rinetd.service).
+ Added lsb-base to Depends (lintian error).
+ Removed dh-autoreconf from Depends (lintian warning).
+ Added ${misc:Pre-Depends} to Pre-Depends (lintian warning).
+ Added UDP to Description (supported since 0.70).

Hopefully the watch file is ok. uscan seems to be happy.
I reverted the Standards-Version to 3.9.6.
changelog and copyright are a little bit more precise now.

Am Montag, 9. Mai 2022, 19:35:58 CEST schrieb Bastian Germann:
> On Fri, 29 Apr 2022 22:55:25 +0200 Helmar Gerloni  wrote:
> >  rinetd (0.73-0.1) unstable; urgency=medium
> >  .
> >* Non-maintainer upload.
> >* New upstream release (...).
> >* Added systemd service file debian/rinetd.service.
> 
> ExecReload calls kill, so you have to add Depends: procps.
> 
> >* Added debian/watch.
> 
> Please scan https://github.com/samhocevar/rinetd/releases for 
> rinetd-VERSION.tar.gz.
> That will contain the autogenerated files similar to the current package's 
> origtargz.
> Reupload should be based on that file.
> 
> >* debian/rules: CHANGES renamed to CHANGES.md.
> >* debian/docs: README renamed to README.md.
> >* debian/copyright: Update to DEP5 format.
> 
> Please also add the src/getopt.* copyright.
> 
> >* Removed debian/compat.
> >* debian/control:
> >  + Added debhelper-compat to Build-Depends.
> >  + Added lsb-base to Depends (lintian error).
> >  + Removed dh-autoreconf from Depends (lintian warning).
> 
> That warning appears because you also raised the compat version which I do 
> not read here...
> 
> >  + Added ${misc:Pre-Depends} to Pre-Depends (lintian warning).
> >  + Added UDP to Description (supported since 0.70).
> >  + Updated Standards-Version to 4.6.0.1
> 
> Please note that the 4th version part is ignored, so please only use the 
> first three.
> The Standards-Version should only be raised on actually reviewing the package 
> for adhearing to the 
> newer version. If you have not reviewed the package, please drop this change.
> 
> Else this looks good to me.
> 

Bug#1010774: uif: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: uif 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the updated Dutch translation of uif debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1010773: iperf3: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: iperf3 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the Dutch translation of iperf3 debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1010772: partman-hfs: [INTL:nl] Dutch translation of debconf messages

[Frans Spiesschaert]

 
 
Package: partman-hfs 
Severity: wishlist 
Tags: l10n patch 
 
 
 
Dear Maintainer, 
 
 
Please find attached the Dutch translation of partman-hfs debconf
messages. 
It has been submitted for review to the debian-l10n-dutch mailing list. 
Please add it to your next package revision. 
It should be put as debian/po/nl.po in your package build tree. 
 

-- 
Kind regards,
Frans Spiesschaert



nl.po.gz
Description: application/gzip

Bug#1010771: suricata: recieve erros after adding rule list

[Tim McConnell]

Package: suricata
Version: 1:6.0.5-2
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: tmcconnell...@gmail.com

Dear Maintainer,

 What led up to the situation?
Followed the instructions from suricata.readthedocs.io to add rules for the IDS

What exactly did you do (or not do) that was effective (or
 ineffective)?
Ran the commands suricata-update enable-source 

What was the outcome of this action?
Received these errors:
9/5/2022 -- 14:20:21 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
Complete IP space negated. Rule address range is NIL. Probably have a !any or
an address range that supplies a NULL address range
9/5/2022 -- 14:20:21 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any ->
$DNS_SERVERS 53 (msg:"ET DNS DNS Lookup for localhost.DOMAIN.TLD";
content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|";
distance:1; within:7; content:"|09|localhost"; fast_pattern; nocase;
classtype:bad-unknown; sid:2011802; rev:6; metadata:created_at 2010_10_13,
updated_at 2019_09_03;)" from file /var/lib/suricata/rules/suricata.rules at
line 3806
9/5/2022 -- 14:20:29 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
Complete IP space negated. Rule address range is NIL. Probably have a !any or
an address range that supplies a NULL address range
9/5/2022 -- 14:20:29 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert tcp !$SMTP_SERVERS any -> !$HOME_NET 25 (msg:"ET
POLICY Outbound Multiple Non-SMTP Server Emails"; flow:established;
content:"mail from|3a|"; nocase; threshold: type threshold, track by_src, count
10, seconds 120; reference:url,doc.emergingthreats.net/2000328; classtype:misc-
activity; sid:2000328; rev:12; metadata:created_at 2010_07_30, updated_at
2010_07_30;)" from file /var/lib/suricata/rules/suricata.rules at line 23564
9/5/2022 -- 14:20:29 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
Complete IP space negated. Rule address range is NIL. Probably have a !any or
an address range that supplies a NULL address range
9/5/2022 -- 14:20:29 -  -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] -
error parsing signature "alert tcp !$HOME_NET any -> $HOME_NET 25 (msg:"ET
POLICY Inbound Frequent Emails - Possible Spambot Inbound"; flow:established;
content:"mail from|3a|"; nocase; threshold: type threshold, track by_src, count
10, seconds 60; reference:url,doc.emergingthreats.net/2002087; classtype:misc-
activity; sid:2002087; rev:10; metadata:created_at 2010_07_30, updated_at
2010_07_30;)" from file /var/lib/suricata/rules/suricata.rules at line 23565
9/5/2022 -- 14:20:35 -  -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] -
Loading signatures failed.
9/5/2022 -- 14:20:36 -  -- Suricata test failed, aborting.
9/5/2022 -- 14:20:36 -  -- Restoring previous rules

What outcome did you expect instead?
To be able to run the rules



-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-1-rt-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages suricata depends on:
ii  dpkg 1.21.7
ii  init-system-helpers  1.62
ii  libbpf0  1:0.7.0-2
ii  libc62.33-7
ii  libcap-ng0   0.7.9-2.2+b2
ii  libevent-2.1-7   2.1.12-stable-5
ii  libevent-pthreads-2.1-7  2.1.12-stable-5
ii  libgcc-s112-20220428-1
ii  libhiredis0.14   0.14.1-2
ii  libhtp2  1:0.5.40-1
ii  libhyperscan55.4.0-2
ii  libjansson4  2.14-2
ii  libluajit-5.1-2  2.1.0~beta3+dfsg-6
ii  liblz4-1 1.9.3-2
ii  libmagic11:5.41-4
ii  libmaxminddb01.5.2-1
ii  libnet1  1.1.6+dfsg-3.1
ii  libnetfilter-log11.0.2-2
ii  libnetfilter-queue1  1.0.5-3
ii  libnfnetlink01.0.2-2
ii  libnspr4 2:4.33-1
ii  libnss3  2:3.77-1
ii  libpcap0.8   1.10.1-4
ii  libpcre3 2:8.39-14
ii  libyaml-0-2  0.2.2-1
ii  lsb-base 11.1.0
ii  python3  3.10.4-1+b1
ii  python3-simplejson   3.17.6-1
ii  zlib1g   1:1.2.11.dfsg-4

Versions of packages suricata recommends:
ii  snort-rules-default  2.9.15.1-6
ii  suricata-update  1.2.4-1

Versions of packages suricata suggests:
ii  libtcmalloc-minimal4  2.9.1-1

-- Configuration Files:
/etc/suricata/suricata.yaml changed:
%YAML 1.1
---
vars:
  # more specific is better for alert accuracy and performance
  address-groups:
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
HOME_NET: "[192.168.0.0/16]"
HOME_NET: "[10.0.0.0/8]"
HOME_NET: "[172.16.0.0/12]"
HOME_NET: "any"
EXTERNAL_NET: 

Bug#881910: ITA: libcdio-paranoia -- library to read and control digital audio CDs (was: Bug#881910: O: libcdio and libcdio-paranoia)

[Bastian Germann]

Control: retitle -1 O: libcdio-paranoia -- library to read and control digital 
audio CDs
Control: noowner -1

On Thu, 5 May 2022 18:30:08 -0300 "Gabriel F. T. Gomes" 
 wrote:

Oh, I'm deeply sorry for not replying to this and for sitting on the ITA.

Please feel free to take the ITA. I'm very slow at Debian stuff these days.

Bug#1010770: admesh: CVE-2018-25033

[Salvatore Bonaccorso]

Source: admesh
Version: 0.98.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/admesh/admesh/issues/28
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for admesh.

CVE-2018-25033[0]:
| ADMesh through 0.98.4 has a heap-based buffer over-read in
| stl_update_connects_remove_1 (called from stl_remove_degenerate) in
| connect.c in libadmesh.a.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-25033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25033
[1] https://github.com/admesh/admesh/issues/28

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1010642: RFS: streamlink/4.0.1-1 -- CLI for extracting video streams from various websites to a video player

[Alexis Murzeau]

Control: tags -1 - moreinfo

Hi,

Thanks for your review :)

Le 07/05/2022 à 18:59, Jeroen Ploemen a écrit :
> Control: tags -1 moreinfo
> 
> On Thu, 5 May 2022 23:34:43 +0200
> Alexis Murzeau  wrote:
> 
>> I am looking for a sponsor for my package streamlink for a new
> 
> hi Alexis,
> 
> the package as published on mentors ftbfs for me, looks like it's
> trying to connect to the internet for something to do with intersphinx
> (docs/conf.py:110 ?). See log excerpt [1] below.

Indeed, I was running sbuild locally, but it doesn't prevent internet access.


> 
> Other than that, a few observations:
> * control: ancient version requirements for python, requests, and
>   pycountry are always met (even in oldstable);

I've removed old versions requirements always met (up to oldoldstable).


> * vcs: consider enabling the CI on Salsa, and pushing changes to
>   git before asking for sponsorship - it's a useful quality control
>   tool and a nice timesaver for reviewers too.
> 

I've enabled CI on Salsa (and pushed, which I forgot to do previously).
Everything is building Ok except the reprotest job which is failing because of 
multiple issues that I haven't fully investigated.
There is at least:
  - Hang in python 3.10 because of faketime, probably because faketime is not 
complete [1]
  - Crashes in lxml with unusual LC_ALL (maybe encoding related) (I need to 
report the bug for this)
  - Something else that crashes too and cause a core file to be generated and 
reported by dh_missing [2]


[1] https://github.com/wolfcw/libfaketime/issues/390
[2] usr/lib/python3.10/dist-packages/core

> 
> Please remove the moreinfo tag (and CC me directly) once you have an
> updated package ready.
> 

-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F|



signature.asc
Description: OpenPGP digital signature

Bug#991328: NGINX patch for CVE pending in Salsa

[Salvatore Bonaccorso]

Hi Thomas,

On Wed, May 04, 2022 at 04:07:32PM -0400, Thomas Ward wrote:
> Control: tags -1 + pending
> 
> Looks like, at first glance the patchset applies properly in 1.20.2 (3-line
> offset but no fuzz) as is.  I've pushed this into Salsa so it's pending in
> UNRELEASED 1.20.2-2 at the moment in Salsa.

Thanks!

Regards,
Salvatore

Bug#1010768: ITP: click-option-group -- Extension for Python click adding option groups

[Sebastien Badia]

Package: wnpp
Severity: wishlist
Owner: Sebastien Badia 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: click-option-group
  Version : 0.5.3
  Upstream Author : Eugene Prilepin 
* URL : https://github.com/click-contrib/click-option-group
* License : BSD-3-Clause
  Programming Lang: Python
  Description : Extension for Python click adding option groups

 Click is a package for creating powerful and beautiful command line interfaces
 (CLI) in Python, but it has no the functionality for creating option groups.
 .
 Option groups are convenient mechanism for logical structuring CLI, also it
 allows you to set the specific behavior and set the relationship among grouped
 options (mutually exclusive options for example).  Moreover, argparse stdlib
 package contains this functionality out of the box.

This package is a new dependency of synadm (ITP #1005296).

I'll move this package (https://salsa.debian.org/debian/python-click-option-
group) inside
the Debian Python package team when my request to join will be accepted
https://lists.debian.org/debian-python/2022/03/msg00047.html

Bug#1008585: linux-image-5.10.0-13-amd64: "clocksource:" log spam after 5.10.103-1 update

[Vincas Dargis]

2022-04-24 12:20, Salvatore Bonaccorso rašė:

Would you be able to test the current kernel from unstable so we can
confirm it's fixed in 5.17.3-1?


I am not sure if I want to install kernel from unstable into production machine.. :) . I believe I'll wait for Bullseye 
backport to see if it helps.

Bug#1010767: ITP: coquelicot -- Coq library for real analysis

[Julien Puydt]

Package: wnpp
Severity: wishlist
Owner: Julien Puydt 
X-Debbugs-Cc: debian-ocaml-ma...@lists.debian.org, jpu...@debian.org

* Package name: coquelicot
  Version : 3.2.0
  Upstream Author : S.Boldo, C.Lelay and G.Melquiond
* URL : https://coquelicot.saclay.inria.fr/
* License : LGPL-3
  Programming Lang: Coq
  Description : Coq library for real analysis
 This package provides a formalization of real analysis compatible
 with the Coq standard library.
 .
 Coq is a proof assistant for higher-order logic.

I plan to maintain the package within the Debian OCaml maintainers team, along
with the other Coq-related packages.

Cheers,

J.Puydt

Bug#1010376: RFS: rinetd/0.73-0.1 [NMU] [ITA] -- Internet TCP/UDP redirection server

[Bastian Germann]

On Fri, 29 Apr 2022 22:55:25 +0200 Helmar Gerloni  wrote:

 rinetd (0.73-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release (...).
   * Added systemd service file debian/rinetd.service.


ExecReload calls kill, so you have to add Depends: procps.


   * Added debian/watch.


Please scan https://github.com/samhocevar/rinetd/releases for 
rinetd-VERSION.tar.gz.
That will contain the autogenerated files similar to the current package's 
origtargz.
Reupload should be based on that file.


   * debian/rules: CHANGES renamed to CHANGES.md.
   * debian/docs: README renamed to README.md.
   * debian/copyright: Update to DEP5 format.


Please also add the src/getopt.* copyright.


   * Removed debian/compat.
   * debian/control:
 + Added debhelper-compat to Build-Depends.
 + Added lsb-base to Depends (lintian error).
 + Removed dh-autoreconf from Depends (lintian warning).


That warning appears because you also raised the compat version which I do not 
read here...


 + Added ${misc:Pre-Depends} to Pre-Depends (lintian warning).
 + Added UDP to Description (supported since 0.70).
 + Updated Standards-Version to 4.6.0.1


Please note that the 4th version part is ignored, so please only use the first 
three.
The Standards-Version should only be raised on actually reviewing the package for adhearing to the 
newer version. If you have not reviewed the package, please drop this change.


Else this looks good to me.

Bug#1010214: 1010214

[Jeroen Ploemen]

Looks like it's a change in paramiko triggering this, that needs work
in libcloud (and possibly others) to restore compatibility.

See these upstream issues:
https://github.com/paramiko/paramiko/issues/1961
https://github.com/apache/libcloud/pull/1685


pgp2e4K2m_X3S.pgp
Description: OpenPGP digital signature

Bug#1010764: openafs-modules-dkms: module fails to build for kernel 5.17.0-1-amd64

[Kai-Martin Knaak]

Package: openafs-modules-dkms
Version: 1.8.8.1-2
Severity: important

Dear Maintainer,

   * What led up to the situation?
   - regular apt upgrade on testing

   * What exactly did you do that was effective?
   - switch to kernel 5.16.0-6-amd64
 The module built fine for this slightly older kernel.

   * What was the outcome of this action?
   - I am unable to use openafs with kernel 5.17

   * What outcome did you expect instead?
   - a working openafs module for kernel 5.17

/var/lib/dkms/openafs/1.8.8.1/build/make.log seems to indicate a problem with 
the function complete_and_exit() in afs_call_nfs.c :

---
DKMS make.log for openafs-1.8.8.1 for kernel 5.17.0-1-amd64 (x86_64)
Mon  9 May 17:10:20 CEST 2022
checking for gcc... gcc-11
(...)
  CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_proc.o
CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_vnodeops.o
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_vnodeops.c:
In function ‘afs_linux_can_bypass’:
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_vnodeops.c:2700:16:
warning: this statement may fall through [-Wimplicit-fallthrough=] 2700
| if (i_size_read(ip) > cache_bypass_threshold) |
 ^
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_vnodeops.c:2703:9:
note: here 2703 | default: | ^~~ CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/osi_pagecopy.o
CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_nfsclnt.o
CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_nfsdisp.o
CC [M]
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_call_nfs.o
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_call_nfs.c:
In function ‘afsd_thread’:
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_call_nfs.c:331:9:
error: implicit declaration of function ‘complete_and_exit’
[-Werror=implicit-function-declaration] 331 |
complete_and_exit(0, 0); | ^ cc1: some warnings
being treated as errors make[4]: ***
[/usr/src/linux-headers-5.17.0-1-common/scripts/Makefile.build:293:
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP/afs_call_nfs.o]
Error 1 make[3]: ***
[/usr/src/linux-headers-5.17.0-1-common/Makefile:1855:
/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP]
Error 2 make[3]: Leaving directory
'/usr/src/linux-headers-5.17.0-1-amd64' FAILURE: make exit code 2
make[2]: *** [Makefile.afs:279: openafs.ko] Error 1 make[2]: Leaving
directory
'/var/lib/dkms/openafs/1.8.8.1/build/src/libafs/MODLOAD-5.17.0-1-amd64-SP'
make[1]: *** [Makefile:186: linux_compdirs] Error 2 make[1]: Leaving
directory '/var/lib/dkms/openafs/1.8.8.1/build/src/libafs' make: ***
[Makefile:15: all] Error 2



-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-6-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
(charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openafs-modules-dkms depends on:
ii  dkms   2.8.7-2
ii  libc6-dev  2.33-7
ii  perl   5.34.0-4

Versions of packages openafs-modules-dkms recommends:
ii  openafs-client  1.8.8.1-2

openafs-modules-dkms suggests no packages.

-- no debconf information



-- 
Kai-Martin Knaak   kn...@iqo.uni-hannover.de
Universität Hannover, Inst. für Quantenoptik   tel: +49-511-762-2895
Welfengarten 1, 30167 Hannover fax: +49-511-762-2211
PGP-Key: https://keys.openpgp.org/search?q=kn...@iqo.uni-hannover.de


pgpSxcK9A8bir.pgp
Description: OpenPGP digital signature

Bug#1010762: Acknowledgement (ITP: prometheus-systemd-exporter -- Prometheus Exporter for systemd unit metrics)

[Antoine Beaupré]

I tweaked the dh-golang output a little and dumped the result here:

https://salsa.debian.org/go-team/packages/systemd-exporter/

I'm stuck on this error:

dh binary --builddirectory=_build --buildsystem=golang --with=golang
 debian/rules binary
   dh_update_autotools_config -O--builddirectory=_build -O--buildsystem=golang
   dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang
   dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang
   dh_auto_build -O--builddirectory=_build -O--buildsystem=golang
cd _build && go install -trimpath -v -p 2 
github.com/povilasv/systemd_exporter 
github.com/povilasv/systemd_exporter/systemd
src/github.com/povilasv/systemd_exporter/main.go:7:2: cannot find package 
"github.com/povilasv/prommod" in any of:
/usr/lib/go-1.18/src/github.com/povilasv/prommod (from $GOROOT)
/<>/_build/src/github.com/povilasv/prommod (from $GOPATH)
src/github.com/povilasv/systemd_exporter/systemd/cgroups.go:14:2: cannot find 
package "github.com/prometheus/common/log" in any of:
/usr/lib/go-1.18/src/github.com/prometheus/common/log (from $GOROOT)
/<>/_build/src/github.com/prometheus/common/log (from 
$GOPATH)
dh_auto_build: error: cd _build && go install -trimpath -v -p 2 
github.com/povilasv/systemd_exporter 
github.com/povilasv/systemd_exporter/systemd returned exit code 1
make: *** [debian/rules:4: binary] Error 25

The first one, I understand, it's a dep that's missing. I am wondering
if I can just vendor that in, because it's just some shim code that's
unlikely to be used by other modules.

The latter I'm confused about. That module is correctly shipped by
golang-github-prometheus-common-dev so it should just work correctly...

Anything I'm missing here?

-- 
How inappropriate to call this planet 'Earth' when it is quite clearly
'Ocean'.
- Arthur C. Clarke

Bug#1010763: extrace: New upstream version 0.9 available

[Michael Prokop]

Package: extrace
Version: 0.7-2
Severity: wishlist

Hi,

a new upstream version v0.9 is available since 2022-01-19,
see https://git.vuxu.org/extrace/log/ +
https://github.com/leahneukirchen/extrace/tags

Thanks for maintaining extrace in Debian! :)

regards
-mika-

Bug#1010762: ITP: prometheus-systemd-exporter -- Prometheus Exporter for systemd unit metrics

[Antoine Beaupre]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: debian...@lists.debian.org

* Package name: prometheus-systemd-exporter
  Version : 0.4.0
  Upstream Author : Povilas Versockas 
* URL : https://github.com/povilasv/systemd_exporter
* License : Apache-2.0
  Programming Lang: Golang
  Description : Prometheus  Exporter for systemd unit metrics

Prometheus exporter for systemd units, written in Go.

Systemd groups processes, threads, and other resources (PIDs, memory,
etc) into logical containers called units. Systemd-exporter will read
the 11 different types of systemd units (e.g. service, slice, etc) and
give you metrics about the health and resource consumption of each
unit. This allows an application specific view of your system,
allowing you to determine resource usage of an application such as
mysql.service independently from the resources used by other processes
on your system.



This overlaps with the already packaged prometheus-node-exporter, but
the node exporter doesn't export per-unit statistics. You can get
global memory usage, but not per application memory usage, for
example. The is *some* overlap with the node exporter because they
both export *some* per unit stats (namely the number of restarts, for
example).

The upstream README also compares this with the
prometheus-process-exporter (also packaged). The process exporter
targets processes, not unit, and needs to be configured to target
specific processes, by name, which is somewhat error-prone.

This could be packaged under the golang team, I suppose.

Bug#1010761: mirror submission for mr.heru.id

[Heru Nugroho]

Package: mirrors
Severity: wishlist
User: mirr...@packages.debian.org
Usertags: mirror-submission

Submission-Type: new
Site: mr.heru.id
Type: leaf
Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-amd64 
kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x
Archive-http: /debian/
Maintainer: Heru Nugroho 
Country: ID Indonesia
Location: Jakarta
Sponsor: Heru https://heru.id




Trace Url: http://mr.heru.id/debian/project/trace/
Trace Url: http://mr.heru.id/debian/project/trace/ftp-master.debian.org
Trace Url: http://mr.heru.id/debian/project/trace/mr.heru.id

Bug#1010755: qbs: FTBFS on riscv64

[John Paul Adrian Glaubitz]

Hi Bo!

On 5/9/22 16:27, Bo YU wrote:
s error just means that the symbols file(s) have to be updated, see [1].
>>
> Before I filed the bug, I realized the ftbfs issue might be with the
> symbols file as you point.
> `apt source qbs` and the debian/symbols file has the symbols:
> ```
> _ZN6QDebuglsEPKc@Base 1.22.0
>  _ZN6QDebuglsERK7QString@Base 1.22.0
>  _ZN7QStringD1Ev@Base 1.22.0
>  _ZN7QStringD2Ev@Base 1.22.0
> ```
> It seems the symbols file is ok and I try to build it on riscv64
> hardware locally and it is ok :)
> 
> Or I am misunderstanding the buildd log error hint？

It might be that the symbols file mismatch is considered a fatal error on the 
buildd but
not for your local builds. Or the buildd was building with different build 
dependencies,
we can try to trigger a rebuild on the buildd.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1010345: This also affects ansible-galaxy collection install

[Matthias Weiss]

I can confirm this bug on an up to date Debian "bookworm" installation:

ansible-galaxy-vvvcollectioninstallcommunity.general
[DEPRECATION WARNING]: Setting verbosity before the arg sub command is 
deprecated, set the verbosity after the sub command. This feature will 
be removed from ansible-core in version 2.13.
Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

ansible-galaxy [core 2.12.4]
 config file = /home/matthias/.ansible.cfg
 configured module search path = 
['/home/matthias/.ansible/plugins/modules', 
'/usr/share/ansible/plugins/modules']

 ansible python module location = /usr/lib/python3/dist-packages/ansible
 ansible collection location = 
/home/matthias/.ansible/collections:/usr/share/ansible/collections

 executable location = /usr/bin/ansible-galaxy
 python version = 3.10.4 (main, Mar 24 2022, 13:07:27) [GCC 11.2.0]
 jinja version = 3.0.3
 libyaml = True
Using /home/matthias/.ansible.cfg as config file
Starting galaxy collection install process
Process install dependency map
ERROR! Unexpected Exception, this is probably a bug: 
CollectionDependencyProvider.find_matches() got an unexpected keyword 
argument 'identifier'

the full traceback was:

Traceback (most recent call last):
 File "/usr/bin/ansible-galaxy", line 128, in 
   exit_code = cli.run()
 File "/usr/lib/python3/dist-packages/ansible/cli/galaxy.py", line 569, 
in run

   return context.CLIARGS['func']()
 File "/usr/lib/python3/dist-packages/ansible/cli/galaxy.py", line 86, 
in method_wrapper

   return wrapped_method(*args, **kwargs)
 File "/usr/lib/python3/dist-packages/ansible/cli/galaxy.py", line 
1203, in execute_install

   self._execute_install_collection(
 File "/usr/lib/python3/dist-packages/ansible/cli/galaxy.py", line 
1230, in _execute_install_collection

   install_collections(
 File 
"/usr/lib/python3/dist-packages/ansible/galaxy/collection/__init__.py", 
line 548, in install_collections

   dependency_map = _resolve_depenency_map(
 File 
"/usr/lib/python3/dist-packages/ansible/galaxy/collection/__init__.py", 
line 1364, in _resolve_depenency_map

   return collection_dep_resolver.resolve(
 File "/usr/lib/python3/dist-packages/resolvelib/resolvers.py", line 
481, in resolve

   state = resolution.resolve(requirements, max_rounds=max_rounds)
 File "/usr/lib/python3/dist-packages/resolvelib/resolvers.py", line 
348, in resolve

   self._add_to_criteria(self.state.criteria, r, parent=None)
 File "/usr/lib/python3/dist-packages/resolvelib/resolvers.py", line 
147, in _add_to_criteria

   matches = self._p.find_matches(
TypeError: CollectionDependencyProvider.find_matches() got an unexpected 
keyword argument 'identifier'

Bug#1010671: libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text

[Moritz Muehlenhoff]

On Mon, May 09, 2022 at 12:59:42PM +0100, Simon McVittie wrote:
> If I'm understanding the issue correctly, it's only a problem if a user
> of SDL_ttf is using an untrusted TTF font file, which is a relatively
> unusual thing to do: normally games either rely on system fonts, or bundle
> a font in the game data, both of which are trusted (if only because anyone
> in a position to insert a crafted font file could equally well insert
> malicious code).

Exactly that. We don't need a DSA here I think.

Cheers,
Moritz

Bug#1010755: qbs: FTBFS on riscv64

[Bo YU]

Hi John,

On Mon, May 9, 2022 at 9:22 PM John Paul Adrian Glaubitz
 wrote:
>
> Hello Bo!
>
> On 5/9/22 11:52, Bo YU wrote:
> > ```
> > ...
> > dpkg-gensymbols: error: some symbols or patterns disappeared in the symbols 
> > file: see diff output below
> > dpkg-gensymbols: warning: debian/libqbscore1.22/DEBIAN/symbols doesn't 
> > match completely debian/libqbscore1.22.symbols
> > --- debian/libqbscore1.22.symbols (libqbscore1.22_1.22.1-1_riscv64)
> > +++ dpkg-gensymbols8XkRIb 2022-05-07 10:47:44.042026568 +
> > @@ -3334,7 +3334,7 @@
> > (optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC1ERKS5_@Base
> >  1.22.0
> > (optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC2ERKS5_@Base
> >  1.22.0
> > _ZN6QDebuglsEPKc@Base 1.22.0
> > - _ZN6QDebuglsERK7QString@Base 1.22.0
> > +#MISSING: 1.22.1-1# _ZN6QDebuglsERK7QString@Base 1.22.0
> > _ZN7QStringD1Ev@Base 1.22.0
> > _ZN7QStringD2Ev@Base 1.22.0
> > (optional=templinst)_ZN7QVectorISt10shared_ptrIN3qbs8Internal15ResolvedProductEEE6appendERKS4_@Base
> >  1.22.0
> > dh_makeshlibs: error: failing due to earlier errors
> > make: *** [debian/rules:13: binary-arch] Error 25
> > dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit 
> > status 2
> > ```
>
> This error just means that the symbols file(s) have to be updated, see [1].
>
Before I filed the bug, I realized the ftbfs issue might be with the
symbols file as you point.
`apt source qbs` and the debian/symbols file has the symbols:
```
_ZN6QDebuglsEPKc@Base 1.22.0
 _ZN6QDebuglsERK7QString@Base 1.22.0
 _ZN7QStringD1Ev@Base 1.22.0
 _ZN7QStringD2Ev@Base 1.22.0
```
It seems the symbols file is ok and I try to build it on riscv64
hardware locally and it is ok :)

Or I am misunderstanding the buildd log error hint？

BR,
Bo

> Adrian
>
> > [1] https://wiki.debian.org/UsingSymbolsFiles
>
> --
>  .''`.  John Paul Adrian Glaubitz
> : :' :  Debian Developer
> `. `'   Physicist
>   `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
>

Bug#1000991: Progress check

[Osamu Aoki]

Hi,

As of Version 2.92:

> Package: debian-reference
> Version: 2.89
> Severity: normal
> 
> For the record why some contents are changed, I list here the reason
> and motivation behind updates.
> 
> ~~~
> FTP is not used by Debian nor Linux kernel archive any more
> ~~~
> 
> * "1.3.8. FTP virtual filesystem of MC"
> 
> This needs to be replaced by more useful Shell link
> (SFTP link is OK but its usage is not as popular)

Done.

> ~~~
>  Virtualbox is in sid but not released
> ~~~
> 
> 
> * "9.11.5. Multiple desktop systems"
> 
> Currently, KVM can handle USB so no more reason to use Virtualbox.
> Let's drop Virtualbox reference.  (KVM now can deal USB devices)
> 
> Mention "Virtual Machine Manager" for managing virtual machines of KVM.

Done

> ~~~
> IP header size of IPv6 is 40
> ~~~
> 
> * "5.5.1. Finding optimal MTU"
> 
> Now: (with offset of 28 bytes for the IP+ICMP header)
> 
> Correct: (with offset of 20+8 bytes for the IP(IPv4)+ICMP header or
>   with offset of 40+8 bytes for the IP(IPv6)+ICMP header)
> 
> Also things may be more complicated since MTU may be different for IPv4
> and IPv6 connection.
> 
> $ ping -4 -c 1 -s $((1460-20-8)) -M do www.debian.org
> PING  (128.31.0.62) 1432(1460) bytes of data.
> 1440 bytes from mirror-csail.debian.org (128.31.0.62): icmp_seq=1 ttl=47 
> time=241
> ms
> 
> ---  ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 241.086/241.086/241.086/0.000 ms
> $ ping -4 -c 1 -s $((1460-20-8+1)) -M do www.debian.org
> PING  (149.20.4.15) 1433(1461) bytes of data.
> From aterm.me (192.168.10.1) icmp_seq=1 Frag needed and DF set (mtu = 1460)
> 
> ---  ping statistics ---
> 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
> 
> 
> $ ping -6 -c 1 -s $((1500-40-8)) -M do www.debian.org
> PING www.debian.org(mirror-csail.debian.org (2603:400a::bb8::801f:3e)) 
> 1452
> data bytes
> 1460 bytes from mirror-csail.debian.org (2603:400a::bb8::801f:3e): 
> icmp_seq=1
> ttl=47 time=230 ms
> 
> --- www.debian.org ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 229.943/229.943/229.943/0.000 ms
> $ ping -6 -c 1 -s $((1500-40-8+1)) -M do www.debian.org
> PING www.debian.org(mirror-csail.debian.org (2603:400a::bb8::801f:3e)) 
> 1453
> data bytes
> ping: local error: message too long, mtu: 1500
> 
> --- www.debian.org ping statistics ---
> 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
> 
> Since properly configured network with PMTU mechanism normally functions
> without manually tweaking MTU, I should cut down content and leave
> pointers.

Done

> ~~~
> No more NPAPI
> ~~~
> 
> * "6.1.1. Browser configuration"
> 
> Initially, I saw old reference to now unsed directory:
>  "/usr/lib/iceweasel/plugins/"
> If we ever mention
>  "/usr/lib/mozilla/plugins/"
> 
> But more over, considering general trend of NPAPI deprecation
> drop reference to NPAPI altogether.
> 
>   https://en.wikipedia.org/wiki/NPAPI
> 
> It's about time to mention WebExtensions
> 
> https://en.wikipedia.org/wiki/Add-on_(Mozilla)
> https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Chrome_incompatibilities
> https://wiki.mozilla.org/WebExtensions
> https://github.com/w3c/webextensions/blob/main/charter.md

Done

> ~~~
> Update useragent string settings
> ~~~
> 
> * "6.1.1. Browser configuration"
> 
> There is no more ~/.gnome2/epiphany/mozilla/epiphany/user.js to set user
> agent name.  This useragent tip is something I wanted to keep. (User CSS
> is too special use case to deserve mention here.  So let me focus only
> useragent string)
> 
> https://www.whatismybrowser.com/guides/how-to-change-your-user-agent/?utm_source=whatismybrowsercom_medium=internal_campaign=breadcrumbs
> https://www.thefastcode.com/en-usd/article/how-to-change-your-browser-s-user-agent-without-installing-any-extensions
> https://www.howtogeek.com/113439/how-to-change-your-browsers-user-agent-without-installing-any-extensions/
> 
> firefox: about:config  (this is still there but not obvious how to do it.)
> -> 
> https://www.whatismybrowser.com/guides/how-to-change-your-user-agent/firefox
> 
> chrome://settings/ for chromium and menu accessible from settings
> doesn't reach useragent easily
> -> https://developer.chrome.com/docs/devtools/device-mode/override-user-agent/
> -> 

Bug#1010755: qbs: FTBFS on riscv64

[John Paul Adrian Glaubitz]

Hello Bo!

On 5/9/22 11:52, Bo YU wrote:
> ```
> ...
> dpkg-gensymbols: error: some symbols or patterns disappeared in the symbols 
> file: see diff output below
> dpkg-gensymbols: warning: debian/libqbscore1.22/DEBIAN/symbols doesn't match 
> completely debian/libqbscore1.22.symbols
> --- debian/libqbscore1.22.symbols (libqbscore1.22_1.22.1-1_riscv64)
> +++ dpkg-gensymbols8XkRIb 2022-05-07 10:47:44.042026568 +
> @@ -3334,7 +3334,7 @@
> (optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC1ERKS5_@Base
>  1.22.0
> (optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC2ERKS5_@Base
>  1.22.0
> _ZN6QDebuglsEPKc@Base 1.22.0
> - _ZN6QDebuglsERK7QString@Base 1.22.0
> +#MISSING: 1.22.1-1# _ZN6QDebuglsERK7QString@Base 1.22.0
> _ZN7QStringD1Ev@Base 1.22.0
> _ZN7QStringD2Ev@Base 1.22.0
> (optional=templinst)_ZN7QVectorISt10shared_ptrIN3qbs8Internal15ResolvedProductEEE6appendERKS4_@Base
>  1.22.0
> dh_makeshlibs: error: failing due to earlier errors
> make: *** [debian/rules:13: binary-arch] Error 25
> dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit 
> status 2
> ```

This error just means that the symbols file(s) have to be updated, see [1].

Adrian

> [1] https://wiki.debian.org/UsingSymbolsFiles

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#1010760: minetest: Floating point serialization error on x86

[Nils Dagsson Moskopp]

Package: minetest
Version: 5.3.0+repack-2.1+deb11u1
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: nils+debian-report...@dieweltistgarnichtso.net

Dear Maintainer,

Minetest in versions lower than 5.5.0 is being miscompiled by GCC on 
x86. To verify this bug, run Minetest using “minetest --run-unittests” 
on x86 and look for the following three lines:

Test assertion failed: readF1000(is) == 53.534f
at test_serialization.cpp:308
[FAIL] testStreamRead - 0ms

The reason for this is that the x87 FPU computes in 80bit precision by 
default, while IEEE-754 requires 64 bit precision.

There exist two ways to solve this. Upstream forces SSE2 for floating 
point calculations, by adding the following to CMakeLists.txt on x86:

--- start of patch ---
# use SSE for floating-point operations to avoid issues with improper 
fp-rounding and loss of precision
# when moving fp-data to incompatible or less-precise registers/storage 
locations
# see https://gcc.gnu.org/wiki/FloatingPointMath and 
https://gcc.gnu.org/wiki/x87note

add_compile_options(-mfpmath=sse -msse2)
--- end of patch ---

A non-SSE2 way is to achieve this is to use the compiler option “-mpc64”. 
Both achieve the same goal, calculating with 64 bit precision instead of 
doing calculations with 80 bit precision and then rounding the result to 
64 bit (which makes the unit test fail).

I therefore suggest to instead try the following to CMakeLists.txt on x86:

--- start of patch ---
# Limit x87 FPU to 64 bit precision to avoid floating point precision 
# errors. See both https://gcc.gnu.org/wiki/FloatingPointMath and 
# https://gcc.gnu.org/wiki/x87note for more details about this.

add_compile_options(-mpc64)
--- end of patch ---

If you use the latter, verify that this makes the testStreamRead not fail.

There is no need to upstream this change, as it has already been fixed 
in Minetest 5.5.0, but since it affects serialization, it might lead to 
some crashes or maybe even security bugs if Minetest 5.3.x and 5.4.x are 
being distributed in ways that floating point calculations are miscompiled.

For full context, see .

-- System Information:
Debian Release: 11.3
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'oldoldstable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-10-686 (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages minetest depends on:
ii  libc6 2.31-13+deb11u3
ii  libcurl3-gnutls   7.74.0-1.3+deb11u1
ii  libfreetype6  2.10.4+dfsg-1
ii  libgcc-s1 10.2.1-6
ii  libgmp10  2:6.2.1+dfsg-1+deb11u1
ii  libirrlicht1.81.8.4+dfsg1-1.1
ii  libjsoncpp24  1.9.4-4
ii  libleveldb1d  1.22-3
ii  libluajit-5.1-2   2.1.0~beta3+dfsg-5.3
ii  libncursesw6  6.2+20201114-2
ii  libopenal11:1.19.1-2
ii  libpq513.5-0+deb11u1
ii  libspatialindex6  1.9.3-2
ii  libsqlite3-0  3.34.1-3
ii  libstdc++610.2.1-6
ii  libtinfo6 6.2+20201114-2
ii  libvorbisfile31.3.7-1
ii  libx11-6  2:1.7.2-1
ii  minetest-data 5.3.0+repack-2.1+deb11u1
ii  zlib1g1:1.2.11.dfsg-2

minetest recommends no packages.

Versions of packages minetest suggests:
pn  minetest-mod-moreblocks  
pn  minetest-mod-moreores
pn  minetest-mod-pipeworks   
pn  minetest-server  
pn  minetestmapper   

-- no debconf information

Bug#1010759: minetest: item count unreadable due to error in rectangle drawing code

[Nils Dagsson Moskopp]

Package: minetest
Version: 5.3.0+repack-2.1+deb11u1
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: nils+debian-report...@dieweltistgarnichtso.net

Dear Maintainer,

due to faulty drawing code, the item count has no background rectangle.
To quote the person who discovered the issue & has fixed the rendering:

> The original code was using the wrong overloaded constructor of rect,
> using two points instead of one point and dimension, this patch makes it 
> work like it was originally intended.

This often makes an item count very hard to read even with 20/20 vision.

You can verify this easily by holding an item stack with the item string 
“vessels:glass_fragments” (included in the default game) with a count of 
2 or more: The item count in the lower right corner of the rendered item 
stack is almost entirely unreadable, as white digits are rendered on the 
mostly-white item background.

I am including a patch to fix this, since upstream only ever focuses on 
new releases and people are using older versions of Minetest. The patch 
is tested to work with Minetest 5.4.1; please apply it to all versions.

Do not bother upstreaming the patch as upstream is aware of the issue –
see  for full context.

-- System Information:
Debian Release: 11.3
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'oldoldstable')
Architecture: i386 (i686)

Kernel: Linux 5.10.0-10-686 (SMP w/2 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages minetest depends on:
ii  libc6 2.31-13+deb11u3
ii  libcurl3-gnutls   7.74.0-1.3+deb11u1
ii  libfreetype6  2.10.4+dfsg-1
ii  libgcc-s1 10.2.1-6
ii  libgmp10  2:6.2.1+dfsg-1+deb11u1
ii  libirrlicht1.81.8.4+dfsg1-1.1
ii  libjsoncpp24  1.9.4-4
ii  libleveldb1d  1.22-3
ii  libluajit-5.1-2   2.1.0~beta3+dfsg-5.3
ii  libncursesw6  6.2+20201114-2
ii  libopenal11:1.19.1-2
ii  libpq513.5-0+deb11u1
ii  libspatialindex6  1.9.3-2
ii  libsqlite3-0  3.34.1-3
ii  libstdc++610.2.1-6
ii  libtinfo6 6.2+20201114-2
ii  libvorbisfile31.3.7-1
ii  libx11-6  2:1.7.2-1
ii  minetest-data 5.3.0+repack-2.1+deb11u1
ii  zlib1g1:1.2.11.dfsg-2

minetest recommends no packages.

Versions of packages minetest suggests:
pn  minetest-mod-moreblocks  
pn  minetest-mod-moreores
pn  minetest-mod-pipeworks   
pn  minetest-server  
pn  minetestmapper   

-- no debconf information
>From d8394f4d509101df1927f2ed91f5f750faebf595 Mon Sep 17 00:00:00 2001
From: Kezi 
Date: Sat, 5 Jun 2021 00:03:56 +0200
Subject: [PATCH] Draw item count background rectangle in inventory

The original code was using the wrong overloaded constructor of rect,
using two points instead of one point and dimension, this patch makes it
work like it was originally intended.

See  for context.
---
 src/client/hud.cpp | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/client/hud.cpp b/src/client/hud.cpp
index 46736b325..99a1c03fb 100644
--- a/src/client/hud.cpp
+++ b/src/client/hud.cpp
@@ -1098,15 +1098,21 @@ void drawItemStack(
v2u32 dim = font->getDimension(utf8_to_wide(text).c_str());
v2s32 sdim(dim.X, dim.Y);
 
-   core::rect rect2(
-   /*rect.UpperLeftCorner,
-   core::dimension2d(rect.getWidth(), 15)*/
-   rect.LowerRightCorner - sdim,
-   sdim
+   const s32 horizontal_padding = 3; //px
+   core::position2d offset(-5,-2);
+
+   core::rect background_rect(
+   rect.LowerRightCorner - sdim + 
core::position2d(-horizontal_padding,0) + offset,
+   rect.LowerRightCorner + 
core::position2d(horizontal_padding,0) + offset
);
 
video::SColor bgcolor(128, 0, 0, 0);
-   driver->draw2DRectangle(bgcolor, rect2, clip);
+   driver->draw2DRectangle(bgcolor, background_rect, clip);
+
+   core::rect rect2(
+   rect.LowerRightCorner - sdim + offset,
+   rect.LowerRightCorner + offset
+   );
 
video::SColor color(255, 255, 255, 255);
font->draw(text.c_str(), rect2, color, false, false, clip);
-- 
2.30.2

Bug#1010671: libsdl2-ttf-dev: CVE-2022-27470 - Arbitrary memory overwrite loading glyphs and rendering text

[Simon McVittie]

On Fri, 06 May 2022 at 15:25:00 +0100, Neil Williams wrote:
> CVE-2022-27470[0]:
> | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
> | memory write via the function TTF_RenderText_Solid(). This
> | vulnerability is triggered via a crafted TTF file.

Does the security team intend to do a DSA for this, or is it
considered to be stable-point-release material?

If I'm understanding the issue correctly, it's only a problem if a user
of SDL_ttf is using an untrusted TTF font file, which is a relatively
unusual thing to do: normally games either rely on system fonts, or bundle
a font in the game data, both of which are trusted (if only because anyone
in a position to insert a crafted font file could equally well insert
malicious code).

smcv

Bug#1010729: dcmtk: Default path to DICOM dictionaries is wrong

[Andreas Tille]

Mathieu, could you have a look?  Its your patch that is setting this PATH.

Am Sun, May 08, 2022 at 04:31:38PM +0200 schrieb Jacek Kawa:
> Package: dcmtk
> Version: 3.6.7-1
> Severity: normal
> 
> Default path to DICOM dictionaries encoded in binaries is wrong, e.g.:
> 
> storescu -aet ME -aec PACS 127.0.0.1 105 -v file
> E: DcmDataDictionary: Cannot open file: /usr/share/dicom.dic
> E: DcmDataDictionary: Cannot open file: /usr/share/private.dic
> W: no data dictionary loaded, check environment variable: DCMDICTPATH
> 
> same affect dcmdump and other binaries
> 
> 
> 
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers stable-security
>   APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), 
> (500, 'stable'), (10, 'focal-updates'), (10, 'focal-security'), (10, 
> 'focal-backports'), (10, 'focal'), (10, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 5.17.5-finwe (SMP w/16 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
> TAINT_UNSIGNED_MODULE
> Locale: LANG=pl_PL.utf8, LC_CTYPE=pl_PL.utf8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages dcmtk depends on:
> ii  adduser 3.121
> ii  libc6   2.33-7
> ii  libdcmtk16  3.6.7-1
> ii  libgcc-s1   12-20220428-1
> ii  libstdc++6  12-20220428-1
> ii  libxml2 2.9.14+dfsg-1
> ii  zlib1g  1:1.2.11.dfsg-4
> 
> dcmtk recommends no packages.
> 
> dcmtk suggests no packages.
> 
> -- no debconf information
> 
> ___
> Debian-med-packaging mailing list
> debian-med-packag...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-packaging
> 

-- 
http://fam-tille.de

Bug#1010418: Fixed loop

[Sergio Costas]

Ok, I modified the loop. Now it will gracefully fail if get_user_name() 
returns something that isn't in /etc/passwd:


boolfound = false;
unowned Posix.Passwdpasswd;
Posix.setpwent();
while(null!= (passwd = Posix.getpwent())) {
if(passwd.pw_name == GLib.Environment.get_user_name()) {
found = true;
cmd += passwd.pw_shell;
break;
}
}
if(!found) {
cmd += "/bin/sh";
}
Posix.endpwent();

--
Nos leemos
 RASTER(Linux user #228804)
rasters...@gmail.com https://www.rastersoft.com

Bug#1010684: Boot parameter to specify directory of filesystem.squashfs (other than /boot)

[Stefan Baur]

Am 07.05.22 um 04:37 schrieb Ben Westover:
> Package: live-boot
> Severity: wishlist
> Tags: upstream
> X-Debbugs-Cc: kwestover...@gmail.com
> 
> Hello,
> 
> I have made a multiboot USB using SYSLINUX. For distributions that use
> dracut, I can specify the rd.live.dir boot parameter to change the
> directory that it looks for filesystem.squashfs in. There are similar
> options for other live systems, like Arch Linux's archisobasedir.
> This is useful to me because I can put each distribution's filesystem in
> its own folder.
> 
> I was not able to find such a parameter for Debian, which limits me to
> only one Debian-based distribution on the drive because the filesystem
> squashfs must be in /boot, and there can only be one.
> If a simple livedir= option could be added to specify the directory, it
> would help me tremendously.



mentions "findiso" and "fromiso" as well as "live-media|bootfrom" and
"live-media-path".

One way is to stuff your squashfs into an ISO image (nothing else needed
in there, just the subdirectory /live containing your squashfs), and use
one of the iso parameters.

Using the live-media*-Parameters should make it possible to use a
squashfs file directly, without having to wrap it into an iso. I haven't
tried this myself lately, though.

Kind Regards,
Stefan Baur

Bug#1010578: osmo-mgw: FTBFS if systemd is in build environment

[Gianfranco Costamagna]

control: severity -1 serious

Hello, I think not being able to build a package in a "normal" environment is 
considered RC

G.
On Wed, 4 May 2022 13:44:15 -0600 Dan Bungert  
wrote:

Package: osmo-mgw
Version: 1.9.0+dfsg1-3
Severity: normal
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu kinetic

Dear Maintainer,

If systemd is present in the build environment, the following output will be
observed during build:

dh_missing: warning: lib/systemd/system/osmo-mgw.service exists in debian/tmp
but is not installed to anywhere
dh_missing: error: missing files, aborting

This appears to be due to an unexpected upstream systemd service file, that is
then not covered by the existing debhelper commands.

There are several options to avoid this, including
* add the entry to not-installed
* configure with argument --with-systemdsystemunitdir=no, which cause the
  install step to not provide the upstream systemd service file
* adjust the package to use the upstream systemd service file

I propose using the --with-systemdsystemunitdir=no configuration.  See below.

-Dan

diff -Nru osmo-mgw-1.9.0+dfsg1/debian/rules osmo-mgw-1.9.0+dfsg1/debian/rules
--- osmo-mgw-1.9.0+dfsg1/debian/rules   2022-03-16 14:59:47.0 -0600
+++ osmo-mgw-1.9.0+dfsg1/debian/rules   2022-05-04 13:34:46.0 -0600
@@ -15,6 +15,10 @@
 %:
dh $@ --with autoreconf

+override_dh_auto_configure:
+   # Use the packaging-provided systemd unit file
+   dh_auto_configure -- --with-systemdsystemunitdir=no
+
 override_dh_auto_test:
dh_auto_test || (find . -name testsuite.log -exec cat {} \; ; false)

Bug#1010756: davfs2: should allow non-root users to mount a davfs file system (like sshfs)

[Vincent Lefevre]

Package: davfs2
Version: 1.6.1-1
Severity: normal
Tags: upstream

When I installed davfs2, a dialog box said that it needed to be
setuid to allow non-root users to mount a davfs file system.
Moreover, mount.davfs also needs an entry in /etc/fstab, otherwise
one gets an error "no entry for ... found in /etc/fstab".

It should be fixed to make these things unneeded. As a comparison,
sshfs doesn't need all that. I don't see what could be different
between sshfs and davfs2 concerning permissions (e.g. both are
based on FUSE).

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages davfs2 depends on:
ii  adduser3.121
ii  debconf [debconf-2.0]  1.5.79
ii  libc6  2.33-7
ii  libneon27  0.32.2-1

davfs2 recommends no packages.

davfs2 suggests no packages.

-- Configuration Files:
/etc/davfs2/secrets [Errno 13] Permission denied: '/etc/davfs2/secrets'

-- debconf information:
  davfs2/user_name: davfs2
* davfs2/suid_file: true
  davfs2/new_user: true
  davfs2/group_name: davfs2
  davfs2/new_group: true
  davfs2/non_root_users_confimed:

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#742880: closed by Georges Khaznadar (Closing this bug report)

[Christopher Odenbach]

Hi,

the two bugs #990026 and #742880 do address similar issues, but my bug 
focusses on a different issue: the return-path.


With #990026 it is now possible to use MAILFROM to use arbitrary sender 
addresses in crontabs, if the crontab user is allowed to do so (by 
default this is only root). The return-path however is still left untouched.


With #742880 it is possible to use MAILFROM to use arbitrary sender 
addresses in crontabs for the return-path, if the crontab user is 
allowed to do so (by default this is only root). In contrary to #990026 
it also allows everyone (not only root) to use "<>" as return-path. 
Additionally it adds an optional switch "-r" to cron to use "<>" as 
default return-path for all emails (if not specified otherwise by using 
MAILFROM).


Using the empty address "<>" as return-path prevents email systems from 
creating and queueing useless automatic out-of-office replies to cron 
emails.


Thanks for understanding,

Christopher

--
==
Dipl.-Ing. Christopher Odenbach
Zentrum fuer Informations- und Medientechnologien
Universitaet Paderborn
Raum N5.308
odenb...@uni-paderborn.de
Tel.: +49 5251 60 5315
==


smime.p7s
Description: S/MIME Cryptographic Signature

Bug#1010755: qbs: FTBFS on riscv64

[Bo YU]

Package: qbs
Version: 1.22.1-1
Severity: normal
User: debian-ri...@lists.debian.org
Usertags: riscv64
X-Debbugs-Cc: debian-ri...@lists.debian.org, risc...@buildd.debian.org

Dear Maintainer,

It is odd that the build fails on riscv64 arch from buildd:

```
...
dpkg-gensymbols: error: some symbols or patterns disappeared in the symbols 
file: see diff output below
dpkg-gensymbols: warning: debian/libqbscore1.22/DEBIAN/symbols doesn't match 
completely debian/libqbscore1.22.symbols
--- debian/libqbscore1.22.symbols (libqbscore1.22_1.22.1-1_riscv64)
+++ dpkg-gensymbols8XkRIb   2022-05-07 10:47:44.042026568 +
@@ -3334,7 +3334,7 @@
(optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC1ERKS5_@Base
 1.22.0
(optional=templinst)_ZN5QListISt10shared_ptrIN3qbs8Internal17DependencyScannerEEEC2ERKS5_@Base
 1.22.0
_ZN6QDebuglsEPKc@Base 1.22.0
- _ZN6QDebuglsERK7QString@Base 1.22.0
+#MISSING: 1.22.1-1# _ZN6QDebuglsERK7QString@Base 1.22.0
_ZN7QStringD1Ev@Base 1.22.0
_ZN7QStringD2Ev@Base 1.22.0
(optional=templinst)_ZN7QVectorISt10shared_ptrIN3qbs8Internal15ResolvedProductEEE6appendERKS4_@Base
 1.22.0
dh_makeshlibs: error: failing due to earlier errors
make: *** [debian/rules:13: binary-arch] Error 25
dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit 
status 2
```

The full buildd log is here:
https://buildd.debian.org/status/fetch.php?pkg=qbs=riscv64=1.22.1-1=1651920477=0

But I want to fix it on locally and build it on riscv64 hardware without any 
modifies:

```
...
I: Lintian run was successful.

+--+
| Post Build   |
+--+


+--+
| Cleanup  |
+--+

Purging /<>
Not cleaning session: cloned chroot in use

+--+
| Summary  |
+--+

Build Architecture: riscv64
Build Type: binary
Build-Space: 1656292
Build-Time: 4321
Distribution: sid-riscv64-sbuild
Host Architecture: riscv64
Install-Time: 209
Job: /home/vimer/05/143_qbs/qbs_1.22.0-4.dsc
Lintian: warn
Machine Architecture: riscv64
Package: qbs
Package-Time: 4640
Source-Version: 1.22.0-4
Space: 1656292
Status: successful
Version: 1.22.0-4

Finished at 2022-05-09T09:26:26Z
Build needed 01:17:20, 1656292k disk space
```
The reason for this result may be similar to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010509

Anyway, if you need me to do more tests on riscv64 hardware, please tell me

BR,
Bo

Bug#1010754: unblock: spyder/5.3.0+dfsg1-7 and unblock: spyder-unittest/0.5.0-3

[Julian Gilbey]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package spyder and spyder-unittest

(If this isn't the correct Usertags to use, please forgive me - I
couldn't figure out a better one.)

[ Reason ]

The binary packages of spyder (spyder, python3-spyder and
spyder-common) are all "Architecture: all".  However, the 5.x versions
of spyder (the previous one in stable was 4.x) now depend on
python3-pyqt5.qtwebengine, which is only available on six
architectures.  For this reason, spyder's autopkgtest has seen a
regression on ppc64el and s390x as the package is no longer
installable on those architectures.

spyder-unittest depends on spyder, and so has exactly the same issue.
And when spyder-notebook and spyder-terminal are ready, they will face
the same as well, in spite of being Architecture: all.

I don't know how to handle this situation - can the package be allowed
to migrate to testing and only appear in the Packages file for those
architectures on which python3-pyqt5.qtwebengine is available?  If
not, what should I do?

[ Impact ]

Spyder is a popular package and it would be very sad if it were not in
Debian in the future.

[ Tests ]

A large unit test suite.

[ Checklist ]

The checklist points do not seem to be relevant at this stage in the
release cycle


unblock spyder/5.3.0+dfsg1-7
unblock spyder-unittest/0.5.0-3

Bug#1010632: slurm-wlm: CVE-2022-29502

[Jörg Behrmann]

Package: slurm-wlm
Version: 20.11.7+really20.11.4-2
Followup-For: Bug #1010632

This bug is is also present in the package version released in bullseye and
fixed in upstream version 20.11.9.

bullseye should definitely receive this update.


-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-13-amd64 (SMP w/6 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages slurm-wlm depends on:
ii  slurm-client  20.11.7+really20.11.4-2
ii  slurmctld 20.11.7+really20.11.4-2
ii  slurmd20.11.7+really20.11.4-2

slurm-wlm recommends no packages.

slurm-wlm suggests no packages.

-- no debconf information

Bug#1010749: Followup: sage-jupyter cannot connect to kernel using locale de_DE@euro

[e220509]

Dear Maintainer,

a Jupyter notebook using locale de_DE@euro starts, but cannot connect to a 
kernel. The relevant output of sage on the console might be the following:
-
[I 10:38:33.392 NotebookApp] Creating new notebook in
[I 10:38:36.209 NotebookApp] Kernel started: 
5fca574c-b62d-4bfc-9170-91ed7669158f, name: sagemath
[I 10:38:39.199 NotebookApp] KernelRestarter: restarting kernel (1/5), new 
random ports
[I 10:38:42.223 NotebookApp] KernelRestarter: restarting kernel (2/5), new 
random ports
[I 10:38:45.243 NotebookApp] KernelRestarter: restarting kernel (3/5), new 
random ports
[I 10:38:48.267 NotebookApp] KernelRestarter: restarting kernel (4/5), new 
random ports
[I 10:38:51.291 NotebookApp] KernelRestarter: restarting kernel (5/5), new 
random ports
[W 10:38:54.315 NotebookApp] KernelRestarter: restart failed
[W 10:38:54.316 NotebookApp] Kernel 5fca574c-b62d-4bfc-9170-91ed7669158f died, 
removing from map.
[W 10:38:57.270 NotebookApp] Replacing stale connection: 
5fca574c-b62d-4bfc-9170-91ed7669158f:e937865f77114c579338df2423e7c4f8
[W 10:39:19.303 NotebookApp] Replacing stale connection: 
5fca574c-b62d-4bfc-9170-91ed7669158f:e937865f77114c579338df2423e7c4f8
[W 10:39:36.264 NotebookApp] Timeout waiting for kernel_info reply from 
5fca574c-b62d-4bfc-9170-91ed7669158f
[E 10:39:36.268 NotebookApp] Error opening stream: HTTP 404: Not Found (Kernel 
does not exist: 5fca574c-b62d-4bfc-9170-91ed7669158f)
[W 10:39:36.276 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1): Kernel does not exist: 5fca574c-b62d-4bfc-9170-91ed7669158f
[W 10:39:36.289 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1) 39020.98ms referer=None
[W 10:39:36.289 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1): Kernel does not exist: 5fca574c-b62d-4bfc-9170-91ed7669158f
[W 10:39:36.292 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1) 16992.63ms referer=None
[W 10:39:40.322 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1): Kernel does not exist: 5fca574c-b62d-4bfc-9170-91ed7669158f
[W 10:39:40.324 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1) 5.41ms referer=None
[W 10:39:48.346 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1): Kernel does not exist: 5fca574c-b62d-4bfc-9170-91ed7669158f
[W 10:39:48.348 NotebookApp] 404 GET 
/api/kernels/5fca574c-b62d-4bfc-9170-91ed7669158f/channels?session_id=e937865f77114c579338df2423e7c4f8
 (127.0.0.1) 4.30ms referer=None
-

Using C-locales solves the problems:
> LANG=C sage
respectively
> LANG=C sage -n jupyter

Kind regards
Elmar

Bug#1005212: Calamares installer fails at partitioning disks

[Jonathan Carter]

Hi, can you please shed some more details on what your partitioning 
looked like? How did you set up your partitions, did you intend or 
specify for /dev/sda9 to be used, or was it the auto-partitioner?


I'll need some more information on how to re-produce this bug in order 
to file it upstream or to figure out whether it's a debian-specific issue.


thanks!

Bug#1010753: grub-common: missing strings in .mo files

[Wenbin Lv]

Package: grub-common
Version: 2.06-2
Severity: minor
Tags: l10n

Some strings present in the .po files do not exist in the .mo files
installed by grub-common. For example, if you run "grub-mkconfig --help"
under a zh_CN locale, you'll find that the translation is incomplete, but
translation of "output generated config to FILE [default=stdout]" exists
in zh_CN.po in the source code. The problem is this string doesn't exist
in /usr/share/locale/zh_CN/LC_MESSAGES/grub.mo. This also applies to other
languages like French, and other strings like the "Loading Linux %s ..."
boot message.


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8),
LANGUAGE=zh_CN:zh
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages grub-common depends on:
ii  gettext-base0.21-6
ii  libc6   2.33-7
ii  libdevmapper1.02.1  2:1.02.175-2.1
ii  libefiboot1 37-6
ii  libefivar1  37-6
ii  libfreetype62.12.0+dfsg-1
ii  libfuse22.9.9-5
ii  liblzma55.2.5-2.1

Versions of packages grub-common recommends:
ii  os-prober  1.79

Versions of packages grub-common suggests:
ii  console-setup  1.207
ii  desktop-base   11.0.3
pn  grub-emu   
pn  mtools 
pn  multiboot-doc  
pn  xorriso

-- Configuration Files:
/etc/grub.d/40_custom changed [not included]

-- no debconf information

Bug#947078: git-buildpackage: Need to make gbp clone pseudo protocols confgirable

[Nicolas Boulenguez]

Package: git-buildpackage
Followup-For: Bug #947078

Hello.
It is better to fix this for all tools using git, for example by
setting a rewriting rule in ~/.config/git/config.
[url "g...@salsa.debian.org:debian/"]
insteadOf = https://salsa.debian.org/debian/

Bug#1010750: scripts: add -v shortcut for --verbose where it has been forgotten

[Nicolas Boulenguez]

Package: git-buildpackage
Version: 0.9.22
Severity: minor
Tags: patch

Hello.
All is in the title :-)
>From 2285339165dc490eee23d2849c5f6bcbb3c23d89 Mon Sep 17 00:00:00 2001
From: Nicolas Boulenguez 
Date: Sun, 8 May 2022 16:48:29 +0200
Subject: [PATCH 1/3] scripts: add -v shortcut for --verbose where it has been
 forgotten

---
 gbp/scripts/export_orig.py | 2 +-
 gbp/scripts/push.py| 2 +-
 gbp/scripts/tag.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/gbp/scripts/export_orig.py b/gbp/scripts/export_orig.py
index 7ceb4237..ed4c64fb 100755
--- a/gbp/scripts/export_orig.py
+++ b/gbp/scripts/export_orig.py
@@ -289,7 +289,7 @@ def build_parser(name):
 for group in [tag_group, orig_group, branch_group]:
 parser.add_option_group(group)
 
-parser.add_option("--verbose", action="store_true", dest="verbose", default=False,
+parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False,
   help="verbose command execution")
 parser.add_config_file_option(option_name="color", dest="color", type='tristate')
 parser.add_config_file_option(option_name="color-scheme",
diff --git a/gbp/scripts/push.py b/gbp/scripts/push.py
index 63a06a20..494d7eb2 100755
--- a/gbp/scripts/push.py
+++ b/gbp/scripts/push.py
@@ -53,7 +53,7 @@ def build_parser(name):
 parser.add_config_file_option(option_name="color", dest="color", type='tristate')
 parser.add_config_file_option(option_name="color-scheme",
   dest="color_scheme")
-parser.add_option("--verbose", action="store_true", dest="verbose",
+parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
   default=False, help="verbose command execution")
 return parser
 
diff --git a/gbp/scripts/tag.py b/gbp/scripts/tag.py
index 1e91fcdf..c324c468 100755
--- a/gbp/scripts/tag.py
+++ b/gbp/scripts/tag.py
@@ -103,7 +103,7 @@ def build_parser(name):
 parser.add_config_file_option(option_name="color", dest="color", type='tristate')
 parser.add_config_file_option(option_name="color-scheme",
   dest="color_scheme")
-parser.add_option("--verbose", action="store_true", dest="verbose",
+parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
   default=False, help="verbose command execution")
 return parser
 
-- 
2.30.2

Bug#1010751: clone: handle -b optional branch specification in VCS-Git

[Nicolas Boulenguez]

Package: git-buildpackage
Version: 0.9.22
Severity: wishlist
Tags: patch

Hello.

https://www.debian.org/doc/debian-policy/ch-controlfields.html#version-control-system-vcs-fields
allows the VCS-Git to specify a branch and a relative path inside a
given repository.

# gbp clone vcs-git:pcscada
gbp:error: Can't find any vcs-git URL for 'pcscada'

The attached patch fixes the branch selection.
It does not allow a relative path.
>From 4550aaeedec99f7f48c456b6eae9d759ccf7de42 Mon Sep 17 00:00:00 2001
From: Nicolas Boulenguez 
Date: Sun, 8 May 2022 16:50:29 +0200
Subject: [PATCH 2/3] clone: add second allowed form for vcs-git protocol to
 manual page

---
 docs/manpages/gbp-clone.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/manpages/gbp-clone.xml b/docs/manpages/gbp-clone.xml
index 849d990a..aa385cd5 100644
--- a/docs/manpages/gbp-clone.xml
+++ b/docs/manpages/gbp-clone.xml
@@ -197,6 +197,7 @@
   Clone from the Git-Vcs URL of a package:
 
 
+ vcs-git:libvirt
  vcsgit:libvirt
 
   Clone a repository from salsa (Debian's code hosting):
-- 
2.30.2

>From ed04b5242adf466b2f141090840d5f4ed4cf62d4 Mon Sep 17 00:00:00 2001
From: Nicolas Boulenguez 
Date: Sun, 8 May 2022 16:51:26 +0200
Subject: [PATCH 3/3] clone: handle -b optional branch specification in VCS-Git

---
 gbp/scripts/clone.py | 20 +++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/gbp/scripts/clone.py b/gbp/scripts/clone.py
index d538cdfe..f799fc6d 100755
--- a/gbp/scripts/clone.py
+++ b/gbp/scripts/clone.py
@@ -46,10 +46,15 @@ def apt_showsrc(pkg):
 
 
 def vcs_git_url(pkg):
+"""
+Content of the latest available VCS-Git field, as a str.
+None  when the field is missing.
+(url, branch) when the value specifies a branch with -b.
+"""
 repos = {}
 
 out = apt_showsrc(pkg)
-vcs_re = re.compile(r'(x-)?vcs-git:\s*(?P[^ ]+)$', re.I)
+vcs_re = re.compile(r'(x-)?vcs-git:\s*(?P[^ ]+)(\s*-b\s*(?P[^ ]+))?$', re.I)
 version_re = re.compile(r'Version:\s*(?P.*)$', re.I)
 end_re = re.compile(r'\s*$')
 
@@ -58,6 +63,8 @@ def vcs_git_url(pkg):
 m = vcs_re.match(line)
 if m:
 repo = m.group('repo')
+if m.group('branch'):
+repo = (repo, m.group('branch'))
 continue
 m = version_re.match(line)
 if m:
@@ -85,6 +92,9 @@ def repo_to_url(repo):
 'https://salsa.debian.org/agx/git-buildpackage.git'
 >>> repo_to_url("github:agx/git-buildpackage")
 'https://github.com/agx/git-buildpackage.git'
+
+None  when VCS-Git is required but missing.
+(url, branch) when VCS-Git specifies a branch with -b.
 """
 parts = repo.split(":", 1)
 if len(parts) != 2:
@@ -167,6 +177,10 @@ def main(argv):
 source = repo_to_url(args[1])
 if not source:
 return 1
+elif isinstance(source, tuple):
+source, vcs_git_branch = source
+else:
+vcs_git_branch = None
 
 clone_to, auto_name = (os.path.curdir, True) if len(args) < 3 else (args[2], False)
 try:
@@ -187,6 +201,10 @@ def main(argv):
 postclone = options.postclone
 (options, args) = parse_args(argv)
 
+if vcs_git_branch not in (None, options.debian_branch):
+gbp.log.warn(f'VCS-Git: -b {vcs_git_branch} overrides --debian-branch={options.debian_branch}')
+options.debian_branch = vcs_git_branch
+
 # Track all branches:
 if options.all:
 remotes = repo.get_remote_branches()
-- 
2.30.2

Bug#1010749: sagemath: crash on startup with locale de_DE@euro

[Elmar]

Package: sagemath
Version: 9.5-4
Severity: normal
X-Debbugs-Cc: e220...@wolke7.net

Dear Maintainer,

sage crashes on startup from a terminal with locale de_DE@euro:

> sage  
SageMath version 9.5, Release Date: 2022-01-30
Speicherzugriffsfehler


(Speicherzugriffsfehler means segmentation fault.)

sage used to work with locale de_DE@euro before the upgrade to 9.5.

Kind regards,
Elmar

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=de
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sagemath depends on:
ii  python3   3.10.4-1+b1
ii  python3-sage  9.5-4

Versions of packages sagemath recommends:
ii  sagemath-doc9.5-4
ii  sagemath-jupyter9.5-4
ii  sagetex 3.6+ds-2
ii  texlive-latex-base  2021.20220204-1

Versions of packages sagemath suggests:
pn  dot2tex  
pn  gap-design   
ii  gap-factint  1.6.3+ds-1
pn  gap-grape
pn  gap-guava
pn  gap-laguna   
pn  gap-sonata   
pn  gap-toric

-- no debconf information

Bug#1010748: uclibc: CVE-2021-27419 - integer overflow in both malloc and memalign implementations

[Neil Williams]

Source: uclibc
Version: 1.0.35-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team 


Hi,

The following vulnerability was published for uclibc.

CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions malloc-simple. This improper memory assignment can
| lead to arbitrary memory allocation, resulting in unexpected behavior
| such as a crash or a remote code injection/execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-27419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27419

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1010747: Unusable with current python version

[Yuri D'Elia]

Package: shiboken2
Version: 5.15.2-2+b2
Severity: grave

shiboken2 cannot currently be used to build any package due to #1008849.

I'm reporting this again as a grave bug, since while #1008849 might be
intended to address the underlying issue, it's important to note that
the _current_ package is essentially unusable ever since the python 3.10
transition started.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'experimental'), (500, 'unstable-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.3-custom (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shiboken2 depends on:
ii  libc6 2.33-7
ii  libclang1-13  1:13.0.1-3+b2
ii  libgcc-s1 12.1.0-1
ii  libqt5core5a  5.15.2+dfsg-16+b1
ii  libstdc++612.1.0-1
ii  libxml2   2.9.14+dfsg-1
ii  libxslt1.11.1.34-4

shiboken2 recommends no packages.

shiboken2 suggests no packages.

Bug#1010746: ITP: docker-squash -- Squashing helps with organizing docker images in logical layers

[Sascha Girrulat]

Package: wnpp
Severity: wishlist
Owner: Sascha Girrulat 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: docker-squash
  Version : 1.0.9
  Upstream Author : Marek Goldmann
* URL : https://github.com/goldmann/docker-squash
* License : MIT
  Programming Lang: Python
  Description : Helps with organizing docker images layers

Docker creates many layers while building the image. Sometimes it's not
necessary or desireable to have them in the image. For example a
Dockerfile ADD instruction creates a single layer with files you want to
make available in the image. Docker will carry this layer always with the image,
even if you delete these files in next layer. 
.
Squashing helps with organizing images in logical layers. Instead of
having an image with multiple (sometimes) unnecessary layers.
.
Docker-squash can
.
  * squash last n layers from an image
  * squash from a selected layer to the end (not always possible, depends on 
the image)
  * support for Docker 1.9 or newer (older releases may run perfectly fine too, 
try it!)
  * the image can be loaded back to the Docker daemon or stored as tar archive 
somewhere

Bug#1010715: Please close - bug caused elsewhere

[Jeremy Davis]

This bug is caused elsewhere and is NOT related to the kernel.

Please close this (I'm not sure how to close bugs?).

Apologies on the noise.

Regards,
Jeremy


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1010619: rsyslog: CVE-2022-24903: Potential heap buffer overflow in TCP syslog server (receiver) components

[Rainer Gerhards]

note: 8.2204.1 is 8..2204.0 with just the fix cherry-picked. No other changes.

Rainer

El sáb, 7 may 2022 a las 14:48, Salvatore Bonaccorso
() escribió:
>
> Hi Michael,
>
> [looping in the sec-team for completeness]
>
> On Thu, May 05, 2022 at 10:19:38PM +0200, Michael Biebl wrote:
> > Am 05.05.22 um 17:10 schrieb Salvatore Bonaccorso:
> > > Source: rsyslog
> > > Version: 8.2204.0-1
> > > Severity: grave
> > > Tags: security upstream
> > > Justification: user security hole
> > > X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> > > 
> > >
> > > Hi,
> > >
> > > The following vulnerability was published for rsyslog. Filling for now
> > > as grave, but we might downgrade. Probably affected configurations are
> > > not that common if I understood correctly, the advisory has some
> > > comments about it as well[1].
> >
> > Yeah, I think this feature is obscure enough (and not enabled by default)
> > that non-RC severity is fine.
>
> Thinking a bit more on it I see two aspects:
>
> * Usually following recommendations one should not expose recievers to
>   public, which makes the risk considerably lower.
> * Though still reciervers enable octed-framing by default.
>
> So I think to leave the severity actually as it is, and consider it RC
> and at earliest point possible for you either do a cherry-picked
> upload on top of 8.2204.0-1 or just upload 8.2204.1 to unstable, I
> htink I would prefer the later.
>
> Secondly, about releasing a DSA, still slight borderline, but I think
> we would be safer to release one. I can help rpepare updates for
> bullseye and buster here if needed and wanted. I the git repository I
> see 8.2102.0-2+deb11u1 as released for bullseye but this change
> actually never landed to bullseye and was not acked by SRM?
>
> Regards,
> Salvatore
>

Bug#1010418: Proposed bugfix

[Sergio Costas]

Mmm... But can "get_user_name" return something that isn't in /etc/passwd?

Anyway, testing for NULL is a good idea.

El 9/5/22 a las 1:18, Barak A. Pearlmutter escribió:

I don't understand this code in that patch:

+   while (true) {
+   unowned Posix.Passwd passwd =
Posix.getpwent();
+   if (passwd.pw_name ==
GLib.Environment.get_user_name()) {
+   found = true;
+   cmd += passwd.pw_shell;
+   break;
+   }
+   }

Will that loop forever if get_user_name returns something that doesn't
have an entry in /etc/passwd?

Bug#870302: pavucontrol: High CPU usage

[Vincent Lefevre]

Control: found -1 5.0-2
Control: tags -1 upstream
Control: forwarded -1 
https://gitlab.freedesktop.org/pulseaudio/pavucontrol/-/issues/73

Deselecting the "Show volume meters" option at the bottom of
the Configuration tab avoids the issue.

But with it being selected, the high CPU usage occurs even in tabs
where no volume meters are shown, such as the Configuration tab
(and in the Playback tab when nothing is played).

The issue is that this activates the fan of my laptop, with probably
battery drain when on battery.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1010745: usb-storage: kernel taks hung when copying data via USB SATA adapter from external SSD with bad blocks

[Vincas Dargis]

Package: src:linux
Version: 5.16.12-1~bpo11+1
Severity: normal

Dear Maintainer,

It seems we can't use Linux for cloning drive data from faulty drives
(with bad blocks) using USB SATA adapters.

I wanted to clone data from this old SSD:

```
Device Model: LITEONIT LCM-128M3S 2.5" 7mm 128GB
Serial Number:TW00RNVG550853138965
Add. Product Id:  WQDA
Firmware Version: WQDA
User Capacity:128,035,676,160 bytes [128 GB]
```

using :

```
dd if=/dev/disk/by-id/source of=/some/destination iflag=fullblock
conv=sync,noerror bs=8M status=progress
```

But the copying hangs after ~400MB. It seems that drive has some bad
blocks, but I expected `dd` to be able to skip those due to
`conv=sync,noerror` parameter.

What happens is that kernel task is hung:

```
May 09 08:29:56 kernel: usb-storage 2-2.2:1.0: USB Mass Storage device detected
May 09 08:29:56 kernel: scsi host6: usb-storage 2-2.2:1.0
May 09 08:29:57 kernel: scsi host6: scsi scan: INQUIRY result too short (5), 
using 36
May 09 08:29:57 kernel: scsi 6:0:0:0: Direct-Access LITEONIT  LCM-128M3S 
2.5"  7mm PQ: 0 ANSI: 0
May 09 08:29:57 kernel: scsi 6:0:0:0: Attached scsi generic sg0 type 0
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] 250069680 512-byte logical blocks: 
(128 GB/119 GiB)
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] Write Protect is off
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] Mode Sense: 3b 00 00 00
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] No Caching mode page found
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] Assuming drive cache: write through
May 09 08:29:57 kernel:  sda: sda1 sda2 sda3 sda4 sda5 sda6 sda7 sda8
May 09 08:29:57 kernel: sd 6:0:0:0: [sda] Attached SCSI disk
May 09 08:31:03 kernel: usb 2-2.2: Disable of device-initiated U1 failed.
May 09 08:31:08 kernel: usb 2-2.2: Disable of device-initiated U2 failed.
May 09 08:31:08 kernel: usb 2-2.2: reset SuperSpeed USB device number 5 using 
xhci_hcd
May 09 08:32:55 kernel: usb 2-2.2: reset SuperSpeed USB device number 5 using 
xhci_hcd
May 09 08:32:55 kernel: sd 6:0:0:0: [sda] tag#0 FAILED Result: 
hostbyte=DID_TIME_OUT driverbyte=DRIVER_OK cmd_age=32s
May 09 08:32:55 kernel: sd 6:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 0c fc 00 
00 08 00 00
May 09 08:32:55 kernel: I/O error, dev sda, sector 850944 op 0x0:(READ) flags 
0x80700 phys_seg 38 prio class 0
May 09 08:33:26 kernel: usb 2-2.2: reset SuperSpeed USB device number 5 using 
xhci_hcd
May 09 08:36:01 kernel: INFO: task scsi_eh_6:564989 blocked for more than 120 
seconds.
May 09 08:36:01 kernel:   Tainted: G   OE 5.16.0-0.bpo.4-amd64 
#1 Debian 5.16.12-1~bpo11+1
May 09 08:36:01 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" 
disables this message.
May 09 08:36:01 kernel: task:scsi_eh_6   state:D stack:0 pid:564989 
ppid: 2 flags:0x4000
May 09 08:36:01 kernel: Call Trace:
May 09 08:36:01 kernel:  
May 09 08:36:01 kernel:  __schedule+0x307/0x9f0
May 09 08:36:01 kernel:  schedule+0x4e/0xc0
May 09 08:36:01 kernel:  schedule_preempt_disabled+0x14/0x20
May 09 08:36:01 kernel:  __mutex_lock.constprop.0+0x23f/0x460
May 09 08:36:01 kernel:  ? try_module_get.part.0+0x4e/0xc0
May 09 08:36:01 kernel:  device_reset+0x1d/0x50 [usb_storage]
May 09 08:36:01 kernel:  scsi_eh_ready_devs+0x6b3/0xcf0 [scsi_mod]
May 09 08:36:01 kernel:  ? _raw_spin_unlock_irqrestore+0x25/0x40
May 09 08:36:01 kernel:  ? __pm_runtime_resume+0x58/0x80
May 09 08:36:01 kernel:  scsi_error_handler+0x433/0x510 [scsi_mod]
May 09 08:36:01 kernel:  ? scsi_eh_get_sense+0x250/0x250 [scsi_mod]
May 09 08:36:01 kernel:  kthread+0x169/0x190
May 09 08:36:01 kernel:  ? set_kthread_struct+0x40/0x40
May 09 08:36:01 kernel:  ret_from_fork+0x1f/0x30
May 09 08:36:01 kernel:  
May 09 08:38:02 kernel: INFO: task scsi_eh_6:564989 blocked for more than 241 
seconds.
May 09 08:38:02 kernel:   Tainted: G   OE 5.16.0-0.bpo.4-amd64 
#1 Debian 5.16.12-1~bpo11+1
May 09 08:38:02 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" 
disables this message.
May 09 08:38:02 kernel: task:scsi_eh_6   state:D stack:0 pid:564989 
ppid: 2 flags:0x4000
May 09 08:38:02 kernel: Call Trace:
May 09 08:38:02 kernel:  
May 09 08:38:02 kernel:  __schedule+0x307/0x9f0
May 09 08:38:02 kernel:  schedule+0x4e/0xc0
May 09 08:38:02 kernel:  schedule_preempt_disabled+0x14/0x20
May 09 08:38:02 kernel:  __mutex_lock.constprop.0+0x23f/0x460
May 09 08:38:02 kernel:  ? try_module_get.part.0+0x4e/0xc0
May 09 08:38:02 kernel:  device_reset+0x1d/0x50 [usb_storage]
May 09 08:38:02 kernel:  scsi_eh_ready_devs+0x6b3/0xcf0 [scsi_mod]
May 09 08:38:02 kernel:  ? _raw_spin_unlock_irqrestore+0x25/0x40
May 09 08:38:02 kernel:  ? __pm_runtime_resume+0x58/0x80
May 09 08:38:02 kernel:  scsi_error_handler+0x433/0x510 [scsi_mod]
May 09 08:38:02 kernel:  ? scsi_eh_get_sense+0x250/0x250 [scsi_mod]
May 09 08:38:02 kernel:  kthread+0x169/0x190
May 09 08:38:02 kernel:  ? set_kthread_struct+0x40/0x40
May 09 08:38:02 kernel:  ret_from_fork+0x1f/0x30
May 09 08:38:02 kernel: