Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

for this goes back to the Kerberos standard (RFC 4120). --Sam

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

control: tags -1 +help Chris> Filing with severity: serious as the buildd network has Chris> started switching to sbuild with unshare backend, and Chris> multiple people have reproduced this problem. I'm not running sbuild these days; I'm mostly moving toward containerized builds

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> Ah thanks for the pointer to the file, I had missed that Luca> somehow in the first reply. I see it now: the pam-config for Luca> unix.so assumes that if something runs before then everything Luca> is done already. Unfortunately that

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html It's going to be a long time (a couple of weeks) before I have cycles to actually look at systemd-home rather than to answer questions with my pam hat on without

Bug#1056166: systemd-homed: `passwd` fails

Hi. I'm not really swapped in on Debian this weekend; dealing with a transition for day job. But quick thoughts. I'm surprised that systemd-home is a pam auth module. That is, I wouldn't expect systemd-home to be able to decide whether you have presented valid credentials to log in. It may be

Bug#1037084: bookworm: When using gdm3 to start non-GNOME wayland sessions, PATH may be set differently

> "Santiago" == Santiago Vila writes: Santiago> Hello. My plan for base-files is to stop overriding the Santiago> PATH in /etc/profile. Santiago> Ubuntu did that a long time ago and it's probably the Santiago> right thing to do. I'd be happy to pick up the Ubuntu patch to

Bug#1070072: RM: moonshot-ui -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot...@packages.debian.org Control: affects -1 + src:moonshot-ui After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a stable

Bug#1070071: RM: moonshot-gss-eap -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-gss-...@packages.debian.org Control: affects -1 + src:moonshot-gss-eap After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a

Bug#1070070: RM: moonshot-trust-router -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-trust-rou...@packages.debian.org Control: affects -1 + src:moonshot-trust-router After discussing with upstream, we no longer believe it makes sense to include the moonshot

Bug#1068017: Y2038-safe replacements for utmp/wtmp and lastlog

of Fedora have been moving to logind to handle utmp functionality. You will start to see the first impacts of that in pam unstable. --Sam

Bug#1069858: libkrb5-3: krb5.conf seems to ignore rdns = false

> "Lukas" == Lukas Grässlin writes: Lukas> We have a scenario where we need to disable reverse lookups for Lukas> canonicalization in Kerberos as the customer's PTR records are not Lukas> consistent and lead to wrongly requested SPNs otherwise (see Lukas>

Bug#1069772: pmbootstrap: description doesn't tell me what the package does

package: pmbootstrap version: 2.2.1-1 severity: minor The description should tell the user what postmarket OS is. That is for example more important than knowing the package uses alpine chroots in determining whether this package is useful to me as a user. --Sam

Bug#1065806: fixed in pam 1.5.3-7

>>>>> "Christoph" == Christoph Anton Mitterer writes: Christoph> Hey Sam. Christoph> There's a typ in the NEWS enty: >> this user a group name that differs from the user name or add Christoph> | Christoph>

Bug#1068017: [Pkg-shadow-devel] Bug#1068017: util-linux: please ship liblastlog2 packages

I've read the wiki page. I'm fine with the proposed approach. I note that by including pam_lastlog2.so in a pam-auth-update configuration, other services (gdm, for example) will include lastlog info. The fact that gdm and other display managers do not include pam_lastlog.so suggests that it's

Bug#1065806: pam: recent upgrade changes previous default umask

control: clone -1 -2 control: retitle -2 Document pam_umask change in release notes

Bug#1065806: pam: recent upgrade changes previous default umask

> "Professor" == Professor Jeebs writes: Professor> I prefer the way it is handled per user.  There is a related, commented Professor> out, option in /etc/skel/.profile, which lands in new user directories, Professor> which I have never touched the umask part until now.  I

Bug#1068192: debian-policy: extended forbidden network access to contrib and non-freeo

> "Aurelien" == Aurelien Jarno writes: Aurelien> If we go that route, here is a proposed alternative patch: Aurelien> --- a/policy/ch-source.rst Aurelien> +++ b/policy/ch-source.rst Aurelien> @@ -338,7 +338,8 @@ Aurelien> For example, the build target should pass

Bug#1067079: Clarify that policy on a technology does not implicitly mandate that technology

think it is liked based on a false premise. The second argument can be dismissed because of its form. I think the first argument requires more consideration, and I think your proposal would remove that consideration, even if reworded. --Sam signature.asc Description: PGP signature

Bug#1066979: common-auth: sudo should not have incorrect password delay

> "Tim" == Tim Hutt writes: Tim> By default, on Debian and derivatives, `sudo` has a ~2 second Tim> delay for incorrect password attempts. This serves no security Tim> purpose whatsoever and merely annoys the user. It's not obvious to me that it serves no security purpose. Why

Bug#1065702: krb5-kdc: uninstallable due to hard-coded dependency on libverto-libev1 | libverto-libevent1,

>>>>> "Steve" == Steve Langasek writes: Steve> Hi Sam, Steve> I've run into a problem with openldap not being Steve> bootstrappable for the time_t transition because it Steve> build-depends on krb5-kdc, and krb5-kdc is uninstallable on

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

> "Matthew" == Matthew Garrett writes: Matthew> I agree with the conclusions drawn here, but feel that it's Matthew> possibly worth making a stronger general statement that Matthew> policy should never prevent the implementation of a Matthew> well-considered simple solution.

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

Are there solutions in the space of having glib2.0-0 continue to exist as a package depended on by glib2.0-0t64 or depending on the new library allowing you to replace the postrm? That might create a space in time where glib2.0-0.so does not exist, but we probably have more flexibility there

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

or if you did, but we're more focused on people who never upgraded. If you do run into breakage, we'll work with you to find a solution. --Sam

Bug#1065088: pam 1.5.3-5 not suitable because pam_userdb is missing

package: pam version: 1.5.3-5 severity: serious This version of pam drops pam_userdb which can break systems that use pam_userdb in their configuration. Long term we do want to split it out and possibly drop. However, this change is purely for the time_t transition and will be reverted. This

Bug#1065064: libpam-doc: doc-base reports missing files

> "Colin" == Colin Watson writes: Colin> in those doc-base files but are in fact missing. I don't Colin> know whether this is intentional (in which case the doc-base Colin> registrations should be removed to match), or an accidental Colin> build issue that should be fixed.

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

issue and deployed changes like this in production. Steve and I agreed to revert the rename on IRC, effectively accepting the ABI break because it doesn't matter for the archive. We may look at better solutions when we have a bit of time. --Sam signature.asc Description: PGP signature

Bug#1065011: libpam0t64 competes for libpam.so.0 symlink against libpam0g (breaks debootstrap)

that possible on arches where the ABI has actually changed. On arches where the ABI is the same, libpam0t64 provides libpam0g, so we can get rid of libpam0g today. --Sam

Bug#1064454: debian-policy: Restrict deb822 field names more

> "Niels" == Niels Thykier writes: Niels> Simon Josefsson: >> Would it make sense to change this to use an inclusive list of >> permitted characters instead? How about checking the field names >> that is in use today, and construct a regexp of permitted symbols >> out of

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Sean" == Sean Whitton writes: Sean> In general, I agree with Santiago. I find Policy's current Sean> scope and working process effective, and not especially Sean> ambiguous. I think everyone should read it during the NM Sean> process, if not sooner. Sean> Russ has

Bug#1060700: Requesting advice regarding the impact of problems caused by aliasing on declared Conflicts

down the path until we had better architected tools. I'm not proposing to turn around now, and that may possibly be an area where Matthew and I disagree. But I absolutely want to lend credibility to the idea that we are digging ourselves into a hole, hoping that it will become a tunnel and we will f

Bug#1036884: 64-bit time_t: updated archive analysis, proposed transition plan with timeline

ally it would not be desirable for those bugs to be RC at this time. Yes, if not fixed they will eventually need to be, but for example I don't think it would be desirable to block toolchain testing migrations on this issue at this time. And obviously we're not going to remove the toolchain f

Bug#1063648: krb5: FTBFS on arm64, armel and ppc64el with "Can't resolve hostname" in dh_auto_test

> "Simon" == Simon McVittie writes: Simon> It might be relevant that according to #972151, arm-conova-03 Simon> (and perhaps other *-conova-* buildds?) is IPv6-only, with no Simon> IPv4 addresses or routes other than loopback (not even via Simon> NAT). Simon> I believe

Bug#1063329: libselinux1t64: breaks system in upgrade from unstable

t> be worth a go? Steve and I are unaware of usage in Debian either. --Sam signature.asc Description: PGP signature

Bug#1062802: libpam0t64: file loss during upgrade due to /usr-move DEP17

> "Helmut" == Helmut Grohne writes: Helmut> pam also runs in to /usr-move breakage. This one looks FYI, I have some time scheduled to deal with this tomorrow morning US/Mountain (late in the day for Europe).

Bug#1062210: libpam-runtime: pam-auth-update doesn't allow user-ordering of modules

with someone on a design here and review patches. I'd ask though that as part of that process, they examine the existing bugs related to interactions between pam_ldap and pam_unix and make sure that we will not have to revisit the design later to incorporate the other related issues. --Sam

Bug#1061280: sysvinit crashes podman container on install

l sysvinit with a container that has /bin/bash or /bin/sh as an entry point and then image that container into an image that has init as the entry point. For that to work sysvinit-core has to be able to install even when there is no init system. --Sam

Bug#1060700: Requesting advice regarding the impact of problems caused by aliasing on declared Conflicts

his discussion. However my intuition is that it will help me at least think about the situation. As an example if the reason that behavior is needed has to do with some situation involving essential packages and conflicts, I'd like to understand that situation and how common it is. It would not be the first time in this discussion that we have discovered a new complexity. --Sam

Bug#1057775: [INTL:sv] Swedish strings for pam debconf

> "Anders" == Anders Jonsson writes: Anders> Hi Martin, one change in this one (fixed spelling of Anders> "användare"). I don't think you attached a .po file.

Bug#1060847: planets: Typo in package description

Package: planets Version: 0.1.13-20+b5 Severity: minor There is a minor typo in the package's description. Excerpt from `apt-cache show planets`: "The user interface is aimed at being simple enough for a fairly young  kid to enjoy it, their is a special kid-mode for this purpose." Notice that

Bug#1060845: ghostscript: Add AppArmor profile

Package: ghostscript Version: 10.0.0~dfsg-11+deb12u3 Severity: wishlist Please consider shipping an AppArmor profile in the "ghostscript" package.  It might be prudent to add an AppArmor profile to reduce the potential damage of Ghostscript bugs because: 1. Ghostscript is commonly used to

Bug#1060277: pdfproctools: typo in setpdfmetadata man page

Package: pdfproctools Version: 1.9.4-1 Severity: minor Dear Maintainer, There is a typo in man page of setpdfmetadata: title Subject     Sets the document subject to the given value. It should probably be "subject Subject" instead of "title Subject". -- System Information:

Bug#1060034: ITP: python-openai -- OpenAI Python API library

> "Mo" == Mo Zhou writes: Mo> On 1/5/24 11:45, Ansgar wrote: >> Then the package should be in main. >> >> We do not require external software to be free as well, be that >> Web APIs provided by Github, Twitter, or the NVidia firmware >> required for Nouveau,

Bug#1057199: debian-policy: express more clearly that Conflicts to not reliably prevent concurrent unpacks

safe upgrades? (I am asking out of curiosity; I'm guessing it's some corner case with essential packages, but I would like to understand.) --Sam

Bug#1058779: libk5crypto3 fails to install via apt (dpkg error) triggers ci file contains unknown directive 'set'

control: severity -1 normal control: tags -1 help > "Fernando" == Fernando Toledo writes: Fernando> as workarount i do apt-mark hold libk5crypto3 until Fernando> problem fixes I don't think this problem is likely to be in libkrb5crypto3. I don't have enough experience with the dpkg

Bug#1059702: apparmor-profiles: Firefox profile should confine firefox-esr

Package: apparmor-profiles Version: 3.0.8-3 Severity: wishlist The Firefox profile 'usr.lib.firefox.firefox' does not confine the firefox-esr binary (/usr/lib/firefox-esr/firefox-esr). The AppArmor profile for Firefox should include support for the firefox-esr binary, since firefox-esr is the

Bug#833278: firefox-esr: lack of apparmor profile

On Wed, 4 Dec 2019 02:15:16 +0300 dinar qurbanov wrote: > it is in apparmor-profiles package: > https://packages.debian.org/stretch/all/apparmor-profiles/filelist For Debian bookworm, an AppArmor profile is also available in the apparmor-profiles package, but that profile is obsolete. It

Bug#947002: wxmaxima version 19.07.0 onwards cannot display properly exponents

I cannot reproduce this problem in wxMaxima version 22.12.0 of Debian Bookworm (current Debian stable). Is the problem fixed?

Bug#1059563: wxmaxima: Blank image when copying/saving selection to image

Package: wxmaxima Version: 22.12.0-1 Severity: normal In wxmaxima, when I right-click on a cell, then click on "Copy as Image", then paste the image into another application (LibreOffice, for example), the pasted image is blank (completely white). Similarly, if I select some cell(s) and try to

Bug#1057693: valgrind: i386 vex x86->IR: unhandled instruction bytes: 0x2E 0x8D 0xB4 0x26

Thanks, I've reported this on the Valgrind bugzilla at https://bugs.kde.org/show_bug.cgi?id=478624.

Bug#1057729: pam FTCBFS: passes host flags to build compiler

> "Helmut" == Helmut Grohne writes: Helmut> Can I leave this up to you? To verify the cross build Helmut> failure, please use amd64 or arm64 as host Helmut> architecture. These are the only ones with Helmut> architecture-specific compiler flags. Up to who? Andreas? If so, I

Bug#1055991: /usr/share/autofs/conffiles/auto.net: /etc/auto.net comments for nfsv4 are unclear

Package: autofs Version: 5.1.8-2+deb12u2 Severity: minor File: /usr/share/autofs/conffiles/auto.net Upstream /etc/auto.net looks like this: # add "nosymlink" here if you want to suppress symlinking local filesystems # add "nonstrict" to make it OK for some filesystems to not mount

Bug#1032207: libpam-modules: Drop pam_userdb

* pam is ppseudo-essential * usrmerge transition (pam libdir is currently /lib) So ignoring essential and usrmerge, I think the new package would replace/breaks libpam-modules << the split point. Do you have advice on what we want to do given usrmerge and essential? --Sam

Bug#1032207: libpam-modules: Drop pam_userdb

>>>>> "Bastian" == Bastian Germann writes: Bastian> X-Debbugs-Cc: vor...@debian.org Hi Sam and Steve, Bastian> On Wed, 1 Mar 2023 18:34:50 +0100 Bastian Germann wrote: Bastian> I would volunteer to provide a patch for this but only if Bastian&

Bug#915583: debian sphinx styling: second attempt

>>>>> "Stéphane" == Stéphane Blondon writes: Stéphane> Le ven. 3 nov. 2023 à 15:43, Sam Hartman Stéphane> a écrit : >> >>>>> "Sean" == Sean Whitton writes: >> >> I'm happy to t

Bug#915583: debian sphinx styling: second attempt

> "Sean" == Sean Whitton writes: Sean> - it would be good to do some accessibility testing of some Sean> kind, at least with screenreaders. But maybe the fact that Sean> you've based your theme on an existing, popular Sphinx theme Sean> means this is covered? I'm happy to

Bug#1055193: libarchive-zip-perl: Document (or remove) the checksum-part-of-filename behavior

Package: libarchive-zip-perl Version: 1.68-1 Severity: normal Dear maintainer, The crc32 utility computes a checksum of the given files, e.g.: $ filename=blah ; filepath=/tmp/"${filename}" ; echo foo > "${filepath}" ; crc32 "${filepath}" 7e3265a8 However, when part of the filename looks like

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

>>>>> "Lucas" == Lucas Nussbaum writes: Lucas> On 26/10/23 at 07:45 -0600, Sam Hartman wrote: >> >>>>> "Lucas" == Lucas Nussbaum writes: Lucas> Hi, >> Lucas> As an additional data point, I can still

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

always, but I am not sure we have long enough evidence for that) succeeds on the builds. What is your environment like? Chroot? Container? If any namespaces are involved, how do you build the namespaces, and what non-default capability settings do you have on top of the defaults of containerization software you use. --Sam

Bug#1054228: pam FTBFS: No series file found

> "Helmut" == Helmut Grohne writes: Helmut> pam fails to build from source in unstable, because quilt no Helmut> longer recognizes the QUILT_PATCHES_DIR variable and Helmut> therefore does not find a series file. Renaming it to Helmut> QUILT_PATCHES fixes the build. I

Bug#1053820: closed by Debian FTP Masters (reply to Emmanuel Bourg ) (Bug#1053820: fixed in tomcat9 9.0.43-2~deb11u8)

), or at least offer you a better quality bug report. On Mon, 16 Oct 2023 at 10:51, Sam Lander wrote: > > > -- Forwarded message - > From: Debian Bug Tracking System > Date: Sun, 15 Oct 2023 at 23:51 > Subject: Bug#1053820 closed by Debian FTP Masters < > ftpmas.

Bug#1053820: libtomcat9-java: ERR_HTTP2_PROTOCOL_ERROR in browsers after upgrade 9.0.43-2~deb11u7 over u6

Package: libtomcat9-java Version: 9.0.43-2~deb11u7 Severity: important X-Debbugs-Cc: sam.lan...@gmail.com Dear Maintainer, I let unattended-upgrades handle the HTTP2 vulnerability. It installed thusly: > Log started: 2023-10-12 06:34:35 > (Reading database > Preparing to unpack

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

he network on the local system are ambiguous. We all agree that builds cannot access the internet, but beyond that I think there is ambiguity. But yes, if this ends up being a race, I will absolutely be interested in fixing the race or disabling the tests. --Sam

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

builds are allowed to do if you think that something krb5 is doing is not reasonable. I suspect this is a case where your build environment does not mirror the buildds enough for the tests to succeed, but I'm leaving the bug open for your input. --Sam

Bug#1052433: bookworm-pu: package pam/1.5.2-6+deb12u1

+ + -- Sam Hartman Thu, 21 Sep 2023 14:55:12 -0600 + pam (1.5.2-6) unstable; urgency=medium * Update debian/copyright, Thanks Bastian Germann, Closes: #460232 diff --git a/debian/control b/debian/control index 4b685f16..9cdc3f81 100644 --- a/debian/control +++ b/debian/control @@ -1,8 +1,8

Bug#1052392: libpam-sss: Please ship a PAM config file for pam_sss_gss.so

Package: libpam-sss Version: 2.8.2-4 Severity: wishlist Here's the config file I am using: $ cat /usr/share/pam-configs/sss-gss Name: Authenticate if the user can obtain a valid Kerberos ticket for the local host Default: yes Priority: 512 Auth-Type: Primary Auth:

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

> "Luca" == Luca Boccassi writes: Luca> Aside from more practical considerations, shipping /var Luca> content in packages is problematic because it's supposed to be Luca> local variable data, I agree with the above. Luca> that can be removed without breaking a Luca>

Bug#1051371: Post-/usr-merge paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> On Wed, 13 Sept 2023 at 04:48, Russ Allbery wrote: >> >> Control: retitle -1 Post-/usr-merge paths for script interpreters >> >> Simon pointed out that this bug is not yet ready to act on, which >> was very helpful. Thank

Bug#1039873: fixed in pam 1.5.2-7

the severity to important so that it is eligible for bookworm and prepare an update. --Sam

Bug#1051371: Post-/usr-merge paths for script interpreters

> "Russ" == Russ Allbery writes: Russ> with a narrower issue). Several other people were, I think, Russ> arguing for (a), but I'm not sure if they would continue to do Russ> so when it's put in these terms. It's hard for me to express what I was advocating for in the terms you

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

> "Russ" == Russ Allbery writes: I don't know if this needs seconds, but I reviewed all the text and it looks good. If seconds are required, I second. signature.asc Description: PGP signature

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

ed to define the interface between debhelper and systemd in policy: we do not need to specify deb-systemd-helper and deb-systemd-invoke. --Sam

Bug#1051523: Doxygen changes breaks krb5 documentation build

> "Tianyu" == Tianyu Chen writes: Tianyu> During a local rebuild of krb5, your package failed to Tianyu> build. So, I'm guessing this is related to the upgrade in Debian from doxygen 1.9.4 to 1.9.8. The krb5 build process uses doxygen to generate an xml representation of the

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

ltiple implementations is often very expensive in terms of interface complexity, testing complexity, and especially complexity that developers need to deal with. In this instance, I do not think that cost is justified. --Sam signature.asc Description: PGP signature

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

; put the appropriate commands in its maintainer scripts. (We Russ> can then discuss whether we should do the same for init Russ> scripts and dh_installinit, although its stanzas are simpler.) For a variety of reasons, I support this. --Sam

Bug#1039102: debian-policy: make systemd units mandatory for packages shipping system services

> "Luca" == Luca Boccassi writes: Luca> On Sun, 10 Sept 2023 at 03:19, Russ Allbery wrote: >> >> Russ Allbery writes: >> >> > -If a service unit is not present, ``systemd`` uses dependency >> information > -contained within the init scripts and symlinks in >>

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

; ch-maintainerscripts.rst has the same issue. >> >> Perhaps "files with trivial contents that are located under /var" >> would be a good wording that is not overly specific about >> implementation details, covers the 90% case, and leaves room for >> exceptions by declaring packages like dbus and gnubg to be >> non-trivial? Luca> I have reworded as suggested, citing symlinks or short fixed Luca> strings as examples. I second this patch, and do not need to additionally review Russ's minor rewordings --Sam signature.asc Description: PGP signature

Bug#963524: debian-policy: Binary and Description fields not mandatory in .changes on source-only uploads

> "Russ" == Russ Allbery writes: Russ> Here is an updated proposed change for this bug, incorporating Russ> Guillem's suggestions. It is ready for seconds. Russ> -- Russ Allbery (r...@debian.org) Russ> I have reviewed the patch; I support

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> Secondly, and less importantly, while I appreciate it's not Luca> how you handle policy changes, the way the rest of the Luca> distribution works is by 'building consensus' on mailing Luca> lists. Now I don't particularly like it, but it

Bug#1041129: krb5-config install doesn't gracefully handle read-only /etc/krb5.conf file and errors out

> "Ben" == Ben Brenek writes: Ben> Installing Kerberos on other distributions with a similar setup Ben> does not result in this type of error. Which is why I'm opening Ben> this bug report. What forced you to install krb5-config though? Is there any hard dependency forcing

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Bill" == Bill Allombert writes: Bill> I would. Having two paths for the same thing is a technical Bill> debt going forward. I think the TC has made it clear we're committed to usrmerge at this point, and I think that one of the drivers behind usrmerge is that we gain more from

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

>>>>> "Ansgar" == Ansgar writes: Ansgar> On Wed, 2023-09-06 at 16:51 -0600, Sam Hartman wrote: >> > > > > > "Luca" == Luca Boccassi writes:     >> Luca> /bin/sh is not universally compatible with non-Linux OSes.

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> How would such a change look like? I looked at your patch. In most of the cases you are changing non-normative language. That is, parts of policy that do not create a requirement. For example: >Scripts may assume that "/bin/sh" implements the

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> /bin/sh is not universally compatible with non-Linux OSes. I claim it is more compatible. Luca> Also I thought that policy should not be used to beat other Luca> developers (it is because of this) and it should reflect the Luca>

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> Debian only supports merged-usr since Bookworm. We should Luca> update policy to reference /usr/bin/sh and similar paths to Luca> describe recommended shebangs for scripts. I do not support this change. /bin/sh should still be the

Bug#1050001: Unwinding directory aliasing [and 3 more messages]

TL;DR: I think I understand one of Ian's points. I explain, but do not believe it is compelling as an argument to switch direction. > "Helmut" == Helmut Grohne writes: >> I think "package management" is the wrong term here. It's not >> just our tools and packages that are

Bug#1050001: Unwinding directory aliasing

> "Ansgar" == Ansgar writes: Ansgar> And the more important question: how often do we want to Ansgar> rehash the usrmerge discussion? At some point we should Ansgar> stick with a decision and not endlessly restart discussions Ansgar> (unless something really significant

Bug#1043184: krb5: fails to build against glibc 2.38

> "Steve" == Steve Langasek writes: Steve> I've therefore prepared and uploaded the attached patch to Steve> mantic, which implements your option 1. I note you only Steve> mentioned adding Breaks: against older libk5crypto3; a scan Steve> of the binary packages showed many

Bug#1050346: gnome-control-center: Segfault when editing properties of Wi-Fi connection

Package: gnome-control-center Version: 1:43.6-2~deb12u1 Severity: normal X-Debbugs-Cc: s...@robots.org.uk When I try to edit a particular Wi-Fi connection I get a segfault. (gdb) r Starting program: /usr/bin/gnome-control-center [Thread debugging using libthread_db enabled] Using host

Bug#982309: Session-Interactive-Only: no is equivalent to Session-Interactive-Only: yes

> "Lucas" == Lucas Nussbaum writes: Lucas> When using config snippets in /usr/share/pam-configs/, it Lucas> seems that 'Session-Interactive-Only: no' is equivalent to Lucas> 'Session-Interactive-Only: yes'. I'm not going to fix in this upload, because I don't have time to test a

Bug#1039873: pam-auth-update --disable does not work

> "Marc" == Marc Dequènes (duck) writes: Marc> Quack, Marc> Thanks for adding the feature in #1004000 but it unfortunately Marc> does not work. Um, yeah,:-( I finally got a chance to look into this. I think the following patch fixes my logic error. I've also added

Bug#1049374: bullseye-pu: package krb5/1.18.3-6+deb11u4

) bullseye; urgency=medium + + * Fixes CVE-2023-36054: a remote authenticated attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:42:46 -0600 + krb5 (1.18.3-6+deb11u3

Bug#1049373: bookworm-pu: package krb5/1.20.1-2+deb12u1

attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 + krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means

Bug#1043184: krb5: fails to build against glibc 2.38

ends of libc6-dev >= 2.38, and add a breaks of libkrb5support0 on the old libk5crypto3. This is also safe: it's what I would do if libkrb5support0 wanted to drop a symbol and I didn't want the strict version dependency. --Sam

Bug#1038128: libkrb5-dev: Please provide static libraries (.a)

> "John" == John Goerzen writes: John> I am attempting to enable curl support in dar. dar provides a John> standard binary and dar_static, which is to be used for John> emergency system rescues. John> Curl provides a static version (.a). Unfortunately, curl uses John>

Bug#1043184: krb5: fails to build against glibc 2.38

gt; probably be applied? I guess I'd need to increase build-depends too and add a breaks from libkrb5support0 to older versions of the libraries so the upgrade works correctly. Or alternatively unconditionally build strlcat and strlcpy and conditionally use them based on what libc provides. --Sam

Bug#1039102: debian-policy: make systemd units mandatory for packages shipping system services

> "Luca" == Luca Boccassi writes: >> I consider this proposal to be premature. Policy should document Luca> current >> practice, and I do not think this proposal does that. For what it's worth, I agree with Luca that we are ready for a change to document that service units need

Bug#1040436: pev: confusing comments in autopkgtests

Source: pev Version: 0.81-9 Severity: minor While reviewing pev, I noticed that some of the comments in debian/tests/test-runs are inaccurate I think the following patch is sufficient diff --git a/debian/tests/test-runs b/debian/tests/test-runs index 675d4ec..9fe48fd 100755 ---

Bug#984879: podman does not work on Debian with selinux loaded

On Wed, Jun 21, 2023 at 06:04:14PM +0100, Sam Morris wrote: > On Wed, Jun 21, 2023 at 05:28:48PM +0100, Sam Morris wrote: > > refpolicy has a 'container' module that appears to work, it's just not > > built by default. > > BTW, the existance of /etc/selinux/default/contexts

Bug#1039873: pam-auth-update --disable does not work

> disabled around (it is reenabled during upgrade) and that Marc> breaks authentication. Hmm. I just tried: * pam-auth-update --enable mkhomedir * confirm pam_mkhomedir is in the config p * pam-auth-update --disable mkhomedir * Confirm that it is not in the config. --Sam

Bug#704180: p11-kit: provide package that diverts libnssckbi.so and replaces it with p11-kit-trust.so

On Tue, Jun 27, 2023 at 04:33:06PM +0100, Sam Morris wrote: > On Fri, Mar 03, 2023 at 02:43:48PM +0000, Sam Morris wrote: > > Commands to divert the original file and replace it with a symlink: > > > > # dpkg-divert --add --rename /usr/lib/x86_64-linux-gnu/libnssckbi.so &g

  1   2   3   4   5   6   7   8   9   10   >