Bug#1061233: src:nitime: fails to migrate to testing for too long: autopkgtest regression on 32 bits systems

[Paul Gevers]

Source: nitime
Version: 0.10.2-1
Severity: serious
Control: close -1 0.10.2-2
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:nitime has been trying to migrate for 31 
days [2]. Hence, I am filing this bug. The version in unstable is 
failing its own autopkgtest on armel, armhf and i386 (our 32 bits 
architectures).


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=nitime



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061232: src:coq: fails to migrate to testing for too long: triggers autopkgtest issues

[Paul Gevers]

Source: coq
Version: 8.17.0+dfsg-1
Severity: serious
Control: close -1 8.18.0+dfsg-1
Tags: sid trixie
User: release.debian@packages.debian.org
Usertags: out-of-sync

Dear maintainer(s),

The Release Team considers packages that are out-of-sync between testing 
and unstable for more than 30 days as having a Release Critical bug in 
testing [1]. Your package src:coq has been trying to migrate for 31 days 
[2]. Hence, I am filing this bug. The version in unstable causes 
autopkgtest failures in multiple reverse (test) dependencies: 
mathcomp-analysis (affected by FTBFS bug 1060988) and mathcomp-finmap 
(which has a newer version in unstable with issues).


If a package is out of sync between unstable and testing for a longer 
period, this usually means that bugs in the package in testing cannot be 
fixed via unstable. Additionally, blocked packages can have impact on 
other packages, which makes preparing for the release more difficult. 
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that 
hamper the migration of their package in a timely manner.


This bug will trigger auto-removal when appropriate. As with all new 
bugs, there will be at least 30 days before the package is auto-removed.


I have immediately closed this bug with the version in unstable, so if 
that version or a later version migrates, this bug will no longer affect 
testing. I have also tagged this bug to only affect sid and trixie, so 
it doesn't affect (old-)stable.


If you believe your package is unable to migrate to testing due to 
issues beyond your control, don't hesitate to contact the Release Team.


Paul

[1] https://lists.debian.org/debian-devel-announce/2023/06/msg1.html
[2] https://qa.debian.org/excuses.php?package=coq



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1060985: prewikka: FTBFS: ModuleNotFoundError: No module named 'six'

[Hans Joachim Desserud]

tags 1060985 patch
thanks

Looks like the package has a missing build dependency on python3-six. 
Builds successfully with the attached patch.


--
mvh / best regards
Hans Joachim Desserud
http://desserud.orgdiff --git a/debian/control b/debian/control
index 403eaea..59746b8 100644
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,7 @@ Build-Depends: debhelper-compat (= 13),
 python3-setuptools,
 python3-babel,
 python3-lesscpy,
+python3-six,
 gettext,
 Standards-Version: 4.6.0
 Homepage: https://www.prelude-siem.org/

Bug#1061181: python-gnupg: please package a new version to allow django-dbbackup update

[Elena ``of Valhalla'']

Thanks for reminding me that I should bump up the priority of this in my
TODO list :)
-- 
Elena ``of Valhalla''

Bug#1059609: bookworm-pu: package engrampa/1.26.0-1+deb12u1

[Mike Gabriel]

Hi Adam,

On  Sa 20 Jan 2024 15:24:35 CET, Adam D. Barratt wrote:


Control: tags -1 + moreinfo

On Fri, 2023-12-29 at 08:25 +0100, Mike Gabriel wrote:

While upload a new upstream version of engrampa, a bookworm-pu has
been prepared that fixes various memleaks and resolves a bug in the
archive "save as" action.


The metadata for #969761 suggests that the bug affects the package in
unstable and is not yet resolved there. If that's correct, please apply
the update to unstable first; otherwise, please fix the metadata to
more accurately reflect the situation.

Regards,

Adam


thanks for spotting this. I referenced the wrong bug in the  
d/changelog file of the bookworm-pu upload. It should have been #913075.


Please reject engrampa 1.26.0-1+deb12u1, I will upload it anew with  
correct bug closure reference.


Thanks!
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgplKHj3SG5bW.pgp
Description: Digitale PGP-Signatur

Bug#1061188: transition: python3-defaults (making python3.12 the default python3 version)

[Graham Inggs]

Hi Matthias

On Sat, 20 Jan 2024 at 16:45, Matthias Klose  wrote:
> Please setup a tracker for the python3-defaults transition, making 3.12
> the default Python version.

I've set up a tracker [1].  It is based on the tracker used for
python3.11 with the exclusion of source packages python3-defaults
(which confused ben in dependency levels 1 and 2) and python3.11.

Regards
Graham


[1] https://release.debian.org/transitions/html/python3.12-default.html

Bug#1061231: dak should understand versioned Provides

[Esa Peuha]

Package: ftp.debian.org

In daklib/rm.py virtual packages are parsed by the following code:

L143if provides is not None:
L144for virtual_pkg in provides.split(","):
L145virtual_pkg = virtual_pkg.strip()

This code makes no effort to handle the possibility that the provided
virtual package can specify a version. This has practical consequences;
for example, ghostscript provides ghostscript-x as a versioned virtual
package, but dak doesn't see that it can satisfy the remaining reverse
(build-)dependencies and therefore refuses to remove the cruft package
ghostscript-x (keeping it in the archive is particularly pointless
because it's no longer installable due to its unsatisfiable versioned
dependency on ghostscript).

Bug#1061230: python3-fava: Incompatible with python3-flask-babel version 4

[Carl Suster]

Package: python3-fava
Version: 1.23.1+dfsg-1
Severity: important
Tags: upstream

Dear Maintainer,

Fava appears to be incompatible with the version of flask-babel in Debian. Any
attempt to run it results in:

Traceback (most recent call last):
  File "/usr/bin/fava", line 5, in 
from fava.cli import main
  File "/usr/lib/python3/dist-packages/fava/cli.py", line 13, in 
from fava.application import app
  File "/usr/lib/python3/dist-packages/fava/application.py", line 152, in 

BABEL.localeselector(get_locale)

AttributeError: 'Babel' object has no attribute 'localeselector'

This appears to have been fixed upstream, with the fix appearing in version
1.24 (https://github.com/beancount/fava/issues/1549).

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.6.11-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-fava depends on:
ii  python3  3.11.6-1
ii  python3-babel2.10.3-3
ii  python3-beancount2.3.6-1
ii  python3-cheroot  10.0.0+ds1-1
ii  python3-click8.1.6-1
ii  python3-flask2.2.5-1
ii  python3-flask-babel  4.0.0-1
ii  python3-jinja2   3.1.2-1
ii  python3-markdown22.4.11-1
ii  python3-ply  3.11-6
ii  python3-simplejson   3.19.2-1+b1
ii  python3-werkzeug 2.3.8-1

python3-fava recommends no packages.

python3-fava suggests no packages.

-- no debconf information

Bug#610668: closed by Steven Robbins (Re: mention gv more)

[Dan Jacobson]

OK, gv is from a different package.

Bug#1039078: logcheck: Force LANG locale for journalctl to get date in English format

[TSUCHIDA Fumiyasu]

journalctl(1) in systemd 234+ supports `--output=short-iso-precise` option.

```
$ sudo journalctl --output=short-iso-precise -t kernel -S today |head
2024-01-21T00:00:01.070536+09:00 sugar kernel: audit: type=1400 
audit(1705762801.065:10307): apparmor="DENIED" operation="capable" class="cap" 
profile="/usr/sbin/cupsd" pid=1358071 comm="cupsd" capability=12  
capname="net_admin"
2024-01-21T04:09:57.478547+09:00 sugar kernel: PM: suspend entry (s2idle)
2024-01-21T04:09:57.482546+09:00 sugar kernel: Filesystems sync: 0.000 seconds
```

Regex "^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) " matches it.

-- 
-- Name: SATOH Fumiyasu @ OSSTech Corp., Japan (fumiyas @ osstech co jp)
-- Business Home: https://www.OSSTech.co.jp/
-- GitHub Home: https://GitHub.com/fumiyas/
-- PGP Fingerprint: BBE1 A1C9 525A 292E 6729  CDEC ADC2 9DCA 5E1C CBCA

Bug#1059511: [Pkg-opencl-devel] Bug#1059511: pocl: FTBFS on riscv64: testsuite fails: can't link double-float modules with soft-float modules

[Bo YU]

Hi,

On Thu, Jan 18, 2024 at 5:41 PM Andreas Beckmann  wrote:
>
> On 18/01/2024 08.41, Bo YU wrote:
> > Obviously these tests failed was due to vectors missing from riscv64
> > now. This is expected I think.
> >
> > The result is aligned with pocl upstream support riscv64:
> >
> > ```
> > In this release we improved support for RISC-V CPUs. We tested PoCL on a 
> > Starfive VisionFive 2 using a Ubuntu 23.10 preinstalled image. With LLVM 17 
> > and GCC 13.2, 98% tests pass (only 4 tests fail out of 253).
>
> If these tests are expected to fail, they should be annotated as such
> for riscv64 (see e.g. handing of kernel/test_printf_vectors in
> tests/kernel/CMakeLists.txt). Is there an upstream bug about these tests
> failing on risc-v?

I have report the issue to upstream and got their confirmation:
https://github.com/pocl/pocl/issues/1394

>
> printf is a mess on most architectures (even or especially also x86)
> since the ABI for passing the variadic parameters is not well defined,
> especially when it comes to OpenCL vector types.
>
> > So I suspect the `LLC_HOST_CPU='` was overriden by `GENERIC` then the
> > ABI was different. I will look at this more deeper.
>
> GENERIC is a Debian specific patch to build for the LLVM default target
> (i.e. without specifying -march=$whatever), s.t. the generated code
> targets the riscv64 baseline (like all code in Debian binary packages).
> (Assuming llvm targets the same baseline cpu architecture as gcc, which
> unfortunately is not true for all Debian architectures.)
> (By default upstream pocl wants to build for the native CPU which is a
> no-go for distributing binaries. In order to fully utilize capabilities
> for more modern CPUs (e.g. wider SIMD registers), pocl has a distro mode
> where the bitcode libraries are provided for multiple targets and the
> best one for the local CPU is selected at runtime. But first we should
> get a baseline build for risc-v before we look into optimizing it (i.e.
> supporting separately both CPUs without and with vector unit).

Thanks.

So we need to enable to select the best one for local CPU when runtime
for riscv64 here. I looked at the patch:
https://salsa.debian.org/opencl-team/pocl/-/blob/main/debian/patches/generic-cpu.patch?ref_type=heads
But I am not sure how to enable this.

The baseline of riscv64 port here is here:
```
The Debian port uses RV64GC as the hardware baseline and the lp64d ABI
(the default ABI for RV64G systems)
```
https://wiki.debian.org/RISC-V#Hardware_baseline_and_ABI_choice

Is this enough information? Please let me know of any issues or I can
do some experiment about this.

BR,
Bo
>
> Andreas
>
> PS: I'll look into switching pocl to llvm-16 now

Bug#1059110: chirp: please remove extraneous dependency on python3-future

[Yogeswaran Umasankar]

Hi,
I have worked on a patch for replacing python3-future, and in the
process I have updated the upstream version too. I did that in a fork,
and created MR [0]. I made minor revisions in old patches to fit the new
upstream. Please feel free to review and make any further adjustments
necessary.

[0] https://salsa.debian.org/debian-hamradio-team/chirp/-/merge_requests/4

Cheers!
Yogeswaran.


signature.asc
Description: PGP signature

Bug#1061178: usrmerge: Usrmerge fails with a staticly-linked cp command

[4E1A607A 8463]

> This does not look like any Debian system I know.
It's a virtual machine of sorts, set up by `systemd-nspawn`.

> And this ldd output does not cause early_conversion_files() to fail.
I cannot reproduce it now on the upgraded Debian Bookworm now, either.

> What's up then?
It was complicated. I was unable to get apt updates for Debian Stretch
(Yeah, it was Debian 9).
I tried to dist-upgrade from source https://deb.debian.org/debian stable main ,
 which means I upgraded from Debian 9 directly to Debian 12.
I got dependency problems, and multiple package installation failures. This is 
one of those.

As Debian 9 is out of support now and I can't reproduce it on Debian 12, I 
guess we
 can dismiss this issue.

Sorry for the inconvenience I brought you.

Bug#1061229: numpydoc: Failing autopkgtest

[Jeremy Bícha]

Source: numpydoc
Version: 1.6.0-1
Severity: serious
Tags: patch
X-Debbugs-CC: marmochia...@gmail.com

numpydoc's autopkgtest is failing. Matthias added a path to Ubuntu to
mark it as expected fail, but without further explanation. I am
attaching a version of his patch.

Thank you,
Jeremy Bícha
From f2558e7fc77f69ed00e8c1095c4b23cd3535a4d6 Mon Sep 17 00:00:00 2001
From: Matthias Klose 
Date: Sun, 14 Jan 2024 08:07:16 +0100
Subject: [PATCH] Add patch to mark one test as expected fail

---
 debian/patches/series   |  1 +
 debian/patches/xfail-one-test.patch | 21 +
 2 files changed, 22 insertions(+)
 create mode 100644 debian/patches/xfail-one-test.patch

diff --git a/debian/patches/series b/debian/patches/series
index 0a5f0c1..44ddc34 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 validateconstant.patch
 Use-system-inventory.patch
+xfail-one-test.patch
diff --git a/debian/patches/xfail-one-test.patch b/debian/patches/xfail-one-test.patch
new file mode 100644
index 000..f1b5ae8
--- /dev/null
+++ b/debian/patches/xfail-one-test.patch
@@ -0,0 +1,21 @@
+From: Matthias Klose 
+Date: Sun, 14 Jan 2024 08:07:16 +0100
+Subject: xfail-one-test
+
+---
+ numpydoc/tests/test_validate.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/numpydoc/tests/test_validate.py b/numpydoc/tests/test_validate.py
+index 68040ad..fdb395b 100644
+--- a/numpydoc/tests/test_validate.py
 b/numpydoc/tests/test_validate.py
+@@ -1470,7 +1470,7 @@ class TestValidator:
+ marks=pytest.mark.xfail,
+ ),
+ # Returns tests
+-("BadReturns", "return_not_documented", ("No Returns section found",)),
++pytest.param("BadReturns", "return_not_documented", ("No Returns section found",), marks=pytest.mark.xfail),
+ ("BadReturns", "yield_not_documented", ("No Yields section found",)),
+ pytest.param("BadReturns", "no_type", ("foo",), marks=pytest.mark.xfail),
+ ("BadReturns", "no_description", ("Return value has no description",)),
-- 
2.43.0

Bug#1061228: xzgv does not support displaying avif images

[E Harris]

Package: xzgv
Version: 0.9.2-2+b1
Severity: normal

xzgv does not seem to support displaying avif images.
When trying to display one, it shows an error dialog with "Couldn't load image!"

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-14-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xzgv depends on:
ii  libc62.36-9+deb12u3
ii  libexif120.6.24-1+b1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk2.0-0  2.24.33-2
ii  libx11-6 2:1.8.4-2+deb12u2

xzgv recommends no packages.

xzgv suggests no packages.

-- debconf-show failed

Bug#1061227: xzgv does not display heic images

[E Harris]

Package: xzgv
Version: 0.9.2-2+b1
Severity: normal

xzgv does not seem to support displaying heic images.
When trying to display them, it shows an error dialog "Couldn't load image".

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-14-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xzgv depends on:
ii  libc62.36-9+deb12u3
ii  libexif120.6.24-1+b1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk2.0-0  2.24.33-2
ii  libx11-6 2:1.8.4-2+deb12u2

xzgv recommends no packages.

xzgv suggests no packages.

-- debconf-show failed

Bug#1061226: ITP: notes-tree/1.2-1 -- a note taking app, which organizes notes in a hierarchical structure

[ds]

Package: wnpp
Severity: wishlist

* Package name: notes-tree
  Version : 1.2-1
  Upstream Contact: Dmitry Sviridov <1000hz.radiow...@gmail.com>
* URL : https://gitlab.com/44100Hz/NotesTree
* License : Zlib
  Programming Lang: C++
  Description : A note taking app, which organizes notes in a 
hierarchical structure


What makes it different?

- Very simple file structure. Your notes are easily available even 
without NotesTree installed. They are stored as html files. Just open 
them in any web browser, including the one on your mobile phone.
- You can store complete web pages, simply by copy-pasting a page into a 
note. NotesTree automatically downloads all the images, making the note 
available offline.

- You can attach files of any types to your notes.

I can maintain the package myself. But need a sponsor to publish it.

Bug#1061225: gthumb ignores quicktime video orientation on playback

[E Harris]

Package: gthumb
Version: 3:3.12.2-3+b1
Severity: normal

gthumb appears to ignore quicktime video orientation on playback, causing
the playback to have the wrong orientation.

I have many videos that were recorded on an iphone in standard letterbox
format, but that play back upside-down when viewed with gthumb.

VLC and other players seem to play them back just fine.

ExifTool reports these tags for these videos:

"Composite:Rotation": 180
"QuickTime:MatrixStructure": "1 0 0 0 1 0 0 0 1"

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-14-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gthumb depends on:
ii  gsettings-desktop-schemas   43.0-1
ii  gthumb-data 3:3.12.2-3
ii  libbrasero-media3-1 3.12.3-2
ii  libc6   2.36-9+deb12u3
ii  libcairo2   1.16.0-7
ii  libchamplain-0.12-0 0.12.20-1+b1
ii  libchamplain-gtk-0.12-0 0.12.20-1+b1
ii  libclutter-1.0-01.26.4+dfsg-4
ii  libclutter-gtk-1.0-01.8.4-4+b1
ii  libcolord2  1.4.6-2.2
ii  libexiv2-27 0.27.6-1
ii  libgcc-s1   12.2.0-14
ii  libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii  libgl1-mesa-dri 22.3.6-1+deb12u1
ii  libglib2.0-02.74.6-2
ii  libgstreamer-plugins-base1.0-0  1.22.0-3+deb12u1
ii  libgstreamer1.0-0   1.22.0-2
ii  libgtk-3-0  3.24.38-2~deb12u1
ii  libheif11.15.1-1
ii  libjpeg62-turbo 1:2.1.5-2
ii  liblcms2-2  2.14-2
ii  libpango-1.0-0  1.50.12+ds-1
ii  libpangocairo-1.0-0 1.50.12+ds-1
ii  libpng16-16 1.6.39-2
ii  libraw200.20.2-2.1
ii  librsvg2-2  2.54.7+dfsg-1~deb12u1
ii  libsecret-1-0   0.20.5-3
ii  libsoup2.4-12.74.3-1
ii  libstdc++6  12.2.0-14
ii  libtiff64.5.0-6+deb12u1
ii  libwebkit2gtk-4.0-372.42.4-1~deb12u1
ii  libwebp71.2.4-0.2+deb12u1
ii  libx11-62:1.8.4-2+deb12u2
ii  zlib1g  1:1.2.13.dfsg-1

Versions of packages gthumb recommends:
ii  libgphoto2-6   2.5.30-1
ii  libgphoto2-port12  2.5.30-1

gthumb suggests no packages.

-- debconf-show failed

Bug#1060091: chasquid: v1.11.1 with backported SMTP smuggling fix was released, will this be released in debian stable?

[Alberto Bertogli]

On Fri, Jan 05, 2024 at 09:02:26PM +0100, Matěj Volf wrote:

Package: chasquid
Version: 1.11-2+b2
Severity: normal

Hi all,

you might have heard about the latest SMTP smuggling vulnerability. 
Author of chasquid responsed by releasing 1.13 and 1.11.1 
() with 
the backported fix. From , I 
understand that 1.13 was automatically accepted into testing, but I 
didn't notice anything happening regarding 1.11.1 (my server is on 
Debian stable, which only has 1.11), so I wanted to politely ask if 
this could be processed as well.


Thanks for requesting this!


I have very little knowledge about the Debian packaging and release 
process, so please correct if I have any major misunderstanding of the 
process and what I'm asking is unreasonable.


That's viable, and it was discussed in the debian-go mailing list too: 
https://lists.debian.org/debian-go/2023/12/msg00121.html


Unfortunately, I don't have time to work on this due to some unexpected 
personal circumstances, and I won't be able to do the 1.11.1 Debian 
package for (probably) a few more weeks.


Hopefully someone can do it in the meantime.

Otherwise, a workaround is to build chasquid v1.11.1 locally, and copy 
the binary to /usr/lib. It's not pretty, but it should work.


Again, apologies for not being able to fix this in a timely fashion for 
Debian this time.


Thanks a lot!
Alberto

Bug#1061224: python-launchpadlib: Add systemd user unit to clean up cache files

[Steve Langasek]

Package: python-launchpadlib
Version: 1.11.0-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch

Hi Stefano,

As an Ubuntu developer and regular user of launchpadlib-based tools, one of
the usability issues I've noticed over time is that the launchpadlib cache
grows without bounds.  I had cleaned up my directory at some point in the
past year; and as of today, it's 7.8GiB.

Now that systemd units are a thing, we can reasonably provide support by
default in the packaging to expire out the contents of these per-user cache
directories.

Please find attached a patch that implements a systemd service and timer
unit to expire out files from the cache that are over 30 days old.

Running this on my own system has reduced the cache size from 7.8GiB to
2.8GiB.

I have uploaded this change to Ubuntu.

Thanks for considering,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.service 
python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.service
--- python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.service  
1969-12-31 16:00:00.0 -0800
+++ python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.service  
2024-01-20 14:42:10.0 -0800
@@ -0,0 +1,6 @@
+[Unit]
+Description=Clean up old files in the Launchpadlib cache
+
+[Service]
+Type=oneshot
+ExecStart=find %h/.launchpadlib/api.launchpad.net/cache -type f -mtime +30 
-delete
diff -Nru python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.timer 
python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.timer
--- python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.timer
1969-12-31 16:00:00.0 -0800
+++ python-launchpadlib-1.11.0/debian/launchpadlib-cache-clean.timer
2024-01-20 14:42:10.0 -0800
@@ -0,0 +1,9 @@
+[Unit]
+Description=Clean up old files in the Launchpadlib cache
+
+[Timer]
+OnStartupSec=5min
+OnUnitActiveSec=1d
+
+[Install]
+WantedBy=timers.target
diff -Nru python-launchpadlib-1.11.0/debian/rules 
python-launchpadlib-1.11.0/debian/rules
--- python-launchpadlib-1.11.0/debian/rules 2023-12-26 06:53:57.0 
-0800
+++ python-launchpadlib-1.11.0/debian/rules 2024-01-20 14:42:10.0 
-0800
@@ -23,3 +23,9 @@
 
 override_dh_python3:
dh_python3 --no-guessing-deps
+
+override_dh_install:
+   dh_install
+   mkdir -p debian/python3-launchpadlib/usr/lib/systemd/user
+   cp debian/launchpadlib-cache-clean* \
+   debian/python3-launchpadlib/usr/lib/systemd/user/

Bug#1061223: tree-sitter-vimdoc: fails to clean after successful build

[Andreas Beckmann]

Package: tree-sitter-vimdoc
Version: 2.0.0-1
Severity: important

tree-sitter-vimdoc (and several more tree-sitter-* packages) fail to
clean after a successful build:

...
   dh_clean
rm: cannot remove './debian/.cache': Is a directory
dh_clean: error: rm -f -- debian/tree-sitter-vimdoc-src.substvars 
./debian/.cache ./src/grammar.json ./src/parser.c ./src/node-types.json 
debian/files returned exit code 1
make: *** [debian/rules:9: clean] Error 25
...

This looks like you are missing a trailing slash on the debian/.cache
entry in debian/clean.


Andreas


tree-sitter-vimdoc_2.0.0-1_twice.log.gz
Description: application/gzip

Bug#1061222: libvirt-daemon-system: Apparmour enrty for /etc/apparmor.d/abstractions/libvirt-qemu to include TPM device missing

[Douglas Baggett]

Package: libvirt-daemon-system
Version: 9.0.0-4
Severity: important
X-Debbugs-Cc: doug.bagg...@gmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Was trying to install a Windows 11 under KVM using virt-manager and
using TPM passthrough and kept getting an error.

   * What exactly did you do (or not do) that was effective (or
 ineffective)? (Effective)

 Followed the instructions at:
 
https://askubuntu.com/questions/1365829/qemu-failed-to-passthrough-a-tpm-device
 to add `/dev/tpm0 rw,` to /etc/apparmor.d/abstractions/libvirt-qemu which 
is the tpm device when using
 passthrough to apparmour. I then restarted the apparmour service
 via systemd. 

   * What was the outcome of this action?
 VM works without issue

   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser 3.134
ii  debconf [debconf-2.0]   1.5.82
ii  gettext-base0.21-12
ii  iptables1.8.9-2
ii  libvirt-clients 9.0.0-4
ii  libvirt-daemon  9.0.0-4
ii  libvirt-daemon-config-network   9.0.0-4
ii  libvirt-daemon-config-nwfilter  9.0.0-4
ii  libvirt-daemon-system-systemd   9.0.0-4
ii  logrotate   3.21.0-1
ii  polkitd 122-3

Versions of packages libvirt-daemon-system recommends:
ii  dmidecode3.4-1
ii  dnsmasq-base [dnsmasq-base]  2.89-1
ii  iproute2 6.1.0-3
ii  mdevctl  1.2.0-3+b1
ii  parted   3.5-3

Versions of packages libvirt-daemon-system suggests:
ii  apparmor3.0.8-3
pn  auditd  
ii  nfs-common  1:2.6.2-4
pn  open-iscsi  
pn  pm-utils
ii  systemd 252.19-1~deb12u1
pn  systemtap   
pn  zfsutils

-- Configuration Files:
/etc/libvirt/qemu.conf [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'

-- debconf information excluded

Bug#1056062: About Debian bug #1056062 (coq package)

[Jeremy Bícha]

On Sat, Jan 20, 2024 at 2:02 PM  wrote:
> can you tell me why you declared coq package's version 8.18.0+dfsg-1 is
> still affected by the issue? Your message was less than informative!

I closed the bug by sending an email to 1056062-d...@bugs.debian.org .
I also added a Version: line to specify what version the bug was fixed
in.

https://www.debian.org/Bugs/Developer#closing

Version: is not a valid line for specifying that a bug is found in a
specific version; the syntax for the "found" command is different.

There are no open bugs against the coq source package currently.

https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=coq

Thank you,
Jeremy Bícha

Bug#1056483: python-memory-profiler's autopkg tests fail with Python 3.12

[Stefano Rivera]

Note: This package is no longer maintained upstream:
https://github.com/pythonprofilers/memory_profiler/issues/383

Stefano

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Bug#1061221: jupyterlab: CVE-2024-22420 CVE-2024-22421

[Salvatore Bonaccorso]

Source: jupyterlab
Version: 4.0.10+ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for jupyterlab.

CVE-2024-22420[0]:
| JupyterLab is an extensible environment for interactive and
| reproducible computing, based on the Jupyter Notebook and
| Architecture. This vulnerability depends on user interaction by
| opening a malicious Markdown file using JupyterLab preview feature.
| A malicious user can access any data that the attacked user has
| access to as well as perform arbitrary requests acting as the
| attacked user. JupyterLab version 4.0.11 has been patched. Users are
| advised to upgrade. Users unable to upgrade should disable the table
| of contents extension.


CVE-2024-22421[1]:
| JupyterLab is an extensible environment for interactive and
| reproducible computing, based on the Jupyter Notebook and
| Architecture. Users of JupyterLab who click on a malicious link may
| get their `Authorization` and `XSRFToken` tokens exposed to a third
| party when running an older `jupyter-server` version. JupyterLab
| versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has
| been identified, however users should ensure to upgrade `jupyter-
| server` to version 2.7.2 or newer which includes a redirect
| vulnerability fix.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-22420
https://www.cve.org/CVERecord?id=CVE-2024-22420

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4
[1] https://security-tracker.debian.org/tracker/CVE-2024-22421
https://www.cve.org/CVERecord?id=CVE-2024-22421

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947

Regards,
Salvatore

Bug#1061220: w-scan-cpp: Rewrite 'd/watch'. Use GitHub original sources and make repack simpler.

[Phil Wyett]

Package: w-scan-cpp
Version: 0~20231015+dfsg-1
Severity: normal

Maintainer tracking bug.

Rewrite 'd/watch'. Use GitHub original sources and make repack simpler.

Regards

Phil

-- 
Playing the game for the games sake.

Web:

* Debian Wiki: https://wiki.debian.org/PhilWyett
* Website: https://kathenas.org
* Social Debian: https://pleroma.debian.social/kathenas/
* Social Instagram: https://www.instagram.com/kathenasorg/




signature.asc
Description: This is a digitally signed message part

Bug#1061219: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: triton
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061218: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: vboot-utils
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061217: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: wasi-libc
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061216: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: openvdb
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061215: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: oclgrind
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061214: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: llvmlite
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061213: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: intel-graphics-compiler
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061212: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: emscripten
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061211: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: crystal
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061210: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: bpftrace
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061208: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: rocm-hipamd
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 15.

Thanks,
Sylvestre

Bug#1061209: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: aflplusplus
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 14.

Thanks,
Sylvestre

Bug#1061207: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: android-platform-art
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 15 (clang & lld).

Thanks,
Sylvestre

Bug#1061206: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: pyside2
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 15.

Thanks,
Sylvestre

Bug#1061205: Please upgrade to llvm-toolchain-17

[Sylvestre Ledru]

Source: qt6-tools
Severity: important

Dear Maintainer,

As part of the effort to limit the number of llvm packages in the
archive, it would be great if you could upgrade to -17.

This package depends on 15.

Thanks,
Sylvestre

Bug#1054089: php-common: let dh_installsystemd choose the location of units

[Michael Biebl]

On Mon, 16 Oct 2023 20:25:23 +0200 Helmut Grohne  wrote:

Source: php-defaults
Version: 93
Tags: patch
User: helm...@debian.org
Usertags: dep17m2

We want to move aliased files from / to /usr to finalize the /usr-merge
transition via DEP17. php-common is affected, because it installs
systemd units. Rather than move them, I recommend deferring the
placement to debhelper, because that'll make it revert to the previous
location for bookworm-backports to honour the file move moratorium that
still is in effect there. debdiff cannot represent the patch due to the
use of symlinks, so I'll give a script here:


ln -s ../phpsessionclean.timer debian/php-common.phpsessionclean.timer
ln -s ../phpsessionclean.service debian/php-common.phpsessionclean.service
sed -i -e /systemd/d debian/php-common.install

In debian/rules change

dh_systemd_enable --package=php-common phpsessionclean.timer

to

dh_systemd_enable --package=php-common --name phpsessionclean 
phpsessionclean.timer
dh_systemd_enable --package=php-common --name phpsessionclean --no-enable 
phpsessionclean.service

Helmut


I've submitted a MR at 
https://salsa.debian.org/php-team/php-defaults/-/merge_requests/5 which 
allows the use of symlinks as proposed in this patch.


I diffed the generated maintscripts code to be sure it does the correct 
thing.


Please consider applying this change at your earliest convenience.

Regards,
Michael



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061204: RM: pam-shield -- RoQA; upstream vanished; orphaned; low popcon

[Chris Hofstaedtler]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: pam-shi...@packages.debian.org
Control: affects -1 + src:pam-shield

Dear ftpmasters,

please remove pam-shield, which is orphaned since 2017, having seen its
last maintainer upload in 2013 (>10 years ago). The upstream also has
vanished, and the popcon is very low.

Lets stop having it, please.

Chris

Bug#1060917: postfix-mysql broken in 3.7.9, results in unsupported dictionary type

[Scott Kitterman]

On Wed, 17 Jan 2024 09:05:47 -0500 Scott Kitterman  
wrote:
> On Wednesday, January 17, 2024 9:03:29 AM EST Richard Rosner wrote:
> > I've updated all mariadb packages to 10.11.6 and all postfix packages.
> > Everything still working.
> >  
> Excellent news.  Thanks for testing.

Postfix packages in bookworm-proposed-updates have been rebuilt against the new 
mariadb, so I think this can be closed now.  If anyone runs into this problem 
with the packages from bookworm-updates/stable-updates, install the rebuilt 
version from bookworm/stable-proposed-updates.  After the next point release, 
this will be entirely OBE.

Scott K

signature.asc
Description: This is a digitally signed message part.

Bug#1061203: gtkmm2.4: upstream branch is end-of life

[Bastian Germann]

Source: gtkmm2.4
Severity: serious

While gtkmm 3.x and 4.x are still maintained, gtkmm2.4 is abandoned upstream.
It should not be released with trixie, even if the gtk2 removal does not happen.
A popular reverse dependency is ardour, which is in the process of vendoring the
gtkmm2.4 parts that it needs, so ardour should not be considered a blocker.

Bug#1061178: usrmerge: Usrmerge fails with a staticly-linked cp command

[Marco d'Itri]

On Jan 20, Ajax Dong  wrote:

> Days ago I upgraded one of my machines (I use sudo machinectl shell
> network-service to get its shell) from Debian Buster to Debian Bookworm.
> The cp and mv command on that machine was staticly-linked and
> self-contained. (It does not require any shared library.) UseMerge
This does not look like any Debian system I know.

> Because /bin/cp is staticly linked, ldd exited with error, $fh is not
Not on any of the Debian 10, 11 and 12 systems that I checked:

md:~$ ldd /sbin/ldconfig
statically linked
md:~$

And this ldd output does not cause early_conversion_files() to fail.
What's up then?

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Bug#1052365: systemd: DHCP client fails if multiple DHCP servers on network

[Michael Biebl]

On Mon, 25 Sep 2023 06:53:59 -0500 Alexandre Ferreira 
 wrote:

Thank you, I added a PR and it was merged yesterday.
sd-dhcp-client: reject NAKs from servers that we did not send an offer 
to (#29290) (https://github.com/systemd/systemd/pull/29290)
This change will only be valid for 255. How can we backport it to 252 up 
to 254?.


See bluca's reply at 
https://github.com/systemd/systemd/pull/29290#issuecomment-1873329561


If you want to see this fixed for v252-stable, please backport the 
commit to the v252-stable branch [1], test it and then submit a PR [2]



Regards,
Michael

[1] https://github.com/systemd/systemd-stable/tree/v252-stable
[2] https://github.com/systemd/systemd-stable/pulls


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1057963: annotate-output: big overhaul - updated and looking for some reviewers

[Christoph Anton Mitterer]

Hey.

I've just force pushed the PR[0] over at salsa, which:
- Rebased the patchset on current master.
- Also fixed a bug in the previous a36873c2, where the IFS= was not
  just wrong (it would have needed to be IFS=' ' but also ineffective,
  as it wouldn’t be used for the expansion of $*.
  The new solution works without messing around with IFS at all
- Added the new 212e0955 which is IMO particularly nice, as it properly
  escapes the command name and arguments in the annotated output (the
  Started … line), thereby allowing to properly reconstruct what has
  actually been done.

Would be nice if some devscripts developers could review & merge these.

I know it's a lot of commits, but in principle the tools should be in a
working state after each single commit,... so the reviewing could be
done one by one.
Also each commit is quite small and well documented (IMO ^^).

Thanks.
Chris


[0]https://salsa.debian.org/debian/devscripts/-/merge_requests/377#note_456804

Bug#1059899: systemd-resolved: systemd-resolved takes up all memory on certain PTR queries and is then oom-killed

[Michael Biebl]

Hi Corin


On Wed, 03 Jan 2024 12:50:13 +0100 Luca Boccassi  wrote:

Control: severity -1 normal
Control: tags -1 moreinfo

On Wed, 03 Jan 2024 12:02:40 +0100 Corin Langosch 
wrote:
> Package: systemd
> Version: 247.3-7+deb11u4
> Severity: critical
> File: systemd-resolved
> Justification: breaks the whole system

Your logs show that it restarts just fine after the oom kill, so it is
most definitely not "grave". Also, you did not attach your local
resolved.conf.

Also, oldstable is old. Try with backports or with upgrading to stable.


Any updates here? Did you have the chance to reproduce this with at 
least stable, i.e. v252. Even better would be, if you can try with v254 
from bookworm-backports.


So far I failed to reproduce the issue with the given information.

$ host 54.49.125.74.in-addr.arpa
Host 54.49.125.74.in-addr.arpa not found: 3(NXDOMAIN)

That is all I get.


Regards,
Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061177: tar 1.34+dfsg-1+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1061177 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: tar
Version: 1.34+dfsg-1+deb11u1

Explanation: fix boundary checking in base-256 decoder [CVE-2022-48303], 
handling of extended header prefixes [CVE-2023-39804]

Bug#1061096: ruby-aws-sdk-core 3.104.3-3+deb11u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1061096 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: ruby-aws-sdk-core
Version: 3.104.3-3+deb11u2

Explanation: include VERSION file in package

Bug#1060130: libmateweather 1.24.1-1+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060130 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libmateweather
Version: 1.24.1-1+deb11u1

Explanation: update included location data; update data server URL

Bug#1060018: systemd: broken kernel log messages on virtual console

[Michael Biebl]

Control: tags -1 + moreinfo unreproducible

On Thu, 04 Jan 2024 22:32:42 +0200 dweller  wrote:

I am including images that show the corruption (related to numbers in brackets).
What other information can I provide to help you in identifying the problem?


Ideally you can provide a minimal reproducer.
Say start from minimal Debian stable installation (in a VM) and then 
provide the necessary steps how we can trigger this issue.


My guess is, that this is an issue specific to your local configuration 
(fonts, locale, keyboard etc).


I've never seen an issue like this and haven't found anything in the bug 
stream bug tracker at https://github.com/systemd/systemd/issues that 
looks related.


What you can also try is to install the systemd v254 version from 
bookworm-backports.

https://backports.debian.org/Instructions/


Michael


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1058463: dpdk 20.11.10-1~deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1058463 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: dpdk
Version: 20.11.10-1~deb11u1

Explanation: new upstream stable release

Bug#1057180: mariadb-10.5 10.5.23-0+deb11u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1057180 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: mariadb-10.5
Version: 10.5.23-0+deb11u1

Explanation: new upstream stable release; fix denial of service issue 
[CVE-2023-22084]

Bug#1056350: systemd: network int is stuck in "configuring" state if IPv6 RA msg deprecates a short-lived prefix

[Michael Biebl]

Control: tags -1 + fixed-upstream help

Hi Martin

Am 21.11.23 um 15:10 schrieb Martin Tonusoo:


The issue seems to be fixed in version 254.5-1~bpo12+2 from
bookworm-backports.



Since you mentioned the bpo version, I assume you want to see this fixed 
via a stable upload?


In this case, it would be great if you can find the relevant PR/commit 
between 252.17 and 254.5 via git bisect and then ask for a backport into 
the v252-stable branch upstream at 
https://github.com/systemd/systemd-stable.


Unfortunately I lack the required setup to run this git bisect myself so 
the fix for this issue will rely on your help.


Thanks,
Michael





OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1056062: About Debian bug #1056062 (coq package)

[julien . puydt]

Hi,

can you tell me why you declared coq package's version 8.18.0+dfsg-1 is
still affected by the issue? Your message was less than informative!

Cheers,

J.Puydt

Bug#1006496: hurd: transfer options from d-i to installed system

[Samuel Thibault]

Hello,

Here is a refreshed patch.

Samuel

Samuel Thibault, le sam. 01 juil. 2023 15:27:39 +0200, a ecrit:
> Hello,
> 
> Ping on this?
> 
> Samuel Thibault, le sam. 26 févr. 2022 13:00:41 +0100, a ecrit:
> > Source: grub2
> > Version: 2.06-2
> > Severity: normal
> > Tags: patch
> > 
> > Hello,
> > 
> > It is useful for people to see the Linux kernel options they pass to d-i
> > to be propagated to the installed system, e.g. for serial console setup,
> > disk probing etc. We would like to have this propagation performed for
> > hurd as well, the attach patch implements this.
> > 
> > (I have already made the d-i grub-installer package preseed
> > grub2/gnumach_cmdline)
> > 
> > Samuel
--- config.in.original  2022-02-24 22:43:14.0 +
+++ config.in   2022-02-24 22:46:16.0 +
@@ -58,6 +58,9 @@
 if [ "${GRUB_CMDLINE_LINUX_DEFAULT+set}" = set ]; then
   db_set grub2/linux_cmdline_default "$GRUB_CMDLINE_LINUX_DEFAULT"
 fi
+if [ "${GRUB_CMDLINE_GNUMACH+set}" = set ]; then
+  db_set grub2/gnumach_cmdline "$GRUB_CMDLINE_GNUMACH"
+fi
 # Watch for the inverted logic here...
 if [ "${GRUB_DISABLE_OS_PROBER+set}" = set ]; then
   if [ "${GRUB_DISABLE_OS_PROBER}" = "false" ]; then
@@ -72,8 +75,16 @@
   ;;
 esac
 
-db_input ${priority} grub2/linux_cmdline || true
-db_input medium grub2/linux_cmdline_default || true
+case `dpkg --print-architecture` in
+  hurd-*)
+db_input medium grub2/gnumach_cmdline || true
+  ;;
+  *)
+db_input ${priority} grub2/linux_cmdline || true
+db_input medium grub2/linux_cmdline_default || true
+  ;;
+esac
+
 db_input low grub2/enable_os_prober || true
 case @PACKAGE@ in
   grub-*efi*)
--- postinst.in.original2022-02-24 22:44:15.0 +
+++ postinst.in 2022-02-24 22:44:23.0 +
@@ -392,6 +392,7 @@
 
 apply_conf_tweaks "$conf_files" merge_debconf_into_conf GRUB_CMDLINE_LINUX 
grub2/linux_cmdline
 apply_conf_tweaks "$conf_files" merge_debconf_into_conf 
GRUB_CMDLINE_LINUX_DEFAULT grub2/linux_cmdline_default
+apply_conf_tweaks "$conf_files" merge_debconf_into_conf 
GRUB_CMDLINE_GNUMACH grub2/gnumach_cmdline
 
 # Horrible stuff here, as the os-prober option is a negative
 # setting (GRUB_DISABLE_OS_PROBER). To not confuse people with
--- templates.in.original   2022-02-24 22:46:36.0 +
+++ templates.in2022-02-24 22:47:12.0 +
@@ -12,6 +12,13 @@
  The following string will be used as Linux parameters for the default menu
  entry but not for the recovery mode.
 
+Template: grub2/gnumach_cmdline
+Type: string
+_Description: GNU Mach command line:
+ The following GNU Mach command line was extracted from /etc/default/grub.
+ Please verify that it is correct, and modify it if necessary. The command line
+ is allowed to be empty.
+
 Template: grub2/force_efi_extra_removable
 Type: boolean
 Default: false
--- default/grub.original   2022-02-26 11:56:38.0 +
+++ default/grub2022-02-24 22:43:55.0 +
@@ -8,6 +8,7 @@
 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
 GRUB_CMDLINE_LINUX_DEFAULT="@DEFAULT_CMDLINE@"
 GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_GNUMACH=""
 
 # If your computer has multiple operating systems installed, then you
 # probably want to run os-prober. However, if your computer is a host

Bug#1057861: systemd 252.21-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1057861 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 252.21-1~deb12u1

Explanation: new upstream stable release; fix missing verification issue in 
systemd-resolved [CVE-2023-7008]

Bug#1056901: [Pkg-utopia-maintainers] Bug#1056901: network-manager-fortisslvpn: 1.4.0-1

[Bastian Germann]

On Fri, 12 Jan 2024 23:41:21 +0100 Michael Biebl  wrote:

Am 12.01.24 um 22:13 schrieb Bastian Germann:
> X-Debbugs-Cc: pkg-utopia-maintain...@lists.alioth.debian.org
> 
> Hi,
> 
> On Sun, 26 Nov 2023 11:21:56 + Chris Boot  wrote:

>> Source: network-manager-fortisslvpn
>> Version: 1.4.0-1
>> Severity: important
>> Tags: upstream patch
>>
>> Dear Maintainer,
>>
>> I'm preparing to upload ppp-2.5.0 to unstable, and
>> network-manager-fortisslvpn fails to build with the updated pppd plugin
>> API in ppp-2.5.0. I see there is a patch[1] in the GNOME GitLab instance
>> which may resolve this issue.
>>
>> Please could you upload a fixed version to unstable soon?
>>
>> I'll upgrade the bug to RC when I upload ppp-2.5.0 to unstable.
>>
>> Many thanks,
>> Chris
>>
>> 1. 
>> https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/commit/084ef529c5fb816927ca54866f66b340265aa9f6
> 
> It seems like the package is kind of team-maintained (last upload was a 
> team upload).
> Would the Utopia Maintenance Team please check if they can proceed to 
> update it

> to be compatible with the latest version?

Tbh, I would prefer if this patch was acked by upstream before we pull 
this into Debian.

Unfortunately upstream seem to be a bit dormant.

The problem is, that I don't actually use the VPN plugin myself or have 
the ability to test it.
So would feel a bit uneasy pulling a patch that is not acked/reviewed 
and which I can't test.


The patch got accepted into the main branch, so it is acked.
I do not know what upstream's review requirements are before a patch can get 
into the main branch.

Bug#1057861: systemd 252.20-1~deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1057861 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 252.20-1~deb12u1

Explanation: new upstream stable release

Bug#999938: trafficserver: depends on obsolete pcre3 library

[Bastian Germann]

Control: found -1 trafficserver/9.2.3+ds-1+deb12u1
X-Debbugs-Cc: ftpmas...@debian.org

Somehow, trafficserver's bookworm-security version got into unstable and the 
package has migrated despite this issue.
I have never seen such a thing and am copying FTP Master.

Bug#1061202: RM: nautilus-filename-repairer -- ROM; FTBFS, Dead upstream

[Changwoo Ryu]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: nautilus-filename-repai...@packages.debian.org, 
debian-l10n-kor...@lists.debian.org
Control: affects -1 + src:nautilus-filename-repairer

Please remove nautilus-filename-repairer.

It fails to build with recent nautilus (#1017623) and upstream stopped
maintenance.

Bug#1061201: dosfstools: Add nocheck profile

[Samuel Thibault]

Package: dosfstools
Version: 4.2-1
Severity: normal
Tags: patch

Hello,

To simplify bootstrapping new ports, it would be useful to make the xxd
build-dep !nocheck, as the attached patch does.

Thanks,
Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unreleased'), 
(500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.7.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dosfstools depends on:
ii  libc6  2.37-13

dosfstools recommends no packages.

dosfstools suggests no packages.

-- no debconf information

-- 
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.
--- debian/control.original 2024-01-20 18:55:48.889900271 +0100
+++ debian/control  2024-01-20 18:55:51.539916307 +0100
@@ -2,7 +2,7 @@
 Section: otherosfs
 Priority: optional
 Maintainer: Andreas Bombe 
-Build-Depends: debhelper-compat (= 13), xxd
+Build-Depends: debhelper-compat (= 13), xxd 
 Standards-Version: 4.5.1
 Rules-Requires-Root: no
 Homepage: https://github.com/dosfstools/dosfstools

Bug#1061194: podman: cannot run rootful containers with many layers using overlay driver

[Tee Hao Wei]

Oh. I just noticed how Debian handles Go dependencies..

I guess this will actually need to be a cherry-pick to 
golang-github-containers-storage-dev followed by a rebuild of podman.

Bug#1061200: transition: vtk9

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: v...@packages.debian.org
Control: affects -1 + src:vtk9

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear release team,

please schedule vtk9.3 transition.

Ben file:

title = "vtk9";
is_affected = .depends ~ "libvtk9\.1|libvtk9\.1\-qt" | .depends ~ 
"libvtk9\.3|libvtk9\.3\-qt";
is_good = .depends ~ "libvtk9\.3|libvtk9\.3\-qt";
is_bad = .depends ~ "libvtk9\.1|libvtk9\.1\-qt";

I have done a full rebuild and some failures are detected. Bugs (most of them 
with patches) will
be filed in the next time.

Thank you

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmWr/7QRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYKUA//a5VTdDoQST30wyb4hSsN40HKHU5Y65xX
wLIcozZWvdzSnFQa7NDojOihsiYEjUEokhqqCGf7XbVZ/FokyJclzgh6ZHoX9APj
6O/Xfz5GHPpYblwMGC8029yUqnlQfQXcR7gS5HqfGBGZ1FyWRAqY0hS5kzbY/LYK
mpcOAo0zGqj/4FaSNCCycPP9Yn+0HMUqcmT2mmGPye3cjnhrl+Ixlo/Is8+1vb3Z
92APiFLa259DeucniY02qMMSZdCS9Gv3VjMSah/4qYpJnbdtGjz/Vy0t0IRY6hSY
D06I/YJiM8miY1QK5xwG2F5ElXermhuWNvf8dfy/DFJk7gul6HiSTUpe18xcv2y9
PR1h+NA0fEFVtaHf0KYaST45KPN2xIcRLovZQPX3IPzxuwHO5TcGYzd632/TTF7e
8OnVj3yoqhd41Gc0K8/0XBv7TgJ7nrXhcsUwi8MA1CArir0fGr5ZjTrKRBrzCc4p
xF7AtxZuxWXoJ18SXE3oudWmuk97kSS5yAHzgBOgj4LUjTtJAzZIQtwgJT+sLvLJ
QeISyC3z3mEf9+ed287EuYxWKuhdyUdElvLDfU66H/FL6Nzb2LrjskK6HfPrLsBe
tDyyDm09rnhI47t6gDy3X+oPcgLd7SzIrXQQm8jmXCx3PxKHx8bDWXanF5ViBvte
pfsgZmdit5k=
=56QT
-END PGP SIGNATURE-

Bug#1061199: ITP: python-mbedtls -- Cryptographic library for Python with Mbed TLS backend

[Josenilson Ferreira da Silva]

Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva 
X-Debbugs-Cc: debian-de...@lists.debian.org, nilsonfsi...@hotmail.com

* Package name: python-mbedtls
  Version : 2.8.0
  Upstream Contact: Mathias Laurin 
* URL : https://github.com/Synss/python-mbedtls
* License : MIT/expat
  Programming Lang: Python
  Description : Cryptographic library for Python with Mbed TLS backend

 mbedtls is an open source library that implements lightweight and
 efficient solutions for security protocols, including TLS (widely
 used in security between network communications)
 .
 Library Key Features:
  - TLS/SSL: Provides support for implementing the TLS/SSL protocol, which
is widely used to ensure secure communications over the internet.
  - Cryptography: Offers a variety of cryptographic algorithms for symmetric
and asymmetric encryption, hashing, and digital signatures
  - Network Protocol Support: Implements security protocols for secure
communication, such as DTLS (Datagram Transport Layer Security) for
real-time communication.
  - TLS Server and Client: Allows the creation of both secure servers and
clients using the TLS protocol.
  - Clean and Simple C API: Features a C-language API designed to be clear,
concise, and easy to use.

Bug#1061198: [Pkg-utopia-maintainers] Bug#1061198: Install PAM modules into /usr

[Michael Biebl]

Control: tags -1 + patch

I've submitted a MR via salsa at

https://salsa.debian.org/utopia-team/cockpit/-/merge_requests/1



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1061198: Install PAM modules into /usr

[Michael Biebl]

Package: cockpit-ws
Version: 309-1
User: helm...@debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr.
cockpit-ws installs its PAM modules into /lib/*/security.
Please move those to /usr/lib/*/security instead.

Regards,
Michael

Bug#1061197: Acknowledgement (DEP17: move PAM module to /usr)

[Michael Biebl]

Control: tags -1 + patch

I've created a corresponding MR
https://salsa.debian.org/gnome-team/gnome-keyring/-/merge_requests/2


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1060832: RM: graph-tool [ppc64el] -- ROM; Does not build on ppc64el

[Jerome BENOIT]

Hi,

I have just tried to build the graph-tool package on the platti porter box
(ppc64el arch porter box) once with the option -mlong-double-128 and once
with the option-mlong-double-80 . The two attempts failed.

Accordingly I second the request made by Andreas.

Best,
Jerome

--
Jerome BENOIT | calculus+at-rezozer^dot*net
https://qa.debian.org/developer.php?login=calcu...@rezozer.net
AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1061197: DEP17: move PAM module to /usr

[Michael Biebl]

Package: libpam-gnome-keyring
Version: 42.1-1+b2
Severity: normal
User: helm...@debian.org
Usertags: dep17m2

Hi,

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr.
libpam-gnome-keyring installs its PAM module into /lib/*/security.
Please move that to /usr/lib/*/security instead.

Regards,
Michael

Bug#1061196: Please demote supercat to Suggests

[Michael Biebl]

Package: cron
Version: 3.0pl1-183
Severity: normal

The latest update of cron pulls in supercat via a Recommends.
I don't see this dependency justified anywhere.
Thus please lower this to Suggests.

Thanks,
Michael

Bug#1056141: nvenc encoder not available after installing libnvidia-encode1 and enabling ffnvcodec

[twl]

On Sat, 18 Nov 2023 21:25:36 +0100 Sebastian Ramacher 
 wrote:

> Control: tags -1 moreinfo
>
> On 2023-11-17 11:20:11 -0500, Brian Bostwick wrote:
> > Package: ffmpeg
> > Version: 7:6.1-2
> >
> > Hi in Trixie, using nvidia-driver 525.125.06-2, libnvidia-encode1
> > 525.125.06-2, and ffmpeg 7:6.1-2, I can't seem to get the nvenc codec
> > built into ffmpeg.
> >
> > $ ffmpeg -codecs | grep 264
> > H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10 (decoders: h264 h264_v4l2m2m
> > h264_qsv h264_cuvid ) (encoders: libx264 libx264rgb h264_omx h264_qsv
> > h264_v4l2m2m h264_vaapi )
> >
> > These are the additional enable flags I added to the debian/rules file:
> >
> > --enable-nonfree \
> > --enable-cuda-llvm \
> > --enable-ffnvcodec
> >
> > Full build configuration:
> >
> > configuration:
> > --prefix=/usr
> > --extra-version=9
> > --toolchain=hardened
> > --libdir=/usr/lib/x86_64-linux-gnu
> > --incdir=/usr/include/x86_64-linux-gnu
> > --arch=amd64
> > --enable-gpl
> > --disable-stripping
> > --enable-gnutls
> > --enable-ladspa
> > --enable-libaom
> > --enable-libass
> > --enable-libbluray
> > --enable-libbs2b
> > --enable-libcaca
> > --enable-libcdio
> > --enable-libcodec2
> > --enable-libdav1d
> > --enable-libflite
> > --enable-libfontconfig
> > --enable-libfreetype
> > --enable-libfribidi
> > --enable-libglslang
> > --enable-libgme
> > --enable-libgsm
> > --enable-libjack
> > --enable-libmp3lame
> > --enable-libmysofa
> > --enable-libopenjpeg
> > --enable-libopenmpt
> > --enable-libopus
> > --enable-libpulse
> > --enable-librabbitmq
> > --enable-librist
> > --enable-librubberband

> > --enable-libshine

I am also having this issue on debian sid. I have the nvenc codecs 
available but it wants cuda version 12.1 when debian only supplies 12.0


$ ffmpeg -codecs | grep nvenc
 DEV.L. av1  Alliance for Open Media AV1 (decoders: 
libdav1d libaom-av1 av1 av1_cuvid av1_qsv) (encoders: libaom-av1 
librav1e libsvtav1 av1_nvenc av1_qsv av1_vaapi)
 DEV.LS h264 H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10 
(decoders: h264 h264_v4l2m2m h264_qsv h264_cuvid) (encoders: libx264 
libx264rgb h264_nvenc h264_omx h264_qsv h264_v4l2m2m h264_vaapi)
 DEV.L. hevc H.265 / HEVC (High Efficiency Video 
Coding) (decoders: hevc hevc_qsv hevc_v4l2m2m hevc_cuvid) (encoders: 
libx265 hevc_nvenc hevc_qsv hevc_v4l2m2m hevc_vaapi)


$ ffmpeg -i example.webm -c:v h264_nvenc example.mp4

[h264_nvenc @ 0x5639a5107e80] Driver does not support the required nvenc 
API version. Required: 12.1 Found: 12.0
[h264_nvenc @ 0x5639a5107e80] The minimum required Nvidia driver for 
nvenc is (unknown) or newer
[vost#0:0/h264_nvenc @ 0x5639a510b900] Error while opening encoder - 
maybe incorrect parameters such as bit_rate, rate, width or height.

Error while filtering: Function not implemented
[out#0/mp4 @ 0x5639a5098580] Nothing was written into output file, 
because at least one of its streams received no packets.


$ nvidia-smi

Sat Jan 20 10:37:18 2024
+-+
| NVIDIA-SMI 525.147.05   Driver Version: 525.147.05   CUDA Version: 
12.0 |

|---+--+--+
| GPU  Name    Persistence-M| Bus-Id    Disp.A | Volatile 
Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap| Memory-Usage | GPU-Util 
Compute M. |

|   | |   MIG M. |
|===+==+==|
|   0  NVIDIA GeForce ...  On   | :01:00.0  On 
|  N/A |

|  0%   40C    P5    20W / 170W |  10083MiB / 12288MiB | 16%  Default |
|   | |  N/A |
+---+--+--+

Bug#1061176: tar 1.34+dfsg-1.2+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1061176 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: tar
Version: 1.34+dfsg-1.2+deb12u1

Explanation: fix boundary checking in base-256 decoder [CVE-2022-48303], 
handling of extended header prefixes [CVE-2023-39804]

Bug#1061161: pypdf2 2.12.1-3+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1061161 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: pypdf2
Version: 2.12.1-3+deb12u1

Explanation: fix infinite loop issue [CVE-2023-36464]

Bug#1060851: pypdf 3.4.1-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060851 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: pypdf
Version: 3.4.1-1+deb12u1

Explanation: fix infinite loop issue [CVE-2023-36464]

Bug#1060767: proftpd-mod-proxy 0.9.2-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060767 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: proftpd-mod-proxy
Version: 0.9.2-1+deb12u1

Explanation: implement fix for the Terrapin attack [CVE-2023-48795]

Bug#1060417: proftpd-dfsg 1.3.8+dfsg-4+deb12u3 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060417 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: proftpd-dfsg
Version: 1.3.8+dfsg-4+deb12u3

Explanation: implement fix for the Terrapin attack (CVE-2023-48795); fix 
out-of-bounds read issue [CVE-2023-51713]

Bug#1060132: mate-settings-daemon 1.26.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060132 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mate-settings-daemon
Version: 1.26.0-1+deb12u1

Explanation: fix memory leaks; relax High DPI limits; fix handling of multiple 
rfkill events

Bug#1060129: libmateweather 1.26.0-1.1+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060129 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libmateweather
Version: 1.26.0-1.1+deb12u2

Explanation: fix URL for aviationweather.gov

Bug#1059696: mate-utils 1.26.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059696 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mate-utils
Version: 1.26.0-1+deb12u1

Explanation: fix various memory leaks

Bug#1060122: atril 1.26.0-2+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1060122 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: atril
Version: 1.26.0-2+deb12u1

Explanation: fix crash when opening some epub files; fix index loading for 
certain epub documents; add fallback for malformed epub files in check_mime_type

Bug#1059846: isl 0.25-1.1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059846 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: isl
Version: 0.25-1.1

Explanation: fix use on older CPUs

Bug#1059705: pluma 1.26.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059705 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: pluma
Version: 1.26.0-1+deb12u1

Explanation: fix memory leak issues; fix double activation of extensions

Bug#1059522: caja 1.26.1-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059522 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: caja
Version: 1.26.1-1+deb12u1

Explanation: fix desktop rendering artifacts after resolution changes; fix use 
of "informal" date format

Bug#1059656: espeak-ng 1.51+dfsg-10+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059656 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: espeak-ng
Version: 1.51+dfsg-10+deb12u1

Explanation: fix buffer overflow issues [CVE-2023-49990 CVE-2023-49992 
CVE-2023-49993], buffer underflow issue [CVE-2023-49991], floating point 
exception issue [CVE-2023-49994]

Bug#1059524: mate-screensaver 1.26.1-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1059524 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: mate-screensaver
Version: 1.26.1-1+deb12u1

Explanation: fix memory leaks

Bug#1061195: ITP: libgeo-wkt-simple-perl -- Simple utils to parse/build Well Known Text(WKT) format string

[Francesco P. Lovergine]

Package: wnpp
Severity: wishlist
Owner: "Francesco P. Lovergine" 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libgeo-wkt-simple-perl
  Version : 0.05
  Upstream Contact: Yuto KAWAMURA 
* URL : https://metacpan.org/release/KAWAMURAY/Geo-WKT-Simple-0.05
* License : Perl
  Programming Lang: Perl
  Description : Simple utils to parse/build Well Known Text(WKT) format 
string

 This module can parse/build WKT format string into/from pure Perl data
 structure. It is simpler than Geo::WKT and does not depend on the Proj
 library, and even support MULTI(LINE|STRING|POLYGON) objects.

-- 
⢀⣴⠾⠻⢶⣦⠀ Francesco Paolo Lovergine
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ 0579 A97A 2238 EBF9 BE61
⠈⠳⣄ ED02 0F02 A5E1 1636 86A4

Bug#1020482: libreoffice-dictionaries: Package the Qt WebEngine binary dictionary files from your Hunspell source

[Rene Engelhard]

Am Sat, Oct 14, 2023 at 11:50:25AM -0700 schrieb Soren Stoutner:
> Would you be interested in a patch to implement this functionality?

You can do that, for sure.

(Actually during debconf last year I did a quick and dirty solution to
this - excluding the special-case-needed ones, but dropped the ball on
it. Can resurrect it, though)

Regards,

Rene

Bug#1017623: nautilus-filename-repairer: Fails to build with Nautilus 43

[Bastian Germann]

On Tue, 13 Sep 2022 15:11:24 +0900 Changwoo Ryu  wrote:

Maybe it's time for this old package to retire. I'll consider ITP as
new if the upstream does the migration in the future.


Can you please file a RM bug then? The package has missed bookworm and is dead 
upstream.

Bug#1061194: podman: cannot run rootful containers with many layers using overlay driver

[Tee Hao Wei]

Package: podman
Version: 4.3.1+ds1-8+b1
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: t...@in04.sg

bookworm's podman has a bug that prevents it from running images that have many
layers in rootful mode using the overlay storage driver.

The bug was reported upstream here[1] and fixed in [2], which was picked up in
podman v4.4. The patch in [2] depends on at least this[3] other commit.

Could you please cherry-pick the fix? Thank you.

As an aside: the root cause is that the overlay driver ends up passing the
wrong (non-idmapped) lower dirs to overlayfs when the mount arguments exceed
one page (4K), which is why this is only seen with images with many layers,
and only when running as root (since idmapped mounts require root).

[1] https://github.com/containers/storage/issues/1410
[2] https://github.com/containers/storage/pull/1411
[3] 
https://github.com/containers/storage/commit/7c5964df95c892cfbdbce594cf5a8e2973c70fd7

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon   2.1.6+ds1-1
ii  crun 1.8.1-1+deb12u1
ii  golang-github-containers-common  0.50.1+ds1-4
ii  libc62.36-9+deb12u3
ii  libdevmapper1.02.1   2:1.02.185-2
ii  libgpgme11   1.18.0-3+b1
ii  libseccomp2  2.5.4-1+b3
ii  libsubid41:4.13+dfsg1-1+b1

Versions of packages podman recommends:
ii  buildah1.28.2+ds1-3+b1
ii  catatonit  0.1.7-1+b1
ii  dbus-user-session  1.14.10-1~deb12u1
ii  fuse-overlayfs 1.10-1
ii  slirp4netns1.2.0-1
ii  uidmap 1:4.13+dfsg1-1+b1

Versions of packages podman suggests:
pn  containers-storage  
pn  docker-compose  
ii  iptables1.8.9-2

-- no debconf information

Bug#1031267: debmany: shell injection

[Jakub Wilk]

The example viewer in the man page also uses eval:

   #!/bin/dash
   read -p "program to use: " pgm
   eval $pgm "$1"

Please fix it too.

--
Jakub Wilk

Bug#1061193: reprepro: replace all compression libraries with libarchive filters

[Bastian Germann]

Source: reprepro
Version: 5.3.0-1.3
Severity: wishlist

reprepro has build-dependencies on libz-dev, libbz2-dev, liblzma-dev, libarchive-dev, a dependency on zstd, and suggests 
lzip. As libarchive supports all of the other formats via filters, which are all built-in in Debian's libarchive 
configuration, reprepro should build-depend solely on libarchive-dev and the code converted to uncompress via the 
libarchive filters. Currently, both library calls and execve() on decompressors are used. Most related code should be in 
uncompression.c and in tool.c.

Bug#1061192: datalad: please remove old stale dependencies python3-mock & python3-six

[Alexandre Detiste]

Source: datalad
Version: 0.19.3-2
Severity: normal

Hi,

The Debian packaging has still references to old
python3-mock (replaced by unittest.mock) &
python3-six.

Please remove those in next upload.

Greetings


--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,6 @@ Build-Depends: debhelper (>= 11),
python3-iso8601,
python3-keyring,
python3-keyrings.alt | python3-keyring (<= 8),
-   python3-mock,
python3-msgpack,
python3-mutagen,
python3-pytest,
@@ -39,7 +38,6 @@ Build-Depends: debhelper (>= 11),
python3-requests,
python3-secretstorage,
python3-setuptools,
-   python3-six,
python3-tqdm (>= 4.32.0),
python3-typing-extensions (>= 3.10.0.2~),
python3-vcr,
@@ -93,13 +91,11 @@ Depends: git-annex (>= 8.20200309~) | git-annex-standalone 
(>= 8.20200309~),
  python3-iso8601,
  python3-keyring,
  python3-keyrings.alt | python3-keyring (<=8),
- python3-mock,
  python3-msgpack,
  python3-pil,
  python3-appdirs,
  python3-requests (>=1.2),
  python3-secretstorage,
- python3-six,
  python3-typing-extensions (>= 3.10.0.2~),
  python3-tqdm (>= 4.32.0),
  ${misc:Depends},

Bug#877867: Bugfix / workaround

[Jaap Keuter]

Launchpad has this one-liner bugfix / workaround, but so far has not been 
applied.

https://bugs.launchpad.net/ubuntu/+source/tkcvs/+bug/1817571/comments/1

This works for TkCVS 8.2.3

Later releases of TkCVS, or TkRev as it's now called, do not have this code 
anymore.

Bug#1056129: libmateweather: (unused?) dependency on deprecated libsoup-gnome2.4-dev

[Bastian Germann]

I can confirm this is not needed.

Bug#1061190: bullseye-pu: package gnutls28/3.7.1-5+deb11u5

[Salvatore Bonaccorso]

Hi,

On Sat, Jan 20, 2024 at 03:53:45PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org
> Control: affects -1 + src:gnutls28
> 
> Hello,
> 
> I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a
> oldstable-updates since they do not require a DSA.

Only a small remark about the CVE tracking, no direct need to change
anything: CVE-2024-0553 exists because of an incomplete fix of
CVE-2024-0553, so technically weh ave that incomplete fix not yet in
any official bullseye release (apart the bullseye-pu).

For the security-tracker so I tend to consider CVE-2024-0553
not-affected for bullseye, but then CVE-2023-5981 only fixed in
3.7.1-5+deb11u5 rather than 3.7.1-5+deb11u4. For that I have done the
following two commits:

https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f30f93b036b864eb245daf7dec5f70a824a7fb5c
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd218ec683140739797aa973d354e00b8660e9b

Let me know if you diagree and we should revert that to track all 3
CVEs for gnutls28 in bullseye.

Regards,
Salvatore

Bug#1061190: bullseye-pu: package gnutls28/3.7.1-5+deb11u5

[Andreas Metzler]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:gnutls28

Hello,

I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a
oldstable-updates since they do not require a DSA.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru gnutls28-3.7.1/debian/changelog gnutls28-3.7.1/debian/changelog
--- gnutls28-3.7.1/debian/changelog	2023-11-30 11:37:44.0 +0100
+++ gnutls28-3.7.1/debian/changelog	2024-01-20 07:56:15.0 +0100
@@ -1,3 +1,13 @@
+gnutls28 (3.7.1-5+deb11u5) bullseye; urgency=medium
+
+  * Cherrypick two CVE fixes from 3.8.3:
+Fix assertion failure when verifying a certificate chain with a cycle of
+cross signatures. CVE-2024-0567 GNUTLS-SA-2024-01-09 Closes: #1061045
+Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553
+GNUTLS-SA-2024-01-14 Closes: #1061046
+
+ -- Andreas Metzler   Sat, 20 Jan 2024 07:56:15 +0100
+
 gnutls28 (3.7.1-5+deb11u4) bullseye; urgency=medium
 
   * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel
diff -Nru gnutls28-3.7.1/debian/patches/63-x509-detect-loop-in-certificate-chain.patch gnutls28-3.7.1/debian/patches/63-x509-detect-loop-in-certificate-chain.patch
--- gnutls28-3.7.1/debian/patches/63-x509-detect-loop-in-certificate-chain.patch	1970-01-01 01:00:00.0 +0100
+++ gnutls28-3.7.1/debian/patches/63-x509-detect-loop-in-certificate-chain.patch	2024-01-20 07:56:15.0 +0100
@@ -0,0 +1,188 @@
+From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno 
+Date: Thu, 11 Jan 2024 15:45:11 +0900
+Subject: [PATCH 1/2] x509: detect loop in certificate chain
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There can be a loop in a certificate chain, when multiple CA
+certificates are cross-signed with each other, such as A → B, B → C,
+and C → A.  Previously, the verification logic was not capable of
+handling this scenario while sorting the certificates in the chain in
+_gnutls_sort_clist, resulting in an assertion failure.  This patch
+properly detects such loop and aborts further processing in a graceful
+manner.
+
+Signed-off-by: Daiki Ueno 
+---
+ lib/x509/common.c   |   4 ++
+ tests/test-chains.h | 125 
+ 2 files changed, 129 insertions(+)
+
+--- a/lib/x509/common.c
 b/lib/x509/common.c
+@@ -1794,10 +1794,14 @@ unsigned int _gnutls_sort_clist(gnutls_x
+ 		prev = issuer[prev];
+ 		if (prev < 0) {	/* no issuer */
+ 			break;
+ 		}
+ 
++		if (insorted[prev]) { /* loop detected */
++			break;
++		}
++
+ 		sorted[i] = clist[prev];
+ 		insorted[prev] = 1;
+ 	}
+ 
+ 	/* append the remaining certs */
+--- a/tests/test-chains.h
 b/tests/test-chains.h
+@@ -4261,10 +4261,133 @@ static const char *rsa_sha1_not_in_trust
+ 	"tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n"
+ 	"-END CERTIFICATE-\n",
+ 	NULL
+ };
+ 
++static const char *cross_signed[] = {
++	/* server (signed by A1) */
++	"-BEGIN CERTIFICATE-\n"
++	"MIIBqDCCAVqgAwIBAgIUejlil+8DBffazcnMNwyOOP6yCCowBQYDK2VwMBoxGDAW\n"
++	"BgNVBAMTD0ludGVybWVkaWF0ZSBBMTAgFw0yNDAxMTEwNjI3MjJaGA85OTk5MTIz\n"
++	"MTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgYDVQQD\n"
++	"Ew90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQA1ZVS0PcNeTPQMZ+FuVz82AHrj\n"
++	"qL5hWEpCDgpG4M4fxaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCD3Rl\n"
++	"c3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMC\n"
++	"B4AwHQYDVR0OBBYEFGtEUv+JSt+zPoO3lu0IiObZVoiNMB8GA1UdIwQYMBaAFPnY\n"
++	"v6Pw0IvKSqIlb6ewHyEAmTA3MAUGAytlcANBAAS2lyc87kH/aOvNKzPjqDwUYxPA\n"
++	"CfYjyaKea2d0DZLBM5+Bjnj/4aWwTKgVTJzWhLJcLtaSdVHrXqjr9NhEhQ0=\n"
++	"-END CERTIFICATE-\n",
++	/* A1 (signed by A) */
++	"-BEGIN CERTIFICATE-\n"
++	"MIIBUjCCAQSgAwIBAgIUe/R+NVp04e74ySw2qgI6KZgFR20wBQYDK2VwMBExDzAN\n"
++	"BgNVBAMTBlJvb3QgQTAgFw0yNDAxMTEwNjI1MDFaGA85OTk5MTIzMTIzNTk1OVow\n"
++	"GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEExMCowBQYDK2VwAyEAlkTNqwz973sy\n"
++	"u3whMjSiUMs77CZu5YA7Gi5KcakExrKjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYD\n"
++	"VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT52L+j8NCLykqiJW+nsB8hAJkwNzAfBgNV\n"
++	"HSMEGDAWgBRbYgOkRGsd3Z74+CauX4htzLg0lzAFBgMrZXADQQBM0NBaFVPd3cTJ\n"
++	"DSaZNT34fsHuJk4eagpn8mBxKQpghq4s8Ap+nYtp2KiXjcizss53PeLXVnkfyLi0\n"
++	"TLVBHvUJ\n"
++	"-END CERTIFICATE-\n",
++	/* A (signed by B) */
++	"-BEGIN CERTIFICATE-\n"
++	"MIIBSDCB+6ADAgECAhQtdJpg+qlPcLoRW8iiztJUD4xNvDAFBgMrZXAwETEPMA0G\n"
++	

Bug#1060898: apfs-dkms: fails to build module: super.c:17:10: fatal error: version.h: No such file or directory

[Yangyu Chen]

It has been fixed in the v0.3.7 release [1]. Please bump to this
version.
https://github.com/linux-apfs/linux-apfs-rw/commit/5e133a2ca59c88d5295689aca12149776fa495c2