Bug#1067874: Allow trailing whitespace in apt patterns

Package: apt Version: 2.7.14 Severity: wishlist I think this is a bug: root@hera:/# apt list '?source-package(^mg$) ' Listing... Error! E: input:21-22: error: Expected end of file ?source-package(^mg$) ^ I think apt should ignore trailing

Bug#1063374: RFP: HTMX - high power tools for HTML

Hi, attached is my first draft of packaging htmx. I don't know js packaging at all, so I kinda guessed. https://github.com/cyberitsolutions/bootstrap2020/tree/twb/debian-12-PrisonPC.packages/node-htmx.org/debian Known issues: * Have to build with DEB_BUILD_OPTIONS=nocheck, because

Bug#1064259: Remove spurious Depends: bubblewrap (it moved to libgnome-desktop-*)

Package: nautilus Version: 43.2-1 Severity: minor Right now nautilus has Depends: bubblewrap, but it doesn't actually use bubblewrap. https://salsa.debian.org/search?search=bubblewrap_source=navbar_id=5329_id=2002_code=true_ref=debian%2Flatest This happened because nautilus used to

Bug#1063993: Cannot "list set" multiple differently-typed sets in one process

Package: nftables Version: 1.0.6-2+deb12u2 Severity: minor In production I wanted to list two sets and count how many elements are in each: $ sudo nft -json 'list set inet my_filter my_IPS_IPv4_blacklist' | jq '.nftables[1].set.elem | length' 33 When I tried to list both sets at once

Bug#1063764: Please protect exim4/postfix/dovecot/ by default again

Package: sshguard Version: 2.4.2-1+b2 Severity: normal Consider this change to prevent sshguard triggering itself (https://bugs.debian.org/928525): https://salsa.debian.org/debian/sshguard/-/commit/3563a43968bf1e143f2a1b20d06a95c48a95570b - LOGREADER="LANG=C /bin/journalctl -afb -p

Bug#1061094: mmdebstrap vs. apt -o DPkg::Inhibit-Shutdown

Package: apt Version: 2.6.1 Severity: wishlist I'm creating this bug so there's a bug number I can link to. We discussed it on #debian-apt around 2024-01-16 08:54:47+00:00. I noticed that since 2023-10-10, mmdebstrap triggers these errors: 2023-10-10T15:53:32+1100 hera polkitd[2696604]:

Bug#1060889: clamav cannot be cross-arch installed?

Package: clamav-base Version: 1.0.3+dfsg-1~deb12u1 Severity: minor When trying to install clamav for non-default architecture, I get this error from apt: The following packages have unmet dependencies: clamav-daemon:i386 : Depends: clamav-base:i386 (= 1.0.3+dfsg-1~deb12u1) but it is

Bug#1054559: numfmt: --to lakh ?

Package: coreutils Version: 9.1-1 Severity: wishlist File: /usr/bin/numfmt Tags: upstream In India it is common to write large numbers using combinations of "lakh" / "L" (10⁷) and "crore" / "cr" (10⁵). https://en.wikipedia.org/wiki/Lakh https://en.wikipedia.org/wiki/Crore For example,

Bug#1041731: Hyphens in man pages

On Sun 15 Oct 2023 17:33:07 +0200, Iustin Pop wrote: > At least you're not lazy. I am, so what I did many times is add a > build-depends on pandoc, and write the man page in rst or md. I think > that's a worse solution (pandoc is really heavy), but at least, I don't > have to go back to *roff.

Bug#1052302: Missing Depends/Recommends: bsdextrautils (hexdump)

Package: translate-shell Version: 0.9.7.1-1 Severity: minor With default settings, trans(1) appears to assume hexdump is installed. Please add a Recommends or Depends (whichever is appropriate). (Also, it should probably treat this as an error, and exit non-zero.) Minimal failing recipe:

Bug#778849: Support restoring initrd on shutdown and pivoting into it

On Wed 11 Jan 2023 00:17:44 +, Gervase wrote: > On Sat, 2022-12-24 at 14:16 +, Gervase wrote: > > Awhile back, I did have a look around the fix. From what I > > remembered, > > intrigeri's solution used a systemd shutdown 'script' to check for > > devmaps or whatever of LVMs, ZFS

Bug#778849: Support restoring initrd on shutdown and pivoting into it

On Fri 07 Apr 2017 12:02:46 +0200, intrigeri wrote: > /lib/systemd/system/initramfs-shutdown.service: > ⋯ > /usr/share/initramfs-tools/initramfs-restore: > ⋯ > /usr/bin/unmkinitramfs /initrd.img "$WORKDIR" > ⋯ > /lib/systemd/system-shutdown/initramfs-tools: > ⋯ >

Bug#944757: endless-sky: please package Endless Sky 0.9.10

On Tue 13 Dec 2022 22:04:40 +0200, Damyan Ivanov wrote: > The package is more or less ready at > (-high-dpi at > , probably > needs a bit more work). FYI I had a go this morning and got a

Bug#1041470: Acknowledgement (RFP: gnome-crosswords -- crossword player and editor)

/debian/control:2:Section: games libipuz/debian/control:3:Priority: optional libipuz/debian/control:4:Homepage: https://gitlab.gnome.org/jrb/libipuz/ libipuz/debian/control:5:Standards-Version: 4.5.1 libipuz/debian/control:6:Maintainer: Trent W. Buck libipuz/debian/control:7

Bug#1041470: RFP: gnome-crosswords -- crossword player and editor

Package: wnpp Severity: wishlist * Package name: gnome-crosswords Version : 0.3.4 Upstream Contact: Jonathan Blandford? * URL : https://gitlab.gnome.org/jrb/crosswords * License : GPL3 Programming Lang: C Description : crossword player and editor

Bug#990486: mtools 4.0.33-1+really4.0.32-1: Internal error, size too big

cess import tempfile __author__ = "Trent W. Buck" __copyright__ = "Copyright © 2020 Trent W. Buck" __license__ = "expat" __doc__ = """ build the simplest Debian Live image that can boot This uses mmdebstrap to do the heavy lifting; it can run entirely wit

Bug#1040245: wget-style scroll bars in syslog after Debian 11->12 upgrade

Package: fwupd Version: 1.8.12-2 Severity: minor On Debian 11, I saw this: $ journalctl --output=short-iso --identifier=fwupdmgr ⋮ 2022-06-06T01:05:08+1000 hera fwupdmgr[906504]: Updating lvfs 2022-06-06T01:05:08+1000 hera fwupdmgr[906504]: Successfully downloaded new metadata:

Bug#950696: git-daemon-sysvinit: missing-systemd-service-for-init.d-script

I don't use git-daemon; I use https://packages.debian.org/bookworm/klaus (and ssh). I found this bug because src:git is one of the most popular packages to have a "missing" systemd unit. I tested something similar to what Andreas suggested, but it did not work for me. I have attached both

Bug#1033728: sudo-ldap might be removed post-bookworm or post-trixie

On Fri 31 Mar 2023 09:41:16 +0200, Marc Haber wrote: > Please add your reasons to this bug, so that the sudo maintainers can > properly consider the reasons in their decision. I personally DON'T need sudo-ldap anymore. 1. I ran sudo-ldap + slapd on an Ubuntu 10.04 farm until 2022. It was

Bug#1039270: Here's my monit.service

FYI, attached are my monit systemd units. They are definitely "too hardened" for some users. You can PROBABLY just take everything before the hardening part, and use that as-is. In particular, I deliberately prevent monit running as root (I want systemd to restart units; I just want monit to

Bug#1038621: Please ACTUALLY remove the Depends: binutils

Package: needrestart Version: 3.6-4 Severity: minor I upgraded to Debian 12, hoping this stupid error would finally go away: bash5$ check-support-status Limited security support for one or more packages Unfortunately, it has been necessary to limit security support for some

Bug#1036151: remove /etc/hostid?

Package: mmdebstrap Version: 0.7.5-2.2 Severity: wishlist Before /etc/machine-id, there was /etc/hostid. It's kinda crap. It is in glibc and coreutils, but only ZFS really uses it. https://manpages.debian.org/bullseye/manpages-dev/gethostid.3.en.html

Bug#1035568: dnsmasq is broken on new bookworm installations

On Fri 05 May 2023 15:17:37 +, Jens Meißner wrote: > dnsmasq on bookworm fails to start after installation because the dns port 53 > is already is use by systemd-resolved. > After stopping systemd-resolved dnsmasq will start but refuses all dns > queries with the Extended DNS Error Code 14

Bug#1013448: pcre2 relies on write+execute mappings unnecessarily

FYI, systemd's MemoryDenyWriteExecute=yes breaks "git grep" because of pcre2jit. An easy test command is something like this: $ journalctl --user -fn0 & # so you see the error $ systemd-run --property=MemoryDenyWriteExecute=yes --user git -C /srv/vcs/kb grep -Fwi mutt --error-->

Bug#1034239: vterm-mode make-process fails in an unshare(1)?

Package: elpa-vterm Version: 0.0.2+git20230217.3e5a9b7-1 Severity: normal I've wanted to try vterm for a couple of years, but not enough to trust melpa with a C compiler. I noticed it's in bookworm, but I'm still on bullseye, so I spun up a container to test it. Unfortunately, it's not working

Bug#701065: git-add--interactive: should depend on (or at least recommend) libterm-readkey-perl

On Thu 21 Feb 2013 17:10:49 +0900, Liyang HU wrote: > Package: git > Version: 1:1.7.10.4-1ubuntu1 > Severity: normal > > In order for the interactive.singlekey option to work at all, > libterm-readkey-perl should be installed. > > Every time I install git on a fresh system, I end up reading

Bug#1020328: Acknowledgement (Native systemd units)

On Wed 07 Dec 2022 23:46:43 +, Richard Lewis wrote: > I have been studying and experimenting - and learning a lot. > For exim4, i found ⋯ I slurped your exim notes into my repo. I probably won't do any actual testing with exim myself :-)

Bug#1025223: minor

Package: parted Version: 3.4-1 Severity: normal https://en.wikipedia.org/wiki/GUID_Partition_Table says [Linux is] limited to 256 partitions per disk.^[19]

Bug#1024977: mmutf8fix does not fix omusrmsg

Package: rsyslog Version: 8.2102.0-2+deb11u1 Severity: minor Using the attached rsyslog.conf, with this test log: /usr/bin/printf 'TEST BYTES

Bug#1024975: systemd hardening

Package: motion Version: 4.3.2-1 Severity: wishlist Attached is my systemd hardening errata for motion. It won't work for everyone, but at least SOME of it could be added to debian/motion.service. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500,

Bug#1024973: systemd hardening

Package: ircd-irc2 Version: 2.11.2p3~dfsg-5.1 Severity: wishlist Attached is my systemd hardening errata for ircd-irc2. It won't work for everyone, but at least SOME of it could be added to debian/ircd-irc2.service. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT

Bug#771631: dnsmasq: Please add ProtectSystem=yes to systemd service file

On Wed 17 Dec 2014 20:52:30 +, Simon Kelley wrote: > There's a potential problem with this: dnsmasq has an option to invoke > child processes when the DHCP lease database changes, using the > - --dhcp-script option. By making this change, those processes are going > to be invoked with

Bug#1024673: Fix violations.ignore.d/logcheck-sudo (too precise)

Package: logcheck-database Version: 1.3.23 Severity: wishlist This line is wrong in sudo 1.9.4+ (Debian 11+): https://salsa.debian.org/debian/logcheck/-/blob/master/rulefiles/linux/violations.ignore.d/logcheck-sudo#L2 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+

Bug#1001647:

Short version: • This works: printf 'options.plugins_url=""\noptions.motd_url=""\n' > ~/.visidatarc • Your earlier suggestion does not work anymore. Boring technical details follow. On Mon 13 Dec 2021 18:58:27 -0800, Anja wrote: > For now, you can set `options.plugins_url=None` to your

Bug#1020328: Acknowledgement (Native systemd units)

On Wed 09 Nov 2022 19:29:56 +1100, Trent W. Buck wrote: > In short, what I'm saying is: > > 1. you can't harden a script/daemon that uses the "fork+exec > /usr/sbin/sendmail" API, because > different /usr/sbin/sendmail implementations (e.g. postfix) requir

Bug#1020328: Acknowledgement (Native systemd units)

On Fri 04 Nov 2022 00:45:52 +, Richard Lewis wrote: > Hi trent - i am interested in this approach: > > i see you are binding msmtp over /usr/sbin/sendmail - i dont > understand how this would lead to a different outcome: how else does > msmtp know where to send the mail? is there some

Bug#1022799: Support "protocol syslog"?

Package: monit Version: 1:5.27.2-1 Severity: wishlist I had something like this: check host example.com address example.com if failed port 514 type udp then alert This causes the receiving rsyslog to log a weird event, like this: 2022-10-26 19:09:49+11:00 example.net :

Bug#1019624: UPSONIC IRT-3K 2U broken by length checking in blazer_usb/nutdrv_qx

On Fri 21 Oct 2022 21:35:18 +0200, Laurent Bigonville wrote: > On Tue, 13 Sep 2022 10:19:24 +1000 "Trent W. Buck" > wrote: > Hello, > > > > Short version: > > > > 1. UPSONIC IRT-3K 2U speaks a variant of Q1 which omits final \r. > > 2. nut 2.4 do

Bug#1010126: FYI working example .service

Please find attached the .service I am using on Debian 11. You don't need all of this crap, I guess. * The msmtp stuff is only needed if you have a git post-commit hook that makes git send an email. * The nginx stuff is only needed if you want to have >1 web app on the standard port. *

Bug#1020328: Acknowledgement (Native systemd units)

UPDATE: a debian/logcheck.tmpfiles (/etc/tmpfiles.d/logcheck.conf) is also needed. The security hardening I added prevents logcheck from creating it. See attached. # Hardened logcheck.service started complaining after a reboot: # # systemd[1]: Starting logcheck — email sysadmin about

Bug#1020399: Please add Suggests: openssh-client

Package: gvfs-backends Version: 1.46.2-1 Severity: wishlist To the best of my knowledge, "gio mount sftp://example.com; works by running "ssh example.com -s sftp". It cannot use libssh (used by qemu); nor libssh2 (used by curl), nor dropbear dbclient[0]. To make this a little more obvious,

Bug#1020328: Native systemd units

Package: logcheck Version: 1.3.23 Severity: wishlist Please find attached a logcheck.timer and logcheck.service. I just wrote them; they Work For Me™ so far. If you just ship these, systemd-cron will automatically skip /etc/cron.d/logcheck. Vixie cron might need something like this to manually

Bug#1007152: RFP: virtiofsd -- vhost-user virtio-fs device backend written in Rust

Thomas Koch wrote: > Hash: SHA256 > > * Package name: virtiofsd > Version : 1.1.0 > Upstream Author : multiple, Chromium OS, Intel Corp, Red Hat > * URL : https://gitlab.com/virtio-fs/virtiofsd > * License : BSD and Apache > Programming Lang: Rust >

Bug#1019624: UPSONIC IRT-3K 2U broken by length checking in blazer_usb/nutdrv_qx

/networkupstools.org/source/(?:([\d\.]+))/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ -- 2.34.1 >From b7e417a410f0cf0557d0bb31a63807cbe139c5f5 Mon Sep 17 00:00:00 2001 From: "Trent W. Buck" Date: Tue, 13 Sep 2022 08:00:57 +1000 Subject: [PATCH 2/2] fix upsonic irt-3000 2u --- debian/changel

Bug#1018840: Please consider update-smart-drivedb cron job

Package: smartmontools Version: 7.2-1 Severity: wishlist Is it reasonable to include a cron job to run update-smart-drivedb regularly? It can be off-by-default, e.g. just put it into debian/smartmontools.examples. Here is the one I've been running on Debian 11 since 2021:

Bug#1008240: Inside mmdebstrap hooks, find /dev/ -type f matches irregular files

Andreas Metzler wrote: > Control: forcemerge 912180 1008240 > > FWIW this is a duplicate of 912180. > AFAIU the upstream bug discussion find uses getdents() and avoids unecessary > stats(). > However Linux returns incorrect information. > The possible performance penalty might be huge. Thanks

Bug#942288: Wish for tar2squashfs

FYI, squashfs-tools-ng/bullseye has tar2sqfs and I've been using it for ages. This unprivileged command already uses it internally: $ mmdebstrap bullseye bullseye.squashfs

Bug#1012828: Please enable busybox sha3sum (SHA3/SHA-3/Keccak)

Package: busybox Version: 1:1.30.1-6+b3 Severity: wishlist File: /usr/bin/busybox Is there any reason NOT to enable busybox sha3sums? (I don't care busybox-udeb or busybox-static.) https://sources.debian.org/src/busybox/1%3A1.35.0-1/debian/config/pkg/deb/#L280 -# CONFIG_SHA3SUM is not

Bug#1012680: rmadison --json (push @args, "=json")

Package: devscripts Version: 2.22.1~bpo11+1 Severity: wishlist File: /usr/bin/rmadison Please extend the rmadison parser so it can add =json to the URL it fetches. This avoids people post-processing text to get json out. 01:08 TIL (from twb's comment earlier) "rmadison -u ubuntu" to find

Bug#1010066: prayer: Depends on private functions that are hidden with tidy 5.8

Boyuan Yang wrote: > Source: prayer > Version: 1.3.5-dfsg1-8 > Severity: grave > X-Debbugs-CC: holmg...@debian.org > User: tidy-ht...@packages.debian.org > Usertags: tidy5.8 > > your package uses some of Tidy's unexported internal > functions that are explicitly hidden in Tidy 5.8 [...] > I

Bug#1010741: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc4 in position 136: invalid continuation byte

Package: dopewars Version: 1.5.12-19 Severity: normal Python's configparser cannot parse /usr/share/applications/dopewars.desktop. This is because that file is using ISO 8859-1 when it should be using UTF-8. Please fix the encoding of the .desktop file. -- System Information: Debian Release:

Bug#1006753: dkms modules not rebuilt on kernel upgrades with unattended upgrades

Trent W. Buck wrote: > I can reproduce this issue. > It has bitten me 3 or 4 times. > I think happens every time the ABI bumps (5.10-n → 5.10-n+1). > > For me, the timeline is this: > > 1. unattended-upgrades installs new kernel > 2. kernel postinst builds new

Bug#1006753: dkms modules not rebuilt on kernel upgrades with unattended upgrades

I can reproduce this issue. It has bitten me 3 or 4 times. I think happens every time the ABI bumps (5.10-n → 5.10-n+1). For me, the timeline is this: 1. unattended-upgrades installs new kernel 2. kernel postinst builds new initrd 3. unattended-upgrades installs new headers 4. kernel

Bug#1009850: Hide .desktop menu item in X-only desktops (e.g. XFCE4)?

Package: foot Version: 1.6.4-1 Severity: wishlist XFCE 4.16 (Debian 11) doesn't support Wayland apps. However, foot still appears in its menu. When clicking the menu, there is no user-visible impact of an error. This appears in .xsession-errors: info: main.c:356: version: 1.6.4 +ime

Bug#1009848: Please add "Provides: x-terminal-emulator"

Package: gnome-console Version: 42~beta-2 Severity: wishlist Please add "Provides: x-terminal-emulator" to debian/control, so kgx/gnome-console is easier to find.

Bug#1009099: /usr/share/applications/gnome-breakout.desktop uses legacy encoding

Package: gnome-breakout Version: 0.5.3-7 Severity: minor The gnome-breakout.desktop file is encoded in ISO-8859-1. It should be UTF-8. This causes problems when reading the file: root@desktop:~# python3 -c "import configparser; app = configparser.RawConfigParser();

Bug#1008564: Assumes /usr/games/polygen is in $PATH; not true for root

Package: cappuccino Version: 0.5.1-9.1 Severity: minor Because there is no .desktop file, and my test desktop is built without a terminal emulator, I tried running cappuccino as root: bash$ ssh root@bootstrap2020 'DISPLAY=:0 XAUTHORITY=$(echo /var/lib/xdm/authdir/authfiles/*)' cappuccino

Bug#1007842: Bug#909124: quilt: Please fail gracefully on 'quilt series' when less(1) is not installed

Daniel Shahaf wrote: > > FAILS: env PAGER=cat quilt series > > WORKS: env -u LESS PAGER=cat quilt series > > > > > > This is actually a separate but related bug in quilt. > > If $LESS is set, quilt ignores $PAGER and forces less. > > This is wrong. > ⋮ > > 18:38 [ -n "$LESS" -a -z

Bug#1008240: Inside mmdebstrap hooks, find /dev/ -type f matches irregular files

Package: mmdebstrap Version: 0.7.5-2.2 Severity: minor I see a quite odd behaviour where "find ... -type f" inside a customize hook is matching device files. As a simple test, "find /dev -type f" finds /dev/zero inside mmdebstrap, but not outside mmdebstrap. The problem doesn't appear to be

Bug#909124: quilt: Please fail gracefully on 'quilt series' when less(1) is not installed

Trent W. Buck wrote: > I ran into the same bug, except PAGER=cat also fails. > > I also tried fixing ${x-fallback} to the more normal ${x:-fallback}, but it > did not help. > > I do not understand why that is happening. > > root@hera:/gdk-pixbuf# quilt series >

Bug#909124: quilt: Please fail gracefully on 'quilt series' when less(1) is not installed

I ran into the same bug, except PAGER=cat also fails. I also tried fixing ${x-fallback} to the more normal ${x:-fallback}, but it did not help. I do not understand why that is happening. root@hera:/gdk-pixbuf# quilt series /usr/share/quilt/scripts/patchfns: line 1128: less: command not

Bug#1006403: Does not understand pxelinux.cfg INITRD declaration

Package: pxe-kexec Version: 0.2.4-3+b5 Severity: minor This config file works in pxelinux but not pxe-kexec: root@tvserver:~# busybox tftp -g -r /pxelinux.cfg/default 10.128.2.2 /pxelinux.cfg/defaul 100% || 223 0:00:00 ETA root@tvserver:~# cat

Bug#1006267: Recommends (not Depends) xdg-desktop-portal-*? (don't require fuse/bwrap)

really nice layer to have. e.g. detainee kernels have CONFIG_FUSE_FS disabled (though CONFIG_USER_NS is enabled due to systemd). Format: 3.0 (native) Source: xdg-desktop-portal-ersatz Binary: xdg-desktop-portal-ersatz Architecture: all Version: 11.0 Maintainer: Trent W. Buck Uploaders

Bug#1005230: Does chromium REALLY need fuse now?

Trent W. Buck wrote: > As at chromium 98.0.4758.102-1~deb11u1, > chromium works with xdg-desktop-portal, fuse, flatpak removed. As at chromium 98.0.4758.102-1~deb11u1, I can reproduce the original "Trace/breakpoint trap" in sway, without removing anything. i.e. I don't think xd

Bug#1005230: Does chromium REALLY need fuse now?

Trent W. Buck wrote: > The error report for #1005230 only specifically mentioned GTK3. > Are these other "portal" dependencies *really* needed now? As at chromium 98.0.4758.102-1~deb11u1, chromium works with xdg-desktop-portal, fuse, flatpak removed. A minimal test script is att

Bug#1005230: Does chromium REALLY need fuse now?

Package: chromium Followup-For: Bug #1005230 Hi, I ship chromium in prisons, where we extremely do not want unprivileged users to be able to add new drivers (fuse) and applications (flatpak/bubblewrap/xdg-desktop-portal). [*] The fix for #1005230 added indirect dependencies on fuse and

Bug#1005857: chmod 700 . && mmdebstrap sid /tmp/tmp.ext2 fails in File::Find

Package: mmdebstrap Version: 0.7.5-2.2 Severity: minor mmdebstrap's approx_disk_usage calls File::Find find(), which for some reason cares about the permissions of $PWD. This is the case even when writing the .ext2 somewhere else. bash5$ mkdir /tmp/a bash5$ cd /tmp/a bash5$

Bug#1004293: warn users that src:webkit2gtk and src:khtml are insecure?

Moritz Mühlenhoff wrote: > Am Thu, Jan 27, 2022 at 10:01:34AM +1100 schrieb Trent W. Buck: > > Alberto Garcia wrote: > > > Two WebKit ports are actively maintained, available in Debian and have > > > security support: WPE WebKit and WebKitGTK (the package is called >

Bug#1004713: GenericName= (empty string) is wrong; just remove it

Package: torus-trooper Version: 0.22.dfsg1-12 Severity: minor Hi, when fiddling with show-generic-names in xfce4-panel, I noticed Torus Trooper ended up with empty menu label. I think the line "GenericName=" can and should simply be removed from here:

Bug#1004293: warn users that src:webkit2gtk and src:khtml are insecure?

Alberto Garcia wrote: > Two WebKit ports are actively maintained, available in Debian and have > security support: WPE WebKit and WebKitGTK (the package is called > webkit2gtk for technical / historical reasons). > > Other WebKit ports available in Debian are not covered by security > support. I

Bug#1004293: warn users that src:webkit2gtk and src:khtml are insecure?

Moritz Muehlenhoff wrote: > On Tue, Jan 25, 2022 at 12:20:46AM +1100, Trent W. Buck wrote: > > Package: debian-security-support > > Version: 1:11+2021.03.19 > > Severity: normal > > File: /usr/share/debian-security-support/security-support-limited > > > >

Bug#1004293: Acknowledgement (warn users that src:webkit2gtk and src:khtml are insecure?)

As discussed in IRC, here's a rough draft patch. I haven't actually, like, built a .deb and installed it and run the script (sorry). >From 501e9a6653c86fb59eceffdc6bdcc320691b8604 Mon Sep 17 00:00:00 2001 From: "Trent W. Buck" Date: Tue, 25 Jan 2022 00:38:23 +1100 Subject: [PATCH

Bug#1004293: warn users that src:webkit2gtk and src:khtml are insecure?

Package: debian-security-support Version: 1:11+2021.03.19 Severity: normal File: /usr/share/debian-security-support/security-support-limited As at Debian 11, * webkitgtk is in src:webkit2gtk, not src:webkit. * khtml is in src:khtml, not src:kde4libs. GNOME3 and KDE5 have been around for a

Bug#1004062: offline help (keys, manual, release notes, FAQ)

Package: inkscape Version: 1.1.1-2~bpo11+1 Severity: wishlist Currently Inkscape's Help menu just opens URLs. https://sources.debian.org/src/inkscape/1.1.1-2%7Ebpo11+1/src/verbs.cpp/#L2051-L2101 My disadvantaged users do not have internet access, so currently they cannot get help. This is

Bug#1004001: Acknowledgement (Missing ordering: initramfs-tools trigger must run AFTER fontconfig trigger)

PS: an inelegant workaround is to run apt more than once. It is neater to install fontconfig early (tested, works), + --essential-hook='chroot $1 apt install fontconfig -y' ...rather than install linux-image-generic late, or switch plymouth over to a fontful theme and sit through a second

Bug#1004001: Missing ordering: initramfs-tools trigger must run AFTER fontconfig trigger

Package: dpkg Version: 1.20.9 Severity: normal This fails due to a missing ordering between two dpkg triggers: mmdebstrap bullseye /dev/null --include=linux-image-amd64/bullseye-backports,plymouth-themes,desktop-base 'deb http://deb.debian.org/debian bullseye main' 'deb

Bug#1003764: argparse: empty mutually_exclusive_group breaks --help

Package: libpython3.9-minimal Version: 3.9.2-1 Severity: normal File: /usr/lib/python3.9/argparse.py This works: #!/usr/bin/python3 import argparse parser = argparse.ArgumentParser(description='Demonstrate a dumbness in python 3.9')

Bug#983035: Missing dependency on dbus-x11

Francesco, Is dbus-user-session installed? xfce4-session recommends dbus-user-session, so it SHOULD already be installed. Francesco P. Lovergine wrote: > Package: xfce4 > Version: 4.16 > Severity: normal > > I found a missing dependency on /usr/bin/dbus-launch (dbus-x11) in bullseye, >

Bug#1003427: COMPRESS=zstd and COMPRESS=lz4 hard-coded to bad COMPRESSLEVELs

Ben Hutchings wrote: > On Mon, 2022-01-10 at 11:04 +1100, Trent W. Buck wrote: > > Package: initramfs-tools > > Version: 0.140 > > Severity: wishlist > > > > This is a vote for > > https://salsa.debian.org/kernel-team/initramfs-tools/-/merge_requests/52 &g

Bug#1003427: Acknowledgement (COMPRESS=zstd and COMPRESS=lz4 hard-coded to bad COMPRESSLEVELs)

PS: my previous email speculated: does zstd -T0 break SOURCE_DATE_EPOCH? I think this test shows that zstd -T0 is safe even when SOURCE_DATE_EPOCH=1. i.e. it does not need the equivalent of mkinitramfs's workaround for xz and gzip. bash5$ ls -hl total 1.1G -rw-r--r-- 1 twb twb 1.1G

Bug#1003427: COMPRESS=zstd and COMPRESS=lz4 hard-coded to bad COMPRESSLEVELs

Package: initramfs-tools Version: 0.140 Severity: wishlist This is a vote for https://salsa.debian.org/kernel-team/initramfs-tools/-/merge_requests/52 I did this investigation 2 months ago, but AFAICT I forgot to push it to bugs.debian.org.

Bug#1003194: Inconsistencies between "make bindeb-pkg" and official Debian kernels

Package: debian-kernel-handbook Version: 1.0.19 Severity: normal [Initially filed against debian-kernel-handbook because while the problem is in src:linux, it's not strictly a problem with src:linux's official binary packages.] Debian Live images with custom kernels need some workarounds,

Bug#983436: i386-cpuinfo.h missing in gcc-10-plugin-dev

This bug means I cannot enable Linux kernel hardening features, when using Debian 11's gcc and backport kernel. GCC_PLUGIN_RANDSTRUCT "Randomize layout of sensitive kernel structures" https://github.com/torvalds/linux/blob/master/scripts/gcc-plugins/Kconfig#L49 GCC_PLUGIN_STACKLEAK

Bug#1002889: Support CONFIG_BOOT_CONFIG (embed kernel boot parameters in ramdisk file)

Package: initramfs-tools Version: 0.140 Severity: wishlist Recent Linux kernels support putting boot options (e.g. "init=/bin/sh" or "i915.alpha_support=1") inside the initrd file. https://www.kernel.org/doc/html/latest/admin-guide/bootconfig.html#boot-kernel-with-a-boot-config For me,

Bug#1002491: ZFS transparent compression triggers spurious "Trailing allocated space"

Package: apt-cacher-ng Version: 3.6.4-1 Severity: normal NOTE: I notice "c) never truncating package files, only appending" in https://salsa.debian.org/blade/apt-cacher-ng/-/blob/debian/sid/ChangeLog So this issue might ALREADY be fixed in testing/unstable. I have not tested

Bug#962800: nut: NUT and systemd interacting poorly

This is working to remove both warnings. I'm 99% sure the real problem is that upsmon is trying to do things that are now systemd's job. You can see the "kill" log even there which suggests upsmon remains derp. # Trying to fix these warnings: #nut-monitor.service: Can't open PID file

Bug#962800: nut: NUT and systemd interacting poorly

Christi Scarborough wrote: > Jun 14 11:29:51 yaga systemd[1]: /lib/systemd/system/nut-monitor.service:6: > PIDFile= references path below legacy directory /var/run/, updating > /var/run/nut/upsmon.pid → /run/nut/upsmon.pid; please update the unit file > accordingly. > Jun 14 11:32:46 yaga

Bug#1000789: kiosk locked xfce4-panel causes ~/.xsession-errors to rapidly fill with error logspam

Package: xfce4-panel Version: 4.16.2-1 Severity: minor https://sources.debian.org/src/xfce4-panel/4.16.3-1/plugins/launcher/launcher.c/?hl=593#L592-L667 This function copy-paste-edits /usr/share/applications/foo.desktop to ~/.config/xfce4/panel/launcher-NUMBER/TIMESTAMP.desktop Then it

Bug#1000429: understand $LOCATE_PATH=~/.locatedb and do... something better

Package: catfish Version: 4.16.3-1 Severity: wishlist catfish has a hard-coded path to mlocate's default database path: https://codesearch.debian.net/search?q=pkg%3Acatfish+mlocate=1 https://sources.debian.org/src/catfish/4.16.3-1/catfish_lib/catfishconfig.py/#L32 mlocate and plocate

Bug#1000353: Downgrade e2fsprogs from Depends to Recommends?

Package: libblockdev-fs2 Version: 2.25-2 Severity: wishlist File: /usr/lib/x86_64-linux-gnu/libbd_fs.so.2.0.0 libblockdev-fs2 Depends e2fsprogs because it calls dumpe2fs This was done per https://bugs.debian.org/887270 AFAICT there is a run-time check for this:

Bug#409272: nfsmount: incompatible with nfsv4

Trent W. Buck wrote: > 3. A single mount(2) call also works! > > It is quite annoying that we need *anything* special in userland, because > a nfsvers=4.2,sec=sys mount requires only 2049/tcp (no other ports/services), > and > the actual filesystem is in-kernel, so > r

Bug#409272: nfsmount: incompatible with nfsv4

Short version: 1. nfsmount(8klibc) is still explicitly broken for NFSv4. 2. mount.nfs(8nfs-utils) works in the ramdisk. 3. A single mount(2) call also works! Boring detailed version follows. John Goerzen wrote: > nfsmount is incapable of mounting NFSv4 filesystems. It seems to have >

Bug#999417: Blank line in plymouthd.conf silently breaks it

PS: I reran my test script with "sid" instead of "bullseye", and the problem still exists in sid. It also includes lsinitramfs output. Trent W. Buck wrote: > > I just tried now with plymouth version 0.9.5+git20211018-1, after adding a > > white space in the con

Bug#999417: Blank line in plymouthd.conf silently breaks it

Laurent Bigonville wrote: > On Thu, 11 Nov 2021 06:24:53 +1100 "Trent W. Buck" > wrote: > > > See attached example files. > > Could you please explain a bit more what's not working? Sorry, I thought my report included more information than it did. This is the act

Bug#999417: Blank line in plymouthd.conf silently breaks it

Package: plymouth Version: 0.9.5-3 Severity: normal See attached example files. -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64)

Bug#998444: apt source --target-release=/./ is weird

Package: apt Version: 2.2.4 Severity: minor On a system with bullseye and bullseye-backports, I wanted to source the latest vlc apt had anywhere (backports or not). That is, temporarily override any pinning. $ apt source -t/./ vlc # gives confusing error (see below) $ apt download

Bug#997852: Should dh_systemd_enable --no-enable create a systemd.preset? (fix ssh.socket)

I noticed some other things being unexpected enabled by preset-all, e.g. msmtpd.service, systemd-networkd.socket, reboot.target. I think this shows relevant packages: https://codesearch.debian.net/search?q=dh_.*systemd.*--no-enable=0=29=1 $ curl -s

Bug#997852: Should dh_systemd_enable --no-enable create a systemd.preset? (fix ssh.socket)

Package: debhelper Version: 13.3.4 Severity: wishlist File: /usr/bin/dh_systemd_enable This is an obscure edge-case for systemd. I am not an expert. What I'm proposing might be very silly. Probably the approriate debian-systemd ML should be CC'd. Background: what is systemd.preset?

Bug#996927: Drop NSCD_SOCKET_OLD and harden systemd unit?

Trent W. Buck wrote: > RuntimeDirectory=unscd That's a typo, it should be "RuntimeDirectory=nscd". Testing didn't catch it until I did a reboot, because the non-systemd doesn't remove /run/nscd when unscd stops.

Bug#892730: nslcd: Please add systemd .service file

PS: the hardening bit also works as a dropin, i.e. you can put it into /etc/systemd/system/nslcd.service.d/hardening.conf and the rest of the unit remains auto-generated from /etc/init.d/nslcd. Trent W. Buck wrote: > # nslcd listens to /run/nslcd/socket and creates /run/nslcd/nslcd.pid. >

  1   2   3   4   5   6   7   8   9   10   >