Bug#1060913: Re: Bug#1060913: RFS: sdaps/1.9.11-0.1 [NMU] [RC] -- scripts for data acquisition with paper-based surveys
Hi, > Here I am not a member of DebianEdu team and told if am not a member > of one team there is no reason to do team upload. > Ideally, I should contact the team to join in or tell team I am going > to fix ftbfs issue. Whether the maintainer is a team doesn't matter here (it just means I am not responsible alone for the lack of updates on the package, haha ;)). In general, you always contact the maintainer for every upload before doing an NMU, through the address from the package meta-data or by sending your changes to the BTS into the bug you are fixing. > But I got no response from there(not DebianEdu > team) in the past. Can you point me to message IDs where you requested changes to be uploaded? Ideally, you should just send the changes to the BTS bug you are fixing, and tag it "patch". -nik signature.asc Description: PGP signature
Bug#1060913: RFS: sdaps/1.9.11-0.1 [NMU] [RC] -- scripts for data acquisition with paper-based surveys
Hi, is there a reason why you are not working with the packaging team, and doing NMUs without contacting the team beforehand? -nik
Bug#1050621: blends-dev: Support conflicts and breaks relations in meta-packages
Package: blends-dev Version: 0.7.5 Severity: wishlist As discussed in [1], I would like to request addition of Conflicts and Breaks relationships in tasks meta-package descriptions. I ahve already started to scan the sources of blends-dev and to implement the basics for the feature in [2], which works as I want it. However, there are a few missing parts: * Packages in Conflicts or Breaks on some meta-package, but not in Requires, Recommends, Suggests or Ignore on others should be added to Avoid * The generated web pages should probably get a section for listed Conflcits and Breaks Happy to receive advice on these two or any other missing parts. [1] https://lists.debian.org/debian-blends/2023/08/msg0.html [2] https://salsa.debian.org/blends-team/blends/-/merge_requests/14
Bug#1049328: Reverting nested groups feature in Debian's GOsa²
Hi, > However, group nesting is not a feature that can be used with posixGroup > objectClass based LDAP objects (as the objectClass / schema does not support > group nesting). I really have a huge question mark about what upstream's > intention for this feature was/is... It is not a feature, but definitely possible using dynlist (we did this at Teckids before abandonning LDAP): https://www.openldap.org/faq/data/cache/1209.html Maybe GOSa expects something like that to be in place? -nik
Bug#1042906: ansible: please package new upstream version 8.x
Source: ansible Version: 7.3.0+dfsg-1 Severity: wishlist Hi Lee, Ansible upstream is currently at 8.2. In order to not having to resort to pip install, an update of Debian's ansible package would be much appreciated. Cheers, Nik
Bug#1042772: O: pam-krb5-migrate -- PAM module for migrating to Heimdal Kerberos
Package: wnpp Severity: normal X-Debbugs-Cc: pam-krb5-migr...@packages.debian.org Control: affects -1 + src:pam-krb5-migrate -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I intend to orphan the pam-krb5-migrate package. The package description is: A stackable authentication module that takes a username and password from an earlier module in the stack and attempts to transparently add the user to a Kerberos realm using the Kerberos 5 kadmin service. The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods to a Kerberos-based setup. . This package allows updating the database of a remote Heimdal server. As I do not rely on Kerberos anymore myself, it is hard for me to spot issues with the module. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCZMfyMDEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3YK9AP9Ks4Mh9kFp1TVf6EtRoxYD eNWJysTXIBE6+IU56kKrwQD/Y1K6xwWEA3riziSm/KqDqhqn5XU0Q51rug0C18Ji dQA= =GqUh -END PGP SIGNATURE-
Bug#1042771: O: gnome-pass-search-provider -- GNOME Shell search provider for the pass password manager
Package: wnpp Severity: normal X-Debbugs-Cc: gnome-pass-search-provi...@packages.debian.org Control: affects -1 + src:gnome-pass-search-provider -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I intend to orphan the gnome-pass-search-provider package. The package description is: This GNOME search provider integrates the pass utility into GNOME Shell. It can search password entries and copy passwords as well as arbitrary fields (username, pin, etc.) from the GNOME Shell search frontend. It also supports the OTP extension (from the pass-extension-otp package). As I do not use GNOME anymore, it is hard for me to spot when this package needs love. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCZMfw5TEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3UN9AP9PXGhSdhTD39EVf5gpO3lR x0ofjMVWBxqpImNE5Ue9dwD/SgNMGaikq0hVrAwmgPAyYI5yRI/qkrO8+yYP5+mh wAM= =IYSE -END PGP SIGNATURE-
Bug#1040003: jackd: add pipewire-jack to dependency alternativees
Package: jackd Version: 5+nmu1 Severity: wishlist The pipewire-jack package provides a JACKd implementation based on PipeWire, which I am using on my audio recording workstation. Other packages depend on jackd if they need a JACK daemon to talk to (e.g. qjackctl), and that pulls in jackd2 currently, which I do not need. Please allow pipewire-pulse to satisfy the dependency on a JACKd implementation. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages jackd depends on: pn jackd2 | jackd1 jackd recommends no packages. jackd suggests no packages.
Bug#1035733: debian -policy: packages must not use dpkg-divert to override default systemd configuraton files
> Ok, how about: "the whole project, minus naturesha...@debian.org who > appears to be unfamiliar with the concept of hyperboles, is moving > toward git and Salsa". Better? No. Your "hyperbole" very much read as "Come on, minority who cares about the mail workflow, you're weird anachronists, get onto the Salsa train already!" So that's what I am criticizing. -nik signature.asc Description: PGP signature
Bug#1035733: debian -policy: packages must not use dpkg-divert to override default systemd configuraton files
> The whole project is moving toward git and Salsa Sorry for the noise, but as you are clearly misattributing this to me (I am part of the project, so "the whole project" includes me): I am not, and do not want to, move bugs and patches to Git and Salsa. I consider it a huge advantage of Debian that I can contribute limitless with something as barrierfree as an e-mail. If you voice your opinion, please do not impose it on me. Thanks! -nik
Bug#1035108: ITP: rdflib-sqlalchemy -- RDFLib store using SQLAlchemy dbapi as back-end
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: rdflib-sqlalchemy Version : 0.5.4 Upstream Contact: Mark Watts * URL : https://github.com/RDFLib/rdflib-sqlalchemy * License : BSD-3-clause Programming Lang: Python Description : RDFLib store using SQLAlchemy dbapi as back-end RDFlib-SQLAlchemy is a formula-aware store for RDFlib that uses SQLAlchemy to persist triples in relational databases. I will maintain the package under the Debian Python Team. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCZE15njEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3UpmAP4nttkSjVJbdmIU0ECtjWju Z00zP7ebS3KHBCGyww0XLgEA+lIczQMdcGq7n9TOKRryhAhQ8hRwdWj7uc8cCQ5R jQ8= =tzxJ -END PGP SIGNATURE-
Bug#1035100: Unrelated political statement in main UI
Package: thonny Version: 4.0.1-1 Severity: important Tags: upstream -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thonny now has a Ukraine flag in its main UI, linking to a GitHub page about the Russian invasion. This is problematic for two reasons: * Thonny is used for education, and education should, inherently, be free of political views, if not related to the subject of the course * GitHub invades on user privacy, and the main UI should not drop users into a browser leading to a privacy-invading web platform (The second point is even worse for the Python Tutor linked from the menu, which is a shitload of tracking and advertising; will be reported separately.) The Ukraine button should be removed (even though I personally agree with the linked content. This issue is a blocker for using Thonny for its original purpose, and the context of the target group of its packaging team. Cheers, NIk - -- System Information: Debian Release: 12.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-6-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages thonny depends on: ii mypy 1.0.1-1 ii pylint 2.16.2-2 ii python33.11.2-1+b1 ii python3-asttokens 2.2.1-1 ii python3-docutils 0.19+dfsg-6 ii python3-jedi 0.18.2-1 ii python3-mypy 1.0.1-1 ii python3-pip23.0.1+dfsg-1 ii python3-pkg-resources 66.1.1-1 ii python3-send2trash 1.8.1~b0-2 ii python3-serial 3.5-1.1 ii python3-tk 3.11.2-2 ii python3-venv 3.11.2-1+b1 ii python3-wheel 0.38.4-2 Versions of packages thonny recommends: ii xsel1.2.0+git9bfc13d.20180109-4 ii zenity 3.44.0-1 Versions of packages thonny suggests: ii python3-distro 1.8.0-1 - -- no debconf information -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCZE1EjzEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3W4iAQCDRLgBVM6VDoiHrs1KOhmb CItExlVFSHIILuWryqqZFAD9EHQLnjEttKONGgDJw84mhOnmxUn9yqh11AlSlH2l eQk= =tOF6 -END PGP SIGNATURE-
Bug#1032019: python3.11: deadlock on interpreter shutdown waiting for threads
Package: python3.11 Version: 3.11.2-4 Severity: important Tags: upstream fixed-upstream Forwarded: https://github.com/python/cpython/issues/102126 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Python 3.11.2 introduced a deadlock on interpreter shutdown when using threads, causing quite a few libraries and tools to hang on exit. https://github.com/python/cpython/issues/102126 Fixed upstream; reporting here to track for bookworm. - -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3.11 depends on: ii libpython3.11-stdlib 3.11.1-2 ii media-types 9.0.0 ii mime-support 3.66 ii python3.11-minimal3.11.1-2 python3.11 recommends no packages. Versions of packages python3.11 suggests: ii binutils 2.40-2 pn python3.11-doc ii python3.11-venv 3.11.1-2 - -- no debconf information -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCY/uJxjEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3Qr9AQC6ZJlTqYQ02kLfhD2oblIV 2yPkIEDk5Mbqu2pTG/eCbAD+MGLRKuibJkB6EFwcP7O8C6NgV00iGcKxGqzBp/ok IAg= =JbNH -END PGP SIGNATURE-
Bug#1029076: [pkg-uWSGI-devel] Bug#1029076: Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: Bug#1029076: uwsgi-plugin-python3: built against non-defaul
> Since this issue only emerges during transitions (and possibly for > downstream derivative distros supporting multiple concurrent Python > versions in their final user-exposed distro releases), this issue is not > considered urgent to fix, and is not planned to do before this upcoming > freeze. So, what about Python 3.11 most likely not going to be the default Python in bookworm? Using your choice of words, bookworm is currently in a transition, and will probably be released with this transition ongoing. So, as I take it, your plan is to live with the issue, even though this means uWSGI's Python 3 support will not be properly usable for third-party applications for a full stable release lifetime? signature.asc Description: PGP signature
Bug#1029076: [pkg-uWSGI-devel] Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.
Jonas, > If you want me to not share my views here, then I shall stop waste my > time on that. I cannot see where I said, or implied, that I do not want you to share your views here. > If you want to be understood, then I suggest you try elaborate, taking > the views shared by your opponent into account, instead of simply > insisting that what you said initially is the truth and adequate for > understanding your truth. So, how about trying to read my elaborate mail instead of complaining about my style? As often when interacting with you, I have a very strong feeling of rejection, because your biggest interest seems to be educating others on how to interact with you. From my point of view, I do not want you to do anything in particular, I simply want a working Linux distribution with as few bugs as possible, and I always try to assume that this goal is shared among all Debian Developers. -nik signature.asc Description: PGP signature
Bug#991462: Please update etcd to 3.5.5
Hi Thomas, Shengjing, et al, I am currently investigating if, and how, we could get etcd 3.5.7 into Debian bookworm. It is already very short before the freeze, but yet… let's at least discuss it. It looks like Shengjing is working on the package, but recently uploaded 3.4.23. Shengjing, can you provide an update on your plans for bookworm? The Git repository has a version 3.5.5 which according to the changelog should have been uploaded to experimental, where I cannot find it. Thomas, do you remember where this version went? COncerning the reverse dependencies of golang-etcd-server-dev, are there any known incompatibilities that would prevent a move to etcd 3.5.5? Kind regards, Nik signature.asc Description: PGP signature
Bug#1029076: [pkg-uWSGI-devel] Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.
Hi Jonas, > Please describe what exactly fails, to aid in understanding what we are > talking about and aid in testing. So, consider the following example of how to use uWSGI (it is actually the msot common and basic example, so I would expect you to test it): 1. Create a virtual environment: python3 -m venv /srv/fooenv 2. Install whatever WSGI app you like into the venv → note that at this point, all packages isntalled into the venv will be versioned for python3.10 in testing! 3. Configure a uWSGI app to use the environment (by setting virtualenv = /srv/fooenv and referring to a script exposing a WSGI app there) 4. Start uWSGI → note that at this point, all imports from packages in the venv fail, because the WSGI script is run using Python 3.11 while the venv uses Python 3.10, which is the default Python) -nik signature.asc Description: PGP signature
Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should always build agains
> Seems to me you are looking at a policy for Python modules. Yes, as I said. And also as I said, I still think it applies here. -nik signature.asc Description: PGP signature
Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should always build agains
I'd say what the Python policy says for modules also applies here: https://www.debian.org/doc/packaging-manuals/python-policy/index.html#dependencies Specificically, dependencies on versioned Python runtime packages are forbidden. As I see it, uwsgi-plugin-python3 needs to build a versioned package against all supported Python versions, and build a meta-package depending on the current default Python version. A less elaborate fix would be adding a dependency on python3 (>= 3.11~), which would prevent migration to testing before the default Python in testing being changed.
Bug#1029076: closed by Jonas Smedegaard (reply to 1029...@bugs.debian.org) (Re: [pkg-uWSGI-devel] Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should a
Control: reopen -1 > Sorry, but I fail to see any problem here. > > uwsgi _does_ build against the default Python. Yes, but the default Python it builds against in unstable is not necessarily the default Python in testing. Right now, it is built against Python 3.11, while the default Python in testing is 3.10. Hence, it does not work in testing (have you actually tried that after my bug report?).
Bug#1029077: debian-edu-config: leaks first user password in Debconf answers
Source: debian-edu-config Version: 2.12.25 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 It was discovered that the password for the first user (GOSa); and root user if using the Debian Edu installer, is not cleared from the Debconf answers database. It is also therefore available unencrypted in the system memory on tjener, at least after the first ever debconf run. The database is generally not world-readable, and regular users cannot access arbitrary system memory, so this is not a critical security bug. I still propose to clear the password from the Debconf database "as soon as possible", as per the Debconf Programmer's Tutorial [1]: You should consider clearing that value out of the database as soon as is possible. - -nik [1] http://www.fifi.org/doc/debconf-doc/tutorial.html#AEN34 -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCY8ahVDEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3aIyAQCOlYlZt6REMchQ9DSak5JD 5PmdwnD89Uc0K4U+feDu4QD6A8WwWgnV7ov3VJ0wupphIVopqGcnIxJrZH8LnYaW cAY= =Vrqx -END PGP SIGNATURE-
Bug#1029076: uwsgi-plugin-python3: built against non-default libpython3.11 / should always build against the defalt Python in testing
Package: uwsgi-plugin-python3 Version: 2.0.21-3+b1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: debian-pyt...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Currently, the uWSGI Python 3 plugin is built against Python 3.11, and depends on libpython3.11. This is, to some extent, fine, as Python 3.11 is already in Debian. However, Python 3.10 is still the default Python in bookworm, and as it stands this will not change [1]. In practice, this means that without changing the interpreter and manually ensuring that the Python 3.11 environment is fully available, apps run through uWSGI do not work. So, the uWSGI plugin should in general always build against the default Python IMHO. - -nik [1] https://lists.debian.org/debian-python/2023/01/msg00010.html - -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages uwsgi-plugin-python3 depends on: ii libc6 2.36-8 ii libpython3.11 3.11.1-2 ii uwsgi-core 2.0.21-3+b1 uwsgi-plugin-python3 recommends no packages. Versions of packages uwsgi-plugin-python3 suggests: pn python3-uwsgidecorators - -- no debconf information -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCY8aedTEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3ZDoAQCYW8oE4ZgiBKkgo1lge2Az 7/qTIXGHgKAAF5kmuGTB5QD+NiuAOboj6I6ZvxRZF4o1D3vXCBr1HkqYz+piZMQO Fgc= =Y+XX -END PGP SIGNATURE-
Bug#1026827: xrdp: initially xrdp worked ok, but later it broke, and the problem was /etc/xrdp/startwm.sh that changed
Control: tags -1 + moreinfo Control: severity -1 normal Hi, > Severity: critical > Justification: breaks the whole system I doubt that very much. Are you sure that the whole system stopped working because you could not start a session in xrdp? As in, no login on the tty possible, the kernel crashing, boot failed, or the like? >* What led up to the situation? What did yo udo *before* the file was renamed? I am pretty certain that this is not something the package did. How is the syste mmanaged? Did the change happen in correlation with a package update? -nik signature.asc Description: PGP signature
Bug#1023680: ITP: django-jsonstore -- Expose JSONField data as a virtual django model fields
Hi, > * License : GPL-3 Please mind that this library is licensed under AGPL. Therefore, we deem it unfit for release in a free software product, and will replace it in AlekSIS. -nik
Bug#1016730: ITP: netbird -- VPN management platform built on top of WireGuard
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: netbird Version : 0.8.5 Upstream Author : * URL : https://netbird.io/ * License : BSD-3-clause Programming Lang: Go Description : VPN management platform built on top of WireGuard NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience. I intend to maintain netbird inside the Go packaging team. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCYu5UAzEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3X/lAP9wV67BD4AD0G9CDKjzkJyx HFObmtNenmFGmk2C8bNy4wD/cxm+p6/Iq/xaKKxiw9J9goMPsO4o7qQCNC431FZr 3wY= =pDtN -END PGP SIGNATURE-
Bug#1014908: ITP: gender-guesser -- Guess the gender from first name
Hi, what practical use, except for direct discriminatory attempts against non-binaries and probably even many cis people, does such a package have? -nik
Bug#1010593: fai-server - fai-diskimage must call losetup -P
Package: fai-server Version: 5.10.3 Followup-For: Bug #1010593 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I can confirm this issue. I cannot find any hints on why and when the behaviour changed, but I had to add -P to losetup today as well to get fai-diskimage back to a working state. - -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.17.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fai-server depends on: ii debootstrap 1.0.126+nmu1 ii e2fsprogs1.46.5-2 ii fai-client 5.10.3 ii xz-utils 5.2.5-2.1 Versions of packages fai-server recommends: ii dosfstools4.2-1 pn isc-dhcp-server ii libproc-daemon-perl 0.23-2 ii mtools4.0.33-1+really4.0.32-1 ii nfs-kernel-server 1:2.6.1-2 ii openbsd-inetd [inet-superserver] 0.20160825-5 ii openssh-client1:9.0p1-1+b1 ii openssh-server1:9.0p1-1+b1 ii tftpd-hpa 5.2+20150808-1.2 Versions of packages fai-server suggests: ii binutils 2.38.50.20220615-4 pn debmirror ii fai-setup-storage 5.10.3 pn grub2 ii perl-tk1:804.036-1 ii qemu-utils 1:7.0+dfsg-7 pn reprepro ii squashfs-tools 1:4.5.1-1 ii xorriso1.5.4-2 - -- no debconf information -BEGIN PGP SIGNATURE- iL8EARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCYrIvNzEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3evkAPioiwmA7CCgwL9BbOuwLVsc LrRa+9QZnAsGPdxmbdm5AQDunHEtldkdrsRREbixA8yAhH62axYxuKpVJxJKePO4 Dw== =sqlb -END PGP SIGNATURE-
Bug#1011642: fai-client: softupdate should unmount tmpfs on /var/lib/fai
Package: fai-client Version: 5.10.3 Severity: normal When using a remote configspace (using FAI_CONFIG_SRC=https://…/foo.tar.xz), fai softupdate mounts a tmpfs on /var/lib/fai (thanks forthat behaviour, that is really helpful!). This mount is never cleaned up, neither after a successful run nor after a failed run. Even worse, on the next fai softupdate, another tmpfs is mounted at the same location, slowly accumulatiing squillions of mounts on /var/lib/fai… -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-14-amd64 (SMP w/1 CPU thread) Locale: LANG=en_US.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages fai-client depends on: ii debconf-utils1.5.77 ii file 1:5.39-3 ii iproute2 5.10.0-4 ii libapt-pkg-perl 0.1.39 ii libfile-lchown-perl 0.02-2+b7 ii perl 5.32.1-4+deb11u2 ii procps 2:3.3.17-5 Versions of packages fai-client recommends: ii fdisk 2.36.1-8+deb11u1 pn libgraph-perl ii util-linux 2.36.1-8+deb11u1 Versions of packages fai-client suggests: pn logtail -- Configuration Files: /etc/fai/fai.conf changed [not included] -- no debconf information
Bug#1011387: ITP: inkscape-silhouette -- An extension to drive Silhouette vinyl cutters (e.g. Cameo, Portrait series) from within inkscape
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: inkscape-silhouette Version : 1.25 Upstream Author : Fab Lab Region Nuernberg e. V. * URL : https://github.com/fablabnbg/inkscape-silhouette * License : GPL-2.0+ Programming Lang: Python Description : An extension to drive Silhouette vinyl cutters (e.g. Cameo, Portrait series) from within inkscape inkscape-silhoute is an extension to drive a Silhoutte Cameo and similar plotter devices from within Inkscape. It is 100% pure Python, and works on top of the libusb backend. The folloiwing devices are supported: Silhouette Portrait Silhouette Portrait 2 (working confirmed) Silhouette Portrait 3 Silhouette Cameo Silhouette Cameo 2 Silhouette Cameo 3 Silhouette Cameo 4 Silhouette Cameo 4 Pro Silhouette Curio (partial success confirmed in #36) Craft Robo CC200-20 Craft Robo CC300-20 Silhouette SD 1 Silhouette SD 2 I intend to maintain the package withing the Debian Multimedia Packaing team. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCYoj8hzEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3XQtAQDAvFmiq7DlhRHnE1sp3vqs k/oarTee00VEqQiXaO98BQD/aFer8iH+x+adpQFYdxReIc8T4idZhv67v5M3arwW DwQ= =99Q0 -END PGP SIGNATURE-
Bug#1010670: libgoogle-gson-java: CVE-2022-25647 Deserialization of Untrusted Data via the writeReplace method
Hi, > Thank you for uploading to old-old-stable [1]. Are you interested in > doing the same for old-stable and stable? (If not, I plan to. I'm > asking only to avoid duplication of effort.) I was actually planning to ask you whether I shall handle that. So if you want, I will take that up as well. Cheers, Nik
Bug#1008772: xrdp: Please integrate NMUs and gitlab MR
Hi, > I have just uploaded an NMU prepared by a Kali contributor (in the NM > queue). Please find the relevant "git am" patches attached. (The two > patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp) > > It fixes CVE-2022-23613 and nothing else. Thanks a lot! > I noticed that you have open MR on Gitlab that it would be good to handle. > There's a former NMU that was never acked and that doesn't appear in > debian/changelog. > > https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests Yep, I am clearly behind on my maintenance work… I am resolving all of that with the next upload based on the current upstream version 0.9.19. -nik signature.asc Description: PGP signature
Bug#940398: RFA: golang-github-nats-io-go-nats
Hi, On Sun, Sep 15, 2019 at 06:38:01PM -0400, Alexandre Viau wrote: > I'd like to find new maintainers for some of my packages because I have > had less time for Debian. I'd like to focus the small amount of time > that I have for Debian on other things. > > For now, I intend to do my best to keep maintaining this package. > However, I will probably retitle this bug with the 'O:' prefix at some > point, indicating that I have orphaned it. > > Feel free to upload a new version of the package and remove me from the > uploaders in debian/control. On Mon, Jun 22, 2020 at 01:53:45PM +0200, Badreddin Aboubakr wrote: > I would like to take the maintainership for the NATS packages. I am currently working on packaging nextcloud-spreed-signaling, which depends on NATS. It seems the pckage has by now been renamed to nats.go and has go.mod support. SO I would package the new package in the Go packaging team under the new name, and then file a removal request for this package. Any objections? Cheers, Nik signature.asc Description: PGP signature
Bug#995958: ITP: aleksis-core -- Free School Information System (Core)
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: aleksis-core Version : 2.0 Upstream Author : The AlekSIS Team * URL : https://aleksis.org/ * License : EUPL-1.2 Programming Lang: Python Description : Free School Information System (Core) AlekSIS is a web-based school information system (SIS) which can be used to manage and/or publish organisational subjects of educational institutions. . AlekSIS is a platform based on Django, that provides central funstions and data structures that can be used by apps that are developed and provided seperately. The AlekSIS team also maintains a set of official apps which make AlekSIS a fully-featured software solutions for the information management needs of schools. . By design, the platform can be used by schools to write their own apps for specific needs they face, also in coding classes. Students are empowered to create real-world applications that bring direct value to their environment. The package shall be maintained within the Debian Edu Packaging Team, which intends to ship it with the Debian Edu Pure Blend as management console. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCYWDL/DEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3XskAP4m42U+GZlTQI0rN2P/p+5z 2xR38ENk6OOUM6eNSiTpRwD/dKU6WmXb4LCKbOdg4xWne5FoozOeNjUp9ibI1OpO Ugs= =ON11 -END PGP SIGNATURE-
Bug#995893: python3-django-uwsgi-ng: should install .egg-info alias for django-uwsgi
Package: python3-django-uwsgi-ng Version: 1.1.2-1 Severity: important Tags: newcomer The new django-uwsgi-ng package is a drop-in replacement for django-uwsgi, and some dependent packages using it might rely on it being findable as django-uwsgi through pkg_resources as well. Thus, the .egg-info directory should be duplicated, to ensure the package can be found under the old name in Python.
Bug#995840: ITP: golang-github-vmware-vmw-ovflib --
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: golang-github-vmware-vmw-ovflib Version : 0.0~git20200204.53a0e9f-1 Upstream Author : VMware, Inc. * URL : https://github.com/vmware/vmw-ovflib * License : Apache-2.0 Programming Lang: Go Description : parse OVF (open Virtualization Format) data in Go Needed for ignition.
Bug#972409: spdx-licenses diff for #972409
> Sorry, I never had the impression that you meant for our conversation to > be kept secret - only that you found it a more convenient platform. Aren't you the person signing all their mail with explicit consent? Considering that, I find it hard to believe that you don't know the concept of explicit consent to publication of written words. I would welcome it very much if we could get back to technical discussions and, if asked a simple question via a Medium you officially promote on your website, you give a simple answer in the future. I don't think that that is too much to ask for in a setting where everyone donates their free time and not want to waste time writing full blown mails to everyone and there dog for a quick question no one will care about later. While you are technically correct on this issue, I consider it socially inadequate to not point me to the issue you knew of very well when you had the chance. Maybe if we can agree that there are more helpful ways to interact right from the start, we could find a way forward in the other bug report -nik
Bug#972409: spdx-licenses diff for #972409
Hi Jonas, > For the record this conversation began in a Matrix chatroom like this: Thanks for sharing conversations I did not consent to make public to a public forum. I will seek legal advice on that. For the record: * I asked on Matrix to get a quick "Go" or "Stop", no more, no less. You refused to give me a quick answer, which would have been helpful, instead of asking me to waste time on a far more elaborate means of communication for a quick question no one else cares about * I did ask the same question by mail after you refused to give a simple answer. You chose not to respond to that either. A quick "Stop, you will need to fix the other bug first" would have been helpful, instead of waiting until I wasted hours of work on your package Now, never mind, I will not waste more time on your package. I will just make a new package for my needs, and if anyone asks why we need two, I will point them to this conversation. Thanks for being such a pedantic^Wvery helpful fellow contributor! -nik
Bug#972409: spdx-licenses diff for #972409
> Sorry, but I consider the NMU as drafted useless since it does not > account for release-critical bug#975120. Thanks for your kind words. As can be seen by the fact that we are communicating in this bug report, my question for feedback is about this bug, not some other bugs. Looking at the Maintainer field of the package, it also seems this is **your** package. If it is a requirement to solve all issues with your package to get a single bug fixed, then sorry, I find that unacceptable. If "useless" is everything you have to say about the work of a contributor, then please reconsider your involvement in a community of developers. Are you able to provide feedback concerning the questions at hand, on top of judging the work I do because you ignored it for several years? Thanks, Nik
Bug#972409: spdx-licenses diff for #972409
Hi, the attached diff to the dbeian/ directory adds the RDF/Turtle, RDF/XML, and JSON formatted files to the package. The package is not ready to upload yet, because I need to align d/copyright with the new upstream verison. Please note that in order to keep the file list in d/install maintainable, I chose to change from explicitly listing each file there to installing the full directories. The intention of listing the single files was to not install any license texts missing in d/copyright, which IMHO is wrong because d/copyright is about the source package, rather than the binary package. So I removed the general wildcard from d/copyright, so that now we can rely on lintian reporting missing files: W: spdx-licenses source: file-without-copyright-information debian/copyright text/389-exception.txt W: spdx-licenses source: file-without-copyright-information debian/copyright text/AAL.txt W: spdx-licenses source: file-without-copyright-information debian/copyright text/ANTLR-PD-fallback.txt W: spdx-licenses source: file-without-copyright-information debian/copyright text/ANTLR-PD.txt […] Before I get down to updating d/copyright (quite a few additions upstream…), I ask the maintainer to approve of the changes to how the package is built. -nik diff -Npru spdx-licenses-3.8+dfsg/debian/README.Debian spdx-licenses-3.14+dfsg/debian/README.Debian --- spdx-licenses-3.8+dfsg/debian/README.Debian 1970-01-01 01:00:00.0 +0100 +++ spdx-licenses-3.14+dfsg/debian/README.Debian 2021-10-05 13:50:46.395165638 +0200 @@ -0,0 +1,5 @@ +The Debian version of the JSON format files has the detailsUrl field +changed to point to the relative paths within the Debian package. The +original values are linking to https://spdx.org/licenses/*.json. + + -- Dominik George , Tue, 5 Oct 2021 13:50:46 +0200 diff -Npru spdx-licenses-3.8+dfsg/debian/changelog spdx-licenses-3.14+dfsg/debian/changelog --- spdx-licenses-3.8+dfsg/debian/changelog 2021-04-07 09:12:25.0 +0200 +++ spdx-licenses-3.14+dfsg/debian/changelog 2021-10-05 14:18:31.688460612 +0200 @@ -1,3 +1,19 @@ +spdx-licenses (3.14+dfsg-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * Include JSON and RDF formats. (Closes: #972409) ++ Rework d/install and d/copyright to ease tracking of + license files; i.e. install by glob, and remove wildcard + from d/copyright to make lintian complain on new files + instead of tracking each file in d/install. ++ Add README.Debian describing differences in the data + files in Debian. ++ Build-Depend on jq and xml-twig-tools to rebuild compiled + license files for JSON and RDF formats. + * Align d/watch with new GitHub tag URLs. + + -- Dominik George Tue, 05 Oct 2021 13:29:29 +0200 + spdx-licenses (3.8+dfsg-3) unstable; urgency=medium * friendly takeover; diff -Npru spdx-licenses-3.8+dfsg/debian/control spdx-licenses-3.14+dfsg/debian/control --- spdx-licenses-3.8+dfsg/debian/control 2021-04-07 09:09:38.0 +0200 +++ spdx-licenses-3.14+dfsg/debian/control 2021-10-05 14:15:23.946432016 +0200 @@ -2,7 +2,10 @@ Source: spdx-licenses Section: doc Priority: optional Maintainer: Jonas Smedegaard -Build-Depends: debhelper-compat (= 12) +Build-Depends: + debhelper-compat (= 12), + jq, + xml-twig-tools Standards-Version: 4.5.0 Vcs-Browser: https://github.com/Debian/spdx-licenses Vcs-Git: https://github.com/Debian/spdx-licenses.git @@ -18,4 +21,7 @@ Description: Collection of license data and provided by SPDX Workgroup, a Linux Foundaition Project. This package makes most of these license texts available to Debian systems. . + In addition to the license texts, the collection data ist supplied in + JSON and RDF formats. + . Note: License texts have NOT been evaluated against DFSG. diff -Npru spdx-licenses-3.8+dfsg/debian/copyright spdx-licenses-3.14+dfsg/debian/copyright --- spdx-licenses-3.8+dfsg/debian/copyright 2020-12-05 03:33:11.0 +0100 +++ spdx-licenses-3.14+dfsg/debian/copyright 2021-10-05 14:03:05.842506105 +0200 @@ -2,87 +2,99 @@ Format: https://www.debian.org/doc/packa Upstream-Name: license-list-data Upstream-Contact: https://github.com/spdx/license-list-data/issues Source: https://github.com/spdx/license-list-data -Files-Excluded: website template html json jsonld rd* - -Files: * +Files-Excluded: website template html jsonld rdfa rdfnt + rdfturtle/licenses.turtle + rdfxml/licenses.rdf + +Files: CONTRIBUTING.md + README.md + accessingLicenses.md + licenses.md + json/exceptions.json + json/licenses.json Copyright: 2020 SPDX Workgroup 2016 Gary O'Neall License: CC-BY-3.0 Files: debian/* Copyright: 2020 Michael Lustfield + 2021 Dominik George License: CC-BY-3.0 -Files: text/0BSD.txt +Files: json/exceptions/* +License: none +Comment: Used in combination with licenses + +Files: */0BSD.* Copyright: 2006 Rob Landley License: none -Files: text/Abstyles.txt +Files: */Abstyles.* Copyright: 1991, 1992 Hans-Hermann
Bug#995767: ITP: golang-github-pin-tftp -- TFTP server and client library for Golang
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: golang-github-pin-tftp Version : 2.2.0-1 Upstream Author : Dmitri Popov * URL : https://github.com/pin/tftp * License : Expat Programming Lang: Go Description : TFTP server and client library for Golang TFTP server and client library for Golang . Implements: * RFC 1350 (https://tools.ietf.org/html/rfc1350) - The TFTP Protocol (Revision 2) * RFC 2347 (https://tools.ietf.org/html/rfc2347) - TFTP Option Extension * RFC 2348 (https://tools.ietf.org/html/rfc2348) - TFTP Blocksize Option . Partially implements (tsize server side only): * RFC 2349 (https://tools.ietf.org/html/rfc2349) - TFTP Timeout Interval and Transfer Size Options . Set of features is sufficient for PXE boot support. Needed for the ignition package.
Bug#995766: ITP: golang-github-vincent-petithory-dataurl -- Data URL Schemes in Golang
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: golang-github-vincent-petithory-dataurl Version : 0.0~git20191104.d1553a7-1 Upstream Author : Vincent Petithory * URL : https://github.com/vincent-petithory/dataurl * License : Expat Programming Lang: Go Description : Data URL Schemes in Golang This package parses and generates Data URL Schemes for the Go language, according to RFC 2397 (http://tools.ietf.org/html/rfc2397). . Data URLs are small chunks of data commonly used in browsers to display inline data, typically like small images, or when you use the FileReader API of the browser. Needed for the ignition package.
Bug#995765: ITP: golang-github-coreos-vcontext -- A library for validating json and yaml configs in Go
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: golang-github-coreos-vcontext Version : 0.0~git20210903.c22998b-1 Upstream Author : CoreOS * URL : https://github.com/coreos/vcontext * License : Apache-2.0 Programming Lang: Go Description : A library for validating json and yaml configs in Go vcontext: Validation with context vcontext is a library supporting validation of config files parsed from yaml or json with support for giving context as to where errors occur. Needed for the ignition package.
Bug#995764: ITP: ignition -- First boot installer and configuration tool
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: ignition Version : 2.12.0-1 Upstream Author : CoreOS * URL : https://github.com/coreos/ignition * License : Apache-2.0 Programming Lang: Go Description : First boot installer and configuration tool Ignition is the utility used by Fedora CoreOS and RHEL CoreOS to manipulate disks during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration. Usage Odds are good that you don't want to invoke Ignition directly. In fact, it isn't even present in the root filesystem. Take a look at the Getting Started Guide (docs/getting-started.md) for details on providing Ignition with a runtime configuration.
Bug#995763: ITP: golang-github-coreos-go-json -- Modified version of go's encoding/json library which allows decoding to a Node struct with offset information
Package: wnpp
Severity: wishlist
Owner: Dominik George
* Package name: golang-github-coreos-go-json
Version : 0.0~git20200220.5ae6071-1
Upstream Author : CoreOS
* URL : https://github.com/coreos/go-json
* License : TODO
Programming Lang: Go
Description : Modified version of go's encoding/json library which allows
decoding to a Node struct with offset information
This is a fork of go's encoding/json library. It adds the a third target for
unmarshalling, json.Node.
Unmarshalling to a Node behaves similarilarly to unmarshalling to an
interface{}, except it also records
the offsets for the start and end of the value that was unmarshalled and, if
the value was part of a json
object, it also records the offsets of the start and end of the object's key.
The Value field of the Node
will be unmarshalled to the same types as if it were an interface{}, except in
the case of arrays and
objects. In those case it will be unmarshalled to a []Node or map[string]Node
instead []interface{} or
map[string]interface{} for arrays and objects, respectively.
(Maybe) needed for ignition, but clarifying upstream whether this fork is
really still needed.
Bug#995762: ITP: golang-github-vmware-vmw-guestinfo --
Package: wnpp Severity: wishlist Owner: Dominik George * Package name: golang-github-vmware-vmw-guestinfo Version : 0.0~git20200218.687661b-1 Upstream Author : VMware * URL : https://github.com/vmware/vmw-guestinfo * License : Apache-2.0 Programming Lang: Go Description : provides access to the guestinfo variables exposed to a VMware virtual machine. Needed for the ignition package.
Bug#995758: ITS: move to the Python Packaging Team
Source: pyrhon-requests-oauthlib Version: 1.3.0+ds-0.1 Severity: important X-Debbugs-Cc: Simon Fondrie-Teitler , Debian Python Team Hi, I would like to salvage this package, and doing so, move it under team maintenance by the Python Packaging Team. Reasons for salvaging eligibility: * The last upload by the maintainer was in June 2018, more than three years ago * An NMU from September 2019 went unacknowledged for two years * Upstream versions were pending for more than three years * The package was broken by the upload of python-oauthlib 3.0.0 in September 2019, which would have been fixed by a new upstream version of python-requests-oauthlib I will move the package to the Python Packaging Team starting in 21 days, as per the Salvaging policy, keeping the original maintainer as Uploader. Cheers, Nik
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
Control: reassign -1 node-caniuse-lite 1.0.30001224+dfsg-2 Control: retitle -1 Broken exports in index.js Control: affects -1 node-autoprefixer Control: tags -1 + upstream fixed-upstream Control: forwarded -1 https://github.com/browserslist/caniuse-lite/issues/70 > Proposal: > > 1. Add a patch to node-autoprefixer to use the old API > 2. Add a version constraint to the node-caniuse-lite dependency in > node-autoprefixer (<< 1.0.30001226~) > 3. Report a bug against node-caniuse-lite to update to the current > upstream version, with a gentle hint on what will break if updated > 4. Once updated, drop the patch, and remove the version constraint Actually, all rdepends seem to use another import mechanism, which was not broken. Thus, reassigning to node-caniuse-lite to get it updated. -nik signature.asc Description: PGP signature
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
> - let autoprefixerData = { browsers: agents, prefixes: dataPrefixes }
> + let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes }
It's
https://github.com/browserslist/caniuse-lite/commit/fde289588b2ccb129ba3d1552134be2c78fee8b7
So, this happened with a recent update of node-autoprefixer, because
the new autoprefixer relies on the new API of caniuse-lite.
caniuse-lite should, and will at some point, be updated in Debian as
well. However, this will break node-browserslist, because that relies
on the old API. Oh the joy!
Proposal:
1. Add a patch to node-autoprefixer to use the old API
2. Add a version constraint to the node-caniuse-lite dependency in
node-autoprefixer (<< 1.0.30001226~)
3. Report a bug against node-caniuse-lite to update to the current
upstream version, with a gentle hint on what will break if updated
4. Once updated, drop the patch, and remove the version constraint
@ JavaScript team, shall I proceed with that?
-nik
signature.asc
Description: PGP signature
Bug#995702: TypeError: Cannot read property 'prefix_exceptions' of undefined
Package: node-autoprefixer
Version: 10.3.1.0+dfsg1+~cs14.6.19-1
Severity: grave
Justification: renders package unusable
autoprefixer currently does not work because it handles the agents
imported from caniuse-lite wrongly:
/usr/share/nodejs/autoprefixer/lib/browsers.js:64
let prefix = data.prefix_exceptions && data.prefix_exceptions[version]
^
TypeError: Cannot read property 'prefix_exceptions' of undefined
at Browsers.prefix (/usr/share/nodejs/autoprefixer/lib/browsers.js:64:23)
at /usr/share/nodejs/autoprefixer/lib/prefixes.js:193:54
at Array.map ()
at Prefixes.select (/usr/share/nodejs/autoprefixer/lib/prefixes.js:193:31)
at new Prefixes (/usr/share/nodejs/autoprefixer/lib/prefixes.js:133:53)
at loadPrefixes
(/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:111:22)
at Object.prepare
(/usr/share/nodejs/autoprefixer/lib/autoprefixer.js:121:22)
at /usr/share/nodejs/postcss/lib/lazy-result.js:133:39
at Array.map ()
at new LazyResult (/usr/share/nodejs/postcss/lib/lazy-result.js:131:43)
The problem comes from /usr/share/nodejs/autoprefixer/lib/autoprefixer.js:
let { agents } = require('caniuse-lite')
The object loaded here contains another object called agents. For me, changing
line 10
fixes the issue:
- let autoprefixerData = { browsers: agents, prefixes: dataPrefixes }
+ let autoprefixerData = { browsers: agents.agents, prefixes: dataPrefixes }
I have no idea how this problem came to be, and how to properly fix it. Might be
an incompatibility between the versions of autoprefixer and canisue-lite?
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8),
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages node-autoprefixer depends on:
ii node-browserslist 4.17.0+~cs5.6.76-1
ii node-caniuse-lite 1.0.30001224+dfsg-2
ii node-normalize-range 0.1.2-2
ii node-postcss [node-colorette] 8.2.1+~cs5.3.23-8
ii node-postcss-value-parser 4.1.0-2
ii nodejs 12.22.5~dfsg-5
node-autoprefixer recommends no packages.
node-autoprefixer suggests no packages.
-- no debconf information
Bug#995417: bug is RC
Control: severity -1 grave This is actually an RC bug as the requests-oauthlib version currently in Debian does not work with the oauthlib version currently in Debian. signature.asc Description: PGP signature
Bug#995417: python-requests-oauthlib: please update to current upstream version 1.3.0
Source: python-requests-oauthlib Version: 1.0.0-1.1 Severity: wishlist Please update this package to the current upstream version. I would also like to suggest moving this to team maintenance under the Python Packaging team. Thanks, Nik -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#995398: RM: midori -- ROM; upstream made software unusable
Package: ftp.debian.org Severity: normal As reported in #977263, the upstream of midori decided that it could be a great idea to write a web browser in JavaScript running in a browser (i.e. use Electron to run a browser). I follow the proposal in the aforementioned bug report and ask to remove Midori from the unstable distribution.
Bug#995363: python-jwcrypto: do not drop egg-info
Source: python-jwcrypto Version: 1.0.0-1 Severity: important Trying to build a package depending on python3-jwcrypto, I discovered that you explicitly drop the egg-info file from the package. Please do not do that, as it breaks Python's pkg_resources and related when discovering distributions.
Bug#993988: debian-edu-config: consider to drop diskless workstation support as default for Main-Server+LTSP-Server profile
Hi, > Like reported in #993935, a local admin might install additional > packages on a combined server causing potential leakage of sensible data > in the SquashFS image file for diskless workstations. > > It would be quite easy to drop the diskless workstation support (done by > default at first boot of a combined server), only provide thin client > support on the combined server and leave the (site specific) setup for > diskless ws to the local admin. (The manual should then contain hints > how to do this.) I take it that by "drop support", you mean "not install by default"? Diskless workstations are one (probably the) Unique Selling Point of Debian Edu, so I would like to make very clear that dropping support for it in general would be problematic. -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. — Digitale Freiheit mit Jugend und Bildung https://www.teckids.org/ signature.asc Description: PGP signature
Bug#993935: debian-edu-ltsp-install: Netboot image exposes private data and crypto keys
Package: debian-edu-config Version: 2.11.56 Severity: critical Tags: security Justification: root security hole X-Debbugs-Cc: Debian Security Team The LTSP netboot image produced by debian-edu-ltsp-install includes full copies of files that should never leave the Debian Edu main server, if run on a so-called "combined server" (a system using the Main Server and Terminal Server profiles, as done in small installations). Among these files are full copies of, among others: - /var/lib/ldap, containing the full, unencrypted LDAP database with all private information on all users, password hashes, and Kerberos keys - /etc/krb5-kdc, containing information on decrypting Kerberos data in the LDAP database - /etc/gosa, containing the (encrypted) LDAP manager credentials, plus the key to decrypt it Any user with access to the local terminal server network can acquire the netboot image, unauthenticated, and extract the listed information from it. The issue is caused by the new LTSP system using the LTSP PnP system now in all cases, thus packing the entire mai nserver filesystem in squashfs image. The debian-edu-ltsp-install script produces a list of files to exclude from the image, which is not sufficient, most probably because it was tailored to the use case where the image is produced from a dedicated Terminal Server instead of a combined server. IMHO, the use case of the combined server cannot be fixed. The new LTSP system de facto disallows any use of a combiend server – even if we make a very carefully curated list of excluded files, any administrator would have to take care to add their own excludes for just about any file they place on the main server that was not palced there by the Debian Edu software. In fact, the whole new LTSP system seems unfit to be used on any server that is not limited to producing LTSP images, and supporting netbooting them. For now, the issue should be mitigated by carefully adding all relevant paths that are known to exist only on the main server to the exclude list, but I do not think that is a viable fix in the long term.
Bug#991920: Acknowledgement (please demote pkg-config to Recommends)
On Thu, Aug 05, 2021 at 10:21:30PM +0200, Michael Banck wrote: > I've run "dracut --no-kernel" in a minimal lxc container, once with > pkg-config and once without and then diffoscope'd the two generated > initrds. Most of what diffoscope complains about are timestamp > differences in directories and symlinks which I don't know how to get > rid of, but there's some changes in etc/conf.d/systemd.conf that I have > attached. Not sure whether those are problematic? Given that /usr/lib is the canonical path for these directories, and /lib happens to be a symlink there, this should not be a problem. If Thomas consents, I would make the change in experimental as well and we will see how it works out. I do not see any reason not to demote pkg-config. Cheers, Nik -- Dominik George Berater PostgreSQL / Datenbanken Telefon: +49 2166 9901-192 Telefax: +49 2166 9901-100 E-Mail: dominik.geo...@credativ.de PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 https://www.credativ.de/ credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Sascha Heuer, Geoff Richardson, Peter Lilley Unser Umgang mit personenbezogenen Daten unterliegt folgenden Bestimmungen: https://www.credativ.de/datenschutz
Bug#991918: dracut: new upstream version 055
Source: dracut
Version: 051
Severity: minor
Tags: patch
Hi Thomas, et al,
the attached debdiff updates the debian/ directory to work with
upstream version 055.
Thanks to Andre Russ for preparing the patch updates; thanks to
credativ for sponsoring Debian work!
Thomas, if you are ok, I would upload to experimental.
Cheers,
Nik
diff -Nru dracut-051/debian/changelog dracut-055/debian/changelog
--- dracut-051/debian/changelog 2020-12-15 16:23:33.0 +0100
+++ dracut-055/debian/changelog 2021-08-05 13:31:22.0 +0200
@@ -1,3 +1,20 @@
+dracut (055-1) UNRELEASED; urgency=medium
+
+ [ Dominik George ]
+ * Team upload.
+ * New upstream version
+
+ [ Andre Russ ]
+ * Refresh patches for dracut 055
++ systemd needs more users in Debian
++ crc32c patch was applied upstream
++ several minor changes
+ * Update installed files
++ Several docs were moved upstream
++ mkinitrd was removed
+
+ -- Dominik George Thu, 05 Aug 2021 13:31:22 +0200
+
dracut (051-1) unstable; urgency=low
* new upstream version
diff -Nru dracut-051/debian/dracut-core.docs dracut-055/debian/dracut-core.docs
--- dracut-051/debian/dracut-core.docs 2020-12-15 15:29:17.0 +0100
+++ dracut-055/debian/dracut-core.docs 2021-08-05 13:31:22.0 +0200
@@ -1,10 +1,8 @@
AUTHORS
-HACKING
-NEWS
+docs/HACKING.md
+NEWS.md
README.md
-README.cross
-README.generic
-README.kernel
-README.modules
-TODO
+docs/README.cross
+docs/README.generic
+docs/README.kernel
dracut.html
diff -Nru dracut-051/debian/dracut-core.install
dracut-055/debian/dracut-core.install
--- dracut-051/debian/dracut-core.install 2020-12-15 15:29:17.0
+0100
+++ dracut-055/debian/dracut-core.install 2021-08-05 13:31:22.0
+0200
@@ -1,6 +1,5 @@
usr/bin/dracut
usr/bin/dracut-catimages
-usr/bin/mkinitrd
usr/bin/lsinitrd
usr/lib/dracut/dracut-functions
usr/lib/dracut/dracut-functions.sh
@@ -19,7 +18,6 @@
debian/90overlay-root usr/lib/dracut/modules.d
modules.d/00dash usr/lib/dracut/modules.d
modules.d/00bash usr/lib/dracut/modules.d
-modules.d/00bootchart usr/lib/dracut/modules.d
modules.d/00systemdusr/lib/dracut/modules.d
modules.d/01fips usr/lib/dracut/modules.d
modules.d/01systemd-initrd usr/lib/dracut/modules.d
diff -Nru dracut-051/debian/dracut-core.manpages
dracut-055/debian/dracut-core.manpages
--- dracut-051/debian/dracut-core.manpages 2020-12-15 15:29:17.0
+0100
+++ dracut-055/debian/dracut-core.manpages 2021-08-05 13:31:22.0
+0200
@@ -1,9 +1,8 @@
-dracut.8
-dracut.conf.5
-dracut.modules.7
-dracut.bootup.7
-dracut.cmdline.7
-dracut-catimages.8
-lsinitrd.1
-mkinitrd.8
+man/dracut.8
+man/dracut.conf.5
+man/dracut.modules.7
+man/dracut.bootup.7
+man/dracut.cmdline.7
+man/dracut-catimages.8
+man/lsinitrd.1
debian/tmp/usr/share/man/man8/*
diff -Nru dracut-051/debian/dracut-network.install
dracut-055/debian/dracut-network.install
--- dracut-051/debian/dracut-network.install2020-12-15 15:29:17.0
+0100
+++ dracut-055/debian/dracut-network.install2021-08-05 13:31:22.0
+0200
@@ -1,5 +1,5 @@
debian/etc/11-ifcfg.conf etc/dracut.conf.d
-modules.d/02systemd-networkd usr/lib/dracut/modules.d
+modules.d/01systemd-networkd usr/lib/dracut/modules.d
modules.d/35network-manager usr/lib/dracut/modules.d
modules.d/35network-legacy usr/lib/dracut/modules.d
modules.d/40networkusr/lib/dracut/modules.d
diff -Nru dracut-051/debian/patches/crc32c dracut-055/debian/patches/crc32c
--- dracut-051/debian/patches/crc32c2020-12-15 15:29:17.0 +0100
+++ dracut-055/debian/patches/crc32c1970-01-01 01:00:00.0 +0100
@@ -1,11 +0,0 @@
a/modules.d/99fs-lib/module-setup.sh
-+++ b/modules.d/99fs-lib/module-setup.sh
-@@ -38,7 +38,7 @@
- include_fs_helper_modules() {
- local dev=$1 fs=$2
- case "$fs" in
--xfs|btrfs|ext4)
-+xfs|btrfs|ext4|ext3)
- instmods crc32c
- ;;
- f2fs)
diff -Nru dracut-051/debian/patches/dev-shm-mount
dracut-055/debian/patches/dev-shm-mount
--- dracut-051/debian/patches/dev-shm-mount 2020-12-15 15:29:17.0
+0100
+++ dracut-055/debian/patches/dev-shm-mount 2021-08-05 13:31:22.0
+0200
@@ -1,14 +1,14 @@
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
-@@ -57,11 +57,6 @@
- mount -t devpts -o gid=5,mode=620,noexec,nosuid devpts /dev/pts >/dev/null
+@@ -55,11 +55,6 @@
+ mount -t devpts -o gid=5,mode=620,noexec,nosuid devpts /dev/pts >
/dev/null
fi
-if ! ismounted /dev/shm; then
--mkdir -m 0755 /dev/shm
--mount -t tmpfs -o mode=1777,noexec,nosuid,nodev,strictatime tmpfs
/dev/shm >/dev/null
+-mkdir -m 0755 -p /dev/shm
+-mount -t tmpfs -o mode=1777,noexec,nosuid,nodev,strictatime tmpfs
/dev/shm > /dev/null
-fi
-
if ! ismounted /run; then
- mkdir -m 0755 /newrun
+ mkdir -m 0755 -p /newrun
Bug#937234: pam-python: Python2 removal in sid/bullseye
Hi, > I wonder what the state of this issue is. > > I looked at the code and somehow it has a few hints on (at least > partial?) Python 3 compatibility. > > Russell, can you give me a short update on how far this got? Can we > somehow get to the goal of making this fully work with Python 3? Maybe > even for bullseye… Never mind, I just realised that pam-python is licensed under AGPL and is thus not suitable for Debian Edu IMHO. @Mike, @Petter: Did you realise that pam-python is AGPL? It means that we cannot provide terminal servers or netbooting in Debian Edu without placing a prominent link to pam-python's sources on the desktop… @Russell: Can you please relicence pam-python under a less insane licence? If the latter fails, we should either rewrite such a module under a less restrictie licence, or rewrite libpam-mklocaluser in C or Rust, or get rid of the need for libpam-mklocaluser (probably by using sssd). Looking forward to everyone's thoughts, Nik
Bug#937234: pam-python: Python2 removal in sid/bullseye
Hi, I wonder what the state of this issue is. I looked at the code and somehow it has a few hints on (at least partial?) Python 3 compatibility. Russell, can you give me a short update on how far this got? Can we somehow get to the goal of making this fully work with Python 3? Maybe even for bullseye… It seems I completely missed that Python 2 is still in bullseye, and spent the last few hours writing a new PAM module in Python, and used Python 3 features all over the place with the assumption that Python 2 is gone, then I found that libpam-python is linked against libpython2.7. If there is some kind of to-do list with open points to make it use Python 3, I will see whether I can help. It would be very sad if I had to backport my module to Python 2 for bullseye… Cheers, Nik signature.asc Description: PGP signature
Bug#980287: ITP: python-telethon -- asyncio Python 3 MTProto library
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: python-telethon Version : 1.19.0 Upstream Author : Lonami Exo * URL : https://github.com/LonamiWebs/Telethon * License : MIT Programming Lang: Python Description : asyncio Python 3 MTProto library Telethon is an asyncio Python 3 MTProto library to interact with Telegram's API as a user or through a bot account (bot API alternative). It is needed for the matrix-telegram bridge, and I intend to maintain it within the Python packaging team. -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAmAEGhIxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8paEMBAAtXnCL6kJDvDSgcIEDG30 53Vaaa2e9DpI56u/cLyvc31gAw+33ooyIDiR9qxhVpsN50DpqQc7UYqEEImSj8Ik 9RjnsUhr/ZSE+R+D5mIvnVW779xMlHepBfxrV+1giKvdI8ufG94eOHCjEq80CgfF J9RgqR6/bg2ocExmTGN76y43QZL/FpZyfnM4dvS6s5wBIb31ZdhikL6FxuafJOeY vB+cm0aeIKaEK2IXoqi/upoZIZPqLgXtD1NMnMhYeye3bjy2Srcw3eL8paM9m3Nr l5IWRkF9F0d8IGR7i53BJj9KWhREurqF4bbmkdgTWNnBdaoUbQTV4gJ+Aov0uQCB XwOB8W+7fqPm4VRQt/rj30sGunQgPe2CGTNuJvRss/BnTWkw8NIpbOk/ms+X+Mld xjBzvksnNZ3xVfA0odzgdg8yUpHMEvBLudisgQq363uimJe8almTFkseysBsBvA+ +Raz8vvvphAFbKHC2KHDVeHHnphCdvfyRhY3QcsebhXOnwtrump+nVAORLyYfJqn J+ii90otMjPbUHVIonRng4yxfZC2etJxIjwOXs/0gqKlTUd04Ul+b0AJbcc+DScY 17i2qgVDBztMB7eKcnzI86PwA7HntQHnH/wwjDg+ZTh2h6EOwdPPeqE1WjV2TGcH sFnaMAcGlRKFGV2MGHGx63I= =E9Tb -END PGP SIGNATURE-
Bug#980286: RFP: signald -- A daemon that facilitates communication via Signal Private Messenger
Package: wnpp Severity: wishlist X-Debbugs-Cc: debian-de...@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: signald Version : 0.11.1 Upstream Author : Finn Herzfeld * URL : https://gitlab.com/signald/signald * License : GPL Programming Lang: Java Description : A daemon that facilitates communication via Signal Private Messenger signald is needed for mautrix-signal, the Matrix to Signal bridge, which I intend to package. -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAmAEF4cxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pbOtQ//VIIw3d2WuiClPHthWPsE hhKA4Y+Za9YBHuUZGdRjMwjxABovM+xyZxVTnUPiEGGQQKWfctne7NqQnzfsqXrh 2l1i6ZS8HHcyuouRHjjw2NVRsVDxu9cCwsEPcEtKgVxCb3e5Ktn6+YwwwBeMjNZk HFUb3qL8DD220gin8SZgK0YDxUg3VV1YWCkHbm4iTZ5Esh1j1ioYuQOYu0JScUW4 l6HVvydPWV+H2Ab+dqvkiFIsd0pS2RgyZ3bDdpG2SL++XN4F7edznqB1YR1V85w/ 9L4Aq0l6P7j/m7yMUdp5nJsWq2EcDNK4SrXqR9ISiYM4aedlhomXC2lqVDqIcqf8 begby2PeC3fOmy2GyD4JbxjDfs29+qW6krs2OPvsMzN4jpoi2mlAaSQoruxXdPXG jv75XuoJtxV6MX/ijGoZADcriZKHkwvD2eUFOmnJsH9AoIxgTk6LDHDJ557XQwY5 N8ywcBkXxCPQ2Lia9WzmE6WQJrZ6fc78rkiGEMGqMYWKICyJZGudYBGuA/kc5IFI nzomrjMn//BDY2Mwxtmj7vao5vvmzrt2gw19KkIlCmdv+xgzlPZmgzq7zOgYGoO3 J+BodntYvL8aauvY8gtXKcu3wEKmtolK8ZeuEm5cDUoptf08R88IFm2QsxmzQeau 7y7eiirgCrNzO0YL97oyhaI= =RA69 -END PGP SIGNATURE-
Bug#977988: /usr/bin/spectacle: does not start (libkImageAnnotator.so.0.3.2 not found)
Package: kde-spectacle Version: 20.12.0-1 Severity: grave File: /usr/bin/spectacle Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After a recent update, spectacle stoppede working, and errors out on start with: spectacle: error while loading shared libraries: libkImageAnnotator.so.0.3.2: cannot open shared object file: No such file or directory Maybe it needs a binNMU? - -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-4-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages kde-spectacle depends on: ii kio5.77.0-2 ii libc6 2.31-6 ii libkf5configcore5 5.77.0-2 ii libkf5configgui5 5.77.0-2 ii libkf5configwidgets5 5.77.0-2 ii libkf5coreaddons5 5.77.0-2 ii libkf5dbusaddons5 5.77.0-2 ii libkf5globalaccel-bin 5.77.0-2 ii libkf5globalaccel5 5.77.0-2 ii libkf5i18n55.77.0-2 ii libkf5kiocore5 5.77.0-2 ii libkf5kiogui5 5.77.0-2 ii libkf5kiowidgets5 5.77.0-2 ii libkf5kipi32.0.0 4:20.08.0-1 ii libkf5newstuff55.77.0-3 ii libkf5notifications5 5.77.0-2 ii libkf5purpose-bin 5.77.0-2 ii libkf5purpose5 5.77.0-2 ii libkf5service-bin 5.77.0-2 ii libkf5service5 5.77.0-2 ii libkf5waylandclient5 4:5.77.0-2 ii libkf5widgetsaddons5 5.77.0-4 ii libkf5windowsystem55.77.0-2 ii libkf5xmlgui5 5.77.0-2 ii libkimageannotator00.4.0-1 ii libqt5core5a 5.15.2+dfsg-2 ii libqt5dbus55.15.2+dfsg-2 ii libqt5gui5 5.15.2+dfsg-2 ii libqt5printsupport55.15.2+dfsg-2 ii libqt5widgets5 5.15.2+dfsg-2 ii libqt5x11extras5 5.15.2-2 ii libstdc++6 10.2.1-1 ii libxcb-cursor0 0.1.1-4 ii libxcb-image0 0.4.0-1+b3 ii libxcb-util1 0.4.0-1+b1 ii libxcb-xfixes0 1.14-2 ii libxcb11.14-2 ii qdbus-qt5 5.15.2-3 kde-spectacle recommends no packages. kde-spectacle suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl/jtdYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pavGQ/+LbBxRuQdz7GeHZabCmTo GlYBc/60XxcqG7y1SIJdkuxPKoLz5TJrG+87Qy2U6O701g+CIgWCEUhrGWjnXuEC E2uRQj66m2R9UbIz7s4mgEV9fxfZVZwwQafEH1RXXuvWkSbaslVQuNTbgC1P5zaw C5YFNtiLuN3BAlJSa3lAi0hZUnD5+KcTzxWYKNKq2fCKd8Wex/tAd+YAeD623htS OR/CwklxtUrtPPCapMPWBhMzk5dvWpunD4A7j1WF3nptkKA2nk+Jio1qbbqUwlW/ ha/p6LByqwT9CRI4JAyFxwy62nOP1pVfraaOrB9/7fxABJmxsS0wNNUL0Hxsx5we NSO80AqM34JwRp5ho7f4ZKn9jviAIr7UvInUo46Ng3RjX8hRRw04Y/R43lv+vYQD aq2gts5t+MQB2HwM+p+4Qz/6Vn+xwkQSh4reQixIo2UoSjNsyMc0GstDzdB8ZHyc ulyFA0FEvz4AoJiSDCRuJ6tgVXqP4EI2DkdDck4H31bt7WZwYOV5MJzX93U9QXyd pt0Q8Aav4ya+A3lfRjwAvCPpDqH8PgiT5XLLF/rUB2W7z50MNO3LonJKz2UGxtgu TvzHNDPosEx0BnbX5Li0u8OgRHizttC23IbR9hld4A0o8C/iz07IbMSP8nqED6CT gNlsZMEbF2LYl9GutLcbq44= =KbJh -END PGP SIGNATURE-
Bug#974989: [Freedombox-pkg-team] Bug#974989: freedombox: firstboot wizard fails in connection setup (KeyError: 'box_name')
Tags: -1 + l10n > > The first boot wizard got as far as setting up the connection, and > > when asked how my router is set up, I chose I do not want to set it up > > right now. That caused the following exception: > > Just to rule out one cause of error. Did you select a langauge? > Perhaps one of the languages have a bug in a format string? Yep, forcing my browser to prioritise English fixes it. In other words, the nb_NO locale is broken. Thanks for the pointer! -nik
Bug#974989: [Freedombox-pkg-team] Bug#974989: freedombox: firstboot wizard fails in connection setup (KeyError: 'box_name')
Hi, > > The first boot wizard got as far as setting up the connection, and > > when asked how my router is set up, I chose I do not want to set it up > > right now. That caused the following exception: > > Just to rule out one cause of error. Did you select a langauge? > Perhaps one of the languages have a bug in a format string? Not actively — it might use my browser language, which is a language that shouldn't come as a surpris eto you however ;). Will check. -nik
Bug#974989: freedombox: firstboot wizard fails in connection setup (KeyError: 'box_name')
Package: freedombox Version: 20.18 Severity: normal I installed the freedombox package on a pretty much vanilla Debian installation. The first boot wizard got as far as setting up the connection, and when asked how my router is set up, I chose I do not want to set it up right now. That caused the following exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 145, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 143, in _get_response response = response.render() File "/usr/lib/python3/dist-packages/django/template/response.py", line 106, in render self.content = self.rendered_content File "/usr/lib/python3/dist-packages/django/template/response.py", line 83, in rendered_content content = template.render(context, self._request) File "/usr/lib/python3/dist-packages/django/template/backends/django.py", line 61, in render return self.template.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 171, in render return self._render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 163, in _render return self.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/loader_tags.py", line 150, in render return compiled_parent._render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 163, in _render return self.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/loader_tags.py", line 150, in render return compiled_parent._render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 163, in _render return self.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/loader_tags.py", line 62, in render result = block.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/loader_tags.py", line 62, in render result = block.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/loader_tags.py", line 62, in render result = block.nodelist.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 937, in render bit = node.render_annotated(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 904, in render_annotated return self.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 987, in render output = self.filter_expression.resolve(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 698, in resolve new_obj = func(obj, *arg_vals) File "/usr/lib/python3/dist-packages/bootstrapform/templatetags/bootstrap.py", line 14, in bootstrap return render(element, markup_classes) File "/usr/lib/python3/dist-packages/bootstrapform/templatetags/bootstrap.py", line 85, in render return template.render(context) File "/usr/lib/python3/dist-packages/django/template/backends/django.py", line 61, in render return self.template.render(context) File "/usr/lib/python3/dist-packages/django/template/base.py", line 171, in render return self._render(context)
Bug#973310: RM: osmalchemy -- ROM; Abandoned upstream, no rdeps
Package: ftp.debian.org Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I am both upstream an maintainer of OSMAlchemy, and OSMAlchemy never got any traction and was only used in one project (which now uses other mechanisms). I therefore request removal. - -nik -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl+ZmHQxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pZIaQ/9Fg/ef1/LZXuQ44W08l5F jCi4C/jzvVdb/v4MsaTfEX+uiBvqMq+mx55ylAQ+d+kPuNznRGvY6lY+hMy5UUHH E7DgZZ3pjmoDWS0N06uqzVdyepg7hv5oYKFf0yHsQ/NbXYTRYj98QZRx5grfxXoF rJ1R5GV+O3+/rEO6Ps4XK8px+HUJL8FdU9FM5UN0mBTH5lGJSuRU7dApHAk8M0ma r/F8Odn36BF4ia4iQXZbFL/e9u5IENhKNIiMYW79YJ9uTHDpPZXQaZI29YGJaq+Y HiJihncX5d3urNkRsxcArV60CwfUpq0w8aciFnEGdubp3Ru8zWzy6Z3jDm0AEMqp shgTfQuLLfpRwJQ2wG49CWQjQYhvs/ycqrCj5qAyW88K9rSDrjOgcRE3L9te0EEg dr+MdKixzYTiX99y9noHJUsqbzD91r8rkhDWu2fzpFlm1JeH+qpM5D9eUEarOBbB 0CHircKr6j111eKK/kNYQdfvT765c3GQTGY5qi1nvoHF/sRXS+RNkzgqM/vkSF0T qlIM/ae/Y3yiFxZWzoQfF5wdWDAuN1h+QFVDFNCa1LLUiImODwVmF+TNBKF/7w8l sU5x2eQTIrAT6IaLErhrnPMlVk1Yo9xudtxRjHqxVaLctU6Fnia7sSwhmnVG0Lbx oAm1EbLcxdwOoYATOnv4Uz0= =bdVe -END PGP SIGNATURE-
Bug#908117: RFP: yq -- yq is a lightweight and portable command-line YAML processor The aim of the project is to be the jq or sed of yaml files.
Hi, > Hi guys, Please try to be inclusive of other genders ☺. (Proposal: Hi folks; Hi people; Hi friends,…) > > I see this thread in ITP status. However, I wonder if this is still in > process of being packaged. > > I've been maintaining the deb packages for such yq tool at my ppa > (https://launchpad.net/~rmescandon/+archive/ubuntu/ppa/) but I wanted to > step forward a little bit more by polishing and formatting everything > that is needed for having yq into the debian upstream. > > Could it be possible for me to take this ITP thread and give it a go? I also jsut wanted to start work on a yq package for Debian. I think a month later it is ok for you to setyourself as the owner of this ITP bug and take over the packaging. Please, if you start working, do so in a repository on salsa.debian.org. I will happily mentor you and if that goes well sponsor your upload. Cheers, Nik
Bug#908117: RFP: yq -- yq is a lightweight and portable command-line YAML processor The aim of the project is to be the jq or sed of yaml files.
Hi, > Hi guys, Please try to be inclusive of other genders ☺. (Proposal: Hi folks; Hi people; Hi friends,…) > > I see this thread in ITP status. However, I wonder if this is still in > process of being packaged. > > I've been maintaining the deb packages for such yq tool at my ppa > (https://launchpad.net/~rmescandon/+archive/ubuntu/ppa/) but I wanted to > step forward a little bit more by polishing and formatting everything > that is needed for having yq into the debian upstream. > > Could it be possible for me to take this ITP thread and give it a go? I also jsut wanted to start work on a yq package for Debian. I think a month later it is ok for you to setyourself as the owner of this ITP bug and take over the packaging. Please, if you start working, do so in a repository on salsa.debian.org. I will happily mentor you and if that goes well sponsor your upload. Cheers, Nik
Bug#954347: ITP: gnome-pass-search-provider -- GNOME Shell search provider for the pass password manager
Package: wnpp Severity: wishlist Owner: Dominik George -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: gnome-pass-search-provider Version : 0.0~20191115+da2db41 Upstream Author : Jonathan Lestrelin * URL : https://github.com/jle64/gnome-pass-search-provider * License : GPL-3 Programming Lang: Python Description : GNOME Shell search provider for the pass password manager This GNOME search provider integrates the pass utility into GNOME Shell. It can search password entries and copy passwords as well as arbitrary fields (username, pin, etc.) from the GNOME Shell search frontend. It also supports the OTP extension (from the pass-extension-otp package). -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl506DYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pZbVQ//Xj7scSXO8kEnG04BIrRg 6ji6ypk1Cwln02pZCc4WDtxoIDSfxWmIIl09RIazWQIT3ZVvqr0r1o+fbI27J1S5 IOQJicOG9f5y+t9go1c2OxX+pTQ8Da6WczqIlPGWke9XN+bYbcp+4vZrxxZ9M1Lt jNusO2AZUSdVTknRnME+UtalyQqSLG9coUOSOlxIQIPAr+ckXy438py8KHif3Li5 UGIZvf0BADSSa04pAOMPhYvPxN2YFTzirrsvQUHNWeO0E7JHpVqD9mM6WiyIxbvA Wr6MblGwnbfaUHN5M4LtnnID9/3j58J5JfkiCSEOGZd0qZCh3ZUsewCmkF3MDnkv u56+vHuNVyRocLgClLDK5C+xugGVvfwSAK8ahqPKQlx/Q2T/RRF6/FIQqWVD5DLk KNHwkZ9Xnf3p/ryK7CFWgQWBrQEGvGch7nCTRR9bWkVmgrIPUXgYHtf/ZQwnCCN/ En1z4ywcelHEN5ACXQJH4pJnCn+2ChLA9Tz5dTAxdWGN1YYCPi2BZF/+uZ/6Dg5d QynF1PsdRCbg4cDttk3Ur5Ssp/baOBXWViMI1k8PoNr65vE3f9T/YSG89+HiULvC jPiRF4nWIFHpbVnp8XOE8NoFnI/SXcDkp7jGcEiMARmnUK+gyRSPTyclYpi0zxlL L2opoZlvsDxI2wOkFmiTOsQ= =5BpP -END PGP SIGNATURE-
Bug#946847: [Pkg-sssd-devel] Bug#946847: debdiff for NMU 2.2.3-1.1
Hi, On Thu, Mar 05, 2020 at 09:04:40PM +0100, Dominik George wrote: > > Ok, thanks. Dominik, could you get this in git so that it's in sync with > > the archive? > > Yep, it is on my todo list for tomorrow morning. tried to do so, but found that you already imported and pushed a package version for buster that never existed and was never uploaded (1.16.3-3.1+deb10u1, which does not make sense at all). What is this version? -nik
Bug#946847: [Pkg-sssd-devel] Bug#946847: debdiff for NMU 2.2.3-1.1
> Ok, thanks. Dominik, could you get this in git so that it's in sync with > the archive? Yep, it is on my todo list for tomorrow morning. -nik
Bug#952963: Bug#952997: debian-edu-config: pacparser being removed, please drop from debian-edu-config
Hi, > Please let me know your preference. At some point we'll probably need > to go ahead with the rm of pacparser to keep the python2-rm process > moving. Why should it be necessary to remove the whole package, instead of just removing the Python 2 build, like for all other Python libraries in Debian? -nik -- Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) Teckids e.V. — Digitale Freiheit mit Jugend und Bildung https://www.teckids.org/
Bug#951120: hydra: Non-free licence exception
Package: hydra Version: 8.8-1 Severity: serious Justification: Policy 2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The licence of hydra states: H Y D R A (c) 2001-2020 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal Licensed under AGPLv3 (see LICENSE file) Please do not use in military or secret service organizations, or for illegal purposes. The additional exception to the AGPL contradicts the Debian Free Software Guidelines. I propose moving hydra to non-free. - -nik -BEGIN PGP SIGNATURE- iQJ+BAEBCgBoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl5CoAcxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pZKDhAA2K1iunqTCF1B22PRgOwa 2Ym6t+tVFVPy4nCPtWVLhRp3RIC1F9bfrlBUExwheIRkt9hVPjBpXGlgx3nNRaN7 xueRJ8En4rtreuB4CrL9yPl60jwpa02MwKE8jHTkjz7BwaAXnEA6wK9B8wX8Mjs1 gF4zWS4guZqyWXf7KxjUfF+TYUS/5zgdtNSPwByr3HK74oP5rytjNtom1SuziPpd l2F04fBq86UhM6aXWXuZoaefs/HI9j1fL/m+xYW1ULO3GMeppNm3dRak4VNQVU3G SEZERODan/0cvmhYbr/eSYxsOQ3+/Ln1XiaxSDnPOMROjQXwf7hPtmrzIPHG7t/Y ULOnM0WCImzA3uRhDqTLH5567v9vfnTjlj0eUD68MZi0EX6sKahruZYvsI3B3lfL V3geAuti5cQVjNburzuUMnY87gt+gKfhijCyiH//iDfJsj7e116WlTX0k6CmHkLT v+5Yg9zy0IGKxOMS4a2s+Lfli5h/savJurKsZIDpoRjQ5Jq9G1znnEmxUW8ITchq obyjKa+mHfzkz/uUl1IRmoUreWWNB8DWGF0hrMKiLL0Pb7WlVm97A2Wmnqsy9GiH ESZY8kFQ5JP7WO8yW7QqTxjKv/liAmS98N/FZA4Zk8BOHbUXscVYJD6uuJElZddO Gz7dN/7gmWePDFgxPFDzwrw= =6Kcy -END PGP SIGNATURE-
Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > Wolfgang, many thanks for this bug report and the quick fix. > I'll upload to unstable right now and will coordinate with DSA and LTS > the fixes for buster, stretch and jessie. Are you aware that, as laid out on IRC, I am already doing that? - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl33qacxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylk1KEACs5v3i94+Hopt5NNSRc+nvQTC7I4AIUsbupHWj9EpV/avKXBH5ak2C I+U8H6wtlAXQr1KkQwkKxUQYEyXwVN1swKrqJeb6cqW0jB62QizHxDMlzULh1qBw per1HXYtlK5WcpytkarmOAauWC9Hrh0EIqfQwQxywZSKWbV2IwSj5+LdKW+sVj42 +z8MzO9A+b2UHYo8KWnwq/P48FfFp0bn9unrhiqkLB2OhFsDydF0w7IB8yqecj6x QP177Po3B7Hf1ThDF4cfF/kqZQ0NenWvv7uRwNL/y4wJ7XQ0EtEsMY73iq3E/CXz YRvqttqbnNSQO0xAy8CE9jKHY9vMoL7if4NdvFYlSsJYmg+/Tw5BLaehKQRINvZh pMqDLB4kVi5gpO1Q6qGo/2+SU0+91QbPR6dwQCvcZRQ8v4KqN6GpS00mQX44DFhT S1kOr60rCYYlRtmxeqmHhyv52GRoY8iGq5KuQUnwXAm8buqy4LmzWQhAVrQk30fi oA290vBcXyTvhs8/yKGTvjnJcdmfE9V2QIZ8cA/5WbOBAEiEBtH1PoG87dUTejkD SwEq20DAK8BhCGlWofanEnDygbnvFg/ouHsYQkt6RiP9ocqxXr+J2k5ACOUCWYmo Carf26wfZ8IWPG7zUoaud68YAPSCfHi35rmRNFBt69DFeH66cLYg+Q== =SBC3 -END PGP SIGNATURE-
Bug#946847: sssd_be: Busy loops on flaky LDAP, SIGTERM from watchdog not processed
Package: sssd
Version: 2.2.2-1+b1
Severity: important
Tags: upstream
In a setup with sssd using a remote slapd for NSS, and a somewhat flaky
network in between, sssd_be tends to get into a busy loop sometimes, using
100% CPU time on one core.
Debugging showed that sssd has a watchdog to clean up in such cases, but
sssd_be installs a signal handler that prevents the SIGTERM on the
processgroup to be processed correctly, and does not exit.
src/util/util_watchdog.c:
64 /* the watchdog is purposefully *not* handled by the tevent
65 * signal handler as it is meant to check if the daemon is
66 * still processing the event queue itself. A stuck process
67 * may not handle the event queue at all and thus not handle
68 * signals either */
69 static void watchdog_handler(int sig)
70 {
71
72 watchdog_detect_timeshift();
73
74 /* if a pre-defined number of ticks passed by kills itself */
75 if (__sync_add_and_fetch(_ctx.ticks, 1) >
WATCHDOG_MAX_TICKS) {
76 if (getpid() == getpgrp()) {
77 kill(-getpgrp(), SIGTERM);
78 } else {
79 _exit(1);
80 }
81 }
82 }
(NB. Seems what is described in the comment was not all too successful ;)
The signal handler is installed in src/providers/data_provider_be.c:
448 static void be_process_finalize(struct tevent_context *ev,
449 struct tevent_signal *se,
450 int signum,
451 int count,
452 void *siginfo,
453 void *private_data)
454 {
455 struct be_ctx *be_ctx;
456
457 be_ctx = talloc_get_type(private_data, struct be_ctx);
458 talloc_free(be_ctx);
459 orderly_shutdown(0);
460 }
461
462 static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx)
463 {
464 struct tevent_signal *sige;
465
466 BlockSignals(false, SIGTERM);
467
468 sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO,
469 be_process_finalize, be_ctx);
470 if (sige == NULL) {
471 DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
472 return ENOMEM;
473 }
474
475 return EOK;
476 }
Setting a breakpoint on be_process_finalize showed that this function is
never reached, probably because libtevent never gets around to calling it.
Two proposals to circumvent this are:
a) Reset the handler before calling kill on the process group in line 77
(e.g. signal(SIGTERM, SIG_DFL);)
b) Move the exit call in line 79 out of the branch so it gets called
unconditionally
in case kill() fails to kill the process itself
We tested solution a) in gdb and it caused sssd_be to exit cleanly and
restart, as it should.
Cheers,
Nik
Analysis was sponsored by Teckids e.V. and tarent solutions GmbH.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.3.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sssd depends on:
ii python3-sss 2.2.2-1+b1
ii sssd-ad 2.2.2-1+b1
ii sssd-common 2.2.2-1+b1
ii sssd-ipa 2.2.2-1+b1
ii sssd-krb52.2.2-1+b1
ii sssd-ldap2.2.2-1+b1
ii sssd-proxy 2.2.2-1+b1
sssd recommends no packages.
sssd suggests no packages.
-- no debconf information
Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, Dec 16, 2019 at 12:13:49PM +0100, Wolfgang Schweer wrote: > On Mon, Dec 16, 2019 at 11:33:28AM +0100, Dominik George wrote: > > >> Why not just remove that line? > > > > > >The only line needed is: root/admin@INTERN * > > >Intention is to fix the bug, but keep the change as minimal as > > >possible. > > Then it should be CIl in my opinion. Listing principals is the same as > > getent passwd, so no additional leaks here. The i ACL allows tracking > > other users' use of the network. It is thus part of the bug. > > IMO Cil is enough, but better safe than sorry. Just committed like > proposed, thanks. Great! Also, I'd propose to turn the sed command into: sed -i 's/\(\*@INTERN[[:space:]]*\)cil/\1CIl/' /etc/krb5kdc/kadm5.acl This way, it will not destroy any legitimate additions a local admin made. - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl33dBAxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylvjjD/9Hnfm8DN3+hobIMEsPg8lWXoN4Z90a46Hlfr/DcRGn+ENsbxnXMSBu +Sg8PoomSvvDuW5QWgCXuUmBgS+mBNMOJFlSaT/3tORV8cr4nyq/kmgcU+9AcGBH bmgQ5BvB2Z2eMau7eZvW+GhRA1UA576Luaxw/xl8EvqN5PmfYQgJwPK3aN1oNuJ0 nlR9N4yVbDKuvjLB2olXsO2jYOFKCkVU1QTPKf8Jfhq0usgqVjyv5NRY8ywKlns0 h5H9m1WQ9MdviGFE48YhGfKUSE9lKfFwAL/dnDSmvtzdsTI/HopxYAY9rw/XEi6a S1MgmJQrFeYEGHJ49eLkiOWufG+Q8Z6jeN8LySsRx/17RjX7gMn5SIAvpZbwWuVK h0yB5j6LQ/gfpcYu/N3DAWBW6zgLdxORfSi8IlDqXvJnSJKGlb0uQNBwsb+jT4HY vJnPfE1fBGrgBOqe3BIrVdHE0iUvw9z8R+MaAewIGt4ThhJ7tJaGmROJ1gskQAnE He+7QHRen0+WQxiLTgB03pww88phV7KBXnUQtx/7PlUUaK5AOKo38dtKNOTQo2gM AAdp3OMFTw0f8JLk7uUtA1NEC1DPQvjNvjdQBVxDK7Vw08B1wKyAWTPfKEkYJHWv FyaEwD4JPQySqrukf+RqJ2Pl4ip+PmgTZEYOmu1XpkV+9PRddltE0A== =+c4F -END PGP SIGNATURE-
Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users
>> > root/admin@INTERN * >> > -*@INTERN cil >> > +*@INTERN Cil >> > */*@INTERN i >> > EOF >> > chmod 644 /etc/krb5kdc/kadm5.acl >> >> Why not just remove that line? > >The only line needed is: root/admin@INTERN * >Intention is to fix the bug, but keep the change as minimal as >possible. Then it should be CIl in my opinion. Listing principals is the same as getent passwd, so no additional leaks here. The i ACL allows tracking other users' use of the network. It is thus part of the bug.
Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users
Hi, > Severity: important I propose this bug to be set to severity critical and handled by DSA. After all, it is a local impersonation and root privilege escalation bug, if not remote if you consider clients scattered out over a school remote. > > To improve security, settings in kadm5.acl should be adjusted. > > The needed fix is minimal: > > --- a/share/debian-edu-config/tools/kerberos-kdc-init > +++ b/share/debian-edu-config/tools/kerberos-kdc-init > @@ -187,7 +187,7 @@ EOF > if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then > cat > /etc/krb5kdc/kadm5.acl < root/admin@INTERN * > -*@INTERN cil > +*@INTERN Cil > */*@INTERN i > EOF > chmod 644 /etc/krb5kdc/kadm5.acl Why not just remove that line? Or disallow everything? Disallowing changes fixes the privilege escalation, but it is also questionnable if everyone and their dog need to be allowed to track when which other person used the network. I am pretty certain it is at least a DSGVO violation. > > Thanks to Andreas B. Mundt for the hint. > > Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades > by adding something like this to debian-edu-config.postinst: > > [configure case] > fi > + > +# Set proper rights for users. > +if [ -f /etc/krb5kdc/kadm5.acl ] ; then > +sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl > +fi > ;; > esac Probably only if it was unmodified. If not, postinst should issue a warning using debconf, IMHO. -nik -- Sendt fra min Android-enhet med K-9 e-post. Unnskyld min kortfattethet.
Bug#835086: Bug#941708: ITP: nextcloud-server -- Nextcloud folder synchronization tool (server)
Hi, >This packaging sidesteps that issue by providing version-independent >tools to download, install, configure, update, and manage the server. >Although unconventional, such tools are not unheard of in Debian [1,2]. This does not mean we should make it a habit. Have you considered and researched the fasttrack project instead? -nik
Bug#931334: firefox: leaks sensitive information between private windows
Package: firefox Version: 68.0~b6-2 Severity: grave Tags: upstream security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Firefox leaks sensitive information between private windows that should normally not share personal data. I logged into my company's Google account (*sigh*) in one private window, and helpfully immediately got that account information shared with a website opened in another private window, that congratulated me for now being signed in with my Google account. Why on earth did Firefox just leak my sensitive private data to another private mode website? - -- Package-specific info: - -- Addons package information - -- System Information: Debian Release: 10.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:da:sv:en:de_DE:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firefox depends on: ii debianutils 4.8.6.1 ii fontconfig2.13.1-2 ii libasound21.1.8-1 ii libatk1.0-0 2.30.0-2 ii libc6 2.28-10 ii libcairo-gobject2 1.16.0-4 ii libcairo2 1.16.0-4 ii libdbus-1-3 1.12.16-1 ii libdbus-glib-1-2 0.110-4 ii libevent-2.1-62.1.8-stable-4 ii libffi6 3.2.1-9 ii libfontconfig12.13.1-2 ii libfreetype6 2.9.1-3 ii libgcc1 1:8.3.0-7 ii libgdk-pixbuf2.0-02.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2 ii libgtk-3-03.24.5-1 ii libjsoncpp1 1.7.4-3 ii libnspr4 2:4.21-1 ii libnss3 2:3.44.0-1 ii libpango-1.0-01.42.4-6 ii libstartup-notification0 0.12-6 ii libstdc++68.3.0-7 ii libvpx5 1.7.0-3 ii libx11-6 2:1.6.7-1 ii libx11-xcb1 2:1.6.7-1 ii libxcb-shm0 1.13.1-2 ii libxcb1 1.13.1-2 ii libxcomposite11:0.4.4-2 ii libxdamage1 1:1.1.4-3+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes31:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt61:1.1.5-1+b3 ii procps2:3.3.15-2 ii zlib1g1:1.2.11.dfsg-1 Versions of packages firefox recommends: ii libavcodec57 7:3.4.3-1 ii libavcodec58 7:4.1.3-1 Versions of packages firefox suggests: ii fonts-lmodern 2.004.5-6 ii fonts-stix [otf-stix] 1.1.1-4 ii libcanberra0 0.30-7 ii libgssapi-krb5-2 1.17-2 ii libgtk2.0-02.24.32-3 ii pulseaudio 12.2-4 - -- no debconf information -BEGIN PGP SIGNATURE- iQKJBAEBCgBzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0bIbsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTylodMD/oDJhm4 gRR5+4sJDL2igFZQf4igtQrEL3TWD1c9AgkP1UHIEuVKojL8MkJLA5pGKDD+kFf8 92VHtKtiTjm1UTuZoDbsAoWFW3YxblZ5zsynzfK7Csrjxt6qOIYgGyzXuumPaeYl fLsn3I3IvaCViqWBkAu1Zzi+SrhVRwaonGIW8bTCuRVq0brTB2hJvttgmhFqA9Cl qKW1AoQ6h0ZUMB64ZzY4TkBaelOmpBYCsRrHvcKATVvd6LCkuGjaU//XkWa4fuqk rp/uXpWQD/73gFU+3cKWVNQId1v05oKf+u7gy7zK6E3AJL1ztECiThHz6fOg+uHy qrYFMODjEJxDxYlveqF0naclwJem4xvi3Uuv4mRy55D/5j3Oxl06eYjN9iF6yHnc H1EPxAF74GyPnn0+uD5xNZIkV155MxIhz7OBxWkEt0h5dRFvDocdp0G6vgSo+dZf dHqSiZUSY0K7kupJjg57QFNIqjal6ocTbko5JeXPtiXW9mP1gBnZ/0APdKqjJtno fxKF8HJ5OjcsxlfoNmhinhJUmR4p6aM7I5jXxUES5SfnSCj5jZPXpxhz6HPlhdr0 IzOirUXpeGygnAkAgHgIcgcv6kUfnJlVnraKjrnljLDxwzvB4S3LRmWWEK+e5mK/ NX8DOjEvM5RhpooD2a7mufDDjaTcBaqXLfTqzQ== =nVIP -END PGP SIGNATURE-
Bug#930633: i3gaps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Control: tags -1 = moreinfo Control: noowner -1 Hi, > Certainly, a merge is the superior solution and i am glad its actually > being considered, but my understanding is that code refactoring/cleaning > could take a considerable amount of time, and therefore the package should > actually be available as a temporary solution for all those who want to use > it, as it currently is everywhere else. I am hereby refraining from sponsoring your upload: 1. You did not respond to my remarks (yet) 2. Both upstreams said the fork is of minor code quality 3. Efforts are being made to fix that 4. Debian stable is not for temporary solutions You might find someone else to sponsor your upload, so I leave this bug open. Please keep in mind that in the case that someone uploads your package, you are responsible to keep it updated, and probably manually fix all issues yourself if upstream decides to work on vanilla i3 instead, and are also responsible for tidying up once the fork is merged into i3 itself if that happens ☺. Again, thanks for your contribution, though! Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0IyLUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylilTD/4ubM8khtlVi9O2j0z0bOLAxJeCHpJnq5Xlw53nIxbWWd5zTeOpY9rH XnQoC9lv5vRVt9Pvd8Y1G0jCy/LKDtboroQQ0VheCPmTXjdHghlhU17utDGjuNlM MYhvSXd0RZgSCfmUy+kxTq7UJ8Z0GfqgAObAe8Xo/t2YjTBCe5gPP/x4yJMOi43S GoxU/YJX/iD4p+3lZBzBfPHFnrs4gPGRsdn6YrI6+f7Y9OT/8rpYMyyWeceb8h1r 8uzYm+TZjN9hKq7yRAxySoeSNvO5iCDtnw3kpCdvH1pQlK/G9jFWM7OToyxxHpJM ESR1CNhvPsj78Nf+HkN1wWN7p5kf4OhOo9BQR1WMqmJ2hsVCHtWCwhQcR7mROcP/ 8ZOFUDnBTPY7GVMQYRxRXG3ix9F83hWeRNbcDyVOB8bFFZhRtUeuWbblxSZ13+9/ ElHEIl8hffr4lRfMd7PVO41WyN6qjUG1GqdFgbdb0VKm2djKI2741WYLhFFsS2Jz KvjYO0qSHEa8HMS/P2jCz1Ai+xBjQST4SS/2nyZFPFmfUj5VJ+bJClXcwzP7neoA DKGA5GYDzXK+msTdwhxfbDALZveDozTajcZ7kKitCtjLn7GW0I+ITtIWs1DgzjOf RAfx22/U86kwd3SOi3aVuh4WrQzxVycgPW1523omPkad/07NBfRt6g== =/4OK -END PGP SIGNATURE-
Bug#930633: i3-gaps RFS/ITP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi antisocrates, > Ingo will outline what needs to be done to get i3-gaps into a mergable > state, so that we can eventually bring these features to all i3 users. > > For the time being, our recommendation is to NOT add i3-gaps to Debian or > any other Linux distribution. Instead, if you have time and motivation, > please consider helping improve i3-gaps with the goal of a merge. With that in mind, please reconsider your package, antisocrates, and the invitation at hand ☺. I strongly support the view not to add i3-gaps as a separate package, now that it was made clear that there are efforts to get the gaps feature merged. Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0Hz6IxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTyliwpEADbI2jq1IiEhBjBi8qDSPaq3WGG8gNtC6kt57JXysUV+FerDrp9qwax Z9HXHjyHyP4oxq0bpbJQHmYTjnNz4FknN2bqdqWO5/bBodOsYmrs4leailsqzDPX aweB3HB46or6lZhCymwKZhhseL9Sv3aBbRBiusBI5umpuGlIwMm1cjXlGse6jUgp +q28k9dydqHb14yxTjA4HPuWHamcoKAwT28IzTV5T6PaKKRiUgmdH6OqDXLpNTFO 8pWvldEHn8lL4QCFiu2kaDA3AAucAZ8++ebxzfyORksWAsLRT56tu+eBHt6nJyQs hf+BeDAWUjOKmx304N38mPcHrhq+mFnNlaUtspxXhGEWOfSnce8ZDacN/ST6jepV nB4vGdiyl6leUNTq9fDENg8UU00Hkpuz5n4pAzQMLc2nx6YLkujS7NOhNff8gwei HiyYqCNK1ATw/X2r+RLl2oROgd+rBPQ5C2RZw2sm+sDd/hSZLEcO5kjDpXXyAze8 /8YhpbgsC5OSy7gK7UmKYm66pexKoto6VDeyh05gqG2z0eXTjpyM+19Rc6f9nZrv Rnt/ON0xUFldZZ2s71nz0Wzc9zeDNQL40iisUZP1i8+qhoS7cuQKC3Kl0rUHkOqt 1ViYNdBszUkBuvCyuaZuPV3Oi2gpHfWbbqv8UBNjVK6iatZMf0UBgg== =3IgO -END PGP SIGNATURE-
Bug#930633: RFS: i3-gaps/4.16.1-1 [ITP]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > Thanks for your contribution! I looked into your package and have the > following remarks: Oh, plus, also please fix the issues listed on your package's mentors page as well, obiously ☺. - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0Hc8wxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTyloqYEACPi2ZqDp5UT/W7u7sPTr8LimxDciPELohPI4qb0RHGTAT4qpkROeUZ g02E981VpzGrnZ5ycAMxArZKYwGs5lidnsmiyA0ilQDkmeLoE864Rrj9BQUy7YpY bZkk6nzx8iMOd3lURzj7jvIWrDWiVXaABGIrDZA4DbuDzze7T9E293Z24szvUCn6 VqJJ7CivDwcKYHXzwsAAfj5vsUT3CFa2UCy1ycbFUjCWMNVA2DUg1f+2OeoO7/cI krnsnRltoTbqvJGHJh8UJwrDT/UVZ2x57s0hj7lRBQ2mzfOXLdqXRjaO/DWrQelZ HyNHL8zf6PWlZnulHDIiPXZvEWeiT5xIzbHSWToL+uNtF+MzjGpSGvALkYtaAP3T avy7WX5yjeKQ5VZD8fBVutYaRQSDaSQmspeESgHOF3AXjDQKth+R8+YmkZy2QmYq zSS7B9F5Qc+3NtV7GbGo39+jQ6kGjNnmx+upryUfOl32TvirR0YG+2BjjC9TP6is CAINW8xx+eV5kWShDhnwrTFbOQ4BFUA+DO9G1/dOkjuy2D1PxsQm8GuAYUTY6/tw I2u/bHtWfnnEGvgfU6zTcWqoJygS4uQJp5koG5I9FosLkckE90/d2rS2i+V7zKkc Jve5M22cP/mUTN6A2qAmmwuKP1dV+8KC8KxfrrG9r4SUCrdLhmluUQ== =+Aqo -END PGP SIGNATURE-
Bug#930633: RFS: i3-gaps/4.16.1-1 [ITP]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, On Mon, Jun 17, 2019 at 04:10:03AM +0300, antisocrates wrote: > I am looking for a sponsor for my package "i3-gaps" Thanks for your contribution! I looked into your package and have the following remarks: * Did you talk to the i3-wm maintainer, Michael Stapelberg, about his opinion on this, and also about ways how to avoid the conflict between the packages and instead enable it to co-exist? * Your Recommends is a bit too "fat" IMHO. I would suggest keeping all that stuff aligned with the i3-wm package, and leave everything else to the i3 meta package. After upload, you can then ask the i3 maintainer to include your i3-gaps package as alternative dependency in his i3 meta-package. * Please add a paragraph about what i3 is to your package description, not only the differences in i3-gaps. * Your d/copyright lists i3wm upstream as source rather than the fork, and also lists the original author as upstream contact. It should point to the GitHub source repo and list Ingo Bürk as upstream contact, While at it, please also look into whether Michael Stapelberg is the only copyright holder. At least Ingo's changes might be big enough to be separate copyrightable work. How did you verify the information you put into d/copyright? * I would prefer to have your packaging repository on salsa.debian.org. * Hmm, two almost exact copies of the same code in Debian in two conflicting packages? i3-gaps is a widely accepted fork I suppose, yes. What is Michael's opinion on that? Please go through my remarks and comment each of them with what you think about it, and whether you implemented it, will do so or won't. Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl0HcsUxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylvB8D/0QzHlAilO3kt+nqsvRSQVxqZX1GUYcbvFRbCtxkoHuBAIOrcqPoK7v JtRuDUbz+WkCtgf8o/qC22dytDHx9u4dTdidJu9htw5owJoFJB29ZpFPU9zRXRw+ kD+Fky3TsnvR4GxRIgrepOnQuvewvxBC37g+IteqELHHSG6YRN/JE0g1O5DZ2gV4 H8ngf1+P5jAASvEZmhfATfQdlyIQxiplTPd2P1vW/ux8nIYwpxBfIjfqeBw60PQB Dfjmnw0woQEWq05oZCJjUDPpV6sHoJmwiu/tJgqw87T2+yoxPezPNOJARqpoc6C3 FOnVl8BTDmlpOOogsWzyAbLtzMrFREZiSet2HmbWUiapZb1drR1RrCUQzlc0oZy5 ohWhh4O/MdJtR1OYkp+654H6253jHltHULc1uWnyjrkNvsvTyQ0CPsj7Qac54Lj5 XMYtnGvDB3fiJ8zTZDoQR5CC2S+Raue+5d8Np6Dyepo3B2W3qaERKWeni8miCNxI bBA1Hr83mN53KkUaZotFRipwjCtj8LWj4R4RvyB3KCu1p1dPdQAUvMYQepl9uXGp xCBlWC1bLbZ40yzCBd2Oz2F5DX5vg2nxAEDxxajPWeGuY7YpS+iAmn9/C4p7Kj4/ d07OqHrwh0P8w3kqxlTkhjSIs8r+7PbN7mz/qR8LCvFhAAvLc6aLJw== =rliv -END PGP SIGNATURE-
Bug#928756: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > The fix takes effect at LTSP chroot installation time. > > You can test it on an existing LTSP server: > > Replace > /usr/share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings > with the file from the git repo. > > Run 'ltsp-build-client' (after having moved away or deleted the existing > chroot); see 'ltsp-build-client --extra-help' for all possible options. It does indeed work when the config is placed there by ltsp-build-client. I now wonder even more how and why ltsp-update-kernels works, but ok ;). - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz46CYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylrsMEACJHHj5/gPj6nIyDkCm9HvCld2qYJUqWHXJKDkzFXT8puuZYIQ8GC62 lolzuNlFj6W751OPlmT+IfXvTXgQ88nQDC0gSv8dwxXsGGvBnNI3ATKgc3DrzrTt XAXKFD4XYi/LHMZwxny5FDUzgB4kN7DORuoQGhNghBxJsmuhDKSv0uQKS3iM0/p0 P2CQ5lwJiMUHB/TugPPELicZed1yMN6iRYCcchyhBrYLJC4a7BEHoThoUyKr11yy 3jstO6EbK8MqsnboSHvX/F6Ti/CDBWOkkpF9OAWrnLKwBjTxrPkf58cwvlUUxf8X yZLeaWG90ufvqhnNYJ1czyxivKnMwxq+VBCWBP5iYpzbjz2t2yjHDRLTg/0navIL TRSa8TNEkHvIR6mP/J+2hhBFKL1rlNLcmbHLDOnUW6Kz4z7rmJF0c1aP50gQcgGz kkxI5RHQTPiyPqFJkA6tipth4woMnyVgzZVMUFR+DU5HTOulVv37FBnds46uBHnh yF1KuLbiQN7/xt9rk7vr44RKZzl7e4JyI12gPVufHHLa1bWjUjyqgKXMNTmw8uYZ XFuEBSnTBczdP9cviqVxvVtNlKrM6cac4pWUvHURhWmDoq/TPc3LFT6jkTsAwNeD O1xM0Tp6RENjmqDPLx5rIVX6Pz56V4o5ZJcbSgKLPepxnKIwHY+riQ== =7AVD -END PGP SIGNATURE-
Bug#928420: php-imagick: CVE-2019-11037
Control: tag -1 + patch pending
Hi,
to prevent two of my/our packages, gosa and movim, from being removed
wiht php-imagick, I uploaded the attached NMU debdiff to DELAYED/2.
Cheers,
Nik
diff -Nru php-imagick-3.4.3/debian/changelog php-imagick-3.4.3/debian/changelog
--- php-imagick-3.4.3/debian/changelog 2018-10-15 21:08:12.0 +0200
+++ php-imagick-3.4.3/debian/changelog 2019-06-06 11:33:10.0 +0200
@@ -1,3 +1,10 @@
+php-imagick (3.4.3-4.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2019-11037. (Closes: #928420)
+
+ -- Dominik George Thu, 06 Jun 2019 11:33:10 +0200
+
php-imagick (3.4.3-4) unstable; urgency=medium
* Bump the required dh-php version to >= 0.33~
diff -Nru php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch
php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch
--- php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch
1970-01-01 01:00:00.0 +0100
+++ php-imagick-3.4.3/debian/patches/0003-Fix-CVE-2019-11037.patch
2019-06-06 11:33:10.0 +0200
@@ -0,0 +1,142 @@
+From: Danack
+Origin:
https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445
+Subject: Fix CVE-2019-11037.
+ out of bounds write in ImagickKernel::addUnityKernel
+Bug: https://bugs.php.net/bug.php?id=77791
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928420
+--- a/imagick-3.4.3/imagickkernel_class.c
b/imagick-3.4.3/imagickkernel_class.c
+@@ -229,9 +229,9 @@ PHP_METHOD(imagickkernel, frommatrix)
+ zval *origin_array;
+ HashTable *inner_array;
+ KernelInfo *kernel_info;
+- long num_rows, num_columns;
+- int previous_num_columns;
+- int row, column;
++ unsigned long num_rows, num_columns;
++ unsigned int previous_num_columns = (unsigned int)-1;
++ unsigned int row, column;
+
+ zval *pzval_outer;
+ zval *pzval_inner;
+@@ -243,7 +243,6 @@ PHP_METHOD(imagickkernel, frommatrix)
+ KernelValueType *values = NULL;
+ double notanumber = sqrt((double)-1.0); /* Special Value : Not A
Number */
+
+- previous_num_columns = -1;
+ count = 0;
+ row = 0;
+ origin_array = NULL;
+@@ -284,7 +283,7 @@ PHP_METHOD(imagickkernel, frommatrix)
+ values = (KernelValueType
*)AcquireAlignedMemory(num_columns, num_rows*sizeof(KernelValueType));
+ }
+
+- if (previous_num_columns != -1) {
++ if (previous_num_columns != ((unsigned int)-1)) {
+ if (previous_num_columns != num_columns) {
+
php_imagick_throw_exception(IMAGICKKERNEL_CLASS, MATRIX_ERROR_UNEVEN TSRMLS_CC);
+ goto cleanup;
+@@ -337,6 +336,8 @@ PHP_METHOD(imagickkernel, frommatrix)
+ else {
+ HashTable *origin_array_ht;
+ origin_array_ht = Z_ARRVAL_P(origin_array);
++
++ // parse the origin_x
+ tmp = zend_hash_index_find(origin_array_ht, 0);
+ if (tmp != NULL) {
+ ZVAL_DEREF(tmp);
+@@ -346,6 +347,19 @@ PHP_METHOD(imagickkernel, frommatrix)
+ php_imagick_throw_exception(IMAGICKKERNEL_CLASS,
MATRIX_ORIGIN_REQUIRED TSRMLS_CC);
+ goto cleanup;
+ }
++ // origin_x is unsigned, so checking for > num_columns, also
++ // checks for < 0
++ if (origin_x>=num_columns) {
++ zend_throw_exception_ex(
++ php_imagickkernel_exception_class_entry,
++ 5 TSRMLS_CC,
++ "origin_x for matrix is outside bounds of
columns: " ZEND_LONG_FMT,
++ origin_x
++ );
++ goto cleanup;
++ }
++
++ // parse the origin_y
+ tmp = zend_hash_index_find(origin_array_ht, 1);
+ if (tmp != NULL) {
+ ZVAL_DEREF(tmp);
+@@ -355,6 +369,17 @@ PHP_METHOD(imagickkernel, frommatrix)
+ php_imagick_throw_exception(IMAGICKKERNEL_CLASS,
MATRIX_ORIGIN_REQUIRED TSRMLS_CC);
+ goto cleanup;
+ }
++ // origin_y is unsigned, so checking for > num_rows, also
++ // checks for < 0
++ if (origin_y>=num_rows) {
++ zend_throw_exception_ex(
++ php_imagickkernel_exception_class_entry,
++ 5 TSRMLS_CC,
++ "origin_y for matrix is outside bounds of rows:
" ZEND_LONG_FMT,
++ origin_x
++ );
++ goto cleanup;
++ }
+ }
+
+
Bug#928756: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > The fix takes effect at LTSP chroot installation time. > > You can test it on an existing LTSP server: > > Replace > /usr/share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings > with the file from the git repo. > > Run 'ltsp-build-client' (after having moved away or deleted the existing > chroot); see 'ltsp-build-client --extra-help' for all possible options. ok… I did run the command from the script in my existing chroot and then ran ltsp-update-kernels. I was (and still am) very certain that this is exactly what the script does. I will test again using the script to generate the file. - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz4AEsxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylutaD/0SYSmasPGe5TyDZR0n1N77ufpUzDw8O4sPHFTlbWoTrplFvrvxdgrT HqzOIZg9P0VAcdLWTvG/wywW87L3E1cawedRLo4jL0oO1i5hhWQ3DhKwxmCNKimg J1fR0aeqQs32OR+RHxmIm3TFq63igzbQkBhCZo6Fzmq4y0yfEocl4M31ExdD5rOd GcScZM9/E+P9Z6Q7WBKEwCLbwVbiBKy1OHy3KWQ78Gwlf6JPaK87+2OcJ/7FXGBP IiFbGRYhUaH1D6tgAHx8OFViru7VWRBDPflwSHaXR3e7cloJU6LdqsuJM7YAbwWh BqOgppQ2rSnMi/lXX3YZp4CrfBDdTib7YZwNYVjrJYhKLQlRJ/bfgVPe6FcaxQz/ 3pYgFuRFRfRp7pinPVZu2jklCrt3pmoJM4BarVwkQI5Zt8ifECOYsEZMairR/wQJ 0M676SBMF5mtXro8NsrnfXP7kxOAnK7qG48IuGKCbJN1YGbqSFcOcxiprr4fVSpS /eS3I873usBwURJReO5tdzLaHT/JvdGNqFFtsV+P2iVJtpw/a1OcBCRTJswnCzMU ggydbUXNTVuFixVzAJBwH5qzqiT6LUdVOyLETo7g28tsGuCffZcTI0O7WICDDb4T Y/BvH9o+UAvu85m2BaVhpDPBtTCGg9lI0ydmokACwTG8JMykSdc13w== =6sHV -END PGP SIGNATURE-
Bug#928756: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I tested with the ipappend option, and it does indeed solve the major problem. I would prefert o have all domains as search domains so every host can be called by its short hostname, but that's a question of taste, so I am fine with the ipappend solution. However… > +after-install) > +mkdir -p $ROOT/etc/ltsp/update-kernels.conf.d > +echo 'IPAPPEND="2"' > $ROOT/etc/ltsp/update-kernels.conf.d/pxe > +;; …I could not get ltsp-update-kernels to actually set ipappend to 2 in the /var/lib/tftpboot/ltsp tree. I tried to put the IPAPPEND="2" variable everywhere, but ltsp-update-kernels changed nothing and the ltsp/ tree still had ipappend 3 everywhere. So, two parts: * Using ipappend works toget working DNS * The update-kernels config for some reason does not work Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz37iYxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTyliAlEACwZvkfqq88Gln19846ygKgmVrdVDcJAq7vAFRgsT5fmqWfu1BVhNb2 M5pJOxpH+TszlE1f3zPib37SwfNL7EBJW6uApZ98iv4gBnNv5C8tPA8nfO/ZM4nZ 5wSt57briz4+E8oSMA1U36GqCvQWJXXXmlprNx805wFg7fUansWY7bJvTAefOOOl SqDMegi/fT4vVTKP1zhrJEki+fxty/OHeyo5Fq7uxL6nkGOC8hNc+xgDu7zKG4+i pGqTiqVwl2V2QGU4o3JyXFBd+0HH7eGDNqWp5DiSM4qeR69jvcDTXVxPAp2xock7 LNOZvronKn/kVSjzjn4sIyFeORGMH7MkkIgDZxy4StsGlGjH7TjQ6vG50mErg9ZJ /bg218SHtfNTlRRZ2owndkwqTrtOy1kh0X99bvs+LoZpTYEXVoA0Nwkgq8ulv0kj sMz2OgatYh3bHuCiYdrRw2t9A9j5KlEQFxJhZvb6Z5hBficc+Xc87QdO+WKW78dI dC5EucmbulhDmqjwabHCYAZKCreu8pAclypJvjpK4yDnP93FXY5i/3xH529L1SHV 8tGeb7VtdrAaIsuoKY515+JW5aG3rWna7GhDN3Ei+4B2hRJptxFVPcjq9KHxfIiI 0C1e5qYMNrTvunD66G4MZDFFoc/LkwzRaDxVHrbFeN8Z0cscLmy61Q== =7WSR -END PGP SIGNATURE-
Bug#929964: debian-edu-config: sudo fails on LTSP clients
>Perhaps it is time to switch all clients to sssd? Oh yes, please... Happy to put that on my list of all the tests to do in Hamburg ;). -nik
Bug#929907: libgnutls30: Connections to older GnUTLS servers break
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > Is this reproducile with gnutls-cli or is the respective server > publically accessible? It is reproducible. 1. Create a buster chroot for the server, or something similar. 2. Install gnutls-bin 3.6.6-3 and ssl-cert. 3. Start something like: gnutls-serv --echo --x509keyfile /etc/ssl/private/ssl-cert-snakeoil.key --x509certfile /etc/ssl/certs/ssl-cert-snakeoil.pem 4. Create a buster chroot for the client. 5. Install gnutls-bin 3.6.7-2 and pwgen (I used that to generate random blobs of printable data). 6. Try: pwgen 16383 | gnutls-cli --no-ca-verification --port 5556 localhost - From a size of 16383 bytes onwards, I get: |<1>| Received packet with illegal length: 16385 |<1>| Discarded message[1] due to invalid decryption *** Fatal error: A TLS record packet with invalid length was received. *** Server has terminated the connection abnormally. After upgrading the server to 3.6.7-2, the problem goes away. Actually, this might as well be an issue in 3.6.6, that was masked while clients were also 3.6.6… I don't know ;)! - -nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlz1locxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylrJ7D/9ji2A9+audQYrS1BYInzijlV0QBJLO3ZbAUqt0zhD0jp6Xw9gUKIpW RU/TGNCzPoXusCefCsdRZAXPHt6aMCgu0ir/oPebMqz8PfIDVoqe588E4dF608u1 /QpfpBzf2DJVfwIjuAPXHLpYL7SmCE9HRanRxR1Wdnxg7mfzhnWO0Nq0Ef7+fsvr ADMoQaQ6bXko6zS8g2+7cVcI9WURwaozErSHujBhJQjbKlAkO0hzGlpUgWYuu/gd YghSxaCIQRBuPqoF3prFRA1PkdJnJxaVBaWh15laejxxGZTbb7DRqv7MGewm+LUC oi/QsnfoZ6hdOKCCP4mGzDKn47oZuVh6ldEemhOC7RK0Gzss+1qqx5XXdcOF3Xcr brxEshkYLvSMqzLZP4JaKe8a2joTYcn42yvkszB1FlTLmBJ1sK93bRIdZQf2FYKo RT+2oLITjS9tjRbJjrfoIGzCS0UCiNkJeotYBYS33jHU94igTrLOlayNoCmCe++U KQsn+09eWnGa9jdeAE6gfGzuxz5krvG2dK2cM/+clHak53EkzRQMGX9hKOkpIa0b Bs+0bKiNbCLSQtaYx4x9vSxWJg/3XOe+TXGu6CwvYFRlTW1ZXz5uOHGvbCyFoTPK Q4bbKqP+xmcfdxibx18A2rqMsByNOiNqliC9+3PdreZ2pCPeO3X1PA== =Blay -END PGP SIGNATURE-
Bug#929907: libgnutls30: Connections to older GnUTLS servers break
Package: libgnutls30 Version: 3.6.7-3 Severity: grave Justification: renders package unusable The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap client library) when connecting to a server with the previous 3.6.6-2 version. I am afraid it breaks more than that. GnuTLS-secured connections are just closed with no visible reason. Seen on more than 12 systems, then went to a system that had not got the update yet. An ldapsearch works with 3.6.6-2, and fails after updating to 3.6.7-3 with the connection just being closed after reading some data from the LDAP server setill on 3.6.6-2. Upgrading GnuTLS to 3.6.7-3 on the server made the problem go away. I am setting this critical as I cannot imagine it is expected that GnuTLS clients require the server to be the exact same version. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgnutls30 depends on: ii libc6 2.28-10 ii libgmp10 2:6.1.2+dfsg-4 ii libhogweed43.4.1-1 ii libidn2-0 2.0.5-1 ii libnettle6 3.4.1-1 ii libp11-kit00.23.15-2 ii libtasn1-6 4.13-3 ii libunistring2 0.9.10-1 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: pn gnutls-bin -- no debconf information
Bug#928756: debian-edu-config | Hand out all subdomains configured by default to all LTSP clients. (ca3b521f)
>My mail wasn't about DNS record yes/no. Yes, it was, when you said that the wish for working DNS were site-specific :). -nik
Bug#928756: debian-edu-config | Hand out all subdomains configured by default to all LTSP clients. (ca3b521f)
>So if out of site specific wishes LTSP clients in their dedicated >subnet >should be added via GOsa with also DNS enabled, 'ipappend 2' should be >used instead of 'ipappend 3'. I strongly believe that every single host on a network should have a DNS record. -nik
Bug#915805: NMU of swift-im
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Kevin, hi Mattia, as I needed libswiften to build something, I went fixing the most important bugs in the package so it at least builds again in current sid. Would you want me to upload these fixes as NMU, so the package is usable until you get everything else solved? Cheers, Nik -BEGIN PGP SIGNATURE- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlzirFkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylsBlD/9gba9Zrqjnc0iFMqQuZnFT0vJ6PyO6faRW5KT3OszBODCx/EUIrRoy MJOqPyvyLXZznvKXJk9h569/8UIyvQFMF2sJAoIkkZN3kFMJooqyJafr5VuyBLb9 xmCtDUQvUPHRoT0g9Kzh0O9znM8DLd838yoXa1Yxwd3cg4JaQ0fQRBtZv/i67E2R iBOjmu6Dk5Adp0/TxW6L+DX1NH0PT9K+G1kx3mDm/xpWfnVw9oW59tE+M+ARKMCu 7JXEYaFNkj5vLWNm3AqXdYHLGlTHravfu2/1l96GyRnwQA1MTKmWNY6ynxz/zNmC uHcwvDKItwJBoq8Tmq9KvCLWtF+urvL8MHDxA+FfT6H/ptlLb7cFKmAj4awZ2Dbn cx+oyl2HTrzqeCu2CT99EgU7p6dHuKLkynMUhxPKDBQLvLzDDzXLBVlXAqxkszL5 H1XQTqlLIja90Rz6FXpFhhin8EI24E69/FVAPaAQPwAIgEZzCTV5gxNFRl3v7nEE 5d07XtXb3lMycjwCZurXIAEAiY0bzgsn6pYDWtog0dL6XHktyIMkE3efR0AQJC5o gyx01rZIqmVPIyxYn89t+s99PJVVO62MAWQoWyRmXAftmhUKGA8KyZmIPt2lT9YJ QZYr+UIaXQ9b7Ed1yMYQ5b/iZ1I7CMCC5txGow/YC1/kN3UdGhTGVQ== =BBKN -END PGP SIGNATURE-
Bug#929242: apt: adding '-' at the end of apt install wants to remove the package
Hi, >I want to automate some stuff in php (check if it is installed and if >not then install it, not remove the parent package and have a broken >system after execute… > >Situation: >oops I’ve forgot to set the module and don’t check for it (I mean I >want to install it not remove the whole php7.0 package so this script >won’t work anymore after it, because php is not installed anymore, and >no fallback … So, don't do that. It seems to me you will shoot yourself in the foot anyway. >Sent from Mail for Windows 10 Oh well... At least stop sending unsolicited ads, please. -nik
Bug#929242: apt: adding '-' at the end of apt install wants to remove the package
Hi, > I accidentally added a '-' to the apt install command and it wants to remove > the installed packages and it's dependencies. thanks for reporting that apt works as expected for you :)! https://manpages.debian.org/stretch/apt/apt.8.en.html install, remove, purge (apt-get(8)) Performs the requested action on one or more packages specified via regex(7), glob(7) or exact match. The requested action can be overridden for specific packages by append a plus (+) to the package name to install this package or a minus (-) to remove it. -nik
Bug#901379: gitlab: postinst script should not call psql if database is not managed by dbconfig-common
On Tue, 12 Jun 2018 11:56:45 +0200 Frederik Himpe wrote: > Package: gitlab > Version: 10.7.5+dfsg-2~bpo9+1 > Severity: normal > > Dear Maintainer, > > the gitlab.postinst script fails to enable the pg_trgm extension if > there is no locally running postgresql database: > > Setting up gitlab (10.7.5+dfsg-2~bpo9+1) ... > Creating/updating gitlab user account... > Making gitlab owner of /var/lib/gitlab... > Creating runtime directories for gitlab... > Updating file permissions... > Configuring hostname and email... > Configuring nginx with HTTPS... > Configuring gitlab with HTTPS... > Updating gitlab_url in gitlab-shell configuration... > Registering /usr/lib/tmpfiles.d/gitlab.conf via ucf > /etc/systemd/system/gitlab-mailroom.service.d/override.conf already > exist > /etc/systemd/system/gitlab-unicorn.service.d/override.conf already exist > /etc/systemd/system/gitlab-sidekiq.service.d/override.conf already exist > /etc/systemd/system/gitlab-workhorse.service.d/override.conf already > exist > Registering /etc/gitlab-shell/config.yml via ucf > Registering /etc/gitlab/gitlab.yml via ucf > Registering /etc/gitlab/gitlab-debian.conf via ucf > dbconfig-common: writing config to /etc/dbconfig-common/gitlab.conf > dbconfig-common: flushing administrative password > psql: could not connect to server: No such file or directory > Is the server running locally and accepting > connections on Unix domain socket > "/var/run/postgresql/.s.PGSQL.5432"? > dpkg: error processing package gitlab (--configure): >subprocess installed post-installation script returned >error exit status 2 > > I chose to not manage the postgresql database by dbconfig because I am using > an externally running database. In that case this command should not be run. > > > -- System Information: > Debian Release: 9.4 > APT prefers stable > APT policy: (600, 'stable'), (550, 'proposed-updates'), (500, 'oldstable'), > (450, 'oldstable-proposed-updates'), (420, 'testing'), (200, 'unstable'), > (160, 'experimental'), (150, 'oldoldstable'), (140, > 'oldoldstable-proposed-updates') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB:en (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages gitlab depends on: > ii adduser3.115 > ii apache2 [httpd]2.4.25-3+deb9u4 > ii asciidoctor1.5.6.2-2~bpo9+1 > ii bc 1.06.95-9+b3 > ii bundler1.13.6-2 > ii dbconfig-pgsql 2.0.9~bpo9+1
Bug#901379: gitlab: postinst script should not call psql if database is not managed by dbconfig-common
On Tue, 12 Jun 2018 11:56:45 +0200 Frederik Himpe wrote: > Package: gitlab > Version: 10.7.5+dfsg-2~bpo9+1 > Severity: normal > > Dear Maintainer, > > the gitlab.postinst script fails to enable the pg_trgm extension if > there is no locally running postgresql database: > > Setting up gitlab (10.7.5+dfsg-2~bpo9+1) ... > Creating/updating gitlab user account... > Making gitlab owner of /var/lib/gitlab... > Creating runtime directories for gitlab... > Updating file permissions... > Configuring hostname and email... > Configuring nginx with HTTPS... > Configuring gitlab with HTTPS... > Updating gitlab_url in gitlab-shell configuration... > Registering /usr/lib/tmpfiles.d/gitlab.conf via ucf > /etc/systemd/system/gitlab-mailroom.service.d/override.conf already > exist > /etc/systemd/system/gitlab-unicorn.service.d/override.conf already exist > /etc/systemd/system/gitlab-sidekiq.service.d/override.conf already exist > /etc/systemd/system/gitlab-workhorse.service.d/override.conf already > exist > Registering /etc/gitlab-shell/config.yml via ucf > Registering /etc/gitlab/gitlab.yml via ucf > Registering /etc/gitlab/gitlab-debian.conf via ucf > dbconfig-common: writing config to /etc/dbconfig-common/gitlab.conf > dbconfig-common: flushing administrative password > psql: could not connect to server: No such file or directory > Is the server running locally and accepting > connections on Unix domain socket > "/var/run/postgresql/.s.PGSQL.5432"? > dpkg: error processing package gitlab (--configure): >subprocess installed post-installation script returned >error exit status 2 > > I chose to not manage the postgresql database by dbconfig because I am using > an externally running database. In that case this command should not be run. > > > -- System Information: > Debian Release: 9.4 > APT prefers stable > APT policy: (600, 'stable'), (550, 'proposed-updates'), (500, 'oldstable'), > (450, 'oldstable-proposed-updates'), (420, 'testing'), (200, 'unstable'), > (160, 'experimental'), (150, 'oldoldstable'), (140, > 'oldoldstable-proposed-updates') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB:en (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages gitlab depends on: > ii adduser3.115 > ii apache2 [httpd]2.4.25-3+deb9u4 > ii asciidoctor1.5.6.2-2~bpo9+1 > ii bc 1.06.95-9+b3 > ii bundler1.13.6-2 > ii dbconfig-pgsql 2.0.9~bpo9+1
Bug#928756: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
Hi, > Thanks for providing the screenshot. It's a special case to have fixed > IPs in this subnet. If you untick DNS it is supposed to work. But then I don't get a resolvable, fixed hostname, right? That was the whole idea behind adding the hosts: Have them limited to PXE booting, but still get readable hostnames in logs and for SSH access. I will still test without DNS. -nik signature.asc Description: PGP signature
Bug#928756: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
Package: debian-edu-config Version: 2.10.64 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The following misbehaviour occurs reproducibly in a new installation of Debian Edu buster. 1. Install a combined server like normal. 2. Add a machine on the LTSP network 192.168.0.0/32 as in the screenshot. 3. Boot that machine as diskless workstation. If done like that, the /etc/resolv.conf generated at boot by ltsp-init with the information provided by 08-edu-hostname is missing a search domain entry (it should probably be subnet00.intern intern). Thus, short hostnames, like used by the default Firefox start page, are not resolvable. The configuration of the search domain works perfectly on the main network 10.0.0.0/16. I only tested on (two different) combined servers, not on a dedicated terminal server. - -- System Information: Debian Release: buster/sid Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-edu-config depends on: ii bind9-host 1:9.11.5.P4+dfsg-1 ii cfengine33.12.1-2 ii debconf [debconf-2.0]1.5.71 ii debconf-utils1.5.71 ii debian-edu-artwork 2.10.5-1 ii desktop-profiles 1.4.30 ii e2fsprogs1.44.5-1 ii education-tasks 2.10.47 ii fping4.2-1 ii isenkram-cli 0.41 ii ldap-utils 2.4.47+dfsg-3 ii ldapscripts 2.0.8-1 ii libconfig-inifiles-perl 3.01-1 ii libfilesys-df-perl 0.92-6+b4 ii libhtml-fromtext-perl2.07-1 ii libio-socket-ssl-perl2.060-3 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9104-1 ii libnss3-tools2:3.42.1-1 ii libpacparser11.3.6-1.1+b4 ii libpam-python1.0.6-1.1 ii libproxy1-plugin-kconfig 0.4.15-5 ii libproxy1-plugin-networkmanager 0.4.15-5 ii libproxy1-plugin-webkit 0.4.15-5 ii libterm-readkey-perl 2.38-1 ii libtext-unaccent-perl1.08-1.3+b3 ii lockfile-progs 0.1.18 ii lsb-base 10.2019031300 ii lsb-release 10.2019031300 ii mime-support 3.62 ii net-tools1.60+git20180626.aebd88e-1 ii netcat-traditional [netcat] 1.10-41.1 ii ng-utils 1.0-1+b1 ii openssl 1.1.1b-1 ii patch2.7.6-3 ii python 2.7.16-1 ii python-notify0.1.1-4 ii ssl-cert 1.0.39 ii swaks20181104.0-2 ii tftp-hpa 5.2+20150808-1+b1 ii uuid 1.6.2-1.5+b7 Versions of packages debian-edu-config recommends: ii binutils 2.31.1-15 ii libnotify-bin 0.7.7-4 ii lsof 4.91+dfsg-1 ii memtest86+ 5.01-3 pn resolvconf ii syslinux 3:6.04~git20190206.bf6db5b4+dfsg1-1 debian-edu-config suggests no packages. - -- Configuration Files: /etc/sssd/sssd-debian-edu.conf [Errno 13] Keine Berechtigung: '/etc/sssd/sssd-debian-edu.conf' - -- debconf-show failed -BEGIN PGP SIGNATURE- iQJ+BAEBCABoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlzVeD0xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pazfw//RV0gY6hiwqAj0VAnjZHQ +42aDgBSII0r/TBUFXMZjAzGSlEFivoJ366Yxcww8IbJ0fk8gCD0Pz/mdI6Vc6aj 7YeMgkbXChFPSED9PaqjeiAIY6sGl++5Y6Av3X51tsP/+lOkVH8kII5CI55Ggmk1 XY+j02jgh67mstrYZbuiX5DB/bVGuOwVY06t1FO6d8Wsi/YEP4sx7IDJL4o3Ng8b H1jiCFYWUNUt/b1dOTbUhKQS0dIuyPQp0KANQk8aXQ9/VffeypASi/XZQKwAfGF/ wB2ZwYUqtWAQ0qvYsc3WqTj6fkcSqvGc2KGm9vsT3OjfuShs6xPj5Dw0qN3WV2Hk MmlDnRhmUWS8P2y1W9ItbUXMuQ3lUYrxKbpz+E6qBqsriKRIw4KiLGViAwxftrpH fLwim9hC/VPk7bwNU7w0KSWcQfvOWYf6wre4xw3aGgxrk4fuV3i9EutPSSyRNd8m 9NzP1XJRUlghxL66JcYzisKMjKT12aenyABjy3ExOCCwpuZ6L7SWYHKwAbvNQP1b x9F/N0wyEciZ81H1S0GUdEyr5/AnohFlFLrxL7JaNg8xXE/t2JVHWWbO2iCNKbgp 8iUGrvyO8/FsF42UjexiWrNHg7hKDPBEWa4DLtpCMEjvIGEF/QIP4Q/RvBOC+vQC fdI4jtonFwurGbnWV2x5wLE= =ftWv -END PGP SIGNATURE-
