Bug#1033159: marked as done (terminology: When using vim with Terminology the underline atribute gets turned on when scrolling.)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sun, 25 Jun 2023 05:05:18 +
with message-id 
and subject line Bug#1033159: fixed in terminology 1.13.0-2
has caused the Debian Bug report #1033159,
regarding terminology: When using vim with Terminology the underline atribute 
gets turned on when scrolling.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: terminology
Version: 1.13.0-1
Severity: important

Dear Maintainer,

I noticed this bug a few months ago, but it seemed intermittent.
I can now trigger it 100% on multiple boxes.
Its rather annoying but very simple to trigger I'm not sure if it's a
bug in vim because it only seems to happen when using terminology in
vim. I'm running KDE / Plasma (I've not tried in gnome)
Nvi does not trigger this bug nore does Nano. Using vim with the linux
console, xterm rxvt and konsole does not produce this bug.

How to produce:
open vim inside terminology enit a file that is larger than the
terminal and requires scrolling (it shows best with a 2 page document
with a reasonable coverage of text) simply scroll up of down past the
current view point and you will note that new text has the underline
atribute set. Scrolling back up will result in off screen text being
rendered with underline attribute set as it comes back down into view.

This works even if you are connecting to another box over ssh.
If the underlined text is at the bottom of the page then if you exit vim
then the terminal continues to have underlined text.

Typing reset clears it.

I have my terminal set to 256 colour xterm.

Any ideas?
It's even doing it in this bug report.

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.2.7 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages terminology depends on:
ii  libc6 2.36-8
ii  libecore-con1 1.26.3-1+b1
ii  libecore-evas11.26.3-1+b1
ii  libecore-file11.26.3-1+b1
ii  libecore-imf1 1.26.3-1+b1
ii  libecore-input1   1.26.3-1+b1
ii  libecore-ipc1 1.26.3-1+b1
ii  libecore1 1.26.3-1+b1
ii  libedje1  1.26.3-1+b1
ii  libeet1   1.26.3-1+b1
ii  libefreet-bin 1.26.3-1+b1
ii  libefreet1a   1.26.3-1+b1
ii  libeina1a 1.26.3-1+b1
ii  libelementary11.26.3-1+b1
ii  libemotion1   1.26.3-1+b1
ii  libethumb-client-bin  1.26.3-1+b1
ii  libethumb-client1 1.26.3-1+b1
ii  libevas1  1.26.3-1+b1
ii  libevas1-engines-wayland  1.26.3-1+b1
ii  libevas1-engines-x1.26.3-1+b1
ii  terminology-data  1.13.0-1

terminology recommends no packages.

Versions of packages terminology suggests:
ii  libelementary-bin  1.26.3-1+b1

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: terminology
Source-Version: 1.13.0-2
Done: Ross Vandegrift 

We believe that the bug you reported is fixed in the latest version of
terminology, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ross Vandegrift  (supplier of updated terminology 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 21:29:39 -0700
Source: terminology
Architecture: source
Version: 1.13.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Pkg-e Team 
Changed-By: Ross Vandegrift 
Closes: 1033159
Changes:
 terminology (1.13.0-2) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * debian/copyright: use spaces rather than tabs to start continuation lines.
   * Update standards version to 4.6.1, no changes needed.

Bug#1038809: marked as done (doodle: Depends on unmaintained gamin)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sun, 25 Jun 2023 04:49:23 +
with message-id 
and subject line Bug#1038809: fixed in doodle 0.7.2-6
has caused the Debian Bug report #1038809,
regarding doodle: Depends on unmaintained gamin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038809: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038809
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: doodle
Severity: important
Tags: trixie sid
User: pkg-gnome-maintain...@lists.alioth.debian.org
Usertags: oldlibs
Control: block 1008205 by -1

This package has a Depends or Build-Depends on gamin, which is unmaintained
upstream (see #1008205).

The Linux kernel's inotify interface is a good replacement.

We shouldn't really be shipping gamin in Debian 13, so this is likely to
become release-critical in future.

Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: doodle
Source-Version: 0.7.2-6
Done: Daniel Baumann 

We believe that the bug you reported is fixed in the latest version of
doodle, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann  (supplier of updated doodle 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 25 Jun 2023 06:32:08 +0200
Source: doodle
Architecture: source
Version: 0.7.2-6
Distribution: sid
Urgency: medium
Maintainer: Daniel Baumann 
Changed-By: Daniel Baumann 
Closes: 1038809
Changes:
 doodle (0.7.2-6) sid; urgency=medium
 .
   * Uploading to sid.
   * Removing doodled package to avoid gamin build-depends (Closes:
 #1038809).
Checksums-Sha1:
 a3af009fd7c6ce584cc5d1570b4f7146c19aa373 2022 doodle_0.7.2-6.dsc
 9c2ecff538b3b3c1aa2e0d0b9e64851858b69e22 39096 doodle_0.7.2-6.debian.tar.xz
 760d3c5c881462ab38a45fe3857419847c9ab140 7340 doodle_0.7.2-6_amd64.buildinfo
Checksums-Sha256:
 077b7685aed1a6368c4a38019938ec2f51eb81e08420c286ea07a5a56afb9899 2022 
doodle_0.7.2-6.dsc
 74e929eb81e786aa3c4e5e50160e9721d094c121b43968ae096322aa38092c70 39096 
doodle_0.7.2-6.debian.tar.xz
 164ae3a2ec8728c06a0ce25bb98d506e54fc53e12357c54f22c743bfdb1c1ccc 7340 
doodle_0.7.2-6_amd64.buildinfo
Files:
 735cafbac147da1b7663f2c3ea7a25bd 2022 utils optional doodle_0.7.2-6.dsc
 867f6139a70e4788af7f594ab7607b32 39096 utils optional 
doodle_0.7.2-6.debian.tar.xz
 22fa6fe0a71cc7deac6026bbea035c76 7340 utils optional 
doodle_0.7.2-6_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmSXw8cACgkQVc8b+Yar
uccv0g//XYejmz6dJjiogEuyFgw4zg6xLnLlPRX8mK4nLB9J7BST9pohwilxFc11
h+Srr5mXX7EMzFIZo5lFNUyCAnMOMMA83XD0GBU9dJRs7q79B/u9z2FZ4w1pfNI+
jUQ4VH05zK2RnqU/jJZ4tK9Lzxjl077sp1tbZqyh8v9h3OZokQEW5Hh6r5QC9dy6
h62jv0RkTF2gwBRL0i/XDoBzdlAlrbEa6DiFZ2qXrtS4VSScIVz6HJCjXXDoqzCH
h7wS9+T/iSX4L2Ci1MbZHcBUshqrjlWdumqFBO2dxiOgnHlxmD+ICS88HoOt6L3V
wwundLMKeyihM4yL8tKJdPCd2Bi8vYGhNppF+dQBiETStQHmIef9qxsGj1aTr66W
8T+nAsMjU8lkWe/9MZO11Rc/LAS4cFJjClhMmzer0AN+Z5Ns3J+HQ03ZBPv/p4f7
l95HxJbiaCsIK+GkTVzlhANilGq9vYiQz2V98Ul2SycBFxSDXuwjiwU+CtaTcuhe
amUqQxgQPSBF/5cX8tHAWzzEXasi7mAC3R9iIwd7eE9ejbyW6vVpWVh6ugLCMUWv
h9ihUqHs/rOxIUhAvUEQ4/Dy4+OnyadWfbUJc0OW4lQJ/JyDhBlAeMglmVW4l2jP
RrxhCJzVDqb+wyTZlFlIa0j+sWa47ztAbgRNH9lOGngWEwFI4iI=
=AHXb
-END PGP SIGNATURE End Message ---

Bug#1038908: marked as done (binutils-msp430: reproducible builds: embeds build path in various binaries)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sun, 25 Jun 2023 04:03:46 +
with message-id 
and subject line Bug#1038908: fixed in binutils-msp430 2.24~ti2
has caused the Debian Bug report #1038908,
regarding binutils-msp430: reproducible builds: embeds build path in various 
binaries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038908: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038908
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: binutils-msp430
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in various binaries:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/binutils-msp430.html

  /usr/bin/msp430-addr2line

  /build/1st/binutils-msp430-2.24~ti1/binutils-2.40/bfd/elflink.c:9935
  vs.
  /build/2/binutils-msp430-2.24~ti1/2nd/binutils-2.40/bfd/elflink.c:9935

The attached patch to debian/rules fixes this by using the default
clfags for dpkg-buildflags, which includes -ffile-prefix-map to avoid
embedded build paths.

An alternate approach which may fix this issue is to switch to using a
newer debhelper compat level and dh, which may bring numerous other
benefits as well.

According to my local tests, with this patch applied binutils-msp430
should build reproducibly on tests.reproducible-builds.org!

Thanks for maintaining binutils-msp430!

live well,
  vagrant
From 73dd38286747b8fb031a9b4fa662334b1f7db6e9 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Thu, 22 Jun 2023 16:21:25 -0700
Subject: [PATCH] debian/rules: Use default CFLAGS.

---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index 852e34d..482d8d6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,6 +17,7 @@ CONFARGS = --prefix=/usr \
--target=$(TARGET)\
--disable-static
 
+export CFLAGS = $(shell dpkg-buildflags --get CFLAGS)
 
 unpack: unpack-stamp
 unpack-stamp:
-- 
2.39.2



signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: binutils-msp430
Source-Version: 2.24~ti2
Done: Vagrant Cascadian 

We believe that the bug you reported is fixed in the latest version of
binutils-msp430, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian  (supplier of updated 
binutils-msp430 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 20:24:14 -0700
Source: binutils-msp430
Architecture: source
Version: 2.24~ti2
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Vagrant Cascadian 
Closes: 1038908
Changes:
 binutils-msp430 (2.24~ti2) unstable; urgency=medium
 .
   * QA upload.
   * debian/rules: Switch to dh. (Closes: #1038908)
   * Switch to debhelper-compat 10. (Closes: #1038908)
   * debian/control: Change to priority "optional".
   * debian/rules: Pass --with-system-zlib to configure.
   * debian/rules: Pass --enable-deterministic-archives to configure.
   * debian/control: Set Rules-Requires-Root to "no".
Checksums-Sha1:
 b74d68deb107d3fd60ac0ff61e99a94b0f9f841a 1190 binutils-msp430_2.24~ti2.dsc
 bb894270e69a48bb5c1212e2db6a9d1f0c4b5636 3412 binutils-msp430_2.24~ti2.tar.xz
Checksums-Sha256:
 a2e431da435e2f94bf366c26983a30f1af77071dcc78350ffd00dd31e9bba828 1190 
binutils-msp430_2.24~ti2.dsc
 02b2ceea96fcdc39e06cad3b294e6d6428a57165aa614a819569ac2996cd79ac 3412 
binutils-msp430_2.24~ti2.tar.xz
Files:
 4111fbf9b37a82c1d536102771d198c5 1190 devel optional 
binutils-msp430_2.24~ti2.dsc
 b89665afff2bd0cba5a33e0c2ef66d9b 3412 devel optional 
binutils-msp430_2.24~ti2.tar.xz

-BEGIN PGP SIGNATURE-

iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZJe1wiAcdmFncmFudEBy
ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWqn0GAQDT0VeDVQyGblUd
yLmmimJlZKrS/COnVkgOkaTaZ3U9zgEAyAhjNNtUgc3VmjhEDOt1ay02O1BTw2+6
eDhLb+hkJAE=
=OXnv
-END PGP SIGNATURE End Message ---

Bug#1038926: marked as done (cvs fails with "rsh: No host specified!")

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sun, 25 Jun 2023 01:20:14 +
with message-id 
and subject line Bug#1038926: fixed in cvs 2:1.12.13+real-29
has caused the Debian Bug report #1038926,
regarding cvs fails with "rsh: No host specified!"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cvs
Version: 2:1.12.13+real-28
Severity: important
X-Debbugs-Cc: groth...@gmail.com

Dear Maintainer,

After the latest Debian update (the new stable release), 
CVS suddenly stopped to function completely for me. 

First, I got an error message about 'rsh' not found (and indeed
there was no 'rsh' in my path despite rsh-client being installed!?)
so I installed rsh-redone-client (rsh-client was already installed).  
Then I got "rsh: No host specified"; I figured rsh-redone-client has
an incompatible API (should then conflict with CVS, right?). 

Anyway, I then uninstalled both rsh implementations and re-installed 
only rsh-client. Unexpectedly, I now did have an 'rsh' binary in my
$PATH.

But, even with that, 'cvs up' now hangs and just outputs 'Connection
timed out'.  This is using the cvs.savannah.gnu.org server.  Note
that from another machine (non-Debian) on the same network, I can
at the same time run the 'cvs up' command against the same server
easily, so this is not actually a network or server situation, but
something about the rcs client (and/or how CVS calls it).

As a result, the package is unusable. (Yes, I also cannot commit.)

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (1000, 'stable-security'), (700, 'stable'), (650, 'testing'), 
(600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cvs depends on:
ii  adduser   3.134
ii  libbsd0   0.11.7-2
ii  libc6 2.36-9
ii  libcrypt1 1:4.4.33-2
ii  libgssapi-krb5-2  1.20.1-2
ii  libkrb5-3 1.20.1-2
ii  zlib1g1:1.2.13.dfsg-1

Versions of packages cvs recommends:
ii  openssh-client  1:9.2p1-2

Versions of packages cvs suggests:
pn  mksh  
pn  rcs   

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: cvs
Source-Version: 2:1.12.13+real-29
Done: Thorsten Glaser 

We believe that the bug you reported is fixed in the latest version of
cvs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Glaser  (supplier of updated cvs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384

Format: 1.8
Date: Sun, 25 Jun 2023 00:09:30 +0200
Source: cvs
Architecture: source
Version: 2:1.12.13+real-29
Distribution: unstable
Urgency: high
Maintainer: Thorsten Glaser 
Changed-By: Thorsten Glaser 
Closes: 1038926
Changes:
 cvs (2:1.12.13+real-29) unstable; urgency=high
 .
   * configure-time hardcode full path for ssh(1) (Closes: #1038926)
   * Bump Policy
   * Opt out of GCC’s buggy LTO
   * Update lintian overrides
   * Acquire changes from MirBSD CVS HEAD:
 - Fix -Wmisleading-indentation
 - small getdate.y and test thereof cleanup
   * Switch to dh7-style rules
   * Run sanity.sh unless nocheck even though this takes over an hour
Checksums-Sha1:
 6411e89c75be530b64d234aab56f7e265053ec90 2281 cvs_1.12.13+real-29.dsc
 977c843cb66dfc474d9eb8e6dadc0bb4f99a49a0 154506 cvs_1.12.13+real-29.diff.gz
Checksums-Sha256:
 7db0aeabb7f4b7e745e9ebb7cee2a5da8219728ed39e0d8458d74a11f3594bac 2281 
cvs_1.12.13+real-29.dsc
 8652bcd7d98275daeb2c5d376fdb5bad792c62db865a680eef9cfeec762c093b 154506 
cvs_1.12.13+real-29.diff.gz
Files:
 e1bd0ebb47b1a806f488279ac973ef21 2281 vcs optional cvs_1.12.13+real-29.dsc
 e270b94fe9a20f1ea605846a2ce5dcf0 154506 vcs optional 
cvs_1.12.13+real-29.diff.gz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (MirBSD)

Processed: RFS: gcc-sh-elf/6 -- GNU C compiler for embedded SuperH devices plus Newlib

2023-06-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1038959
Bug #1038959 [sponsorship-requests] RFS: gcc-sh-elf/6 -- GNU C compiler for 
embedded SuperH devices plus Newlib
Marked Bug as done
> stop
Stopping processing here.

Please contact me if you need assistance.
-- 
1038959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038959
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038728: marked as done (Coordinating libzstd 1.5.5 + python-zstandard 0.21.0 upload)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 23:13:57 +
with message-id 
and subject line Bug#1038728: fixed in libzstd 1.5.5+dfsg2-1
has caused the Debian Bug report #1038728,
regarding Coordinating libzstd 1.5.5 + python-zstandard 0.21.0 upload
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libzstd
Severity: normal
Version: 1.5.4+dfsg2-5
Tags: sid
Control: affects -1 src:python-zstandard
X-Debbugs-CC: r...@debian.org

Dear Debian libzstd maintainer,

As we discussed months ago, we would like to coordinate on the package
upload between src:libzstd and src:python-zstandard to use libzstd with
matched versions.

Please let me know when you plan to upgrade libzstd, and I shall coordinate
the upgrade of src:python-zstandard to match libzstd release. Currently
python-zstandard/0.21.0 needs libzstd/1.5.5.

Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: libzstd
Source-Version: 1.5.5+dfsg2-1
Done: Peter Pentchev 

We believe that the bug you reported is fixed in the latest version of
libzstd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Pentchev  (supplier of updated libzstd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 25 Jun 2023 00:37:36 +0300
Source: libzstd
Architecture: source
Version: 1.5.5+dfsg2-1
Distribution: unstable
Urgency: medium
Maintainer: RPM packaging team 
Changed-By: Peter Pentchev 
Closes: 1038728
Changes:
 libzstd (1.5.5+dfsg2-1) unstable; urgency=medium
 .
   * Do not detect -win64 versions in the watch file.
   * New upstream release:
 - Closes: #1038728
 - drop the 0019-upstream-fix-cli-tests, 0020-upstream-fix-block-splitter,
   and 0021-tests-newline patches, they were taken from upstream
 - adapt the 0022-tests-timeout patch to the new upstream default
   timeout (which was raised, but not enough)
 - update the required version in the dh_makeshlibs invocation
   * Add the 0023-cmake-min-3.13 Debian-specific patch to bump the minimum
 required CMake version to 3.13.4.
Checksums-Sha1:
 9efb801571c131d68f3bf93478c2cac32879d741 2324 libzstd_1.5.5+dfsg2-1.dsc
 b8c804cce277e7ec938cf18b5bbc46e92d552daf 1784164 
libzstd_1.5.5+dfsg2.orig.tar.xz
 a34498b1a6ecfc72512451e15f752105b63699da 21144 
libzstd_1.5.5+dfsg2-1.debian.tar.xz
 ecf4ba74e63c9cda1eb62612413cdfcf63081378 8166 
libzstd_1.5.5+dfsg2-1_amd64.buildinfo
Checksums-Sha256:
 503b2677c4d316fd409731949de064369d27a3addb858c2ca962ef65f91ed546 2324 
libzstd_1.5.5+dfsg2-1.dsc
 d7cf3c10d416fd999cb8fcf7685d9268ba7bec8eb78121fc2d0d916fa393d22b 1784164 
libzstd_1.5.5+dfsg2.orig.tar.xz
 1c5070fa2228e1ae1cca4798e2388a58bb4160c14714d518baa9ef595e80f864 21144 
libzstd_1.5.5+dfsg2-1.debian.tar.xz
 6c380376484bebfad1ad44a96603557b5eb89454f932766d582b0bf063049640 8166 
libzstd_1.5.5+dfsg2-1_amd64.buildinfo
Files:
 8874b93c83d9d35aaf8ed15828296c13 2324 libs optional libzstd_1.5.5+dfsg2-1.dsc
 757b1b125f12cb78fbf256e79ac6d3e9 1784164 libs optional 
libzstd_1.5.5+dfsg2.orig.tar.xz
 03ceee0d483a6c90e2e0cc51a3a543bf 21144 libs optional 
libzstd_1.5.5+dfsg2-1.debian.tar.xz
 f5499872da053f90eb78b261265075c4 8166 libs optional 
libzstd_1.5.5+dfsg2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmSXcqAACgkQZR7vsCUn
3xPffxAApgscRYrSSLkNdql8B6Ti9jakT9zEz5hON6woZBpE0FTISCb/h+uIA0Lb
3UMpGQe4g27XcaQ2ayrD6sK1OQDJm7WCmd9k1MUlsDdIrDSloSIFq3TyAQ0C/Xwq
h8wiQwUfBE+9F03gOgPEKh3UNGw/W6cx+UDfEf/jfKVgSBgfRzDD+/y5pGDNFDfk
ZaFbopFIeDZqfwLo+NZrGbD3UrwlW0rOHa3UCa9UONXccM5qawwTcXTvsmJ7TNbW
kBq4vCnLe4RTU93Eln/iEgHkvutk1CvtHGqyCHDK2jbVrutJ+E1VF5lNR3aQlipN
kwMpTEJg+Nbl70WLespFBxFpdrKX69aRx48aZ/t3a9ofE5MpT/LYcZFwkhx2Ly+8
KGU9sbsXoPOPWOytsGHDCogkeK+VnG5HLOq5g1smUF+Ny26xRVKvMG9Ej98n237P
ep1y+xWoS4ZKuW/efNshSp5bkaXoTrRoEQUmkjEzj9eIHa0sweGK3GoLhPghykvY
+bZrsCLybHO/YTcOVVpF9Tpe+BNp9yrKzGB1Fl2fHGVJOKm0GGeY93okp1Hvcjux

Bug#934420: marked as done (ITA: dhcping -- DHCP Daemon Ping Program)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 21:52:01 +
with message-id 
and subject line Bug#934420: fixed in dhcping 1.2-6
has caused the Debian Bug report #934420,
regarding ITA: dhcping -- DHCP Daemon Ping Program
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
934420: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934420
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp

The current maintainer of dhcping, Martin Schulze ,
is apparently not active anymore.  Therefore, I orphan this package now.

Maintaining a package requires time and skills. Please only adopt this
package if you will have enough time and attention to work on it.

If you want to be the new maintainer, please see
https://www.debian.org/devel/wnpp/#howto-o for detailed
instructions how to adopt a package properly.

Some information about this package:

Package: dhcping
Binary: dhcping
Version: 1.2-4.2
Maintainer: Martin Schulze 
Build-Depends: autotools-dev
Architecture: any
Standards-Version: 3.6.2
Format: 1.0
Files:
 6372f650ce66ce7a34ce9be7a762dd5c 1617 dhcping_1.2-4.2.dsc
 c4b22bbf3446c8567e371c40aa552d5d 75485 dhcping_1.2.orig.tar.gz
 c77992eb6d1526c0fea4cce2fb019f69 31006 dhcping_1.2-4.2.diff.gz
Checksums-Sha256:
 66f5f8efe5e00aba19bbfdd2cb236137f05b17e44d819dbaa866fb32f5f7adfd 1617 
dhcping_1.2-4.2.dsc
 32ef86959b0bdce4b33d4b2b216eee7148f7de7037ced81b2116210bc7d3646a 75485 
dhcping_1.2.orig.tar.gz
 f1263b3b9309506e7d74115e7e68b7eaa7d144dd4f3dc3347abf6cd41873f711 31006 
dhcping_1.2-4.2.diff.gz
Package-List: 
 dhcping deb admin optional arch=any
Directory: pool/main/d/dhcping
Priority: source
Section: admin

Package: dhcping
Version: 1.2-4.2
Installed-Size: 42
Maintainer: Martin Schulze 
Architecture: amd64
Depends: libc6 (>= 2.14)
Description-en: DHCP Daemon Ping Program
 This small tool provides an opportunity for a system administrator to
 perform a DHCP request to find out if a DHCP server is still running.
Description-md5: c1656353f4bd68e86cd8d21688eaf5ac
Tag: admin::monitoring, interface::commandline, network::scanner,
 protocol::dhcp, protocol::ip, role::program, scope::utility,
 use::scanning
Section: admin
Priority: optional
Filename: pool/main/d/dhcping/dhcping_1.2-4.2_amd64.deb
Size: 12960
MD5sum: fc8bcbad333a9646d39fb84c12ca1f3e
SHA256: 2c84d3bc90947a3d92fefae5de7e435c009eef126530649a60235ec712a5d271


-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: dhcping
Source-Version: 1.2-6
Done: Boian Bonev 

We believe that the bug you reported is fixed in the latest version of
dhcping, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Boian Bonev  (supplier of updated dhcping package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jun 2023 15:28:44 +
Source: dhcping
Architecture: source
Version: 1.2-6
Distribution: unstable
Urgency: medium
Maintainer: Boian Bonev 
Changed-By: Boian Bonev 
Closes: 934420
Changes:
 dhcping (1.2-6) unstable; urgency=medium
 .
   * New maintainer (Closes: #934420)
   * Bump standards to 4.6.2, no changes
   * Mark patches as forwarded upstream (by email)
   * Add lintian overrides
   * Update metadata
Checksums-Sha1:
 fd6b6cc7e2c3606656f8bc4fa38f3cfb51d70bfc 1648 dhcping_1.2-6.dsc
 2c1e135f8a3dad750127ccb8d6962c978185c3fa 6272 dhcping_1.2-6.debian.tar.xz
 92bb812c9a67f4ece084366a2505240c78a3efab 5497 dhcping_1.2-6_source.buildinfo
Checksums-Sha256:
 ee282db109dfd0db6a6106ab24b76c9e416f5ef8530d242e0f22784f362e5631 1648 
dhcping_1.2-6.dsc
 08e2290a7115d9386c87c411271933d70b9cd08958f92cc8d67570158ff1a487 6272 
dhcping_1.2-6.debian.tar.xz
 05695ff42b713257bb6bf49edcefe9c3c654b82c969f8afecc21e7332197f602 5497 
dhcping_1.2-6_source.buildinfo
Files:
 beb2661c904f2088095d747b766fbda7 1648 admin optional dhcping_1.2-6.dsc
 b0cca210a7d18ae2d3f7965dc1f9b7dd 6272 admin optional 
dhcping_1.2-6.debian.tar.xz

Bug#1038979: marked as done (guava-libraries: CVE-2020-8908 CVE-2023-2976)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 21:53:33 +
with message-id 
and subject line Bug#1038979: fixed in guava-libraries 32.0.1-1
has caused the Debian Bug report #1038979,
regarding guava-libraries: CVE-2020-8908 CVE-2023-2976
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038979
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: guava-libraries
Version: 31.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for guava-libraries.

CVE-2020-8908[0]:
| A temp directory creation vulnerability exists in all versions of
| Guava, allowing an attacker with access to the machine to
| potentially access data in a temporary directory created by the
| Guava API com.google.common.io.Files.createTempDir(). By default, on
| unix-like systems, the created directory is world-readable (readable
| by an attacker with access to the system). The method in question
| has been marked @Deprecated in versions 30.0 and later and should
| not be used. For Android developers, we recommend choosing a
| temporary directory API provided by Android, such as
| context.getCacheDir(). For other Java developers, we recommend
| migrating to the Java 7 API
| java.nio.file.Files.createTempDirectory() which explicitly
| configures permissions of 700, or configuring the Java runtime's
| java.io.tmpdir system property to point to a location whose
| permissions are appropriately configured.


CVE-2023-2976[1]:
| Use of Java's default temporary directory for file creation in
| `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on
| Unix systems and Android Ice Cream Sandwich allows other users and
| apps on the machine with access to the default Java temporary
| directory to be able to access the files created by the class.  Even
| though the security vulnerability is fixed in version 32.0.0, we
| recommend using version 32.0.1 as version 32.0.0 breaks some
| functionality under Windows.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-8908
https://www.cve.org/CVERecord?id=CVE-2020-8908
[1] https://security-tracker.debian.org/tracker/CVE-2023-2976
https://www.cve.org/CVERecord?id=CVE-2023-2976

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: guava-libraries
Source-Version: 32.0.1-1
Done: tony mancill 

We believe that the bug you reported is fixed in the latest version of
guava-libraries, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill  (supplier of updated guava-libraries package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 23 Jun 2023 22:27:47 -0700
Source: guava-libraries
Architecture: source
Version: 32.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: tony mancill 
Closes: 1038979
Changes:
 guava-libraries (32.0.1-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 32.0.1 (Closes: #1038979)
 Addresses insecure temp directory creation
 See: CVE-2020-8908 CVE-2023-2976
   * Bump Standards-Version to 4.6.2 (no changes)
   * Freshen years in debian/copyright
   * Remove 04-source-encoding.patch; applied upstream
   * Refresh remaining patches for upstream 32.0.1
   * Ignore com.google.errorprone:error_prone_core
   * Patch out reference to com.google.errorprone:error_prone_core
   * Remove get-orig-source target from debian/rules
   * Update debian/rules to use DEB_VERSION_UPSTREAM
   * Update debian/watch to use xz compression
Checksums-Sha1:
 fec1e58c6c7fb5d84b2a7665be5b4ced2cc25cac 2349 guava-libraries_32.0.1-1.dsc
 20a51cf8dec261ba1d87c0b7672de10fa69132c8 3410548 
guava-libraries_32.0.1.orig.tar.xz
 2cba0b628cb713e93fcdfe79298fd9f895b4d399 21844

Bug#1038982: marked as done (RFS: dhcping/1.2-6 [ITA] -- DHCP Daemon Ping Program)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 23:18:05 +0200
with message-id <12040d39-ecc3-bad3-efbd-7883d3dcc...@debian.org>
and subject line Re: RFS: dhcping/1.2-6 [ITA] -- DHCP Daemon Ping Program
has caused the Debian Bug report #1038982,
regarding RFS: dhcping/1.2-6 [ITA] -- DHCP Daemon Ping Program
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038982: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038982
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "dhcping":

 * Package name : dhcping
   Version  : 1.2-6
   Upstream contact : Edwin Groothuis 
 * URL  : https://www.mavetju.org/unix/general.php
 * License  : BSD-2-Clause
 * Vcs  : https://salsa.debian.org/debian/dhcping
   Section  : admin

The source builds the following binary packages:

  dhcping - DHCP Daemon Ping Program

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/dhcping/

Alternatively, you can download the package with 'dget' using this
command:

  dget -x
https://mentors.debian.net/debian/pool/main/d/dhcping/dhcping_1.2-6.dsc

Changes since the last upload:

 dhcping (1.2-6) unstable; urgency=medium
 .
   * New maintainer (Closes: #934420)
   * Bump standards to 4.6.2, no changes
   * Mark patches as forwarded upstream (by email)
   * Add lintian overrides
   * Update metadata

Regards,
-- 
  Boian Bonev


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---

Thanks for the update.--- End Message ---

Bug#1038420: marked as done (rust-rustls - autopkgtest failure with new base64.)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 21:02:10 +
with message-id 
and subject line Bug#1038420: fixed in rust-rustls 0.20.8-4.1
has caused the Debian Bug report #1038420,
regarding rust-rustls - autopkgtest failure with new base64.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038420: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038420
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: rust-rustls
Version: 0.20.8-4
Severity: serious
Tags: trixie, sid

The autopkgtest for rust-rustls autopkgtest depends on rust-base64 0.13 but
unstable now has 0.21 and we are trying to get it into trixie.

Since your package does not use skip-not-installable this is a hard failure
and is blocking the testing migration of rust-rustls-pemfile and hence
rust-base64.

When upstream bumped the dependency they made some code
changes, but it looks like said code changes were only needed
to fix deprecation warnings. Simply bumping the dependency in
Cargo.toml and debian/tests/control is enough to make the autopkgtest
pass.

Debdiff attatched, if this is still outstanding in a week or so and other
blockers for testing migration are cleared, I will probablly NMU it.
diff -Nru rust-rustls-0.20.8/debian/changelog 
rust-rustls-0.20.8/debian/changelog
--- rust-rustls-0.20.8/debian/changelog 2023-02-03 13:57:58.0 +
+++ rust-rustls-0.20.8/debian/changelog 2023-06-18 01:01:18.0 +
@@ -1,3 +1,10 @@
+rust-rustls (0.20.8-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump base64 dev-dependency to 0.21.
+
+ -- Peter Michael Green   Sun, 18 Jun 2023 01:01:18 +
+
 rust-rustls (0.20.8-4) unstable; urgency=medium
 
   * add patch 1001 to add feature constraints to tests
diff -Nru rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch 
rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch
--- rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch1970-01-01 
00:00:00.0 +
+++ rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch2023-06-18 
01:01:00.0 +
@@ -0,0 +1,11 @@
+--- rust-rustls-0.20.8.orig/rustls/Cargo.toml
 rust-rustls-0.20.8/rustls/Cargo.toml
+@@ -37,7 +37,7 @@ log = "0.4.4"
+ rustls-native-certs = "0.6"
+ criterion = "0.3.0"
+ rustls-pemfile = "1.0.0"
+-base64 = "0.13.0"
++base64 = "0.21.0"
+ 
+ [[example]]
+ name = "bogo_shim"
diff -Nru rust-rustls-0.20.8/debian/patches/series 
rust-rustls-0.20.8/debian/patches/series
--- rust-rustls-0.20.8/debian/patches/series2023-02-03 13:56:11.0 
+
+++ rust-rustls-0.20.8/debian/patches/series2023-06-18 01:00:10.0 
+
@@ -1,3 +1,4 @@
 1001_feature_constraints.patch
 2001_native_certs.patch
 2003_network_access.patch
+2004_bump_base64.patch
diff -Nru rust-rustls-0.20.8/debian/tests/control 
rust-rustls-0.20.8/debian/tests/control
--- rust-rustls-0.20.8/debian/tests/control 2023-02-02 19:14:08.0 
+
+++ rust-rustls-0.20.8/debian/tests/control 2023-06-18 00:58:44.0 
+
@@ -4,7 +4,7 @@
 Features: test-name=rust-rustls-0.20:@
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -27,7 +27,7 @@
 Features: test-name=rust-rustls-0.20:dangerous_configuration
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -48,7 +48,7 @@
 Features: test-name=rust-rustls-0.20:quic
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -69,7 +69,7 @@
 Features: test-name=rust-rustls-0.20:secret_extraction
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -90,7 +90,7 @@
 Features: test-name=rust-rustls-0.20:tls12
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -111,7 +111,7 @@
 Features: test-name=rust-rustls-0.20:read_buf
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,

Bug#1033540: marked as done (systemd: backport patch to fix a calendar spec calculation hang on DST change if TZ=Europe/Dublin)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 20:13:14 +
with message-id 
and subject line Bug#1033540: fixed in systemd 247.3-7+deb11u4
has caused the Debian Bug report #1033540,
regarding systemd: backport patch to fix a calendar spec calculation hang on 
DST change if TZ=Europe/Dublin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033540: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033540
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: systemd
Version: 247.3-7+deb11u1
Severity: important

Dear Maintainer,

We (Proxmox) got quite a few reports over the weekend of stuck systemd
processes, seemingly hung on calendar spec calculations. After a
investigation it stuck out the only the Europe/Dubline time zone seemed
affected. We then found a simple reproducer and a patch from newer
systemd releases, which we backported and are in the process of rolling
out broadly in our downstream distro. Note that one requires to have a
timer configured over a specific calendar spec falling into the DST
change time for this to trigger, so not all systems with timezone set to
Europe/Dublin ran into it.

So for current stable Debian Bullseye, please backport a fix [0] for
systemd calendarspec calculation that triggers for the Europe/Dublin
time zone, which handles DST changes in reverse (their summer time is
their standard time and their winter time is like a negative-DST so to
say).

With [0] applied and systemd rebuild, the for the current year adapted
reproducer mentioned in the commit message from [0] is fixed:

  TZ=Europe/Dublin faketime 2023-03-26 systemd-analyze calendar --iterations=5 
'Sun *-*-* 01:00:00'

Upstream has backported [0] already for their v247-stable branch in the
v247.5 stable release and regression potential seems rather small here.

For the sake of completness, systemd-stable backported also another more
general safety net, which aborts the date normalization loop after
maximal 1000 iterations [1], while this is not required for the specific
bug, it's a good safety net in general and we back ported it too to our
downstream systemd.

cheers
Thomas

[0]: 
https://github.com/systemd/systemd-stable/commit/129cb6e249bef30dc33e08f98f0b27a6de976f6f
[1]: 
https://github.com/systemd/systemd-stable/commit/f14b80e09e225ccf7cfd8a85578b7e64c3fdebb9
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 247.3-7+deb11u4
Done: Luca Boccassi 

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Boccassi  (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jun 2023 15:55:54 +0100
Source: systemd
Architecture: source
Version: 247.3-7+deb11u4
Distribution: bullseye
Urgency: medium
Maintainer: Debian systemd Maintainers 

Changed-By: Luca Boccassi 
Closes: 1033540
Changes:
 systemd (247.3-7+deb11u4) bullseye; urgency=medium
 .
   * backport patches to fix a calendar spec calculation hang on DST change
 if TZ=Europe/Dublin (Closes: #1033540)
Checksums-Sha1:
 62ca56596ab00a51334c848489be9250a1adc785 5224 systemd_247.3-7+deb11u4.dsc
 06ea0f82b9b154c3be5415e785439ac551003419 196116 
systemd_247.3-7+deb11u4.debian.tar.xz
 609d88f88e5a38a9b223bad780dcf93889b9c5ed 10770 
systemd_247.3-7+deb11u4_source.buildinfo
Checksums-Sha256:
 7d1b87217b355b62b454728be911c7a9ecf9f9c8e33155e8c0a499b57a86f649 5224 
systemd_247.3-7+deb11u4.dsc
 d1641185f547643cc2788606f209c57a9d66bd9f646564959a2680a7da1e2234 196116 
systemd_247.3-7+deb11u4.debian.tar.xz
 834476ba38b40bad74f7790536c82e4749eb16c62442f4a491f3be55c6e09b23 10770 
systemd_247.3-7+deb11u4_source.buildinfo
Files:
 974efcb574cc56449466b1e75fb99070 5224 admin optional 
systemd_247.3-7+deb11u4.dsc
 c42c689d588cbf3b5e28ca29daffa909 196116 admin optional 
systemd_247.3-7+deb11u4.debian.tar.xz
 b6dab4f3f7ebafe34174b12e7677f970 10770 admin optional 
systemd_247.3-7+deb11u4_source.buildinfo

-BEGIN PGP SIGNATURE-

Bug#1038762: marked as done ([src:systemd]: login (gnome) uses wrong keyboard layout)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:51:55 +
with message-id 
and subject line Bug#1038762: fixed in systemd 253-4
has caused the Debian Bug report #1038762,
regarding [src:systemd]: login (gnome) uses wrong keyboard layout
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: src:systemd
version: 253-3
severity: critical

The latest package update (to unstable) has broken login keyboard-
layout support. I'm marking this as critical due to the chaotic
potential for locking many users out of their accounts / systems, some
of whom unlike myself may have no clue what's wrong and how to get
around it, if they can.

I'm from the UK and my locale / keyboard-layout is setup accordingly.

Systemd packages were updated from 252.11-1 to 253-3 today on my
unstable/sid system. I happened to hit an OOM condition that killed my
user session a little while after having installed these updates,
kicking me back to the Gnome login screen. I tried to log back in but I
couldn't. After many tries, confident I was typing in my password
correctly, and rebooting having made no difference, I toggled the
feature to see what I was typing and discovered that a certain special
character was not matching what I typed. I was able to find a key with
which to enter the correct symbol and thus was able to get back in. I
presume it's defaulting to US layout for some reason.

I checked out the updates that had been installed today and I then
tried downgrading all of the systemd packages (listed below) to those
from testing (252.11-1). This solves the problem.

With 253-3 installed, if I lock my account it seems to be using the
correct layout, but if I logout or reboot then it's using the wrong
one. With the 252.11-1 downgrade everything uses the correct layout
again. Reinstating 253-3 the problem is back, confirming that the
problem relates to the upgrade of systemd packages.

Apt package log (systemd only):
Install: systemd-dev:amd64 (253-3, automatic)
Upgrade: udev:amd64 (252.11-1, 253-3), systemd-container:amd64 (252.11-
1, 253-3), libnss-myhostname:amd64 (252.11-1, 253-3), libpam-
systemd:amd64 (252.11-1, 253-3), libsystemd0:amd64 (252.11-1, 253-3),
libudev-dev:amd64 (252.11-1, 253-3), systemd:amd64 (252.11-1, 253-3),
libudev1:amd64 (252.11-1, 253-3), libnss-mymachines:amd64 (252.11-1,
253-3), libsystemd-shared:amd64 (252.11-1, 253-3), systemd-sysv:amd64
(252.11-1, 253-3), libsystemd-dev:amd64 (252.11-1, 253-3)

Apt term log (systemd only):
Preparing to unpack .../0-libnss-mymachines_253-3_amd64.deb ...
Unpacking libnss-mymachines:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../1-systemd-container_253-3_amd64.deb ...
Unpacking systemd-container (253-3) over (252.11-1) ...
Preparing to unpack .../2-systemd-oomd_253-3_amd64.deb ...
Unpacking systemd-oomd (253-3) over (252.11-1) ...
Preparing to unpack .../3-libpam-systemd_253-3_amd64.deb ...
Unpacking libpam-systemd:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../4-systemd_253-3_amd64.deb ...
Unpacking systemd (253-3) over (252.11-1) ...
Preparing to unpack .../5-libsystemd-shared_253-3_amd64.deb ...
Unpacking libsystemd-shared:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../6-libsystemd0_253-3_amd64.deb ...
Unpacking libsystemd0:amd64 (253-3) over (252.11-1) ...
Setting up libsystemd0:amd64 (253-3) ...
Preparing to unpack .../archives/udev_253-3_amd64.deb ...
Unpacking udev (253-3) over (252.11-1) ...
Selecting previously unselected package systemd-dev.
Preparing to unpack .../systemd-dev_253-3_all.deb ...
Unpacking systemd-dev (253-3) ...
Setting up systemd-dev (253-3) ...
Setting up libsystemd-shared:amd64 (253-3) ...
Setting up systemd (253-3) ...
Installing new version of config file /etc/systemd/journald.conf ...
Installing new version of config file /etc/systemd/system.conf ...
Installing new version of config file /etc/systemd/user.conf ...
Preparing to unpack .../systemd-sysv_253-3_amd64.deb ...
Unpacking systemd-sysv (253-3) over (252.11-1) ...
Preparing to unpack .../libsystemd-dev_253-3_amd64.deb ...
Unpacking libsystemd-dev:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../libudev-dev_253-3_amd64.deb ...
Unpacking libudev-dev:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../libudev1_253-3_amd64.deb ...
Unpacking libudev1:amd64 (253-3) over (252.11-1) ...
Setting up libudev1:amd64 (253-3) ...
Preparing to unpack .../libnss-myhostname_253-3_amd64.deb ...
Unpacking libnss-myhostname:amd64

Bug#996878: marked as done (python3-prelude: python3 import prelude throws an ImportError exception)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:57 +
with message-id 
and subject line Bug#996878: fixed in libprelude 5.2.0-3+deb11u1
has caused the Debian Bug report #996878,
regarding python3-prelude: python3 import prelude throws an ImportError 
exception
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
996878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-prelude
Version: 5.2.0-4
Severity: grave
Justification: renders package unusable


Dear Maintainer,

   * What led up to the situation?
Installing python3-prelude on a fresh bullseye, then importing
"prelude" in the python3 interpreter
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I tried to use python3-prelude from unstable with no luck
   * What was the outcome of this action?
Importing generates :
:~# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44) 
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import prelude
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/prelude.py", line 15, in 
from _prelude import *
ImportError: 
/usr/lib/python3/dist-packages/_prelude.cpython-39-x86_64-linux-gnu.so: 
undefined symbol: PyIOBase_Type

   * What outcome did you expect instead?
I expected it to load prelude. It seems to also affect prewikka which
does this import (my first problem was related to prewikka, I digged it
to python3-prelude)

Cheers
François Lesueur


-- System Information:
Debian Release: 11.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-prelude depends on:
ii  libc62.31-13+deb11u2
ii  libgcc-s110.2.1-6
ii  libprelude28 5.2.0-4
ii  libpreludecpp12  5.2.0-3+b1
ii  libstdc++6   10.2.1-6
ii  python3  3.9.2-3

python3-prelude recommends no packages.

python3-prelude suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libprelude
Source-Version: 5.2.0-3+deb11u1
Done: Andreas Beckmann 

We believe that the bug you reported is fixed in the latest version of
libprelude, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 996...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated libprelude package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 18 Jun 2023 00:27:52 +0200
Source: libprelude
Architecture: source
Version: 5.2.0-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Pierre Chifflier 
Changed-By: Andreas Beckmann 
Closes: 996878
Changes:
 libprelude (5.2.0-3+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Backport Python module fixes from 5.2.0-4/5.2.0-5.
 .
   [ Thomas Andrejak ]
   * d.patches: Add new patch 025-Fix-PyIOBase_Type.patch
 - Fix PyIOBase_Type for Python 3.10 compatibility
   * d.patches: Update 025-Fix-PyIOBase_Type.patch because swig is not
 executed (Closes: #996878)
   * d.tests: Add test to valid that we can load prelude as a python module
Checksums-Sha1:
 e718bebc39b27b262dd30efb119f8b48cb5f8a03 2893 libprelude_5.2.0-3+deb11u1.dsc
 35019b48088797824a4aeef8e14a2c751ef7 28084 
libprelude_5.2.0-3+deb11u1.debian.tar.xz
 10d36523354fc87b37bf5c23a5873c93f8e14e82 10555 
libprelude_5.2.0-3+deb11u1_source.buildinfo
Checksums-Sha256:
 73918d130d2c5949f98bc8507ea9c47bf885a6bfba8f30a2cbf174fff316cd43 2893 
libprelude_5.2.0-3+deb11u1.dsc
 894484db12086fadf8505eb57dfb2ce6d797d293ab91cc2627db54570082b0d9 28084 
libprelude_5.2.0-3+deb11u1.debian.tar.xz
 1ea6978df6c5f3a0272e3680345c025c7b0c8d1616fbea29841dbfe096e077f7 10555

Bug#954783: marked as done (Non-functioning gnome-apps after mate-session due to surviving CLUTTER_BACKEND env var)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:10 +
with message-id 
and subject line Bug#954783: fixed in mate-session-manager 1.26.0-1+deb12u1
has caused the Debian Bug report #954783,
regarding Non-functioning gnome-apps after mate-session due to surviving 
CLUTTER_BACKEND env var
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
954783: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954783
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: libclutter-gtk-1.0-0
Version: 1.8.4-4

Package: gnome-session-common
Version: 3.30.1-2


In short: When running a mate session the environment-variable CLUTTER_BACKEND=x11 is set. This variable survives a logout and relogin into the GNOME wayland-session, which doesn't override it. The 
result is a bunch of not launchable clutter-gtk applications.


To reproduce the issue:
 * Install debian 10.3.0 with gnome and mate environment
 * Optional:
 * Login into GNOME (wayland) Session
 * Run `env | grep -Ei 'x11|wayland'`
XDG_SESSION_TYPE=wayland
WAYLAND_DISPLAY=wayland-0
 * Note: CLUTTER_BACKEND is not set
 * Launch `gnome-control-center` via graphical environment or console
* Works fine
 * Logout
 * Login into MATE session
 * `env | grep -Ei 'x11|wayland'`
CLUTTER_BACKEND=x11
XDG_SESSION_TYPE=x11
 * `sudo grep -Ri CLUTTER_BACKEND /etc/`
/etc/X11/Xsession.d/99mate-environment:export CLUTTER_BACKEND=x11
 * Logout
 * Login into GNOME (wayland) session
 * `env | grep -Ei 'x11|wayland'`
CLUTTER_BACKEND=x11 # <- survived!
XDG_SESSION_TYPE=wayland
WAYLAND_DISPLAY=wayland-0
 * Launch `gnome-control-center` via graphical environment or console
 * Observe it doesn't startup
(gnome-control-center:4399): Clutter-Gtk-ERROR **: 12:23:42.914: *** 
Unsupported backend.
 * In fact all of the following apps terminate the same way
 * `compgen -c | while read cmd; do [ -n "$(which $cmd)" ] && ldd $(which $cmd) 
| grep -q clutter-gtk && echo $cmd; done`
cheese
totem
evolution
gnome-control-center
gnome-contacts
cheese
totem
evolution
gnome-control-center
gnome-contacts
gnome-nibbles
swell-foop
lightsoff
quadrapassel
 * Now launch `CLUTTER_BACKEND=wayland gnome-control-center`
* Works fine

So I suppose the surviving of session-variables is the core issue here. In case of it beeng rather a feature than a bug, I suppose gnome should set CLUTTER_BACKEND explicitly aswell. Or maybe 
clutter-gtk shall respect this constellation of CLUTTER_BACKEND and GDK_WAYLAND_DISPLAY?
--- End Message ---
--- Begin Message ---
Source: mate-session-manager
Source-Version: 1.26.0-1+deb12u1
Done: Mike Gabriel 

We believe that the bug you reported is fixed in the latest version of
mate-session-manager, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 954...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated mate-session-manager 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 20 Jun 2023 08:10:18 +0200
Source: mate-session-manager
Architecture: source
Version: 1.26.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian+Ubuntu MATE Packaging Team 
Changed-By: Mike Gabriel 
Closes: 954783 1038638
Changes:
 mate-session-manager (1.26.0-1+deb12u1) bookworm; urgency=medium
 .
   * debian/patches:
 + Add 0007_Fix-memory-leaks-284.patch and 0008_mate-session-fix-memory-
   leak.patch. Fix various memory leaks. (Closes: #1038638).
 + Cherry-pick 0009_main-fix-double-free-on-gl_renderer.patch from 
upstream's
   1.26 branch. Regression fix for 0008_mate-session-fix-memory-leak.patch.
   * debian/default-settings/X11/Xsession.d/99mate-environment:
 + Allow clutter backends other than x11 (while preferring x11). (Closes:
   #954783).
Checksums-Sha1:

Bug#1038860: marked as done (trafficserver: Wrong version for trafficserver security-update in DSA-5435-1)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:12 +
with message-id 
and subject line Bug#1038860: fixed in trafficserver 9.2.0+ds-2+deb12u1
has caused the Debian Bug report #1038860,
regarding trafficserver: Wrong version for trafficserver security-update in 
DSA-5435-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038860: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038860
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: trafficserver
Version: 9.2.0+ds-1~deb12u1
Severity: serious
Justification: wrong version number, does not allow updates to fixed version
X-Debbugs-Cc: car...@debian.org,t...@security.debian.org
Control: affects -1 + security.debian.org,release.debian.org

Hi

The update for trafficserver in DSA-5435-1 for bookworm, while
sourcewise built on top of 9.2.0+ds-2, has an odd version going
backwards, 9.2.0+ds-1~deb12u1.

This should bee 9.2.0+ds-2+deb12u1 instead (as the patches are applied
on top of 9.2.0+ds-2).

Currently it's not possible to install the security update as

$ dpkg --compare-versions 9.2.0+ds-1~deb12u1 gt 9.2.0+ds-2
$ echo $?
1

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 9.2.0+ds-2+deb12u1
Done: Jean Baptiste Favre 

We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jean Baptiste Favre  (supplier of updated trafficserver 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2023 08:43:18 +0200
Source: trafficserver
Architecture: source
Version: 9.2.0+ds-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Jean Baptiste Favre 
Changed-By: Jean Baptiste Favre 
Closes: 1038860
Changes:
 trafficserver (9.2.0+ds-2+deb12u1) bookworm-security; urgency=medium
 .
   * Fix version number (Closes: #1038860)
Checksums-Sha1:
 42593a38c00be2947ebfb574aa8d06a45c46663e 3024 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 8c11ed54bd0f4f131051ef4adab5e3f92b0b3e77 8865636 
trafficserver_9.2.0+ds.orig.tar.xz
 b687c6b546a83166fcff6906b5e01778c0551351 39856 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 f93e4dbb02cb97f65e773ba84952bfa7965b076b 12368 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo
Checksums-Sha256:
 87bd95046ec543296432647015e7507c0ca5f2a542455a2ebf4ecd7f5068506c 3024 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 11be65a2b118646fcc3500e63dd1ecce9951f814b02fd3e4d6b8070dc8c1f192 8865636 
trafficserver_9.2.0+ds.orig.tar.xz
 21544c735c7a28a12618196c86dea591943581c4944ec573cf086cf091f00e88 39856 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 6d871be9c62b5b191df744faca184a92904e829e3d1c3b102f4c9d113081f0a7 12368 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo
Files:
 03814fa9358c4b5444c66a29fa9c643d 3024 web optional 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 342e06e020b6e3916ab892a29b479414 8865636 web optional 
trafficserver_9.2.0+ds.orig.tar.xz
 cb37d0778fbf394cb55214fa2a384ad2 39856 web optional 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 52592a52fdc00fa5e94588b847bc9cbb 12368 web optional 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmST8IZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hzci1w//baGIj52aBpX9PJVJzGCGK0JjqZwnaiU3sQAZRZb28oQgwlnWqnavjrxv
xRR0WsMxOKwi9dvFKBSGh40NW7EShrLCGARGwE3LZIImyTTdJuEybVq/xF32wM1S
e+o1uH0mQQUqBB4O+t0ao6mBe2C/EF9WP5+stUSrz+7wzdSQHATygJoTP0ocHwMK
h/lsQ1Nx1Xvb+vZw+06Z19s1vmUJItqpC+SGlqSzyv8dndnlhMaKho0YnDwCP5LY
z2LdYXiw8Hom/wJJTJE3nxSVNdcbmSS+9hIqquGwqNfvqeOcDXEJolhfZZEEnhpE
U5rCGEWgsqfW6QhC/H7KXdti4IVW64HDiyZTPsDdxiH8kCNvnp/F4nc0SVvqkdqQ
4vD0tCMeyNkY8XREqP58CCJEjpAHRJJ0mBBpHbZxpZJuyj7FoUNZM7yoSatQMxtU
LA4f6/ZGls70Bbct4EW/roao32Uf5XXf7+CIVUOvH7+2gFXLCQtu7QK2ZkuABbWF
K/EU1ZbTuBUm51TRXkA3YfUsvCQq0Tpku5Tx+msYzjxZ/m+AIba20qI+GURIxxYg
oIfs67Z9O8eQ5zvy39lPVmwKoMBi9x4yM5fGWILjpoBHK5ffxCG61r2+RwrqSnB5

Bug#1038638: marked as done (mate-session-manager: various memory leaks)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:10 +
with message-id 
and subject line Bug#1038638: fixed in mate-session-manager 1.26.0-1+deb12u1
has caused the Debian Bug report #1038638,
regarding mate-session-manager: various memory leaks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038638
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: mate-session-manager
Version: 1.26.0-1
Severity: important
Tags: patch

In recent upstream release 1.26.1 there have been fixed various memory  
leaks. These memleaks should also be backported to bookworm's version  
of mate-session-manager.


Here are the patches:
https://github.com/mate-desktop/mate-session-manager/commit/1bc90279ce1c094c0036077917ac7b93f5cb4007
https://github.com/mate-desktop/mate-session-manager/commit/7b09df2f9a5ddf27b4c4458e6f8cb3ad701ee24d

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpEoU1WvDNbw.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
Source: mate-session-manager
Source-Version: 1.26.0-1+deb12u1
Done: Mike Gabriel 

We believe that the bug you reported is fixed in the latest version of
mate-session-manager, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated mate-session-manager 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 20 Jun 2023 08:10:18 +0200
Source: mate-session-manager
Architecture: source
Version: 1.26.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian+Ubuntu MATE Packaging Team 
Changed-By: Mike Gabriel 
Closes: 954783 1038638
Changes:
 mate-session-manager (1.26.0-1+deb12u1) bookworm; urgency=medium
 .
   * debian/patches:
 + Add 0007_Fix-memory-leaks-284.patch and 0008_mate-session-fix-memory-
   leak.patch. Fix various memory leaks. (Closes: #1038638).
 + Cherry-pick 0009_main-fix-double-free-on-gl_renderer.patch from 
upstream's
   1.26 branch. Regression fix for 0008_mate-session-fix-memory-leak.patch.
   * debian/default-settings/X11/Xsession.d/99mate-environment:
 + Allow clutter backends other than x11 (while preferring x11). (Closes:
   #954783).
Checksums-Sha1:
 5525b796b5606487015336cf1002bb62b3481488 2749 
mate-session-manager_1.26.0-1+deb12u1.dsc
 2950cb6e45600c7a5ffc3853d00757fd58189bca 15244 
mate-session-manager_1.26.0-1+deb12u1.debian.tar.xz
 0b85909b9150ebd712c63ec2841e9c5001d1daea 16703 
mate-session-manager_1.26.0-1+deb12u1_source.buildinfo
Checksums-Sha256:
 8adf0a40bc39de7fc137ea84af7de4b33c3f4f938eed32b588cb7ad1ef75c36b 2749 
mate-session-manager_1.26.0-1+deb12u1.dsc
 c82df4be3ea8cae1e79752a0d2cddcd7c6feab2dcb7e432de81e229173184f6a 15244 
mate-session-manager_1.26.0-1+deb12u1.debian.tar.xz
 57ebf9455f1f8edfb0fc92d4e142d86948224bbb3520399df4abc41c6aed2d46 16703 
mate-session-manager_1.26.0-1+deb12u1_source.buildinfo
Files:
 1dd43d18f55877c4316c8ce536d23c52 2749 x11 optional 
mate-session-manager_1.26.0-1+deb12u1.dsc
 dae1358f224d720e1804695585e7eabf 15244 x11 optional 
mate-session-manager_1.26.0-1+deb12u1.debian.tar.xz
 ea3d5af8368071ad4e0abd8d6d2552ca 16703 x11 optional 
mate-session-manager_1.26.0-1+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmSRhH0VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxfLYP/0NYGI9PEuEkRI8LhNPz37ZIyPr7
D4KQRLZoSKgoaap5kvhezQyqvQpDvv/AGNU0GkYwCJkPlXAvoCe/KQuz9kB9Y9M2
6Zs0IvbqCaSbd7dnd3DWsLWRKQNgE1J5EWoraHj/v+zvPbOq26f78taEg9hwMHo9
LkzkHcLe2+CTt16dm5oQxGJYioaVD8huSyL2aWz7AAjr7pfbeNwVICVBNQd/46qF
XJuPUp9SJ/MgP1MkKlnQ25Ip+3evRaoKBPCrZf2ukWUlI0wwD5Z+y7SYOJn3P0UV
0yWSSxoue+K4G7J4WAcKXJA6A7arL1hscu7bEFSQDoMAwg0H4UsUtpjjf2ZjoWgp
bMtJ7x8l8lP4A7E1bEjaiL7BU+IHnZKO10n2eCUN5hRfe87oEctqisZMUKMZhh3H

Bug#1038444: marked as done (mate-power-manager: memleaks in statistics and preferences UI)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:10 +
with message-id 
and subject line Bug#1038444: fixed in mate-power-manager 1.26.0-2+deb12u1
has caused the Debian Bug report #1038444,
regarding mate-power-manager: memleaks in statistics and preferences UI
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038444: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038444
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: mate-power-manager
Version: 1.26.0-1
Severity: important

There have been two memleaks fixed in MATE power manager's prefs and  
statistics dialog/application. The fix is available starting v1.26.1  
of mate-power-manager.


The fixes will also be provided for bookworm.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpygJrZc7nPm.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
Source: mate-power-manager
Source-Version: 1.26.0-2+deb12u1
Done: Mike Gabriel 

We believe that the bug you reported is fixed in the latest version of
mate-power-manager, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated mate-power-manager 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 18 Jun 2023 21:40:10 +0200
Source: mate-power-manager
Architecture: source
Version: 1.26.0-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian+Ubuntu MATE Packaging Team 
Changed-By: Mike Gabriel 
Closes: 1038444
Changes:
 mate-power-manager (1.26.0-2+deb12u1) bookworm; urgency=medium
 .
   * debian/patches:
 + Add 0002_gpm-statistics-fix-memory-leak.patch (gpm-prefs: fix memory 
leak)
   and 0003_gpm-prefs-fix-memory-leak.patch (gpm-statistics: fix memory
   leak). Cherry-picked and simplified from v1.26.1. (Closes: #1038444).
 + Document simplification in patch 0002_gpm-statistics-fix-memory-
   leak.patch.
 + Trivial rebase of 0001_add-gaming-input-devices.patch.
Checksums-Sha1:
 e99f18d628853daa0aeadbd8e67a7005ce7d919f 2700 
mate-power-manager_1.26.0-2+deb12u1.dsc
 a115afa811f6b0df2692dd57186c5efef425da9a 20444 
mate-power-manager_1.26.0-2+deb12u1.debian.tar.xz
 0d6a788d7af1469ddedc0283a8db6f4a4286eb97 16933 
mate-power-manager_1.26.0-2+deb12u1_source.buildinfo
Checksums-Sha256:
 69c1ed281c6c8967a02af7942ba7ff05dbfe80317caeae4bb436203d61e7f656 2700 
mate-power-manager_1.26.0-2+deb12u1.dsc
 81f716f37deb0cbab081db5ad36df4c595f19bbab68428e949ade7c15151c2bb 20444 
mate-power-manager_1.26.0-2+deb12u1.debian.tar.xz
 bdbd4f793b613e96bcac8416cd77899a92bf4913eb86bcc191897cd2c166 16933 
mate-power-manager_1.26.0-2+deb12u1_source.buildinfo
Files:
 daed1ba6eb88976366086c222790c94d 2700 x11 optional 
mate-power-manager_1.26.0-2+deb12u1.dsc
 5c037e50c9eb7d189df11e05ef3614f1 20444 x11 optional 
mate-power-manager_1.26.0-2+deb12u1.debian.tar.xz
 54a2b7fb0d2049114118e1513ab30e05 16933 x11 optional 
mate-power-manager_1.26.0-2+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmSPX9cVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxTREQAJji1ZtA8Oo/RLO6VyNIKWn74P4o
xyXD9cmSjYLBbA8YyWhdoSkV0NBdQsni52CqW72L4qSFED3quy5+ffhkUHMUTlgW
/UQh25bmVsgxDjB0jVPDF5ZW4IVzl0zkriSyuViGPCs034R7sD7ybcCMeq6ehfzJ
fTns2J8vfLXUemu6XZEMUTSn0r+TlwAN4DyAWPr9a9EO8bst6ytv2ukAwbKfpejx
K2Kr0dCF7jhLe7ssMUUOscWhpWZQVSd7Hs4HOOczJuLbQWWNPQLMf1RfFXEw0nf2
eKwu5mr38v2sJGmp8Awn+CobFtPolq/UrdoN4s+Vo5S5llfV8pb2OGccGTm6aI7X
0QJ2dm+PnXvjv5K39eJWaraQkmGuPNQWAU6t/SeEGBSHZD10TZC6OaYQUbc9Iata
LiEZRFGpAEw7y7rAm/boipk4HuBVEFnTE7si9FEe1rKVcdq6biC6g6rAZbPr7txI
DIqrcB6cBqbO9eZmWqhgfTsQIegoPZq/20NyKY2Bq7h6xrrRutGWRNK7bIvf9cX0
KKC2OyNDypEUj+Szj+Gt4wQwvwRo5jZVCXo5ZbZM6VTq6iSfUDWZERs33cSA7y8l
nt75i1+SEa9uTSJcwP97V8hXhmjm1NMVZeOHE1hoAy4aTQ1WdpDoj9ExTaeippEH
J33rrmwlf4K7zEAi
=V3dZ
-END PGP

Bug#1038430: marked as done (libmatekbd: two memory leaks in libmatekbd/matekbd-keyboard-drawing.c)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:10 +
with message-id 
and subject line Bug#1038430: fixed in libmatekbd 1.26.0-1+deb12u1
has caused the Debian Bug report #1038430,
regarding libmatekbd: two memory leaks in libmatekbd/matekbd-keyboard-drawing.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038430
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libmatekbd
Version: 1.26.0-1
Severity: important
Tags: patch upstream bookworm

In recent libmatekbd 1.26.1 two memory leaks in
libmatekbd/matekbd-keyboard-drawing.c have been fixed. I will provide an
upload for libmatekbd soon that resolved these two issues for libmatekbd
in bookworm.

See:
https://github.com/mate-desktop/libmatekbd/commit/911b118a7ddf831800e72f8b4f64b2766e99c6fc
https://github.com/mate-desktop/libmatekbd/commit/ff9924aacd16a70816ec8acdff9b0a87a5cfd343


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldstable-security'), (500, 
'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libmatekbd
Source-Version: 1.26.0-1+deb12u1
Done: Mike Gabriel 

We believe that the bug you reported is fixed in the latest version of
libmatekbd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel  (supplier of updated libmatekbd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 18 Jun 2023 09:09:08 +0200
Source: libmatekbd
Architecture: source
Version: 1.26.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian+Ubuntu MATE Packaging Team 
Changed-By: Mike Gabriel 
Closes: 1038430
Changes:
 libmatekbd (1.26.0-1+deb12u1) bookworm; urgency=medium
 .
   * debian/patches:
 + Add 0001_matekbd-keyboard-drawing-fix-memory-leak.patch and
   0002_matekbd-keyboard-drawing-fix-memory-leak.patch. Fix two memory
   leaks. Cherry-picked from recent upstream release v1.26.1.
   (Closes: #1038430).
Checksums-Sha1:
 604160f697a9c2d697af3bf10a55eb9ee324796e 2577 libmatekbd_1.26.0-1+deb12u1.dsc
 508fe80577827588af7f9dbd2358e78de5e681f0 7116 
libmatekbd_1.26.0-1+deb12u1.debian.tar.xz
 5ce805dcc611ecd6753ea77f37ae30cbe396b809 16963 
libmatekbd_1.26.0-1+deb12u1_source.buildinfo
Checksums-Sha256:
 f07043c794d8b825b8594834963bda737990548ac22efe38d7147b1b9fca8f4b 2577 
libmatekbd_1.26.0-1+deb12u1.dsc
 d5dde892ca0d60286592d60cc1b626dc71f1e6d552a3ef88710d3de4dfa34d24 7116 
libmatekbd_1.26.0-1+deb12u1.debian.tar.xz
 71309a4ec8f70da17a4231d1f5337aa9b1bd442da0fff63e3b701cf55e8abadd 16963 
libmatekbd_1.26.0-1+deb12u1_source.buildinfo
Files:
 f08d21c628e48d45334fd351ae73827b 2577 libs optional 
libmatekbd_1.26.0-1+deb12u1.dsc
 f18838713b9d19c99592686b25520bdf 7116 libs optional 
libmatekbd_1.26.0-1+deb12u1.debian.tar.xz
 b7e0fbb26c302ba92e6a92c0a042a8e2 16963 libs optional 
libmatekbd_1.26.0-1+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmSOrv4VHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxHDcP/3mlSA+yuadf+rvNYlToshKIIiqQ
rYjOm6qZL5B2tnaEd6OaMWb23+x04DowaFoU/QKIUx4E4gx27TYQoiRpcEpf9JtN
xjQg6brVY30UB3o3MUsRknul3Dmx326quPh5uQg+ZiCAYedb1ncRcz+Fu1T4KuML
FxoRjtBYHfAbzwWJFuoKHE6ZsTzwCypPz8d0iNZm5Dvol/jNsZ/wFWDYODIYdNqn
rvlevSHHc62U+4Y/tT194krybwSPzsqUfnwBgT6fCrwCScysGXzxFHghI47F3kVp
d52qHERYu9tFSB/UpCmSKfgS5Lykut+sl+E9aPEdIGV2yPJphboZn+U9kkuZUKPZ
HpFZd3RMEO455/3CGCFmLgZYJ7HjbpFBAHegU5cDfnaBquNZ1YN4lNCSWO0klP79
YTcKAPbezJgLzB5ar8Ty+FxC4IJzYAMcS6hcTfF8trMPoxfi9R6jA+CrJkbELVWf
gk5zbWqXsRfVWdGQ+ahqHMITYSAsR9dyUKz9AVK08NLymElwbYQHxhr/whrstCi7
oulTCrfLmS7nYj4LD/AT5UwHgMqWpXpAWEbo5l8SuKBFGAR0ajn3IIO19cfM8eCA

Bug#1038248: marked as done (trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:48:08 +
with message-id 
and subject line Bug#1038248: fixed in trafficserver 8.1.7+ds-1~deb11u1
has caused the Debian Bug report #1038248,
regarding trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038248: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038248
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: trafficserver
Version: 9.2.0+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 8.1.6+ds-1~deb11u1
Control: found -1 8.0.2+ds-1+deb10u6

Hi,

The following vulnerabilities were published for trafficserver.

CVE-2022-47184[0]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Software Foundation Apache Traffic
| Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.


CVE-2023-30631[1]:
| Improper Input Validation vulnerability in Apache Software
| Foundation Apache Traffic Server.  The configuration
| option proxy.config.http.push_method_enabled didn't function. 
| However, by default the PUSH method is blocked in the ip_allow
| configuration file.This issue affects Apache Traffic Server: from
| 8.0.0 through 9.2.0.  8.x users should upgrade to 8.1.7 or later
| versions 9.x users should upgrade to 9.2.1 or later versions


CVE-2023-33933[2]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Software Foundation Apache Traffic
| Server.This issue affects Apache Traffic Server: from 8.0.0 through
| 9.2.0.  8.x users should upgrade to 8.1.7 or later versions 9.x
| users should upgrade to 9.2.1 or later versions


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-47184
https://www.cve.org/CVERecord?id=CVE-2022-47184
[1] https://security-tracker.debian.org/tracker/CVE-2023-30631
https://www.cve.org/CVERecord?id=CVE-2023-30631
[2] https://security-tracker.debian.org/tracker/CVE-2023-33933
https://www.cve.org/CVERecord?id=CVE-2023-33933
[3] https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 8.1.7+ds-1~deb11u1
Done: Jean Baptiste Favre 

We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jean Baptiste Favre  (supplier of updated trafficserver 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jun 2023 11:16:56 +0200
Source: trafficserver
Architecture: source
Version: 8.1.7+ds-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Jean Baptiste Favre 
Changed-By: Jean Baptiste Favre 
Closes: 1038248
Changes:
 trafficserver (8.1.7+ds-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream version 8.1.7+ds
   * Multiple CVE fixes for 8.1.x (Closes: #1038248)
 + CVE-2022-47184: Exposure of Sensitive Information to an Unauthorized 
Actor vulnerability
 + CVE-2023-30631: Improper Input Validation vulnerability
 + CVE-2023-33933: Exposure of Sensitive Information to an Unauthorized 
Actor vulnerability
Checksums-Sha1:
 923493577a6486303f4a71917f909bfa097eeb51 2880 
trafficserver_8.1.7+ds-1~deb11u1.dsc
 4d920add87a83bb571c3a5e5607b837aeb092c0d 7951500 
trafficserver_8.1.7+ds.orig.tar.xz
 2de673bd4616e9b7b1352024c30da5fc968abf7b 45988 
trafficserver_8.1.7+ds-1~deb11u1.debian.tar.xz
 e8be2b37944714f3d896edbb70b7a8ae0bcdb5bf 14170 
trafficserver_8.1.7+ds-1~deb11u1_source.buildinfo
Checksums-Sha256:
 844258fa50617ad97ecebe09d2676d50b33b3529ba86e2eb5b057ce2877a0c60 2880 
trafficserver_8.1.7+ds-1~deb11u1.dsc
 07c8c1030bff108ac2afe3d6807b0bd2dca56dd8499b9698c8b50f041bb8c0cc 7951500 
trafficserver_8.1.7+ds.orig.tar.xz

Bug#1038133: marked as done (libx11: CVE-2023-3138)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:58 +
with message-id 
and subject line Bug#1038133: fixed in libx11 2:1.7.2-1+deb11u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libx11
Source-Version: 2:1.7.2-1+deb11u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:58:56 +0200
Source: libx11
Architecture: source
Version: 2:1.7.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian X Strike Force 
Changed-By: Salvatore Bonaccorso 
Closes: 1038133
Changes:
 libx11 (2:1.7.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
 (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 4f7e5027d215d1614e904478c77b7eec3289620f 2726 libx11_1.7.2-1+deb11u1.dsc
 d819692b11813732a14924fe28d443e20876429e 3181228 libx11_1.7.2.orig.tar.gz
 ed2f1e2800ec9b113c5f32f3aa736384cf8a2db9 833 libx11_1.7.2.orig.tar.gz.asc
 cff63fb9ae99b29648d0c1a32e726615b298948d 77935 libx11_1.7.2-1+deb11u1.diff.gz
Checksums-Sha256: 
 ec0dcab068d361357957338097b8e5afea57d864c85485db57d74fefd133812d 2726 
libx11_1.7.2-1+deb11u1.dsc
 2c26ccd08f43a6214de89110554fbe97c71692eeb7e7d4829f3004ae6fafd2c0 3181228 
libx11_1.7.2.orig.tar.gz
 509d0ed983ff3aed0dbfb070dabfce82b5787e626f2fd0bfb2a5887918fcd967 833 
libx11_1.7.2.orig.tar.gz.asc
 e1991b48759c51f7bfb765d582311d8ac2ef4b5d6aa951fec1608982e1d8cdcd 77935 
libx11_1.7.2-1+deb11u1.diff.gz
Files: 
 9494a043c90aa4f625232a746fe1ca77 2726 x11 optional libx11_1.7.2-1+deb11u1.dsc
 1012753f3aa3ff4d6a4375aad752e6ba 3181228 x11 optional libx11_1.7.2.orig.tar.gz
 eacbee1e89f81382a0f0a6e88e602c89 833 x11 optional libx11_1.7.2.orig.tar.gz.asc
 bd70895eece14f5607bd1a0ecf43d8dc 77935 x11 optional 
libx11_1.7.2-1+deb11u1.diff.gz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLb4BfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESNoP/R5Do424Msjs+maPx92bZZeorlHPDDS2
+FxQpBf4pQ32chlfDtJdsean1S3cQkQLUGFP3SYQoDUBqDyd+R2BcfWgWWp2+Qig
Q8aHUqFNFCMHICGbt0PQIW+gjLN0dDoZsVfZg9NbYhSIZrT1ro82C8TcDvqgJRYo
K4BmGlRiCaqklQ38fNttKSYIC/kh/gfW8L57dRYKX1m8yClj5znNfnIMqw3J77u1
A5+6mWnfl3fxteWta4nDCNpz9CWKKjDS7+CC9J3Sl3GHmi1+/dq3x9FZ4jBPa2WW
MuRtofNbpmocuaM712uBgJiHgxUyXhQ4GifjyU4N/SOmdtlwhWlUqRvF69MF/+W0
wUOFH9d9vz/NZHkMI6mFulEdQKgneYpdb+6kZb/Nb1VUTY+/GIZmMDFhH3sqgf2S
APiSawgZg6tMhx2GX/mnlK/b9eFvczUnURf6BVPIFnY3ztmRMX7t9OyCEZSW1EmC
pWdrPzjza4qA+QVl6ZTRxK0iCUg3tGDdaVmkyyCj+6z8uXbr34R5pcAl6ULn+jqT
SZ/BSqq84prpt9EFErA0ysDr6p+uoE+nNNCHu0QXI4dOmNfBVBnchQ7KiFa3FEu0
FF82umHh7226grhU0mj5T07jn8g+CtWP3R33TT4LZdCfC6XAgxZ9Os6eQd+FsJHL
XxWwaeY9qOlb
=9mMS
-END PGP

Bug#1037948: marked as done (xmltooling: Parsing of KeyInfo elements can cause remote resource access)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:48:33 +
with message-id 
and subject line Bug#1037948: fixed in xmltooling 3.2.0-3+deb11u1
has caused the Debian Bug report #1037948,
regarding xmltooling: Parsing of KeyInfo elements can cause remote resource 
access
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037948: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037948
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xmltooling
Severity: important
Tags: patch upstream security

Shibboleth Service Provider Security Advisory [12 June 2023]

An updated version of the XMLTooling library that is part of the
OpenSAML and Shibboleth Service Provider software is now available
which corrects a server-side request forgery (SSRF) vulnerability.

Parsing of KeyInfo elements can cause remote resource access.
=
Including certain legal but "malicious in intent" content in the
KeyInfo element defined by the XML Signature standard will result
in attempts by the SP's shibd process to dereference untrusted
URLs.

While the content of the URL must be supplied within the message
and does not include any SP internal state or dynamic content,
there is at minimum a risk of denial of service, and the attack
could be combined with others to create more serious vulnerabilities
in the future.

This issue is *not* specific to the V3 XMLTooling software and is
believed to impact all versions prior to V3.2.4.

Recommendations
===
Update to V3.2.4 or later of the XMLTooling library, which is
now available. Note that on Linux and similar platforms, upgrading
this component will require restarting the shibd process to correct
the bug.

The updated version of the library has been included in a V3.4.1.3
patch release of the Service Provider software on Windows.

Other Notes
===
The xmltooling git commit containing the fix for this issue is
6080f6343f98fec085bc0fd746913ee418cc9d30 and may be in general terms
applicable to V2 of the library.

Credits
===
Juriën de Jong, an independent security researcher in the Netherlands

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20230612.txt
--- End Message ---
--- Begin Message ---
Source: xmltooling
Source-Version: 3.2.0-3+deb11u1
Done: Ferenc Wágner 

We believe that the bug you reported is fixed in the latest version of
xmltooling, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ferenc Wágner  (supplier of updated xmltooling package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:57:00 CEST
Source: xmltooling
Architecture: source
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Shib Team 
Changed-By: Ferenc Wágner 
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
 Santuario.
 Fix a denial of service vulnerability: Parsing of KeyInfo elements can
 cause remote resource access.
 Including certain legal but "malicious in intent" content in the
 KeyInfo element defined by the XML Signature standard will result
 in attempts by the SP's shibd process to dereference untrusted
 URLs.
 While the content of the URL must be supplied within the message
 and does not include any SP internal state or dynamic content,
 there is at minimum a risk of denial of service, and the attack
 could be combined with others to create more serious vulnerabilities
 in the future.
 Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha256: 
 04fc132929de9741b71c9ebf804a645a053cb3575a4f1f8aa886dc0ef638bed6 2571 
xmltooling_3.2.0-3+deb11u1.dsc
 97fe34c11a2e10dae3b926ddecf0498561c60d27371cb3d05220505a25ef590f 18656 
xmltooling_3.2.0-3+deb11u1.debian.tar.xz
 9e407b3f07f45807176ca0e6d8f00236eeac3dcc4e166baa87100d5ccb9429e4 10625 
xmltooling_3.2.0-3+deb11u1_amd64.buildinfo

Bug#1037919: marked as done (vte2.91: infinite loop parsing control sequence '\e]104;x\a')

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:14 +
with message-id 
and subject line Bug#1037919: fixed in vte2.91 0.70.6-1~deb12u1
has caused the Debian Bug report #1037919,
regarding vte2.91: infinite loop parsing control sequence '\e]104;x\a'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037919
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: vte2.91
Version: 0.70.5-1
Severity: important
Tags: security patch fixed-upstream
X-Debbugs-Cc: Debian Security Team 
Forwarded: https://gitlab.gnome.org/GNOME/vte/-/issues/2631
Control: fixed -1 0.70.5-2

To reproduce (make sure you are not running anything important in a vte
terminal first!):

$ printf '\e]104;x\a'

Expected result: some sort of error processing (in my case the terminal
blinks, by default it would probably beep).

Actual result: the terminal freezes until it is killed.

A logic error in vte's OSC parser results in an infinite loop. An
untrusted system accessed via ssh, telnet or similar could use this
as a denial of service. This is fixed upstream in 0.70.6, and a fixed
version 0.70.5-2 is on its way into unstable. Originally reported at
.

Does the security team want to do a DSA for this? The patch is upstream
commit
https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f044b0f9e184f186315c846489a20edf0d
or one of its many cherry-picks to older branches.

I believe 0.62.x in bullseye and 0.54.x in buster also have this bug
(the corresponding upstream branches have a cherry-pick of the fix)
but I have not independently verified this.

Regardless of whether the security team want to do a DSA, I'm hoping to
include a backport of 0.70.5-2 (or 0.70.6-1) in Debian 12.1, for some
lower-severity bug fixes. If the security team would be OK with including
those changes in a stable security update, that would minimize the number
of independent versions floating around.

Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: vte2.91
Source-Version: 0.70.6-1~deb12u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
vte2.91, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated vte2.91 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 14 Jun 2023 12:17:06 +0100
Source: vte2.91
Architecture: source
Version: 0.70.6-1~deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian GNOME Maintainers 

Changed-By: Simon McVittie 
Closes: 1037919
Changes:
 vte2.91 (0.70.6-1~deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Rebuild for bookworm (Closes: #1037919, LP: #2022019)
   * d/gbp.conf, d/control.in: Use debian/bookworm packaging branch
 .
 vte2.91 (0.70.6-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream release
 - Functionally equivalent to 0.70.5-2, but the fix for #1037919
   is incorporated upstream instead of as a patch
   * Add Debian and Ubuntu bug numbers to 0.70.5-2 changelog entry
   * Fix a typo in revised 0.70.5-1 changelog entry
   * d/gbp.conf, d/control.in: Use debian/trixie branch for packaging
 .
 vte2.91 (0.70.5-2) unstable; urgency=high
 .
   * Team upload
   * This version is functionally equivalent to 0.70.6 upstream, but 0.70.6
 tarballs are not yet available
   * d/p/emulation-Fix-infinite-loop-on-non-number-OSC-104-param.patch:
 Add patch from upstream to fix an infinite loop processing OSC 104.
 A malicious program accessed via ssh, telnet or similar protocols could
 use this as a denial of service.
 (Closes: #1037919, LP: #2022019; vte#2631 upstream)
   * Add more details of the bugs fixed in the previous changelog entry
 .
 vte2.91 (0.70.5-1) unstable; urgency=medium
 .
   * New upstream bugfix release 0.70.4
 - Fix an invalid memory access which can cause a terminal freeze
   or crash, for example when pasting emojis
   (vte#2606, vte#2620 upstream)
   * New upstream bugfix release

Bug#1037052: marked as done (minidlna: CVE-2023-33476)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:48:05 +
with message-id 
and subject line Bug#1037052: fixed in minidlna 1.3.0+dfsg-2+deb11u2
has caused the Debian Bug report #1037052,
regarding minidlna: CVE-2023-33476
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minidlna
Version: 1.3.2+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for minidlna.

CVE-2023-33476[0]:
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
| to Buffer Overflow. The vulnerability is caused by incorrect
| validation logic when handling HTTP requests using chunked transport
| encoding. This results in other code later using attacker-controlled
| chunk values that exceed the length of the allocated buffer, resulting
| in out-of-bounds read/write.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33476
https://www.cve.org/CVERecord?id=CVE-2023-33476
[1] https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
[2] 
https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minidlna
Source-Version: 1.3.0+dfsg-2+deb11u2
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
minidlna, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated minidlna package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 21:40:21 +0200
Source: minidlna
Architecture: source
Version: 1.3.0+dfsg-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Alexander GQ Gerasiov 
Changed-By: Salvatore Bonaccorso 
Closes: 1037052
Changes:
 minidlna (1.3.0+dfsg-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052)
Checksums-Sha1: 
 55113d3da854c43f6a5b6115db29f9b5a0c6a837 2214 minidlna_1.3.0+dfsg-2+deb11u2.dsc
 00ff222b4e2a3ea3267e04a06d64e69fa2fd25c6 24540 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz
Checksums-Sha256: 
 f8f61dcb58ede35ea0ef742332cf130cf7df45b2d4f2aa051eead313898665e9 2214 
minidlna_1.3.0+dfsg-2+deb11u2.dsc
 5ab753036173c19f61e7cb6c0033b6c30f104bf68ffcfd9a7dc6f32ae8d2fdae 24540 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz
Files: 
 20b900186e0a8d00a3e5a0c5a5511b6b 2214 net optional 
minidlna_1.3.0+dfsg-2+deb11u2.dsc
 b0d272b4a2c52a9d3658ab3de90fc142 24540 net optional 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSQsvpfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyMAP/22S5br+oY0iC5UWjEnm/XWYC4hhj2Ww
MlvjIWNGQWcPdv+OSz8ce/c2ClfYQLewNKtLlOpPxaQbd0M6z6L4zxD0RmJk44bU
VkeiWufFIM+f6xD46CDWP2EjoKLLz584/6Xn1al6Fo4lnZt3q4EDT9RQDR1BQ5tE
qFM+efv3kVR/r5unHEOXZPhNxa/LZJyZyeuwZ/dJt95DEdbBfNG2Fs15SOHF3CH1
P6kOz2jSihyo2DHEvUQvsUO7TQ/lX1amhYEYx+HkixZbIib9bLjQROaASKtPHzuA
6Wg1H144QEFdgRn5yKvaJAZpAEvd42vl8ibFtZtNcZ64ibbS2G3LPArh/wyO1WD8
O4Oye8lQqj/x0JvcZPgQRSkpXoxajKpShX0XVQdf5gjpYfi2eQ++RHC6nmXSqhgQ
AohFlWEVTpyOGCtshwncXgDwvt/UmPitblsgh9ghbo4GvOnC3Pzd0SweZDlVcdPq
fdLe316o/v/Pio99+udshfsfVvhWdbo0QxLVNxOG4MHA2+LKdMf/GYg6QtYjZr8I
SOJczw9WSTDgOTMMV28Jmr27YQW+4lk8waIFKKvIgT2wjsY2iJjRc99rHmBMR4z8
yiRj9T6J4EQXb44juMY4vpvcwoTJN/2tmnNEywPfyV7WAPDi6B2VAOreFGHU7Gjh
ASpCWCgYIR3G
=kXml
-END PGP SIGNATURE End Message ---

Bug#1037206: marked as done (libappstream-glib8/bullseye: flatpak fails to load current Flathub metadata)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:27 +
with message-id 
and subject line Bug#1037206: fixed in appstream-glib 0.7.18-1+deb11u1
has caused the Debian Bug report #1037206,
regarding libappstream-glib8/bullseye: flatpak fails to load current Flathub 
metadata
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037206: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037206
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libappstream-glib8
Version: 0.7.18-1
Severity: important
Tags: fixed-upstream bullseye
Control: forwarded -1 https://github.com/flatpak/flatpak/issues/5434
Control: affects -1 + flatpak
Control: fixed -1 0.8.1-1

To reproduce:

$ podman run --rm -it debian:bullseye-slim
# apt update
# apt install flatpak reportbug
# flatpak remote-add --if-not-exists flathub 
https://flathub.org/repo/flathub.flatpakrepo
# flatpak search steamlink

Expected result: something similar to the output on unstable:

```
Name   Description Application ID   Version   Branch Remotes
Steam… Stream games from another … …esoftware.SteamLink 1.2.0.241 stable flathub
```

(for more readable results use a wider terminal, but this truncated
version is OK)

Actual result:

```
root@c8b13fe6aeca:/# flatpak search steamlink
F: Failed to parse 
/var/lib/flatpak/appstream/flathub/x86_64/active/appstream.xml.gz file: Error 
on line 1960 char 29:  already set '
  Organic Maps is a free Android & iOS offline maps app for travelers,
  tourists, hikers, and cyclists.
  It uses crowd-sourced OpenStreetMap data and is developed with love by
  ' and tried to replace with ' ('
No matches found
```

This is not actually a flatpak bug, it's been diagnosed as happening
because older versions of appstream-glib mis-parse upstream metadata
that contains  and .

Targeted fixes for the same upstream release have been proposed in
https://bugs.launchpad.net/ubuntu/+source/appstream-glib/+bug/2023215
and I'm now looking at an equivalent update for bullseye.

Workaround: the version of flatpak in bullseye-backports and bookworm has
switched from appstream-glib to libappstream, which does not have this
problem, even in bullseye. I've confirmed that the bullseye-backports
version ("apt install flatpak/bullseye-backports") works fine with
these steps.

smcv

-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libappstream-glib8 depends on:
ii  libarchive13 3.4.3-2+deb11u1
ii  libc62.31-13+deb11u6
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1+deb11u1
ii  libglib2.0-0 2.66.8-1
ii  libsoup2.4-1 2.72.0-2
ii  libstemmer0d 2.1.0-1
ii  libuuid1 2.36.1-8+deb11u1
ii  libyaml-0-2  0.2.2-1

libappstream-glib8 recommends no packages.

libappstream-glib8 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: appstream-glib
Source-Version: 0.7.18-1+deb11u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
appstream-glib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated appstream-glib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 07 Jun 2023 19:25:59 +0100
Source: appstream-glib
Architecture: source
Version: 0.7.18-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: PkgUtopia Team 
Changed-By: Simon McVittie 
Closes: 1037206
Changes:
 appstream-glib (0.7.18-1+deb11u1) bullseye; urgency=medium
 .
   * Add patches from upstream to cope with  and  in metadata.
 Older versions of appstream-glib mis-parse upstream metadata that
 contains  and , causing flatpak 1.12.x or older to fail
 to load the metadata

Bug#1037329: marked as done (IP address gets lost)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:09 +
with message-id 
and subject line Bug#1037329: fixed in fai 6.0.3+deb12u1
has caused the Debian Bug report #1037329,
regarding IP address gets lost
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037329
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: fai-client
Version: 6.0
Severity: important

A FAI client booting via network get it's IP address from a DHCP
server and the kernel holds this IP only for the lease time. Since we
do not run dhclient on the client, it looses its IP address after some
time and the network installation hangs. You cannot log into the
machine any more.
Error message on the console:

nfs: server 192.168.33.250 not responding, timed out



The code that sets the lifetime for IP addresses to forever was
removed in aa429361806091b1f2abed8b31f15f6a30eec6e2, because we wanted
to solve a problem by starting dhclient. But that code was removed in
55df9af456e0fc3048d3fefb490fe4c47fe271ae, so we must use the old code.


-- 
regaards Thomas
--- End Message ---
--- Begin Message ---
Source: fai
Source-Version: 6.0.3+deb12u1
Done: Thomas Lange 

We believe that the bug you reported is fixed in the latest version of
fai, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Lange  (supplier of updated fai package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 13:02:26 +0200
Source: fai
Architecture: source
Version: 6.0.3+deb12u1
Distribution: bookworm
Urgency: low
Maintainer: Thomas Lange 
Changed-By: Thomas Lange 
Closes: 1037329
Changes:
 fai (6.0.3+deb12u1) bookworm; urgency=low
 .
   * fai: set IP address lifetime to forever, Closes: #1037329
Checksums-Sha1:
 652a02b69a5ec3108493b718f40e0c1512eaef34 2102 fai_6.0.3+deb12u1.dsc
 d6e94e676b6d7cf8eec060be20bbb97fcc5445c4 294248 fai_6.0.3+deb12u1.tar.xz
 571d927c44e98d5650c474e55edef0c2cfd7a9d5 16536 
fai_6.0.3+deb12u1_amd64.buildinfo
Checksums-Sha256:
 86641fe247509b850d41c79615c2128093026f4df38288087d3bf06c2ad78970 2102 
fai_6.0.3+deb12u1.dsc
 137f039b12cfb6cbffb1c4afb87c2fa4e99f3d316cd589141bce9c1dbf06 294248 
fai_6.0.3+deb12u1.tar.xz
 98b033527083aac12884fa6d32e1115728b8b6eff1f6d798c80fa63d1b782ad3 16536 
fai_6.0.3+deb12u1_amd64.buildinfo
Files:
 2e6ad66f9148349929be244dcb72f610 2102 admin optional fai_6.0.3+deb12u1.dsc
 996c748085a195175cbb045e0c0a5c79 294248 admin optional fai_6.0.3+deb12u1.tar.xz
 563ee88172114203994cf85b548a5c58 16536 admin optional 
fai_6.0.3+deb12u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEEsR7jJz9rLetSjJPaK/jZ/gdLzeQFAmSXBkQRHGxhbmdlQGRl
Ymlhbi5vcmcACgkQK/jZ/gdLzeQ9zA/8DFZN3X4MUAJUy5iFzs/Zn7GHhsQwU0jX
kwZefNZz068fEZkunbMKGkX7jYeX44ISZhIVa1oYqZ4gbbcFkabfs+uKVVQSoemQ
+n4Jf0JJ5wWVW6HG+bPsy5wSNoTeO29/S63fIKhWIQybQ/NwgMbr1xPp/KRvUJiH
k2muqU7i4mIXem+nHudxN3XuMurAyvoB8hNsFrWHpSoK8JQ60jNM/YybOAFJ3KFt
EaNObZ3+hzMLDpQatj3wa1q3fWc6qorPGF/noux7tEQQGi43EkZ+7A85/V6Xfs8w
KyjWvMqnyEivdb/YNbVWmtYIhPlZAb5ic1d/KMCHyhJ/zw5j34DZ+lWp0uPr77no
T4LtHTwe62AAyZL1fHGxQEBrOyd5dKrEyBfwTJbeeUlMbppGUz1ucM307Bpyp5wq
E5ybsVxf6buYVZ16nEZF3d5K/lxfo1gWpPU/IyJZzYztMmBxGjNSSIyhrcdp6yhx
99tmZVT3mpuQwsEfARII3lO4JdOKja6OiPcLvVj3Cfm5xZa2cGlkUDV5H/0wsnn0
HXgs9p3CO48pIcc6nBl+lWtiSfUFX1TZx8/wFtZZk82A9kK+yPpFL+Js+Yr9dHGF
eZEKnGwzj8MIUEVcRhnipi4NCbkPr9soH2zdRQ7189MfUcnnu7MlxUpvKCd5e2cI
OIZKI4pgPdA=
=DJ28
-END PGP SIGNATURE End Message ---

Bug#1037151: marked as done (dbus: CVE-2023-34969: denial of service when a monitor is active and a message from the driver cannot be delivered)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:56 +
with message-id 
and subject line Bug#1037151: fixed in dbus 1.12.28-0+deb11u1
has caused the Debian Bug report #1037151,
regarding dbus: CVE-2023-34969: denial of service when a monitor is active and 
a message from the driver cannot be delivered
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dbus
Version: 1.15.4-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 
Control: found -1 1.14.6-1
Control: found -1 1.12.24-0+deb11u1

If a privileged user with control over the dbus-daemon is using the
org.freedesktop.DBus.Monitoring interface to monitor message bus
traffic, then an unprivileged user with the ability to connect to the
same dbus-daemon can cause a dbus-daemon crash under some circumstances.

When done on the well-known system bus, this is a denial-of-service
vulnerability. Unfortunately, the upstream bug reporter already made
this public information. I'm in the process of releasing dbus 1.15.6,
1.14.8 and 1.12.28 to resolve this; I've also asked MITRE for a CVE ID,
but I have not received one yet.

Mitigation: This can only be done if a monitoring process such
as dbus-monitor or busctl monitor is active on the same dbus-daemon
instance, which is a privileged operation that can only be done by root
or the Unix uid of the message bus. If no monitoring process is active,
then the vulnerable code is not reached.

My guess is that the security team will not want to release DSAs for this
local denial of service, and it's more appropriate to fix in bookworm
and bullseye via their next point releases. Is that assumption correct?

Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: dbus
Source-Version: 1.12.28-0+deb11u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
dbus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated dbus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 06 Jun 2023 15:07:35 +0100
Source: dbus
Architecture: source
Version: 1.12.28-0+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Utopia Maintenance Team 

Changed-By: Simon McVittie 
Closes: 1037151
Changes:
 dbus (1.12.28-0+deb11u1) bullseye; urgency=medium
 .
   * New upstream stable release 1.12.26
 - Fixes a denial of service issue that is not relevant for the way
   we compile dbus in Debian
   * New upstream stable release 1.12.28
 - Fixes a denial of service issue if the root or messagebus user is
   monitoring messages on the system bus with the Monitoring interface
   (dbus-monitor, busctl monitor, gdbus monitor or similar)
   (Closes: #1037151)
Checksums-Sha1:
 6b3b40ffbf37138abbfd134b3dbb05ab14f4a2d4 3578 dbus_1.12.28-0+deb11u1.dsc
 b367eab7a052f9079ed3c6bdfc5db95031df6ee4 2122182 dbus_1.12.28.orig.tar.gz
 4b2a2fd2909cd72dddbca9202938095437484378 833 dbus_1.12.28.orig.tar.gz.asc
 101580ee5ba8eacbd288c4f35eeec82606fd74fb 58556 
dbus_1.12.28-0+deb11u1.debian.tar.xz
 84dc28a667860fe3660f365634b4a3568df34a9a 8093 
dbus_1.12.28-0+deb11u1_source.buildinfo
Checksums-Sha256:
 8825b2fde7de4a5b4ac600db7cc3c7fa2c347ad0c41fc115294afa3064c2b84e 3578 
dbus_1.12.28-0+deb11u1.dsc
 9da1e3f2b73f75eec0a9e4509d64be43909d1f2853fe809528a0a53984d76420 2122182 
dbus_1.12.28.orig.tar.gz
 3f6c19d8c063459682d49d4bf74fc0d13290664ae966f612f118f4d4a73ddaab 833 
dbus_1.12.28.orig.tar.gz.asc
 b07222a653b330e8f81e3642209f2cb7fb1dba3f8207c755b146d657767fbb48 58556 
dbus_1.12.28-0+deb11u1.debian.tar.xz
 b5e1c37305ab745178eac246a6e03e87d0bc4caeaae2825f6295a7fc2b915290 8093 
dbus_1.12.28-0+deb11u1_source.buildinfo
Files:
 44a4e22e42bb419183b86a73550d5a60 3578 admin optional dbus_1.12.28-0+deb11u1.dsc
 28d92a7a576f7feec7ddb3bb87b28b43 2122182 admin optional 
dbus_1.12.28.orig.tar.gz
 fdb93fff82091ad4527217ecc9b02c5b 833 admin optional 
dbus_1.12.28.orig.tar.gz.asc

Bug#1037151: marked as done (dbus: CVE-2023-34969: denial of service when a monitor is active and a message from the driver cannot be delivered)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:08 +
with message-id 
and subject line Bug#1037151: fixed in dbus 1.14.8-1~deb12u1
has caused the Debian Bug report #1037151,
regarding dbus: CVE-2023-34969: denial of service when a monitor is active and 
a message from the driver cannot be delivered
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dbus
Version: 1.15.4-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team 
Control: found -1 1.14.6-1
Control: found -1 1.12.24-0+deb11u1

If a privileged user with control over the dbus-daemon is using the
org.freedesktop.DBus.Monitoring interface to monitor message bus
traffic, then an unprivileged user with the ability to connect to the
same dbus-daemon can cause a dbus-daemon crash under some circumstances.

When done on the well-known system bus, this is a denial-of-service
vulnerability. Unfortunately, the upstream bug reporter already made
this public information. I'm in the process of releasing dbus 1.15.6,
1.14.8 and 1.12.28 to resolve this; I've also asked MITRE for a CVE ID,
but I have not received one yet.

Mitigation: This can only be done if a monitoring process such
as dbus-monitor or busctl monitor is active on the same dbus-daemon
instance, which is a privileged operation that can only be done by root
or the Unix uid of the message bus. If no monitoring process is active,
then the vulnerable code is not reached.

My guess is that the security team will not want to release DSAs for this
local denial of service, and it's more appropriate to fix in bookworm
and bullseye via their next point releases. Is that assumption correct?

Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: dbus
Source-Version: 1.14.8-1~deb12u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
dbus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated dbus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 11 Jun 2023 12:42:56 +0100
Source: dbus
Architecture: source
Version: 1.14.8-1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Utopia Maintenance Team 

Changed-By: Simon McVittie 
Closes: 1033056 1037151
Changes:
 dbus (1.14.8-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm
   * d/gbp.conf: Use debian/bookworm branch
   * d/watch: Only watch for 1.14.x releases
 .
 dbus (1.14.8-1) unstable; urgency=medium
 .
   [ Simon McVittie ]
   * New upstream stable release
 - Fixes a denial of service issue if the root or messagebus user is
   monitoring messages on the system bus with the Monitoring interface
   (dbus-monitor, busctl monitor, gdbus monitor or similar)
   (Closes: #1037151)
 .
   [ Helmut Grohne ]
   * Mark dbus-daemon and dbus-bin Multi-Arch: foreign (Closes: #1033056)
Checksums-Sha1:
 fc6906068c21efa71ed7d7cdedc424b8097fd7ba 3784 dbus_1.14.8-1~deb12u1.dsc
 d7f02e667c17f9e6428b8fb44e6b8e182d3a1ca4 62604 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 e05332ee2468c295b9a594b03babb75bc62bb689 7630 
dbus_1.14.8-1~deb12u1_source.buildinfo
Checksums-Sha256:
 fa87a99dd5b515fb268e6bbc3ff5ecbaa5ce57dd92b8729ff76eb1f49bd02ea3 3784 
dbus_1.14.8-1~deb12u1.dsc
 812134a5ea56979653a9ff2d5534b2a401887486b4bbbd0ef04aa50df7636e2a 62604 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 e1da7776d9d04562d524dcf70016fd8994f5f60a2f8e1a8d8dff992aae342676 7630 
dbus_1.14.8-1~deb12u1_source.buildinfo
Files:
 9e92af6baed7061e65e3c27c48894ace 3784 admin optional dbus_1.14.8-1~deb12u1.dsc
 13228eb248b35084c44752879413a035 62604 admin optional 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 a146608af6b960d44d91fc2011ce873c 7630 admin optional 
dbus_1.14.8-1~deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmSNurkACgkQ4FrhR4+B
TE9W2g//Rk5U/NFu9wVFeX5ZqndoxgWKts2dOMwEcUG1oYRmHG/TAefVN0VyrQpg

Bug#1036936: marked as done (gnome-maps: Share button doesn't work if other geo app is installed)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:09 +
with message-id 
and subject line Bug#1036936: fixed in gnome-maps 43.5-2~deb12u1
has caused the Debian Bug report #1036936,
regarding gnome-maps: Share button doesn't work if other geo app is installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gnome-maps
Version: 43.4-1
Severity: important
Tags: bookworm

Test Case
--
sudo apt install josm # You could install marble instead
Open the GNOME Maps app
Search for Empire State Building
Choose Empire State Building from the results list
In the popup for the location, click the Share Location button
The Share Location dialog should pop up

Other Info
-
The fix is in the upstream 43.x branch. We can cherry-pick this fix
now along with the minimal 43.5 bugfix update.

Thank you,
Jeremy Bícha
--- End Message ---
--- Begin Message ---
Source: gnome-maps
Source-Version: 43.5-2~deb12u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
gnome-maps, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated gnome-maps package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 16 Jun 2023 21:22:17 +0100
Source: gnome-maps
Architecture: source
Version: 43.5-2~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Simon McVittie 
Closes: 1036936
Changes:
 gnome-maps (43.5-2~deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Rebuild for Debian 12
   * d/control.in, d/gbp.conf: Use debian/bookworm packaging branch
 .
 gnome-maps (43.5-2) unstable; urgency=medium
 .
   * Team upload
   * d/p/transitArrivalRow-Disable-go-to-animation-when-clicked.patch,
 d/p/transitLegRow-Disable-go-to-animation-when-clicked.patch:
 Add patches from upstream 44.1 to disable more animations.
 Like the one in v43.5, these avoid animations that can trigger the tile
 server's rate limiting (gnome-maps#546 upstream).
   * Add some more detail to the previous changelog entry
   * d/control.in, d/gbp.conf: Use debian/trixie packaging branch
   * d/lintian-overrides: Update overrides syntax
 .
 gnome-maps (43.5-1) unstable; urgency=medium
 .
   * New upstream bugfix release
 - Disable an animation which caused too many tiles to be loaded from
   the remote server, resulting in rate-limiting and failure to redraw
   (gnome-maps#546 upstream)
 - Translation updates: en_GB
   * d/p/sendToDialog-Unbreak-OpenWithRows.patch:
 Add patch from upstream gnome-43 branch to fix "Send to" dialog when
 another geo: app is installed (Closes: #1036936)
   * d/watch, d/gbp.conf: Use appropriate branches for bookworm
Checksums-Sha1:
 c280a4ceea745e09a75fd862ae86fcde0486a353 2718 gnome-maps_43.5-2~deb12u1.dsc
 057ef0fcd9292d10922cc2537701ca83500fd156 10456 
gnome-maps_43.5-2~deb12u1.debian.tar.xz
 3f23385101603979d518f573e078b75be3754ee1 15705 
gnome-maps_43.5-2~deb12u1_source.buildinfo
Checksums-Sha256:
 94d66440bdc81a27597b61c68ff1d22138be23550ee428bd22eeba65baedb246 2718 
gnome-maps_43.5-2~deb12u1.dsc
 9909635a0a5c929e1bdc9235d96dab58357b56345ffcd3eb2a9fce15410e6130 10456 
gnome-maps_43.5-2~deb12u1.debian.tar.xz
 69c8f2a7a69e2aef15bd708a8db707ef936fa57299359edbdda240a731af8a4e 15705 
gnome-maps_43.5-2~deb12u1_source.buildinfo
Files:
 02a15dc7702748a7dda769af8551186d 2718 gnome optional 
gnome-maps_43.5-2~deb12u1.dsc
 a9548b642e3ee3c5a489d2ac7e3fd94a 10456 gnome optional 
gnome-maps_43.5-2~deb12u1.debian.tar.xz
 a53ca8f98b87831a180e02b664031688 15705 gnome optional 
gnome-maps_43.5-2~deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmSS08UACgkQ4FrhR4+B
TE+vgQ//Sk5bNi+Kle1dIDZEHDYTOtKSdu/0GOTle4aECJH6COKGdxRPxFIuHuxD
UR30cu+LGBhxW8TL2gYzUgWBvtfk27+gcAh4sXDx7elV9DshZY/vi45oqwkfzHXF
siSkGQ1tUyU8UNMDyVdYhnVcAO2wkEGIkZ4/PL9q0WAvt/9u38FBsL/nN/7w8GiV

Bug#1036268: marked as done (gnome-shell: Session crashes, thrown out to login screen, after the session has been idle & screen switched off)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:11 +
with message-id 
and subject line Bug#1036268: fixed in mutter 43.6-1~deb12u1
has caused the Debian Bug report #1036268,
regarding gnome-shell: Session crashes, thrown out to login screen, after the 
session has been idle & screen switched off
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036268
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnome-shell
Version: 43.4-1
Severity: important

Dear Maintainer,

After I leave the session idle for some time, with some apps open, and the
screen has switched off, I come back to find that the whole session has been
thrown out to the login screen, and I have to log myself in again to a new
session. This happens often, but not always!

Steps:

0.1 Set a 5 min timeout to both switch off and lock the screen
0.2 Set a 15 min timeout to automatically suspend the laptop when left idle and
on battery
0.3 Set a 30 min timeout to automatically suspend the laptop when left idle and
connected to a power source
1. On battery, leave a GNOME Shell session idle with some apps open
2. Come back after some minutes and see the screen has switched off, as
expected
3. Shake the mouse or type a key to switch on the screen or wake up the laptop
4. Find that the whole session has been thrown out the login screen
5. Log back in again to a new session, with no open apps

Please advise me to debug this bug further.

Best,
Amr


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (100, 'unstable'), 
(50, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-shell depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  gir1.2-accountsservice-1.0   22.08.8-6
ii  gir1.2-adw-1 1.2.2-1
ii  gir1.2-atk-1.0   2.46.0-5
ii  gir1.2-atspi-2.0 2.46.0-5
ii  gir1.2-freedesktop   1.74.0-3
ii  gir1.2-gcr-3 3.41.1-1+b1
ii  gir1.2-gdesktopenums-3.0 43.0-1
ii  gir1.2-gdkpixbuf-2.0 2.42.10+dfsg-1+b1
ii  gir1.2-gdm-1.0   43.0-3
ii  gir1.2-geoclue-2.0   2.6.0-2
ii  gir1.2-glib-2.0  1.74.0-3
ii  gir1.2-gnomebluetooth-3.042.5-3
ii  gir1.2-gnomedesktop-3.0  43.2-2
ii  gir1.2-graphene-1.0  1.10.8-1
ii  gir1.2-gstreamer-1.0 1.22.0-2
ii  gir1.2-gtk-3.0   3.24.37-2
ii  gir1.2-gtk-4.0   4.8.3+ds-2
ii  gir1.2-gweather-4.0  4.2.0-2
ii  gir1.2-ibus-1.0  1.5.27-5
ii  gir1.2-mutter-11 43.4-2
ii  gir1.2-nm-1.01.42.4-1
ii  gir1.2-nma-1.0   1.10.6-1
ii  gir1.2-pango-1.0 1.50.12+ds-1
ii  gir1.2-polkit-1.0122-3
ii  gir1.2-rsvg-2.0  2.54.5+dfsg-1
ii  gir1.2-soup-3.0  3.2.2-2
ii  gir1.2-upowerglib-1.00.99.20-2
ii  gir1.2-webkit2-4.1   2.40.1-1
ii  gnome-backgrounds43.1-1
ii  gnome-settings-daemon43.0-4
ii  gnome-shell-common   43.4-1
ii  gsettings-desktop-schemas43.0-1
ii  gstreamer1.0-pipewire0.3.70-2
ii  libatk-bridge2.0-0   2.46.0-5
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libecal-2.0-23.46.4-2
ii  libedataserver-1.2-273.46.4-2
ii  libgcr-base-3-1  3.41.1-1+b1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libgirepository-1.0-11.74.0-3
ii  libgjs0g 1.74.2-1
ii  libgles2

Bug#1033056: marked as done (mark dbus-daemon and dbus-bin Multi-Arch: foreign)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:47:08 +
with message-id 
and subject line Bug#1033056: fixed in dbus 1.14.8-1~deb12u1
has caused the Debian Bug report #1033056,
regarding mark dbus-daemon and dbus-bin Multi-Arch: foreign
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dbus-daemon
Version: 1.14.6-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs
Control: affects -1 + src:mpv-mpris

Hi Simon and Bastian,

we just talked about dbus-daemon on IRC and concluded that it would not
be sensible to use it as a foreign architecture package. The
functionality formerly (before having been split out) was covered by
M-A:foreign of dbus and no longer is. Thus dbus-daemon and dbus-bin
should be M-A:foreign. Packages that currently B-D on it receive a host
architecture one which fails postinst when it tries to run dbus-uuidgen.

Helmut
diff --minimal -Nru dbus-1.14.6/debian/changelog dbus-1.14.6/debian/changelog
--- dbus-1.14.6/debian/changelog2023-02-08 14:21:47.0 +0100
+++ dbus-1.14.6/debian/changelog2023-03-16 10:20:47.0 +0100
@@ -1,3 +1,10 @@
+dbus (1.14.6-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Mark dbus-daemon and dbus-bin Multi-Arch: foreign. (Closes: #-1)
+
+ -- Helmut Grohne   Thu, 16 Mar 2023 10:20:47 +0100
+
 dbus (1.14.6-1) unstable; urgency=medium
 
   * New upstream stable release
diff --minimal -Nru dbus-1.14.6/debian/control dbus-1.14.6/debian/control
--- dbus-1.14.6/debian/control  2023-02-08 14:21:47.0 +0100
+++ dbus-1.14.6/debian/control  2023-03-16 10:20:46.0 +0100
@@ -130,6 +130,7 @@
 
 Package: dbus-bin
 Architecture: any
+Multi-Arch: foreign
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
@@ -147,6 +148,7 @@
 
 Package: dbus-daemon
 Architecture: any
+Multi-Arch: foreign
 Depends:
  dbus-bin (= ${binary:Version}),
  dbus-session-bus-common (>= ${source:Version}),
--- End Message ---
--- Begin Message ---
Source: dbus
Source-Version: 1.14.8-1~deb12u1
Done: Simon McVittie 

We believe that the bug you reported is fixed in the latest version of
dbus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie  (supplier of updated dbus package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 11 Jun 2023 12:42:56 +0100
Source: dbus
Architecture: source
Version: 1.14.8-1~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Utopia Maintenance Team 

Changed-By: Simon McVittie 
Closes: 1033056 1037151
Changes:
 dbus (1.14.8-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm
   * d/gbp.conf: Use debian/bookworm branch
   * d/watch: Only watch for 1.14.x releases
 .
 dbus (1.14.8-1) unstable; urgency=medium
 .
   [ Simon McVittie ]
   * New upstream stable release
 - Fixes a denial of service issue if the root or messagebus user is
   monitoring messages on the system bus with the Monitoring interface
   (dbus-monitor, busctl monitor, gdbus monitor or similar)
   (Closes: #1037151)
 .
   [ Helmut Grohne ]
   * Mark dbus-daemon and dbus-bin Multi-Arch: foreign (Closes: #1033056)
Checksums-Sha1:
 fc6906068c21efa71ed7d7cdedc424b8097fd7ba 3784 dbus_1.14.8-1~deb12u1.dsc
 d7f02e667c17f9e6428b8fb44e6b8e182d3a1ca4 62604 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 e05332ee2468c295b9a594b03babb75bc62bb689 7630 
dbus_1.14.8-1~deb12u1_source.buildinfo
Checksums-Sha256:
 fa87a99dd5b515fb268e6bbc3ff5ecbaa5ce57dd92b8729ff76eb1f49bd02ea3 3784 
dbus_1.14.8-1~deb12u1.dsc
 812134a5ea56979653a9ff2d5534b2a401887486b4bbbd0ef04aa50df7636e2a 62604 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 e1da7776d9d04562d524dcf70016fd8994f5f60a2f8e1a8d8dff992aae342676 7630 
dbus_1.14.8-1~deb12u1_source.buildinfo
Files:
 9e92af6baed7061e65e3c27c48894ace 3784 admin optional dbus_1.14.8-1~deb12u1.dsc
 13228eb248b35084c44752879413a035 62604 admin optional 
dbus_1.14.8-1~deb12u1.debian.tar.xz
 a146608af6b960d44d91fc2011ce873c 7630

Bug#1036623: marked as done (libclang-common-16-dev: missing LLVM_VERSION_FULL in include path)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:18:44 +
with message-id 
and subject line Bug#1036623: fixed in llvm-toolchain-16 1:16.0.6-2
has caused the Debian Bug report #1036623,
regarding libclang-common-16-dev: missing LLVM_VERSION_FULL in include path
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libclang-common-16-dev
Version: 1:16.0.4-1~exp1
Severity: normal
X-Debbugs-Cc: zu...@debian.org

Hello,

  On clang 16 the include files are broken links:

$ ls -l /usr/include/clang/16*/include
lrwxrwxrwx 1 root root 45 17 de maig  09:25 /usr/include/clang/16.0.4/include 
-> ../../../lib/llvm-16/lib/clang/16.0.4/include
lrwxrwxrwx 1 root root 45 17 de maig  09:25 /usr/include/clang/16/include -> 
../../../lib/llvm-16/lib/clang/16.0.4/include

  Since /usr/lib/llvm-16/lib/clang/16 exists but not the
  /usr/lib/llvm-16/lib/clang/16.0.4 path.

$ LANG=C ls -l /usr/lib/llvm-16/lib/clang/16.0.4/
ls: cannot access '/usr/lib/llvm-16/lib/clang/16.0.4/': No such file or 
directory

Regards

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), 
LANGUAGE=ca_ES:ca
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libclang-common-16-dev depends on:
ii  libllvm16  1:16.0.4-1~exp1

Versions of packages libclang-common-16-dev recommends:
ii  libclang-rt-16-dev  1:16.0.4-1~exp1

libclang-common-16-dev suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: llvm-toolchain-16
Source-Version: 1:16.0.6-2
Done: Gianfranco Costamagna 

We believe that the bug you reported is fixed in the latest version of
llvm-toolchain-16, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gianfranco Costamagna  (supplier of updated 
llvm-toolchain-16 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 20:45:34 +0200
Source: llvm-toolchain-16
Built-For-Profiles: noudeb
Architecture: source
Version: 1:16.0.6-2
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team 
Changed-By: Gianfranco Costamagna 
Closes: 1033911 1036623
Changes:
 llvm-toolchain-16 (1:16.0.6-2) unstable; urgency=medium
 .
   * Remove debian/NEWS to fix debian-news-entry-has-unknown-version
   * Fix libomp-16-doc: documentation-package-not-architecture-independent
   * Fix llvm-16-dev: depends-on-obsolete-package Depends: libtinfo-dev => 
libncurses-dev
   * Enable Xtensa experimental backend (Closes: #1033911)
   * Fix the path /usr/lib/llvm-16/lib/clang/16/ (Closes: #1036623)
   * Refresh the list of symbol of libclang1-16
   * Refresh the list of symbol for libomp.so.5
   * Add symbols files for libomptarget.rtl* and libomptarget.so
 .
   [ Gianfranco Costamagna ]
   * Try to unbreak HURD
   * Add back powerpc to gold architectures
   * Use bfd linker on p*pc*
Checksums-Sha1:
 1ec27512a172fef9200d21288a36661a656613e6 8085 llvm-toolchain-16_16.0.6-2.dsc
 f586d590dfee43150a54e1e54d543c691a2e2dba 168232 
llvm-toolchain-16_16.0.6-2.debian.tar.xz
 4bacb39b5f1ff38e7162d298bf4bfdcec3b9505e 12206 
llvm-toolchain-16_16.0.6-2_source.buildinfo
Checksums-Sha256:
 cac7613af26ec0a7be7c2d92d7637a3ef11989059158982670860a41025aa528 8085 
llvm-toolchain-16_16.0.6-2.dsc
 dd616aa5c7c36d96af05edf11b4d9c541d6e460e9c599d714b32c103c95b3ae2 168232 
llvm-toolchain-16_16.0.6-2.debian.tar.xz
 3b2882157cac2d918617b2a3369624118dda1e71941bad691e085b969b44d415 12206 
llvm-toolchain-16_16.0.6-2_source.buildinfo
Files:
 3e93acf639500fbaefbd5a9c86c58e8a 8085 devel optional 
llvm-toolchain-16_16.0.6-2.dsc
 037f2a792d8492a510ab9fce67320e7c 168232 devel optional

Bug#1033911: marked as done (please enable the experimental Xtensa backend in LLVM and Clang 16+)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:18:44 +
with message-id 
and subject line Bug#1033911: fixed in llvm-toolchain-16 1:16.0.6-2
has caused the Debian Bug report #1033911,
regarding please enable the experimental Xtensa backend in LLVM and Clang 16+
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033911
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: llvm-toolchain-16
Version: 1:16.0.0-1~exp5
Severity: normal
X-Debbugs-Cc: debian-ker...@lists.debian.org
Control: affects -1 src:open-ath9k-htc-firmware

Please enable the experimental Xtensa backend in LLVM 16 and newer and
make a new upload to experimental.

A lot of prominent firmware, including free firmware such as my open-
ath9k-htc-firmware package, requires an Xtensa cross toolchain. Using
GCC is a pain because the compiler has to be custom-tailored to the
target, and in ath9k_htc we do this with patches that inevitably get
out-of-date.

We are taking a bold step by enabling a backend deemed experimental, but
it's necessary to advance free software.

This will also be helpful should anyone wish to build Intel's open sound
firmware too (although on most machines that enforces a digital
signature check to my understanding).

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (2, 'unstable-debug'), 
(2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.0.0-5-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: llvm-toolchain-16
Source-Version: 1:16.0.6-2
Done: Gianfranco Costamagna 

We believe that the bug you reported is fixed in the latest version of
llvm-toolchain-16, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gianfranco Costamagna  (supplier of updated 
llvm-toolchain-16 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 20:45:34 +0200
Source: llvm-toolchain-16
Built-For-Profiles: noudeb
Architecture: source
Version: 1:16.0.6-2
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team 
Changed-By: Gianfranco Costamagna 
Closes: 1033911 1036623
Changes:
 llvm-toolchain-16 (1:16.0.6-2) unstable; urgency=medium
 .
   * Remove debian/NEWS to fix debian-news-entry-has-unknown-version
   * Fix libomp-16-doc: documentation-package-not-architecture-independent
   * Fix llvm-16-dev: depends-on-obsolete-package Depends: libtinfo-dev => 
libncurses-dev
   * Enable Xtensa experimental backend (Closes: #1033911)
   * Fix the path /usr/lib/llvm-16/lib/clang/16/ (Closes: #1036623)
   * Refresh the list of symbol of libclang1-16
   * Refresh the list of symbol for libomp.so.5
   * Add symbols files for libomptarget.rtl* and libomptarget.so
 .
   [ Gianfranco Costamagna ]
   * Try to unbreak HURD
   * Add back powerpc to gold architectures
   * Use bfd linker on p*pc*
Checksums-Sha1:
 1ec27512a172fef9200d21288a36661a656613e6 8085 llvm-toolchain-16_16.0.6-2.dsc
 f586d590dfee43150a54e1e54d543c691a2e2dba 168232 
llvm-toolchain-16_16.0.6-2.debian.tar.xz
 4bacb39b5f1ff38e7162d298bf4bfdcec3b9505e 12206 
llvm-toolchain-16_16.0.6-2_source.buildinfo
Checksums-Sha256:
 cac7613af26ec0a7be7c2d92d7637a3ef11989059158982670860a41025aa528 8085 
llvm-toolchain-16_16.0.6-2.dsc
 dd616aa5c7c36d96af05edf11b4d9c541d6e460e9c599d714b32c103c95b3ae2 168232 
llvm-toolchain-16_16.0.6-2.debian.tar.xz
 3b2882157cac2d918617b2a3369624118dda1e71941bad691e085b969b44d415 12206 
llvm-toolchain-16_16.0.6-2_source.buildinfo
Files:
 3e93acf639500fbaefbd5a9c86c58e8a 8085 devel optional 
llvm-toolchain-16_16.0.6-2.dsc

Bug#1037691: marked as done (icmake: ftbfs with GCC-13)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 19:05:02 +
with message-id 
and subject line Bug#1037691: fixed in icmake 10.04.01-1
has caused the Debian Bug report #1037691,
regarding icmake: ftbfs with GCC-13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037691
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:icmake
Version: 10.03.03-2
Severity: normal
Tags: sid trixie
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-13

[This bug is targeted to the upcoming trixie release]

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-13/g++-13, but succeeds to build with gcc-12/g++-12. The
severity of this report will be raised before the trixie release.

The full build log can be found at:
http://qa-logs.debian.net/2023/05/22/logs/icmake_10.03.03-2_unstable_gccexp.log
The last lines of the build log are at the end of this report.

To build with GCC 13, either set CC=gcc-13 CXX=g++-13 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-13/porting_to.html

[...]
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../6opinsert.o -c opinsert.cc
cd ..
cd ./constants
cd ..
ar rs ../tmp/libsupport.a 1data.o 1demo.o 2data.o 2find.o 3changedir.o 
3exists.o 3mustchangedir.o 3older.o 3remove.o 3times.o 3usagetop.o 3younger.o 
4endian.o 5data.o 6opinsert.o atoffset.o bimheader1.o bimname.o checkoffsets.o 
readfrom.o seek.o string.o string2.o vartype.o
ar: creating ../tmp/libsupport.a
Creating tmp/usr/libexec/icmake/icm-comp
cd ./functions
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 -x 
c++-header ./functions.ih
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../checkmainparams.o -c checkmainparams.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../definemain.o -c definemain.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../functions1.o -c functions1.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../define.o -c define.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../find.o -c find.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../data.o -c data.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../checkoverload.o -c checkoverload.cc
cd ..
cd ./tokens
cd ..
cd ./args
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 -x 
c++-header ./args.ih
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../1pushargs.o -c pushargs.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../1ifstmnt.o -c ifstmnt.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../1makelist.o -c makelist.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -D_FORTIFY_SOURCE=2 --std=c++20 
-o../1add.o -c add.cc
g++ -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall

Bug#1037452: marked as done (clang-15: HIP search paths depend on os-release)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 18:47:16 +
with message-id 
and subject line Bug#1037452: fixed in llvm-toolchain-15 1:15.0.7-5
has caused the Debian Bug report #1037452,
regarding clang-15: HIP search paths depend on os-release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037452
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clang-15
Version: 1:15.0.7-4
Severity: wishlist
X-Debbugs-Cc: c...@slerp.xyz, debian...@lists.debian.org

Dear Maintainer,

The upstream LLVM project checks /etc/os-release to determine if it
should search for HIP in /usr and /usr/local. This is unfortunate
because it introduces unexpected differences in behaviour into
Debian-derived distros like Ubuntu [1].

This behaviour has been fixed upstream in later versions of clang [2].
Could you please backport the patch to clang-15 and clang-16? I've
requested upstream to backport it into an LLVM 16 patch release [3],
but the behaviour in LLVM 15 is specific to Debian as it was introduced
by d/p/amdgpu/usr-search-paths.patch.

[1]: https://launchpad.net/ubuntu/+builds?build_text=rocblas_state=all
[2]: 
https://github.com/llvm/llvm-project/commit/f8598357662dc8dd0f4400bcaeb48e8befe43ecc.patch
[3]: https://github.com/llvm/llvm-project/issues/62853

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages clang-15 depends on:
ii  binutils2.40.50.20230611-2
ii  libc6   2.36-9
ii  libc6-dev   2.36-9
ii  libclang-common-15-dev  1:15.0.7-4
ii  libclang-cpp15  1:15.0.7-4
ii  libclang1-151:15.0.7-4
ii  libgcc-12-dev   12.2.0-14
ii  libgcc-s1   13.1.0-5
ii  libllvm15   1:15.0.7-4
ii  libobjc-12-dev  12.2.0-14
ii  libstdc++-12-dev12.2.0-14
ii  libstdc++6  13.1.0-5
ii  llvm-15-linker-tools1:15.0.7-4

Versions of packages clang-15 recommends:
ii  llvm-15-dev  1:15.0.7-4
ii  python3  3.11.2-1+b1

Versions of packages clang-15 suggests:
pn  clang-15-doc  
pn  wasi-libc 

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: llvm-toolchain-15
Source-Version: 1:15.0.7-5
Done: Gianfranco Costamagna 

We believe that the bug you reported is fixed in the latest version of
llvm-toolchain-15, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gianfranco Costamagna  (supplier of updated 
llvm-toolchain-15 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 20:04:59 +0200
Source: llvm-toolchain-15
Built-For-Profiles: noudeb
Architecture: source
Version: 1:15.0.7-5
Distribution: unstable
Urgency: medium
Maintainer: LLVM Packaging Team 
Changed-By: Gianfranco Costamagna 
Closes: 1037452
Launchpad-Bugs-Fixed: 2016471
Changes:
 llvm-toolchain-15 (1:15.0.7-5) unstable; urgency=medium
 .
   [ Graham Inggs ]
   * debian/patches/ubuntu-releases.patch: Update the list of
 Ubuntu release names
 .
   [ Gianfranco Costamagna ]
   * Add powerpc to GOLD architectures
   * Cherry-pick upstream fix for newer cmake-related build failure
   * Cherry-pick upstream fix for HIP search path depending on os-release 
(Closes: #1037452)
 .
   [ Steve Langasek ]
   * debian/rules: disable -Wl,-Bsymbolic-functions for libomp.  LP: #2016471.
Checksums-Sha1:
 c59f8d5b88d4fc8bfd4bcf769ef76054a1e064f0 8135 llvm-toolchain-15_15.0.7-5.dsc
 67546abbd2c0a4c8108148c1f3f5269f1bf6db9c 173344 
llvm-toolchain-15_15.0.7-5.debian.tar.xz
 5b4df28bb5088dadbd67b236516eda5cb213f130 12206 
llvm-toolchain-15_15.0.7-5_source.buildinfo
Checksums-Sha256:
 9bc85cab66a2704024c6591d447ded8c5e91d46d8fd9e317480396ac896ffccb 8135 
llvm-toolchain-15_15.0.7-5.dsc

Bug#1038976: marked as done (gifsicle: CVE-2023-36193)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 18:19:09 +
with message-id 
and subject line Bug#1038976: fixed in gifsicle 1.94-1
has caused the Debian Bug report #1038976,
regarding gifsicle: CVE-2023-36193
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038976
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gifsicle
Version: 1.93-2
Severity: normal
Tags: security upstream
Forwarded: https://github.com/kohler/gifsicle/issues/191
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gifsicle.

CVE-2023-36193[0]:
| Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via
| the ambiguity_error component at /src/clp.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36193
https://www.cve.org/CVERecord?id=CVE-2023-36193
[1] https://github.com/kohler/gifsicle/issues/191
[2] 
https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gifsicle
Source-Version: 1.94-1
Done: Gürkan Myczko 

We believe that the bug you reported is fixed in the latest version of
gifsicle, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gürkan Myczko  (supplier of updated gifsicle package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 19:46:49 +0200
Source: gifsicle
Architecture: source
Version: 1.94-1
Distribution: unstable
Urgency: medium
Maintainer: Gürkan Myczko 
Changed-By: Gürkan Myczko 
Closes: 1038976
Changes:
 gifsicle (1.94-1) unstable; urgency=medium
 .
   * New upstream version, fixes CVE-2023-36193. (Closes: #1038976)
   * Update maintainer email.
   * Bump standards version to 4.6.2.
Checksums-Sha1:
 01da8b7ca45fa105490fd0bd4f55f52f411a94e4 1927 gifsicle_1.94-1.dsc
 9eb1d0587c362c9ec78c0e87b5abe65789428c1a 480324 gifsicle_1.94.orig.tar.gz
 98c1ae4a8e9b629bb81703dfd974c1127961cb86 6136 gifsicle_1.94-1.debian.tar.xz
 88862c215475c57276e40b6a0c4bc70454e505c9 7096 gifsicle_1.94-1_source.buildinfo
Checksums-Sha256:
 120cd9e5fd40b3e63f9c4f93b3475433ffe292360e1f5dbd8c36c085479ecb23 1927 
gifsicle_1.94-1.dsc
 ed3ae1bcb3e69c172e82963b84c260cb0fab00a3ba3587ea2042af4bbefcce6a 480324 
gifsicle_1.94.orig.tar.gz
 f7c783313895c666ba8bf177d8f560fdd2430b28a437c2bbe8cf2c9bfb5f6402 6136 
gifsicle_1.94-1.debian.tar.xz
 7efcf7a1f297e2feb4dbce9aafdc6cf97c213b959e96fe3ff5d66c34a0fa0aa1 7096 
gifsicle_1.94-1_source.buildinfo
Files:
 164e604db5ac63033ed3b2de39546838 1927 graphics optional gifsicle_1.94-1.dsc
 44303cd0eebdc5bc1adfc7b742bce130 480324 graphics optional 
gifsicle_1.94.orig.tar.gz
 25a54e6d39f70ecdd4c47446aa8d0916 6136 graphics optional 
gifsicle_1.94-1.debian.tar.xz
 cf888e518bec8fccbb93f95b265420ef 7096 graphics optional 
gifsicle_1.94-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmSXLVEACgkQEWhSvN91
FcBmsA//YykInGbIAn5eQDJahw7YwBBimfCUploz22r0PCu9eQMJ9VKlfvuEwum7
EoxHCswd993mpX8vcdsNJiSokEgTRW/OH8d1vMF60bC4Pq34blz5d88jU941l6bm
q7t9GqNR0DXiOns+sYAYpFzkmcclAoveY1QcvKPydEP8NXiGF8Jy8nF63A82+gQh
ywHNQpuHXxk16i2D2ZLC5lMirvtWGFBx5Qc4DmNwsnuBcmqMZAjvmbEUotMnf9Zo
a5LurCngImZkTSpUPD184MM2hk/S8QyZdjfjdpvJ/wrh2Y7J1CSLyFGx7w/SvW/S
w7f4hw4yDp72L84zulkDqvUdSUdNossX2eOFLABvX+vk+OiwWRrSteR0RQBAu0xY
crOmKbaA/2a4f4HzCOyLtIqdvRcXWhGeagwtI9DkbbFjUYBRHejtWJTaWF9vVm7C
KqW2ftyVWAs5C4vGPijEuAx7jQowFZSNXmQ2ij7ffdLlrxCu4IvwhL34AqpfhAPI
SwSC28yZxVOgrc4g/a+3ossIarovxgUIuSQyDKtvv3jMBXFGhTKNg7RvkUbjshCR
BpbvHTYHHEY3v4/qMjBhT0oi89IULsQ/LDD7fc+dy3sEGV5UzpMknWoy/ToUeIDu
RJxed88tuurT54BC9TNyaBJLsx+Lom00wyskbdX7h5+T9WeHLV4=
=d1EZ
-END PGP SIGNATURE End Message ---

Bug#1038893: marked as done (xserver-xorg-video-amdgpu: HDMI output not working on Linux 6.3)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 16:40:01 +
with message-id <59454286bc690d69da09d43997957...@disroot.org>
and subject line Bug#1038893: Problem unrelated to package, closing
has caused the Debian Bug report #1038893,
regarding xserver-xorg-video-amdgpu: HDMI output not working on Linux 6.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038893
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xserver-xorg-video-amdgpu
Version: 23.0.0-1
Severity: important
X-Debbugs-Cc: dais...@disroot.org

Dear Maintainer,

I'm running Debian unstable, and ever since upgrading linux-image-amd64 to 
version 6.3.7-1 the HDMI output on my notebook does not work. The monitor shows 
the "no signal" warning, then goes to standby, then wakes up after ~10 seconds 
and starts all over again in an endless loop. The same happens when switching 
to a TTY. xrandr detects the monitor and all its settings, but no image is 
shown if trying to manually enable it.
Everything worked fine up until kernel version 6.1.27-1, and continues to do so 
if I boot again with that version.

The laptop is an HP Pavilion 15-cw1xxx, the monitor is a Benq GW2765.
The CPU is an AMD Ryzen 5 3500U and there is no discrete GPU.

I believe the problem is related to the amdgpu drivers, or some other part of 
X, since changing display manager or desktop environment did not solve it but 
starting a new Wayland session did.
In fact, logging in a Wayland session, logging out and then logging in again in 
a new X session makes the HDMI output work again until the next boot.

Please let me know if you need additional info.

Best regards,
Daisuke

-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.

VGA-compatible devices on PCI bus:
--
04:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. 
[AMD/ATI] Picasso/Raven 2 [Radeon Vega Series / Radeon Vega Mobile Series] 
[1002:15d8] (rev c2)

/etc/X11/xorg.conf does not exist.

Contents of /etc/X11/xorg.conf.d:
-
total 0

/etc/modprobe.d contains no KMS configuration files.

Kernel version (/proc/version):
---
Linux version 6.3.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-12 (Debian 
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP 
PREEMPT_DYNAMIC Debian 6.3.7-1 (2023-06-12)

Xorg X server log files on system:
--
-rw-r--r-- 1 root root 26369 Nov  2  2022 /var/log/Xorg.1.log
-rw-r--r-- 1 dk   dk   53664 Jun 21 14:08 /home/dk/.local/share/xorg/Xorg.0.log
-rw-r--r-- 1 root root 39662 Jun 22 18:38 /var/log/Xorg.0.log

Contents of most recent Xorg X server log file (/var/log/Xorg.0.log):
-
[ 8.298] (--) Log file renamed from "/var/log/Xorg.pid-869.log" to 
"/var/log/Xorg.0.log"
[ 8.299] 
X.Org X Server 1.21.1.7
X Protocol Version 11, Revision 0
[ 8.299] Current Operating System: Linux pavilion 6.3.0-1-amd64 #1 SMP 
PREEMPT_DYNAMIC Debian 6.3.7-1 (2023-06-12) x86_64
[ 8.299] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.3.0-1-amd64 
root=UUID=f1abe953-7206-43fe-aafa-786c9805ec6c ro quiet 
resume=UUID=0613de18-1878-4483-83be-44e766a09f46
[ 8.299] xorg-server 2:21.1.7-3 (https://www.debian.org/support) 
[ 8.299] Current version of pixman: 0.42.2
[ 8.299]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 8.299] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 8.299] (==) Log file: "/var/log/Xorg.0.log", Time: Thu Jun 22 18:35:51 
2023
[ 8.300] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[ 8.301] (==) No Layout section.  Using the first Screen section.
[ 8.301] (==) No screen section available. Using defaults.
[ 8.301] (**) |-->Screen "Default Screen Section" (0)
[ 8.301] (**) |   |-->Monitor ""
[ 8.302] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[ 8.302] (==) Automatically adding devices
[ 8.302] (==) Automatically enabling devices
[ 8.302] (==) Automatically adding GPU devices
[ 8.302] (==) Automatically binding GPU devices
[ 8.302] (==) Max clients allowed: 256, resource

Bug#1038401: marked as done (vim: focus problems under alacritty and ncurses-term from experimental )

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 16:22:40 +
with message-id 
and subject line Bug#1038401: fixed in vim 2:9.0.1658-1
has caused the Debian Bug report #1038401,
regarding vim: focus problems under alacritty and ncurses-term from 
experimental 
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038401: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038401
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vim
Version: 2:9.0.1378-2
Severity: normal
Forwarded: https://github.com/vim/vim/issues/12499
Tags: fixed-upstream

A recent change to the alacritty terminfo entry (addition of xterm+focus
in the ncurses 20230408 patchlevel) has triggered annoying focus
behavior in vim. Steps to reproduce which work for me in both alacritty
and xterm:

- Install ncurses-term (and ncurses-base) from experimental.

- Start vim without customization:

$ TERM=alacritty LANG=C vim -u /dev/null /etc/fstab

- In Vim, enable mouse support by typing ":set mouse=a".

- Switch focus away from the terminal emulator.  This causes Vim to ring
  the terminal bell (or flash, depending on your terminal emulator's
  visual bell setting).

- Switch focus back.  Vim prints three lines at the bottom of the
  screen: the file name, its first line and the prompt
  "Press ENTER or type command to continue".

This problem has already been reported upstream (see the "Forwarded:"
URL above) and recently been fixed in patch 9.0.1619, see
https://github.com/vim/vim/commit/85ef2df075a189da8b767d7554caaed8077de868.
I have not tested the patch yet, though.


-- Package-specific info:

--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.basic
/usr/bin/vim is /usr/bin/vim.basic


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Versions of packages vim depends on:
ii  libacl1  2.3.1-3
ii  libc62.36-9
ii  libgpm2  1.20.7-10+b1
ii  libselinux1  3.4-1+b6
ii  libsodium23  1.0.18-1
ii  libtinfo66.4+20230603-1
ii  vim-common   2:9.0.1378-2
ii  vim-runtime  2:9.0.1378-2

vim recommends no packages.

Versions of packages vim suggests:
pn  ctags
pn  vim-doc  
pn  vim-scripts  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.0.1658-1
Done: James McCoy 

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy  (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 11:08:58 -0400
Source: vim
Architecture: source
Version: 2:9.0.1658-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers 
Changed-By: James McCoy 
Closes: 1031256 1035955 1038401
Changes:
 vim (2:9.0.1658-1) unstable; urgency=medium
 .
   * Merge upstream patch v9.0.1658
 + Vulnerability fixes
   - 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
   - 9.0.1402: Crash when using null_class, CVE-2023-1355
   - 9.0.1531: Crash when register contents ends up being invalid,
 CVE-2023-2609
   - 9.0.1532: Crash when expanding "~" in substitute causes very long
 text, (Closes: #1035955, CVE-2023-2610)
 + 9.0.1409: Racket files are recognized as their own filetype, rather than
   as scheme
 + 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
   doesn't expect the terminal to support them.  (Closes: #1038401)
 + Document behavior of C-x / C-a on numbers outside the range of a 64-bit
   value.  (Closes: #1031256)
   * Refresh patches, dropping backport of v9.0.1499
   * Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
 intro screen has functional help links when only vim-tiny and vim-common
 are installed
   * Declare compliance with Policy 4.6.2, no changes needed
   * Remove non-functional diversion handling in vim-runtime.postinst
Checksums-Sha1:

Bug#1031256: marked as done (decrementing 2**64 gives wrong result)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 16:22:40 +
with message-id 
and subject line Bug#1031256: fixed in vim 2:9.0.1658-1
has caused the Debian Bug report #1031256,
regarding decrementing 2**64 gives wrong result
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031256: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031256
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vim
Version: 2:9.0.1000-4
Severity: minor
Tags: upstream
X-Debbugs-Cc: s...@debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

if I have the value 18446744073709551616 in a file and decrement it using
Ctrl-X, I get 18446744073709551614.

Verified to happen with both 8.2.2434 and 9.0.1000, and without any rc
files.

   Simon

- -- Package-specific info:

- --- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.basic
/usr/bin/vim is /usr/bin/vim.basic

- -- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'stable'), (500, 'stable-debug'), (500, 'proposed-updates-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-21-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages vim depends on:
ii  libacl1  2.2.53-10
ii  libc62.31-13+deb11u5
ii  libgpm2  1.20.7-8
ii  libselinux1  3.1-3
ii  libtinfo66.2+20201114-2
ii  vim-common   2:8.2.2434-3+deb11u1
ii  vim-runtime  2:8.2.2434-3+deb11u1

vim recommends no packages.

Versions of packages vim suggests:
ii  exuberant-ctags [ctags]  1:5.9~svn20110310-14
pn  vim-doc  
pn  vim-scripts  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQFDBAEBCgAtFiEEtjuqOJSXmNjSiX3Tfr04e7CZCBEFAmPrCV0PHHNqckBkZWJp
YW4ub3JnAAoJEH69OHuwmQgRDuMH/iKmPb2FduVwcYEiS273hn0c/Iawx58I5DFK
wf/4X8KxsI+at27Gv9mxGfT9S635tMCllvWKaCuPNCxzBd4PMqUgud+e8f78hIs1
t+VK9aOF/Bv5jHCCjKqHKSQgaof4a8/oRwSwGBeYGxSDLchVuU5Md6N5mB9L7sLU
9eHAyc/4cqGd+V2KZawtQGzF6eX3CyHxavvs4aXiJhLPVdRnnPGYpWHTFTiBygzp
gBc2LYgaSc8aFe7N5y+apauZ83KiSiPutkPA/Y6xVwuLIJYUXxYag0y5DIEMb5UW
O3mo4hjvFeZbiYlj+KeULw3N9Tfrg3jxW6Ecr5SUgcn1bQlo6+E=
=N89d
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.0.1658-1
Done: James McCoy 

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy  (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 11:08:58 -0400
Source: vim
Architecture: source
Version: 2:9.0.1658-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers 
Changed-By: James McCoy 
Closes: 1031256 1035955 1038401
Changes:
 vim (2:9.0.1658-1) unstable; urgency=medium
 .
   * Merge upstream patch v9.0.1658
 + Vulnerability fixes
   - 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
   - 9.0.1402: Crash when using null_class, CVE-2023-1355
   - 9.0.1531: Crash when register contents ends up being invalid,
 CVE-2023-2609
   - 9.0.1532: Crash when expanding "~" in substitute causes very long
 text, (Closes: #1035955, CVE-2023-2610)
 + 9.0.1409: Racket files are recognized as their own filetype, rather than
   as scheme
 + 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
   doesn't expect the terminal to support them.  (Closes: #1038401)
 + Document behavior of C-x / C-a on numbers outside the range of a 64-bit
   value.  (Closes: #1031256)
   * Refresh patches, dropping backport of v9.0.1499
   * Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
 intro screen has functional help links when only vim-tiny and vim-common
 are installed
   * Declare

Bug#1035955: marked as done (vim: CVE-2023-2610)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 16:22:40 +
with message-id 
and subject line Bug#1035955: fixed in vim 2:9.0.1658-1
has caused the Debian Bug report #1035955,
regarding vim: CVE-2023-2610
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1035955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035955
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: vim
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for vim.

CVE-2023-2610[0]:
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to
| 9.0.1532.

https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a 
(v9.0.1532)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-2610
https://www.cve.org/CVERecord?id=CVE-2023-2610

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.0.1658-1
Done: James McCoy 

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy  (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 11:08:58 -0400
Source: vim
Architecture: source
Version: 2:9.0.1658-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers 
Changed-By: James McCoy 
Closes: 1031256 1035955 1038401
Changes:
 vim (2:9.0.1658-1) unstable; urgency=medium
 .
   * Merge upstream patch v9.0.1658
 + Vulnerability fixes
   - 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
   - 9.0.1402: Crash when using null_class, CVE-2023-1355
   - 9.0.1531: Crash when register contents ends up being invalid,
 CVE-2023-2609
   - 9.0.1532: Crash when expanding "~" in substitute causes very long
 text, (Closes: #1035955, CVE-2023-2610)
 + 9.0.1409: Racket files are recognized as their own filetype, rather than
   as scheme
 + 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
   doesn't expect the terminal to support them.  (Closes: #1038401)
 + Document behavior of C-x / C-a on numbers outside the range of a 64-bit
   value.  (Closes: #1031256)
   * Refresh patches, dropping backport of v9.0.1499
   * Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
 intro screen has functional help links when only vim-tiny and vim-common
 are installed
   * Declare compliance with Policy 4.6.2, no changes needed
   * Remove non-functional diversion handling in vim-runtime.postinst
Checksums-Sha1:
 c5e696e27e7159776965e72d339d73569ff8291d 3177 vim_9.0.1658-1.dsc
 68a82e6957fbc666c287def0a012be5dc91d73ac 11172116 vim_9.0.1658.orig.tar.xz
 044e6eb62883f86a1fa2dc9c80bd348c30ddf83c 186348 vim_9.0.1658-1.debian.tar.xz
Checksums-Sha256:
 06c9b2f86dd49738011f8d76fe365d748132fe9f21c751f3b947b11539a377f9 3177 
vim_9.0.1658-1.dsc
 789b78c2e0635332dcc2e1b8714836783085834a9297e3a625de11e4119922bb 11172116 
vim_9.0.1658.orig.tar.xz
 97e2b88f6a95a756282f6cfe63396053ddbe38d403f663455e8581161bece4c5 186348 
vim_9.0.1658-1.debian.tar.xz
Files:
 09d61134b1ca5585db20e9523ae65b95 3177 editors optional vim_9.0.1658-1.dsc
 175d6bc345823c10e763f30d9ab7b61a 11172116 editors optional 
vim_9.0.1658.orig.tar.xz
 4c303f4b1c8dec429ad168a84c26c68a 186348 editors optional 
vim_9.0.1658-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmSXDplfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu
QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9sG6g//TrgLAbZINdCP5AnkrRGxnXeZjdL2
pLOc1+eKkmrYnFsCOyHPqlyg3TFEgkaGGFWaQwrXPhLzWPbENXVSWH0zI8q+wXdr

Bug#1035646: marked as done (sqlite3: Add hurd-amd64 support)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:52:06 +
with message-id 
and subject line Bug#1035646: fixed in sqlite3 3.42.0-1
has caused the Debian Bug report #1035646,
regarding sqlite3: Add hurd-amd64 support
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1035646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035646
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sqlite3
Version: 3.40.1-2
Severity: important
Tags: patch
User: debian-h...@lists.debian.org
Usertags: hurd

Hello,

The attached patch fixes support for hurd-amd64 by generalizing the
conditions.

Of course this can wait for the bookworm release.

Samuel

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'proposed-updates-debug'), (500, 'proposed-updates'), (500, 
'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'), 
(500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.2.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sqlite3 depends on:
ii  libc6 2.36-9
ii  libreadline8  8.2-1.3
ii  libsqlite3-0  3.40.1-2
ii  zlib1g1:1.2.13.dfsg-1

sqlite3 recommends no packages.

Versions of packages sqlite3 suggests:
pn  sqlite3-doc  

-- no debconf information
--- debian/libsqlite3-0.symbols.original2023-05-06 23:05:54.566830927 
+
+++ debian/libsqlite3-0.symbols 2023-05-06 23:06:11.234595788 +
@@ -126,7 +126,7 @@
  sqlite3BtreeSecureDelete@Base 3.37.0
  sqlite3BtreeSetAutoVacuum@Base 3.37.0
  sqlite3BtreeSetCacheSize@Base 3.37.0
- (arch=!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64)sqlite3BtreeSetMmapLimit@Base 
3.37.0
+ (arch=!hurd-any !kfreebsd-any)sqlite3BtreeSetMmapLimit@Base 3.37.0
  sqlite3BtreeSetPageSize@Base 3.37.0
  sqlite3BtreeSetPagerFlags@Base 3.37.0
  sqlite3BtreeSetSpillSize@Base 3.37.0
--- debian/control.original 2023-05-06 23:08:27.000680341 +
+++ debian/control  2023-05-06 23:08:29.256648510 +
@@ -88,7 +88,7 @@
 Package: sqlite3-tools
 Suggests: sqlite3-doc
 Section: database
-Architecture: linux-any hurd-i386
+Architecture: linux-any hurd-any
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Breaks: sqlite3 (<< 3.37.0)
 Replaces: sqlite3 (<< 3.37.0)
--- End Message ---
--- Begin Message ---
Source: sqlite3
Source-Version: 3.42.0-1
Done: Laszlo Boszormenyi (GCS) 

We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS)  (supplier of updated sqlite3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 16:16:47 +0200
Source: sqlite3
Architecture: source
Version: 3.42.0-1
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) 
Changed-By: Laszlo Boszormenyi (GCS) 
Closes: 1035646
Changes:
 sqlite3 (3.42.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Remove sqlite3ExprIsTableConstraint@Base and
 sqlite3SelectAddColumnTypeAndCollation@Base symbols as no longer part
 of the library.
   * Update symbols file.
 .
   [ Samuel Thibault  ]
   Add hurd-amd64 support (closes: #1035646).
Checksums-Sha1:
 3b62d52eb04c3fcd74b16fdc46ced549200a03f9 2486 sqlite3_3.42.0-1.dsc
 47f72855855e1106de119efa6811b59c0b289ae9 5708628 sqlite3_3.42.0.orig-www.tar.xz
 f50bc8661856e7814793aae47171604db1a88362 8129004 sqlite3_3.42.0.orig.tar.xz
 eb1b8c955e7173a633966f3be68b0f6234cc46e0 29996 sqlite3_3.42.0-1.debian.tar.xz
Checksums-Sha256:
 bcd93bf08d021d1ed6850af2ab3d174a23e5453e81ed7a92b64623c4e1b572d1 2486

Bug#1036706: marked as done (xerial-sqlite-jdbc: CVE-2023-32697)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:32:09 +
with message-id 
and subject line Bug#1036706: fixed in xerial-sqlite-jdbc 
3.40.1.0+dfsg-1+deb12u1
has caused the Debian Bug report #1036706,
regarding xerial-sqlite-jdbc: CVE-2023-32697
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for xerial-sqlite-jdbc.

CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating SQLite database
| files in Java. Sqlite-jdbc addresses a remote code execution
| vulnerability via JDBC URL. This issue impacting versions 3.6.14.1
| through 3.41.2.1 and has been fixed in version 3.41.2.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32697
https://www.cve.org/CVERecord?id=CVE-2023-32697
[1] 
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xerial-sqlite-jdbc
Source-Version: 3.40.1.0+dfsg-1+deb12u1
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
xerial-sqlite-jdbc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated xerial-sqlite-jdbc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 13 Jun 2023 23:19:59 +0200
Source: xerial-sqlite-jdbc
Architecture: source
Version: 3.40.1.0+dfsg-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1036706
Changes:
 xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm,
 Closes: #1036706)
Checksums-Sha1:
 f68b6003914af37fed89e8f11cf15acf3ef3dcbf 2507 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 94f5faa87dc3cbdb175d1a610d1753376c76bf6e 10536 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 c7585c19c01091ac3a36df09cc31057191cd1731 14560 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
 1f15e8285dd0212f780ecd23c70ded841dabeda00a3548e23ed6aed9fe4af91e 2507 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 4369c7cefb09afc82f27840d95b09054c619cfe84b2525786fad441305493ffa 10536 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 f49b13976f6c659c65d7e03310864cbfff3c2ebbeeeb945c88680f5bf6f4e4f0 14560 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo
Files:
 d9d1daf9a3b899223b8e91dbe1fe5eda 2507 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 1e94cbaffba18ce93b60bc3ad55ee960 10536 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 a224929a138f7c752b080e7c9c4ae598 14560 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmSOCQ8ACgkQYAMWptwn
dHYFChAAtqLRAgc+JR6ClN7iRQ85Fxu9L2yeAibs3hq/oPFPObyfpyqyRhbj83Fy
rjjXQH96KvkKiJ5yn5nOmHdZZ9UPDoKv8S69ZMEwGb+3qbma+x0KRfrRtq6nLG0o
RKDG1Hlr0ZArqQhQIufN2HIL4M8oq7QjTT92aLHrjeGeLuL1GVE+MBvliEsCLvhZ
zMxyvwbdZIl97cw1dEv3R72OEoGeKle+CBlvHvpZQ822A5XFTzH3YOraLdcxJxJW
NOrd52t/6Pf7buVQ4NUiy2wWnYO8it/w5JS9u9xHaO26wXeUJAvykQPOgnGpKCG9
QNIzsDbcRnUpkFARtSclp7F6/T15+2YKqfJzFf40UlOhLfne/a0RjlcRRGjLD+ij
Nlroearr6IQsEq9bLG7Asyd/Rp8t91V+/B1kMQe7UD7eHXzfRuVdStlDLZwRwv5K
k5PIYPYmmrBWO7Qdi2wE6uwCODvJ/WekmXKfLpe8sDUl0bu27ZrJmXkISWMFjwax
dMEaaDlnUAaKBCXar+wIg9wKfNCJv4zeC10LK1IZlTqxHLKHxEtic6AKrfwCQOOw
fXRBxQyueQa5nQ3Zx8OJs8jCSTUSkcNwTQeEFddgsTFRjHiyU9PWUnKOzskgMVcg
2y1PFTUevrTziPdChfQXGqujR5l64NMMLsbQAWQ9KJ9gHOEqXG8=
=18Mp
-END PGP SIGNATURE End Message ---

Bug#1037436: marked as done (getxattr mishandles symlinks)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:32:09 +
with message-id 
and subject line Bug#1037436: fixed in aide 0.18.3-1+deb12u1
has caused the Debian Bug report #1037436,
regarding getxattr mishandles symlinks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037436: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037436
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: aide
Version: 0.17.3-4+deb11u1
Severity: important
Tags: upstream

Hi,

this applies to aide in bullseye, bookworm and sid. As discussed in
https://github.com/aide/aide/issues/156, getxattr in do_md.c should be
lgetxattr instead. Upstream patch is
https://github.com/aide/aide/commit/04b34dd46292dedf830ef2366a8869a31488

A patched version will go to unstable first, I will then prepare and
coordinate updates for bookworm and bullseye via stable proposed updates
for the next point release, together with the fix for #1037171.

Greetings
Marc
--- End Message ---
--- Begin Message ---
Source: aide
Source-Version: 0.18.3-1+deb12u1
Done: Marc Haber 

We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber  (supplier of updated aide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 14 Jun 2023 17:04:20 +0200
Source: aide
Architecture: source
Version: 0.18.3-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Aide Maintainers 
Changed-By: Marc Haber 
Closes: 1037171 1037436
Changes:
 aide (0.18.3-1+deb12u1) bookworm; urgency=medium
 .
   * call dh_installsysusers manually in debian/rules
 Thanks to Tomasz Ciolek (Closes: #1037171)
   * Fix handling of extended attributes on symlinks. (Closes: #1037436)
Checksums-Sha1:
 b315073d184ce6b20b0394cf9e838146612e669a 2611 aide_0.18.3-1+deb12u1.dsc
 5b04a3a650b66cf4f55d4c80e2155da513c29156 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 2773a5ee67abee4c34cdb40924e5b98b1930f4f5 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Checksums-Sha256:
 5881b8e7f6ed00860483721b25ca4d7add6a34b528f5e1d0ce21ec0709bdf7bd 2611 
aide_0.18.3-1+deb12u1.dsc
 bffc0a574f438369e42656667b9aece2859de6253704d6c6be0e5abeca3c1f81 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 ccef71f1962f7b78ab2b4fc65a60b2ad17d8083f92d6d5497b9c2f656664fa5d 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Files:
 adc1d44f43452420566bdee37d3301f6 2611 admin optional aide_0.18.3-1+deb12u1.dsc
 4caf068b32e15a9185833c3ffb8bd365 108080 admin optional 
aide_0.18.3-1+deb12u1.debian.tar.xz
 4f531bf05d42d5924766427615de91ee 6629 admin optional 
aide_0.18.3-1+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmSWzq4ACgkQj3cgEwEy
BEJ/7RAAwOoyRBMWEclxTqyGOpHNdLD8Cn1jAwvIOJUQItiTkhUw/0Bdz206xvMV
2hjxxKj0+IZfyRc+9VBKj9CqY/7Dpg68uwVhzORZmCQkhP/OkGZTDMZ47KMVTx1/
5u9ddZdpLoSa3i981cW+atfHGLijXnzQovVZ7cM7H6jg9zofT04PyqC3yg0Jp2fp
06CpuqhDs9oRKbMehSrsmmnGI1WFJojiW3FGmr6rKSo9+CIIWwSU+ecwwqMehnRu
CG/Q13/FaFgQKySrHz8E3JYgPA9ZtZvtCk8eaXXlo/mbU4tb+MtvfGQLtIeloYJg
1ExNar4Q/j2yVc+04aU2xd6XkvIHQDhLgJQ/YYQtcjBGudw6P96f3dUUBMwWuiwr
TA6PotHzwwmFIrIdzi8q8aN7ODIdeJWqEDIiNpqDzHz98Pv3fI2IKDrgnAnQarwl
U9YMVmn9AztzWphdnsRlqRYO1Lw10SCxtHmtEj2cAWzIFZExBaGjczFJuHIBnYT4
RUMWGrF6tSgLyjFQnF6FR+QHt2BpZmK0wHQ+NzuQLe24fV8h0G6lxYceudxYClhZ
5cbSUF0LZq5wF9iFGvQAT8YWFWWyFgeOK7NDhffo7FfQwibM8IuzFoxxgTMK/Sst
KCkP7snWcdjJjLQa1D7jImv8ar7QkJ+A6RmgVIS1BBNAWBcTg78=
=OG52
-END PGP SIGNATURE End Message ---

Bug#1037171: marked as done (aide: fresh aide package install fails to add the requried _aide user to system)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:32:09 +
with message-id 
and subject line Bug#1037171: fixed in aide 0.18.3-1+deb12u1
has caused the Debian Bug report #1037171,
regarding aide: fresh aide package install fails to add the requried _aide user 
to system
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037171
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: aide
Version: 0.18.3-1
Severity: serious
Justification: 5.d

Dear Maintainer,

A fresh aide package install on debina buster fails to add the requried _aide 
user to system. This block the ability to run 'aideinit' script.

While this is mentioned in /usr/share/doc/aide-common/README.Debian.gz there 
are no clear instrucntions as to whar range of UID/GID to give the _aide user 
when cerating them manually.

Pleas resolve as this blocks upgarde on most of my systems as I use aide across 
all of them.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages aide depends on:
ii  libacl1   2.3.1-3
ii  libaudit1 1:3.0.9-1
ii  libc6 2.36-9
ii  libcap2   1:2.66-4
ii  libext2fs21.47.0-2
ii  libmhash2 0.9.9.9-9
ii  libpcre2-8-0  10.42-1
ii  libselinux1   3.4-1+b6
ii  zlib1g1:1.2.13.dfsg-1

Versions of packages aide recommends:
ii  aide-common  0.18.3-1

Versions of packages aide suggests:
pn  figlet  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: aide
Source-Version: 0.18.3-1+deb12u1
Done: Marc Haber 

We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber  (supplier of updated aide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 14 Jun 2023 17:04:20 +0200
Source: aide
Architecture: source
Version: 0.18.3-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Aide Maintainers 
Changed-By: Marc Haber 
Closes: 1037171 1037436
Changes:
 aide (0.18.3-1+deb12u1) bookworm; urgency=medium
 .
   * call dh_installsysusers manually in debian/rules
 Thanks to Tomasz Ciolek (Closes: #1037171)
   * Fix handling of extended attributes on symlinks. (Closes: #1037436)
Checksums-Sha1:
 b315073d184ce6b20b0394cf9e838146612e669a 2611 aide_0.18.3-1+deb12u1.dsc
 5b04a3a650b66cf4f55d4c80e2155da513c29156 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 2773a5ee67abee4c34cdb40924e5b98b1930f4f5 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Checksums-Sha256:
 5881b8e7f6ed00860483721b25ca4d7add6a34b528f5e1d0ce21ec0709bdf7bd 2611 
aide_0.18.3-1+deb12u1.dsc
 bffc0a574f438369e42656667b9aece2859de6253704d6c6be0e5abeca3c1f81 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 ccef71f1962f7b78ab2b4fc65a60b2ad17d8083f92d6d5497b9c2f656664fa5d 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Files:
 adc1d44f43452420566bdee37d3301f6 2611 admin optional aide_0.18.3-1+deb12u1.dsc
 4caf068b32e15a9185833c3ffb8bd365 108080 admin optional 
aide_0.18.3-1+deb12u1.debian.tar.xz
 4f531bf05d42d5924766427615de91ee 6629 admin optional 
aide_0.18.3-1+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmSWzq4ACgkQj3cgEwEy
BEJ/7RAAwOoyRBMWEclxTqyGOpHNdLD8Cn1jAwvIOJUQItiTkhUw/0Bdz206xvMV
2hjxxKj0+IZfyRc+9VBKj9CqY/7Dpg68uwVhzORZmCQkhP/OkGZTDMZ47KMVTx1/
5u9ddZdpLoSa3i981cW+atfHGLijXnzQovVZ7cM7H6jg9zofT04PyqC3yg0Jp2fp
06CpuqhDs9oRKbMehSrsmmnGI1WFJojiW3FGmr6rKSo9+CIIWwSU+ecwwqMehnRu
CG/Q13/FaFgQKySrHz8E3JYgPA9ZtZvtCk8eaXXlo/mbU4tb+MtvfGQLtIeloYJg
1ExNar4Q/j2yVc+04aU2xd6XkvIHQDhLgJQ/YYQtcjBGudw6P96f3dUUBMwWuiwr
TA6PotHzwwmFIrIdzi8q8aN7ODIdeJWqEDIiNpqDzHz98Pv3fI2IKDrgnAnQarwl

Bug#1038960: marked as done (flowblade: missing dependency on ffmpeg)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:19:03 +
with message-id 
and subject line Bug#1038960: fixed in flowblade 2.10.0.2-1
has caused the Debian Bug report #1038960,
regarding flowblade: missing dependency on ffmpeg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038960: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038960
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: flowblade
Version: 2.10.0.1-1
Severity: important

MLT detection succeeded, 184 formats, 122 video codecs and 84 audio codecs 
found.
688 MLT services found.
Loading render profiles...
Traceback (most recent call last):
  File "/usr/bin/flowblade", line 93, in 
app.main(modules_path)
  File "/usr/share/flowblade/Flowblade/app.py", line 263, in main
renderconsumer.load_render_profiles()
  File "/usr/share/flowblade/Flowblade/renderconsumer.py", line 234, in 
load_render_profiles
ret_code = _test_command(FFMPEG_TEST, True)
   
  File "/usr/share/flowblade/Flowblade/renderconsumer.py", line 335, in 
_test_command
process = subprocess.Popen(bash_args_list)
  
  File "/usr/lib/python3.11/subprocess.py", line 1024, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
  File "/usr/lib/python3.11/subprocess.py", line 1901, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'ffmpeg'

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flowblade depends on:
ii  frei0r-plugins1.8.0-1+b1
ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+b1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-pango-1.0  1.50.12+ds-1
ii  gmic  2.9.4-4+b4
ii  libmlt-data   7.12.0-1
ii  librsvg2-common   2.54.5+dfsg-1
ii  python3   3.11.2-1+b1
ii  python3-cairo 1.20.1-5+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-distutils 3.11.2-3
ii  python3-gi3.42.2-3+b1
ii  python3-gi-cairo  3.42.2-3+b1
ii  python3-mlt   7.12.0-1+b1
ii  python3-numpy 1:1.24.2-1
ii  python3-opencv4.6.0+dfsg-12
ii  python3-pil   9.4.0-1.1+b1
ii  swh-plugins   0.4.17-2

flowblade recommends no packages.

flowblade suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flowblade
Source-Version: 2.10.0.2-1
Done: Gürkan Myczko 

We believe that the bug you reported is fixed in the latest version of
flowblade, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gürkan Myczko  (supplier of updated flowblade package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 16:56:28 +0200
Source: flowblade
Architecture: source
Version: 2.10.0.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
Changed-By: Gürkan Myczko 
Closes: 1038960
Changes:
 flowblade (2.10.0.2-1) unstable; urgency=medium
 .
   * New upstream version.
   * d/control: add ffmpeg to Depends. (Closes: #1038960)
Checksums-Sha1:
 c4a6fa50d05f18f19da0fa92e32183204460dd8b 2181 flowblade_2.10.0.2-1.dsc
 3c11223f39d07eacfa4b40c715bd2f3f3bc3f0e6 19391742 
flowblade_2.10.0.2.orig.tar.gz
 64bca04dededc389b8fbfacfac856341b5a1b2f4 25072 
flowblade_2.10.0.2-1.debian.tar.xz
 37cab1c930e96f28f29e5cd5c31e1055e9bcd2d6 8863 
flowblade_2.10.0.2-1_source.buildinfo
Checksums-Sha256:
 4b61fbaa35d1958085e72718df4ec471fc54443fbd9ba59e027429dc8e5edaee 2181 
flowblade_2.10.0.2-1.dsc
 9473461b574e80b4f6e7f9e44f9af78a48960852689622df75590d50e3b79d78 19391742

Bug#1036950: marked as done (schleuder: fails to upgrade from 'buster': insufficient dependency on ruby-activerecord (>= 2:6))

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:07:10 +
with message-id 
and subject line Bug#1036950: fixed in schleuder 4.0.3-8
has caused the Debian Bug report #1036950,
regarding schleuder: fails to upgrade from 'buster': insufficient dependency on 
ruby-activerecord (>= 2:6)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: schleuder
Version: 3.6.0-3+deb11u1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'buster'.
It installed fine in 'buster', then the upgrade to 'bullseye' fails.

Note that this failure only occurs during a 2-stage upgrade
(apt-get upgrade && apt-get distupgrade) in the apt-get upgrade step,
while a single-stage upgrade (only apt-get dist-upgrade) works fine.

>From the attached log (scroll to the bottom...):

  Setting up schleuder (3.6.0-3+deb11u1) ...
  Installing new version of config file /etc/schleuder/list-defaults.yml ...
  dpkg: error processing package schleuder (--configure):
   installed schleuder package post-installation script subprocess returned 
error exit status 1

I tried injecting 'set -x' into the postinst, but the output is not very
helpful:

Setting up schleuder (3.6.0-3+deb11u1) ...
+ set -e
+ id schleuder
+ chown schleuder /etc/schleuder
+ chown root:schleuder /etc/schleuder/schleuder.yml 
/etc/schleuder/list-defaults.yml
+ chmod 0640 /etc/schleuder/schleuder.yml /etc/schleuder/list-defaults.yml
+ chmod 0750 /var/lib/schleuder /var/log/schleuder
+ chown schleuder:schleuder /var/lib/schleuder /var/log/schleuder
+ [ -z 3.4.0-2+deb10u3 ]
+ dpkg --compare-versions 3.4.0-2+deb10u3 lt 3.0
+ SCHEMA=SCHEMA=/dev/null
+ runuser -u schleuder -- sh -c SCHEMA=/dev/null schleuder install >/dev/null
dpkg: error processing package schleuder (--configure):
 installed schleuder package post-installation script subprocess returned error 
exit status 1
Errors were encountered while processing:
 schleuder

Entering the chroot after the failure and runnign 
  runuser -u schleuder -- sh -c 'SCHEMA=/dev/null schleuder install'
does not give any output either.

My guess is that there is some insufficiently versioned dependency that
has not yet been upgraded during 'apt-get upgrade' is required for this
comand to succeed.


cheers,

Andreas


schleuder_3.6.0-3+deb11u1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: schleuder
Source-Version: 4.0.3-8
Done: Georg Faerber 

We believe that the bug you reported is fixed in the latest version of
schleuder, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Georg Faerber  (supplier of updated schleuder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 13:57:43 +
Source: schleuder
Architecture: source
Version: 4.0.3-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 

Changed-By: Georg Faerber 
Closes: 1036950
Changes:
 schleuder (4.0.3-8) unstable; urgency=medium
 .
   * debian/control:
 - Add missing versioning on ruby-activerecord dependency. Thanks to
   Hendrik Jäger and Andreas Beckmann for reporting this issue.
   (Closes: #1036950)
   * debian/patches:
 - Add patch to relax mail version in gemspec.
 - Refresh two patches to handle fuzz introduced via the added patch.
   * debian/salsa-ci.yml:
 - Add an experimental piuparts multi distro upgrade test job. This should
   ease future maintenance, and help to ensure upgrades of schleuder across
   distros work as expected.
Checksums-Sha1:
 45674a1fe29922affefc9d93ad76e95ecb2e600f 1677 schleuder_4.0.3-8.dsc
 8e5b4dd945aa618f8e7e836a41ebe33a8f56dba6 291499 schleuder_4.0.3.orig.tar.gz
 df4017b8a2b63804ad3f579f4b557a4f16b6e987 24164 schleuder_4.0.3-8.debian.tar.xz
 669dd4b161831e97f6a8a11e497e5679a2c2e3f8 9881 schleuder_4.0.3-8_amd64.buildinfo
Checksums-Sha256:

Bug#1038645: marked as done (haskell-tldr FTBFS: dh_installman: error: Cannot find (any matches for) "tldr-hs.1")

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 14:35:38 +
with message-id 
and subject line Bug#1038645: fixed in haskell-tldr 0.9.2-4
has caused the Debian Bug report #1038645,
regarding haskell-tldr FTBFS: dh_installman: error: Cannot find (any matches 
for) "tldr-hs.1"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038645: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: haskell-tldr
Version: 0.9.2-3
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=haskell-tldr=0.9.2-3

...
dh_installexamples -ptldr-hs 
dh_installman -ptldr-hs 
dh_installman: error: Cannot find (any matches for) "tldr-hs.1" (tried in .)

dh_installman: error: Aborting due to earlier error
make: *** [/usr/share/cdbs/1/rules/debhelper.mk:238: binary-install/tldr-hs] 
Error 25
--- End Message ---
--- Begin Message ---
Source: haskell-tldr
Source-Version: 0.9.2-4
Done: Ilias Tsitsimpis 

We believe that the bug you reported is fixed in the latest version of
haskell-tldr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ilias Tsitsimpis  (supplier of updated haskell-tldr 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 16:43:18 +0300
Source: haskell-tldr
Architecture: source
Version: 0.9.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Haskell Group 

Changed-By: Ilias Tsitsimpis 
Closes: 1038645
Changes:
 haskell-tldr (0.9.2-4) unstable; urgency=medium
 .
   * Fix ARCH_ANY build (Closes: #1038645)
Checksums-Sha1:
 7327d2d3abc9db279220bce4b51750c9ddb070ab 2990 haskell-tldr_0.9.2-4.dsc
 6a74c2b995a6a3caa88f8939ea2e4d2fc36c34d5 3668 
haskell-tldr_0.9.2-4.debian.tar.xz
 ce46e1f1e626f6aca7f8c6ba8b542d7c65573fbd 17373 
haskell-tldr_0.9.2-4_amd64.buildinfo
Checksums-Sha256:
 c6a90435b0d26e2c7d3add1a3cabf0789ed06f2d376e55e7d91582036fad5478 2990 
haskell-tldr_0.9.2-4.dsc
 d98da0eb6a3737bdac1a605b1010190cee0da5e54e2d54b3c27170b58f7da2f8 3668 
haskell-tldr_0.9.2-4.debian.tar.xz
 717ca480a0b96a4b67f3dff65b037cbc1bf236aa7e5c0237f271999398fcbed1 17373 
haskell-tldr_0.9.2-4_amd64.buildinfo
Files:
 89744cf179a823bb6062e2e172bc8245 2990 haskell optional haskell-tldr_0.9.2-4.dsc
 bb4dcd67ec8113d9d13045c2193c1e41 3668 haskell optional 
haskell-tldr_0.9.2-4.debian.tar.xz
 6292cf25667e43449b1c0b0a25677871 17373 haskell optional 
haskell-tldr_0.9.2-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEJ9c8pfW11+AaUTb116hngMxkQDwFAmSW9IUUHGlsaWFzdHNp
QGRlYmlhbi5vcmcACgkQ16hngMxkQDyFABAAnVkFumMQodMPm2R8tjAC50BrMuDg
feBbRfZgaqEpaMBiRp4uKUBARXTo7leuomxbCchLLI4Ft3Kwe2oW4a4/DyoHzUM8
flRzSSWFu+TtHUO0V/jL3VQygccyzS5v2V9I1SsseS8oQHu08s0hq1zJ97b4sgnM
ahSYoPTOUeUMNUX0sDGGxebIsdyo/2hXLRvussxskQ7hmV/ikt7Lrb5I3z11VdlH
JPUlfhZszms21o0QJhcgLvMIeWffqVYySc6zedvJ3OohAVE7U3OL2Az0Oy6yHwvO
zID+vzlfk7n9zQmY2sO51eS/K95zeX1xeFSKQe9278/pwfAJvL9Ytmv0m/Gu3Uq6
LaPMLC+gl9ar9zd+l9X+dEzAybnC/P6G/yy0DjVSAmMseuwThSVNOXFY1DPErVTP
xW+OP8fgirXw6Y+vGF/Ufm8VLiy1TBjNQbr/pZAXkSeiETjhZN+ImgEvO6n//MNv
2Bp637tmH6wUYVNTZZV7OIYtpGRpVCJ1WnTw6mHpbfiUf+QCUXl6uMtUPoCpiW1L
TtekMg6Jxp/hbO/cTKZA2+1pGjm5LHlH1l3tHe7TZ0h3cfRJzd2bL2u6GSkJUusu
RihrjnGcphH0+T63nEPQD42DbMBSooPKBDQ+Ts3dk/Jt4RF1w426G1m6UKDiiShw
kYGlV5iDPr0J1lU=
=VDrp
-END PGP SIGNATURE End Message ---

Bug#1038133: marked as done (libx11: CVE-2023-3138)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 14:32:09 +
with message-id 
and subject line Bug#1038133: fixed in libx11 2:1.8.4-2+deb12u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libx11
Source-Version: 2:1.8.4-2+deb12u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:54:32 +0200
Source: libx11
Architecture: source
Version: 2:1.8.4-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian X Strike Force 
Changed-By: Salvatore Bonaccorso 
Closes: 1038133
Changes:
 libx11 (2:1.8.4-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
 (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 1b29f8777a0f0d1181c37aff0b788f177da15ffe 2670 libx11_1.8.4-2+deb12u1.dsc
 008e30d9d2d1458f4645755e99c56750cebeec1a 3168573 libx11_1.8.4.orig.tar.gz
 12a8c1b57916a6bc12c99ef9fcdd5e473431e64f 801 libx11_1.8.4.orig.tar.gz.asc
 58af89a9b8fb6d09fdbef380272a7c83ed1d48a9 112336 libx11_1.8.4-2+deb12u1.diff.gz
Checksums-Sha256: 
 52f4dbdadc4426c49052758b8019dda5ce2f8d90ef14ab63c7541009c4d21e45 2670 
libx11_1.8.4-2+deb12u1.dsc
 efd3a3a43c1f177edc2c205bedb0719b6648203595e54c0b83a32576aeaca7cd 3168573 
libx11_1.8.4.orig.tar.gz
 9d9a6bcdd81a40ed377b2981a4d40a0db1315d095e9ccc35a0ba78e692df8591 801 
libx11_1.8.4.orig.tar.gz.asc
 a76755e21b268222e8e5f02cc6032655c83d180c8df6a201b08e3ea71cc6a4c4 112336 
libx11_1.8.4-2+deb12u1.diff.gz
Files: 
 88a8fa591a9a0965bd7a14efe207ab1c 2670 x11 optional libx11_1.8.4-2+deb12u1.dsc
 b568618f2f9f5e3ff348f7ab985ea2d8 3168573 x11 optional libx11_1.8.4.orig.tar.gz
 ee8f1c527a875662b7ca070302054b40 801 x11 optional libx11_1.8.4.orig.tar.gz.asc
 71ed2ad77561b2a7dd1c8e5365bb7974 112336 x11 optional 
libx11_1.8.4-2+deb12u1.diff.gz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLcJxfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7ZoP/29WGq+N/ouGYI/rMwvbPXqsrTWmOPsy
YgmVmj89py+Pkk1My1TQo9vjF0Rqs6g8ns2OLPGQJ4uAloFn7pcqhMlHOe3HbSlR
sSAZP8uRetNqNJMAPAnn14Ktd7g4/8SI0wM7CntzpzVSNM9C7dsHESL0fc0Jy+Ef
gxz5kcAKieTp2p7OsLLbKZ2V7218GdQnB91psoHx3/lw5JGEMp9sEdBRZ4o1xjvh
jDiUErEd7DWjvXVe4uOzjDqOQ3kTPgl3Cd80OnxYh1VaaD6yLrjVVwF3uy44QprJ
5uKvJk2wxp1A8c8VZz5Jo8+7es7yCPuysqsCJW7NHJCLzaxq6eLm1yw0RF6mIQ+s
ySG8Sjm+arAR0TMBjy5Onh5UqEMlVwdkh8Q0PsLjA6XNyZvTXbSOhQvLdwWwNDp1
seUMEnep8Sth782gvwMIQd/Z5qoQxeSm7AX067ISbvf/Zqx4hmUVvHybYKoy+d78
jZYXbcjtBqtyWZdvD19Rtmw3ryVzN9z4QIp8dXyBpjQUXTLSNcZZT+a5catY4L6z
rHO/DDvEni1ai4Xm2qh1vBRcEtzNWXEtKKNTgV4f/yISFtPrYMzOtJCtTUjEt7CK
o1zyv0E2FZAH8lH0CZk7YrqgOw/KmE+zUlpk7dlPC2CuXNBASk4A7TPVAhtpputp
XUuhe5mAk0XY
=DtCd
-END PGP

Bug#1037948: marked as done (xmltooling: Parsing of KeyInfo elements can cause remote resource access)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 14:33:04 +
with message-id 
and subject line Bug#1037948: fixed in xmltooling 3.2.3-1+deb12u1
has caused the Debian Bug report #1037948,
regarding xmltooling: Parsing of KeyInfo elements can cause remote resource 
access
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037948: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037948
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xmltooling
Severity: important
Tags: patch upstream security

Shibboleth Service Provider Security Advisory [12 June 2023]

An updated version of the XMLTooling library that is part of the
OpenSAML and Shibboleth Service Provider software is now available
which corrects a server-side request forgery (SSRF) vulnerability.

Parsing of KeyInfo elements can cause remote resource access.
=
Including certain legal but "malicious in intent" content in the
KeyInfo element defined by the XML Signature standard will result
in attempts by the SP's shibd process to dereference untrusted
URLs.

While the content of the URL must be supplied within the message
and does not include any SP internal state or dynamic content,
there is at minimum a risk of denial of service, and the attack
could be combined with others to create more serious vulnerabilities
in the future.

This issue is *not* specific to the V3 XMLTooling software and is
believed to impact all versions prior to V3.2.4.

Recommendations
===
Update to V3.2.4 or later of the XMLTooling library, which is
now available. Note that on Linux and similar platforms, upgrading
this component will require restarting the shibd process to correct
the bug.

The updated version of the library has been included in a V3.4.1.3
patch release of the Service Provider software on Windows.

Other Notes
===
The xmltooling git commit containing the fix for this issue is
6080f6343f98fec085bc0fd746913ee418cc9d30 and may be in general terms
applicable to V2 of the library.

Credits
===
Juriën de Jong, an independent security researcher in the Netherlands

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20230612.txt
--- End Message ---
--- Begin Message ---
Source: xmltooling
Source-Version: 3.2.3-1+deb12u1
Done: Ferenc Wágner 

We believe that the bug you reported is fixed in the latest version of
xmltooling, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ferenc Wágner  (supplier of updated xmltooling package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 18:52:03 +0200
Source: xmltooling
Architecture: source
Version: 3.2.3-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Shib Team 
Changed-By: Ferenc Wágner 
Closes: 1037948
Changes:
 xmltooling (3.2.3-1+deb12u1) bookworm-security; urgency=high
 .
   * [9e43891] New patch: CPPXT-157 - Install blocking URI resolver into
 Santuario.
 Fix a denial of service vulnerability: Parsing of KeyInfo elements can
 cause remote resource access.
 Including certain legal but "malicious in intent" content in the
 KeyInfo element defined by the XML Signature standard will result
 in attempts by the SP's shibd process to dereference untrusted
 URLs.
 While the content of the URL must be supplied within the message
 and does not include any SP internal state or dynamic content,
 there is at minimum a risk of denial of service, and the attack
 could be combined with others to create more serious vulnerabilities
 in the future.
 Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 3591432fe34bf18216c181fa802ef15a61892d9e 2822 xmltooling_3.2.3-1+deb12u1.dsc
 cf8f73d5592e71c4ebabb8c6f93a4d8db3e42081 620767 xmltooling_3.2.3.orig.tar.bz2
 9327a0d4f15477d8661813b1f69e184ed023c2ec 833 xmltooling_3.2.3.orig.tar.bz2.asc
 fe92a349ede365171316d085d10234ad3617fa1b 19052 
xmltooling_3.2.3-1+deb12u1.debian.tar.xz
 8ba5f046c2fd81bb302a73843e86348d3fccd181

Bug#1037052: marked as done (minidlna: CVE-2023-33476)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 14:32:16 +
with message-id 
and subject line Bug#1037052: fixed in minidlna 1.3.0+dfsg-2.2+deb12u1
has caused the Debian Bug report #1037052,
regarding minidlna: CVE-2023-33476
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minidlna
Version: 1.3.2+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for minidlna.

CVE-2023-33476[0]:
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
| to Buffer Overflow. The vulnerability is caused by incorrect
| validation logic when handling HTTP requests using chunked transport
| encoding. This results in other code later using attacker-controlled
| chunk values that exceed the length of the allocated buffer, resulting
| in out-of-bounds read/write.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33476
https://www.cve.org/CVERecord?id=CVE-2023-33476
[1] https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
[2] 
https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minidlna
Source-Version: 1.3.0+dfsg-2.2+deb12u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
minidlna, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated minidlna package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 21:34:02 +0200
Source: minidlna
Architecture: source
Version: 1.3.0+dfsg-2.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Alexander GQ Gerasiov 
Changed-By: Salvatore Bonaccorso 
Closes: 1037052
Changes:
 minidlna (1.3.0+dfsg-2.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052)
Checksums-Sha1: 
 4464ffe7fe55f745e05aa9a1233a4ff4d50c  
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 7bb3e75cd7c64d7136b95dc138f71b6d55fb29ae 165464 minidlna_1.3.0+dfsg.orig.tar.xz
 243544fe7d3ba9905ba13d99c5489eb38d8368ba 25044 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz
Checksums-Sha256: 
 6e98bd8af8483a481ba29c661dd9320415e98b1e8b08b1066dafc5a5bbcb498b  
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 0b536ff6c689973781f23fb9f9decb7f5ab902b39d57e1991789574de8d5ea5c 165464 
minidlna_1.3.0+dfsg.orig.tar.xz
 cdc849436dc6cac0dd368b808c34f81584e75835540905aaaf7534b4583cce45 25044 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz
Files: 
 68b7747431cdb9b9e0a8ca8a6f9daa2a  net optional 
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 d35382198df6ad1020d27fa6971b4795 165464 net optional 
minidlna_1.3.0+dfsg.orig.tar.xz
 32288decd7e5beff6f4b917f3a01df69 25044 net optional 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSQri1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIJgP/2qthbFwJfK/CoFw5mh3OEKcy/ObUXyk
47Wy8aTR+2rPCn/uYGYZGI7XluZXoP8w61Myyt0TE25nZgcPeWvM+QKUnAgdm61E
JGWi9HQpVN0QDBUUg8sKP2BYfios8P6Yafk24h3CWuBj61055mQh/FS2khXBqkah
2doHDkxcQ/iTqhBnnwpbtaf4ot1U04krt9lvrfD/a4icNgmcLEVY0wyIldyGAwx1
A7KZtXODMHIu0bEAFeXhtaYSLORyVGy8ixrxtXUmSQxOSdakrWKsIe6c7gncfwum
BODgQSmeAzlQNVHG+HpXibDxpVLERSPEoHlwbbKeAtBDZdVlZmEYd9FwhZqAThSk
m9xI8kMsVRy6sXqIgzdq/XS5jRycCmzIC/KiyNVo/u6flZBOqHJcNDYpQLH5BF8T
MzMG1xYC+hMz0BW0DGfZKL7xaSyAP0uRjn5E9Z6wCz9l30hvA5nkOHeG6H54/FXF

Bug#1036866: marked as done (gstreamer1.0-plugins-base: what about version 1.22.3-1 binaries for amd64?)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 15:37:13 +0200
with message-id 

and subject line re: gstreamer1.0-plugins-base: what about version 1.22.3-1 
binaries for amd64?
has caused the Debian Bug report #1036866,
regarding gstreamer1.0-plugins-base: what about version 1.22.3-1 binaries for 
amd64?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gstreamer1.0-plugins-base
Version: 1.22.3-1
Severity: wishlist

Dear Maintainer,

Since last upload on 2023-05-19[1], what about the amd64 binaries
the only one not being up-to-date in the list[2]?

Thanks,
Patrice

[1] https://tracker.debian.org/pkg/gst-plugins-base1.0
[2] https://packages.debian.org/en/experimental/gstreamer1.0-plugins-base


-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-0-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gstreamer1.0-plugins-base depends on:
ii  libc6   2.36-9
ii  libcdparanoia0  3.10.2+debian-14
ii  libglib2.0-02.76.2-1
ii  libgstreamer-plugins-base1.0-0  1.22.2-1
ii  libgstreamer1.0-0   1.22.3-1
ii  libogg0 1.3.5-3
ii  libopus01.3.1-3
ii  liborc-0.4-01:0.4.33-2
ii  libtheora0  1.1.1+dfsg.1-16.1+b1
ii  libvisual-0.4-0 0.4.0-19
ii  libvorbis0a 1.3.7-1
ii  libvorbisenc2   1.3.7-1

gstreamer1.0-plugins-base recommends no packages.

Versions of packages gstreamer1.0-plugins-base suggests:
ii  gvfs  1.50.4-1

-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.22.3-2

Closing this as a new package version is in Sid with the amd64 build available.--- End Message ---

Processed: Re: bundling extensions into one src/bin: unmaintainable?

2023-06-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1030683 20230618-2
Bug #1030683 [src:gnome-shell-extensions-extra] bundling extensions into one 
src/bin: unmaintainable?
Marked as fixed in versions gnome-shell-extensions-extra/20230618-2.
Bug #1030683 [src:gnome-shell-extensions-extra] bundling extensions into one 
src/bin: unmaintainable?
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1030683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: RFS: urlwatch/2.28-1 -- monitors webpages for you

2023-06-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1035726
Bug #1035726 [sponsorship-requests] RFS: urlwatch/2.28-1 -- monitors webpages 
for you
Marked Bug as done
> stop
Stopping processing here.

Please contact me if you need assistance.
-- 
1035726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: your mail

2023-06-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 1037884
Bug #1037884 [src:vfu] vfu: ftbfs with GCC-13
Marked Bug as done
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1037884: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037884
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1035587: marked as done (linux: broken AHCI controller on MIPS Loongson 3 (regression from 5.10.162-1))

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 11:46:24 +0200
with message-id 
and subject line Re: Bug#1035587: linux: broken AHCI controller on MIPS 
Loongson 3 (regression from 5.10.162-1)
has caused the Debian Bug report #1035587,
regarding linux: broken AHCI controller on MIPS Loongson 3 (regression from 
5.10.162-1)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1035587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: linux
Version: 5.10.178-3
Severity: important
X-Debbugs-Cc: d...@debian.org, debian-m...@lists.debian.org, s...@debian.org

Following the point release, the buildd mipsel-osuosl-03.d.o does not
boot anymore, with errors in the AHCI controller:

[   35.912147] ata4.00: exception Emask 0x0 SAct 0x2000 SErr 0x0 action 0x6 
frozen
[   35.919769] ata4.00: failed command: WRITE FPDMA QUEUED
[   35.924968] ata4.00: cmd 61/20:e8:00:f0:e1/00:00:00:00:00/40 tag 29 ncq dma 
16384 out
[   35.924968]  res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 
(timeout)
[   35.940097] ata4.00: status: { DRDY }
[   35.943743] ata4: hard resetting link

While that initially looks like a hardware issue, it appears that
reverting the kernel to 5.10.162-1 (from 5.10.178-3) fixes the issue.
Strangely mipsel.osuosl-05.d.o, which seems to be similar hardware (CPU,
motherboard and SATA drive), does not exhibit the same issue.

You'll find attached the output of /proc/cpuinfo, lspci and the full
boot log.
PMON2000 MIPS Initializing. Standby...

node 0 N Voltage  write :
v ctrl err

node 0 N Voltage  read :
00080760uV 

node 0 P Voltage write :

0xbfe00190  : 5282a9b7b7a7
CPU CLK SEL : 0002
MEM CLK SEL : 0014
HT CLK SEL : 0014
Disable HT0 clock
Change the scale of HT1 clock
Change the scale of LS132 clock

BBGEN start  :
BBGEN config value  :00ff6431
Soft CLK SEL adjust begin
CORE & NODE:
Miku MAGIC Mismtach
04110c85
MEM   :0909017b
fdcoefficient  :0004
HT:
SYS_LOOPC:0012

DDR_LOOPC:0024
NO TLB cache init ...
Jump to 9fc
32 bit PCI space translate to 64 bit HT space

Check HT bus up.
01110020
set LS7A MISC and confbus base address done.
3A HT in soft freq cfg mode...ok
7A HT in soft freq cfg mode...ok

PLL check success.
Wait HT bus up.01110020>
01110020
Set 7A side HT:
Set width
0020
Set Freq
82251060
Set soft config
008a810a
Set Gen3 mode
81237008
Set retry mode
0081
Enable scrambling
0078
set buffer num
0fff
Set CPU side HT:
Set width
0020
Set Freq
82250060
Set soft config
0087c10a
Set GEN3 mode
81237008
Set retry mode
0081
Enable scrambling
0078
Reset Node 0 HT1-lo bus
0040
Wait HT bus down.>
0010

Dereset Node 0 HT1 bus

Wait HT bus up.>
0020

After reconnect, PLL check success.
Checking Node 0 HT1 CRC error.>
Checking Bridge HT CRC error bit.>
LS3A-7A linkup.
Disable ht regs.

Start Init Memory, wait a while..
NODE 0 MEMORY CONFIG BEGIN

Lock Scache
Lock Scache Done.

Probing DDR MC0 SLOT: 
Slot 0: s1 = 0x00114008__c3004000

Slot 1: s1 = 0x__

 T5 s1 = 00114008__c3005f00

 t0 = 0x__

Enable register space of MEMORY

init start
908:000f0f0300e1e1c1
 begin Reset MC 
init start
908:000f0f0300e1e1c1
 begin Reset MC 
init start
908:000f200300e1e1c1
 begin Reset MC 
init start
908:0016050a00e1e1c1
 begin Reset MC 
init start
908:001e0ce1e1c1
 begin Reset MC 
init start
908:001b0a0f00e1e1c1
 begin Reset MC 
init start
908:000f0f0200e1e1c1
 begin Reset MC 
init start
908:00200f1400e1e1c1
 begin Reset MC 
init start
908:0007070c00e1e1c1
 begin Reset MC 
init start
908:000f200300e1e1c1
 begin Reset MC 
init start
908:00200f0200e1e1c1
 begin Reset MC 
init start
908:0016160a00e1e1c1
 begin Reset MC 
init start
908:000c0c1100e1e1c1
 begin Reset MC 
init start
908:000f200200e1e1c1
 begin Reset MC 
init start
908:000c0ce1e1c1
 begin Reset MC 
init start
908:000f0f1300e1e1c1
 begin Reset MC 
init start
908:000c1e0100e1e1c1
 begin Reset MC 
init start
908:000c0ce1e1c1
 begin Reset MC 
init start
908:000a0a0f00e1e1c1
 begin Reset MC 
init start
908:0005050a00e1e1c1
init done
Start Hard Leveling...
Enable register space of MEMORY

start training of tPHY_WR

tPHY_WRLAT training successThe MC param after leveling is:
PHY:
:  0011
0008:  0037
0010:  0103
0018:  
0020:  0001
0028:  
0030:  0052010100040510
0038:  0144
0040:  0008002a
0048:  02041c3801010100
0050:

Bug#978444: marked as done (FTBFS: fails to contact repl server in tests)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 09:05:09 +
with message-id 
and subject line Bug#978444: fixed in racket-mode 20230425git0-2
has caused the Debian Bug report #978444,
regarding FTBFS: fails to contact repl server in tests
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
978444: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978444
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: racket-mode
Version: 20201227git0-1
Severity: serious
Justification: ftbfs

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Control: tag -1 help

This is a different test problem than Lucas reported in #978345.

I can duplicate the bug in sbuild, but if I use
- --build-failed-commands="%SBUILD_SHELL" and run dpkg-buildpackage in
the resulting shell, tests complete fine. Similarly spinning up a
schroot session and running dpkg-buildpackage there works fine. I'm a
bit at a loss as to how to proceed.

seemingly relevant bit of log follows
- -
racket-tests/debugger

Could not connect to REPL server at 127.0.0.1:36701

{racket-mode-back-end-stderr} exception raised by error display handler: 
tcp-write: error writing
  system error: Broken pipe; errno=32; original raise called (with 
non-exception value): #f



Test racket-tests/debugger backtrace:
  signal(ert-test-failed (((should (get-buffer racket-repl-buffer-name
  ert-fail(((should (get-buffer racket-repl-buffer-name)) :form (get-b
  (if (unwind-protect (setq value-520 (apply fn-518 args-519)) (setq f
  (let (form-description-522) (if (unwind-protect (setq value-520 (app
  (let ((value-520 'ert-form-evaluation-aborted-521)) (let (form-descr
  (let* ((fn-518 #'get-buffer) (args-519 (condition-case err (let ((si
  (progn (racket-tests/call-until-true #'(lambda nil (get-buffer racke
  (let* ((path (make-temp-file "test" nil ".rkt")) (name (file-name-no
  (closure (t) nil (let* ((path (make-temp-file "test" nil ".rkt")) (n
  funcall((closure (t) nil (let* ((path (make-temp-file "test" nil ".r
  (unwind-protect (funcall thunk) (racket-stop-back-end))
  (let ((racket-command-timeout racket-tests/timeout)) (unwind-protect
  racket-tests/call-with-back-end-settings((closure (t) nil (let* ((pa
  (closure (t) nil (message "racket-tests/debugger") (racket-tests/cal
  ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
  ert-run-test(#s(ert-test :name racket-tests/debugger :documentation 
  ert-run-or-rerun-test(#s(ert--stats :selector t :tests [... ... ... 
  ert-run-tests(t #f(compiled-function (event-type  event-args) #
  ert-run-tests-batch(nil)
  ert-run-tests-batch-and-exit()
  eval((ert-run-tests-batch-and-exit) t)
  command-line-1(("-l" "package" "--eval" "(add-to-list 'package-direc
  command-line()
  normal-top-level()
Test racket-tests/debugger condition:
(ert-test-failed
 ((should
   (get-buffer racket-repl-buffer-name))
  :form
  (get-buffer "*Racket REPL*")
  :value nil))
   FAILED   2/12  racket-tests/debugger (10.004132 sec)


- -- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAl/or4EACgkQA0U5G1Wq
FSFyWhAAq0OmhkY2xS7EyyevRVqDIVO+zd3joBSUGZM14Mosdh3uU8FoStLhbMzk
O0xGRRjdroVnYdsUyFdpWm49Q+cbqbzlx3rXBakoIFfHR+TLhPX4glZB3MtQ8RbT
V2okZVe+9PtbFh2NF7FpyEAqozV51vQcFpZm/M63RjsyCUdSo0fF79gKUYYMueYP
ZLQLyeo7ezlQqPDQTOPVXYgTx1+Q4mz5H8VHFk/Jia41w7p0hubCylt4dbzAfhXl
Uge3ZypW06vYPoGpZwTZ03des8e1LxyaKtHOvcdMxrMEhGRFhbhYdgpyWsFCGw/A
XLniN6lOH8YMFDudjQeXpB/5fWHgB+wCXV9pKDEBUOgXvhLAv2Q7I0elhUJQAbJd
oZy9cBzJQCl+Qd9gg73Zw14lBJe0SgOAe6rnzDnJzYza1N2UEncKKStz3VpUPsrq
6zFE7ybUU52uKMQYdnmdedSeyBffHFwAPV6GMY/oOQ7nx5DDqSvu4p5eSrdcShpN
gF9OWptMYIiRvhfZkrQtJ3NGYDYJKsvvzTo30QeZjKJd5Xl/mfmcyEU3Duxu2Faj
HgnBIM8Etx5Mts2JCeddTZGgtXHo9Sce37z3FFD6vgzyAHex+q90EE3M9tAeqt2A
YR0PTAoDK73LoyudfDXrJiD4VRZP1PJrmyA1HGjergfjKK2z/ZA=
=GEWs
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: racket-mode
Source-Version: 20230425git0-2
Done: David Bremner 

We believe that the bug you reported is fixed in the latest version of
racket-mode, which is due to be

Bug#1036148: marked as done (waybar: MPRIS module is not built)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 09:05:22 +
with message-id 
and subject line Bug#1036148: fixed in waybar 0.9.18-1
has caused the Debian Bug report #1036148,
regarding waybar: MPRIS module is not built
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036148: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036148
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: waybar
Version: 0.9.17-2
Severity: normal

Dear Maintainer,

   * What led up to the situation?
   Running waybar, it shows warning message "module mpris: Unknown module: 
mpris".
   * What was the outcome of this action?
   Waybar can't load mpris module.
   * What outcome did you expect instead?
   Waybar loads mpris module. libplayerctl-dev needs to be added to build 
dependencies.

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages waybar depends on:
ii  init-system-helpers 1.65.2
ii  libatkmm-1.6-1v52.28.3-1
ii  libc6   2.36-9
ii  libcairomm-1.0-1v5  1.14.4-2
ii  libdate-tz3 3.0.1+ds-5
ii  libdbusmenu-gtk3-4  18.10.20180917~bzr492+repack1-3
ii  libevdev2   1.13.0+dfsg-1
ii  libfmt9 9.1.0+ds1-2
ii  libgcc-s1   12.2.0-14
ii  libglib2.0-02.74.6-2
ii  libglibmm-2.4-1v5   2.66.5-2
ii  libgtk-3-0  3.24.37-2
ii  libgtk-layer-shell0 0.8.0-1
ii  libgtkmm-3.0-1v53.24.7-1
ii  libinput10  1.22.1-1
ii  libjack-jackd2-0 [libjack-0.125]1.9.21~dfsg-2
ii  libjsoncpp251.9.5-4
ii  libmpdclient2   2.20-1+b1
ii  libnl-3-200 3.7.0-0.2+b1
ii  libnl-genl-3-2003.7.0-0.2+b1
ii  libpulse0   16.1+dfsg1-2+b1
ii  libsigc++-2.0-0v5   2.12.0-1
ii  libsndio7.0 1.9.0-0.3+b2
ii  libspdlog1.10 [libspdlog1.10-fmt9]  1:1.10.0+ds-0.4
ii  libstdc++6  12.2.0-14
ii  libudev1252.6-1
ii  libupower-glib3 0.99.20-2
ii  libwayland-client0  1.21.0-1
ii  libwireplumber-0.4-00.4.13-1
ii  libxkbregistry0 1.5.0-1

waybar recommends no packages.

Versions of packages waybar suggests:
ii  fonts-font-awesome  5.0.10+really4.7.0~dfsg-4.1
ii  libayatana-appindicator3-1 [libappindicator3-1  0.5.92-1
]
ii  sway1.7-6

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: waybar
Source-Version: 0.9.18-1
Done: Birger Schacht 

We believe that the bug you reported is fixed in the latest version of
waybar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Birger Schacht  (supplier of updated waybar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 10:16:06 +0200
Source: waybar
Architecture: source
Version: 0.9.18-1
Distribution: unstable
Urgency: medium
Maintainer: Sway and related packages team 
Changed-By: Birger Schacht 
Closes: 1036148
Changes:
 waybar (0.9.18-1) unstable; urgency=medium
 .
   * New upstream version
   * d/control:
+ Add libplayerctl-dev to build-depends (Closes: #1036148)
+ Bump standards-version to 4.6.2 (no changes required)
Checksums-Sha1:
 f134d13d1a459d4dcad6463c47f39a47a7ffad31 2392 waybar_0.9.18-1.dsc
 1dc6e316a54da7ecba118449175401e7f5857970 241319 waybar_0.9.18.orig.tar.gz
 1f78e44eb2800a12dcae286fb608a18d489741d3

Bug#1033852: marked as done (racket-mode: autopkgtest regression: Process *Racket REPL* connection broken by remote peer)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 09:05:09 +
with message-id 
and subject line Bug#1033852: fixed in racket-mode 20230425git0-2
has caused the Debian Bug report #1033852,
regarding racket-mode: autopkgtest regression: Process *Racket REPL* connection 
broken by remote peer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033852: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033852
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: racket-mode
Version: 20210916git0-2
Severity: serious
Control: tags -1 bookworm-ignore
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails since December 
2022 in testing. Can you please investigate the situation and fix it? I 
copied some of the output at the bottom of this report.


The release team has announced [1] that failing autopkgtest on amd64 and 
arm64 are considered RC in testing. [Release Team member hat on] Because 
we're currently in the hard freeze for bookworm, I have marked this bug 
as bookworm-ignore. Targeted fixes are still welcome.


More information about this bug and the reason for filing it can be 
found on 
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation


Paul

[1] https://lists.debian.org/debian-devel-announce/2019/07/msg2.html

https://ci.debian.net/data/autopkgtest/testing/amd64/r/racket-mode/32133920/log.gz

racket-tests/repl

Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Test racket-tests/repl backtrace:
  signal(ert-test-failed (((should (racket-tests/see-back expected)) :
  ert-fail(((should (racket-tests/see-back expected)) :form (racket-te
  (if (unwind-protect (setq value-37 (apply fn-35 args-36)) (setq form
  (let (form-description-39) (if (unwind-protect (setq value-37 (apply
  (let ((value-37 'ert-form-evaluation-aborted-38)) (let (form-descrip
  (let* ((fn-35 #'racket-tests/see-back) (args-36 (condition-case err
  (closure ((expected . "(cond [(values 1) #t] [else #f])\n#t\n> ") (t
  mapc((closure ((expected . "(cond [(values 1) #t] [else #f])\n#t\n>
  (let ((typing "[cond [[values 1] #t] [else #f]]") (expected "(cond [
  (closure (t) nil (let* ((fn-0 #'racket-tests/see-back-rx) (args-1 (c
  racket--call-with-repl-buffer((closure (t) nil (let* ((fn-0 #'racket
  (closure (t) nil (racket-repl) (racket-tests/call-until-true #'(lamb
  funcall((closure (t) nil (racket-repl) (racket-tests/call-until-true
  (unwind-protect (funcall thunk) (racket-stop-back-end))
  (let ((racket-command-timeout racket-tests/timeout)) (unwind-protect
  racket-tests/call-with-back-end-settings((closure (t) nil (racket-re
  (let ((lexical-binding t)) (message "racket-tests/repl") (racket-tes
  (closure (t) nil (let ((lexical-binding t)) (message "racket-tests/r
  ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
  ert-run-test(#s(ert-test :name racket-tests/repl :documentation "Sta
  ert-run-or-rerun-test(#s(ert--stats :selector t :tests ... :test-map
  ert-run-tests(t #f(compiled-function (event-type  event-args) #
  ert-run-tests-batch(nil)
  ert-run-tests-batch-and-exit()
  command-line-1(("-l" "package" "--eval" "(add-to-list 'package-direc
  command-line()
  normal-top-level()
Test racket-tests/repl condition:
(ert-test-failed
 ((should
   (racket-tests/see-back expected))
  :form
  (racket-tests/see-back "(cond [(values 1) #t] [else #f])\n#t\n> ")
  :value nil :explanation
  (actual . "; \n; Welcome to Racket v8.7 [cs].\n; \n> 
current-output-port\n#\n> (if 1\n 
2\n  3)\n2\n> (cond [(values 1) #t] [else #f])\n#t\n> (cond [(values 
1) #t] [else #f])\n#t\n> (cond [(values 1) #t] [else #f])\n")))

   FAILED  10/12  racket-tests/repl (15.518214 sec)
racket-tests/run
run: current-repl-msg-chan was #f; current-session-id=#f

Test racket-tests/run backtrace:
  signal(ert-test-failed (((should (racket-tests/see-back (concat "\n"
  ert-fail(((should (racket-tests/see-back (concat "\n" name "> "))) :
  (if (unwind-protect (setq value-72 (apply fn-70 args-71)) (setq form
  (let (form-description-74) (if (unwind-protect (setq value-72 (apply
  (let ((value-72 'ert-form-evaluation-aborted-73)) (let (form-descrip
  (let* ((fn-70 #'racket-tests/see-back) (args-71 (condition-case err
  (closure ((code . "#lang racket/base\n(define foobar 42)\nfoobar\n")
  racket--call-with-repl-buffer((closure ((code .

Bug#1037820: marked as done (pingus: ftbfs with GCC-13)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 07:49:32 +
with message-id 
and subject line Bug#1037820: fixed in pingus 0.7.6-6
has caused the Debian Bug report #1037820,
regarding pingus: ftbfs with GCC-13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:pingus
Version: 0.7.6-5.1
Severity: normal
Tags: sid trixie
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-13

[This bug is targeted to the upcoming trixie release]

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-13/g++-13, but succeeds to build with gcc-12/g++-12. The
severity of this report will be raised before the trixie release.

The full build log can be found at:
http://qa-logs.debian.net/2023/05/22/logs/pingus_0.7.6-5.1_unstable_gccexp.log
The last lines of the build log are at the end of this report.

To build with GCC 13, either set CC=gcc-13 CXX=g++-13 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-13/porting_to.html

[...]
g++ -o build/src/main.o -c -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -std=c++0x 
-isystem/usr/include/libpng16 -isystem/usr/include/SDL -Wdate-time 
-D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" -DHAVE_OPENGL=1 -D_GNU_SOURCE=1 
-D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= -Ibuild/src -Isrc -Ibuild -I. 
-Ibuild/src -Isrc -Ibuild/external/tinygettext -Iexternal/tinygettext 
src/main.cpp
g++ -o build/external/tinygettext/tinygettext/dictionary.o -c -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -std=c++0x -isystem/usr/include/libpng16 
-isystem/usr/include/SDL -Wdate-time -D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" 
-DHAVE_OPENGL=1 -D_GNU_SOURCE=1 -D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= 
-Ibuild/src -Isrc -Ibuild -I. -Ibuild/src -Isrc -Ibuild/external/tinygettext 
-Iexternal/tinygettext external/tinygettext/tinygettext/dictionary.cpp
g++ -o build/external/tinygettext/tinygettext/dictionary_manager.o -c -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -std=c++0x -isystem/usr/include/libpng16 
-isystem/usr/include/SDL -Wdate-time -D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" 
-DHAVE_OPENGL=1 -D_GNU_SOURCE=1 -D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= 
-Ibuild/src -Isrc -Ibuild -I. -Ibuild/src -Isrc -Ibuild/external/tinygettext 
-Iexternal/tinygettext external/tinygettext/tinygettext/dictionary_manager.cpp
g++ -o build/external/tinygettext/tinygettext/iconv.o -c -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -std=c++0x -isystem/usr/include/libpng16 
-isystem/usr/include/SDL -Wdate-time -D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" 
-DHAVE_OPENGL=1 -D_GNU_SOURCE=1 -D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= 
-Ibuild/src -Isrc -Ibuild -I. -Ibuild/src -Isrc -Ibuild/external/tinygettext 
-Iexternal/tinygettext external/tinygettext/tinygettext/iconv.cpp
g++ -o build/external/tinygettext/tinygettext/language.o -c -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -std=c++0x -isystem/usr/include/libpng16 
-isystem/usr/include/SDL -Wdate-time -D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" 
-DHAVE_OPENGL=1 -D_GNU_SOURCE=1 -D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= 
-Ibuild/src -Isrc -Ibuild -I. -Ibuild/src -Isrc -Ibuild/external/tinygettext 
-Iexternal/tinygettext external/tinygettext/tinygettext/language.cpp
g++ -o build/external/tinygettext/tinygettext/log.o -c -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -std=c++0x -isystem/usr/include/libpng16 
-isystem/usr/include/SDL -Wdate-time -D_FORTIFY_SOURCE=2 -DVERSION="\"0.7.6\"" 
-DHAVE_OPENGL=1 -D_GNU_SOURCE=1 -D_REENTRANT -DHAVE_ICONV_CONST -DICONV_CONST= 
-Ibuild/src -Isrc -Ibuild -I. -Ibuild/src -Isrc -Ibuild/external/tinygettext 
-Iexternal/tinygettext

Bug#1036716: marked as done (pingus: MR to update d/watch and build with libboost>=1.69)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 07:49:31 +
with message-id 
and subject line Bug#1036716: fixed in pingus 0.7.6-6
has caused the Debian Bug report #1036716,
regarding pingus: MR to update d/watch and build with libboost>=1.69
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036716
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pingus
Version: 0.7.6-5.1
Severity: wishlist

Dear Maintainer,

It is here:
https://salsa.debian.org/games-team/pingus/-/merge_requests/5

Regards,
Patrice


-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-0-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: pingus
Source-Version: 0.7.6-6
Done: Alexandre Detiste 

We believe that the bug you reported is fixed in the latest version of
pingus, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexandre Detiste  (supplier of updated pingus 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 23 Jun 2023 21:05:26 +0200
Source: pingus
Architecture: source
Version: 0.7.6-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Alexandre Detiste 
Closes: 1036716 1037820
Changes:
 pingus (0.7.6-6) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Alexandre Detiste ]
   * fix FTBFS with GCC-13 (Closes: #1037820)
   * set Rules-Requires-Root: no
 .
   [ Patrice Duroux ]
   * build with libboost>=1.69 (Closes: #1036716)
 .
   [ lintian-brush ]
   * Trim trailing whitespace.
   * Strip unusual field spacing from debian/control.
   * Bump debhelper from old 10 to 13.
   * Set debhelper-compat version in Build-Depends.
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse.
   * Fix day-of-week for changelog entries 0.7.1-1, 0.7.0-2, 0.2.1-1.
Checksums-Sha1:
 b20634839845a13ff7239bd5647e928afbeaf460 2069 pingus_0.7.6-6.dsc
 16cf0702c161e1b92f9fa4752272807084af5181 32980 pingus_0.7.6-6.debian.tar.xz
 717a31cd123cdb6e6174477d7b73596ea03c539e 11250 pingus_0.7.6-6_amd64.buildinfo
Checksums-Sha256:
 ebff88f09f59502305f1cd8f6309c3e82e5962697a077cc38a6fee69a6786f90 2069 
pingus_0.7.6-6.dsc
 a22ff43359c220fdf581143b885597ba35bf94bce25b63ad12b2dc856ff3001a 32980 
pingus_0.7.6-6.debian.tar.xz
 214ee9237cdb5b652a9c59c44ded7836531734f3f88a139f32e5381e6ed3b250 11250 
pingus_0.7.6-6_amd64.buildinfo
Files:
 aba517a3b611bfb43cb2844249398455 2069 games optional pingus_0.7.6-6.dsc
 855f0aee73927451b37e8a272c21fcb9 32980 games optional 
pingus_0.7.6-6.debian.tar.xz
 1d0bbc4f33b37a51dcbfa62f34c6c6aa 11250 games optional 
pingus_0.7.6-6_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmSWmmMACgkQkWT6HRe9
XTac6w/+Odz+TSmM9D0+pJd+v6t3TOnM+jjAh1cudlKPIOfJLKtcBBiEwUW8Izin
bt99HlHe0P1JT+jMRTHQDSQNZSbUP6EBKKFS/UFuH8PFg5drBKd+/cgaTMELpOGA
WRTK7NOsZE1Bg1XUs6D+3puF3Pa7ONTOl6B9yYDiW6S/na3vMpXJiE6Dn2VmQgr6
fYJGBJUzVdYYJ2SI66VfDXgY8npeXeYCGBJ2HIxAwPYeuz97U1YNJb7I0VcfZoah
pQvkiE0wnXH+t6AipcMF7ZvSTebs7zAF+P963ph4cEXZUqZTc5okg+xMLSkca1FH
zqcP4OXcQYCZ8cpQVCMOdWGWjKlLouEalXWO1PKz5MGi39GsHlbppoe9VSkzaPZE
nMB/bwpCWXuE9IHF4/a7duxXRRHDvB5z0C49TcEHirdKIADnXqg6bNcYCO9r/nd9
hJOzDsPPxwHwU3ulE04nAt9vGBEsV+zW+UsyuxeLr5DV+rnUo+1PG2QcEKfxt5BC
OdQQyHV2YQfh+FKaBlygXnBleaL0AXvy5vjHOm81tPtLhUrsyTFF5d5zOsdho8rF
FBG1KZU0NB6a5Elk4SGCjX5/csPq1UtXVP9L1Ru90lDLhBrS+Dz+cXLptWpN8UKU
8knf3uSvBFhNC1/Jd2K26KzEpsXRiIQJe5ENzHOgjVJRClq5TbE=
=YBYj
-END PGP SIGNATURE End Message ---

Bug#1023942: marked as done (kglobalaccel FTCBFS: building tests fails)

2023-06-24 Thread Debian Bug Tracking System 
Your message dated Sat, 24 Jun 2023 06:19:50 +
with message-id 
and subject line Bug#1023942: fixed in kglobalaccel 5.107.0-2
has caused the Debian Bug report #1023942,
regarding kglobalaccel FTCBFS: building tests fails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1023942: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: kglobalaccel
Version: 5.98.0-1
Tags: patch
User: debian-cr...@lists.debian.org
Usertags: ftcbfs

kglobalaccel fails to cross build from source, because building tests
fails. However, cross builds are performed with the nocheck option, so
they should not be building tests. I'm attaching a patch to disable
building tests for nocheck builds for your convenience. With this patch,
it cross builds successfully.

Helmut
diff --minimal -Nru kglobalaccel-5.98.0/debian/changelog 
kglobalaccel-5.98.0/debian/changelog
--- kglobalaccel-5.98.0/debian/changelog2022-09-18 23:11:44.0 
+0200
+++ kglobalaccel-5.98.0/debian/changelog2022-11-12 19:49:39.0 
+0100
@@ -1,3 +1,10 @@
+kglobalaccel (5.98.0-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTCBFS: Disable tests during nocheck. (Closes: #-1)
+
+ -- Helmut Grohne   Sat, 12 Nov 2022 19:49:39 +0100
+
 kglobalaccel (5.98.0-1) unstable; urgency=medium
 
   [ Aurélien COUDERC ]
diff --minimal -Nru kglobalaccel-5.98.0/debian/rules 
kglobalaccel-5.98.0/debian/rules
--- kglobalaccel-5.98.0/debian/rules2022-07-28 00:29:58.0 +0200
+++ kglobalaccel-5.98.0/debian/rules2022-11-12 19:49:39.0 +0100
@@ -7,7 +7,7 @@
dh $@ --with pkgkde_symbolshelper
 
 override_dh_auto_configure:
-   dh_auto_configure -- -DBUILD_QCH=ON
+   dh_auto_configure -- -DBUILD_QCH=ON $(if $(filter 
nocheck,$(DEB_BUILD_OPTIONS)),-DBUILD_TESTING=OFF)
 
 override_dh_shlibdeps:
dh_shlibdeps -- -xlibkf5globalaccel-bin
--- End Message ---
--- Begin Message ---
Source: kglobalaccel
Source-Version: 5.107.0-2
Done: Pino Toscano 

We believe that the bug you reported is fixed in the latest version of
kglobalaccel, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1023...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pino Toscano  (supplier of updated kglobalaccel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 07:55:15 +0200
Source: kglobalaccel
Architecture: source
Version: 5.107.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Pino Toscano 
Closes: 1023942
Changes:
 kglobalaccel (5.107.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Modernize the building more:
 - add the dh-sequence-pkgkde-symbolshelper build dependency to use the
   pkgkde_symbolshelper automatically, removing pkg-kde-tools
 - drop the manually specified pkgkde_symbolshelper addon for dh
   * Require the qtdeclarative5-dev build dependency every time (and not only
 in  builds), so cmake runs fine in all the cases.
 (Closes: #1023942)
   * Remove an obsolete maintscript entry.
Checksums-Sha1:
 419ac0b0e3bac015e31f9e7b2cccd575225540e4 3285 kglobalaccel_5.107.0-2.dsc
 db0eae090ceca2b893af371f1beaf9369995d6c1 15084 
kglobalaccel_5.107.0-2.debian.tar.xz
 aa139102d99e86058f01ba74a508e648e7fd 13264 
kglobalaccel_5.107.0-2_source.buildinfo
Checksums-Sha256:
 e3d2200cc0560c917b93d0b20727e9172cacd10439d6032147b479890fe5d308 3285 
kglobalaccel_5.107.0-2.dsc
 954163f67bd62aa29d69279994ad612334a56031274f8ceb743ac105e6f49f4c 15084 
kglobalaccel_5.107.0-2.debian.tar.xz
 1da48d5dfc4320a5da2f4f53f5f2f4b32901261748df5c04a7da9df8c9eb67cb 13264 
kglobalaccel_5.107.0-2_source.buildinfo
Files:
 ab6074cb8f1cd68371117ed77d401500 3285 libs optional kglobalaccel_5.107.0-2.dsc
 0f1de3b9f9cedfc5ee7b27483298 15084 libs optional 
kglobalaccel_5.107.0-2.debian.tar.xz
 a4275a632a4f1ed9357eed074044cdfe 13264 libs optional 
kglobalaccel_5.107.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAmSWhW0ACgkQLRkciEOx