Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

2021-04-26 Thread Salvatore Bonaccorso 
Hi

On Tue, Apr 27, 2021 at 08:16:52AM +0200, wf...@debian.org wrote:
> Salvatore Bonaccorso  writes:
> 
> > MITRE has assigned CVE-2021-31826 for this issue.
> 
> Thanks.  I guess you don't want a new security upload for this, but I'll
> certainly include it in the changelog of the unstable upload.  (And in
> the changelog of the next security upload, whenever that happens.)

Yes exactly, there is no need to reject the package and reupload with
the CVE identifier added, it is all enough how it is so far, we will
just add it the the DSA itself.

So all fine.

Regards,
Salvatore

Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

2021-04-26 Thread wferi 
Salvatore Bonaccorso  writes:

> MITRE has assigned CVE-2021-31826 for this issue.

Thanks.  I guess you don't want a new security upload for this, but I'll
certainly include it in the changelog of the unstable upload.  (And in
the changelog of the next security upload, whenever that happens.)
-- 
Feri

Bug#985765: openjdk-17: non-free PKCS#11 headers

2021-04-26 Thread Matthias Klose 
Control: severity -1 important

setting the priority back, as the bug submitter has chosen.  Note this also
applies to openjdk-11.

Bug#741663: linux-image-3.13-1-powerpc-smp: therm_windtunnel does not load correctly

2021-04-26 Thread John Paul Adrian Glaubitz 
On 4/27/21 2:07 AM, Rick Thomas wrote:
> I've got the latest (Apr 17) running on my G5 right now.  No problems.

Rick, you should just confirm that this particular problem is fixed but I assume
that this is the case?

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Bug#987654: python3-django-hyperkitty: Loads Google Fonts (fonts.gstatic.com), causing privacy breach

2021-04-26 Thread Kunal Mehta 
Package: python3-django-hyperkitty
Version: 1.3.4-2
Severity: important

Hyperkitty's CSS attempts to loads fonts from Google Fonts, causing a privacy 
breach:

@font-face {
  font-family: 'Droid Sans';
  font-style: normal;
  font-weight: 400;
  src: local('Droid Sans'), local('DroidSans'),
   
url(https://fonts.gstatic.com/s/droidsans/v6/s-BiyweUPV0v-yRb-cjciC3USBnSvpkopQaUR-2r7iU.ttf)
 format('truetype'),
   
url(/mailman3/static/hyperkitty/libs/fonts/droid/DroidSans.ttf?9a88e405c18d) 
format('truetype');
}

These fonts are already bundled in the package, so trying to load them from 
Google
causes a privacy breach for no good reason.

This has already been fixed upstream: 
,
I hope we can include this fix for bullseye.

Let me know if I can help with fixing (NMU, etc.), I've already prepared a 
fixed package
for our Mailman3 install at Wikimedia.

-- Kunal

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.98-1.fc25.qubes.x86_64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-django-hyperkitty depends on:
pn  fonts-glewlwyd   
pn  libjs-bootstrap  
ii  python3  3.7.3-1
ii  python3-dateutil 2.7.3-3
pn  python3-django   
pn  python3-django-compressor
pn  python3-django-extensions
pn  python3-django-gravatar2 
pn  python3-django-haystack  
pn  python3-django-mailman3  
pn  python3-django-q 
pn  python3-djangorestframework  
ii  python3-lockfile 1:0.12.2-2
pn  python3-mailmanclient
pn  python3-networkx 
pn  python3-robot-detection  
ii  python3-tz   2019.1-1

Versions of packages python3-django-hyperkitty recommends:
pn  mailman3-web  

python3-django-hyperkitty suggests no packages.

Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

2021-04-26 Thread Salvatore Bonaccorso 
Control: retitle -1 shibboleth-sp: CVE-2021-31826: Session recovery feature 
contains a null pointer deference

Hi,

On Mon, Apr 26, 2021 at 03:16:14PM +0200, Ferenc W??gner wrote:
> Source: shibboleth-sp
> Version: 3.0.2+dfsg1-1
> Severity: important
> Tags: upstream patch security
> Forwarded: https://issues.shibboleth.net/jira/browse/SSPCPP-927
> 
> Shibboleth Service Provider Security Advisory [26 April 2021]
> 
> An updated version of the Service Provider software is now
> available which corrects a denial of service vulnerability.
> 
> Session recovery feature contains a null pointer deference
> ==
> The cookie-based session recovery feature added in V3.0 contains a
> flaw that is exploitable on systems *not* using the feature if a
> specially crafted cookie is supplied.
> 
> This manifests as a crash in the shibd daemon/service process.
> 
> Because it is very simple to trigger this condition remotely, it
> results in a potential denial of service condition exploitable by
> a remote, unauthenticated attacker.
> 
> Versions without this feature (prior to V3.0) are not vulnerable
> to this particular issue.
> 
> Recommendations
> ===
> Update to V3.2.2 or later of the Service Provider software, which
> is now available.
> 
> In cases where this is not immediately possible, configuring a
> DataSealer component in shibboleth2.xml (even if used for nothing)
> will work around the vulnerability.
> 
> For example:
> 
> 
> 
> This workaround is only possible after having updated the
> core configuration to the V3 XML namespace.
> 
> Other Notes
> ===
> The cpp-sp git commit containing the fix for this issue is
> 5a47c3b9378f4c49392dd4d15189b70956f9f2ec

MITRE has assigned CVE-2021-31826 for this issue.

Regards,
Salvatore

Bug#939585: installation-reports: confirmed with current installer

2021-04-26 Thread Norbert Preining 
On Fri, 23 Apr 2021, Cyril Brulebois wrote:
> Please share the installer's syslog (/var/log/installer), preferably
> compressed due to mail size limits.

Not available anymore, I trashed the whole system.

My guess is - why it worked on second run - is that one has to activate
LVM otherwise it doesn't work. If you just add an encrypted partition
it seems that the necessary packages are missing.

Best

Norbert

--
PREINING Norbert  https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

Bug#987648: quassel-core: Add hardening options to service file

2021-04-26 Thread James Valleroy 
Package: quassel-core
Severity: wishlist
X-Debbugs-Cc: jvalle...@mailbox.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Maintainer,

Please consider adding systemd service hardening options to the service file.

These are the options we have been using in FreedomBox [1]:


[Service]
LockPersonality=yes
LogsDirectory=quassel
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6
RestrictRealtime=yes
StateDirectory=quassel
SystemCallArchitectures=native


We have been using these options for about 1 year and did not see any issues.

[1] 
https://salsa.debian.org/freedombox-team/freedombox/-/blob/master/plinth/modules/quassel/data/lib/systemd/system/quasselcore.service.d/freedombox.conf


- -- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages quassel-core depends on:
ii  adduser  3.118
ii  init-system-helpers  1.60
ii  libc62.31-11
ii  libgcc-s110.2.1-6
pn  libqca-qt5-2 
ii  libqt5core5a 5.15.2+dfsg-5
ii  libqt5network5   5.15.2+dfsg-5
pn  libqt5script5
ii  libqt5sql5   5.15.2+dfsg-5
ii  libqt5sql5-sqlite5.15.2+dfsg-5
ii  libstdc++6   10.2.1-6
ii  lsb-base 11.1.0
ii  openssl  1.1.1k-1
ii  zlib1g   1:1.2.11.dfsg-2

Versions of packages quassel-core recommends:
ii  ca-certificates  20210119

Versions of packages quassel-core suggests:
pn  libqt5sql5-psql  

-BEGIN PGP SIGNATURE-

iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAmCHQrcWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICIHzD/43JL7rTWNhCajuIbv14H7IbY52
A/zF+r2yaDYEm5z5qfwatlztosubdaOIqh8NfYWD/HlSARbcTWclAJoQBpBFOdln
razwVRTT2YZGHW0rMCRLCRnE2z4yg/AeF4EBsBs6gGWdTwu2LiEztQYqmyWIOp34
GSnROT46yLy9TNi2VguuDuEfMxeov4iZYISYcNzM8xmXmFPxvPeja/ry/2o2DE05
TKY3miN+SVvgAzU+BAYMuGTLlekwxeEig1a90chNe2f8H8/Ft+tpbXTe056KVI4J
CcDppXX3u0ubEzmkP54sENc4lGllBMRxMrD+29qJHCH/QvAhoW5oNsDJy8vjzKPt
jYSrdXZ0yEwtsTaVouRBr4KgKot+650M4u0WHHq6zvmUgQvXCvcCBobl/NpUMdkE
riH7qm/yrCG4OxeiRcnsGjttGZccdgY0bjOknUcgL1EfNRakfxjAhdKNDB86/mKd
/NBGHRL4Jqrx8vvqwzct+W41nM/LmbMNDrYowP7gnR0RMZc7P82K7EWMTk6vQS3+
2Nd0g4yp41mZuEBGl53k1tRSedy8niUBD9nJUtAcxq6YNyzG91bTd2gyQed3QU18
xTP8mrGwABPm/PLoWrJuiHCWGQLKfh3oR8ilJKgz9RlnMRK3FeQJm/YpLMLOA1/e
o6IQJ8al2Yiq8q/jZw==
=hkQA
-END PGP SIGNATURE-

Bug#987653: radicale: Fails when using WSGI due to python3.8 changes

2021-04-26 Thread Guillem Jover 
Source: radicale
Source-Version: 3.0.6-2
Severity: important

[ Not setting as serious, even though it might be, because I don't
  think this is a setup directly supported by Debian? Even though
  upstream seems to. ]

Hi!

Just upgraded my server to bullseye, and one of the errors was with
radicale, which I've got setup using libapache2-mod-wsgi-py3. This
fails now due to some python changes in 3.8. The error was stuff like:

  ,---
  […] [ERROR] An exception occurred during PUT request on '….vcf': preexec_fn 
not supported within subinterpreters
  `---

The problem stems from:

  

which caused this:

  

but that is deemed expected, and it needs to be fixed in the callers.
Such as was done in FreeIPA:

  


To ameliorate the situation the following got implemented in 3.9,
which we have in bullseye:

  


In radicale the problem can be found in:

  /usr/lib/python3/dist-packages/radicale/storage/multifilesystem/lock.py

As a workaround, once I commented the conditionals around the preeexec_fn
assignment the daemon stopped failing. I guess a proper fix might be to
use the new user, group and extra_groups parameters to Popen. Or to
avoid setting preexec_fn if there's no need to switch user and groups.

Thanks,
Guillem

Bug#987652: surf does not start

2021-04-26 Thread Aymeric Agon-Rambosson 
Package: surf
Version: 2.0+git20201107-2
Severity: grave
Tags: upstream
Justification: renders package unusable

Dear Maintainer,

surf does not start anymore since version 2.0+git20201107.

Expected behaviour : surf should start.

Steps to reproduce :

$ /usr/bin/surf

output :

(WebKitWebProcess:94294): GLib-CRITICAL **: 02:49:52.728: the GVariant format 
string '(ii)' has a type of '(ii)' but the given value has a type of 'i'

(WebKitWebProcess:94294): GLib-CRITICAL **: 02:49:52.728: g_variant_get: 
assertion 'valid_format_string (format_string, TRUE, value)' failed

(WebKitWebProcess:94294): GLib-CRITICAL **: 02:49:52.729: the GVariant format 
string '(ii)' has a type of '(ii)' but the given value has a type of 'i'

(WebKitWebProcess:94294): GLib-CRITICAL **: 02:49:52.729: g_variant_get: 
assertion 'valid_format_string (format_string, TRUE, value)' failed
web process terminated: crashed

And surf crashes.

The problem can be traced back to this specific upstream commit : 
e92fd1aa5f38c399f8fc5d263026fbd9d34ddfbb

Which can be found at 
https://git.suckless.org/surf/commit/e92fd1aa5f38c399f8fc5d263026fbd9d34ddfbb.html

One possible fix/workaround is the following :

diff --git a/surf.c b/surf.c
index ac832ff..e84a538 100644
--- a/surf.c
+++ b/surf.c
@@ -1269,7 +1269,7 @@ initwebextensions(WebKitWebContext *wc, Client *c)
if (spair[1] < 0)
return;
 
-   gv = g_variant_new("i", spair[1]);
+   gv = g_variant_new("(ii)", spair[1]);
 
webkit_web_context_set_web_extensions_initialization_user_data(wc, gv);
webkit_web_context_set_web_extensions_directory(wc, WEBEXTDIR);
diff --git a/webext-surf.c b/webext-surf.c
index d087219..da16ddf 100644
--- a/webext-surf.c
+++ b/webext-surf.c
@@ -95,7 +95,7 @@ 
webkit_web_extension_initialize_with_user_data(WebKitWebExtension *e,
 
webext = e;
 
-   g_variant_get(gv, "i", &sock);
+   g_variant_get(gv, "(ii)", &sock);
 
gchansock = g_io_channel_unix_new(sock);
g_io_channel_set_encoding(gchansock, NULL, NULL);

But this workaround seems wrong when we look at the semantic of g_variant_new() 
in
gvariant.c :
- sock and spair[1] are ints, and should work with "i".
- Similarly, "(ii)" should mean two extra arguments after the format, but only 
&sock works.

And I don't know whether this fix breaks surf in another way.

One other way would be to revert to 2.0+git20181009-4, or some other version 
inbetween.

Thank you in advance for your time,

Aymeric Agon-Rambosson


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/16 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages surf depends on:
ii  libc62.31-11
ii  libgcr-base-3-1  3.38.1-2
ii  libgcr-ui-3-13.38.1-2
ii  libglib2.0-0 2.66.8-1
ii  libgtk-3-0   3.24.24-3
ii  libjavascriptcoregtk-4.0-18  2.30.6-1
ii  libwebkit2gtk-4.0-37 2.30.6-1
ii  libx11-6 2:1.7.0-2

Versions of packages surf recommends:
ii  curl  7.74.0-1.2
ii  stterm [x-terminal-emulator]  0.8.4-1
ii  suckless-tools46-1
ii  x11-utils 7.7+5

Versions of packages surf suggests:
ii  apparmor  2.13.6-10

-- Configuration Files:
/etc/apparmor.d/usr.bin.surf changed:
/usr/bin/surf flags=(complain) {
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  owner @{HOME}/.surf/ w,
  owner @{HOME}/.surf/** rwkl,
  owner @{HOME}/.cache/ rw,
  @{PROC}/@{pid}/cmdline r,
  @{PROC}/@{pid}/fd/ r,
  @{PROC}/@{pid}/smaps r,
  /dev/ r,
  /sys/devices/pci[0-9]*/** r,
  /sys/devices/platform/soc/soc:gpu/* r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/doc/** r,
  # WebKit
  /usr/lib/@{multiarch}/webkit2gtk-4.0/WebKit*Process ix,
  /{dev,run}/shm/WK2SharedMemory.* rw,
  /var/tmp/WebKit-Media-* rw,
  /usr/share/publicsuffix/public_suffix_list.{dat,dafsa} r,
  owner @{HOME}/.local/share/webkitgtk/ w,
  owner @{HOME}/.local/share/webkitgtk/** rw,
  owner @{HOME}/.cache/webkitgtk/ w,
  owner @{HOME}/.cache/webkitgtk/** rwk,
  # fontconfig
  /usr/share/fontconfig/conf.avail/ r,
  # dconf
  owner @{HOME}/.cache/dconf/user rw,
  owner /run/user/*/dconf/user rw,
  /usr/bin/surf ix,
  /{usr/,}bin/dash ix,
  /{usr/,}bin/sed ix,
  /usr/bin/dmenu ix,
  /usr/bin/printf ix,
  /usr/bin/xargs ix,
  /usr/bin/xprop ix,
  # for downloading files
  /dev/ptmx rw,
  /dev/pts/* rw,
  /usr/bin/st ix,
  # unconfined because it is called in (and downloading to) the cwd
  /usr/bin/curl U

Bug#987651: install the examples in libgsl-dev

2021-04-26 Thread Dirk Eddelbuettel 


Hi John,

On 26 April 2021 at 23:00, John Scott wrote:
| Source: gsl
| Version: 2.6+dfsg-2
| Severity: wishlist
| 
| Examples are included in doc/examples along with text files that appear
| to contain the programs' output. You'll probably want to just install
| the *.c and *.h files though.

Well upstream appears to differ in that view and I tend to follow upstream
where possibly (as "they generally know best"). Worked well for the 22+ years
I maintained this...

edd@rob:~/deb/gsl(master)$ tar tvzf ../gsl_2.6.orig.tar.gz | grep examples/ | 
grep \.txt | wc -l
79
edd@rob:~/deb/gsl(master)$ tar tvzf ../gsl_2.6.orig.tar.gz | grep examples/ | 
grep \.txt | tail
-rw-r--r-- 57584/5000   474568 2018-11-14 15:27 
gsl-2.6/doc/examples/siman_tsp.txt
-rw-r--r-- 57584/5000  150 2018-11-14 15:27 
gsl-2.6/doc/examples/sortsmall.txt
-rw-r--r-- 57584/5000   64 2018-11-14 15:27 gsl-2.6/doc/examples/specfun.txt
-rw-r--r-- 57584/5000  114 2018-11-14 15:27 
gsl-2.6/doc/examples/specfun_e.txt
-rw-r--r-- 57584/5000  690 2018-11-14 15:27 
gsl-2.6/doc/examples/spmatrix.txt
-rw-r--r-- 57584/5000  166 2018-11-14 15:27 
gsl-2.6/doc/examples/statsort.txt
-rw-r--r-- 57584/5000  154 2018-11-14 15:27 gsl-2.6/doc/examples/stat.txt
-rw-r--r-- 57584/5000  279 2018-11-14 15:27 gsl-2.6/doc/examples/sum.txt
-rw-r--r-- 57584/5000   51 2018-11-14 15:27 gsl-2.6/doc/examples/vectorr.txt
-rw-r--r-- 57584/5000  319 2018-11-14 15:27 
gsl-2.6/doc/examples/vectorview.txt
edd@rob:~/deb/gsl(master)$ 

Seems like we should include them.  Also, they are _small_.  Are you really
that bothered by them?

Dirk

| I'd send a patch, but I frankly couldn't figure out how to do it with
| dh_installexamples. If you could commit this to Git, I could add a
| (superficial) DEP-8 test checking that they can be built. Perhaps if
| the text files do contain the examples' intended output, that could
| still make for a good comparison test.
| 
| -- System Information:
| Debian Release: bullseye/sid
|   APT prefers testing
|   APT policy: (500, 'testing'), (2, 'unstable'), (1, 'testing-debug'), (1, 
'experimental')
| Architecture: amd64 (x86_64)
| Foreign Architectures: i386
| 
| Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads)
| Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND
| Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
| LANGUAGE not set
| Shell: /bin/sh linked to /usr/bin/dash
| Init: systemd (via /run/systemd/system)
| LSM: AppArmor: enabled
| 
| x[DELETED ATTACHMENT signature.asc, application/pgp-signature]

-- 
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#741663: linux-image-3.13-1-powerpc-smp: therm_windtunnel does not load correctly

2021-04-26 Thread Rick Thomas 
I've got the latest (Apr 17) running on my G5 right now.  No problems.

Rick

rbthomas@kmac:~$ cat /proc/version 
Linux version 5.10.0-6-powerpc64 (debian-ker...@lists.debian.org) (gcc-10 
(Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 
SMP Debian 5.10.28-1 (2021-04-09)

Bug#807996: 807996 still exists; workaround

2021-04-26 Thread David Farrier 
Sorry, I just discovered this bug report. I have been having this problem 
for years, and don't remember when it started. I have been using a 
workaround, but would like to find a better solution. I see the 
workaround I have been using is one of those Kingsley G. Morse tried 
but could not get to work.


The workaround is, after registering each CD-ROM using apt-cdrom,
modify the /etc/sources.list file. Edit it to add the "trusted" flag to
the entry for each CD-ROM. (In my case, I am using DVDs.) For example:
  deb [trusted=yes] cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official
amd64 DVD Binary-2 20210327-10:39]/ buster contrib main
Then run "apt update". Which now works, although it generates an
annoying number of "ign:" messages.

Presumably it is okay to "trust" your CD-ROM set because you have
physical control of it, and thus are reasonably sure it has not been
tampered with. However, recently I happened to read the apt-secure man
page, which warns that some future release of apt will no longer honor
flags like "trust". That warning started me hunting for a better
solution. Haven't found it yet, but did find this bug report.

I can replicate the bug in a variety of situations, but below I give an
example of a particularly simple test case:

I am running Debian stable amd-64 with a fairly standard desktop
selection of packages. First I use my favorite Internet mirror to
update to the latest stable release 10.9. No problems. Then,
I download the first few DVD images of the same release. So far, 
these are reasonable actions for someone who doesn't always have good 
Internet. Next, register the DVDs using apt-cdrom, but for testing 
purposes, I only register one of them. I choose the second DVD of the set, 
because I happen to know the names of some packages it contains but I have 
not yet installed. Next, I disable the Internet repository, by editing 
/etc/sources.list to comment out its entry. Then run "apt update", which 
results in the following errors:


Ign:1 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
  DVD Binary-2 20210327-10:39] buster InRelease
Err:2 cdrom://[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64
  DVD Binary-2 20210327-10:39] buster Release
Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
  update cannot be used to add new CD-ROMs
Hit:3 http://security.debian.org/debian-security buster/updates
  InRelease
Reading package lists... Done
E: The repository 'cdrom://[Debian GNU/Linux 10.9.0 _Buster_ -
  Official amd64 DVD Binary-2 20210327-10:39] buster Release' does not
  have a Release file.
N: Updating from such a repository can't be done securely,
  and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
  configuration details.

Next, I verify the DVD really was excluded from the update. I run "apt 
search" on some of its packages. As expected, "apt search" does not find 
them.


To test the workaround, I apply it as described above. After running
"apt update" I then run "apt search" for the same packages as before,
confirming apt now knows they exist. I then run "apt install" on one of
the packages on DVD #2, and confirm it installs okay.

Bug#909436: libdrm 2.4.102-1: FTBFS on hurd-i386 (updated patches)

2021-04-26 Thread Samuel Thibault 
Svante Signell, le mar. 27 avril 2021 01:04:30 +0200, a ecrit:
> On Mon, 2021-04-26 at 23:43 +0200, Samuel Thibault wrote:
> > For information, your patch got dropped because of #975658
> 
> Yes I know since a long time.

Ok, I hadn't seen it.

> And you did not care or anybody else either.

Well, usually it's the patch author who follows up on its consequences.

> So why bother... Why spend time on worthless issues?

Worthless? Qt5 depends on it.

Samuel

Bug#909436: libdrm 2.4.102-1: FTBFS on hurd-i386 (updated patches)

2021-04-26 Thread Svante Signell 
On Mon, 2021-04-26 at 23:43 +0200, Samuel Thibault wrote:
> Hello Svante,
> 
> For information, your patch got dropped because of #975658

Yes I know since a long time. And you did not care or anybody else
either. So why bother... Why spend time on worthless issues?

Bug#987651: install the examples in libgsl-dev

2021-04-26 Thread John Scott 
Source: gsl
Version: 2.6+dfsg-2
Severity: wishlist

Examples are included in doc/examples along with text files that appear
to contain the programs' output. You'll probably want to just install
the *.c and *.h files though.

I'd send a patch, but I frankly couldn't figure out how to do it with
dh_installexamples. If you could commit this to Git, I could add a
(superficial) DEP-8 test checking that they can be built. Perhaps if
the text files do contain the examples' intended output, that could
still make for a good comparison test.


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (2, 'unstable'), (1, 'testing-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



signature.asc
Description: This is a digitally signed message part

Bug#987650: ruby-rugged requires internet access during the build

2021-04-26 Thread Adrian Bunk 
Source: ruby-rugged
Version: 1.1.0+ds-3
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/ruby-rugged.html

...
  1) Error:
OnlineLsTest#test_ls_over_https:
Rugged::NetworkError: failed to resolve address for github.com: Temporary 
failure in name resolution
/build/ruby-rugged-1.1.0+ds/test/online/ls_test.rb:22:in `ls'
/build/ruby-rugged-1.1.0+ds/test/online/ls_test.rb:22:in `each'
/build/ruby-rugged-1.1.0+ds/test/online/ls_test.rb:22:in `to_a'
/build/ruby-rugged-1.1.0+ds/test/online/ls_test.rb:22:in 
`test_ls_over_https'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:98:in `block (3 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:195:in `capture_exceptions'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:95:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:270:in `time_it'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:94:in `block in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:365:in `on_signal'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:211:in `with_info_handler'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:93:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:1029:in `run_one_method'
/usr/lib/ruby/vendor_ruby/minitest.rb:339:in `run_one_method'
/usr/lib/ruby/vendor_ruby/minitest.rb:326:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:325:in `each'
/usr/lib/ruby/vendor_ruby/minitest.rb:325:in `block in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:365:in `on_signal'
/usr/lib/ruby/vendor_ruby/minitest.rb:352:in `with_info_handler'
/usr/lib/ruby/vendor_ruby/minitest.rb:324:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `block in __run'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `map'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `__run'
/usr/lib/ruby/vendor_ruby/minitest.rb:141:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:68:in `block in autorun'

  2) Error:
OnlineFetchTest#test_fetch_over_https:
Rugged::NetworkError: failed to resolve address for github.com: Temporary 
failure in name resolution

/build/ruby-rugged-1.1.0+ds/debian/ruby-rugged/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0/gems/rugged-1.1.0/lib/rugged/repository.rb:257:in
 `fetch'

/build/ruby-rugged-1.1.0+ds/debian/ruby-rugged/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0/gems/rugged-1.1.0/lib/rugged/repository.rb:257:in
 `fetch'
/build/ruby-rugged-1.1.0+ds/test/online/fetch_test.rb:20:in 
`test_fetch_over_https'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:98:in `block (3 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:195:in `capture_exceptions'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:95:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:270:in `time_it'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:94:in `block in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:365:in `on_signal'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:211:in `with_info_handler'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:93:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:1029:in `run_one_method'
/usr/lib/ruby/vendor_ruby/minitest.rb:339:in `run_one_method'
/usr/lib/ruby/vendor_ruby/minitest.rb:326:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:325:in `each'
/usr/lib/ruby/vendor_ruby/minitest.rb:325:in `block in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:365:in `on_signal'
/usr/lib/ruby/vendor_ruby/minitest.rb:352:in `with_info_handler'
/usr/lib/ruby/vendor_ruby/minitest.rb:324:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `block in __run'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `map'
/usr/lib/ruby/vendor_ruby/minitest.rb:164:in `__run'
/usr/lib/ruby/vendor_ruby/minitest.rb:141:in `run'
/usr/lib/ruby/vendor_ruby/minitest.rb:68:in `block in autorun'

  3) Error:
OnlineFetchTest#test_fetch_over_https_with_certificate_callback:
Rugged::NetworkError: failed to resolve address for github.com: Temporary 
failure in name resolution

/build/ruby-rugged-1.1.0+ds/debian/ruby-rugged/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0/gems/rugged-1.1.0/lib/rugged/repository.rb:257:in
 `fetch'

/build/ruby-rugged-1.1.0+ds/debian/ruby-rugged/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0/gems/rugged-1.1.0/lib/rugged/repository.rb:257:in
 `fetch'
/build/ruby-rugged-1.1.0+ds/test/online/fetch_test.rb:36:in 
`test_fetch_over_https_with_certificate_callback'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:98:in `block (3 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:195:in `capture_exceptions'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:95:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:270:in `time_it'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:94:in `block in run'
/usr/lib/ruby/vendor_ruby/minitest.rb:365:in `on_signal'
/usr/lib/ruby/vendor_ruby/minitest/test.rb:211:in `with_in

Bug#987649: unblock: libxcrypt/1:4.4.18-4

2021-04-26 Thread Marco d'Itri 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package libxcrypt

[ Reason ]
This fixes some related issues which sometimes caused upgrades to fail, 
by moving the library back from /usr/lib/ to /lib/ .

[ Impact ]
Some upgrades to bullseye will randomly fail and we really do not want 
this.

[ Tests ]
autopkgtests passed.

[ Risks ]
The actual change (moving the library back to /lib/) is trivial, and 
since nothing broke spectacularly as soon as I uploaded the new package 
then it very probably is fine.
There are no changes at all to the udeb.

unblock libxcrypt/1:4.4.18-4

-- 
ciao,
Marco
diff -Nru libxcrypt-4.4.18/debian/changelog libxcrypt-4.4.18/debian/changelog
--- libxcrypt-4.4.18/debian/changelog	2021-03-27 17:11:11.0 +0100
+++ libxcrypt-4.4.18/debian/changelog	2021-04-19 02:46:31.0 +0200
@@ -1,3 +1,24 @@
+libxcrypt (1:4.4.18-4) unstable; urgency=high
+
+  * Move back the .pc file (and also .so and .a) to /usr/lib/ to fix a
+regression introduced by the precedent upload. (Closes: #987130)
+
+ -- Marco d'Itri   Mon, 19 Apr 2021 02:46:31 +0200
+
+libxcrypt (1:4.4.18-3) unstable; urgency=high
+
+  [ Ivo De Decker ]
+  * Make sure takeover of libcrypt.so.1 from libc6 works correctly on upgrades
+from buster to bullseye (Closes: #974552):
+- Move the library back from /usr/lib/ to /lib/, because that's where it
+  was in the old libc6 (Closes: #953562).
+- Remove breaks from libcrypt1, to allow installing libcrypt1 before libc6
+  is upgraded.
+- Mark libcrypt1 as Important and Protected, to prevent removal after a
+  partial upgrade.
+
+ -- Marco d'Itri   Sat, 17 Apr 2021 04:04:04 +0200
+
 libxcrypt (1:4.4.18-2) unstable; urgency=medium
 
   * Stop depending on libltdl-dev and instead just include in the package
diff -Nru libxcrypt-4.4.18/debian/control libxcrypt-4.4.18/debian/control
--- libxcrypt-4.4.18/debian/control	2021-03-27 17:11:11.0 +0100
+++ libxcrypt-4.4.18/debian/control	2021-04-17 03:43:28.0 +0200
@@ -15,11 +15,8 @@
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Breaks:
- libc6 (<< 2.29-4),
- libc6.1 (<< 2.29-4) [alpha ia64],
- libc0.1 (<< 2.29-4) [kfreebsd-amd64 kfreebsd-i386],
- libc0.3 (<< 2.29-4) [hurd-i386],
+XB-Important: yes
+Protected: yes
 Replaces:
  libc6 (<< 2.29-4),
  libc6.1 (<< 2.29-4) [alpha ia64],
diff -Nru libxcrypt-4.4.18/debian/rules libxcrypt-4.4.18/debian/rules
--- libxcrypt-4.4.18/debian/rules	2021-03-27 16:02:25.0 +0100
+++ libxcrypt-4.4.18/debian/rules	2021-04-19 02:36:41.0 +0200
@@ -96,6 +96,11 @@
 	cd build-deb1/ && \
 	$(MAKE) install DESTDIR=$D
 
+	# Move the shared library back to /lib/ because this is where the
+	# libc6 package used to install it (see #953562 for details).
+	mkdir -p $D/lib/$(DEB_HOST_MULTIARCH)
+	mv $D/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypt.so.1* $D/lib/$(DEB_HOST_MULTIARCH)/
+	ln -sf /lib/$(DEB_HOST_MULTIARCH)/libcrypt.so.1 $D/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypt.so
 ifeq ($(BUILD_DEV_VER), 1)
 	dh_movefiles -plibcrypt-dev --sourcedir=debian/libcrypt1/
 else


signature.asc
Description: PGP signature

Bug#987647: gpg-agent(1) man page word-wrapping issue

2021-04-26 Thread Vincent Lefevre 
Package: gpg-agent
Version: 2.2.27-2
Severity: minor

The gpg-agent(1) man page has a word-wrapping issue: in the FILES
section, from the "gpg-agent.conf" text up to, but not including,
the last paragraph ("Note that on larger installations..."), the
text is not formatted correctly, at least with a 80-column
terminal or narrower.

Here's what I obtain with a 68-column terminal (I've reduced it
to 68 for the purpose of the bug report):

   gpg-agent.conf
This  is  the  standard configuration file read by
  gpg-agent on
startup.  It may contain any  valid  long  option;
  the leading
two  dashes  may not be entered and the option may
  not be abbreviated.
This file is also read after a SIGHUP however only
  a few
options  will  actually  have an effect.  This de‐
  fault name may be
changed on the command line  (see:  [option  --op‐
  tions]).
You should backup this file.

I suppose that the cause is the two spaces at the beginning of
each line in the troff file (this doesn't occur before):

.B  gpg-agent.conf
  This is the standard configuration file read by \fBgpg-agent\fR on
  startup.  It may contain any valid long option; the leading
  two dashes may not be entered and the option may not be abbreviated.
  This file is also read after a \fBSIGHUP\fR however only a few
  options will actually have an effect.  This default name may be
  changed on the command line (see: [option --options]).
  You should backup this file.

And concerning the "Before entering a key into this file..." paragraph,
it remains formatted as in the troff file, without word-wraps for this
narrow terminal. For this issue, I don't have an idea of the cause
(perhaps some style that has not been reset?).

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 
'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg-agent depends on:
ii  gpgconf 2.2.27-2
ii  init-system-helpers 1.60
ii  libassuan0  2.5.4-1
ii  libc6   2.31-11
ii  libgcrypt20 1.8.7-3
ii  libgpg-error0   1.38-2
ii  libnpth01.6-3
ii  pinentry-curses [pinentry]  1.1.0-4
ii  pinentry-gtk2 [pinentry]1.1.0-4

Versions of packages gpg-agent recommends:
ii  gnupg  2.2.27-2

Versions of packages gpg-agent suggests:
ii  dbus-user-session  1.12.20-2
ii  libpam-systemd 247.3-5
pn  pinentry-gnome3
pn  scdaemon   

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#987646: eclipse-titan: Frequent parallel FTBFS

2021-04-26 Thread Adrian Bunk 
Source: eclipse-titan
Version: 7.2.0-1
Severity: serious
Tags: ftbfs

eclipse-titan (7.2.0-1) unstable; urgency=medium
...
  * debian/rules:
...
- removed unnecessary --no-parallel option

 -- Gergely Pilisi   Tue, 16 Feb 2021 10:25:17 +0100


Unfortunately --no-parallel is still necessary:

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/eclipse-titan.html

...
Notify: Parsing TTCN-3 module `TitanLoggerControl.ttcn'...
Notify: Checking modules...
Notify: Generating code...
Notify: None of the files needed update.
Notify: Generating TTCN-3 modules...
touch RT1/TitanLoggerControl.cc.compiled
Notify: File 'TitanLoggerApi.ttcn' was generated.
Notify: File `RT1/PreGenRecordOf.hh' was generated.
Notify: Generating TTCN-3 modules...
Notify: File 'TitanLoggerApi.ttcn' was generated.
Notify: File `RT1/PreGenRecordOf.cc' was generated.
Notify: 2 files were updated.
sed -e 
's/XSD.String/charstring/g;s/XSD.AnySimpleType/charstring/g;s/XSD.Integer/integer/g;s/XSD.Float/float/g;s/XSD.Double/float/g;s/XSD.Boolean/boolean/g;s/import
 from XSD all;//g' TitanLoggerApi.ttcn >TitanLoggerApi.ttcn_
touch RT1/PreGenRecordOf.cc.compiled
sed -e 
's/XSD.String/charstring/g;s/XSD.AnySimpleType/charstring/g;s/XSD.Integer/integer/g;s/XSD.Float/float/g;s/XSD.Double/float/g;s/XSD.Boolean/boolean/g;s/import
 from XSD all;//g' TitanLoggerApi.ttcn >TitanLoggerApi.ttcn_
mv TitanLoggerApi.ttcn_ TitanLoggerApi.ttcn
mv TitanLoggerApi.ttcn_ TitanLoggerApi.ttcn
mv: cannot stat 'TitanLoggerApi.ttcn_': No such file or directory
make[4]: *** [Makefile:280: TitanLoggerApi.ttcn] Error 1


https://buildd.debian.org/status/fetch.php?pkg=eclipse-titan&arch=powerpc&ver=7.2.0-1&stamp=1613472632&raw=0

...
Notify: File `RT1/TitanLoggerControl.hh' was generated.
Notify: Parsing TTCN-3 module `TitanLoggerControl.ttcn'...
Notify: File `RT1/TitanLoggerControl.cc' was generated.
Notify: 2 files were updated.
touch RT1/TitanLoggerControl.cc.compiled
Notify: Checking modules...
Notify: Generating code...
Notify: None of the files needed update.
touch RT1/TitanLoggerControl.cc.compiled
Notify: File `RT1/PreGenRecordOf.hh' was generated.
Notify: File `RT1/PreGenRecordOf.cc' was generated.
Notify: 2 files were updated.
touch RT1/PreGenRecordOf.cc.compiled
Notify: Generating TTCN-3 modules...
Notify: File 'TitanLoggerApi.ttcn' was generated.
Notify: None of the files needed update.
sed -e 
's/XSD.String/charstring/g;s/XSD.AnySimpleType/charstring/g;s/XSD.Integer/integer/g;s/XSD.Float/float/g;s/XSD.Double/float/g;s/XSD.Boolean/boolean/g;s/import
 from XSD all;//g' TitanLoggerApi.ttcn >TitanLoggerApi.ttcn_
touch RT1/PreGenRecordOf.cc.compiled
Notify: Generating TTCN-3 modules...
Notify: File 'TitanLoggerApi.ttcn' was generated.
sed -e 
's/XSD.String/charstring/g;s/XSD.AnySimpleType/charstring/g;s/XSD.Integer/integer/g;s/XSD.Float/float/g;s/XSD.Double/float/g;s/XSD.Boolean/boolean/g;s/import
 from XSD all;//g' TitanLoggerApi.ttcn >TitanLoggerApi.ttcn_
mv TitanLoggerApi.ttcn_ TitanLoggerApi.ttcn
mkdir -p RT1
mv TitanLoggerApi.ttcn_ TitanLoggerApi.ttcn
if ../compiler2/compiler -o RT1 TitanLoggerApi.ttcn - TitanLoggerApi.ttcn; then 
:; else mv TitanLoggerApi.ttcn TitanLoggerApi.ttcn.$$.bad; exit 1; fi
mv: cannot stat 'TitanLoggerApi.ttcn_': No such file or directory
make[4]: *** [Makefile:280: TitanLoggerApi.ttcn] Error 1

Bug#987645: gpg-agent: default --min-passphrase-nonalpha value should be 0

2021-04-26 Thread Vincent Lefevre 
Package: gpg-agent
Version: 2.2.27-2
Severity: minor
Tags: upstream

When I type a passphrase with only letters and spaces, I get

  A passphrase should contain at least 1 digit or special character.

probably because the default --min-passphrase-nonalpha value is 1.
On a long passphrase, this doesn't add any security (in particular,
adding one random letter provides more possibilities than a random
digits) and this is against NIST rules

  https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver

"Verifiers SHOULD NOT impose other composition rules (e.g., requiring
mixtures of different character types or prohibiting consecutively
repeated characters) for memorized secrets."

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 
'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gpg-agent depends on:
ii  gpgconf 2.2.27-2
ii  init-system-helpers 1.60
ii  libassuan0  2.5.4-1
ii  libc6   2.31-11
ii  libgcrypt20 1.8.7-3
ii  libgpg-error0   1.38-2
ii  libnpth01.6-3
ii  pinentry-curses [pinentry]  1.1.0-4
ii  pinentry-gtk2 [pinentry]1.1.0-4

Versions of packages gpg-agent recommends:
ii  gnupg  2.2.27-2

Versions of packages gpg-agent suggests:
ii  dbus-user-session  1.12.20-2
ii  libpam-systemd 247.3-5
pn  pinentry-gnome3
pn  scdaemon   

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#987628: uploading patch for 987628

2021-04-26 Thread Taowa 
Control: tags -1 pending

As per an ack on IRC, I'll be uploading this as soon as the dcut to
grant me upload privileges on it goes through.

Taowa

-- 
Taowa (they)
people.debian.org/~taowa
LOC FN35EM

Bug#909436: libdrm 2.4.102-1: FTBFS on hurd-i386 (updated patches)

2021-04-26 Thread Samuel Thibault 
Hello Svante,

For information, your patch got dropped because of #975658

Samuel

Bug#987644: nomad will FTBFS after 2021-11-09 due to expired certificate

2021-04-26 Thread Adrian Bunk 
Source: nomad
Version: 0.12.10+dfsg1-1
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/nomad.html

...
config_test.go:494: write err: x509: certificate has expired or is not yet 
valid: current time 2022-05-26T18:21:44Z is after 2021-11-09T19:48:00Z
--- FAIL: TestConfig_outgoingWrapper_OK (0.00s)
FAIL
FAILgithub.com/hashicorp/nomad/helper/tlsutil   0.054s
...

Bug#987638: linux-image-5.10.0-6-arm64: Missing kernel modules for Pine64's Pinebook Pro (usb-c, battery gauge, audio)

2021-04-26 Thread Vincent Blut 
Hi,

Le 2021-04-26 22:46, Lionel Fourquaux a écrit :
> Package: src:linux
> Version: 5.10.28-1
> Severity: wishlist
> X-Debbugs-Cc: lionel.fourquaux+deb...@normalesup.org
> 
> Dear Maintainer,
> 
> I'm using Debian bullseye (currently unstable, soon to be stable) on 
> a Pine64 Pinebook Pro, installed using the official Debian installer.
> 
> Some devices are "not working" (meaning: nonfunctional, not detected by 
> the kernel):
>  * the usb-c port
>  * the battery gauge (cw2025) (note: dmesg shows error messages about a 
>missing power supply (the usb-c port?):
> [8.546079] power_supply cw2015-battery: Not all required supplies found, 
> defer probe
> [8.546089] cw2015 4-0062: Failed to register power supply
>)
>  * the audio output (built-in speakers).
> 
> After comparing the available kernel modules to the device tree, I believe 
> that this is caused by some missing modules in the kernel configuration. 
> I suggest enabling:
>   CONFIG_TYPEC_FUSB302
>   CONFIG_SND_SOC_ES8316

A merge request [1] has been proposed today to improve support for the Pinebook
Pro.

> Best regards,
> 
>   -- Lionel

Cheers,
Vincent

[1] https://salsa.debian.org/kernel-team/linux/-/merge_requests/352


signature.asc
Description: PGP signature

Bug#987643: ne10 FTBFS with gcc 10

2021-04-26 Thread Adrian Bunk 
Source: ne10
Version: 1.2.1-4
Severity: serious
Tags: ftbfs bullseye sid

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/arm64/ne10.html

...
cd /build/ne10-1.2.1/obj-aarch64-linux-gnu/test && /usr/bin/cmake -E 
cmake_link_script CMakeFiles/NE10_imgproc_unit_test_static.dir/link.txt 
--verbose=1
/usr/bin/c++ -g -O2 -fdebug-prefix-map=/build/ne10-1.2.1=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time 
-D_FORTIFY_SOURCE=2 -fno-strict-aliasing -O2 -DNDEBUG -Wl,-z,relro -rdynamic 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_main.c.o
 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_resize.c.o
 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_rotate.c.o
 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_boxfilter.c.o
 CMakeFiles/NE10_imgproc_unit_test_static.dir/src/seatest.c.o 
CMakeFiles/NE10_imgproc_unit_test_static.dir/src/unit_test_common.c.o 
CMakeFiles/NE10_imgproc_unit_test_static.dir/src/NE10_random.c.o -o 
NE10_imgproc_unit_test_smoke  ../modules/libNE10.a -lm -lrt -lstdc++ 
/usr/bin/ld: 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_resize.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 multiple definition of `seatest_simple_test_result'; 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_main.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 first defined here
/usr/bin/ld: 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_rotate.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 multiple definition of `seatest_simple_test_result'; 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_main.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 first defined here
/usr/bin/ld: 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_suite_boxfilter.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 multiple definition of `seatest_simple_test_result'; 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_main.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 first defined here
/usr/bin/ld: 
CMakeFiles/NE10_imgproc_unit_test_static.dir/src/seatest.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 multiple definition of `seatest_simple_test_result'; 
CMakeFiles/NE10_imgproc_unit_test_static.dir/__/modules/imgproc/test/test_main.c.o:./obj-aarch64-linux-gnu/test/./test/include/seatest.h:23:
 first defined here
[ 96%] Building C object 
test/CMakeFiles/NE10_dsp_unit_test_static.dir/src/seatest.c.o
cd /build/ne10-1.2.1/obj-aarch64-linux-gnu/test && /usr/bin/cc -DSMOKE_TEST 
-I/build/ne10-1.2.1/inc -I/build/ne10-1.2.1/test/include -g -O2 
-fdebug-prefix-map=/build/ne10-1.2.1=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing 
-O2 -DNDEBUG   -O0 -o CMakeFiles/NE10_dsp_unit_test_static.dir/src/seatest.c.o 
-c /build/ne10-1.2.1/test/src/seatest.c
[ 97%] Building C object 
test/CMakeFiles/NE10_dsp_unit_test_static.dir/src/unit_test_common.c.o
cd /build/ne10-1.2.1/obj-aarch64-linux-gnu/test && /usr/bin/cc -DSMOKE_TEST 
-I/build/ne10-1.2.1/inc -I/build/ne10-1.2.1/test/include -g -O2 
-fdebug-prefix-map=/build/ne10-1.2.1=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing 
-O2 -DNDEBUG   -O0 -o 
CMakeFiles/NE10_dsp_unit_test_static.dir/src/unit_test_common.c.o -c 
/build/ne10-1.2.1/test/src/unit_test_common.c
[ 98%] Building C object 
test/CMakeFiles/NE10_dsp_unit_test_static.dir/src/NE10_random.c.o
cd /build/ne10-1.2.1/obj-aarch64-linux-gnu/test && /usr/bin/cc -DSMOKE_TEST 
-I/build/ne10-1.2.1/inc -I/build/ne10-1.2.1/test/include -g -O2 
-fdebug-prefix-map=/build/ne10-1.2.1=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing 
-O2 -DNDEBUG   -O0 -o 
CMakeFiles/NE10_dsp_unit_test_static.dir/src/NE10_random.c.o -c 
/build/ne10-1.2.1/test/src/NE10_random.c
collect2: error: ld returned 1 exit status
make[3]: *** [test/CMakeFiles/NE10_imgproc_unit_test_static.dir/build.make:197: 
test/NE10_imgproc_unit_test_smoke] Error 1
make[3]: Leaving directory '/build/ne10-1.2.1/obj-aarch64-linux-gnu'
make[2]: *** [CMakeFiles/Makefile2:281: 
test/CMakeFiles/NE10_imgproc_unit_test_static.dir/all] Error 2
make[2]: *** Waiting for unfinished jobs
[ 99%] Linking C executable NE10_dsp_unit_test_smoke
cd /build/ne10-1.2.1/obj-aarch64-linux-gnu/test && /usr/bin/cmake -E 
cmake_link_script CMakeFiles/NE10_dsp_unit_test_static.dir/link.txt --verbose=1
/usr/bin/cc -g -O2 -fdebug-prefix-map=/build/ne10-1.2.1=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time 
-D_FORTIFY_SOURCE=2 -fno-strict-aliasing -O2 -DNDEBUG -Wl,-z,relro -rdynamic 
CMakeFile

Bug#964090: The security patch should be reverted and this bug closed for bullseye

2021-04-26 Thread Karl O. Pinc 
Hello,

According to the above, and all I've read, the
security issue that blocked operations on PDFs
is no longer present in bullseye.  Not in
gs and not in imagemagick.

Unless there's some new security issue
please revert the patch and close this bug to
make functionality available.

Regards,

Karl 
Free Software:  "You don't pay back, you pay forward."
 -- Robert A. Heinlein

Bug#987641: e2fsprogs: FTBFS on armel/armhf with a 64-bit kernel

2021-04-26 Thread Aurelien Jarno 
Source: e2fsprogs
Version: 1.46.2-1
Severity: serious
Tags: upstream ftbfs
Justification: fails to build from source (but built successfully in the past)
Forwarded: https://github.com/tytso/e2fsprogs/issues/65

e2fsprogs builds fine on armel/armhf when built on a machine with a
32-bit kernel. However it fails to build on a machine with a 64-bit
kernel due to alignments issues which are not trapped by the kernel:

A build log is available there:
https://tests.reproducible-builds.org/debian/logs/unstable/armhf/e2fsprogs_1.46.2-1.build2.log.gz

Bug#987640: zsnes FTBFS with gcc 10

2021-04-26 Thread Adrian Bunk 
Source: zsnes
Version: 1.510+bz2-10
Severity: serious
Tags: ftbfs

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/i386/zsnes.html

...
g++ -o zsnes cfg.o endmem.o init.o initc.o input.o md.o patch.o ui.o vcache.o 
version.o zloader.o zmovie.o zpath.o zstate.o ztime.o ztimec.o chips/c4emu.o 
chips/c4proc.o chips/dsp1emu.o chips/dsp1proc.o chips/dsp2proc.o 
chips/dsp3emu.o chips/dsp3proc.o chips/dsp4emu.o chips/dsp4proc.o 
chips/fxemu2.o chips/fxemu2b.o chips/fxemu2c.o chips/fxtable.o chips/obc1emu.o 
chips/obc1proc.o chips/sa1proc.o chips/sa1regs.o chips/sdd1emu.o chips/seta10.o 
chips/sfxproc.o chips/st10proc.o chips/7110proc.o chips/seta11.o 
chips/st11proc.o cpu/dma.o cpu/dsp.o cpu/dspproc.o cpu/execute.o cpu/executec.o 
cpu/irq.o cpu/memory.o cpu/memtable.o cpu/spc700.o cpu/stable.o cpu/table.o 
cpu/tablec.o debugasm.o debugger.o gui/gui.o gui/guifuncs.o gui/menu.o 
effects/burn.o effects/smoke.o effects/water.o jma/7zlzma.o jma/crc32.o 
jma/iiostrm.o  jma/inbyte.o jma/jma.o jma/lzma.o   jma/lzmadec.o 
jma/winout.o jma/zsnesjma.o mmlib/mm.o mmlib/linux.o  video/makev16b.o 
video/makev16t.o video/makevid.o video/mode716.o video/mode716b.o 
video/mode716d.o video/mode716e.o video/mode716t.o video/mode7.o 
video/mode7ext.o video/mv16tms.o video/m716text.o video/newg162.o 
video/newgfx.o video/newgfx16.o video/newgfx2.o video/procvid.o 
video/procvidc.o video/sw_draw.o video/2xsaiw.o video/hq2x16.o video/hq2x32.o 
video/hq3x16.o video/hq3x32.o video/hq4x16.o video/hq4x32.o video/ntsc.o 
video/copyvwin.o linux/audio.o linux/battery.o linux/sdlintrf.o linux/sdllink.o 
linux/gl_draw.o linux/sw_draw.o linux/safelib.o zip/unzip.o zip/zpng.o -g -O2 
-fdebug-prefix-map=/build/zsnes-1.510+bz2=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -pipe -I. 
-I/usr/local/include -I/usr/include -D__UNIXSDL__  -I/usr/include/SDL 
-D_GNU_SOURCE=1 -D_REENTRANT  -D__OPENGL__ -march=i486 -O3 -fomit-frame-pointer 
-fprefetch-loop-arrays -fforce-addr -D__RELEASE__ -fno-rtti -Wl,-z,relro 
-Wl,--as-needed -lpthread -L/usr/local/lib -L/usr/lib  -lz 
-L/usr/lib/i386-linux-gnu -lSDL  -lpng -lm -lcurses -lGL
/usr/bin/ld: initc.o:./src/initc.c:1499: multiple definition of `HacksDisable'; 
cfg.o:./src/cfg.c:269: first defined here
...

Bug#987639: smlsharp FTBFS with gcc 10

2021-04-26 Thread Adrian Bunk 
Source: smlsharp
Version: 1.2.0-2
Severity: serious
Tags: ftbfs bullseye sid

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/i386/smlsharp.html

...
(cd precompiled/x86-linux \
 && gcc -m32 -Wl,-z,relro -Wl,-z,now ../../src/runtime/smlsharp_entry.o \
  `cat ../minismlsharp-files` \
  ../../src/runtime/libsmlsharp.a \
  -lpthread -ldl -lgmp -lm  -o ../../minismlsharp)
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:364: 
multiple definition of `SMLN8SMLSharp12MatchCompBugE'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:364: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:363: 
multiple definition of `SMLN2OS6SysErrE'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:363: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:362: 
multiple definition of `SML4Fail'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:362: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:361: 
multiple definition of `SML6Domain'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:361: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:360: 
multiple definition of `SML3Div'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:360: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:359: 
multiple definition of `SML8Overflow'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:359: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:358: 
multiple definition of `SML4Size'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:358: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:357: 
multiple definition of `SML9Subscript'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:357: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:356: 
multiple definition of `SML5Match'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:356: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:355: 
multiple definition of `SML4Bind'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:355: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(heap_bitmap.o):./src/runtime/smlsharp.h:290: 
multiple definition of `sml_check_gc_flag'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:290: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:290: 
multiple definition of `sml_check_gc_flag'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:290: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:364: 
multiple definition of `SMLN8SMLSharp12MatchCompBugE'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:364: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:363: 
multiple definition of `SMLN2OS6SysErrE'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:363: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:362: 
multiple definition of `SML4Fail'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:362: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:361: 
multiple definition of `SML6Domain'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:361: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:360: 
multiple definition of `SML3Div'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:360: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:359: 
multiple definition of `SML8Overflow'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:359: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:358: 
multiple definition of `SML4Size'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:358: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:357: 
multiple definition of `SML9Subscript'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:357: first 
defined here
/usr/bin/ld: 
../../src/runtime/libsmlsharp.a(control.o):./src/runtime/smlsharp.h:356: 
multiple definition of `SML5Match'; 
../../src/runtime/smlsharp_entry.o:././src/runtime/smlsharp.h:356: first 
defined here
/usr/bin/ld: 
../../sr

Bug#987638: linux-image-5.10.0-6-arm64: Missing kernel modules for Pine64's Pinebook Pro (usb-c, battery gauge, audio)

2021-04-26 Thread Lionel Fourquaux 
Package: src:linux
Version: 5.10.28-1
Severity: wishlist
X-Debbugs-Cc: lionel.fourquaux+deb...@normalesup.org

Dear Maintainer,

I'm using Debian bullseye (currently unstable, soon to be stable) on 
a Pine64 Pinebook Pro, installed using the official Debian installer.

Some devices are "not working" (meaning: nonfunctional, not detected by 
the kernel):
 * the usb-c port
 * the battery gauge (cw2025) (note: dmesg shows error messages about a 
   missing power supply (the usb-c port?):
[8.546079] power_supply cw2015-battery: Not all required supplies found, 
defer probe
[8.546089] cw2015 4-0062: Failed to register power supply
   )
 * the audio output (built-in speakers).

After comparing the available kernel modules to the device tree, I believe 
that this is caused by some missing modules in the kernel configuration. 
I suggest enabling:
  CONFIG_TYPEC_FUSB302
  CONFIG_SND_SOC_ES8316

Best regards,

-- Lionel


-- Package-specific info:
** Version:
Linux version 5.10.0-6-arm64 (debian-ker...@lists.debian.org) (gcc-10 (Debian 
10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP 
Debian 5.10.28-1 (2021-04-09)

** Command line:
quiet

** Not tainted

** Kernel log:
[8.552655] platform regulatory.0: firmware: direct-loading firmware 
regulatory.db.p7s
[8.576089] alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
[8.600764] dw_wdt ff848000.watchdog: No valid TOPs array specified
[8.623804] panfrost ff9a.gpu: clock rate = 5
[8.635795] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43456-sdio 
for chip BCM4345/9
[8.636451] usbcore: registered new interface driver brcmfmac
[8.649935] brcmfmac mmc0:0001:1: firmware: direct-loading firmware 
brcm/brcmfmac43456-sdio.bin
[8.650570] brcmfmac mmc0:0001:1: firmware: direct-loading firmware 
brcm/brcmfmac43456-sdio.pine64,pinebook-pro.txt
[8.691963] panfrost ff9a.gpu: mali-t860 id 0x860 major 0x2 minor 0x0 
status 0x0
[8.691971] panfrost ff9a.gpu: features: ,100e77bf, issues: 
,24040400
[8.691975] panfrost ff9a.gpu: Features: L2:0x07120206 Shader:0x 
Tiler:0x0809 Mem:0x1 MMU:0x2830 AS:0xff JS:0x7
[8.691978] panfrost ff9a.gpu: shader_present=0xf l2_present=0x1
[8.710260] cryptd: max_cpu_qlen set to 1000
[8.723349] [drm] Initialized panfrost 1.1.0 20180908 for ff9a.gpu on 
minor 1
[8.750235] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43456-sdio 
for chip BCM4345/9
[8.750906] brcmfmac mmc0:0001:1: firmware: direct-loading firmware 
brcm/brcmfmac43456-sdio.clm_blob
[8.767842] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/9 wl0: Jun 16 
2017 12:38:26 version 7.45.96.2 (66c4e21@sh-git) (r) FWID 01-1813af84
[8.859932] Console: switching to colour frame buffer device 240x67
[8.885264] rockchip-drm display-subsystem: [drm] fb0: rockchipdrmfb frame 
buffer device
[8.914709] [drm] Initialized rockchip 1.0.0 20140818 for display-subsystem 
on minor 0
[8.915466] vdd_log: supplied by regulator-dummy
[8.924455] power_supply cw2015-battery: Not all required supplies found, 
defer probe
[8.924469] cw2015 4-0062: Failed to register power supply
[9.024217] EXT4-fs (mmcblk2p1): mounting ext2 file system using the ext4 
subsystem
[9.026846] EXT4-fs (mmcblk2p1): mounted filesystem without journal. Opts: 
(null)
[9.026867] ext2 filesystem being mounted at /boot supports timestamps until 
2038 (0x7fff)
[9.158294] audit: type=1400 audit(1619461086.164:2): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" 
pid=629 comm="apparmor_parser"
[9.158315] audit: type=1400 audit(1619461086.164:3): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="lsb_release" pid=623 
comm="apparmor_parser"
[9.158326] audit: type=1400 audit(1619461086.164:4): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-senddoc" 
pid=628 comm="apparmor_parser"
[9.163059] audit: type=1400 audit(1619461086.172:5): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=636 
comm="apparmor_parser"
[9.163086] audit: type=1400 audit(1619461086.172:6): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" 
pid=636 comm="apparmor_parser"
[9.175004] audit: type=1400 audit(1619461086.180:7): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="tcpdump" pid=626 
comm="apparmor_parser"
[9.175475] audit: type=1400 audit(1619461086.184:8): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="libreoffice-oopslash" 
pid=632 comm="apparmor_parser"
[9.177951] audit: type=1400 audit(1619461086.184:9): apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=658 
comm="apparmor_parser"
[9.177975] audit: type=1400 audit(1619461086.184:10): app

Bug#987637: fenix FTBFS with gcc 10

2021-04-26 Thread Adrian Bunk 
Source: fenix
Version: 0.92a.dfsg1-12
Severity: serious
Tags: ftbfs bullseye sid

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/i386/fenix.html

...
gcc  -g -O2 -fdebug-prefix-map=/build/fenix-0.92a.dfsg1=. 
-fstack-protector-strong -Wformat -Werror=format-security -Wall 
-fno-strict-aliasing -DUSE_GETTEXT   -Wl,-z,relro -Wl,-z,defs -o fxc main.o 
main_div.o token.o identifier.o segment.o constants.o strings.o varspace.o 
procedure.o codeblock.o c_main.o c_data.o c_code.o c_debug.o dcbw.o messages.o 
error.o sysstub.o typedef.o files.o xctype.o -L/usr/lib/i386-linux-gnu -lSDL 
-Wl,-Bdynamic -lc -lz -lX11 -lm -ldl
/usr/bin/ld: c_main.o:./fxc/src/c_main.c:185: multiple definition of `debug'; 
main.o:./fxc/src/main.c:60: first defined here
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:391: fxc] Error 1

Bug#987636: libcxl FTBFS with make 4.3

2021-04-26 Thread Adrian Bunk 
Source: libcxl
Version: 1.7-1
Severity: serious
Tags: ftbfs bullseye sid patch
Forwarded: https://github.com/ibm-capi/libcxl/pull/34

...
   dh_auto_build -a
make -j16 "INSTALL=install --strip-program=true"
make[1]: Entering directory '/home/bunk/build/libcxl-1.7'
Makefile:28: *** 'cxl.h is non-existant or out of date, Download from 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/include/uapi/misc/cxl.h
 and place in /home/bunk/build/libcxl-1.7/include/misc/cxl.h'.  Stop.
make[1]: Leaving directory '/home/bunk/build/libcxl-1.7'
dh_auto_build: error: make -j16 "INSTALL=install --strip-program=true" returned 
exit code 2
make: *** [debian/rules:8: build-arch] Error 25

Bug#987635: RFS: uriparser/0.9.5+dfsg-1 -- URI parsing library compliant with RFC 3986

2021-04-26 Thread Jörg Frings-Fürst 
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "uriparser":

   Package name: uriparser
   Version : 0.9.5+dfsg-1
   Upstream Author : [fill in name and email of upstream]
   URL : http://uriparser.sourceforge.net
   License : LGPL-2.1+, BSD-3-clause
   Vcs : https://jff.email/cgit/uriparser.git
   Section : libs

It builds those binary packages:

  liburiparser-doc - documentation files for uriparser
  liburiparser-dev - development files for uriparser
  liburiparser1 - 

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/uriparser/

Alternatively, one can download the package with dget using this
command:

  dget -x 
https://mentors.debian.net/debian/pool/main/u/uriparser/uriparser_0.9.5+dfsg-1.dsc

or from 

 git https://jff.email/cgit/uriparser.git/?h=release%2Fdebian%2F0.9.5%2Bdfsg-1



Changes since the last upload:

 uriparser (0.9.5+dfsg-1) experimental; urgency=medium
 .
   * New upstream release:
 - Rebase patches.
 - Fix debain/not-installed.
   * Declare compliance with Debian Policy 4.5.1 (No changes needed).
   * debian/control:
 - Remove Build-Depend dh-exec.
   * debian/copyright:
 - Add year 2021 to myself.

Regards,
-- 
  Jörg Frings-Fürst


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#987634: fails to configure diskless client support during i386 main server installation

2021-04-26 Thread Wolfgang Schweer 
Package: debian-edu-config
Version: 2.11.54
Severity: important

In case a 32-bit combined server (Main-Server, Workstation and 
LTSP-Server profiles) is installed, the LTSP specific Initrd (ltsp.img) 
is missing, and a diskless workstation fails to start.

The command 'uname -m' is used to construct the path where ltsp.img 
should be located. In the 32-bit case, the command returns 'i686' while 
LTSP expects the path component to be 'x86_32' (like x86_64 for 32-bit 
systems).

Wolfgang


signature.asc
Description: PGP signature

Bug#986869: unblock: vala/0.48.17-1

2021-04-26 Thread Rico Tzschichholz 

This update seems to cause build failures in deepin-terminal (related to
changes in the x11 bindings) and libisocodes (not sure if actually
caused by vala). This is not acceptable for bullseye at this point.

Please fix those issues or revert vala to the version currently in
bullseye.


Please see the attached debdiff for deepin-terminal to fix this failure.

The libisocodes failure is not related to vala. The internally expected 
string "Bengali" changed to lower case "bengali".


Best Regards
diff -Nru deepin-terminal-5.0.0+ds1/debian/changelog 
deepin-terminal-5.0.0+ds1/debian/changelog
--- deepin-terminal-5.0.0+ds1/debian/changelog  2020-04-24 01:18:02.0 
+0200
+++ deepin-terminal-5.0.0+ds1/debian/changelog  2021-04-26 21:47:05.0 
+0200
@@ -1,3 +1,9 @@
+deepin-terminal (5.0.0+ds1-3) unstable; urgency=medium
+
+  * debian/patches: Fix build with vala 0.48.17
+
+ -- Rico Tzschichholz   Mon, 26 Apr 2021 21:47:05 +0200
+
 deepin-terminal (5.0.0+ds1-2) unstable; urgency=high
 
   * debian/patches: Add upstream PR to fix FTBFS with new libvte
diff -Nru deepin-terminal-5.0.0+ds1/debian/patches/0004-vala-x11.patch 
deepin-terminal-5.0.0+ds1/debian/patches/0004-vala-x11.patch
--- deepin-terminal-5.0.0+ds1/debian/patches/0004-vala-x11.patch
1970-01-01 01:00:00.0 +0100
+++ deepin-terminal-5.0.0+ds1/debian/patches/0004-vala-x11.patch
2021-04-26 21:47:05.0 +0200
@@ -0,0 +1,17 @@
+Index: b/lib/xutils.vala
+===
+--- a/lib/xutils.vala
 b/lib/xutils.vala
+@@ -96,11 +96,7 @@
+ event.xclient.display = display;
+ event.xclient.window = xid;
+ event.xclient.format = 32;
+-event.xclient.data.l[0] = x;
+-event.xclient.data.l[1] = y;
+-event.xclient.data.l[2] = action;
+-event.xclient.data.l[3] = button;
+-event.xclient.data.l[4] = secret_value;
++event.xclient.l = { x, y, action, button, secret_value };
+ 
+ display.send_event(
+ xrootwindow,
diff -Nru deepin-terminal-5.0.0+ds1/debian/patches/series 
deepin-terminal-5.0.0+ds1/debian/patches/series
--- deepin-terminal-5.0.0+ds1/debian/patches/series 2020-04-24 
01:13:09.0 +0200
+++ deepin-terminal-5.0.0+ds1/debian/patches/series 2021-04-26 
21:47:05.0 +0200
@@ -1,3 +1,4 @@
 0001-get-rid-of-lintian-warning-desktop-entry-invalid-cat.patch
 0002-vala-libify-raw_data-conversion-for-Terminal-feed_ch.patch
 0003-utils-adjust-to-change-in-vte3-0.59.0.patch
+0004-vala-x11.patch


OpenPGP_signature
Description: OpenPGP digital signature

Bug#987633: fails to create thin client support if a combined server is installed in offline mode

2021-04-26 Thread Wolfgang Schweer 
Package: debian-edu-config
Version: 2.11.54
Severity: normal

When using the BD ISO image to install a combined server (Main-Server, 
Workstation and LTSP-Server profiles) in offline mode (i.e. without 
Internet connection), setting up the X2Go thin client chroot fails 
because debootstrap uses deb.debian.org as mirror. Instead, the BD ISO 
image should be used as mirror.

Wolfgang


signature.asc
Description: PGP signature

Bug#987632: fails to create Samba account for first user during main server installation

2021-04-26 Thread Wolfgang Schweer 
Package: debian-edu-config
Version: 2.11.54
Severity: normal

During main server installation information is still missing to create 
the first user's Samba account. This should be done at first booot of 
the main server when all required information is available via LDAP and 
debconf.

Wolfgang


signature.asc
Description: PGP signature

Bug#987631: micro-evtd FTBFS with glibc 2.30

2021-04-26 Thread Adrian Bunk 
Source: micro-evtd
Version: 3.4-5
Severity: serious
Tags: ftbfs bullseye sid

...
src/micro-evtd.c:49:10: fatal error: sys/io.h: No such file or directory
   49 | #include 
  |  ^~
compilation terminated.
make[2]: *** [micro-evtd.mak:185: obj/micro-evtd.o] Error 1


Removing the #include fixes the build.

Bug#987630: python3-authheaders: missing .egg-info metadata

2021-04-26 Thread Kunal Mehta 
Package: python3-authheaders
Version: 0.10.0-1
Severity: important

Dear maintainer,

The python3-authheaders package in Buster is missing the .egg-info metadata
so it can't be found by e.g. pkg-resources:

>>> import authheaders; authheaders

>>> import pkg_resources; pkg_resources.get_distribution('authheaders')
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 481, in 
get_distribution
dist = get_provider(dist)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 357, in 
get_provider
return working_set.find(moduleOrReq) or require(str(moduleOrReq))[0]
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 900, in 
require
needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 786, in 
resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'authheaders' distribution was not 
found and is required by the application

I note that 0.11.0-1 (from snapshot.debian.org) has the correct files:

/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info
/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info/PKG-INFO
/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info/dependency_links.txt
/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info/not-zip-safe
/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info/requires.txt
/usr/lib/python3/dist-packages/authheaders-0.11.0.egg-info/top_level.txt

It wasn't obvious to me what change from 0.10.0-1 to 0.11.0-1 fixed this 
otherwise
I would have attempted to provide a patch.

I encountered this while trying to run a newer version of Mailman3 on Buster, 
which
depends on this package.

Thanks,
Kunal

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.98-1.fc25.qubes.x86_64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-authheaders depends on:
ii  publicsuffix  20190415.1030-1
ii  python3   3.7.3-1
ii  python3-authres   1.1.1-1
ii  python3-dkim  0.9.6-0+deb10u1
ii  python3-dnspython 1.16.0-1
ii  python3-publicsuffix  1.1.0-2

Versions of packages python3-authheaders recommends:
pn  python3-spf  

python3-authheaders suggests no packages.

-- no debconf information

Bug#986581: debian-security-support: logic behind version-based filters

2021-04-26 Thread Holger Levsen 
On Mon, Apr 26, 2021 at 07:16:31PM +0200, Sylvain Beucler wrote:
> I think we are all OK with this particular change. Can you review the MR?

yes, I will, ASAP, pinging the the issue every 4 days is too much and will
not speed up things.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#987239: unblock: glance/21.0.0-2

2021-04-26 Thread Thomas Goirand 
On 4/26/21 4:01 PM, Sebastian Ramacher wrote:
>> The changelog goes like this:
>>
>>   1* Add variables: DEB_BUILD_OPTIONS: nocheck DEB_BUILD_PROFILES: nocheck in
>> debian/salsa-ci.yml.
>>   2* Do not delete /etc/glance/rootwrap.conf, owned by python3-glance-store.
>> (Closes: #987193).
>>   3* mv /etc/glance/policy.json /etc/glance/disabled.policy.json.old instead 
>> of
>> deleting /etc/glance/policy.json.
>>   4* Tune glance-api-uwsgi.ini for performance.
> 
> Regarding 3*: why isn't the old file not moved to the new location?
> 
> Cheers

I'm sorry, I'm too much into it, and forgot the main story.

For a technical reason that would be long to explain, the old json
format is deprecated, and OpenStack users should stop using it as soon
as possible, otherwise, it may may create of issues. The new way of
doing things is to stop Json with every policy option declared, and
switch to a standard where everything commented-out in a yaml file,
describing what's in the python code as default.

In Debian, we now generates a yaml file in
/etc/glance/policy.d/00_default-policy.yaml. I expect users to leave the
file as-is, and just add configuration fragments on the same folder,
rather than editing a unique policy.json like before.

Therefore, the best thing we could do, was just move away .json format
API policy file, to make sure that it's not in use (because older
version of Glance may point to the old /etc/glance/policy.json). And
that's why I'm using such an explicit "disabled.policy.json.old" name.

The thing is, deleting the old policy.json was a bad idea. Because
administrator may have edited that file to set various API policies in
previous releases of OpenStack. So best is to keep it, but renamed, and
tell the user to put what he edited as fragments in /etc/glance/policy.d
in yaml format only.

Moving the policy.json in the policy.d is not a good idea either,
because it keeps the old JSON format, now deprecated by upstream, that
we explicitly require users to move away from.

I hope it's more clear now.

Cheers,

Thomas Goirand (zigo)

Bug#986869: unblock: vala/0.48.17-1

2021-04-26 Thread Sebastian Ramacher 
Control: tags -1 moreinfo

On 2021-04-13 07:50:44 +0200, Rico Tzschichholz wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: ric...@ubuntu.com
> 
> Please unblock package vala
> 
> Vala 0.48.17
> 
>  * Regression and bug fixes:
>   - codegen:
> + Don't free temp-var for element-access to array with boxed structs
> [#1174]
> + Don't free unowned heap allocated struct
> 
>  * Bindings:
>   - glib-2.0: Add simple_generics attribute to GenericArray.find_custom()
> 
> Vala 0.48.16
> 
>  * Various improvements and bug fixes:
>   - codegen:
> + Improve handling of ellipsis parameter in get_ccode_name()
> + Fix default value of get_ccode_destroy_notify_pos()
> + Don't override valid target/destroy of previous lambda argument [#59]
> + Don't call *_instance_init() in compact class chainup
>   - vala: Mark tranformed static member-access as qualified [#270]
>   - girwriter: namespace expects "c:symbol-prefixes" attribute [#1038]
>   - girwriter: Don't use instance-parameter inside callback [#1167]
>   - girparser,libvaladoc/girimporter: Don't guess length of xml header, 
> iterate
> forward to 
>   - libvaladoc/girimporter: parse_constant() use "c:identifier" attribute 
> first
> 
>  * Bindings:
>   - rest-0.7: Fix OAuthProxyAuthCallback binding
>   - gtk+-3.0: Fix ModuleInitFunc binding
>   - gio-2.0: Fix TlsPassword.get_value() binding
>   - Fix several bindings which lead to invalid code by using them in:
> javascriptcoregtk-4.0, libusb, libusb-1.0, pixman-1,
> webkit2gtk-web-extension-4.0, x11, zlib,
> 
> [ Reason ]
> Vala 0.48.x series is a Long-Term support version and receives important bug
> fixes and binding fixes.
> 
> [ Impact ]
> The packages fixes two upstream regressions introduced with 0.48.14 and 
> 0.48.15
> 
> pygobject regression by new instance-parameter gir output
> https://gitlab.gnome.org/GNOME/vala/-/issues/1167
> 
> using (!) when dereferencing item in array of nullable structs frees item,
> leading to double free
> https://gitlab.gnome.org/GNOME/vala/-/issues/1174
> 
> [ Tests ]
> The vala 0.48.x series is constantly used by current package set of Debian
> testing.
> The upstream test suite is extended with every release.
> http://ci.vala-project.org:8010/builders/vala-0.48/builds/43
> http://ci.vala-project.org:8010/builders/vala-0.48/builds/45
> 
> [ Risks ]
> Vala is a compiler and affects every reverse-dependency.
> 
> [ Checklist ]
>   [X] all changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [X] There are no packaging changes other than the changelog itself
>   [X] A debdiff is not applicable due to generated C files
> 
> [ Other info ]
> Upstream between 0.48.15 and 0.48.17
> https://gitlab.gnome.org/GNOME/vala/-/compare/10166000cbf8963cfebae5e15fa0f13b15791308...7a59191b7fc5d4c7b77f42ab0e7806011a5c71dd
> 
> unblock vala/0.48.17-1

This update seems to cause build failures in deepin-terminal (related to
changes in the x11 bindings) and libisocodes (not sure if actually
caused by vala). This is not acceptable for bullseye at this point.

Please fix those issues or revert vala to the version currently in
bullseye.

Cheers


> diff --git a/NEWS b/NEWS
> index e78d744d0..4bf72f071 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,26 @@
> +Vala 0.48.16
> +
> + * Various improvements and bug fixes:
> +  - codegen:
> ++ Improve handling of ellipsis parameter in get_ccode_name()
> ++ Fix default value of get_ccode_destroy_notify_pos()
> ++ Don't override valid target/destroy of previous lambda argument [#59]
> ++ Don't call *_instance_init() in compact class chainup
> +  - vala: Mark tranformed static member-access as qualified [#270]
> +  - girwriter: namespace expects "c:symbol-prefixes" attribute [#1038]
> +  - girwriter: Don't use instance-parameter inside callback [#1167]
> +  - girparser,libvaladoc/girimporter: Don't guess length of xml header, 
> iterate
> +forward to 
> +  - libvaladoc/girimporter: parse_constant() use "c:identifier" attribute 
> first
> +
> + * Bindings:
> +  - rest-0.7: Fix OAuthProxyAuthCallback binding
> +  - gtk+-3.0: Fix ModuleInitFunc binding
> +  - gio-2.0: Fix TlsPassword.get_value() binding
> +  - Fix several bindings which lead to invalid code by using them in:
> +javascriptcoregtk-4.0, libusb, libusb-1.0, pixman-1,
> +webkit2gtk-web-extension-4.0, x11, zlib,
> +
>  Vala 0.48.15
>  
>   * Various improvements and bug fixes:
> diff --git a/codegen/valaccode.vala b/codegen/valaccode.vala
> index 7671b2c50..9b1da33f7 100644
> --- a/codegen/valaccode.vala
> +++ b/codegen/valaccode.vala
> @@ -365,12 +365,7 @@ namespace Vala {
>   if (a != null && a.has_argument ("destroy_notify_pos")) {
>   return a.get_double ("destroy_notify_pos");
>   }
> - if (node is Parameter) {

Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

2021-04-26 Thread Salvatore Bonaccorso 
Hi Ferenc,

On Mon, Apr 26, 2021 at 03:16:14PM +0200, Ferenc Wágner wrote:
> Source: shibboleth-sp
> Version: 3.0.2+dfsg1-1
> Severity: important
> Tags: upstream patch security
> Forwarded: https://issues.shibboleth.net/jira/browse/SSPCPP-927
> 
> Shibboleth Service Provider Security Advisory [26 April 2021]
> 
> An updated version of the Service Provider software is now
> available which corrects a denial of service vulnerability.
> 
> Session recovery feature contains a null pointer deference
> ==
> The cookie-based session recovery feature added in V3.0 contains a
> flaw that is exploitable on systems *not* using the feature if a
> specially crafted cookie is supplied.
> 
> This manifests as a crash in the shibd daemon/service process.
> 
> Because it is very simple to trigger this condition remotely, it
> results in a potential denial of service condition exploitable by
> a remote, unauthenticated attacker.
> 
> Versions without this feature (prior to V3.0) are not vulnerable
> to this particular issue.
> 
> Recommendations
> ===
> Update to V3.2.2 or later of the Service Provider software, which
> is now available.
> 
> In cases where this is not immediately possible, configuring a
> DataSealer component in shibboleth2.xml (even if used for nothing)
> will work around the vulnerability.
> 
> For example:
> 
> 
> 
> This workaround is only possible after having updated the
> core configuration to the V3 XML namespace.
> 
> Other Notes
> ===
> The cpp-sp git commit containing the fix for this issue is
> 5a47c3b9378f4c49392dd4d15189b70956f9f2ec
> 
> 
> URL for this Security Advisory:
> https://shibboleth.net/community/advisories/secadv_20210426.txt

Raising the severity to RC as I think this should go into bullseye and
the fix is targetted possible. Let me though know if you disagree on
this.

Regards,
Salvatore

Bug#987628: patch and salsa MR

2021-04-26 Thread Taowa 
Hiya,

The salsa MR is at [1] and the diff is at [2].

Taowa

[1] https://salsa.debian.org/go-team/packages/bombadillo/-/merge_requests/1
[2] https://salsa.debian.org/go-team/packages/bombadillo/-/merge_requests/1.diff
-- 
Taowa (they)
people.debian.org/~taowa
LOC FN35EM

Bug#987629: python3-matplotlib: Please do not suggest transitional dummy package ttf-staypuft

2021-04-26 Thread Boyuan Yang 
Package: python3-matplotlib
Version: 3.3.4-1
Severity: normal
X-Debbugs-CC: mo...@debian.org

Package ttf-staypuft is now a transitional package. Please replace it with the
real package (fonts-staypuft).

-- 
Thanks,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#987628: queries default homeurl over the internet on first launch

2021-04-26 Thread Taowa 
Package: bombadillo
Version: 2.3.3-2
Severity: normal
Tags: patch pending

Dear maintainer,

By default, bombadillo retrieves the file[1] over gopher whenever it's
launched.  Considering that its website says that it "does not
send/transmit anything to anyone that you do not instruct it to"[2], I
do not believe this behaviour to be appropriate, especially since the
default configuration is created upon the first run and no template
exists, so disabling this feature before the first run is non-trivial.

To that end, I'll be submitting a merge request shortly with a patch to
disable this, and instead serve a local copy of user-guide.map. If you
have no objections to this, please let me know and I'll perform a team
upload.

Thanks!
Taowa

[1] gopher://bombadillo.colorfield.space:70/1/user-guide.map 
[2] https://bombadillo.colorfield.space

--
Taowa (they)
people.debian.org/~taowa
LOC FN35EM

Bug#987598: linux-image-5.10.0-6-amd64: no longer accounting guest CPU time in /proc/stat

2021-04-26 Thread Chris Hofstaedtler 
* jaros...@thinline.cz  [210426 18:43]:
> after upgrading some of our Qemu/KVM host servers to Debian testing I
> noticed that their CPU load changed from "user" to "system" (observed via
> Prometheus and Grafana.) After quick digging I found that the new kernel is
> no longer counting "guest" time and 9th column in /proc/stat stays 0 at all
> times. This is a regression from Debian stable.

Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986371 and
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1922846

Upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=209831

Bug#741663: linux-image-3.13-1-powerpc-smp: therm_windtunnel does not load correctly

2021-04-26 Thread Wolfram Sang 

> > Yes and no. I am quite optimistic the bug was fixed with a patch which
> > is included upstream since 4.19-rc1. It still needs confirmation,
> > though, i.e. testing.
> 
> The PowerMac G5 users on this list are kindly asked to confirm the bug has
> been fixed. Until then, I'll reopen it.

Makes perfect sense to me.

> > Back then, that meant compiling your own kernel. These days, you can
> > just use any Debian-provided kernel from 4.19 onwards.
> 
> I'm not sure how this is relevant to the question whether the bug was fixed
> or not in the Debian kernel package.

Not relevant. It was just to say that the tester's job has become much
easier meanwhile.



signature.asc
Description: PGP signature

Bug#981422: NMU planned for DELAYED/5

2021-04-26 Thread Paul Gevers 
Dear maintainers,

On Sun, 25 Apr 2021 22:26:09 +0200 Roland Clobus  wrote:
> this ticket was handled during the BSP in Salzburg, which took place
> this weekend.
> 
> A simplified handling of ttyon and ttyoff was implemented.
> Paul Gevers  is planning to NMU the patch in MR5 [1]
> tomorrow to DELAYED/5.

Indeed, it was my intention to upload to DELAYED. However,
unintentionally I forgot to add the right commands to dput and I failed
calling the dcut in the right way (or quick enough).

Sorry if I stepped on somebodies toes.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#987627: RFS: libunistring/0.9.10-5 -- Unicode string library for C

2021-04-26 Thread Jörg Frings-Fürst 
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "libunistring":

   Package name: libunistring
   Version : 0.9.10-5
   Upstream Author : Bruno Haible 
   URL : https://www.gnu.org/software/libunistring/
   License : GPL-3+, GPL-2+, MIT, GPL-2+ with distribution
 exception, FreeSoftware, LGPL-3+ or GPL-2+,
 GPL-3+ or GFDL-1.2+
   Vcs : https://jff.email/cgit/libunistring.git
   Section : libs

It builds those binary packages:

  libunistring2 - Unicode string library for C
  libunistring-dev - Unicode string library for C - development files

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/libunistring/

Alternatively, one can download the package with dget using this
command:

 dget -x 
https://mentors.debian.net/debian/pool/main/libu/libunistring/libunistring_0.9.10-5.dsc

or from 

 git https://jff.email/cgit/libunistring.git?h=release%2Fdebian%2F0.9.10-5



Changes since the last upload:

 libunistring (0.9.10-5) experimental; urgency=medium
 .
   * New debian/patches/0005-fix_build_musl.patch (Closes: #987609):
 - Fix build on musl (Thanks to Helmut Grohne ).
   * Declare compliance with Debian Policy 4.5.1 (No changes needed).
   * debian/copyright:
 - Fix copyright format problems (Closes: #972501):
   + Thanks to Bastian Germann .
 - Refresh copyright years for debian/* to 2021.
   * debian/libunistring2.symbols,
 debian/libunistring2.symbols.hurd-i386:
 - Add Build-Depends-Package field.



Regards,
-- 
  Jörg Frings-Fürst


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#987626: libreoffice: cannot type many things from my keyboard

2021-04-26 Thread Thorsten Glaser 
Package: libreoffice
Version: 1:7.0.4-3
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

With the following ~/.Xmodmap as my keyboard layout…
http://www.mirbsd.org/cvs.cgi/contrib/samples/dot.Xmodmap?rev=1.24.4.15;content-type=text%2Fplain;only_with_tag=grml
… on a PC/Thinkpad keyboard, observe that, compared to
standard US layout, the key labelled “Alt” is in fact
Mode_switch (like AltGr), and that the Windows key is
mapped to Alt_L.

In most applications… almost all, even… this works correctly.
For example, key shortcuts with Ctrl-Alt-… (evilwm, IceWM) or
just Alt-… (MuseScore/Qt) work by using the left Windows key
as Alt key and when typing e.g. Mode_switch-ä I get ä etc.

However, in soffice, this doesn’t work correctly.

Mode_switch-d gives ä, correct, but these for example don’t work:

• Mode_switch-Tab (supposed to give “) moves the cursor
• Mode_switch-Return (supposedly •) does nothing
• Mode_switch-F12 (supposedly ‑) changes the current
  paragraph to a numeric list‽

According to what I could found, Alt-F12 is supposed to show
the options dialogue, and, using the proper key (i.e. the one
with the Windows logo, remapped to Alt) does, but to change to
a numeric list is just F12 (which also works), not Mode_switch-F12.

This is seriously impeding my ability to type basically anything
in soffice because I need „“ (German), “” (English), •–‐‑ for
typographic correctness. Using Tₑχ/LᴬTᴇΧ instead isn’t always an
option (e.g. for $dayjob, where WYSIWYG formats are needed for
some documents).


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'unstable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-4-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages libreoffice depends on:
ii  libreoffice-base1:7.0.4-3
ii  libreoffice-calc1:7.0.4-3
ii  libreoffice-core1:7.0.4-3
ii  libreoffice-draw1:7.0.4-3
ii  libreoffice-impress 1:7.0.4-3
ii  libreoffice-math1:7.0.4-3
ii  libreoffice-report-builder-bin  1:7.0.4-3
ii  libreoffice-writer  1:7.0.4-3
ii  python3-uno 1:7.0.4-3

Versions of packages libreoffice recommends:
ii  fonts-crosextra-caladea 20130214-2.1
ii  fonts-crosextra-carlito 20130920-1.1
ii  fonts-dejavu2.37-2
ii  fonts-liberation1:1.07.4-11
pn  fonts-liberation2   
ii  fonts-linuxlibertine5.3.0-6
ii  fonts-noto-core 20201225-1
pn  fonts-noto-extra
ii  fonts-noto-mono 20201225-1
ii  fonts-noto-ui-core  20201225-1
ii  fonts-sil-gentium-basic 1.102-1.1
ii  libreoffice-java-common 1:7.0.4-3
pn  libreoffice-nlpsolver   
pn  libreoffice-report-builder  
pn  libreoffice-script-provider-bsh 
pn  libreoffice-script-provider-js  
pn  libreoffice-script-provider-python  
pn  libreoffice-sdbc-mysql  
pn  libreoffice-sdbc-postgresql 
pn  libreoffice-wiki-publisher  

Versions of packages libreoffice suggests:
ii  cups-bsd2.3.3op2-3
ii  default-jre [java8-runtime] 2:1.11-72
ii  feistermops450 [firefox-esr]45.9.0m2
ii  firefox-esr 78.9.0esr-1
ii  ghostscript 9.53.3~dfsg-7
ii  gnupg   2.2.27-1
pn  gpa 
ii  gstreamer1.0-libav  1.18.3-1
ii  gstreamer1.0-plugins-bad1.18.3-1+b1
ii  gstreamer1.0-plugins-base   1.18.3-1
ii  gstreamer1.0-plugins-good   1.18.3-1
ii  gstreamer1.0-plugins-ugly   1.18.3-1
ii  hunspell-en-gb [hunspell-dictionary]1:7.1.0~rc3-3
pn  hyphen-hyphenation-patterns 
ii  imagemagick 8:6.9.11.60+dfsg-1
ii  imagemagick-6.q16 [imagemagick] 8:6.9.11.60+dfsg-1
ii  libgl1  1.3.2-1
pn  libofficebean-java  
pn  libreoffice-gnome | libreoffice-plasma  
pn  libreoffice-grammarcheck
ii  libreoffice-help-en-gb [libreoffice-help]   1:7.0.4-3
ii  libreoffice-l10n-en-gb [libreoffice-l10n]   1:7.0.4-3
pn  libreoffice-librelogo   
pn  libsane1

Bug#987625: ntpdate -p samples number is 1 by default, which is not consistent with manpage

2021-04-26 Thread Roger Shimizu 
control: found -1 1:4.2.8p10+dfsg-1
control: affects -1 adjtimex
control: block 944867 by -1

On Tue, Apr 27, 2021 at 2:33 AM Roger Shimizu  wrote:
>
> I found since buster version, -p samples default value changed from 4,
> which is in manpage, to 1.

Should be related to this commit:
* https://salsa.debian.org/pkg-ntp-team/ntp/-/commit/5263b05

ntpdate/ntpdate.c
Line 157

-int sys_samples = DEFSAMPLES;   /* number of samples/server */
+int sys_samples = 0;/* number of samples/server, will be
modified later */

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Bug#987625: ntpdate -p samples number is 1 by default, which is not consistent with manpage

2021-04-26 Thread Roger Shimizu 
Package: ntpdate
Version: 1:4.2.8p15+dfsg-1
Severity: important

Dear Maintainer,

I found since buster version, -p samples default value changed from 4,
which is in manpage, to 1.
So it will output "filter delay:" and "filter offset:" lines by
default in stretch version, 1:4.2.8p10+ based; but will not in buster or
later version, 1:4.2.8p12+ based.

You can check the output by command:
 $ ntpdate -d -q pool.ntp.org
 $ ntpdate -d -p4 -q pool.ntp.org

In manpage:
   -p samples
  Specify  the  number of samples to be acquired from each server as 
the integer samples, with values from 1 to 8
  inclusive. The default is 4.

So clearly the behaviour is not consistent with manpage.
Please kindly fix this, by either change the code, or update the
manpage. Thank you!

Cheers,
Roger

Bug#987019: (no subject)

2021-04-26 Thread Vincent Blut 
Hey Josua,

Le 2021-04-26 17:32, Josua Mayer a écrit :
> Hi Vincent,
> 
> Thanks for your quick reply (which I failed to notice )
> So I did a test today with GPIO_MXC=m, and initramfs-tools in default
> configuration.
> 
> gpio_mxc module is included in initramfs automatically, and the system can
> boot from microSD just fine.
> Therefore, setting it as a module would do.

Awesome, thanks for testing. I'll update the merge request then.

> Yours sincerely
> Josua mayer

Cheers,
Vincent


signature.asc
Description: PGP signature

Bug#987575: linux-kbuild-5.10: please add Breaks: sl-modem-dkms (<< 2.9.11~20110321-16.0)

2021-04-26 Thread Ben Hutchings 
Control: severity -1 important

I don't believe this should be considered an RC bug in Linux packages,
but we should still mitigate the problem.

There are three different bugs involved:

1. linux-headers-*-common uses the upstream Makefile, which defaults
   to attempting a full kernel build.  That will always fail, and
   potentially removes installed files as reported.
2. DKMS (and module-assistant?) do module builds as root by default.
3. Some OOT modules use the now-unsupported SUBDIRS variable instead of
   M or KBUILD_EXTMOD, triggering bug 1.  Due to bug 2, this can remove
   root-owned files.

Bug 3 does/did not only exist in the 2 known bad packages in Debian,
but also probably in other older packages and unpackaged modules.  So I
think we cannot comprehensively fix it or avoid it by using "Breaks"
relations.  (And I would like to avoid the kernel team having to
maintain a list of all currently broken OOT modules.)

Bugs 1 and 2 should be fixed, but this probably isn't achievable before
the bullseye release.

So I propose a mitigation of bug 1: if the Makefile is invoked with
SUBDIRS set but neither M nor KBUILD_EXTMOD is also set, we abort the
build:

https://salsa.debian.org/kernel-team/linux/-/merge_requests/353

Ben.

-- 
Ben Hutchings
It is easier to change the specification to fit the program
than vice versa.


signature.asc
Description: This is a digitally signed message part

Bug#986581: debian-security-support: logic behind version-based filters

2021-04-26 Thread Sylvain Beucler 

Hi,

On 16/04/2021 10:41, Sylvain Beucler wrote:

I dropped the version-based check and adapted the test suite:
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/9
pending review with secteam.


I think we are all OK with this particular change. Can you review the MR?

Cheers!
Sylvain

Bug#987377: rescue-mode: when in graphical mode, locks up one prompt before the shell

2021-04-26 Thread Étienne Mollier 
Hi Cyril,

Étienne Mollier, on 2021-04-26 09:09:50 +0200:
> Cyril Brulebois, on 2021-04-26 02:18:49 +0200:
> > If so, I'd be happy if you could just verify at least one “known-bad”
> > case with the official image first:
> >   
> > http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/20210415/images/netboot/gtk/mini.iso
> > 
> > so that we are sure the issue is produced this way… in which case we'll
> > be able to test a modified image to see if it helps. :)
> 
> Checking that out, will let you know my findings.

I should have reread earlier the entire message; that would have
spared me several tests.  Anyway for short, yes, known-bad cases
are consistent with RC1.

As a side note, I shouldn't have extrapolated the table, because
I ended up with:

Layout  Plain   RaidLVM LVM+Crypto
Locale  Device
en_US   Satablank   blank   ok  ok
en_US   NVMeok  blank   ok  ok
fr_FR   Sataok  ok  blank   blank
fr_FR   NVMeok  ok  blank   blank
eo_EO   Sata[1] ok  ok  ok
eo_EO   NVMeok  ok  ok  ok

[1]: I haven't checked that particular entry, but caught up
 later with the extra locale; I didn't want to "extrapolate"
 one more time.

Too bad for the epic one-liner...

Kind Regards,
-- 
Étienne Mollier 
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/pts/2, please excuse my verbosity.


signature.asc
Description: PGP signature

Bug#987624: dnscrypt-proxy: should declare dependency on ca-certificates

2021-04-26 Thread Celejar 
Package: dnscrypt-proxy
Version: 2.0.45+ds1-1+b2
Severity: normal
X-Debbugs-Cc: cele...@gmail.com

If the ca-certificates package isn't installed, dnscrypt-proxy will fail
to start using its default configuration, since it can't verify the
download of the public resolvers file:

[CRITICAL] Unable to use source [public-resolvers]: [Get 
https://download.dnscrypt.i
nfo/resolvers-list/v2/public-resolvers.md: x509: certificate signed by unknown 
authority]


The package should either declare a dependency on ca-certificates, or at
least document the fact that the default configuration file won't work
without that package.

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dnscrypt-proxy depends on:
ii  adduser   3.118
ii  libc6 2.31-11
ii  lsb-base  11.1.0

dnscrypt-proxy recommends no packages.

Versions of packages dnscrypt-proxy suggests:
pn  resolvconf  

-- no debconf information

Bug#987368: Installer fails at first menu "Choose language"

2021-04-26 Thread Frédéric Bonnard 
Hi Cyril,

Thanks for willing to investigate !

LPAR setup in PowerVM can not be reproduced to my knowledge with qemu ; this a
partitioning configuration with PHYP proprietary firmware by IBM.
Using a ppc64el vm, I never had the issue, since I think, hvc0 does not
exist and thus does not create race condition with tty0.
The last possible configuration providing hvc0 is the baremetal mode
(PowerNV), installating a physical Power machine with linux on top of
it.
Hopefully, qemu is able to emulate a baremetal machine (PowerNV) as skiboot
firmware is opensource (compared to PHYP).
I tried and could reproduce the bug after 3 tries.

For this, on your amd64 machine :
- install qemu-system-ppc 5.2 (in my case, using stable, I used 
1:5.2+dfsg-9~bpo10+1 )
- get those :
  * 
https://openpower.xyz/job/openpower/job/openpower-op-build/label=slave,target=witherspoon/lastSuccessfulBuild/artifact/images/rootfs.cpio.xz
  * 
https://openpower.xyz/job/openpower/job/openpower-op-build/label=slave,target=witherspoon/lastSuccessfulBuild/artifact/images/zImage.epapr
- use the following to emulate the P9 PowerNV Witherspoon machine :
  qemu-system-ppc64 -m 2G -machine powernv9 -smp 8,cores=8,threads=1 \
-accel tcg,thread=single \
-device e1000e,netdev=net0,mac=C0:FF:EE:00:00:02,bus=pcie.0,addr=0x0  \
-netdev user,id=net0,hostfwd=::20022-:22,hostname=pnv \
-kernel ./zImage.epapr  \
-initrd ./rootfs.cpio.xz \
-nographic
- Once you get into the petitboot menu, "Exit to shell"
- wget : (I couldn't boot the mini.iso)
  * 
https://d-i.debian.org/daily-images/ppc64el/daily/netboot/debian-installer/ppc64el/vmlinux
  * 
https://d-i.debian.org/daily-images/ppc64el/daily/netboot/debian-installer/ppc64el/initrd.gz
- kexec those :
  1. kexec -l vmlinux -i initrd.gz -e (you'll get an error.. but this
  steps seems necessary)
  2. kexec -s vmlinux -i initrd.gz -e
- cross fingers ; if it doesn't fail, halt and rerun qemu...

I hope you get it as well!

F.

On Fri, 23 Apr 2021 22:48:33 +0200, Cyril Brulebois  wrote:
> Hello Frédéric,
> 
> Frédéric Bonnard  (2021-04-22):
> > Boot method: CD
> > Image version: 
> > http://d-i.debian.org/daily-images/ppc64el/daily/netboot/mini.iso
> > Date: April 21st 2021
> > 
> > Machine: Power10 machine but got it on Power8 as well
> > 
> > This happens randomly when the installer menu starts, I get to the first
> > menu "Choose language", but it is red saying "An installation failed...
> > The failing step is: Choose language".
> > 
> > It seems the missing file /var/lib/dpkg/status is causing this.
> > Instead I have /var/lib/dpkg/status.bak
> 
> I don't know much about ppc (I don't think iBook G4 experience counts
> much at this stage), but I see that qemu-system-ppc exists, and that it
> provides qemu-system-ppc64. Would you have some guide that could help us
> reproduce the issue from say an amd64 host?
> 
> 
> Cheers,
> -- 
> Cyril Brulebois (k...@debian.org)
> D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#978701: wireshark: Please package version 2.6.20 with GTK support

2021-04-26 Thread Bálint Réczey 
Hi Adrian,

Adrian Bunk  ezt írta (időpont: 2021. ápr. 25., V, 22:07):
>
> On Sun, Apr 25, 2021 at 09:45:54PM +0200, Bálint Réczey wrote:
> > Control: fixed -1 2.6.20-0+deb10u1
> > Control: fixed -1 3.0.3-1
> >
> > Dmitry Katsubo  ezt írta (időpont: 2021. jan. 2., Szo, 
> > 17:47):
> > >
> > > On 01/01/2021 15:33, Bálint Réczey wrote:
> > > > I've pushed the new packaged upstream to the debian/buster branch on 
> > > > Salsa.
> > > >
> > > > If you are (or anyone else is) interested please test the package on
> > > > Buster get an approval for the upload, to follow:
> > > > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
> > > >
> > > > (I don't have Buster setups now.)
> > > >
> > > > Cheers,
> > > > Balint
> > >
> > > Many thanks, I was able to compile and install Wireshark v2.6.20 from 
> > > that Git repository.
> >
> > Adrian Bunk kindly uploaded 2.6.20, while I think he did not use the
> > mentioned Salsa branch.
>
> I prepared #975932 in November, adding two additional CVE fixes later.
>
> Except for the 4 post-2.6.20 CVE fixes in my uploads to stretch+buster
> our changes look mostly identical,[1] which is a good sign.
>
> > Cheers,
> > Balint
>
> cu
> Adrian
>
> [1] I did not update debian/watch, did not handle nocheck,
> and I made test failures non-fatal for all architectures

I have merged your changes to the Salsa repo. Please feel free to send
MRs to stage further changes there.

Cheers,
Balint

Bug#987623: RFS: libonig/6.9.7.1-1 -- regular expressions library — development files

2021-04-26 Thread Jörg Frings-Fürst 
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "libonig":

   Package name: libonig
   Version : 6.9.7.1-1
   Upstream Author : K.Kosako 
   URL : https://github.com/kkos/oniguruma
   License : BSD-2-clause
   Vcs : https://jff.email/cgit/libonig.git
   Section : libs

It builds those binary packages:

  libonig-dev - regular expressions library — development files
  libonig5 - regular expressions library

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/libonig/

Alternatively, one can download the package with dget using this
command:

  dget -x 
https://mentors.debian.net/debian/pool/main/libo/libonig/libonig_6.9.7.1-1.dsc

or from 

 git https://jff.email/cgit/libonig.git?h=release%2Fdebian%2F6.9.7.1-1

Changes since the last upload:

 libonig (6.9.7.1-1) experimental; urgency=medium
 .
   * New upstream release.
 - Refresh symbols file.
   * Declare compliance with Debian Policy 4.5.1 (No changes needed).



Regards,
-- 
  Jörg Frings-Fürst

-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:  https://jff.email/cgit/

Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#987622: pillow: use dep5 format for d/copyright

2021-04-26 Thread Romain Porte 
Source: pillow
Severity: wishlist
Tags: patch
X-Debbugs-Cc: deb...@microjoe.org

Dear Maintainer,

During the Salzburg BSP I provided an NMU to fix d/copyright issues. I
fact I got too far and also converted it to dep5 format, but this was
too much for an NMU.

In order to not loose this extra work, please find attached the
dep5.diff file that should be applied to the source package in order to
convert the d/copyright file back to dep5 format (I created dep5 first,
and then converted it back to "text" for the NMU to be accepted).

Thanks,

Romain.


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru pillow-8.1.2+dfsg/debian/copyright 
pillow-8.1.2+dfsg-dep5/debian/copyright
--- pillow-8.1.2+dfsg/debian/copyright  2021-04-25 16:32:08.236418863 +0200
+++ pillow-8.1.2+dfsg-dep5/debian/copyright 2021-04-26 18:09:40.283388429 
+0200
@@ -1,117 +1,44 @@
-This package was debianized by Simon Richter  on
-Mon, 21 May 2001 22:20:43 +0200.
-As of 2004-01-05, it is maintained by Matthias Urlichs .
-
-It was downloaded from https://pypi.python.org/pypi/Pillow/
-
-Files excluded because of missing license data:
-
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Pillow
+Upstream-Contact:
+Source: https://pypi.python.org/pypi/Pillow/
+Files-Excluded:
+# Missing license data, see:
+# https://github.com/python-pillow/Pillow/issues/4591#issuecomment-765711479
  Tests/images/a.fli
  Tests/test_file_fli.py
+# Missing license data from https://ghrc.nsstc.nasa.gov/hydro/details/cmx3g8
  Tests/test_file_mcidas.py
  Tests/images/cmx3g8_wv_1998.260_0745_mcidas.ara
  Tests/images/cmx3g8_wv_1998.260_0745_mcidas.png
 
-Copyright:
-
-The Python Imaging Library is
-
-Copyright (c) 1997-2011 by Secret Labs AB
-Copyright (c) 1995-2011 by Fredrik Lundh
-Copyright (c) 2010-2020 by Alex Clark and contributors
-
-By obtaining, using, and/or copying this software and/or its
-associated documentation, you agree that you have read, understood,
-and will comply with the following terms and conditions:
-
-Permission to use, copy, modify, and distribute this software and its
-associated documentation for any purpose and without fee is hereby
-granted, provided that the above copyright notice appears in all
-copies, and that both that copyright notice and this permission notice
-appear in supporting documentation, and that the name of Secret Labs
-AB or the author not be used in advertising or publicity pertaining to
-distribution of the software without specific, written prior
-permission.
-
-SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO
-THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS.  IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-Tests/fonts:
-
-NotoNastaliqUrdu-Regular.ttf, NotoSansSymbols-Regular.ttf
-  from https://github.com/googlei18n/noto-fonts
-
-NotoSans-Regular.ttf
-  from https://www.google.com/get/noto/
-
-NotoSansJP-Regular.otf
-  from https://www.google.com/get/noto/help/cjk/
-
-NotoColorEmoji.ttf
-  from https://github.com/googlefonts/noto-emoji
-
-AdobeVFPrototype.ttf
-  from https://github.com/adobe-fonts/adobe-variable-font-prototype
-
-TINY5x3GX.ttf
-  from http://velvetyne.fr/fonts/tiny
-
-ArefRuqaa-Regular.ttf
-  from https://github.com/google/fonts/tree/master/ofl/arefruqaa
-
-ter-x20b.pcf
-  from http://terminus-font.sourceforge.net/
+# Code
 
-BungeeColor-Regular_colr_Windows.ttf
-  from https://github.com/djrrb/bungee
-
-All of the above fonts are published under the
-SIL Open Font License (OFL) v1.1
-(http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL),
-which allows you to copy, modify, and redistribute them if you need
-to.
-
-FreeMono.ttf
-
-Licensed under GPL3 with GPL font exception
-
-Tests/fonts/OpenSansCondensed-LightItalic.ttf
-  from https://fonts.google.com/specimen/Open+Sans
-
-Licensed under Apache 2.0
-
-DejaVuSans-24-*-stripped.ttf
-
-based on DejaVuSans.ttf converted using FontForge to add bitmap strikes and
-keep only the ASCII range.
-
-10x20-ISO8859-1.pcf, from https://packages.ubuntu.com/xenial/xfonts-base
-
-"Public domain font.  Share and enjoy."
-
-Tests/images/bmp/* from https://github.com/jsummers/bmpsuite
-
-Public domain
-
-docs/example/DdsImagePlugin.py
-src/PIL/BlpImagePlugin.py
-src/PIL/DdsImagePlugin.py
-src/

Bug#985214: g++-11 internal error and fails to precompile a concept

2021-04-26 Thread Frank B. Brokken 
Dear Matthias Klose, you wrote:
> 
> (2) now shows a proper error, as shown below.
> 
> Please could you report the other issues upstream?

OK.

-- 
Frank B. Brokken
(+31) 6 5353 2509
PGP Key Fingerprint: DF32 13DE B156 7732 E65E  3B4D 7DB2 A8BE EAE4 D8AA

Bug#987621: libopencv-imgcodecs-dev: List of libopencv-imgcodecs-dev->libgdcm-dev dep archs inconsistent with build dependencies

2021-04-26 Thread Adrian Bunk 
Source: opencv
Version: 4.5.1+dfsg-4
Severity: important
Tags: ftbfs
Control: affects -1 src:gst-plugins-bad1.0

https://buildd.debian.org/status/package.php?p=gst-plugins-bad1.0

gst-plugins-bad1.0 build-depends on:
- libopencv-dev:alpha (>= 3.0.0)
libopencv-dev depends on:
- libopencv-imgcodecs-dev:alpha (= 4.5.1+dfsg-4)
libopencv-imgcodecs-dev depends on missing:
- libgdcm-dev:alpha


Fix:

--- debian/control.old  2021-04-26 15:41:53.228055428 +
+++ debian/control  2021-04-26 15:43:43.516389964 +
@@ -278,7 +278,7 @@
 Architecture: any
 Multi-Arch: same
 Section: libdevel
-Depends: libgdcm-dev [!hppa !m68k !powerpcspe !riscv64 !sh4],
+Depends: libgdcm-dev [!alpha !hppa !ia64 !kfreebsd-amd64 !kfreebsd-i386 !m68k 
!powerpcspe !sh4 !x32],
  libopencv-imgcodecs4.5 (= ${binary:Version}),
  libopencv-imgproc-dev (= ${binary:Version}),
  ${misc:Depends}

Bug#987019: (no subject)

2021-04-26 Thread Josua Mayer 

Hi Vincent,

Thanks for your quick reply (which I failed to notice )
So I did a test today with GPIO_MXC=m, and initramfs-tools in default 
configuration.


gpio_mxc module is included in initramfs automatically, and the system 
can boot from microSD just fine.

Therefore, setting it as a module would do.

Yours sincerely
Josua mayer

Bug#987504: imagemagick: attempt to perform an operation not allowed by the security policy `EPS'

2021-04-26 Thread Adrian Bunk 
On Mon, Apr 26, 2021 at 12:41:42PM +0800, Paul Wise wrote:
>...
> I think that switching the ImageMagick policy so that it allows writes
> to PS/PS2/PS3/EPS/PDF/XPS/etc but not reads would fix the FTBFS and
> possibly also stop security issues in GhostScript from being triggered?

>From the Launchpad bug:
14:44  png -> ps should be safe.
14:44  yeah, unfortunately imagemagick doesn't allow disable only 
reading

> bye,
> pabs

cu
Adrian

Bug#962214: Needles dependencies to policykit

2021-04-26 Thread Phillip Susi 


julien forest writes:

> Is there any hope to remove this dependency to policykit-1 which
> prevents users who do not want to use systemd to install the current
> version of gparted ? 

What does policykit have to do with systemd?  AFAIK, that is the
mechanism that all desktops can use to run a program as root.

Bug#987606: Please use a free license for blimps and sift

2021-04-26 Thread Andreas Tille 
Hi,

a really long time ago we were talking about licensing blimps and sift.
The package sift now received a bug report[1] which is somehow caused by
the non-free license.  I personally do not use blimps and sift and I do
not have any interest in maintaining non-free software (since it is
really hard to deal with such kind of bugs and other issues that prevent
using the full Debian infrastructure).  That's why I intend to orphan or
even remove blimps and sift from Debian except there will be a free
license in the next couple of months.

So I'd happily keep on working on the packages if you would be able to
put it under a free license.

Kind regards

  Andreas.


[1] https://bugs.debian.org/987606

On Fri, Jan 15, 2016 at 08:27:10AM +0100, Andreas Tille wrote:
> Dear Pauline,
> 
> On Fri, Jan 15, 2016 at 10:50:04AM +0800, Pauline Ng wrote:
> > I've asked Steve  Henikoff to check with FHCRC's Technology Transfer office
> > to see if we can change the license to GNU-GPL. (The latest version of SIFT
> > (SIFT 4 Genomes is a hybrid license of GNU-GPL and FHCRC), so this will
> > simplify things later. Please email me in 2 weeks time if you haven't heard
> > from me.
> 
> Thanks for the promising response and the coordination work you probably
> need to undergo for such a change.
>  
> > Also, because I wrote the SIFT algorithm, I'd like to benchmark and check
> > the code that debian-med packages. I think there are several version of
> > SIFT out there. What is the latest release version that you'd like to use?
> 
> Usually we are packaging the latest upstream release.  If you have good
> reasons for recommending a different release we would trust your insight
> what might be the best release for Debian.  Please do not consider us as
> the experts to decide about *your* code. ;-)  We simply try to distribute
> your prefered choice to your users in a most convenient form.
> 
> > Thanks,
> > Pauline
> 
> Thanks to you
> 
>Andreas.
>  
> > On Wed, Jan 13, 2016 at 3:25 PM, Andreas Tille  wrote:
> > 
> > > Dear Pauline,
> > >
> > > On Wed, Jan 13, 2016 at 09:59:14AM +0800, Pauline Ng wrote:
> > > > The Henikoffs and I received your email about regarding changing the
> > > > license of blimps and SIFT to GPL. We are willing to consider it if SIFT
> > > > can be easily distributed. Do you have a working version of SIFT on
> > > > debian?
> > >
> > > Currently version 4.0.3b is packaged and I know that this is not the
> > > latest released version.  One reason for this lag behind is the fact
> > > that SIFT remains in non-free which does not receive the apropriate care
> > > - thus the motivation for my mail to tackle the latest version if there
> > > would be a free license.
> > >
> > > > My old version of SIFT uses a very old version of blast and calls a
> > > binary
> > > > of blimps --I think the source code has been since lost.
> > >
> > > The Debian version of SIFT is linked against a separately packaged
> > > version of blimps 3.9.  I noticed that the downloadable tarball
> > > sift5.2.2.tar.gz contains a dir blimps/blimps with C sources (and even
> > > *.o files which should not be distributed inside a tarball).  I also see
> > > a dir blimps/bin which we would clean up from the tarball since we
> > > usually do not ship precompiled binaries in the source tarball.
> > >
> > > > If you can can confirm that SIFT works in debian, then Dr. Henikoff will
> > > > talk to the FHCRC tech transfer office to start the process.
> > >
> > > I can confirm that the Debian Med team got the old version of SIFT
> > > working and we will try or best to get also the latest version working.
> > > However, please make sure that the license change is not only for the
> > > purpose of distribution inside Debian but rather in general since a
> > > specific free Debian license is also considered as non-free by the
> > > Debian Free Software Guidelines.
> > >
> > > > Thanks,
> > > > Pauline
> > >
> > > Thanks a lot for your fast response
> > >
> > >  Andreas.
> > >
> > > > Hello,
> > > >
> > > >
> > > >
> > > > I'm writing you on behalf of the Debian Med team which is a group inside
> > > > Debian with the objective to make Debian the best distribution for
> > > biology
> > > > and medical care.  We try to package free software that is relevant in
> > > > these fields for main Debian.
> > > >
> > > >
> > > >
> > > > You might know that there are packages of blimps and sift for some time
> > > > which are not part of the official Debian distribution due to its 
> > > > license
> > > > which is considered non-free since it violates the Debian Free Software
> > > > Guidelines[1].  We would really make blimps and sift part of the 
> > > > official
> > > > Debian distribution which has several advantages for users as well even
> > > for
> > > > you as developers since the wider spreading of your code might lead to
> > > > enhancements that will be send to you.
> > > >
> > > >
> > > >
> > > > We would like you to reconside

Bug#987620: ITP: eln -- an Electronic Lab Notebook that lets you focus on note taking

2021-04-26 Thread Daniel Wagenaar 
Package: wnpp
Severity: wishlist
Owner: Daniel A. Wagenaar 

* Package name: eln
  Version : 1.2.20
  Upstream Author : Daniel A. Wagenaar 
* URL : http://www.danielwagenaar.net/eln
* License : GPL
  Programming Lang: C++ (Qt5)
  Description : ELN is an Electronic Lab Notebook that lets you focus on 
note taking. ELN supports text, images, and basic graphical annotations. ELN 
makes safeguarding your notebook entries its number one priority and is 
extremely stable.

ELN is an electronic lab notebook that has been in development since 2013 
and that is used by several researchers at Caltech and at other institutions.
The author and his lab members use ELN every day and have collectively
created close to 10,000 pages of notes in it over several years. 
ELN is easy to use, highly reliably, and does not distract from the task 
of note taking. ELN supports archiving notebooks with git for 
traceability and long-term stability.

ELN is not a dependency for other packages.

The author is not aware of other packages that provide an experience as close
to a regular paper notebook as ELN does.

The author has maintained ELN for 8 years now and intends to keep doing so.
indefinitely. A .deb for Debian 10 already exists at 
https://github.com/wagenadl/eln/releases/tag/v1.2.20.3.

The author is not a DD and is looking for a sponsor. ELN might eventually
find a natural home in DebianScience/Typesetting.

Bug#987388: Crash of amdgpu on Debian 11 Bullseye

2021-04-26 Thread Mike 
I think I am also experiencing this bug.  I'm seeing it manifest when I
resume from sleep, none of my monitors wake up and I can't switch TTYs.

On Thu, 22 Apr 2021 21:10:15 + "Maxime G."  wrote:
> Package: xserver-xorg-video-amdgpu
> Version: 19.1.0-2
> Severity: critical
>
> Hi.
>
> Today I reinstalled a machine on Debian 11 Bullseye from testing (it was
on Debian 10 Buster) and I had a crash of the AMD R9 380.
> I could no longer change tty and Xorg was frozen, I could only move the
mouse, the keyboard shortcut to reboot the kernel was not working.
> After manual shutdown (electrical) I found undred lines of this in syslog:
>
> Apr 22 22:36:18 maxime-pc kernel: [18427.590382] amdgpu :01:00.0:
amdgpu: 3fb1172e pin failed
> Apr 22 22:36:18 maxime-pc kernel: [18427.590464]
[drm:dm_plane_helper_prepare_fb [amdgpu]] *ERROR* Failed to pin framebuffer
with error -12
> Apr 22 22:36:18 maxime-pc kernel: [18427.605898] amdgpu :01:00.0:
amdgpu: 03ab56e3 pin failed
> Apr 22 22:36:18 maxime-pc kernel: [18427.606010]
[drm:dm_plane_helper_prepare_fb [amdgpu]] *ERROR* Failed to pin framebuffer
with error -12
> Apr 22 22:36:18 maxime-pc kernel: [18427.609057] amdgpu :01:00.0:
amdgpu: 03ab56e3 pin failed
> Apr 22 22:36:18 maxime-pc kernel: [18427.609139]
[drm:dm_plane_helper_prepare_fb [amdgpu]] *ERROR* Failed to pin framebuffer
with error -12
> Apr 22 22:36:18 maxime-pc kernel: [18427.610566] amdgpu :01:00.0:
amdgpu: 03ab56e3 pin failed
> Apr 22 22:36:18 maxime-pc kernel: [18427.610644]
[drm:dm_plane_helper_prepare_fb [amdgpu]] *ERROR* Failed to pin framebuffer
with error -12
> Apr 22 22:36:18 maxime-pc kernel: [18427.644577] amdgpu :01:00.0:
amdgpu: 3fb1172e pin failed
> Apr 22 22:36:18 maxime-pc kernel: [18427.644659]
[drm:dm_plane_helper_prepare_fb [amdgpu]] *ERROR* Failed to pin framebuffer
with error -12
>
> [...]
>
> Apr 22 22:37:15 maxime-pc kernel: [18484.803085] sysrq: HELP :
loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e)
memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k)
show-backtrace-all-active-cpus(l) show-memory-usa
> ge(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p)
show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u)
force-fb(v) show-blocked-tasks(w) dump-ftrace-buffer(z)
> Apr 22 22:37:15 maxime-pc kernel: [18484.803096] sysrq: HELP :
loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e)
memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k)
show-backtrace-all-active-cpus(l) show-memory-usa
> ge(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p)
show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u)
force-fb(v) show-blocked-tasks(w) dump-ftrace-buffer(z)
> Apr 22 22:37:18 maxime-pc kernel: [18487.595072] sysrq: HELP :
loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e)
memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k)
show-backtrace-all-active-cpus(l) show-memory-usa
> ge(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p)
show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u)
force-fb(v) show-blocked-tasks(w) dump-ftrace-buffer(z)
> Apr 22 22:37:18 maxime-pc kernel: [18487.875072] sysrq: HELP :
loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e)
memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k)
show-backtrace-all-active-cpus(l) show-memory-usa
> ge(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p)
show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u)
force-fb(v) show-blocked-tasks(w) dump-ftrace-buffer(z)
>
> (here I was typing on the emergency kernel reboot shortcut on keyboard)
>
> I don't know what could be the reason for this.
> But the problem has never occurred on Debian 10 Buster.
>
>
> Thanks.
> Max.
>
>

Bug#987619: ITP: golang-github-dgryski-go-rendezvous -- Go implementation of rendezvous hashing

2021-04-26 Thread Thola Team 
Package: wnpp
Severity: wishlist
Owner: Thola Team 

* Package name: golang-github-dgryski-go-rendezvous
  Version : 0.0~git20200823.9f7001d-1
  Upstream Author : Damian Gryski
* URL : https://github.com/dgryski/go-rendezvous
* License : MIT
  Programming Lang: Go 
  Description : Go implementation of rendezvous hashing

Bug#987617: manpage of wide-dhcpv6 contains a typo / error

2021-04-26 Thread Thomas Schäfer 
Package: wide-dhcpv6

the manpage isn't correct, DHCPv6 options

"ia-na ID  means an IA_PD (Identity Association for Non-temporary Addresses)"

should be

"ia-na ID  means an IA_NA (Identity Association for Non-temporary Addresses)"

Bug#987616: libzstd1: fails to install on multi arch environment (libzstd1 : Breaks: libzstd1:i386 / libzstd1:i386 : Breaks: libzstd1)

2021-04-26 Thread pressy 
Package: libzstd1
Version: 1.4.8+dfsg-2+0~20210302.3+debian10~1.gbp8effd2
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

   trying to install win32, which was impossible due to conflicts.

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

   After analysing the dependencies I nailed it down to libzstd1:i386 

   If you try to install both versions amd64 and i386 it fails due to same docs 
files in both versions.

   
The following packages have unmet dependencies:
 libzstd1 : Breaks: libzstd1:i386 (!= 
1.4.8+dfsg-2+0~20210302.3+debian10~1.gbp8effd2) but 1.3.8+dfsg-3+deb10u2 is to 
be installed
 libzstd1:i386 : Breaks: libzstd1 (!= 1.3.8+dfsg-3+deb10u2) but 
1.4.8+dfsg-2+0~20210302.3+debian10~1.gbp8effd2 is to be installed
E: Unable to correct problems, you have held broken packages.
   

   * What was the outcome of this action?

breaks multi arch support

   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libzstd1 depends on:
ii  libc6  2.28-10

libzstd1 recommends no packages.

libzstd1 suggests no packages.

-- no debconf information

Bug#986779: preinst script misses dependency on dpkg-dev

2021-04-26 Thread Julien Cristau 
Control: tag -1 buster
Control: severity -1 serious

On Mon, Apr 12, 2021 at 06:04:56AM +0200, Daniel Leidert wrote:
> Package: fwupd
> Version: 1.2.13-3+deb10u2
> Severity: normal
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> The preinst script uses `dpkg-vendor` which is provided by dpkg-dev. But there
> is no (pre-)dependency on this package. Thus the preinst script throws an
> error:
> 
> Preparing to unpack .../04-fwupd_1.2.13-3+deb10u2_amd64.deb ...
> /var/lib/dpkg/tmp.ci/preinst: 13: /var/lib/dpkg/tmp.ci/preinst: dpkg-vendor: 
> not found
> 
dpkg-vendor shouldn't be used in maintainer scripts...

Cheers,
Julien

Bug#987615: perl-base: please ship modules used by usrmerge in perl-base

2021-04-26 Thread Dimitri John Ledkov 
Package: perl-base
Version: 5.30.3-4
Severity: normal

Dear Maintainer,

usrmerge will be needed to be installed upon upgrades to bookworm to
convert systems to merged /usr. It would be helpful for small installs
to be able to perform that without installing the larger perl package.

Please consider moving things that usrmerge & libfile-find-rule-perl
use from per/perl-modules to perl-base.

Specifically please move:

Fatal.pm
File/Find.pm
Tie/RefHash.pm
autodie.pm
autodie/Scope/Guard.pm
autodie/Scope/GuardStack.pm
autodie/Util.pm
if.pm

Once the above is done: libfile-find-rule-perl,
libnumber-compare-perl, libtext-glob-perl would all be able to depend
on just perl-base, and thus usrmerge will be able to just depend on
perl-base too.

In bookworm+1 you may drop these things from perl-base and add breaks
on usrmerge.

Regards,

Dimitri.

Bug#987614: libica FTBFS with gcc 10

2021-04-26 Thread Adrian Bunk 
Source: libica
Version: 3.2.0-3
Severity: serious
Tags: ftbfs

...
/usr/bin/ld: 
/tmp/ccGQQSb3.o:/home/bunk/build/libica-3.2.0/src/tests/libica_sha_test/./include/sha_tests.h:26:
 multiple definition of `silent'; 
/tmp/ccbkY0gZ.o:/home/bunk/build/libica-3.2.0/src/tests/libica_sha_test/./include/sha_tests.h:26:
 first defined here
/usr/bin/ld: 
/tmp/ccGQQSb3.o:/home/bunk/build/libica-3.2.0/src/tests/libica_sha_test/../testcase.h:17:
 multiple definition of `verbosity_'; 
/tmp/ccbkY0gZ.o:/home/bunk/build/libica-3.2.0/src/tests/libica_sha_test/../testcase.h:17:
 first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:523: all] Error 1

Bug#987431: Graphical session or LightDM do not close until unattended-upgrades has applied all updates

2021-04-26 Thread Balint Reczey 
Control: found -1 1.26.0-7
Control: clone -1 -2
Control: reassign -2 cinnamon 4.8.6-2
Control: retitle -2 Cinnamon does not close session when shutdown starts

Hi Yvan,

On Mon, Apr 26, 2021 at 12:57 PM Yvan Masson
 wrote:
>
> Hi Balint,
>
> Le 26/04/2021 à 11:56, Balint Reczey a écrit :
> > Control: reassign -1 lightdm
> >
> > Hi Yvan,
> >
> > On Fri, Apr 23, 2021 at 9:21 PM Yvan Masson  
> > wrote:
> >>
> >> Package: unattended-upgrades
> >> Version: 2.8
> >> Severity: normal
> >>
> >> Dear Maintainer,
> >>
> >> I am preparing some Debian 11 desktops (for when it will be the new
> >> stable). The setup is very simple: no root account, one partition, tasks
> >> desktop/Cinnamon/standard tools/SSH. Unattended-upgrades is configured
> >> to install updates on shutdown (see 1): upgrading works properly, but is
> >> very disturbing for the users:
> >>
> >> When the user chooses to shutdown or reboot the computer from his
> >> Cinnamon session, the session does not close until all updates are
> >> applied. While waiting:
> >> - icons on the desktop disappear
> >> - the usual menu that allows choosing between
> >> suspend/hibernate/reboot/cancel/shutdown won't appear again (see 2)
> >> - it is still possible to start applications
> >>
> >> When a user session has been opened, then closed, and the user clicks on
> >> shutdown or reboot from LightDM, the behavior is similar: LightDM does
> >> not stop. It is even possible to log in again, while unattended-upgrades
> >> is applying updates, but when updates are applied the computer
> >> shutdowns/reboots as requested originally from LightDM.
> >>
> >> I would expect the session to be completely closed, LightDM stopped, and
> >> the console or Plymouth displaying a message indicating the ongoing
> >> updates. I am almost sure this has already worked for me in a previous
> >> Debian version or Ubuntu, with the same setup from me.
> >>
> >> Please let me know if you need more information or if you want me to do
> >> some tests.
> >
> > The change that took place in unattended-upgrades 1.8:
> >
> > unattended-upgrades (1.8) unstable; urgency=medium
> >
> > When InstallOnShutdown was configured unattended-upgrades in
> > versions before 1.7 installed updates _after_ the shutdown transaction
> > is started by systemd making maintainer scripts restarting services
> > fail or wait in a deadlock until being killed by shutdown's timeout
> > leaving a broken installation behind.
> >
> > Starting with version 1.7 configuring InstallOnShutdown makes
> > unattended-upgrades start package installations _before_ the shutdown
> > transaction is started, when PrepareForShutdown() signal is received
> > via DBus.
> >
> > Unattended-upgrades 1.7 also increases logind's InhibitDelayMaxSec to
> > 30 seconds. This allows more time for unattended-upgrades to shut down
> > gracefully or even install a few packages in InstallOnShutdown mode,
> > but is still a big step back from the 30 minutes allowed for
> > InstallOnShutdown previously.
> >
> > Users enabling InstallOnShutdown mode are advised to increase
> > InhibitDelayMaxSec even further, possibly to 30 minutes.
> > --
> >
> > When shutdown is successfully initiated from a graphical session the
> > user should be logged out and if the shutdown is successfully
> > initiated from a login manager it should stop, otherwise any inhibitor
> > holding up the shutdown can cause the described problems.
>
> Thanks for the detailed answer.
>
> I just checked again on my simple test VM, the only "shutdown" inhibitor
> is Unattended Upgrades Shutdown.
>
> For comparison, I installed Gnome and GDM on this same VM:
> - When choosing to shutdown from the Gnome session, the session is
> properly closed, but GDM stays on while upgrades are applied. It is even
> possible to log in again.
>
> - When I boot, log in, log out and then choosing to shutdown from GDM,
> GDM seems to be properly closed: screen becomes all black with only the
> blinking "_" on top-left, but `ps` from a SSH session shows that it is
> still running.

It seems GDM is better, but not perfect yet, then. The re-login
problem is tracked in #608259.

> If I understand properly, all of this means that GDM/LightDM and
> Cinnamon do no always react properly to "shutdown" systemd inhibitors:
> is my understanding correct?

Yes. I've cloned the bug to track it for every package that needs to be fixed.

> Do not hesitate to ask if I can help, by testing reporting this elsewhere.

Thanks, maybe the other packages' maintainers will ask for help with testing.

Cheers,
Balint

--
Balint Reczey
Ubuntu & Debian Developer

Bug#987613: mokutil should be Architecture: any

2021-04-26 Thread Adrian Bunk 
Source: mokutil
Version: 0.4.0-1
Severity: normal

mokutil should be Architecture: any to automatically build on
architectures where libefivar-dev becomes available, like riscv64.

Bug#987239: unblock: glance/21.0.0-2

2021-04-26 Thread Sebastian Ramacher 
Control: tags -1 moreinfo

On 2021-04-20 11:38:38 +0200, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package glance
> 
> There's a few changes that have accumulated in this package during the
> freeze. Hopefully, that's still fine to accept them all. Let me know.
> 
> The changelog goes like this:
> 
>   1* Add variables: DEB_BUILD_OPTIONS: nocheck DEB_BUILD_PROFILES: nocheck in
> debian/salsa-ci.yml.
>   2* Do not delete /etc/glance/rootwrap.conf, owned by python3-glance-store.
> (Closes: #987193).
>   3* mv /etc/glance/policy.json /etc/glance/disabled.policy.json.old instead 
> of
> deleting /etc/glance/policy.json.
>   4* Tune glance-api-uwsgi.ini for performance.
> 
> Let me describe all of the above.
> 
> The main goal of this unblock bug is to fix #987193 (ie: 2*) which is
> an RC bug. The other changes are more polishing of the package. Let me
> explain. Point 1* is only relevant to Salsa, I don't think it's a problem.
> 3* avoids that Debian users loose customization in their policy.json (which
> now uses the folder in /etc/glance/policy.d instead) during upgrade. 4* is
> just a tweak in the default number of threads/processes which IMO works
> bettter.

Regarding 3*: why isn't the old file not moved to the new location?

Cheers

> 
> Note that this version of the package has been tested in production.
> 
> Please unblock glance/21.0.0-2.
> 
> Cheers,
> 
> Thomas Goirand (zigo)

> diff -Nru glance-21.0.0/debian/changelog glance-21.0.0/debian/changelog
> --- glance-21.0.0/debian/changelog2020-10-17 15:56:31.0 +0200
> +++ glance-21.0.0/debian/changelog2020-12-15 11:41:16.0 +0100
> @@ -1,3 +1,15 @@
> +glance (2:21.0.0-2) unstable; urgency=medium
> +
> +  * Add variables: DEB_BUILD_OPTIONS: nocheck DEB_BUILD_PROFILES: nocheck in
> +debian/salsa-ci.yml.
> +  * Do not delete /etc/glance/rootwrap.conf, owned by python3-glance-store.
> +(Closes: #987193).
> +  * mv /etc/glance/policy.json /etc/glance/disabled.policy.json.old instead 
> of
> +deleting /etc/glance/policy.json.
> +  * Tune glance-api-uwsgi.ini for performance.
> +
> + -- Thomas Goirand   Tue, 15 Dec 2020 11:41:16 +0100
> +
>  glance (2:21.0.0-1) unstable; urgency=medium
>  
>* Add a debian/salsa-ci.yml and fix debian/watch file.
> diff -Nru glance-21.0.0/debian/glance-api-uwsgi.ini 
> glance-21.0.0/debian/glance-api-uwsgi.ini
> --- glance-21.0.0/debian/glance-api-uwsgi.ini 2020-10-17 15:56:31.0 
> +0200
> +++ glance-21.0.0/debian/glance-api-uwsgi.ini 2020-12-15 11:41:16.0 
> +0100
> @@ -12,11 +12,6 @@
>  # This is running standalone
>  master = true
>  
> -# Threads and processes
> -enable-threads = true
> -
> -processes = 4
> -
>  # uwsgi recommends this to prevent thundering herd on accept.
>  thunder-lock = true
>  
> @@ -34,6 +29,23 @@
>  # exit instead of brutal reload on SIGTERM
>  die-on-term = true
>  
> +##
> +### Performance tuning ###
> +##
> +# Threads and processes
> +enable-threads = true
> +
> +# For max perf, set this to number of core*2
> +processes = 8
> +
> +# This was benchmarked as a good value
> +threads = 32
> +
> +# This is the number of sockets in the queue.
> +# It improves a lot performances. This is comparable
> +# to the Apache ServerLimit/MaxClients option.
> +listen = 100
> +
>  ##
>  ### OpenStack service specific ###
>  ##
> diff -Nru glance-21.0.0/debian/glance-common.postinst.in 
> glance-21.0.0/debian/glance-common.postinst.in
> --- glance-21.0.0/debian/glance-common.postinst.in2020-10-17 
> 15:56:31.0 +0200
> +++ glance-21.0.0/debian/glance-common.postinst.in2020-12-15 
> 11:41:16.0 +0100
> @@ -19,7 +19,9 @@
>   pkgos_write_new_conf glance glance-manage.conf
>   pkgos_write_new_conf glance glance-scrubber.conf
>   pkgos_write_new_conf glance glance-api-paste.ini
> - rm -f /etc/glance/policy.json
> + if [ -r /etc/glance/policy.json ] ; then
> + mv /etc/glance/policy.json /etc/glance/disabled.policy.json.old
> + fi
>   pkgos_write_new_conf glance schema-image.json
>   pkgos_write_new_conf glance property-protections-policies.conf
>   pkgos_write_new_conf glance property-protections-roles.conf
> diff -Nru glance-21.0.0/debian/glance-common.postrm.in 
> glance-21.0.0/debian/glance-common.postrm.in
> --- glance-21.0.0/debian/glance-common.postrm.in  2020-10-17 
> 15:56:31.0 +0200
> +++ glance-21.0.0/debian/glance-common.postrm.in  2020-12-15 
> 11:41:16.0 +0100
> @@ -13,7 +13,7 @@
>   glance-manage.conf glance-scrubber.conf 
> glance-api-paste.ini \
>   glance-registry-paste.ini policy.json schema-image.json 
> \
>   property-protections-policies.conf 
> property-protec

Bug#985214: g++-11 internal error and fails to precompile a concept

2021-04-26 Thread Matthias Klose 
(2) now shows a proper error, as shown below.

Please could you report the other issues upstream?


foo.cc: In substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, con
st Type&) [with Type = FMT]’:
foo.cc:11:13:   required by substitution of ‘template  requires
OstreamInsertable void operator<<
(CSVTabIns&, const Type&) [with Type = FMT]’
foo.cc:46:22:   required from here
foo.cc:8:9:   required for the satisfaction of ‘OstreamInsertable’ [with
Type = FMT]
foo.cc:9:5:   in requirements with ‘std::ostream& out’, ‘Type value’ [with Type
= FMT]
foo.cc:9:5: error: satisfaction of atomic constraint ‘requires(std::ostream&
out, Type value) {out << value;} [with
Type = Type]’ depends on itself
9 | requires(std::ostream &out, Type value)
  | ^~~
   10 | {
  | ~
   11 | out << value;
  | ~
   12 | };
  | ~
foo.cc: In function ‘void operator<<(CSVTabIns&, FMT::FMTHline)’:
foo.cc:46:9: error: no match for ‘operator<<’ (operand types are ‘CSVTabIns’ and
‘FMT’)
   46 | tab << (*hline)(1);  // insert hline in the next column
  | ~~~ ^~ ~~~
  | |  |
  | CSVTabIns  FMT
foo.cc:40:13: note: candidate: ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&)’
   40 | inline void operator<<(CSVTabIns &&tab, Type const &value)
  | ^~~~
foo.cc:40:13: note:   template argument deduction/substitution failed:
foo.cc:40:13: note: constraints not satisfied
foo.cc: In substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&) [with Type =
FMT]’:
foo.cc:11:13:   required by substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&) [with Type = 
FMT]’
foo.cc:46:22:   required from here
foo.cc:8:9:   required for the satisfaction of ‘OstreamInsertable’ [with
Type = FMT]
foo.cc:9:5:   in requirements with ‘std::ostream& out’, ‘Type value’ [with Type
= FMT]
foo.cc:8:9:   required for the satisfaction of ‘OstreamInsertable’ [with
Type = FMT]
foo.cc:9:5:   in requirements with ‘std::ostream& out’, ‘Type value’ [with Type
= FMT]
foo.cc:9:5: error: satisfaction of atomic constraint ‘requires(std::ostream&
out, Type value) {out << value;} [with Type = Type]’ depends on itself
9 | requires(std::ostream &out, Type value)
  | ^~~
   10 | {
  | ~
   11 | out << value;
  | ~
   12 | };
  | ~
foo.cc: In substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&) [with Type =
FMT]’:
foo.cc:11:13:   required by substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&) [with Type = 
FMT]’
foo.cc:46:22:   required from here
foo.cc:8:9:   required for the satisfaction of ‘OstreamInsertable’ [with
Type = FMT]
foo.cc:9:5:   in requirements with ‘std::ostream& out’, ‘Type value’ [with Type
= FMT]
foo.cc:9:5: error: satisfaction of atomic constraint ‘requires(std::ostream&
out, Type value) {out << value;} [with Type = Type]’ depends on itself
foo.cc: In substitution of ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&&, const Type&) [with Type =
FMT]’:
foo.cc:46:22:   required from here
foo.cc:11:13: note: the required expression ‘(out << value)’ is invalid
   11 | out << value;
  | ^~~~
cc1plus: note: set ‘-fconcepts-diagnostics-depth=’ to at least 2 for more detail
foo.cc:30:17: note: candidate: ‘template  requires
OstreamInsertable void operator<<(CSVTabIns&, const Type&)’
   30 | friend void operator<<(CSVTabIns &tab, Type const &value);
  | ^~~~
foo.cc:30:17: note:   substitution of deduced template arguments resulted in
errors seen above
foo.cc:43:13: note: candidate: ‘void operator<<(CSVTabIns&, FMT::FMTHline)’
   43 | inline void operator<<(CSVTabIns &tab, FMT::FMTHline hline)
  | ^~~~
foo.cc:43:54: note:   no known conversion for argument 2 from ‘FMT’ to
‘FMT::FMTHline’ {aka ‘FMT (*)(unsigned int)’}
   43 | inline void operator<<(CSVTabIns &tab, FMT::FMTHline hline)
  |~~^

Bug#987583: unblock: mgba/0.8.4+dfsg-2 (pre-approval)

2021-04-26 Thread Graham Inggs 
Control: tags -1 + moreinfo confirmed

Hi Ryan

On Mon, 26 Apr 2021 at 06:24, Ryan Tandy  wrote:
> I would like to upload mgba with the following changes:
>
> - fix undefined references in libretro-mgba (breaks using it with
>   gnome-games-app; RC bug #986986);
> - backport some targeted fixes specifically requested by upstream for
>   the version in bullseye.

These seem like fixes we would want for bullseye.

> The full diff is attached. May I upload it to unstable?

Please go ahead and upload, and remove the moreinfo tag once the new
version is available in unstable.

Regards
Graham

Bug#987611: git-buildpackage: gbp-dch appears to lock up if EMAIL & DEBEMAIL are unset

2021-04-26 Thread Philip Hands 
Package: git-buildpackage
Version: 0.9.22
Severity: normal

Dear Maintainer,

If one runs gbp dch when the environment variables EMAIL & DEBEMAIL are both 
upset, then
'gbp dch' appears to hang indefinitely.

The reason for this would seem to be this change introduced in devscripts:

> devscripts (2.21.1) unstable; urgency=medium
>
>   ...
>   * debchange:
> + Warn when DEBEMAIL and EMAIL are not set.  Closes: #977809
>   ...
>
>  -- Mattia Rizzolo   Tue, 16 Feb 2021 17:45:53 +0100

if 'dch' is run when those environment variables are unset, it issues a warning:

> dch warning: neither DEBEMAIL nor EMAIL environment variable is set
> dch warning: building email address from username and mailname
> dch: Did you see those 2 warnings?  Press RETURN to continue...

and then waits for the user to hit return.

When being run under gbp, the user does not see the prompt, so has no hint that
they should hit return (although if they do, it works).

That being the case, gbp should probably either issue a warning itself, or allow
the 'dch' warning through to the user.

Cheers, Phil.

Bug#987607: linux-image-5.10.0-5-cloud-amd64: Configure SEV-enabled Debian 11 release

2021-04-26 Thread Andrei POPESCU 
Control: reassign -1 src:linux

On Lu, 26 apr 21, 07:14:54, Peter Gonda wrote:
> Package: linux-image-5.10.0-5-cloud-amd64
> Severity: wishlist
> 
> Dear Maintainer,
> 
> This is to request Debian 11 releases with SEV support enabled.
> 
> SEV support can be configured with:
> 
> CONFIG_AMD_MEM_ENCRYPT=y
> 
> Thanks
> Peter
> 
> 
> -- System Information:
> Sent from non Debian system.

Kind regards,
Andrei
-- 
Looking after bugs assigned to unknown or inexistent packages


signature.asc
Description: PGP signature

Bug#987610: wims-lti: modifies shipped files: /var/lib/wims-lti/wimsLTI/config.py

2021-04-26 Thread Andreas Beckmann 
Package: wims-lti
Version: 0.4.4.1-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package modifies shipped
files.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

0m52.5s ERROR: FAIL: debsums reports modifications inside the chroot:
  /var/lib/wims-lti/wimsLTI/config.py


cheers,

Andreas


wims-lti_0.4.4.1-2.log.gz
Description: application/gzip

Bug#987609: libunistring FTBFS on musl: dh_missing complains about charset.alias

2021-04-26 Thread Helmut Grohne 
Source: libunistring
Version: 0.9.10-4
Tags: patch upstream
User: helm...@debian.org
Usertags: rebootstrap

libunistring fails to build from source on musl-linux-any, because the
build generates a charset.alias that is never installed and thus
dh_missing complains:

| dh_missing: warning: usr/lib//charset.alias exists in debian/tmp but 
is not installed to anywhere
| dh_missing: error: missing files, aborting

It turns out, that this file actually contains only comments for musl,
so it can be skipped like it is skipped for glibc. Please consider
applying the attached patch.

Helmut
--- a/lib/Makefile.gnulib
+++ b/lib/Makefile.gnulib
@@ -461,7 +461,7 @@
 	  case '$(host_os)' in \
 	darwin[56]*) \
 	  need_charset_alias=true ;; \
-	darwin* | cygwin* | mingw* | pw32* | cegcc*) \
+	darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \
 	  need_charset_alias=false ;; \
 	*) \
 	  need_charset_alias=true ;; \

Bug#983429: mosquitto: /run/mosquitto is on a tmpfs and should be created dynamically

2021-04-26 Thread Andreas Beckmann 
Followup-For: Bug #983429

Hi,

some recent changes made the mosquitto installation fail under piuparts
(or any system where the service is not being started automatically)
because /run/mosquitto is missing when the postinst wants to change the
ownership there.

  Setting up mosquitto (2.0.10-5) ...
  chown: cannot access '/run/mosquitto': No such file or directory
  dpkg: error processing package mosquitto (--configure):
   installed mosquitto package post-installation script subprocess returned 
error exit status 1
  Processing triggers for libc-bin (2.31-11) ...
  Errors were encountered while processing:
   mosquitto


Andreas


mosquitto_2.0.10-5.log.gz
Description: application/gzip

Bug#987608: shibboleth-sp: Session recovery feature contains a null pointer deference

2021-04-26 Thread Ferenc Wágner 
Source: shibboleth-sp
Version: 3.0.2+dfsg1-1
Severity: important
Tags: upstream patch security
Forwarded: https://issues.shibboleth.net/jira/browse/SSPCPP-927

Shibboleth Service Provider Security Advisory [26 April 2021]

An updated version of the Service Provider software is now
available which corrects a denial of service vulnerability.

Session recovery feature contains a null pointer deference
==
The cookie-based session recovery feature added in V3.0 contains a
flaw that is exploitable on systems *not* using the feature if a
specially crafted cookie is supplied.

This manifests as a crash in the shibd daemon/service process.

Because it is very simple to trigger this condition remotely, it
results in a potential denial of service condition exploitable by
a remote, unauthenticated attacker.

Versions without this feature (prior to V3.0) are not vulnerable
to this particular issue.

Recommendations
===
Update to V3.2.2 or later of the Service Provider software, which
is now available.

In cases where this is not immediately possible, configuring a
DataSealer component in shibboleth2.xml (even if used for nothing)
will work around the vulnerability.

For example:



This workaround is only possible after having updated the
core configuration to the V3 XML namespace.

Other Notes
===
The cpp-sp git commit containing the fix for this issue is
5a47c3b9378f4c49392dd4d15189b70956f9f2ec


URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20210426.txt

Bug#987576: linux: Please enable CONFIG_SND_AUDIO_GRAPH_CARD

2021-04-26 Thread Vincent Blut 
Le 2021-04-26 02:19, Diederik de Haas a écrit :
> Source: linux
> Version: 5.10.28-1
> Severity: wishlist
> 
> https://github.com/torvalds/linux/commit/ddf3fa8b8a16e076f247c115a73356b4b0d83a33
> is titled: "arm64: defconfig: Enable CONFIG_SND_AUDIO_GRAPH_CARD"
> and the secondary commit msg is 
> "CONFIG_SND_AUDIO_GRAPH_CARD is needed to use HDMI sound with video"
> 
> According to the above mentioned URL, it's been part of arm64's
> defconfig since 2018-05-02 and included since kernel version 4.18-rc1.
> When researching how to get HDMI audio working on a Rock64, this was one
> of the settings they (on IRC freenode#linux-rockchip) said needed to be
> enabled for it to work.
> Checking on the config on this RPi3B+ indicated that it wasn't enabled
> on arm64, so hereby the request to enable it.

I sent a MR [1] to enable this option.

> I can imaging that it would also make sense to enable it on armhf, but I
> don't know if that's needed or maybe already enabled there, but I assume
> the Debian kernel maintainers can make an informed judgement on that.

It is already provided as a module on armhf.

> Cheers,
>   Diederik

Have a good day,
Vincent

[1] https://salsa.debian.org/kernel-team/linux/-/merge_requests/351


signature.asc
Description: PGP signature

Bug#984767: dh-virtualenv: Can't build packages with compat >= 12 as --buildsystem doesn't work

2021-04-26 Thread Vincent Bernat 
severity 984767 normal
tag 984767 + moreinfo
thanks

 ❦  8 mars 2021 08:55 +01, Johann Queuniet:

> I have issues with building packages with dh-virtualenv using a compat
> of 12 or higher, ending up with the following error:
>
> ```
>  debian/rules binary
> dh binary --with python-virtualenv --python /usr/bin/python3
>dh_update_autotools_config -O--python=/usr/bin/python3
>dh_autoreconf -O--python=/usr/bin/python3
>dh_auto_configure -O--python=/usr/bin/python3
> dh_auto_configure: warning: Please use the third-party "pybuild" build system 
> instead of python-distutils
> dh_auto_configure: error: This feature was removed in compat 12.
> make: *** [debian/rules:4: binary] Error 255
> dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 
> 2
> ```
>
> If I try to ask for pybuild with --buildsystem, the build goes a bit
> further, but still fails:
>
> ```
>  debian/rules binary
> dh binary --with python-virtualenv --builtin-venv --python /usr/bin/python3 
> --buildsystem=pybuild
>dh_update_autotools_config -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_autoreconf -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_auto_configure -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
> I: pybuild base:232: python3.9 setup.py config
> running config
>create-stamp debian/debhelper-build-stamp
>dh_testroot -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_prep -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_installdocs -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_installchangelogs -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
>dh_virtualenv -O--builtin-venv -O--python=/usr/bin/python3 
> -O--buildsystem=pybuild
> Usage: dh_virtualenv [options]
>
> dh_virtualenv: error: no such option: --buildsystem
> make: *** [debian/rules:4: binary] Error 2
> dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 
> 2
> ```

I am able to build with compatibility 12:

%:
dh $@ --buildsystem=pybuild --with python-virtualenv
override_dh_virtualenv:
dh_virtualenv --python python3

I don't remember if you tried that. So, while it could work out of the
box without overriding dh_virtualenv, it works good enough to be in a
release, with two solutions:

 - use compatibility 11
 - override dh_virtualenv invocation to not chocke on
   --buildsystem=pybuild

Also, it seems you pass --builtin-venv to dh, you only need to pass it
to dh_virtualenv.
-- 
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)

Bug#987606: sift: does not autobuild on buildds

2021-04-26 Thread Graham Inggs 
Source: sift
Version: 4.0.3b-6
Severity: important

Hi Maintainer

This package has 'XS-Autobuild: yes' in debian/control[1], yet it does
not seem to autobuild.
Was step 3 from `Marking non-free packages as auto-buildable`[2] omitted?

Regards
Graham


[1] https://salsa.debian.org/med-team/sift/-/blob/master/debian/control#L5
[2] 
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#marking-non-free-packages-as-auto-buildable

Bug#949767: arrayfire update fails in configure step

2021-04-26 Thread Aaron M. Ucko 
Andreas Tille  writes:

> /usr/bin/ld: cannot find -lpthreads

Thanks for posting a link to the full log!  AFAICT, the actual errors
appear much earlier, on lines 1573-1593:

  CMake Error: File 
/builds/science-team/arrayfire/debian/output/source_dir/extern/forge/CMakeModules/version.h.in
 does not exist.
  CMake Error at CMakeModules/AFconfigure_forge_submodule.cmake:47 
(configure_file):
configure_file Problem configuring file
  Call Stack (most recent call first):
CMakeLists.txt:117 (include)
  CMake Error at CMakeLists.txt:163 (add_subdirectory):
add_subdirectory given source "extern/spdlog" which is not an existing
directory.
  CMake Error at CMakeLists.txt:164 (add_subdirectory):
add_subdirectory given source "extern/glad" which is not an existing
directory.
  -- Performing Test has_ignored_attributes_flag
  -- Performing Test has_ignored_attributes_flag - Success
  -- Performing Test has_all_warnings_flag
  -- Performing Test has_all_warnings_flag - Success
  CMake Error at /usr/share/cmake-3.18/Modules/ExternalProject.cmake:2350 
(message):
error: could not find git for clone of clFFT-ext
  Call Stack (most recent call first):
/usr/share/cmake-3.18/Modules/ExternalProject.cmake:3206 
(_ep_add_download_command)
CMakeModules/build_clFFT.cmake:33 (ExternalProject_Add)
src/backend/opencl/CMakeLists.txt:15 (include)

The subsequent output consists of dumps of CMake's internal logs, which
sometimes provide additional clues but need to be taken in context; for
instance, the -lpthreads error comes from

  -- Looking for pthread.h
  -- Looking for pthread.h - found
  -- Performing Test CMAKE_HAVE_LIBC_PTHREAD
  -- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
  -- Looking for pthread_create in pthreads
  -- Looking for pthread_create in pthreads - not found
  -- Looking for pthread_create in pthread
  -- Looking for pthread_create in pthread - found
  -- Found Threads: TRUE  

(ll. 1472-1480).

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

Bug#987043: nmu: 4 packages where adequate reports symbol-size-mismatch

2021-04-26 Thread Andreas Beckmann 

On 26/04/2021 13.07, Graham Inggs wrote:

nmu sift_4.0.3b-6 . ANY . unstable . -m "Rebuild to update symbol size for 
ErrorBuffer."

Although sift's debian/control has XS-Autobuild: yes, maybe nobody
sent a request to the buildd admins yet.


I'm no longer used to non-free packages not being whitelisted, so I 
didn't even check before requesting ;-)



Would you mind doing a manual binNMU for sift please?


Done.

Andreas

Bug#986027: firefox: WebExtensions process sometimes consumes 100% CPU indefinitely on Firefox 87

2021-04-26 Thread Grégory Mounié 



 I have the same troubles with X11 (KDE; linux XXX 5.10.0-6-amd64 #1 
SMP Debian 5.10.28-1 (2021-04-09) x86_64 GNU/Linux)


 According to perf (perf record -p PID_OF_WebExtensions sleep 5; 
hotspot perf.data), the CPU time is spend in


 nft_pipapo_avx2_scratch_index [nf_tables] use 50% of the cycles
 (What ? netfilter ?)

 Grégory

--
G. Mounié - Associate Prof., Univ. Grenoble Alpes (Grenoble-INP/Ensimag)
LIG - Datamove Inria team, off. 440, IMAG building,+33(0)457 421 533, FR

Bug#949767: arrayfire update fails in configure step

2021-04-26 Thread Gard Spreemann 

Andreas Tille  writes:

> Hi,
>
> I personally have no interest in arrayfire but I realised that the
> Debian packaged version depends clblas (and is the only remaining
> package that needs cblas and I would like to see it removed from Debian
> due to bug #949767)

Hi,

FWIW: It seems that arrayfire (which I know nothing about in general)
has support [1,2] for using clblast (with a t) as an alternative to
clblas. We do have a clblast package [3]. Could that be a way forward?
 

[1] https://github.com/arrayfire/arrayfire/pull/1727

[2] https://github.com/arrayfire/arrayfire/issues/1956

[3] https://tracker.debian.org/pkg/clblast


 -- Gard


signature.asc
Description: PGP signature

Bug#987605: Acknowledgement (thunderbird: Thunderbird constantly uses above 80% CPU)

2021-04-26 Thread Michael Becker 
after having had the problem for a few days now, it seems to have disappeared into thin air now that I have reported the 
bug ...




OpenPGP_signature
Description: OpenPGP digital signature

Bug#986638: please close bug

2021-04-26 Thread Michael Becker 

after having had the problem for a few days now, it seems to have disappeared 
into thin air now that I have reported the bug



OpenPGP_signature
Description: OpenPGP digital signature

Bug#986638: please close bug

2021-04-26 Thread Michael Becker 

sorry wrong bug – please let this one open ...


Am 26.04.21 um 13:36 schrieb Michael Becker:
after having had the problem for a few days now, it seems to have disappeared into thin air now that I have reported the 
bug






OpenPGP_signature
Description: OpenPGP digital signature

Bug#987436: libcifpp: [INTL:pt_BR] Brazilian Portuguese debconf templates translation

2021-04-26 Thread Maarten L. Hekkelman 

Hi Adriano,

Thanks very much

-maarten

Op 23-04-2021 om 21:41 schreef Adriano Rafael Gomes:

Package: libcifpp
Tags: l10n patch
Severity: wishlist

Hello,

Please, Could you update the Brazilian Portuguese Translation?

Attached you will find the file pt_BR.po. It is UTF-8 encoded and it is
tested with msgfmt and podebconf-display-po.

Kind regards.


--
Maarten L. Hekkelman
http://www.hekkelman.com/

Bug#987605: thunderbird: Thunderbird constantly uses above 80% CPU

2021-04-26 Thread Michael 
Package: thunderbird
Version: 1:78.10.0-1
Severity: important

Thunderbird is consuming constantly above 80% CPU.
strace shows that it heavily polls on /tmp/.X11-unix/X0

I am using a fresh install of Bullseye with Xfce4
the .thunderbird directory is copied over from a laptop running Buster


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages thunderbird depends on:
ii  debianutils  4.11.2
ii  fontconfig   2.13.1-4.2
ii  libatk1.0-0  2.36.0-2
ii  libbotan-2-172.17.3+dfsg-2
ii  libbz2-1.0   1.0.8-4
ii  libc62.31-11
ii  libcairo-gobject21.16.0-5
ii  libcairo21.16.0-5
ii  libdbus-1-3  1.12.20-2
ii  libdbus-glib-1-2 0.110-6
ii  libevent-2.1-7   2.1.12-stable-1
ii  libffi7  3.3-6
ii  libfontconfig1   2.13.1-4.2
ii  libfreetype6 2.10.4+dfsg-1
ii  libgcc-s110.2.1-6
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0 2.66.8-1
ii  libgtk-3-0   3.24.24-3
ii  libicu67 67.1-6
ii  libjson-c5   0.15-2
ii  libnspr4 2:4.29-1
ii  libnss3  2:3.61-1
ii  libpango-1.0-0   1.46.2-3
ii  libstdc++6   10.2.1-6
ii  libvpx6  1.9.0-1
ii  libx11-6 2:1.7.0-2
ii  libx11-xcb1  2:1.7.0-2
ii  libxcb-shm0  1.14-3
ii  libxcb1  1.14-3
ii  libxext6 2:1.3.3-1.1
ii  libxrender1  1:0.9.10-1
ii  psmisc   23.4-2
ii  x11-utils7.7+5
ii  zlib1g   1:1.2.11.dfsg-2

Versions of packages thunderbird recommends:
ii  hunspell-de-at [hunspell-dictionary]  20161207-9
ii  hunspell-de-ch [hunspell-dictionary]  20161207-9
ii  hunspell-de-de [hunspell-dictionary]  20161207-9
ii  hunspell-en-us [hunspell-dictionary]  1:2019.10.06-1

Versions of packages thunderbird suggests:
ii  apparmor  2.13.6-10
pn  fonts-lyx 
ii  libgssapi-krb5-2  1.18.3-5
ii  libgtk2.0-0   2.24.33-1

-- no debconf information

  1   2   >