date:20210526

Bug#989137: cockpit-ws: No sysvinit script

2021-05-26 Thread Simon Walter


On 5/27/21 1:57 PM, Martin Pitt wrote:

Hello Simon,

Simon Walter [2021-05-27 10:17 +0900]:

I was trying to make it quicker to deploy for those who run it like this
anyway, but I understand not wanting to be responsible for partially
functioning software. In that case, shall I open a bug to make systemd a
dependency?


This is already the case, in Debian testing (and thus upcoming Debian 11),
cockpit-ws has a Depends: systemd (>= 235).

Thanks!

Martin



Excellent. Thank you so much. Sorry to take your time.

Best regards,

Simon

Bug#989159: packagekit: APT::Default-Release is ignored

2021-05-26 Thread Dmitry Alexandrov

Package: packagekit
Version: 1.2.2-2
Severity: normal
X-Debbugs-Cc: d...@gnui.org

It seems, that packagekitʼs APT backend do not respect APT default release (aka 
target release).

## Steps to reproduce

/etc/apt/sources.list

deb https://deb.debian.org/debian/ sid main
deb https://deb.debian.org/debian/ experimental main

/etc/apt/apt.conf.d/00default-release

APT::Default-Release "sid";

/etc/apt/preferences.d/20experimental-is-okay

Package: *
Pin: release a=experimental
Pin-Priority: 500

(would not be required for testing and unstable on stable system).

So that:

$ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 https://deb.debian.org/debian experimental/main amd64 Packages
 release 
o=Debian,a=experimental,n=experimental,l=Debian,c=main,b=amd64
 origin deb.debian.org
 990 https://deb.debian.org/debian sid/main amd64 Packages
 release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=amd64
 origin deb.debian.org
Pinned packages:

Compare

$ apt list --upgradeable

(no extra upgrades should be found) with

$ pkcon get-updates

which suggests to upgrade everything possible to experimental.

## Expected result

packagekit-based software (pkcon, plasma-discover, apper, etc) behaves mostly 
the same way as apt(8), aptitude(8), libqapt3-based software (e. g. muon) does.

## Workaround

Emulate default release with apt_preferences(5):

/etc/apt/preferences.d/00emulate-default-release

Package: *
Pin: release n=sid
Pin-Priority: 990


-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages packagekit depends on:
ii  init-system-helpers 1.60
ii  libappstream4   0.14.2-1
ii  libapt-pkg6.0   2.2.3
ii  libc6   2.31-12
ii  libgcc-s1   10.2.1-6
ii  libglib2.0-02.66.8-1
ii  libglib2.0-bin  2.66.8-1
ii  libgstreamer1.0-0   1.18.4-2
ii  libpackagekit-glib2-18  1.2.2-2
ii  libpolkit-gobject-1-0   0.105-30
ii  libsqlite3-03.34.1-3
ii  libstdc++6  10.2.1-6
ii  libsystemd0 247.3-5
ii  policykit-1 0.105-30

Versions of packages packagekit recommends:
ii  packagekit-tools  1.2.2-2
ii  systemd   247.3-5

Versions of packages packagekit suggests:
ii  appstream  0.14.2-1

-- no debconf information


signature.asc
Description: PGP signature

Bug#956390: aptitude -o complains about empty value

2021-05-26 Thread Dmitry Alexandrov

David Kalnischkies  wrote:
> That said, it might make sense to be able to set an empty value from the 
> cmdline, yes, but apt doesn't have a way for it either

It seems, that tools from apt package now (ver. 2.2.3) _do_ allow to unset an 
apt.conf(5) option by using `-o`:

$ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 https://deb.debian.org/debian rc-buggy/main amd64 Packages
 release 
o=Debian,a=experimental,n=experimental,l=Debian,c=main,b=amd64
 origin deb.debian.org
 990 https://deb.debian.org/debian sid/main amd64 Packages
 release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=amd64
 origin deb.debian.org
Pinned packages:

$ apt-cache -o APT::Default-Release='' policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 https://deb.debian.org/debian rc-buggy/main amd64 Packages
 release 
o=Debian,a=experimental,n=experimental,l=Debian,c=main,b=amd64
 origin deb.debian.org
 500 https://deb.debian.org/debian sid/main amd64 Packages
 release o=Debian,a=unstable,n=sid,l=Debian,c=main,b=amd64
 origin deb.debian.org
Pinned packages:

While aptitude(8) still complains about syntax:

$ aptitude -o APT::Default-Release='' show
-o requires an argument of the form key=value, got APT::Default-Release=

Should not it be brought into the line?


signature.asc
Description: PGP signature

Bug#989157: isc-dhcp: diff for NMU version 4.4.1-2.3

2021-05-26 Thread Salvatore Bonaccorso

Control: tags 989157 + patch
Control: tags 989157 + pending


Dear maintainer,

I've prepared an NMU for isc-dhcp (versioned as 4.4.1-2.3) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer (or even if fine with the NMU and want me to
reschedule).

Regards,
Salvatore
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog	2020-08-06 04:08:47.0 +0200
+++ isc-dhcp-4.4.1/debian/changelog	2021-05-27 06:59:48.0 +0200
@@ -1,3 +1,12 @@
+isc-dhcp (4.4.1-2.3) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * A buffer overrun in lease file parsing code can be used to exploit a
+common vulnerability shared by dhcpd and dhclient (CVE-2021-25217)
+(Closes: #989157)
+
+ -- Salvatore Bonaccorso   Thu, 27 May 2021 06:59:48 +0200
+
 isc-dhcp (4.4.1-2.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch
--- isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch	1970-01-01 01:00:00.0 +0100
+++ isc-dhcp-4.4.1/debian/patches/4.4.2.CVE-2021-25217.patch	2021-05-27 06:59:48.0 +0200
@@ -0,0 +1,29 @@
+Description: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/989157
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-25217
+Forwarded: not-needed
+Author: Salvatore Bonaccorso 
+Last-Update: 2021-05-26
+
+diff --git a/common/parse.c b/common/parse.c
+index 386a6321..fc7b39c6 100644
+--- a/common/parse.c
 b/common/parse.c
+@@ -5556,13 +5556,14 @@ int parse_X (cfile, buf, max)
+ skip_to_semi (cfile);
+ return 0;
+ 			}
+-			convert_num (cfile,  [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ parse_warn (cfile,
+ 	"hexadecimal constant too long.");
+ skip_to_semi (cfile);
+ return 0;
+ 			}
++			convert_num (cfile,  [len], val, 16, 8);
++			len++;
+ 			token = peek_token (, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ token = next_token (,
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series	2020-08-06 04:08:47.0 +0200
+++ isc-dhcp-4.4.1/debian/patches/series	2021-05-27 06:59:48.0 +0200
@@ -17,3 +17,5 @@
 
 configure.patch
 Fixed_gcc_10_compilation_issues.patch
+
+4.4.2.CVE-2021-25217.patch

Bug#989158: libffi: update symbols for musl-linux-mipsel

2021-05-26 Thread Helmut Grohne

Source: libffi
Version: 3.3-6
Tags: patch
User: helm...@debian.org
Usertags: rebootstrap

libffi needs a symbol update to build for musl-linux-mipsel. As it
happens, the symbols work like on mipsel. I think they're actually
independent of the libc and kernel and therefore suggest replacing
mipsel with any-mipsel. Here is a patch:

sed -i -e s/mipsel/any-mipsel/ debian/libffi7.symbols

Helmut

Bug#989137: cockpit-ws: No sysvinit script

2021-05-26 Thread Martin Pitt

Hello Simon,

Simon Walter [2021-05-27 10:17 +0900]:
> I was trying to make it quicker to deploy for those who run it like this
> anyway, but I understand not wanting to be responsible for partially
> functioning software. In that case, shall I open a bug to make systemd a
> dependency?

This is already the case, in Debian testing (and thus upcoming Debian 11),
cockpit-ws has a Depends: systemd (>= 235).

Thanks!

Martin

Bug#989157: isc-dhcp: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient

2021-05-26 Thread Salvatore Bonaccorso

Source: isc-dhcp
Version: 4.4.1-2.2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 4.4.1-2

Hi,

The following vulnerability was published for isc-dhcp.

CVE-2021-25217[0]:
| In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2
| (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or
| lower and releases in the 4.3.x series) are beyond their End-of-Life
| (EOL) and no longer supported by ISC. From inspection it is clear that
| the defect is also present in releases from those series, but they
| have not been officially tested for the vulnerability), The outcome of
| encountering the defect while reading a lease that will trigger it
| varies, according to: the component being affected (i.e., dhclient or
| dhcpd) whether the package was built as a 32-bit or 64-bit binary
| whether the compiler flag -fstack-protection-strong was used when
| compiling In dhclient, ISC has not successfully reproduced the error
| on a 64-bit system. However, on a 32-bit system it is possible to
| cause dhclient to crash when reading an improper lease, which could
| cause network connectivity problems for an affected system due to the
| absence of a running DHCP client process. In dhcpd, when run in DHCPv4
| or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit
| architecture AND the -fstack-protection-strong flag was specified to
| the compiler, dhcpd may exit while parsing a lease file containing an
| objectionable lease, resulting in lack of service to clients.
| Additionally, the offending lease and the lease immediately following
| it in the lease database may be improperly deleted. if the dhcpd
| server binary was built for a 64-bit architecture OR if the -fstack-
| protection-strong compiler flag was NOT specified, the crash will not
| occur, but it is possible for the offending lease and the lease which
| immediately followed it to be improperly deleted.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-25217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
[1] https://kb.isc.org/docs/cve-2021-25217
[2] https://www.openwall.com/lists/oss-security/2021/05/26/6

Regards,
Salvatore

Bug#989156: topydo: Prints "module not found" errors on every nontrivial invokation

2021-05-26 Thread Calum McConnell

Package: topydo
Version: 0.14-4
Severity: important
X-Debbugs-Cc: calumlikesapple...@gmail.com

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Every use of topydo on my system (other than simply stating the name and getting
a task list) results in a ModuleNotFound error being printed.

I am marking this as "Important" because the package is still usable: despite
the error, it is reading my commands just fine.  Spotting the output takes
some more thought, but is still possible.

The issue looks to be a missing dependency: python3-configargparse exists and 
is packaged for Debian, but was not installed on my system.  After installing
it, the issue went away.

Sample broken output:

$ topydo add hi
Traceback (most recent call last):
  File "/usr/bin/todo.txt-base", line 8, in 
from todo_txt_base import entry_points
  File "/usr/share/todo.txt-base/todo_txt_base/entry_points.py", line 13, in 

import todo_txt_base.tdtbackup as tdtbackup
  File "/usr/share/todo.txt-base/todo_txt_base/tdtbackup.py", line 7, in 

import configargparse
ModuleNotFoundError: No module named 'configargparse'
|  2| 2021-05-26 hi
Traceback (most recent call last):
  File "/usr/bin/todo.txt-base", line 8, in 
from todo_txt_base import entry_points
  File "/usr/share/todo.txt-base/todo_txt_base/entry_points.py", line 13, in 

import todo_txt_base.tdtbackup as tdtbackup
  File "/usr/share/todo.txt-base/todo_txt_base/tdtbackup.py", line 7, in 

import configargparse
ModuleNotFoundError: No module named 'configargparse'


- -- System Information:
Debian Release: 11.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages topydo depends on:
ii  python33.9.2-3
ii  python3-arrow  0.17.0-1

Versions of packages topydo recommends:
ii  python3-icalendar   4.0.3-4
ii  python3-prompt-toolkit  3.0.14-1
ii  python3-urwid   2.1.2-1
ii  python3-watchdog1.0.2-2
ii  todo.txt-base   2.3

topydo suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQJRBAEBCgA7FiEE/vC/PEGxsMPJ5u5w7/Xh1+DNmzIFAmCvF5QdHGNhbHVtbGlr
ZXNhcHBsZXBpZUBnbWFpbC5jb20ACgkQ7/Xh1+DNmzLAPg/9F9zGlTVo1muhwHWf
DapkXKDTffiWfhhBR1sB870KHXIAc0faluaw49FQBtYS4Rq90sLC7u/qI1a5CmS4
NXsRbwZ3Okk5xiohAm6zobMHmYQ6dmaZOQdPgkXlIP+esmTtwpBpg4I/cbV7XQps
RY2+kSxUbacDpGUhY1Tyy49ZMb0ReDIrIPm1ejqglK/78MxwOQSWNl8TqC+XVkp8
TN6PKGxyGjOaRF+l36K5vCF+zQkoZdTPhi53FNGqYE6ew9NuuBsDnsbEq4kpFE0L
YO+Ibhk/RquWcY1pnDjWm8qG+xfbQ38lcCzir8DWlPlmy8D9okvfRqm9kRASI5ev
egRGQxiLETwg1X5g6d1TquxMZm1/xF90rz9CTuwUTtyV6IqRfogcnWwGZvYeYoMX
OxKZKOkK2J4yR5+GDvoUJBErMj0vLy8vjHldXjq1xsJvutPPTAAn88unuGZbjKq2
h6tLgyKf7W1bHPAODzm9cVdwoiWp+LbVYtes/6LZwZAT2ez2JwNXRK2CI3Aqt3F+
dwcMb7V73SenUZCVqHR41Th+UTctVq9cyvz2EO8YYwf1FQlSwNUgTeiclyrjFcdY
+PXOkL8ydAKksai9lD26ZLtd63/dGnqftdaNiL9WsLG+fySfhqhrnX7z4d9Po0P/
UlTqppBND1KS8MS0BVghazCaqAI=
=pXYH
-END PGP SIGNATURE-

Bug#989155: dh_installinit: when upgrading to a version that adds --no-restart-after-upgrade, the service is not restarted

2021-05-26 Thread Ryan Tandy


Package: debhelper
Version: 13.3.4
Severity: normal
Control: affects -1 slapd

Dear maintainer,

It looks like if I currently use dh_installinit --restart-after-upgrade 
(the default), and in a newer version I change it to use 
--no-restart-after-upgrade, then when I upgrade to that newer version, 
the service is not restarted and the old version is still running.


I think this happens because the stop call is added to prerm, but on 
upgrade it is the *old* prerm that runs, not the new one.


I did not test dh_installsystemd, but it looks like it would have the 
same issue.


The concrete case I have at hand is src:openldap. In bullseye it runs 
dh_installinit with no options, so slapd restarts after upgrade. For 
bookworm I will certainly need to stop slapd before upgrading it.


Thank you,
Ryan

Bug#989150: ddclient: Fail to update IP address in some rare cases with PPP connection

2021-05-26 Thread Xavier Douville

Package: ddclient
Version: 3.8.3-1.1
Severity: normal

Dear Maintainer,


I was using ddclient to manage my dynamic DNS for years.
I'm using a PPP connection which is supposed to remain connected all the time, 
but still, disconnections can happen, and when it does, my IP address usually 
need to be updated.
Using the /etc/ppp/ip-up.d update mechanism, ddclient was keeping my IP address 
up to date most of the time.
But I ran into an unfrequent, but still major issue recently.

My PPP connection dropped and was re-established. ddclient updated the IP 
address as it should. However, the PPP connection dropped and was 
re-established a second time within a 5 minutes timeframe. ddclient refused to 
update the IP address again, because it consider updating less than 5 minutes 
after a previous update could be considered abuse.
The problem is, since I'm not running ddclient as a daemon, ddclient never 
retried to update the IP address again, so my dynamic DNS was no longer valid.
It would remain like that until the next PPP reconnection, which could be weeks 
later.

Relevant lines from syslog:


May 21 03:46:15 localhost pppd[2253]: Modem hangup
May 21 03:46:15 localhost pppd[2253]: Connect time 74973.3 minutes.
May 21 03:46:15 localhost pppd[2253]: Sent 2469255726 bytes, received 824242333 
bytes.
May 21 03:46:15 localhost pppd[2253]: Connection terminated.
May 21 03:46:16 localhost pppd[2253]: Sent PADT
May 21 03:47:21 localhost pppd[2253]: Timeout waiting for PADO packets
May 21 03:47:21 localhost pppd[2253]: Unable to complete PPPoE Discovery
May 21 03:48:26 localhost pppd[2253]: Timeout waiting for PADO packets
May 21 03:48:26 localhost pppd[2253]: Unable to complete PPPoE Discovery
May 21 03:48:56 localhost pppd[2253]: PPP session is 2927
May 21 03:48:56 localhost pppd[2253]: Using interface ppp0
May 21 03:48:56 localhost pppd[2253]: Connect: ppp0 <--> enp3s0
May 21 03:48:59 localhost pppd[2253]: Remote message: Login ok
May 21 03:48:59 localhost pppd[2253]: PAP authentication succeeded
May 21 03:48:59 localhost pppd[2253]: local  IP address 77.77.77.130
May 21 03:48:59 localhost pppd[2253]: remote IP address 10.11.16.17

May 21 03:48:59 localhost ddclient[18582]: WARNING:  forcing update of 
my-dynamic-dns.com from 77.77.77.130 to 77.77.77.130; 30 days since last update 
on Wed Mar 31 09:26:46 2021.
May 21 03:48:59 localhost ddclient[18582]: WARNING:  forcing update of 
yo.my-dynamic-dns.com from 77.77.77.130 to 77.77.77.130; 30 days since last 
update on Wed Mar 31 09:26:46 2021.
May 21 03:49:04 localhost pppd[2253]: Modem hangup
May 21 03:49:04 localhost pppd[2253]: Connect time 0.1 minutes.
May 21 03:49:04 localhost pppd[2253]: Sent 13 bytes, received 203873 bytes.
May 21 03:49:04 localhost pppd[2253]: Connection terminated.
May 21 03:49:04 localhost pppd[2253]: Sent PADT
May 21 03:49:34 localhost pppd[2253]: PPP session is 2928
May 21 03:49:34 localhost pppd[2253]: Using interface ppp0
May 21 03:49:34 localhost pppd[2253]: Connect: ppp0 <--> enp3s0
May 21 03:49:37 localhost pppd[2253]: Remote message: Login ok
May 21 03:49:37 localhost pppd[2253]: PAP authentication succeeded
May 21 03:49:37 localhost pppd[2253]: local  IP address 70.52.5.154
May 21 03:49:37 localhost pppd[2253]: remote IP address 10.11.16.17
May 21 03:49:37 localhost ddclient[18629]: WARNING:  skipping update of 
my-dynamic-dns.com from 77.77.77.130 to 77.77.5.154.
May 21 03:49:37 localhost ddclient[18629]: WARNING:   last updated Fri May 21 
03:48:59 2021.
May 21 03:49:37 localhost ddclient[18629]: WARNING:   Wait at least 5 minutes 
between update attempts.
May 21 03:49:37 localhost ddclient[18629]: WARNING:  skipping update of 
yo.my-dynamic-dns.com from 77.77.77.130 to 77.77.5.154.
May 21 03:49:37 localhost ddclient[18629]: WARNING:   last updated Fri May 21 
03:48:59 2021.
May 21 03:49:37 localhost ddclient[18629]: WARNING:   Wait at least 5 minutes 
between update attempts.


/etc/ddclient.conf

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
use=if, if=ppp0

ssl=yes
protocol=googledomains
login=my_user
password=my_pass
my-dynamic-dns.com

ssl=yes
protocol=googledomains
login=my_user
password=my_pass
yo.my-dynamic-dns.com



-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'oldoldstable'), 
(500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-9-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA:fr_FR:fr:en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages ddclient depends on:
ii  debconf [debconf-2.0] 1.5.71
ii  init-system-helpers   1.56+nmu1
pn  initscripts   
pn  libdata-validate-ip-perl  
ii  lsb-base  10.2019051400
ii  perl  5.28.1-6+deb10u1
pn  perl5 

Versions of

Bug#976122: (no subject)

2021-05-26 Thread Nolan


I found using the dtbs from the upstream firmware appears to work:
http://github.com/raspberrypi/firmware/archive/1.20200902.tar.gz

I then have u-boot use the kernel package's dtbs for when it boots the 
kernel.

Bug#986176: openuniverse runs with crippled GUI, then crashes.

2021-05-26 Thread Bernhard Übelacker


Hello Ray,



Warning, a coredump from this system would be immense.  Or, well anyway
pretty darn large.


systemd-coredump should limit the core to 2G.
And as a first target, the journal output might have a backtrace
from which one could start looking.

Maybe running openuniverse with a memory limit produces the same error in dmesg?

systemd-run --user --scope -p MemoryMax=2G openuniverse

It would also be possible to tell the kernel to just use a certain
amount of RAM by adding e.g. "mem=2G" to the kernel parameters.
But this would require a reboot of the system.




Testing in a VM with a more reasonable 6GB apparently does not provoke
the crash.


I fear the issue might also be specific to the graphics library
because the crash happens in nouveau_dri.so.
Therefore a VM might not show this issue.




... and openuniverse seems to expand to fill available space.


That would be a memory leak I guess.
Then the backtrace would be really not that interesting.




... but checking screenshots of it online I see many UI elements that
simply are not present when I start it.


I guess the gui needs a libglui, which is not "yet"
packaged for debian (see #801858).



If the issue might be related to the usage of multiple threads,
the risk that the issue gets triggered might be lowered by running
openuniverse just on a single CPU core:

taskset 0x0001 openuniverse


##


But while writing this email, I got my hands on a nouveau capable laptop.
There I found openuniverse also crashing if I leave it some time alone,
at the very exact instruction [1].

I could not see a excessive memory usage - htop shows 0.7% usage of 7.66G.
So I can't currently see a connection between the available RAM size and this 
issue.

I tried to record with rr, but this forces the driver to software mode,
therefore the issue then does not show up.
Also running with valgrind does not crash nor show something obvious.

Kind regards,
Bernhard



[1]
(gdb) bt
#0  0x7fc3fc635d63 in create_cache_trans (st=0x556dd8391f80) at 
../src/mesa/state_tracker/st_cb_bitmap.c:402
#1  accum_bitmap (bitmap=0x7fc3ff07fcf1  "", 
unpack=0x7fc3f4201ad8, height=14, width=7, y=441, x=0, ctx=0x7fc3f41cf010) at 
../src/mesa/state_tracker/st_cb_bitmap.c:516
#2  st_Bitmap (ctx=0x7fc3f41cf010, x=0, y=441, width=7, height=14, unpack=0x7fc3f4201ad8, 
bitmap=0x7fc3ff07fcf1  "") at 
../src/mesa/state_tracker/st_cb_bitmap.c:621
#3  0x7fc3fc8c167e in _mesa_Bitmap (width=7, height=14, xorig=, yorig=3, 
xmove=7, ymove=0, bitmap=0x7fc3ff07fcf1  "") at 
../src/mesa/main/drawpix.c:357
#4  0x7fc3ff066830 in glutBitmapCharacter (fontID=0x556dd6aba740 
, character=) at freeglut_font.c:122
#5  0x556dd6aa09ec in glutprintstring (x=, y=, 
z=, string=) at font.cpp:76
#6  glutprintstring (string=0x7fff4ffb0400 "Body distance from Sun (Km): 
151595991.59", z=0, y=, x=0) at font.cpp:67
#7  printstring (x=x@entry=0, y=, z=z@entry=0, 
string=string@entry=0x7fff4ffb0400 "Body distance from Sun (Km): 151595991.59") at 
font.cpp:86
#8  0x556dd6a95150 in OnScreenInfo () at info.cpp:211
#9  0x556dd6a9f028 in Display () at ou.cpp:517
#10 0x7fc3ff06ed83 in fghRedrawWindow (window=0x556dd82bad20) at 
freeglut_main.c:231
#11 fghcbDisplayWindow (window=0x556dd82bad20, enumerator=0x7fff4ffb0570) at 
freeglut_main.c:248
#12 0x7fc3ff072619 in fgEnumWindows 
(enumCallback=enumCallback@entry=0x7fc3ff06ed10 , 
enumerator=enumerator@entry=0x7fff4ffb0570) at freeglut_structure.c:396
#13 0x7fc3ff06f2fb in fghDisplayAll () at freeglut_main.c:271
#14 glutMainLoopEvent () at freeglut_main.c:1523
#15 0x7fc3ff06fc0b in glutMainLoop () at freeglut_main.c:1571
#16 0x556dd6a85c3d in main (argc=, argv=0x7fff4ffb08a8) at 
ou.cpp:572

Bug#970275: lintian: Please allow /usr/share/gtk-doc/html without emitting package-contains-documentation-outside-usr-share-doc

2021-05-26 Thread Daniel Kahn Gillmor

Control: affects 970275 + libgmime-3.0-doc

On Mon 2020-09-14 09:13:02 +0100, Simon McVittie wrote:

> However, it currently causes Lintian to emit
> package-contains-documentation-outside-usr-share-doc. Perhaps there could
> be logic like this pseudocode?
>
> for each file outside /usr/share/doc that looks like documentation:
> if there is a symlink in /usr/share/doc to the file or one of
> its ancestor directories:
> # assume it is used or read by programs
> no tag
> else:
> package-contains-documentation-outside-usr-share-doc

I agree with Simon that this is the right thing to do.  the gmime
packages are affected by this as well, and it makes lintian output very
noisy for that package.  I imagine that any package that uses the
gtk-doc tooling will trigger this warning unnecessarily.

 --dkg

signature.asc
Description: PGP signature

Bug#986649: 1.6-1 not fixed

2021-05-26 Thread sergio

I can't confirm that this issue is fixed, as firefox 88.0.1-1 still 
flickers with sway 1.6-1


--
sergio.

Bug#943425: klibc: debdiff for NMU 2.0.8-6.1

2021-05-26 Thread Thorsten Glaser

Hi Ben, maks,

please find attached the debdiff fixing this release-critical bug.
I’ve uploaded to DELAYED/0 per devref.

Please integrate this into the next maintainer upload.

I’ve only added the patch for the wrong registers being saved,
not the one fixing sig{set,long}jmp because, apparently, klibc
documents its standard violation for these two functions, so
that’s best dealt with upstream. I’ll upload mksh using the
regular {set,long}jmp functions instead where signals are to
not be saved once klibc is built on all architectures.

bye,
//mirabilos
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2diff -Nru klibc-2.0.8/debian/changelog klibc-2.0.8/debian/changelog
--- klibc-2.0.8/debian/changelog2021-04-30 03:05:23.0 +0200
+++ klibc-2.0.8/debian/changelog2021-05-27 00:12:10.0 +0200
@@ -1,3 +1,11 @@
+klibc (2.0.8-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * {set,long}jmp [s390x]: save/restore the correct FPU registers
+(f8‥f15 not f1/f3/f5/f7) (Closes: #943425)
+
+ -- Thorsten Glaser   Thu, 27 May 2021 00:12:10 +0200
+
 klibc (2.0.8-6) unstable; urgency=medium
 
   * Upload to unstable
diff -Nru 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
--- 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
  1970-01-01 01:00:00.0 +0100
+++ 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
  2021-05-27 00:11:57.0 +0200
@@ -0,0 +1,57 @@
+Description: {set,long}jmp [s390x]: save/restore the correct registers
+ The s390x ABI actually has FPU registers f8‥f15, not f1/f3/f5/f7,
+ to be saved. (Closes: Debian #943425)
+Author: mirabilos 
+Forwarded: https://lists.zytor.com/archives/klibc/2021-May/004620.html
+
+--- a/usr/include/arch/s390/klibc/archsetjmp.h
 b/usr/include/arch/s390/klibc/archsetjmp.h
+@@ -16,7 +16,7 @@ struct __jmp_buf {
+ 
+ struct __jmp_buf {
+   uint64_t __gregs[10]; /* general registers r6-r15 */
+-  uint64_t __fpregs[4]; /* fp registers f1, f3, f5, f7 */
++  uint64_t __fpregs[8]; /* fp registers f8-f15 */
+ };
+ 
+ #endif /* __s390x__ */
+--- a/usr/klibc/arch/s390/setjmp.S
 b/usr/klibc/arch/s390/setjmp.S
+@@ -38,10 +38,14 @@ longjmp:
+ 
+ setjmp:
+   stmg%r6,%r15,0(%r2) # save all general registers
+-  std %f1,80(%r2) # save fp registers f4 and f6
+-  std %f3,88(%r2)
+-  std %f5,96(%r2)
+-  std %f7,104(%r2)
++  std %f8,80(%r2) # save fp registers f8 to f15
++  std %f9,88(%r2)
++  std %f10,96(%r2)
++  std %f11,104(%r2)
++  std %f12,112(%r2)
++  std %f13,120(%r2)
++  std %f14,128(%r2)
++  std %f15,136(%r2)
+   lghi%r2,0   # return 0
+   br  %r14
+ 
+@@ -54,10 +58,14 @@ setjmp:
+ longjmp:
+   lgr %r1,%r2 # jmp_buf
+   lgr %r2,%r3 # return value
+-  ld  %f7,104(%r1)# restore all saved registers
+-  ld  %f5,96(%r1)
+-  ld  %f3,88(%r1)
+-  ld  %f1,80(%r1)
++  ld  %f15,136(%r1)   # restore all saved registers
++  ld  %f14,128(%r1)
++  ld  %f13,120(%r1)
++  ld  %f12,112(%r1)
++  ld  %f11,104(%r1)
++  ld  %f10,96(%r1)
++  ld  %f9,88(%r1)
++  ld  %f8,80(%r1)
+   lmg %r6,%r15,0(%r1)
+   br  %r14# return to restored address
+ 
diff -Nru klibc-2.0.8/debian/patches/series klibc-2.0.8/debian/patches/series
--- klibc-2.0.8/debian/patches/series   2021-04-30 02:38:31.0 +0200
+++ klibc-2.0.8/debian/patches/series   2021-05-27 00:09:21.0 +0200
@@ -10,3 +10,4 @@
 0037-klibc-calloc-Fail-if-multiplication-overflows.patch
 0039-klibc-cpio-Fix-possible-integer-overflow-on-32-bit-s.patch
 0040-klibc-cpio-Fix-possible-crash-on-64-bit-systems.patch
+0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch

Bug#989153: linux-image-amd64: Pleset set CONFIG_VIRTIO_CONSOLE=y to boot with virtio console

2021-05-26 Thread sergio

Package: linux-image-amd64
Version: 5.10.38-1
Severity: normal

Dear Maintainer,

Please compile virtio serial as built-in
(CONFIG_VIRTIO_CONSOLE=y) to be able to boot with serial=hvc0

Bug#989122: exim4: takes 10 seconds to accept connections after waking up on another network

2021-05-26 Thread Rémi Letot

here comes the strace:


hobbes@sphax:~$ sudo strace -p 671890
strace: Process 671890 attached
select(6, [3 4 5], NULL, NULL, NULL

waits here before I send the mail

)= 1 (in [5])
wait4(-1, 0x7ffd5fdf4034, WNOHANG, NULL) = -1 ECHILD (Aucun processus enfant)
accept(5, {sa_family=AF_INET6, sin6_port=htons(50964), sin6_flowinfo=htonl(0), 
inet_pton(AF_INET6, "::1", _addr), sin6_scope_id=0}, [28]) = 6
fcntl(6, F_GETFL)   = 0x2 (flags O_RDWR)
dup(6)  = 7
fcntl(7, F_GETFL)   = 0x2 (flags O_RDWR)
getsockname(6, {sa_family=AF_INET6, sin6_port=htons(25), 
sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", _addr), 
sin6_scope_id=0}, [28]) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0x7faf36b64c50) = 706004
close(6)= 0
close(7)= 0
select(6, [3 4 5], NULL, NULL, NULL

waits 10 seconds here

)= ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=706004, si_uid=104, 
si_status=0, si_utime=0, si_stime=1} ---
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, 
sa_restorer=0x7faf372abd60}, NULL, 8) = 0
rt_sigreturn({mask=[]}) = -1 EINTR (Appel système interrompu)
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 706004
wait4(-1, 0x7ffd5fdf4034, WNOHANG, NULL) = -1 ECHILD (Aucun processus enfant)
rt_sigaction(SIGCHLD, {sa_handler=0x558211694c60, sa_mask=[], 
sa_flags=SA_RESTORER, sa_restorer=0x7faf372abd60}, NULL, 8) = 0
select(6, [3 4 5], NULL, NULL, NULL^Cstrace: Process 671890 detached
 
--

Tell-me if you need more info.

Thanks,
-- 
Rémi

Bug#892275: redshift: Unable to connect to GeoClue

2021-05-26 Thread Chris Hofstaedtler

* Paul Gevers  [210526 21:49]:
> On Thu, 4 Feb 2021 14:29:55 +0100 Laurent Bigonville 
> wrote:
> > IMVHO, you should remove the redshift systemd file and let redshift 
> > start via de xdg autostart mechanism. The geoclue agent should then be 
> > started before redshift as I think it start the process using the 
> > alphabetical order.
> 
> So, I think reassigning back to redshift makes most sense after this
> assessment (which makes sense to me, albeit being non-expert).

Maybe someone can come up with a patch that works on both, systemd and
non-systemd systems? If thats even relevant in the first place...

Chris

Bug#989152: linux: Mouse wheel support is broken after resume

2021-05-26 Thread Julien AUBIN

Source: linux
Version: Mouse wheel behaviour is broken after resume
Severity: normal

Dear Maintainer,

I've remarked that on a specific laptop the mouse wheel function is not
restored after resume. This is a regression that has been introduced between
Buster and Bullseye, and only occurs on one of my hosts.

Laptop model : Dell Latitude e6540
Mouse model : Microsoft Intellimouse 4500
Desktop environment : KDE

Steps to reproduce :
DO : boot the computer and open KDE
DO : open whatever application with a scrollbar and use the mouse scroll wheel
EXPECT : the scrolling works.
DO : suspend the computer to RAM for 5 minutes
DO : resume your activity
DO : open whatever application with a scrollbar and use the mouse scroll wheel
EXPECT : the scrolling works.
ACTUAL : the scrolling does not work.

Workaround : unplug and plug the mouse, or use a tool like resetmsmice (it
would be great to include it in the archive :
https://github.com/paulrichards321/resetmsmice )

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Bill Allombert

On Wed, May 26, 2021 at 07:50:53PM +, Holger Levsen wrote:
> On Wed, May 26, 2021 at 12:00:46PM +0200, Bill Allombert wrote:
> > One way to fix that is to update libgc1c2 in stable to not 
> > Conflict/Replaces with libgc1.
>  
> while this is true, this is also not the most desireable fix, because
> it should be possible to update from *any* stable installation
> to the next stable, not just from the latest stable point release.

I agree with you, but this is a general issue with circular dependencies
(and circular conflicts) that they can only be fixed cleanly by
updating stable and not testing. 
That is why I have always strongly recommended to avoid them.

(We could of course fix it in testing by renaming libgc1 to libgc1c4 or whatever
but that would create a much larger disruption than removing a useless Conflict
from stable).

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#989151: aerc: please package newer upstream version (0.5.2 as of today)

2021-05-26 Thread Cédric Boutillier

Package: aerc
Severity: wishlist

Dear Maintainer,

Thank you for introducing this software in Debian.
Could you please update the package of aerc to a newer upstream version?
The current one, 0.5.2 according to the website, has been out for more
than 6 months.

Thanks a lot!

Cédric


signature.asc
Description: PGP signature

Bug#884992: roundcube-plugins: No documentation to enable plugins

2021-05-26 Thread Guilhem Moulin

On Wed, 26 May 2021 at 12:16:14 -0500, Jonathan Hutchins wrote:
> Thank you for pointing me to the correct information.  I'm not sure it was
> there when I originally installed the package.

1.2.3+dfsg.1-4+deb9u1 has this information as well.  Note that
/usr/share/doc/$PACKAGE/README.Debian is the usual location for
Debian-specific documentation.

> I do feel somewhat put-upon that I have to know how to write arrays in PHP
> syntax to turn features on, but it's just one more configuration language.

Good point.  A Debian-specific conversion from config.inc.php to YAML or
whatever isn't an option, but we can populate the array with some
commented out plugin names.

-- 
Guilhem.

signature.asc
Description: PGP signature

Bug#989050: syncplay: Please consider splitting the package into a client and server package

2021-05-26 Thread Johannes Schauer Marin Rodrigues

Quoting Bruno Kleinert (2021-05-26 04:42:59)
> thank you for the report and feedback. I uploaded a revision to experimental
> that builds syncplay, syncplay-server and syncplay-common.

Awesome, thanks a lot!

The server and client worked out of the box for me and my friends, so thanks
for maintaining this awesome tool. :)

My next wishlist bug would be to provide a init script and/or systemd service
for the syncplay-server package. Is that something you consider implementing?

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#989140: roundcube-core: Error displayed during upgrade if manually installed plugins are in use in /var/lib/roundcube

2021-05-26 Thread Guilhem Moulin

On Wed, 26 May 2021 at 13:25:21 -0300, Kurt Fitzner wrote:
> During an upgrade of roundcube-core, if there are any manually installed
> plugins in /var, then an error is shown:

Thanks for the report!

> It may be a disply-only error with no actual ramifications. 

AFAICT that's correct, load_plugin() aborts but that only stops
initialization of the missing plugin, bin/update.sh continues with other
plugins and other configuration update steps, and the original array is
preserved on upgrades.

> That being said, the assumption of a reverse correlation shouldn't be made.

Indeed ;-)

-- 
Guilhem.

signature.asc
Description: PGP signature

Bug#989095: debdiff patch for CVE-2021-23017

2021-05-26 Thread Anton Luka Šijanec

Hello!

> If you fix the vulnerability please also make sure to include the CVE (Common 
> Vulnerabilities & Exposures) id in your changelog entry.

I made a debdiff for myself according to upstream instructions from the patch 
[0]. It is attached to this e-mail.
Link to the upstream patch was found here:
https://security-tracker.debian.org/tracker/CVE-2021-23017

Note that the upstream patch by nginx is for fresh nginx versions, whereas my 
debdiff targets the 1.14.2-2+deb10u3 release in Debian 10 (buster), so there's 
a small possibility that the mentioned patch might not be enough to fix the 
vulnerability. But I tested the patch on the PoC python script that the 
research team provided and valgrind did not report invalid reads like it did in 
the current version in Debian repos.

Applying my patch and building package:
apt-get source nginx
cd nginx-1.14.2
curl https://of.sijanec.eu/krneki/ngx-debdiff.txt | debdiff-apply
# edit debian/changelog to set the target version (by default debdiff 
adds .1 to previous version), probably 1.14.2-2+deb10u4
debuild -uc -us

Regards!

[0] http://nginx.org/download/patch.2021.resolver.txt
diff -Nru nginx-1.14.2/debian/changelog nginx-1.14.2/debian/changelog
--- nginx-1.14.2/debian/changelog   2020-08-24 12:18:43.0 +0200
+++ nginx-1.14.2/debian/changelog   2021-05-26 20:05:08.0 +0200
@@ -1,3 +1,11 @@
+nginx (1.14.2-2+deb10u4) buster-security; urgency=high
+
+  * Non-maintainer upload by Anton Luka Å ijanec.
+  * Fixes CVE-2021-23017 according to the patch instructions from upstream
+(Closes: #989095)
+
+ -- Anton Luka Å ijanec   Wed, 26 May 2021 20:05:08 +0200
+
 nginx (1.14.2-2+deb10u3) buster-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru nginx-1.14.2/debian/patches/CVE-2021-23017.patch 
nginx-1.14.2/debian/patches/CVE-2021-23017.patch
--- nginx-1.14.2/debian/patches/CVE-2021-23017.patch1970-01-01 
01:00:00.0 +0100
+++ nginx-1.14.2/debian/patches/CVE-2021-23017.patch2021-05-26 
20:05:08.0 +0200
@@ -0,0 +1,24 @@
+Index: nginx-1.14.2/src/core/ngx_resolver.c
+===
+--- nginx-1.14.2.orig/src/core/ngx_resolver.c
 nginx-1.14.2/src/core/ngx_resolver.c
+@@ -3975,15 +3975,15 @@ done:
+ n = *src++;
+ 
+ } else {
++if (dst != name->data) {
++*dst++ = '.';
++}
++
+ ngx_strlow(dst, src, n);
+ dst += n;
+ src += n;
+ 
+ n = *src++;
+-
+-if (n != 0) {
+-*dst++ = '.';
+-}
+ }
+ 
+ if (n == 0) {
diff -Nru nginx-1.14.2/debian/patches/series nginx-1.14.2/debian/patches/series
--- nginx-1.14.2/debian/patches/series  2020-08-24 12:18:43.0 +0200
+++ nginx-1.14.2/debian/patches/series  2021-05-26 20:05:08.0 +0200
@@ -4,3 +4,4 @@
 CVE-2019-9511.patch
 CVE-2019-9513.patch
 CVE-2019-20372.patch
+CVE-2021-23017.patch

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Holger Levsen

On Wed, May 26, 2021 at 10:09:30PM +0200, Paul Gevers wrote:
> I may be missing something, but *to me* the issue doesn't seem too bad.
> I mean, so far it seems nothing really breaks, just that after the
> upgrade not all packages are upgraded. Which that can be fixed with
> *another* upgrade. I may be missing something.

right. *I* missed this and thought this was a case of the upgrade itself
breaking.

apologies for the noise. I should have gone afk some time ago.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Paul Gevers

Hi Holger,

On 26-05-2021 22:04, Holger Levsen wrote:
> Hi Paul,
> 
> On Wed, May 26, 2021 at 09:55:36PM +0200, Paul Gevers wrote:
>> I agree with "it should be possible" but I'd like to note that the
>> release notes already explicitly recommend to update before upgrade.
> [...]
>> Ack. We could add a note to the release notes for those people that
>> don't update first.
>  
> yes. but then, it's been a *long* standing practice that this is generally
> supported and possible *and* then there are those people who don't read 
the
> release notes, or not completely, or miss that part or.

I may be missing something, but *to me* the issue doesn't seem too bad.
I mean, so far it seems nothing really breaks, just that after the
upgrade not all packages are upgraded. Which that can be fixed with
*another* upgrade. I may be missing something.

> IOW: if we can make a better fix, we should.

Agree, but I'm not sure we should jump through hoops.

Paul

OpenPGP_signature
Description: OpenPGP digital signature

Bug#989149: libgrss: CVE-2016-20011: No TLS certificate verification

2021-05-26 Thread Salvatore Bonaccorso

Source: libgrss
Version: 0.7.0-2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libgrss.

CVE-2016-20011[0]:
| libgrss through 0.7.0 fails to perform TLS certificate verification
| when downloading feeds, allowing remote attackers to manipulate the
| contents of feeds without detection. This occurs because of the
| default behavior of SoupSessionSync.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-20011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20011
[1] https://gitlab.gnome.org/GNOME/libgrss/-/issues/4

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Holger Levsen

Hi Paul,

On Wed, May 26, 2021 at 09:55:36PM +0200, Paul Gevers wrote:
> I agree with "it should be possible" but I'd like to note that the
> release notes already explicitly recommend to update before upgrade.
[...]
> Ack. We could add a note to the release notes for those people that
> don't update first.

yes. but then, it's been a *long* standing practice that this is generally
supported and possible *and* then there are those people who don't read the
release notes, or not completely, or miss that part or.

IOW: if we can make a better fix, we should.

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

signature.asc
Description: PGP signature

Bug#989148: tpm2-tools: CVE-2021-3565

2021-05-26 Thread Salvatore Bonaccorso

Source: tpm2-tools
Version: 5.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tpm2-software/tpm2-tools/issues/2738
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for tpm2-tools.

CVE-2021-3565[0]:
| during tpm2_import command invocation a fixed AES wrapping key is
| used

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3565
[1] https://github.com/tpm2-software/tpm2-tools/issues/2738
[2] 
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#989147: glibc: CVE-2021-33574: mq_notify does not handle separately allocated thread attributes

2021-05-26 Thread Salvatore Bonaccorso

Source: glibc
Version: 2.31-12
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for glibc, basically purely
to track the upstream issue and fix once coming downstream.

CVE-2021-33574[0]:
| The mq_notify function in the GNU C Library (aka glibc) through 2.33
| has a use-after-free. It may use the notification thread attributes
| object (passed through its struct sigevent parameter) after it has
| been freed by the caller, leading to a denial of service (application
| crash) or possibly unspecified other impact.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=27896

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Paul Gevers

Hi Holger,

On 26-05-2021 21:50, Holger Levsen wrote:
> On Wed, May 26, 2021 at 12:00:46PM +0200, Bill Allombert wrote:
>> One way to fix that is to update libgc1c2 in stable to not 
>> Conflict/Replaces with libgc1.
>  
> while this is true, this is also not the most desireable fix, because
> it should be possible to update from *any* stable installation
> to the next stable, not just from the latest stable point release.

I agree with "it should be possible" but I'd like to note that the
release notes already explicitly recommend to update before upgrade.

> that said, it's definitly much better than not fixing this issue at all.
> after all, most people will upgrade to the latest point release before
> switching the release :)

Ack. We could add a note to the release notes for those people that
don't update first.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Holger Levsen

On Wed, May 26, 2021 at 12:00:46PM +0200, Bill Allombert wrote:
> One way to fix that is to update libgc1c2 in stable to not 
> Conflict/Replaces with libgc1.

while this is true, this is also not the most desireable fix, because
it should be possible to update from *any* stable installation
to the next stable, not just from the latest stable point release.

that said, it's definitly much better than not fixing this issue at all.
after all, most people will upgrade to the latest point release before
switching the release :)

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Because things are the way they are, things will not stay the way they are.
(Bertolt Brecht)

signature.asc
Description: PGP signature

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Paul Gevers

Hi Bill,

Thank you for figuring this out...

On 26-05-2021 12:00, Bill Allombert wrote:
> At this point could you send the message of
> apt-get install libobjc4
> just to be sure.

See below.

Paul

root@stable:/# apt install libobjc4
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer
required:
  libcodec2-0.8.1 libcroco3 libcrystalhd3 libelf-dev libigdgmm5
libmysofa0 libnftables0
  libnvpair1linux libpgm-5.2-0 libuutil1linux libvpx5 libx264-155
libx265-165 libzfs2linux
  libzpool2linux linux-headers-4.19.0-16-common python3.7-minimal qdbus
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  guile-2.2-libs libgc1
The following packages will be REMOVED:
  libgc1c2
The following NEW packages will be installed:
  libgc1
The following packages will be upgraded:
  guile-2.2-libs libobjc4
2 upgraded, 1 newly installed, 1 to remove and 5 not upgraded.
Need to get 0 B/5261 kB of archives.
After this operation, 53.2 kB disk space will be freed.
Do you want to continue? [Y/n]

OpenPGP_signature
Description: OpenPGP digital signature

Bug#989146: unblock: node-cpr/3.0.1-4

2021-05-26 Thread Yadd

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package node-cpr

[ Reason ]
I did an error when including node-mkdirp (≥1) patch. Here is the fix
which permits to reenable all tests.

[ Impact ]
Maybe node-cpr is unable to copy empty directories

[ Tests ]
Upstream tests are now all enabled and passed (build + autopkgtest)

[ Risks ]
No risk, new patch is verified by tests.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Sorry for this error...

Cheers,
Yadd

unblock node-cpr/3.0.1-4
diff --git a/debian/changelog b/debian/changelog
index b0e6caf..338ddf1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-cpr (3.0.1-4) unstable; urgency=medium
+
+  * Team upload
+  * Fix GitHub tags regex
+  * Fix patch for node-mkdirp ≥ 1
+
+ -- Yadd   Wed, 26 May 2021 21:31:55 +0200
+
 node-cpr (3.0.1-3) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/update-mkdirp.diff 
b/debian/patches/update-mkdirp.diff
index 2e50ece..092902d 100644
--- a/debian/patches/update-mkdirp.diff
+++ b/debian/patches/update-mkdirp.diff
@@ -1,26 +1,27 @@
 Description: update to mkdirp ≥ 1
-Author: Xavier Guimard 
-Forwarded: https://github.com/davglass/cpr/issues/65
+Author: Yadd 
+Forwarded: https://github.com/davglass/cpr/issues/68
 Last-Update: 2020-10-21
 
 --- a/lib/index.js
 +++ b/lib/index.js
-@@ -121,12 +121,12 @@
+@@ -121,12 +121,13 @@
  err.errno = 27;
  options.errors.push(err);
  } else {
 -mkdirp(to, stat.mode, stack.add(function(err) {
-+mkdirp(to, stat.mode).catch((err) => 
{stack.add(function(err) {
++var ef = stack.add(function(err) {
  /*istanbul ignore next*/
  if (err) {
  options.errors.push(err);
  }
 -}));
-+})});
++});
++mkdirp(to, stat.mode).then(ef).catch(ef);
  }
  }));
  }
-@@ -139,7 +139,7 @@
+@@ -139,7 +140,7 @@
  
  var copyFile = function(from, to, options, callback) {
  var dir = path.dirname(to);
@@ -29,32 +30,3 @@ Last-Update: 2020-10-21
  fs.stat(to, function(statError) {
  var err;
  if(!statError && options.overwrite !== true) {
 a/tests/full.js
-+++ b/tests/full.js
-@@ -343,6 +343,7 @@
- 
- describe('validations', function() {
- 
-+/*
- it('should copy empty directory', function(done) {
- mkdirp.sync(path.join(to, 'empty-src'));
- cpr(path.join(to, 'empty-src'), path.join(to, 'empty-dest'), 
function() {
-@@ -351,6 +352,7 @@
- done();
- });
- });
-+*/
- 
- it('should not delete existing folders in out dir', function(done) {
- mkdirp.sync(path.join(to, 'empty-src', 'a'));
-@@ -359,8 +361,8 @@
- var stat = fs.statSync(path.join(to, 'empty-dest'));
- assert.ok(stat.isDirectory());
- var dirs = fs.readdirSync(path.join(to, 'empty-dest'));
--assert.equal(dirs[0], 'a');
--assert.equal(dirs[1], 'b');
-+assert.equal(dirs[0], 'b');
-+//assert.equal(dirs[1], 'a');
- done();
- });
- });
diff --git a/debian/watch b/debian/watch
index 3e3a8e7..1b77a15 100644
--- a/debian/watch
+++ b/debian/watch
@@ -2,4 +2,4 @@ version=3
 opts=\
 dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//,\
 filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/node-cpr-$1.tar.gz/ \
- https://github.com/davglass/cpr/tags .*/archive/v?([\d\.]+).tar.gz
+ https://github.com/davglass/cpr/tags .*/archive/.*/v?([\d\.]+).tar.gz

Bug#989145: Please do not use uml fakemachine backend in the DEP-8 test

2021-05-26 Thread Lucas Kanashiro


Package: debos
Version: 1.0.0+git20201203.e939090-4
Severity: wishlist

Dear maintainer,

The DEP-8 test recently added to src:debos, called build-chroot, makes 
use of the user-mode-linux package (the fakemachine backend used). 
However, user-mode-linux is not available in Ubuntu as in Debian which 
leads to a test failure. I kindly ask to use a different fakemachine 
backend allowing the execution of this test also in Ubuntu.


Thanks for considering this request.

Cheers!
Lucas Kanashiro.

Bug#989024: php-horde-text-filter 2.3.5-3+deb10u2 flagged for acceptance

2021-05-26 Thread Adam D Barratt

package release.debian.org
tags 989024 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: php-horde-text-filter
Version: 2.3.5-3+deb10u2

Explanation: fix cross-site scripting issue [CVE-2021-26929]

Bug#989023: libmateweather 1.20.2-1+deb10u1 flagged for acceptance

2021-05-26 Thread Adam D Barratt

package release.debian.org
tags 989023 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: libmateweather
Version: 1.20.2-1+deb10u1

Explanation: adapt for renaming of America/Godthab to America/Nuuk in tzdata

Bug#988482: libgetdata 0.10.0-5+deb10u1 flagged for acceptance

2021-05-26 Thread Adam D Barratt

package release.debian.org
tags 988482 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: libgetdata
Version: 0.10.0-5+deb10u1

Explanation: fix use after free issue [CVE-2021-20204]

Bug#987548: node-redis 2.8.0-1+deb10u1 flagged for acceptance

2021-05-26 Thread Adam D Barratt

package release.debian.org
tags 987548 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: node-redis
Version: 2.8.0-1+deb10u1

Explanation: fix regular expression denial of service issue [CVE-2021-29469]

Bug#944372: What more can be done?

2021-05-26 Thread Jochen Betz

The issue is still pending and I don't see any reply from the maintainer.

What more than providing even the patch for the issue can be done to get
this thing moving forward?


-- 
Dipl.-Ing. Jochen Betz
jochen.b...@gmx.net



signature.asc
Description: OpenPGP digital signature

Bug#989144: inspircd: memory disclosure

2021-05-26 Thread Salvatore Bonaccorso

Source: inspircd
Version: 3.8.1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

This is already fixed in unstable with 3.8.1-2:

https://docs.inspircd.org/security/2021-01/

The fix should ideally go into testing/bullseye.

Regards,
Salvatore

Bug#889817: linux: kernel does not always provide a heap [alpha arm64 mips64el ppc64el ppc64 s390x sparc64]

2021-05-26 Thread Salvatore Bonaccorso

Hi Aurelien,

On Wed, May 26, 2021 at 06:09:45PM +0200, Aurelien Jarno wrote:
> control: fixed 889817 5.2.6-1
> control: fixed 889817 4.19.87-1
> 
> Hi Salvatore,
> 
> On 2021-05-24 08:31, Salvatore Bonaccorso wrote:
> > Source: linux
> > Source-Version: 5.10.38-1
> > 
> > Hi,
> > 
> > On Wed, Feb 07, 2018 at 12:37:44PM +0100, Aurelien Jarno wrote:
> > > Source: linux
> > > Version: 4.14.13-1
> > > Severity: normal
> > > Tags: upstream
> > > 
> > > When ASLR is enabled (which is the default), the Linux kernel on at
> > > least alpha, arm64, mips64el, ppc64el, ppc64, s390x and sparc64 might
> > > not provide a heap to the program. This is the case for example when
> > > the program is run through the program interpreter ld.so. This happens
> > > with different probability depending on the architecture. This causes
> > > issues with GLIBC tunables support, which needs to be able to reserve
> > > a few hundred bytes of memory through brk. This is reproducible with
> > > at least kernel 4.9 and 4.15, and it's likely that the issue has always
> > > been there.
> > > 
> > > The following script, based on one from James Cowgill, shows the issue:
> > > 
> > > #!/bin/bash
> > > export LC_ALL=C
> > > 
> > > interp=$(readelf --headers /bin/cat | grep 'Requesting program 
> > > interpreter' | sed -e 's/.*: //' -e 's/]//')
> > > 
> > > for i in {1..1}
> > > do
> > > OUT=$($interp /bin/cat /proc/self/maps)
> > > if [[ $OUT != *heap* ]]
> > > then
> > > echo -n F
> > > echo "$OUT"
> > > else
> > > echo -n .
> > > fi
> > > done
> > > 
> > > A workaround is to set /proc/sys/kernel/randomize_va_space to 1.
> > 
> > As discussed on IRC, I was not able to trigger this behaviour with
> > 4.19.181-1 on amdahl (arm64), zelenka (s390x) or plummer (ppc64el). So
> > guess the issue has been fixed in meanwhile somewhere.
> > 
> > Not sure it is worth trying to bisect and finding the fixing
> > commit(s).
> 
> I have found that the problem has been fixed in that upstream commit:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bbdc6076d2e5d07db44e74c11b01a3e27ab90b32
> 
> This commit went into kernel 5.2, and was later backported in kernel
> 4.19.75.
> 
> > But for now closing with all recent versions in supported branches.
> 
> This mail should update the version in the BTS to the corresponding
> Debian version.

Very nice, thanks a lot for digging deeper into it to find the fixing
commit!

Regards,
Salvatore

Bug#984956: Pmix issues with openmpi-4.1.0

2021-05-26 Thread Paul Gevers

Hi Alastair,

On 26-05-2021 15:53, Alastair McKinstry wrote:
> You mean do an upload of 1.10.0~rc1-7
>  (current testing UCX)
> as 1.10.1
> ~rc1.really.1.10.0-1?
> 

AFAIK it's more common to use the "+", but according to $(dpkg
--compare-versions) either is fine: 1.10.1~rc1+really.1.10.0-1

Thanks.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989078: several SIGABRT in containers

2021-05-26 Thread Michael Biebl


Am 26.05.2021 um 04:19 schrieb Simon Richter:


On Tue, May 25, 2021 at 11:39:35PM +0200, Michael Biebl wrote:



Running this on a Debian sid system, the build completes
successfully (log attached).


Interesting, for me the build stopped during dh_auto_test -- but your log
contains several test failures where programs stopped with SIGABRT, just
apparently not enough to fail the build.


Yeah, sorry. Didn't actually check the output carefully apparently.

So, the test suite failure under docker is indeed reproducible here.
I'll file a separate upstream bug report about this.


Michael

Bug#989143: initramfs-tools: doesn’t actually compress with zstd

2021-05-26 Thread Christoph Anton Mitterer

Package: initramfs-tools
Version: 0.140
Severity: normal


Hey.

Just noted by coincidence, that even though I have set:
  COMPRESS=zstd
and zstd is installed and even runs (seen in e.g. top utility) when running
  update-initramfs -u
the files are in the end nevertheless plain cpio:
  file /boot/initrd.img-5.10.0-7-amd64
  /boot/initrd.img-5.10.0-7-amd64: ASCII cpio archive (SVR4 with no CRC)


Cheers,
Chris.



-- Package-specific info:
-- initramfs sizes
-rw-r--r-- 1 root root 24M May 14 13:47 /boot/initrd.img-5.10.0-6-amd64
-rw-r--r-- 1 root root 24M May 26 19:21 /boot/initrd.img-5.10.0-7-amd64
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-5.10.0-7-amd64 root=/dev/mapper/system ro 
rootflags=subvol=root random.trust_cpu=off luks.crypttab=no

-- /proc/filesystems
btrfs
fuseblk

-- /etc/initramfs-tools/modules
usb-storage
xhci-hcd
xhci-pci
ehci-hcd
ehci-pci
uhci-hcd
btrfs

-- /etc/initramfs-tools/initramfs.conf
MODULES=dep
BUSYBOX=auto
KEYMAP=n
COMPRESS=zstd
DEVICE=
NFSROOT=auto
RUNSIZE=10%
FSTYPE=auto

-- /etc/initramfs-tools/update-initramfs.conf
update_initramfs=yes
backup_initramfs=no

-- /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] 
[raid10] 
unused devices: 

-- /sys/block
dm-0
loop0
loop1
loop2
loop3
loop4
loop5
loop6
loop7
sda

/usr/share/initramfs-tools/hooks:
btrfs
cryptgnupg
cryptgnupg-sc
cryptkeyctl
cryptopensc
cryptpassdev
cryptroot
cryptroot-unlock
dmsetup
fsck
fuse
intel_microcode
keymap
klibc-utils
kmod
lvm2
mdadm
nbd
ntfs_3g
reiserfsprogs
resume
thermal
thin-provisioning-tools
udev
v86d
xfs
zz-busybox


-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages initramfs-tools depends on:
ii  initramfs-tools-core  0.140
ii  linux-base4.6

initramfs-tools recommends no packages.

Versions of packages initramfs-tools suggests:
ii  bash-completion  1:2.11-2

-- no debconf information

Bug#884992: closed by Guilhem Moulin (Re: Bug#884992: roundcube-plugins: No documentation to enable plugins)

2021-05-26 Thread Jonathan Hutchins

Thank you for pointing me to the correct information.  I'm not sure it 
was there when I originally installed the package.


I do feel somewhat put-upon that I have to know how to write arrays in 
PHP syntax to turn features on, but it's just one more configuration 
language.


--
Jonathan

Bug#989126: package statically links without using a Built-Using attribute

2021-05-26 Thread Andrei POPESCU

Control: reassign -1 src:orthanc-wsi 1.0-2

On Mi, 26 mai 21, 12:08:19, Matthias Klose wrote:
> Package: src:orthanc-wsi1.0-2
> Version: 1.0-2
> Severity: serious
> Tags: sid bulseye
> 
> The package statically links without using a Built-Using attribute, apparently
> introduced in the last -3 upload.  You need to add such an attribute when
> statically linking.

Fixing typo in source package name.

Kind regards,
Andrei
-- 
Looking after bugs assigned to unknown or inexistent packages


signature.asc
Description: PGP signature

Bug#989142: logstash: Illegal reflective access by org.jruby.util.SecurityHelper

2021-05-26 Thread Stefan Nitz

Package: logstash
Version: 1:6.8.16-1
Severity: normal

Dear Maintainer,

   * What led up to the situation?
   Update deb package

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   apt upgrade
   * What was the outcome of this action?
   Setting up logstash (1:6.8.16-1) ...
Using provided startup.options file: /etc/logstash/startup.options
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.util.SecurityHelper to field 
java.lang.reflect.Field.modifiers
WARNING: Please consider reporting this to the maintainers of 
org.jruby.util.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112:
 warning: constant ::Fixnum is deprecated
Successfully created system startup script for Logstash

   * What outcome did you expect instead?
No warning


-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (500, 'oldstable'), 
(102, 'experimental'), (50, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- Configuration Files:
/etc/logstash/jvm.options changed:
-Xms1g
-Xmx1g
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
-Djava.awt.headless=true
-Dfile.encoding=UTF-8
-Djruby.compile.invokedynamic=true
-Djruby.jit.threshold=0
-Djruby.regexp.interruptible=true
-XX:+HeapDumpOnOutOfMemoryError
-Djava.security.egd=file:/dev/urandom

/etc/logstash/logstash.yml changed:
path.data: /var/lib/logstash
path.logs: /var/log/logstash

/etc/logstash/startup.options [Errno 13] Permission denied: 
'/etc/logstash/startup.options'

# These settings are ONLY used by $LS_HOME/bin/system-install to create a custom
# startup script for Logstash and is not used by Logstash itself. It should
# automagically use the init system (systemd, upstart, sysv, etc.) that your
# Linux distribution uses.
#
# After changing anything here, you need to re-run $LS_HOME/bin/system-install
# as root to push the changes to the init script.


# Override Java location
#JAVACMD=/usr/bin/java

# Set a home directory
LS_HOME=/usr/share/logstash

# logstash settings directory, the path which contains logstash.yml
LS_SETTINGS_DIR=/etc/logstash

# Arguments to pass to logstash
LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"

# Arguments to pass to java
LS_JAVA_OPTS=""

# pidfiles aren't used the same way for upstart and systemd; this is for sysv 
users.
LS_PIDFILE=/var/run/logstash.pid

# user and group id to be invoked as
LS_USER=logstash
LS_GROUP=logstash

# Enable GC logging by uncommenting the appropriate lines in the GC logging
# section in jvm.options
LS_GC_LOG_FILE=/var/log/logstash/gc.log

# Open file limit
LS_OPEN_FILES=16384

# Nice level
LS_NICE=19

# Change these to have the init script named and described differently
# This is useful when running multiple instances of Logstash on the same
# physical box or vm
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"

# If you need to run a command or script before launching Logstash, put it
# between the lines beginning with `read` and `EOM`, and uncomment those lines.
###
## read -r -d '' PRESTART << EOM
## EOM

-- no debconf information

Bug#989086: New version 1.11.12 available

2021-05-26 Thread Moritz Mühlenhoff

Am Tue, May 25, 2021 at 05:08:33PM +0200 schrieb Marcus Frings:
> Package: leafnode
> Version: 1.11.11-3
> Severity: wishlist
> 
> Dear Moritz,
> 
> After some years of dormant sleep, leafnode received an update to 1.11.12 in 
> 2021.
> 
> Please consider the new version to be included in Debian.

Sure thing, but Debian is currently in freeze for the upcoming new
release, I'll update to 1.11.12 once the Bullseye release is out.

Cheers,
Moritz

Bug#989141: /usr/share/php/smarty3/sysplugins/smarty_security.php: Smarty Security: not trusted file path

2021-05-26 Thread Benjamin Renard


Package: smarty3
Version: 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3
File: /usr/share/php/smarty3/sysplugins/smarty_security.php
Severity: important

Dear Maintainer,

In the last update on Stretch 
(3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3), it seem to have
a confusion between $this->ds variable and DIRECTORY_SEPARATOR constant. 
The $this->ds is not defined and I couldn't found a reference to this 
variable elsewhere than in this version. In upstream release of Smarty, 
the DIRECTORY_SEPARATOR constant seem to be used instead and if I 
replace $this->ds occurrences by this constant (in 
isTrustedResourceDir() and _checkDir() methods), it solve the bug.


Regards,

-- System Information:
Debian Release: 9.5
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)

Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages smarty3 depends on:
ii  php   1:7.0+49
ii  php-common1:49
ii  php7.0 [php]  7.0.30-0+deb9u1
ii  php7.0-cli [php-cli]  7.0.30-0+deb9u1

smarty3 recommends no packages.

smarty3 suggests no packages.

-- no debconf information

Bug#989140: roundcube-core: Error displayed during upgrade if manually installed plugins are in use in /var/lib/roundcube

2021-05-26 Thread Kurt Fitzner

Package: roundcube
Version: 1.4.11+dfsg.1-4
Severity: minor

During an upgrade of roundcube-core, if there are any manually installed
plugins in /var, then an error is shown:

Setting up roundcube-mysql (1.4.11+dfsg.1-4) ...
Setting up libx11-xcb1:amd64 (2:1.7.1-1) ...
Setting up roundcube-core (1.4.11+dfsg.1-4) ...
Determining localhost credentials from /etc/mysql/debian.cnf: succeeded.
dbconfig-common: writing config to /etc/dbconfig-common/roundcube.conf
dbconfig-common: flushing administrative password
ERROR: Failed to load plugin file 
/usr/share/roundcube/plugins/show_gravatar/show_gravatar.php
Setting up roundcube-plugins (1.4.11+dfsg.1-4) ...
Setting up roundcube (1.4.11+dfsg.1-4) ...
Processing triggers for libc-bin (2.31-12) ...
Processing triggers for man-db (2.9.4-2) ...


Something is either looking at the roundcube configuration, or iterating
through all the plugins in /var/lib/roundcube/plugins and wanting to
associate them with the package-supplied plugins which are in
/usr/lib/roundcube/plugins.  However, only plugins supplied by the package
/should rightfully exist in /usr/lib/roundcube/plugins.

The script can assume that all plugins in /usr/lib/roundcube/plugins/* exist
as a link to /var/lib/roundcube/plugins/*, but the reverse cannot be
assumed.

Why the upgrade script for roundcube-core was looking at the plugins, and
why it made the assumption that the /var plugins must also all exist in /usr
is unknown.  It may be a disply-only error with no actual ramifications. 
That being said, the assumption of a reverse correlation shouldn't be made.



-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages roundcube-core depends on:
ii  dbconfig-common 2.0.19
ii  debconf [debconf-2.0]   1.5.75
ii  dpkg1.20.9
ii  libjs-bootstrap44.5.2+dfsg1-6
ii  libjs-codemirror5.59.2+~cs0.23.109-1
ii  libjs-jquery3.5.1+dfsg+~3.5.5-7
ii  libjs-jquery-minicolors 2.2.6+dfsg-4
ii  libjs-jquery-ui 1.12.1+dfsg-8
ii  libjs-jstimezonedetect  1.0.6-5
ii  libmagic1   1:5.39-3
ii  php 2:7.4+76
ii  php-auth-sasl   1.1.0-1
ii  php-cli 2:7.4+76
ii  php-common  2:76
ii  php-intl2:7.4+76
ii  php-mail-mime   1.10.10-1
ii  php-masterminds-html5   2.7.4+dfsg-2
ii  php-mbstring2:7.4+76
ii  php-net-sieve   1.4.4-2
ii  php-net-smtp1.9.0-1
ii  php-net-socket  1.2.2-2
ii  php-pear1:1.10.12+submodules+notgz+20210212-1
ii  php7.4 [php]7.4.15-5+deb11u1
ii  php7.4-cli [php-cli]7.4.15-5+deb11u1
ii  php7.4-intl [php-intl]  7.4.15-5+deb11u1
ii  php7.4-json [php-json]  7.4.15-5+deb11u1
ii  php7.4-mbstring [php-mbstring]  7.4.15-5+deb11u1
ii  roundcube-mysql 1.4.11+dfsg.1-4
ii  ucf 3.0043

Versions of packages roundcube-core recommends:
ii  lighttpd [httpd-cgi]1.4.59-1
ii  php-fpm 2:7.4+76
ii  php-gd  2:7.4+76
ii  php-pspell  2:7.4+76
ii  php7.4-fpm [php-fpm]7.4.15-5+deb11u1
ii  php7.4-gd [php-gd]  7.4.15-5+deb11u1
ii  php7.4-pspell [php-pspell]  7.4.15-5+deb11u1
ii  spawn-fcgi  1.6.4-2

Versions of packages roundcube-core suggests:
pn  php-crypt-gpg 
pn  php-mkopinsky-zxcvbn-php  
pn  php-net-ldap3 
ii  roundcube-plugins 1.4.11+dfsg.1-4

Versions of packages roundcube depends on:
ii  dpkg  1.20.9

-- Configuration Files:
/etc/roundcube/lighttpd.conf changed [not included]

-- debconf information excluded

Bug#889817: linux: kernel does not always provide a heap [alpha arm64 mips64el ppc64el ppc64 s390x sparc64]

2021-05-26 Thread Aurelien Jarno

control: fixed 889817 5.2.6-1
control: fixed 889817 4.19.87-1

Hi Salvatore,

On 2021-05-24 08:31, Salvatore Bonaccorso wrote:
> Source: linux
> Source-Version: 5.10.38-1
> 
> Hi,
> 
> On Wed, Feb 07, 2018 at 12:37:44PM +0100, Aurelien Jarno wrote:
> > Source: linux
> > Version: 4.14.13-1
> > Severity: normal
> > Tags: upstream
> > 
> > When ASLR is enabled (which is the default), the Linux kernel on at
> > least alpha, arm64, mips64el, ppc64el, ppc64, s390x and sparc64 might
> > not provide a heap to the program. This is the case for example when
> > the program is run through the program interpreter ld.so. This happens
> > with different probability depending on the architecture. This causes
> > issues with GLIBC tunables support, which needs to be able to reserve
> > a few hundred bytes of memory through brk. This is reproducible with
> > at least kernel 4.9 and 4.15, and it's likely that the issue has always
> > been there.
> > 
> > The following script, based on one from James Cowgill, shows the issue:
> > 
> > #!/bin/bash
> > export LC_ALL=C
> > 
> > interp=$(readelf --headers /bin/cat | grep 'Requesting program interpreter' 
> > | sed -e 's/.*: //' -e 's/]//')
> > 
> > for i in {1..1}
> > do
> > OUT=$($interp /bin/cat /proc/self/maps)
> > if [[ $OUT != *heap* ]]
> > then
> > echo -n F
> > echo "$OUT"
> > else
> > echo -n .
> > fi
> > done
> > 
> > A workaround is to set /proc/sys/kernel/randomize_va_space to 1.
> 
> As discussed on IRC, I was not able to trigger this behaviour with
> 4.19.181-1 on amdahl (arm64), zelenka (s390x) or plummer (ppc64el). So
> guess the issue has been fixed in meanwhile somewhere.
> 
> Not sure it is worth trying to bisect and finding the fixing
> commit(s).

I have found that the problem has been fixed in that upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bbdc6076d2e5d07db44e74c11b01a3e27ab90b32

This commit went into kernel 5.2, and was later backported in kernel
4.19.75.

> But for now closing with all recent versions in supported branches.

This mail should update the version in the BTS to the corresponding
Debian version.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#987672: Known issue

2021-05-26 Thread Thomas Goirand

Hi,

This is a known issue. Designate is "DNS as a Service" in OpenStack, so
it does all sorts of unit testing during the build. I would prefer if I
could *not* blacklist those tests that are parsing /etc/resolv.conf,
this would lower the quality of the package, rather than increasing it.
I don't see this as a bug...

Your thoughts?

Cheers,

Thomas Goirand (zigo)

Bug#989139: gnome-flashback segfaults on login

2021-05-26 Thread Alberts Muktupāvels

Can you get stacktrace?

Maybe this helps?:
https://gitlab.gnome.org/GNOME/gnome-flashback/-/commit/7676c3a243aad62150b1108dd126132b5f91f8d7


On Wed, May 26, 2021 at 6:03 PM Grzegorz Szymaszek 
wrote:

> Package: gnome-session-flashback
> Version: 3.38.0-1
>
> When I login to a GNOME Flashback session from GDM3, it fails with a
> “something has gone wrong” screen. When I click “Log Out”, I am able to
> see the GNOME Flashback desktop, but I get logged out anyway. Relevant
> dmesg fragment:
>
> gnome-flashback[…]: segfault at fff0 ip 00486734 sp bf9fd99c error
> 5 in gnome-flashback[47e000+9]
> Code: 00 5b 5e c3 66 90 83 c4 04 31 c0 5b 5e c3 8d b4 26 00 00 00 00
> 90 e8 84 fb ff ff 05 6f 93 0f 00 8b 54 24 04 8b 80 38 18 00 00 <8b> 04 02
> c3 8d b4 26 00 00 00 00 90 e8 64 fb ff ff 05 4f 93 0f 00
>
> This is an old Intel Atom‐based netbook with Debian bullseye. All other
> GNOME sessions—the default Wayland session, the alternative X11 session,
> as well as the X11 “Classic” session—work correctly.
>


-- 
Alberts Muktupāvels

Bug#928744: u-boot: add support for the Turris Omnia and other OpenSSL reqiring hardware

2021-05-26 Thread Bastian Germann

On Fri, 10 May 2019 15:08:43 +0800 Paul Wise  wrote:

On Thu, 2019-05-09 at 23:45 -0700, Vagrant Cascadian wrote:

> I've thought about this as well... I've been hesitant to implement it
> wondering how it would interact with the NEW queue...

Only one way to find out :)

> Ideally, of course, would be to fix upstream to not require OpenSSL

Indeed, even with OpenSSL moving to Apache 2.0, which is compatible
with GPLv3 (and thus GPLv2+), OpenSSL 3.0 will still be incompatible
with the GPLv2-only code in u-boot.

With #972513, OpenSSL support for the u-boot-tools was added, so it should be possible now to build 
the requested binary packages.

Bug#989006: [RFS] [preapproval] Bug#989006: unblock: vtk-dicom/0.8.12-3

2021-05-26 Thread Étienne Mollier

Control: tags -1 - moreinfo

Hi Sebastian,

Sebastian Ramacher, on 2021-05-25:
> Something seems to be wrong with the autopkgtests. They are not run.
> Could you please check what's wrong there? Once fixed, vtk-dicom will be
> able to migrate without an unblock.

Thanks for you review!  It looks like I have been overly
cautious when doing my checks and got caught by my forceful
autopkgtest run when building packages.  What seems to happen is
that the d/control file misses a Testsuite field, while
autodep8(1) manual says it must be present, thus I suspect debci
is not considering any test in the package.

I prepared another iteration, 0.8.12-4, in which I only add said
field.  Assuming it does the right thing, it will need sponsored
upload, and since the autodep8 is superficial in the present
case, it would also need an unblock.  To make sure I'm stepping
in the right direction, may I enquire for a pre-approval?

The debdiff should be in attachment, and the source code
available on Salsa[1].

[1]: https://salsa.debian.org/med-team/vtk-dicom

Have a nice day,  :)
-- 
Étienne Mollier 
Fingerprint:  8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
Sent from /dev/tty1, please excuse my verbosity.
diff -Nru vtk-dicom-0.8.12/debian/changelog vtk-dicom-0.8.12/debian/changelog
--- vtk-dicom-0.8.12/debian/changelog   2019-12-22 14:42:19.0 +0100
+++ vtk-dicom-0.8.12/debian/changelog   2021-05-26 16:50:42.0 +0200
@@ -1,3 +1,27 @@
+vtk-dicom (0.8.12-4) unstable; urgency=medium
+
+  * Team upload.
+  * Trigger autodep8 autopkgtest-pkg-python test explicitly, to enable CI, per
+discussion on unblock request #989006
+
+ -- Étienne Mollier   Wed, 26 May 2021 16:50:42 
+0200
+
+vtk-dicom (0.8.12-3) unstable; urgency=medium
+
+  * Team upload.
+  * d/{python3-vtk-dicom,not-installed}: do not install libvtkDICOMPython*.so
+Closes: #988643
+
+ -- Étienne Mollier   Sat, 22 May 2021 15:08:12 
+0200
+
+vtk-dicom (0.8.12-2) unstable; urgency=medium
+
+  * Team upload.
+  * Fix autopkgtest.  Thanks for the patch to Étienne Mollier.
+Closes: #988745
+
+ -- Andreas Tille   Wed, 19 May 2021 15:30:05 +0200
+
 vtk-dicom (0.8.12-1) unstable; urgency=medium
 
   * New upstream version 0.8.12
diff -Nru vtk-dicom-0.8.12/debian/control vtk-dicom-0.8.12/debian/control
--- vtk-dicom-0.8.12/debian/control 2019-12-22 14:42:19.0 +0100
+++ vtk-dicom-0.8.12/debian/control 2021-05-25 20:16:03.0 +0200
@@ -19,6 +19,7 @@
 Vcs-Browser: https://salsa.debian.org/med-team/vtk-dicom
 Vcs-Git: https://salsa.debian.org/med-team/vtk-dicom.git
 Homepage: http://github.com/dgobbi/vtk-dicom/
+Testsuite: autopkgtest-pkg-python
 
 Package: libvtk-dicom-dev
 Architecture: any
diff -Nru vtk-dicom-0.8.12/debian/not-installed 
vtk-dicom-0.8.12/debian/not-installed
--- vtk-dicom-0.8.12/debian/not-installed   1970-01-01 01:00:00.0 
+0100
+++ vtk-dicom-0.8.12/debian/not-installed   2021-05-22 14:38:32.0 
+0200
@@ -0,0 +1,2 @@
+# Linker name of Python module primitives probably not needed.  See #988643.
+usr/lib/*/libvtkDICOMPython*.so
diff -Nru vtk-dicom-0.8.12/debian/python3-vtk-dicom.install 
vtk-dicom-0.8.12/debian/python3-vtk-dicom.install
--- vtk-dicom-0.8.12/debian/python3-vtk-dicom.install   2019-12-22 
14:42:19.0 +0100
+++ vtk-dicom-0.8.12/debian/python3-vtk-dicom.install   2021-05-22 
14:32:04.0 +0200
@@ -1,5 +1,4 @@
 #!/usr/bin/dh-exec 
 usr/lib/*/libvtkDICOMPython*.so.* 
-usr/lib/*/libvtkDICOMPython*.so usr/lib/python${PYVER}/dist-packages
 usr/lib/*/vtkDICOMPython*.so usr/lib/python${PYVER}/dist-packages
 
diff -Nru vtk-dicom-0.8.12/debian/tests/autopkgtest-pkg-python.conf 
vtk-dicom-0.8.12/debian/tests/autopkgtest-pkg-python.conf
--- vtk-dicom-0.8.12/debian/tests/autopkgtest-pkg-python.conf   1970-01-01 
01:00:00.0 +0100
+++ vtk-dicom-0.8.12/debian/tests/autopkgtest-pkg-python.conf   2021-05-19 
22:40:52.0 +0200
@@ -0,0 +1 @@
+import_name = vtkDICOMPython


signature.asc
Description: PGP signature

Bug#989131: unblock: gosa/2.7.4+reloaded3-16

2021-05-26 Thread Mike Gabriel

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-edu-pkg-t...@lists.alioth.debian.org

Please unblock package gosa

   * debian/gosa.postinst:
 + Don't choke on failing httpd service restarts. This allows gosa to be
   installed into chroots. (Closes: #989099).

-> very helpful for testing things with GOsa² on a local (developer) host

   * debian/patches:
 + Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and
   1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide
   'alias' attribute type via 'gosaMailAccount' objectClass. This fixes
   'alias' field setting via gosa-plugin-mailaddress without the need to
   add 'kolabInetOrgPerson' objectClass to every mail account. (Closes:
   #989096).

-> important issue to be resolved for Debian Edu 11.

 + Add 1053_check-countable-before-using-count-on-variable.patch. Don't use
   count() function on data that might not be countable. Silences hundreds
   of PHP warning log messages per user session. (Closes: #939043).

-> Fix for additional issue, caused by PHP 7.3 and newer (count(array_var) 
throws an
error if the array_var is NULL since PHP 7.3 (iirc)).

[ Reason ]
This new version resolved a long standing problem in gosa
and gosa-plugin-mailaddress. Plus two other fixes for annoying
issues.

[ Impact ]
The gosa-plugin-mailaddress 'Mail aliases' field stays unusable
for users of Debian's GOsa² LDAP frontend and for sysadmins
of Debian Edu sites.

[ Tests ]
Manual tests on a Debian Edu buster and a freshly installed Debian Edu
bullseye main server (aka TJENER).

[ Risks ]
Biggest impact probably on the Debian Edu server installation profile
(slapd will refuse to restart, if I did something wrong regarding the
schema changes).

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None

unblock gosa/2.7.4+reloaded3-16
diff -Nru gosa-2.7.4+reloaded3/debian/changelog 
gosa-2.7.4+reloaded3/debian/changelog
--- gosa-2.7.4+reloaded3/debian/changelog   2020-11-23 17:44:53.0 
+0100
+++ gosa-2.7.4+reloaded3/debian/changelog   2021-05-26 09:31:07.0 
+0200
@@ -1,3 +1,32 @@
+gosa (2.7.4+reloaded3-16) unstable; urgency=medium
+
+  * Re-upload as is.
+
+  * debian/changelog:
++ Fix faulty bug closure in previous changelog stanza. Re-closing the
+  correct bug here now. (Closes: #989099, allow gosa to be installed
+  in chroots).
+
+ -- Mike Gabriel   Wed, 26 May 2021 09:31:07 +0200
+
+gosa (2.7.4+reloaded3-15) unstable; urgency=medium
+
+  * debian/gosa.postinst:
++ Don't choke on failing httpd service restarts. This allows gosa to be
+  installed into chroots. (Closes: #989099).
+  * debian/patches:
++ Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and
+  1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide
+  'alias' attribute type via 'gosaMailAccount' objectClass. This fixes
+  'alias' field setting via gosa-plugin-mailaddress without the need to
+  add 'kolabInetOrgPerson' objectClass to every mail account. (Closes:
+  #989096).
++ Add 1053_check-countable-before-using-count-on-variable.patch. Don't use
+  count() function on data that might not be countable. Silences hundreds
+  of PHP warning log messages per user session. (Closes: #939043).
+
+ -- Mike Gabriel   Tue, 25 May 2021 21:18:20 +0200
+
 gosa (2.7.4+reloaded3-14) unstable; urgency=medium
 
   * debian/patches:
diff -Nru gosa-2.7.4+reloaded3/debian/gosa.postinst 
gosa-2.7.4+reloaded3/debian/gosa.postinst
--- gosa-2.7.4+reloaded3/debian/gosa.postinst   2020-04-27 12:59:23.0 
+0200
+++ gosa-2.7.4+reloaded3/debian/gosa.postinst   2020-12-19 13:57:56.0 
+0100
@@ -78,9 +78,9 @@
# Finally restart servers
if [ -x "$(which apache2ctl)" ]; then
if [ -x "$(which invoke-rc.d)" ]; then
-   invoke-rc.d apache2 reload
+   invoke-rc.d apache2 reload || true
else
-   /etc/init.d/apache2 reload
+   /etc/init.d/apache2 reload || true
fi
fi
 fi
@@ -110,9 +110,9 @@
# Finally restart servers
if [ -x "$(which lighttpd)" ]; then
if [ -x "$(which invoke-rc.d)" ]; then
-   invoke-rc.d lighttpd reload
+   invoke-rc.d lighttpd reload || true
else
-   /etc/init.d/lighttpd reload
+   /etc/init.d/lighttpd reload || true
fi
fi
 fi
diff -Nru 
gosa-2.7.4+reloaded3/debian/patches/1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch

Bug#891867: closed by "Chris Lamb" (Re: diffoscope: improve .changes diffs)

2021-05-26 Thread Helmut Grohne

Hi Chris,

On Wed, May 26, 2021 at 09:59:03AM +0100, Chris Lamb wrote:
> Can you confirm in, say, version 175? If so, do you have a testcase that
> I can replicate locally?

I find this way of dealing with the issue quite disrespectful. I've
included a patch (which admittedly is more of a workaround) and the bug
log fully explains what the issue is, why it is there and what can be
done to fix it. You didn't like my solution, fine, I removed the patch
tag.

To replicate it locally, you can create a rfc822 file, copy it and
remove the first or last line of a multiline field in your copy.

As for a real-world example, look for any reproducible source package
that builds both arch:all and arch:any packages. Say dash. Now perform a
full build.  Then look into what kind of package comes last (or first)
in the .dsc's Package-List. Happens to be that dash (arch:any) is last.
Now drop it by performing an indep-only build. Go compare your builds.
This is what you see (with version 175):

| ...
| │ ├── Checksums-Sha256
| │ │ @@ -1,4 +1,2 @@
| │ │
| │ │ - f54228a4191361ffd0bc9ebe8b22d2545356aff9efa6d4a949dc8fa22114519c 34828 
ash_0.5.11+git20210120+802ebd4-1_all.deb
| │ │ - e09828d59480ac2182e7781c358cea5c60cc513d68ee435f07809b50253a01cc 154972 
dash-dbgsym_0.5.11+git20210120+802ebd4-1_amd64.deb
| │ │ - 572fc08ed88b8c79a99322110f8597ef0cbb49ccbdb1a31b485cdc40461debd2 115512 
dash_0.5.11+git20210120+802ebd4-1_amd64.deb
| │ │ + f54228a4191361ffd0bc9ebe8b22d2545356aff9efa6d4a949dc8fa22114519c 34828 
ash_0.5.11+git20210120+802ebd4-1_all.deb

This is a real-world issue, well-understood since three years.

If you don't like the original workaround, how about this variant that
deals with line endings and indentation simultaneously?

| def normalize_multiline(lines: str) -> str:
| return "".join(line.strip() + "\n" for line in lines.splitlines())

Can we please stop running in circles one step per year?

Helmut

Bug#989139: gnome-flashback segfaults on login

2021-05-26 Thread Grzegorz Szymaszek

Package: gnome-session-flashback
Version: 3.38.0-1

When I login to a GNOME Flashback session from GDM3, it fails with a
“something has gone wrong” screen. When I click “Log Out”, I am able to
see the GNOME Flashback desktop, but I get logged out anyway. Relevant
dmesg fragment:

gnome-flashback[…]: segfault at fff0 ip 00486734 sp bf9fd99c error 5 in 
gnome-flashback[47e000+9]
Code: 00 5b 5e c3 66 90 83 c4 04 31 c0 5b 5e c3 8d b4 26 00 00 00 00 90 e8 
84 fb ff ff 05 6f 93 0f 00 8b 54 24 04 8b 80 38 18 00 00 <8b> 04 02 c3 8d b4 26 
00 00 00 00 90 e8 64 fb ff ff 05 4f 93 0f 00

This is an old Intel Atom‐based netbook with Debian bullseye. All other
GNOME sessions—the default Wayland session, the alternative X11 session,
as well as the X11 “Classic” session—work correctly.


signature.asc
Description: PGP signature

Bug#989138: RFP: cli53 -- Command line tool for Amazon AWS Route 53

2021-05-26 Thread Juri Grabowski

Package: wnpp
Severity: wishlist

* Package name: cli53
  Version : 0.8.18
  Upstream Author : Barnaby Gray 
* URL : https://github.com/barnybug/cli53
* License : MIT
  Programming Lang: go
  Description : Command line tool for Amazon AWS Route 53


cli53 - Command line tool for Amazon Route 53Introduction cli53 provides
import and export from BIND format and simple command line management
of Route 53 domains.

Features: 
* import and export BIND format
* create, delete and list hosted zones
* create, delete and update individual records
* create AWS extensions: failover, geolocation, latency, weighted
  and ALIAS records
* create, delete and use reusable delegation
sets Installation is easy

It looks like packaging is in progress:
  https://salsa.debian.org/lfaraone/cli53-dpkg/

Bug#989103: pulseaudio crashes on startup

2021-05-26 Thread Felipe Sateler

Control: tags -1 unreproducible moreinfo


On Tue, May 25, 2021 at 10:27 PM Michał Mirosław 
wrote:

> Package: pulseaudio
> Version: 14.2-2
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: mirq-debo...@rere.qmqm.pl
>
> After upgrade to bullseye, pulseaudio crashes on startup in
> pa_alsa_sink_new() -> find_mixer() due to mapping==NULL.
>

You have this in your config:

load-module module-alsa-sink device=hw:1,0 control=Wave

Does it crash if you remove that line?

-- 

Saludos,
Felipe Sateler

Bug#984956: Pmix issues with openmpi-4.1.0

2021-05-26 Thread Alastair McKinstry


Hi Paul

To confirm:

You mean do an upload of 1.10.0~rc1-7 
 (current testing UCX) 
as 1.10.1 
~rc1.really.1.10.0-1?



thanks

Alastair

On 20/05/2021 16:33, Paul Gevers wrote:

Hi Alastair,

On Sun, 16 May 2021 07:25:51 +0100 Alastair McKinstry
  wrote:

No, I wanted to wait and check if there were any issues before issuing
an unblock request.

ucx is not bullseye material, it doesn't comply at all with the release
policy. It would be best if ucx is reverted to the previous version
(e.g. using an +really version name). And openmpi rebuild after that.


On 16/05/2021 06:35, Lucas Nussbaum wrote:

Unfortunately, I noticed that the upload to unstable was built against
ucx 1.10.1~rc1-1, so both need to migrate to testing.

Did you already engage discussions with the release team? I did not find
an unblock request.

Paul


--
Alastair McKinstry, email:alast...@sceal.ie, matrix: @alastair:sceal.ie, phone: 
087-6847928
Green Party Councillor, Galway County Council

Bug#987672: designate accesses the internet during the build

2021-05-26 Thread Adrian Bunk

Control: retitle -1 designate requires a nameserver in /etc/resolv.conf during 
the build
Control: severity -1 normal

What fails is parsing /etc/resolv.conf without nameserver, which is not 
a problem on the buildds.

cu
Adrian

Bug#989137: cockpit-ws: No sysvinit script

2021-05-26 Thread Simon Walter

Package: cockpit-ws
Version: 188-1
Severity: normal
Tags: patch

Dear Maintainer,

Here is a patch for a sysvinit script.

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit
LSM: AppArmor: enabled

Versions of packages cockpit-ws depends on:
ii  adduser 3.118
ii  glib-networking 2.58.0-2+deb10u2
ii  libc6   2.28-10
ii  libglib2.0-02.58.3-2+deb10u2
ii  libgssapi-krb5-21.17-3+deb10u1
ii  libjson-glib-1.0-0  1.4.4-2
ii  libkrb5-3   1.17-3+deb10u1
ii  libpam0g1.3.1-5
ii  libsystemd0 241-7~deb10u7
ii  openssl 1.1.1d-0+deb10u6

cockpit-ws recommends no packages.

cockpit-ws suggests no packages.

-- no debconf information


#!/bin/sh
### BEGIN INIT INFO
# Provides:  cockpit
# Required-Start:$local_fs $network $named $time $syslog
# Required-Stop: $local_fs $network $named $time $syslog
# Default-Start: 2 3 4 5
# Default-Stop:  0 1 6
# Short-Description: cockpit management webserver
# Description:   cockpit management webserver
### END INIT INFO

cmd="/usr/sbin/remotectl certificate --ensure --user=root --group=cockpit-ws 
--selinux-type="
cmd1="/usr/lib/cockpit/cockpit-ws"
name=$(basename "$0")
pid_file="/var/run/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"

test -x "$cmd1" || exit 0

get_pid() {
cat "$pid_file"
}

is_running() {
[ -f "$pid_file" ] && ps -p "$(get_pid)" > /dev/null 2>&1
}

case "$1" in
start) if is_running; then
   echo "Already started"
   else
   echo "Starting $name"
   $cmd >> "$stdout_log" 2>> "$stderr_log"
   $cmd1 >> "$stdout_log" 2>> "$stderr_log" &
   echo $! > "$pid_file"
   if ! is_running; then
   echo "Unable to start, see $stdout_log and $stderr_log"
   exit 1
   fi
   fi
   ;;
 stop) if is_running; then
   echo "Stopping $name.."
   kill "$(get_pid)"
   i=0
   while [ "$i" -lt 10 ]
   do
   if ! is_running; then
   break
   fi
   echo "."
   sleep 1
   i=$((i+1))
   done
   echo
   if is_running; then
   echo "Not stopped; may still be shutting down or shutdown 
may have failed"
   exit 1
   else
   echo "Stopped"
   if [ -f "$pid_file" ]; then
   rm "$pid_file"
   fi
   fi
   else
   echo "Not running"
   fi
   ;;
  restart) $0 stop
   if is_running; then
   echo "Unable to stop, will not attempt to start"
   exit 1
   fi
   $0 start
   ;;
   status) if is_running; then
   echo "Running"
   else
   echo "Stopped"
   exit 1
   fi
   ;;
*) echo "Usage: $0 {start|stop|restart|status}"
   exit 1
   ;;
esac

exit 0

Bug#989111: libopenmpi-dev: broken symlinks: /usr/lib/i386-linux-gnu/openmpi/lib/libmca_common_{ofi,ompio}.so

2021-05-26 Thread Alastair McKinstry

This appears to be limited to i386/ 32-bit systems. They're shipped 
elsewhere.


There have been changes on 32-bit support.

Thanks

Alastair

On 26/05/2021 08:15, Andreas Beckmann wrote:

Package: libopenmpi-dev
Version: 4.1.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package ships (or creates)
a broken symlink.

 From the attached log (scroll to the bottom...):

7m38.7s ERROR: FAIL: Broken symlinks:
   /usr/lib/i386-linux-gnu/openmpi/lib/libmca_common_ofi.so -> 
libmca_common_ofi.so.10.0.1 (libopenmpi-dev:i386)
   /usr/lib/i386-linux-gnu/openmpi/lib/libmca_common_ompio.so -> 
libmca_common_ompio.so.41.29.1 (libopenmpi-dev:i386)

The corresponding libraries do not seem to be shipped in
libopenmpi3 any longer.


cheers,

Andreas


--
Alastair McKinstry, email: alast...@sceal.ie, matrix: @alastair:sceal.ie, 
phone: 087-6847928
Green Party Councillor, Galway County Council

Bug#984956: Still occurring here with 4.1.0-9

2021-05-26 Thread Alastair McKinstry



Alastair McKinstry
Hi

Can you confirm that openmpi 4.1.0-9 is present on all the nodes ?

Regards
Alastair

From: Dominique Brazziel 
Reply to: Dominique Brazziel , <984...@bugs.debian.org>
Date: Thursday 20 May 2021 at 13:03
To: "984...@bugs.debian.org" <984...@bugs.debian.org>
Subject: Bug#984956: Still occurring here with 4.1.0-9
Resent from: Dominique Brazziel 
Resent to: 
Resent date: Thu, 20 May 2021 12:03:02 +

I installed openmpi-{bin, common} V4.1.0-9 from unstable and still have the 
problem.

mpirun.openmpi -host X:2,Y:2 hostname results in the same ORTE_ERROR_LOG 
messages
followed by FORCE-TERMINATE.

Bug#971530: dnspython 2.x breaks all of OpenStack

2021-05-26 Thread Filippo Giunchedi

On Thu, Oct 01, 2020 at 12:15 PM, Thomas Goirand wrote:
> Package: python3-dnspython
> Version: 2.0.0-1
> Severity: important
> 
> Hi,
> 
> I'm sending this just to let you know that dnspython broke Eventlet,
> which is unfortunately the base of many OpenStack stuff. As a
> consequence, the websocket of Nova is broken over SSL, and many
> other stuff, due to the API change in dnspython.
> 
> I'm sending this as only severity: important, though I was considering
> a higher severity. I'd like to first discuss the mater with the
> maintainers of dnspython.

I very much think this bug should be RC: unless I'm missing something the
code below doesn't work but should:

$ python3 -c 'from eventlet.green import socket ; 
print(socket.getaddrinfo("debian.org", 443))'
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 435, 
in resolve
return _proxy.query(name, rdtype, raise_on_no_answer=raises,
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 391, 
in query
return end()
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 370, 
in end
raise result[1]
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 351, 
in step
a = fun(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1089, in query
return self.resolve(qname, rdtype, rdclass, tcp, source,
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1043, in resolve
timeout = self._compute_timeout(start, lifetime)
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 950, in 
_compute_timeout
raise Timeout(timeout=duration)
dns.exception.Timeout: The DNS operation timed out after 5.107415199279785 
seconds

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 528, 
in getaddrinfo
qname, addrs = _getaddrinfo_lookup(host, family, flags)
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 501, 
in _getaddrinfo_lookup
raise err
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 490, 
in _getaddrinfo_lookup
answer = resolve(host, qfamily, False, use_network=use_network)
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 443, 
in resolve
raise EAI_EAGAIN_ERROR
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 490, 
in _getaddrinfo_lookup
answer = resolve(host, qfamily, False, use_network=use_network)
  File "/usr/lib/python3/dist-packages/eventlet/support/greendns.py", line 443, 
in resolve
raise EAI_EAGAIN_ERROR
socket.gaierror: [Errno -3] Lookup timed out

Bug#989135: unblock: hexchat/2.14.3-6

2021-05-26 Thread Mattia Rizzolo

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package hexchat

[ Reason ]
Moving away from Freenode to Libera.chat.

[ Impact ]
Probably little changes for debian, since the default network has been
OFTC for a while, but I still think it's relevant to add Libera.Chat to
the available networks, at the very least.

[ Tests ]
manually tested all the changes.

[ Risks ]
none, probably.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
It's quite relevant for ubuntu, as you can guess from the diff, but that
part is in a patch that is not built in debian, so…

unblock hexchat/2.14.3-6

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
diffstat for hexchat-2.14.3 hexchat-2.14.3

 changelog  |   11 
 control|1 
 default_servers/debian |4 -
 default_servers/ubuntu |   15 +++---
 patches/a25f2381689d2c2279a0e43b33f6c0ec8305a096.patch |   20 
 patches/d3545f37cd5f551ed8bc0ab7b20e5c8140adc0a6.patch |   39 +
 patches/series |4 +
 7 files changed, 85 insertions(+), 9 deletions(-)

diff -Nru hexchat-2.14.3/debian/changelog hexchat-2.14.3/debian/changelog
--- hexchat-2.14.3/debian/changelog 2021-01-02 16:31:39.0 +0100
+++ hexchat-2.14.3/debian/changelog 2021-05-26 14:55:10.0 +0200
@@ -1,3 +1,14 @@
+hexchat (2.14.3-6) unstable; urgency=medium
+
+  * Add Recommends:ca-certificates.
+  * Add patches from upstream to add Libera.Chat to the network list.
+  * Adapt default servers patches for the upstream changes.
+  * Ubuntu default server:
++ Change from Freenode to Libera.Chat.
++ Ore-select the "join channel" button, like we do in Debian.
+
+ -- Mattia Rizzolo   Wed, 26 May 2021 14:55:10 +0200
+
 hexchat (2.14.3-5) unstable; urgency=medium
 
   * Bump copyright for 2021.
diff -Nru hexchat-2.14.3/debian/control hexchat-2.14.3/debian/control
--- hexchat-2.14.3/debian/control   2020-12-16 21:56:22.0 +0100
+++ hexchat-2.14.3/debian/control   2021-05-26 14:54:00.0 +0200
@@ -34,6 +34,7 @@
  ${misc:Depends},
  ${shlibs:Depends},
 Recommends:
+ ca-certificates,
  hexchat-perl,
  hexchat-plugins,
  hexchat-python3,
diff -Nru hexchat-2.14.3/debian/default_servers/debian 
hexchat-2.14.3/debian/default_servers/debian
--- hexchat-2.14.3/debian/default_servers/debian2018-12-03 
14:24:00.0 +0100
+++ hexchat-2.14.3/debian/default_servers/debian2021-05-26 
14:23:45.0 +0200
@@ -17,7 +17,7 @@
  {
int i = 0, j = 0;
ircnet *net = NULL;
--  guint def_hash = g_str_hash ("freenode");
+-  guint def_hash = g_str_hash ("Libera.Chat");
 +  guint def_hash = g_str_hash ("OFTC");
  
while (1)
@@ -36,7 +36,7 @@
 +  gtk_entry_set_text (GTK_ENTRY (entry1), "#debian");
 +  gtk_toggle_button_set_active 
(GTK_TOGGLE_BUTTON(radiobutton2), TRUE);
 +  }
-   if (g_ascii_strcasecmp(((ircnet*)serv->network)->name, 
"freenode") == 0)
+   if (g_ascii_strcasecmp(((ircnet*)serv->network)->name, 
"Libera.Chat") == 0)
{
 -  gtk_entry_set_text (GTK_ENTRY (entry1), "#hexchat");
 +  gtk_entry_set_text (GTK_ENTRY (entry1), "#debian");
diff -Nru hexchat-2.14.3/debian/default_servers/ubuntu 
hexchat-2.14.3/debian/default_servers/ubuntu
--- hexchat-2.14.3/debian/default_servers/ubuntu2020-01-02 
09:39:26.0 +0100
+++ hexchat-2.14.3/debian/default_servers/ubuntu2021-05-26 
14:51:19.0 +0200
@@ -17,8 +17,8 @@
/* irc. points to chat. but many users and urls still reference it */
{0, "irc.freenode.net"},
  
-+  {"Ubuntu Servers (freenode)", 0, 0, 0, LOGIN_SASL, 0, TRUE},
-+  {0, "chat.freenode.net"},
++  {"Ubuntu Servers (Libera.Chat)", 0, 0, 0, LOGIN_SASL, 0, TRUE},
++  {0, "irc.libera.chat"},
 +
{"GalaxyNet",   0},
{0, "irc.galaxynet.org"},
@@ -27,8 +27,8 @@
  {
int i = 0, j = 0;
ircnet *net = NULL;
--  guint def_hash = g_str_hash ("freenode");
-+  guint def_hash = g_str_hash ("Ubuntu Servers (freenode)");
+-  guint def_hash = g_str_hash ("Libera.Chat");
++  guint def_hash = g_str_hash ("Ubuntu

Bug#989134: RFS: schism/2:20210525-1 -- ImpulseTracker clone aiming at providing the same look

2021-05-26 Thread Gürkan Myczko


Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "schism":

 * Package name: schism
   Version : 2:20210525-1
   Upstream Author : Storlek/chisel 
 * URL : http://schismtracker.org/
 * License : GPL-2-or-later
 * Vcs : https://salsa.debian.org/multimedia-team/schism
   Section : sound

It builds those binary packages:

  schism - ImpulseTracker clone aiming at providing the same look

To access further information about this package, please visit the 
following URL:


  https://mentors.debian.net/package/schism/

Alternatively, one can download the package with dget using this 
command:


  dget -x 
https://mentors.debian.net/debian/pool/main/s/schism/schism_20210525-1.dsc


Changes since the last upload:

 schism (2:20210525-1) experimental; urgency=medium
 .
   * New upstream version.
   * Bump standards version to 4.5.1.
   * Bump debhelper version to 13, drop d/compat.
   * d/upstream/metadata: added.
   * d/copyright: modernised and updated copyright years.

Regards,
--
  Gürkan Myczko

Bug#988174: Updating metadata

2021-05-26 Thread Diederik de Haas

Control: fixed -1 1:6.0+dfsg-1~exp0
Control: tag -1 patch
Control: tag -1 upstream
Control: tag -1 bullseye

I've now done several runs spread over several days and they all succeeded, so 
that alone would indicate that the issue is resolved with the 6.0 version.
On top of that, Bernhard Übelacker has identified the exact commit which fixed 
the issue and when that commit got backported to 5.2, the issue was resolved 
there too.

Normally I'd close the bug by sending a msg to 988174-done@b.d.o, but I'm 
explicitly not doing that here as I think this bug should be fixed for Bullseye 
as well. AFAIK that usually requires a RC bug and I don't think this bug 
qualifies as such. 
But I (/we?) do think that a/the maintainer should evaluate this issue, also 
because the fix is tiny and targeted, and take the appropriate action.
As the maintainers email address/ML doesn't (seem to) exist, I've explicitly 
CC-ed the uploader of 1:6.0+dfsg-1~exp0 in this response.

Cheers,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#989133: RFS: welle.io/2.3-1 -- DAB/DAB+ Software Radio

2021-05-26 Thread Gürkan Myczko


Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "welle.io":

 * Package name: welle.io
   Version : 2.3-1
   Upstream Author : Albrecht Lohofener 
 * URL : https://www.welle.io/
 * License : LGPL-2.1+, BSD-3-clause, MIT, CC-BY-3.0, GPL-2+
 * Vcs : 
https://salsa.debian.org/debian-hamradio-team/welle.io

   Section : hamradio

It builds those binary packages:

  welle.io - DAB/DAB+ Software Radio

To access further information about this package, please visit the 
following URL:


  https://mentors.debian.net/package/welle.io/

Alternatively, one can download the package with dget using this 
command:


  dget -x 
https://mentors.debian.net/debian/pool/main/w/welle.io/welle.io_2.3-1.dsc


Changes since the last upload:

 welle.io (2.3-1) experimental; urgency=medium
 .
   * New upstream version.
   * d/copyright: update path for json file.
   * Bump standards version to 4.5.1.

Regards,
--
  Gürkan Myczko

Bug#989122: exim4: takes 10 seconds to accept connections after waking up on another network

2021-05-26 Thread Marc Haber

On Wed, May 26, 2021 at 11:31:25AM +0200, Rémi Letot wrote:
> when I put my laptop to sleep, then wake it up on another network
> (which is what happens 95% of the times that I put it to sleep),
> exim takes 10 seconds to accept any connection until I restart it.

Does it send out any DNS queries in this time? Can you put an strace on
the exim process before putting the system to sleep so that we can check
where the delay originates from?

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#989132: buster-pu: package wml/2.12.2~ds1-3~deb10u1

2021-05-26 Thread Cyril Brulebois

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Axel Beckert , debian-...@lists.debian.org

Hi,

(a...@debian.org in x-d-cc, who agreed with my helping on this topic, and
debian-...@lists.debian.org for information)


[ Reason ]

The wml package in buster contains a regression from stretch that leads
to various Unicode-related fun. It can trigger Unicode validity issues
in Chinese, which was seen and worked around for the build of the Debian
website; but it can also misrender various languages, if a non-ASCII
character happens to be the last one on a line in the WML source. That
includes the rather frequent word “à” in French (affecting hundreds of
pages on the Debian website), or “υ” as the last letter of the last word
(seen in Greek). This was also reported for Russian.

Patching the Debian website to avoid running into these situations could
be feasible but would also be impractical, as new/updated translations
would have to be monitored. And that wouldn't fix the rendering of
unsuspecting wml users outside the Debian website use case.

Patching wml instead was discussed in this MR against webmaster-team's
webwml, which includes some example of bad rendering, and many more data
points down the line (which are summed up below):
  https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/596


[ Impact ]

Broken rendering when non-ASCII characters appear at the end of a line
in WML sources, which might be non-obvious (this wouldn't break a
build).


[ Tests ]

Obviously, I've used the Debian website as a “regression test” that
encompasses many files in various languages. My findings are available
there:
  
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/596#note_240902
  
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/596#note_240938

Basically, `file` can be used to determine whether rendering in
generated HTML files appears to be broken, mixing UTF-8 and
ISO-something (or similar) characters. With this, I confirmed that all
occurrences of “Non-ISO extended-ASCII” variations are being replaced
with full UTF-8 files (also variations, depending on long lines etc.).

I've also checked the expected changes are happening, with “broken
character” being replaced by “à” many many times in French (we have 700+
affected pages for that language alone). Non-HTML files don't appear to
change much either, as expected (those were inspected via diff, rather
than counting on file's output).

The corpus of generated HTML is 64466 files, which seems decent enough
as a real-life regression test…

Finally, I've checked that *only with the patched wml package*,
reverting the workaround that was put in place for Chinese doesn't break
the HTML generation again, and even gets us a better rendering than with
the workaround. More details in:
  
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/596#note_240938


[ Risks ]

I cannot say it will not regress or slightly change the output for some
specific users/files, but I would be quite surprised to see people show
up and complain that we fixed broken rendering…


[ Checklist ]

  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable


[ Changes ]

The package in buster is 2.12.2~ds1-2 (through an upload to unstable
that migrated into testing), the issue was fixed in the following upload
(2.12.2~ds1-3) which happened 1+ year later, with just a single patch.
I'm proposing to backport this specific upload to buster, hence the
rather obnoxious 2.12.2~ds1-3~deb10u1 version number. I've also
considered 2.12.2~ds1-2+deb10u1 which didn't look much better (and I'm
not sure going with 2.12.2~ds1-4 for cosmetic reasons would be
reasonable).


Thanks for considering!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant
diff -Nru wml-2.12.2~ds1/debian/changelog wml-2.12.2~ds1/debian/changelog
--- wml-2.12.2~ds1/debian/changelog 2019-02-17 18:39:38.0 +0100
+++ wml-2.12.2~ds1/debian/changelog 2021-05-25 05:47:04.0 +0200
@@ -1,3 +1,20 @@
+wml (2.12.2~ds1-3~deb10u1) buster; urgency=medium
+
+  * Backport Unicode fix to buster, fixing rendering issues with e.g.
+non-ASCII characters in various languages, as seen when building the
+Debian website. Some examples include ‘υ’ in Greek and ‘à’ in French
+when those characters are at the end of a line.
+
+ -- Cyril Brulebois   Tue, 25 May 2021 05:47:04 +0200
+
+wml (2.12.2~ds1-3) unstable; urgency=medium
+
+  * Add patch to fix regression in Unicode handling (especially Chinese)
+of "htmlstrip -O2" from Stretch to Buster by adding "no feature
+'unicode_strings'". (Closes: #959761)
+
+ -- Axel Beckert   Tue, 05 May 2020 14:48:19 +0200
+
 wml

Bug#989129: buster-pu: package node-ws/1.1.0+ds1.e6ddaae4-5+deb10u1

2021-05-26 Thread Yadd

Here is the missing debdiff
diff --git a/debian/changelog b/debian/changelog
index d8d3387..20f5a00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-ws (1.1.0+ds1.e6ddaae4-5+deb10u1) buster; urgency=medium
+
+  * Team upload
+  * Fix ReDoS vulnerability (Closes: CVE-2021-32640)
+
+ -- Yadd   Wed, 26 May 2021 12:33:11 +0200
+
 node-ws (1.1.0+ds1.e6ddaae4-5) unstable; urgency=medium
 
   * Add upstream/metadata
diff --git a/debian/patches/CVE-2021-32640.patch 
b/debian/patches/CVE-2021-32640.patch
new file mode 100644
index 000..fd4c9dc
--- /dev/null
+++ b/debian/patches/CVE-2021-32640.patch
@@ -0,0 +1,49 @@
+Description: Fix ReDoS vulnerability
+ A specially crafted value of the `Sec-Websocket-Protocol` header could
+ be used to significantly slow down a ws server.
+ .
+ PoC and fix were sent privately by Robert McLaughlin from University of
+ California, Santa Barbara.
+Author: Luigi Pinca 
+Origin: upstream, https://github.com/websockets/ws/commit/00c425e
+Bug: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
+Forwarded: not-needed
+Reviewed-By: Yadd 
+Last-Update: 2021-05-26
+
+--- a/lib/WebSocketServer.js
 b/lib/WebSocketServer.js
+@@ -289,7 +289,7 @@
+   var completeHybiUpgrade1 = function() {
+ // choose from the sub-protocols
+ if (typeof self.options.handleProtocols == 'function') {
+-var protList = (protocols || "").split(/, */);
++var protList = (protocols || "").split(',').map(trim);
+ var callbackCalled = false;
+ var res = self.options.handleProtocols(protList, function(result, 
protocol) {
+   callbackCalled = true;
+@@ -303,7 +303,7 @@
+ return;
+ } else {
+ if (typeof protocols !== 'undefined') {
+-completeHybiUpgrade2(protocols.split(/, */)[0]);
++completeHybiUpgrade2(protocols.split(',').map(trim)[0]);
+ }
+ else {
+ completeHybiUpgrade2();
+@@ -552,3 +552,15 @@
+ try { socket.destroy(); } catch (e) {}
+   }
+ }
++
++/**
++ * Remove whitespace characters from both ends of a string.
++ *
++ * @param {String} str The string
++ * @return {String} A new string representing `str` stripped of whitespace
++ * characters from both its beginning and end
++ * @private
++ */
++function trim(str) {
++  return str.trim();
++}
diff --git a/debian/patches/series b/debian/patches/series
index 0556eb7..e5cc10a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ disable-debian-failing-tests
 fix-failing-tests
 increase-test-timeout
 node-ads-120.diff
+CVE-2021-32640.patch

Bug#443700: monitor a path recursively

2021-05-26 Thread Patrik Schindler

Hello,

I'm not sure if this is already done. In 0.5.12-1+deb10u1, when I watch the 
root of my home directory with IN_CLOSE_WRITE,IN_MOVED_TO,IN_ONLYDIR, changes 
in subdirectories trigger a run of the associated script.

Personally, I'd prefer to have an additional flag IN_RECURSIVE if a directory 
is to be watched in it's entire subtree, or only changes to the directory 
(inode) itself, which is the opposite of what the initial bug reporter was 
asking for.

Should I open a new feature request?

:wq! PoC

Bug#989130: gnutls28: made uninstallable by latest update

2021-05-26 Thread Giacomo Mulas


Source: gnutls28
Version: 3.6.7-4+deb10u6
Severity: normal

Dear Maintainer,

there seems to be a discrepancy between the versions of the packages
provided by the gnutls28 source package for the amd64 and i386
architectures, breaking a multiarch installation. The latest
apt dist-upgrade therefore caused a bunch of packages to be uninstalled
from my machine, making them uninstallable (except forcing their versions
to be =3.6.7-4+deb10u6, instead of the 3.6.7-4+deb10u7 available on
proposed-updates). Unfortunately, 3.6.7-4+deb10u7 appears to be a
binary-only update, hence I cannot pull the corresponding source package
to try to compile it locally either. Would it be possible to make the
released packages for stable are consistent, to fix this?

Thanks in advance, bye
Giacomo Mulas


-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (105, 'proposed-updates'), (104, 
'stable'), (101, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.181-oac-core2 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), 
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#989129: buster-pu: package node-ws/1.1.0+ds1.e6ddaae4-5+deb10u1

2021-05-26 Thread Yadd

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
node-ws is vulnerable to re regex denial of service (ReDoS)
(CVE-2021-32640).

[ Impact ]
A specially crafted value of the `Sec-Websocket-Protocol` header could
be used to significantly slow down a ws server.

[ Tests ]
No change in test, it passed.

[ Risks ]
No risk, patch is trivial

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Just replace:

  split(/, */)

by

  split(',').map(s => s.trim())

[ Other info ]
I adapted patch from 7.4.2 to 1.1.0

Cheers,
Yadd

Bug#989124: grub-installer: occasional failure to install grub (when two DEs selected)

2021-05-26 Thread Cyril Brulebois

Philip Hands  (2021-05-26):
> Dear Maintainer,

Dear Bug Reporter,

(:D)

> While testing under openQA (so in qemu/kvm) if selecting more than one DE,
> somthing like one in ten installs will fail to install grub, resulting in an
> unbootable system.
> 
> Given that this is only happening in the unusual circumstance of selecting
> multiple desktops, and even then is only an intermitent bug, I've tagged it as
> minor.
> 
> An example of this can be found here:
> 
>   https://openqa.debian.net/tests/4457
> 
> which one can see hanging at the initial boot screen, rather than booting to 
> a login prompt.
> 
> One of the assets being collected it a dump of the start of the target block
> device, which in the failing case looks like this:
> 
>   https://openqa.debian.net/tests/4457/file/complete_install-dev_vda_dump.txt
> 
> whereas when things are working it looks like this:
> 
>   https://openqa.debian.net/tests/4439/file/complete_install-dev_vda_dump.txt
> 
> I have tried making it collect data earlier during the install
> but doing so resulted in bug going away.
> 
> [I had it flip to the console when mandb is being installed, as that sits on 
> the
> screen for quite a while so provides a good trigger for the action, and run a
> few commands to collect state, then flip back to the graphical screen.]
> 
> BTW The syslog from that failing run is here:
> 
>   https://openqa.debian.net/tests/4457/file/complete_install-syslog.txt
> 
> If there's more information that could usefully be collected, please mention
> what you think might help and I'll add it to the openqa scripts.

Comparing complete_install-syslog.txt for both runs, this feels icky (as
I think I already pointed out on IRC when you first asked):

ko.txt:

May 25 21:09:07 grub-installer: info: Installing grub on ''

ok.txt:

May 25 14:58:08 grub-installer: info: Installing grub on '/dev/vda'

I'm not sure I really trust the screenshots that show /dev/vda selected
in both cases. After all, looking one step before, the boolean regarding
installing GRUB wasn't captured at all in the failing case, compare the
screenshots starting here:

 - https://openqa.debian.net/tests/4457#step/grub/45 (ko)
 - https://openqa.debian.net/tests/4439#step/grub/45 (ok)

but maybe that's just a side effect of the console switching gymnastics
you mentioned? (Sending left Ctrl or the like every few minutes avoids
running into DPMS/blanking issues, I'm using that trick.)

Anyway, any chance you could add `DEBCONF_DEBUG=developer` on the kernel
command line, so that we have a chance of understanding what's happening
on the debconf level? Otherwise, we might try and hotpatch
grub-installer to add some more logging but if we could avoid that…


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#989128: package statically links without using a Built-Using attribute

2021-05-26 Thread Matthias Klose

Package: src:orthanc-dicomweb
Version: 1.5+dfsg-2
Severity: serious
Tags: sid bulseye

The package statically links without using a Built-Using attribute, apparently
introduced in the last -2 upload.  You need to add such an attribute when
statically linking.

Bug#989127: package statically links without using a Built-Using attribute

2021-05-26 Thread Matthias Klose

Package: src:orthanc-webviewer
Version: 2.7-3
Severity: serious
Tags: sid bulseye

The package statically links without using a Built-Using attribute, apparently
introduced in the last -3 upload.  You need to add such an attribute when
statically linking.

Bug#989126: package statically links without using a Built-Using attribute

2021-05-26 Thread Matthias Klose

Package: src:orthanc-wsi1.0-2
Version: 1.0-2
Severity: serious
Tags: sid bulseye

The package statically links without using a Built-Using attribute, apparently
introduced in the last -3 upload.  You need to add such an attribute when
statically linking.

Bug#989125: lists.debian.org: Request a mailing list named "debian-loongarch64"

2021-05-26 Thread JiaLingZhang

Package: lists.debian.org
Severity: wishlist
Tags: upstream

Dear Maintainer,

Rationale:We have a new architecture named loongarch64, We have alreadly
compelted loongarch64 debian port in our local workspace. Now, We plane to post
it to debian for becomeing a offical debian port. We need a mailing list for
Discussions on the loongarch64 port(s) of Debian.
Name: debian-loongarch64
Short description: Discussions on the loongarch64 port(s) of Debian.
Long description:
Discussions on the loongarch64 port(s) of Debian.
For more information see: https://wiki.debian.org/loongarch64
This list is not moderated; posting is allowed by anyone.

Subscription Policy: open
Post Policy: open
Web Archive : yes



-- System Information:
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: mips64el (mips64)

Kernel: Linux 3.10.84-23.fc21.loongson.8.mips64el (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), 
LANGUAGE=zh_CN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#988963: upgrade-reports: upgrade process requires a second "apt full-upgrade"

2021-05-26 Thread Bill Allombert

On Tue, May 25, 2021 at 10:00:48PM +0200, Paul Gevers wrote:
> See below.
> The following additional packages will be installed:
>   libgc1 libobjc4
> The following packages will be REMOVED:
>   libgc1c2
> The following NEW packages will be installed:
>   libgc1
> The following packages will be upgraded:
>   guile-2.2-libs libobjc4
> 2 upgraded, 1 newly installed, 1 to remove and 5 not upgraded.

Thanks a lot!

This seems the crux of the problem:

In buster:
libgc1c2: Conflicts/Replace libgc1
while in bulleyes
libgc1: Conflicts/Replace libgc1c2

This is unusual. Independently they are correct and quite usual,
but not both at the same time. They means that
libgc1c2 supersed libgc1, while at the same time libgc1 supersed
libgc1c2. This is probably confusing apt.

This comes from old package name reuse.
There was an older libgc1 in 2005 which was superseded by 
libgc2 which is now superseded by a new libgc1.

The package name libgc1 should not have been reused before all reference
to it have been removed from stable. This is why removing outdated
Conflicts is important.

One way to fix that is to update libgc1c2 in stable to not 
Conflict/Replaces with libgc1.

At this point could you send the message of
apt-get install libobjc4
just to be sure.

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#757356: Apple keyboard: Scan code event (EV_MSC) not generated when the EV_KEY event is generated by hid-apple.c

2021-05-26 Thread Vincent Lefevre

Control: retitle -1 Apple keyboard: Scan code event (EV_MSC) not generated when 
the EV_KEY event is generated by hid-apple.c
Control: tags -1 patch

On 2021-05-26 10:39:11 +0200, Vincent Lefevre wrote:
> And the cursor keys. Actually, all the keys corresponding to
> 
> static const struct applespi_key_translation applespi_fn_codes[] = {
> { KEY_BACKSPACE, KEY_DELETE },
> { KEY_ENTER,KEY_INSERT },
> { KEY_F1,   KEY_BRIGHTNESSDOWN, APPLE_FLAG_FKEY },
> { KEY_F2,   KEY_BRIGHTNESSUP,   APPLE_FLAG_FKEY },
> { KEY_F3,   KEY_SCALE,  APPLE_FLAG_FKEY },
> { KEY_F4,   KEY_DASHBOARD,  APPLE_FLAG_FKEY },
> { KEY_F5,   KEY_KBDILLUMDOWN,   APPLE_FLAG_FKEY },
> { KEY_F6,   KEY_KBDILLUMUP, APPLE_FLAG_FKEY },
> { KEY_F7,   KEY_PREVIOUSSONG,   APPLE_FLAG_FKEY },
> { KEY_F8,   KEY_PLAYPAUSE,  APPLE_FLAG_FKEY },
> { KEY_F9,   KEY_NEXTSONG,   APPLE_FLAG_FKEY },
> { KEY_F10,  KEY_MUTE,   APPLE_FLAG_FKEY },
> { KEY_F11,  KEY_VOLUMEDOWN, APPLE_FLAG_FKEY },
> { KEY_F12,  KEY_VOLUMEUP,   APPLE_FLAG_FKEY },
> { KEY_RIGHT,KEY_END },
> { KEY_LEFT, KEY_HOME },
> { KEY_DOWN, KEY_PAGEDOWN },
> { KEY_UP,   KEY_PAGEUP },
> { }
> };
> 
> in drivers/input/keyboard/applespi.c.
> 
> Just in case, in /etc/modprobe.d/hid_apple.conf, I have
> 
> options hid_apple fnmode=2
> options hid_apple iso_layout=0

But since I'm using hid_apple, I should have taken
drivers/hid/hid-apple.c, which has the same kind of code:

static const struct apple_key_translation apple_fn_keys[] = {
{ KEY_BACKSPACE, KEY_DELETE },
{ KEY_ENTER,KEY_INSERT },
{ KEY_F1,   KEY_BRIGHTNESSDOWN, APPLE_FLAG_FKEY },
{ KEY_F2,   KEY_BRIGHTNESSUP,   APPLE_FLAG_FKEY },
{ KEY_F3,   KEY_SCALE,  APPLE_FLAG_FKEY },
{ KEY_F4,   KEY_DASHBOARD,  APPLE_FLAG_FKEY },
{ KEY_F5,   KEY_KBDILLUMDOWN,   APPLE_FLAG_FKEY },
{ KEY_F6,   KEY_KBDILLUMUP, APPLE_FLAG_FKEY },
{ KEY_F7,   KEY_PREVIOUSSONG,   APPLE_FLAG_FKEY },
{ KEY_F8,   KEY_PLAYPAUSE,  APPLE_FLAG_FKEY },
{ KEY_F9,   KEY_NEXTSONG,   APPLE_FLAG_FKEY },
{ KEY_F10,  KEY_MUTE,   APPLE_FLAG_FKEY },
{ KEY_F11,  KEY_VOLUMEDOWN, APPLE_FLAG_FKEY },
{ KEY_F12,  KEY_VOLUMEUP,   APPLE_FLAG_FKEY },
{ KEY_UP,   KEY_PAGEUP },
{ KEY_DOWN, KEY_PAGEDOWN },
{ KEY_LEFT, KEY_HOME },
{ KEY_RIGHT,KEY_END },
{ }
};

In the conditions from hidinput_apple_event(), the only ones that
should match according to my settings are

if (usage->code == fn_keycode) {

and

if (fnmode) {

and these are the keys (when trans is true, for fnmode) for which I do
not get a scan code event. Said otherwise, if hidinput_apple_event()
returns 1, I do not get a scan code event. There are input_event()
calls, but I suppose that they will just generate an EV_KEY event,
and EV_MSC is the one that is missing.

Note: in hid-apple.c, apple_event() calls hidinput_apple_event(), and
one has

static struct hid_driver apple_driver = {
[...]
.event = apple_event,
[...]
};
module_hid_driver(apple_driver);

I forgot that there was

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757356#35

from Daniel Lin, with a patch, in 2017. I've looked at this patch
(but have not tried it), and it adds an additional EV_MSC event
when hidinput_apple_event() has to generate an EV_KEY event. So
I confirm that should solve this issue and I'm adding the patch
tag (I don't know whether the patch needs an update, though).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#989124: grub-installer: occasional failure to install grub (when two DEs selected)

2021-05-26 Thread Philip Hands

Package: grub-installer
Version: 1.178
Severity: minor

Dear Maintainer,

While testing under openQA (so in qemu/kvm) if selecting more than one DE,
somthing like one in ten installs will fail to install grub, resulting in an
unbootable system.

Given that this is only happening in the unusual circumstance of selecting
multiple desktops, and even then is only an intermitent bug, I've tagged it as
minor.

An example of this can be found here:

  https://openqa.debian.net/tests/4457

which one can see hanging at the initial boot screen, rather than booting to a 
login prompt.

One of the assets being collected it a dump of the start of the target block
device, which in the failing case looks like this:

  https://openqa.debian.net/tests/4457/file/complete_install-dev_vda_dump.txt

whereas when things are working it looks like this:

  https://openqa.debian.net/tests/4439/file/complete_install-dev_vda_dump.txt

I have tried making it collect data earlier during the install
but doing so resulted in bug going away.

[I had it flip to the console when mandb is being installed, as that sits on the
screen for quite a while so provides a good trigger for the action, and run a
few commands to collect state, then flip back to the graphical screen.]

BTW The syslog from that failing run is here:

  https://openqa.debian.net/tests/4457/file/complete_install-syslog.txt

If there's more information that could usefully be collected, please mention
what you think might help and I'll add it to the openqa scripts.

Cheers, Phil.

Bug#443524:

2021-05-26 Thread Smith Katherine

..--
 I know that we are just knowing each other for the
first time but we can share ideas,lets be friends
I'm expecting your reply .

Bug#989123: xlog manual not properly displayed

2021-05-26 Thread Ed Lawson

Package: xlog
Version: 2.0.20-1
Severity: normal
X-Debbugs-Cc: elaw...@grizzy.com

Dear Maintainer,

When I attempt to open the manual pages from the help menu, the page that is
displayed shows a blank, gray panel to the left of the Xlog logo instead of a
navigation menu of various sections of the manual.  I have tried opening this
page in Firefox, Chromium, and Dillo and the result is the same.  It appears
there is at least one javascript which fails causing the navigation panel to
not be shown.


-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xlog depends on:
ii  dpkg 1.20.9
ii  libc62.31-12
ii  libcairo21.16.0-5
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0 2.66.8-1
ii  libgtk2.0-0  2.24.33-2
ii  libhamlib4   4.0-6
ii  libjs-jquery 3.5.1+dfsg+~3.5.5-7
ii  libpango-1.0-0   1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  xlog-data2.0.20-1

Versions of packages xlog recommends:
ii  shared-mime-info  2.0-1
ii  xdg-utils 1.1.3-4.1

Versions of packages xlog suggests:
pn  cwdaemon 
ii  extra-xdg-menus  1.0-5
ii  glabels  3.4.1-3

Bug#989078: several SIGABRT in containers

2021-05-26 Thread Michael Biebl


control: severity -1 normal
control: tags -1 + moreinfo upstream

Am 25.05.21 um 15:29 schrieb Simon Richter:

Package: systemd
Version: 241-7~deb10u7
Severity: important
Tags: upstream

Hi,

I have a Docker container where I compile FPGA images using the QuartusII
toolchain, but this fails with

 realloc(): invalid pointer
 Aborted

Investigating this, I got a backtrace from gdb:

 #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 #1  0x7f242ac38535 in __GI_abort () at abort.c:79
 #2  0x7f242ac8f508 in __libc_message (action=action@entry=do_abort, 
fmt=fmt@entry=0x7f242ad9a28d "%s\n") at ../sysdeps/posix/libc_fatal.c:181
 #3  0x7f242ac95c1a in malloc_printerr (str=str@entry=0x7f242ad98587 
"realloc(): invalid pointer") at malloc.c:5341
 #4  0x7f242ac9ae4a in __GI___libc_realloc (oldmem=0x7f242583b378, 
bytes=9) at malloc.c:3166
 #5  0x7f24256afaf5 in strextend_with_separator 
(x=x@entry=0x7ffe16aeaba0, separator=0x0, separator=0x0) at 
../src/basic/string-util.c:920
 #6  0x7f24256b3081 in chase_symlinks.constprop.36 (path=, ret=0x7ffe16aeac98, flags=0, original_root=0x0) at 
../src/basic/fs-util.c:1009
 #7  0x7f24256b8c0c in device_set_syspath (device=0x19e5760, 
_syspath=_syspath@entry=0x7ffe16aead10 "/sys/bus/serio/devices/serio0", 
verify=verify@entry=true)
 at ../src/libsystemd/sd-device/sd-device.c:148
 #8  0x7f24256b930a in sd_device_new_from_syspath (ret=ret@entry=0x7ffe16aeadd0, 
syspath=syspath@entry=0x7ffe16aead10 "/sys/bus/serio/devices/serio0")
 at ../src/libsystemd/sd-device/sd-device.c:223
 #9  0x7f24256bf572 in enumerator_scan_dir_and_add_devices 
(enumerator=enumerator@entry=0x19e5690, basedir=basedir@entry=0x7f24256c77c8 
"bus",
 subdir1=subdir1@entry=0x7f24257d014b "serio", 
subdir2=subdir2@entry=0x7f24256c77ef "devices") at 
../src/libsystemd/sd-device/device-enumerator.c:471
 #10 0x7f24256bf945 in enumerator_scan_dir (enumerator=enumerator@entry=0x19e5690, 
basedir=basedir@entry=0x7f24256c77c8 "bus", subdir=, 
subsystem=0x0)
 at ../src/libsystemd/sd-device/device-enumerator.c:568
 #11 0x7f24256c221f in enumerator_scan_devices_all 
(enumerator=0x19e5690) at ../src/libsystemd/sd-device/device-enumerator.c:777
 #12 device_enumerator_scan_devices (enumerator=0x19e5690) at 
../src/libsystemd/sd-device/device-enumerator.c:844
 #13 udev_enumerate_scan_devices (udev_enumerate=, 
udev_enumerate=) at ../src/libudev/libudev-enumerate.c:377
 #14 0x7f2430302f45 in ?? () from 
/opt/altera/20.1/quartus/linux64/libsys_cpt.so

I've tried to build a minimal test case, which succeeds:

 #include 

 int main(int argc, char **argv)
 {
 struct udev *u = udev_new();
 struct udev_enumerate *e = udev_enumerate_new(u);
 return udev_enumerate_scan_devices(e);
 }


With "succeeds", I guess you failed to reproduce the issue or do you 
mean you succeeded in building a minimal test case which reproduces the 
issue?



So, in order to get better debug information, I've tried to rebuild the
systemd package with debug information. For convenience, I did this inside
a container, and got several failing test cases. I then upgraded to the
version in sid to see if the problem had been solved in the meantime, but
building this package also failed:



I'm not sure that the explicit asserts you see in the test suite inside 
docker are the same issue as the invalid pointer access you encountered 
above, so I probably wouldn't entangle them.


Please consider filing an upstream issue at
https://github.com/systemd/systemd

It's likely that upstream has follow-up questions which you can answer 
better then me.


Regards,
Michael






OpenPGP_signature
Description: OpenPGP digital signature

Bug#989122: exim4: takes 10 seconds to accept connections after waking up on another network

2021-05-26 Thread Rémi Letot

Package: exim4
Version: 4.94.2-5
Severity: normal

Dear Maintainer,

when I put my laptop to sleep, then wake it up on another network
(which is what happens 95% of the times that I put it to sleep),
exim takes 10 seconds to accept any connection until I restart it.

Demonstration:

hobbes@sphax:~$ date && swaks --output /dev/null --to r...@lybrafox.be --server 
localho>
mer 26 mai 2021 11:14:09 CEST
mer 26 mai 2021 11:14:19 CEST
hobbes@sphax:~$ sudo service exim4 restart
[sudo] Mot de passe de hobbes :
hobbes@sphax:~$ date && swaks --output /dev/null --to r...@lybrafox.be --server 
localho>
mer 26 mai 2021 11:14:32 CEST
mer 26 mai 2021 11:14:32 CEST

I waited a bit before doing those tests, to be sure that the laptop
was fully awake.

If I don't redirect the output to /dev/null, I can see that the delay
happens in the very early stages of the connection, before any smpt
happens.

Thanks,
-- 
Rémi

-- Package-specific info:
Exim version 4.94.2 #2 built 17-May-2021 15:45:00
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC 
Event I18N OCSP PIPE_CONNECT PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz 
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is 
/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='satellite'
dc_other_hostnames='sphax'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='lybrafox.be'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='mail2.lybrafox.be::587'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:lybrafox.be
# /etc/default/exim4
EX4DEF_VERSION=''

# 'combined' -   one daemon running queue and listening on SMTP port
# 'no'   -   no daemon running the queue
# 'separate' -   two separate daemons
# 'ppp'  -   only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /var/run/exim4/exim.pid
SMTPLISTENEROPTIONS=''

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.76
ii  exim4-base 4.94.2-5
ii  exim4-daemon-light 4.94.2-5

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

Bug#989121: unblock: adminer/4.7.9-2

2021-05-26 Thread Alexandre Rossi

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hi,

Please unblock package adminer. Per the security team advice, the updated
version contains a fix for:

CVE-2021-29625: XSS in doc_link

diff -Nru adminer-4.7.9/debian/changelog adminer-4.7.9/debian/changelog
--- adminer-4.7.9/debian/changelog  2021-02-08 09:30:28.0 +0100
+++ adminer-4.7.9/debian/changelog  2021-05-26 09:13:52.0 +0200
@@ -1,3 +1,9 @@
+adminer (4.7.9-2) unstable; urgency=medium
+
+  * fix CVE-2021-29625: XSS in doc_link (Closes: #96)
+
+ -- Alexandre Rossi   Wed, 26 May 2021 09:13:52 
+0200
+
 adminer (4.7.9-1) unstable; urgency=medium
 
   * New upstream version 4.7.9
diff -Nru adminer-4.7.9/debian/patches/CVE-2021-29625.patch 
adminer-4.7.9/debian/patches/CVE-2021-29625.patch
--- adminer-4.7.9/debian/patches/CVE-2021-29625.patch   1970-01-01 
01:00:00.0 +0100
+++ adminer-4.7.9/debian/patches/CVE-2021-29625.patch   2021-05-26 
09:08:59.0 +0200
@@ -0,0 +1,18 @@
+From: 4043092ec2c0de2258d60a99d0c5958637d051a7
+Author: Jakub Vrana 
+Date:   Fri May 14 06:39:01 2021 +0200
+Subject: Escape link in doc_link (bug #797)
+
+diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
+index 88d66d44..5556b014 100644
+--- a/adminer/include/editing.inc.php
 b/adminer/include/editing.inc.php
+@@ -542,7 +542,7 @@ function doc_link($paths, $text = "?") {
+   $urls['sql'] = "https://mariadb.com/kb/en/library/;;
+   $paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : 
str_replace(".html", "/", $paths['sql']));
+   }
+-  return ($paths[$jush] ? "$text" : "");
++  return ($paths[$jush] ? "$text" : "");
+ }
+ 
+ /** Wrap gzencode() for usage in ob_start()
diff -Nru adminer-4.7.9/debian/patches/series 
adminer-4.7.9/debian/patches/series
--- adminer-4.7.9/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ adminer-4.7.9/debian/patches/series 2021-05-26 09:08:59.0 +0200
@@ -0,0 +1 @@
+CVE-2021-29625.patch

unblock adminer/4.7.9-2

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#989120: golang-github-go-sourcemap-sourcemap accesses the network during the build

2021-05-26 Thread Matthias Klose

Package: src:golang-github-go-sourcemap-sourcemap
Version: 2.1.3+git20201028.eed1c20-2
Severity: serious
Tags: sid bookworm

golang-github-go-sourcemap-sourcemap accesses the network during the build, seen
on the Ubuntu buildds:

   dh_auto_test -O--buildsystem=golang
cd obj-x86_64-linux-gnu && go test -vet=off -v -p 4
github.com/go-sourcemap/sourcemap
github.com/go-sourcemap/sourcemap/internal/base64vlq
panic: Get "http://code.jquery.com/jquery-2.0.3.min.map": dial tcp: lookup
code.jquery.com: no such host

goroutine 1 [running]:
github.com/go-sourcemap/sourcemap_test.init.0()

/<>/golang-github-go-sourcemap-sourcemap-2.1.3+git20201028.eed1c20/obj-x86_64-linux-gnu/src/github.com/go-sourcemap/sourcemap/consumer_test.go:21
 +0x174
FAILgithub.com/go-sourcemap/sourcemap   0.030s
=== RUN   TestEncodeDecode
--- PASS: TestEncodeDecode (0.00s)
PASS
ok  github.com/go-sourcemap/sourcemap/internal/base64vlq0.041s
FAIL
dh_auto_test: error: cd obj-x86_64-linux-gnu && go test -vet=off -v -p 4
github.com/go-sourcemap/sourcemap
github.com/go-sourcemap/sourcemap/internal/base64vlq returned exit code 1
make: *** [debian/rules:4: build] Error 25

Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

2021-05-26 Thread Alexandre Rossi

Hi,

> Thanks. Can you attach the debdiff between the current version in
> buster and the proposed one to this bug?

Here it is.

Alex
diff -Nru adminer-4.7.1/debian/adminer.apache2 
adminer-4.7.1/debian/adminer.apache2
--- adminer-4.7.1/debian/adminer.apache21970-01-01 01:00:00.0 
+0100
+++ adminer-4.7.1/debian/adminer.apache22021-03-08 13:31:21.0 
+0100
@@ -0,0 +1 @@
+conf debian/adminer.conf
diff -Nru adminer-4.7.1/debian/adminer.conf adminer-4.7.1/debian/adminer.conf
--- adminer-4.7.1/debian/adminer.conf   1970-01-01 01:00:00.0 +0100
+++ adminer-4.7.1/debian/adminer.conf   2021-03-08 13:31:21.0 +0100
@@ -0,0 +1,6 @@
+Alias /adminer /etc/adminer
+
+
+   Require all granted
+   DirectoryIndex conf.php
+ 
diff -Nru adminer-4.7.1/debian/changelog adminer-4.7.1/debian/changelog
--- adminer-4.7.1/debian/changelog  2019-01-29 09:37:13.0 +0100
+++ adminer-4.7.1/debian/changelog  2021-05-26 09:06:37.0 +0200
@@ -1,3 +1,17 @@
+adminer (4.7.1-1+deb10u1) buster; urgency=medium
+
+  * provide a compiled version and configuration files (Closes: #952755)
+  * privacy: default to disable check for new version
+  * Backport security patch series from upstream:
+- Fix open redirect if Adminer is accessible at //adminer.php%2F@
+- Fix XSS if Adminer is accessible at URL /data
+- CVE-2020-35572: Fix XSS in browsers which don't encode URL parameters
+- CVE-2021-21311: Elasticsearch: Do not print response if HTTP code is
+  not 200
+- CVE-2021-29625: XSS in doc_link
+
+ -- Alexandre Rossi   Wed, 26 May 2021 09:06:37 
+0200
+
 adminer (4.7.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru adminer-4.7.1/debian/conf.php adminer-4.7.1/debian/conf.php
--- adminer-4.7.1/debian/conf.php   1970-01-01 01:00:00.0 +0100
+++ adminer-4.7.1/debian/conf.php   2021-03-08 13:31:21.0 +0100
@@ -0,0 +1,33 @@
+ ['server' => 'localhost', 'driver' => 'server'], // mysql
+//'pg' => ['server' => 'localhost', 'driver' => 'pgsql'],
+//]),
+);
+
+/* It is possible to combine customization and plugins:
+class AdminerCustomization extends AdminerPlugin {
+}
+return new AdminerCustomization($plugins);
+*/
+
+return new AdminerPlugin($plugins);
+}
+
+include ADMINER_DIR . "/adminer.php";
+?>
diff -Nru adminer-4.7.1/debian/control adminer-4.7.1/debian/control
--- adminer-4.7.1/debian/control2019-01-29 09:37:13.0 +0100
+++ adminer-4.7.1/debian/control2021-05-26 09:06:37.0 +0200
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Chris Lamb 
 Build-Depends:
- debhelper-compat (= 11),
+ debhelper-compat (= 11), php-cli, dh-apache2
 Standards-Version: 4.3.0
 Homepage: https://www.adminer.org/
 Vcs-Git: https://salsa.debian.org/lamby/pkg-adminer.git
@@ -20,6 +20,7 @@
  php-mysql,
  php-pgsql,
  php-sqlite3,
+ ${misc:Recommends},
 Suggests:
  default-mysql-server | virtual-mysql-server | postgresql | sqlite3,
 Description: Web-based database administration tool
diff -Nru adminer-4.7.1/debian/install adminer-4.7.1/debian/install
--- adminer-4.7.1/debian/install2019-01-29 09:37:13.0 +0100
+++ adminer-4.7.1/debian/install2021-03-08 13:31:21.0 +0100
@@ -4,3 +4,4 @@
 editor usr/share/adminer
 externals  usr/share/adminer
 pluginsusr/share/adminer
+debian/conf.phpetc/adminer/
diff -Nru 
adminer-4.7.1/debian/patches/6a2de873e194cf4bf3f2edb489ba98580a17a632.patch 
adminer-4.7.1/debian/patches/6a2de873e194cf4bf3f2edb489ba98580a17a632.patch
--- adminer-4.7.1/debian/patches/6a2de873e194cf4bf3f2edb489ba98580a17a632.patch 
1970-01-01 01:00:00.0 +0100
+++ adminer-4.7.1/debian/patches/6a2de873e194cf4bf3f2edb489ba98580a17a632.patch 
2021-05-26 09:06:37.0 +0200
@@ -0,0 +1,44 @@
+From 6a2de873e194cf4bf3f2edb489ba98580a17a632 Mon Sep 17 00:00:00 2001
+From: Jakub Vrana 
+Date: Mon, 11 May 2020 11:49:46 +0200
+Subject: [PATCH] Fix open redirect if Adminer is accessible at
+ //adminer.php%2F@ (thanks to Prakash Sharma)
+
+diff --git a/adminer/include/bootstrap.inc.php 
b/adminer/include/bootstrap.inc.php
+index 00baf919..621ec465 100644
+--- a/adminer/include/bootstrap.inc.php
 b/adminer/include/bootstrap.inc.php
+@@ -84,7 +84,7 @@
+ 
+ define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
+ define("DB", $_GET["db"]); // for the sake of speed and size
+-define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', 
$_SERVER["REQUEST_URI"])) . '?'
++define("ME", str_replace(":", "%3a", preg_replace('~\?.*~', '', 
relative_uri())) . '?'
+   . (sid() ? SID . '&' : '')
+   . (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
+   . (isset($_GET["username"]) ? "username=" . 
urlencode($_GET["username"]) . '&' : '')
+diff --git a/adminer/include/functions.inc.php 
b/adminer/include/functions.inc.php
+index 787ab79b..adcf1fbd 100644

Bug#891867: closed by "Chris Lamb" (Re: diffoscope: improve .changes diffs)

2021-05-26 Thread Chris Lamb

Hey Helmut,

So sorry, I didn't see this email at the time.

> Control: reopen -1
> 
> > Closing as per:
> > 
> >   
> > https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/30#note_168909
> 
> If you close a bug, please include the fixed version.

Will do. :)  Glancing through the about salsa issue, it was fixed in
both 145 but also in 146.

> I confirm that the issue is reproducible with diffoscope version 145.

Can you confirm in, say, version 175? If so, do you have a testcase that
I can replicate locally?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#989119: ITP: golang-github-skeema-tengo -- Go La Tengo: a MySQL automation library (library)

2021-05-26 Thread Andrius Merkys

Package: wnpp
Owner: Andrius Merkys 
Severity: wishlist
Control: block -1 by 989107

* Package name: golang-github-skeema-tengo
  Version : 0.10.1
  Upstream Author : Skeema LLC
* URL : https://github.com/skeema/tengo
* License : Apache-2.0
  Programming Lang: (C, C++, C#, Perl, Python, etc.)
  Description : Go La Tengo: a MySQL automation library (library)
 Golang library for MySQL database automation. Most of
 Go La Tengo's current functionality is focused on MySQL schema
 introspection and diff'ing. Future releases will add more general-purpose
 automation features. Go La Tengo examines several
 information_schema tables in order to build Go struct values representing
 schemas (databases), tables, columns, indexes, foreign key constraints,
 stored procedures, and functions. These values can be diff'ed to generate
 corresponding DDL statements. The tengo.Instance
 struct models a single database instance. It keeps track of multiple,
 separate connection pools for using different default schema and session
 settings. This helps to avoid problems with Go's database/sql methods,
 which are incompatible with USE statements and SET SESSION statements.
 Status This is package is intended for production use. The release
 numbering is still pre-1.0 though as the API is subject to minor
 changes. Backwards-incompatible changes are generally avoided whenever
 possible, but no guarantees are made yet.

This package is required by skeema, which I am interested to bringing in
Debian.

Remark: This package is to be maintained with Debian Go Packaging Team at
   https://salsa.debian.org/go-team/packages/golang-github-skeema-tengo

Bug#989117: ITP: jack-mixer -- GTK+ JACK audio mixer application

2021-05-26 Thread Paul Wise

On Wed, May 26, 2021 at 8:30 AM Kyle Robbertze wrote:

> The original jack-mixer was removed from Debian for being Python2 only
> and depending on pygtk. This fork has been updated to Python3 and
> removed the pygtk dependency.

Please note the extra requirements when reintroducing packages,
principally unarchiving, reopening and triaging the bugs closed by the
removal:

https://www.debian.org/doc/manuals/developers-reference/pkgs.html#reintroducing-pkgs

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#757356: Scan code event not generated for some keys of the Apple keyboard: those in applespi_fn_codes

2021-05-26 Thread Vincent Lefevre

Control: retitle -1 Scan code event not generated for some keys of the Apple 
keyboard: those in applespi_fn_codes

On 2021-05-26 09:52:16 +0200, Vincent Lefevre wrote:
> No MSC_SCAN line for F1 to F12.
[...]
> Same issue for the Enter and Backspace keys:
[...]

And the cursor keys. Actually, all the keys corresponding to

static const struct applespi_key_translation applespi_fn_codes[] = {
{ KEY_BACKSPACE, KEY_DELETE },
{ KEY_ENTER,KEY_INSERT },
{ KEY_F1,   KEY_BRIGHTNESSDOWN, APPLE_FLAG_FKEY },
{ KEY_F2,   KEY_BRIGHTNESSUP,   APPLE_FLAG_FKEY },
{ KEY_F3,   KEY_SCALE,  APPLE_FLAG_FKEY },
{ KEY_F4,   KEY_DASHBOARD,  APPLE_FLAG_FKEY },
{ KEY_F5,   KEY_KBDILLUMDOWN,   APPLE_FLAG_FKEY },
{ KEY_F6,   KEY_KBDILLUMUP, APPLE_FLAG_FKEY },
{ KEY_F7,   KEY_PREVIOUSSONG,   APPLE_FLAG_FKEY },
{ KEY_F8,   KEY_PLAYPAUSE,  APPLE_FLAG_FKEY },
{ KEY_F9,   KEY_NEXTSONG,   APPLE_FLAG_FKEY },
{ KEY_F10,  KEY_MUTE,   APPLE_FLAG_FKEY },
{ KEY_F11,  KEY_VOLUMEDOWN, APPLE_FLAG_FKEY },
{ KEY_F12,  KEY_VOLUMEUP,   APPLE_FLAG_FKEY },
{ KEY_RIGHT,KEY_END },
{ KEY_LEFT, KEY_HOME },
{ KEY_DOWN, KEY_PAGEDOWN },
{ KEY_UP,   KEY_PAGEUP },
{ }
};

in drivers/input/keyboard/applespi.c.

Just in case, in /etc/modprobe.d/hid_apple.conf, I have

options hid_apple fnmode=2
options hid_apple iso_layout=0

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#989118: please try https first

2021-05-26 Thread Harald Dunkel


Package: apt-cacher-ng
Version: 3.6.3-1
Severity: wishlist

Sorry to say, but configuring https for apt-cacher-ng is APITA. Would it be
possible for ACNG to silently try https first, if the client asked for http?
That would be similar to an explicit http://HTTPS///get.docker.com/ubuntu,
except for the client doesn't have to know.


Regards
Harri

Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

2021-05-26 Thread Salvatore Bonaccorso

Hi Alexandre,

On Wed, May 26, 2021 at 09:38:32AM +0200, Alexandre Rossi wrote:
> Hi,
> 
> Here is an updated debdiff per the security team advice adding also
> changes from the original request.
> 
> Adding fix for:
> 
> CVE-2021-29625
>  
> Thanks,

Thanks. Can you attach the debdiff between the current version in
buster and the proposed one to this bug?

Regards,
Salvatore

Bug#988929: jverein: broken symlinks: /usr/share/jameica/plugins/jverein/lib/-.jar -> ../../../../java/*.jar

2021-05-26 Thread Andreas Beckmann

Followup-For: Bug #988929
Control: found -1 2.8.18+git20200921.6212a59+dfsg-6

There is one broken link left:

7m26.6s ERROR: FAIL: Broken symlinks:
  /usr/share/jameica/plugins/jverein/lib/javax.mail-1.6.2.jar -> 
../../../../java/javax.mail.jar (jverein)


Andreas

1 2 >

1 - 100 of 124 matches

Mail list logo