date:20220226

Control: retitle -1 mariadb-10.6: FTBFS on sh4: test suite fails to start
Control: reopen -1
Control: reassign -1 mariadb-10.6
Control: found -1 1:10.6.7-1

This bug still exists for MariaDB 10.6.

In 
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.6=sh4=1%3A10.6.7-1=1645397551=0
the build passes despite skipping the test suite:

...
[100%] Built target wsrep_check_version
make[3]: Leaving directory '/<>/builddir'
/usr/bin/cmake -E cmake_progress_start /<>/builddir/CMakeFiles 0
make[2]: Leaving directory '/<>/builddir'
make[1]: Leaving directory '/<>'
   debian/rules override_dh_auto_test
make[1]: Entering directory '/<>'
RULES.override_dh_auto_test
dh_testdir
# Ensure at least an empty file exists
touch mysql-test/unstable-tests
# Skip unstable tests if such are defined for arch
[ ! -f debian/unstable-tests.sh4 ] || cat debian/unstable-tests.sh4 >>
mysql-test/unstable-tests
# Run testsuite
make[1]: Leaving directory '/<>'
   create-stamp debian/debhelper-build-stamp
   dh_testroot -a -O--fail-missing
   dh_prep -a -O--fail-missing
rm -f -- debian/libmariadb-dev.substvars ...
rm -fr -- debian/.debhelper/generated/libmariadb-dev/ ...
   debian/rules override_dh_auto_install
make[1]: Entering directory '/<>'
RULES.override_dh_auto_install
dh_testdir
dh_testroot
...

Arch sh4 is also affected by
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006528 which is
potentially a sporadic build failure

Bug#1002291: bpfcc: Fails to build with libbpf/0.6.1-1

2022-02-26 Thread Sudip Mukherjee

HI Vasudev,

On Wed, Feb 23, 2022 at 11:30 AM Vasudev Kamath  wrote:
>
> Sudip Mukherjee  writes:
>
> > On Tue, Feb 22, 2022 at 4:12 AM Vasudev Kamath  
> > wrote:
> >>
> >> Sudip Mukherjee  writes:
> >>
> >> > You are trying to build 0.24.0+ds and I am rebuilding 0.22.0+ds-2 to 
> >> > test.  :)
> >> >
> >> > Can you rebuild 0.22.0+ds-2 and verify.
> >>
> >> Err yes. It works with 0.22.0. I was preparing 0.23.0 and then 0.24.0.
> >> Both of which fails as of now. Not sure what should be done.
> >
> > I think, since it works with 0.22.0 I will update libbpf in unstable.
> > I am guessing the previous FTBFS was fixed by libbpf in this release.
> > But now bpfcc has messed up something.
> > If you are ok, then I can update libbpf and then you can ping the
> > bpfcc upstream about the FTBFS with latest bpfcc with latest libbpf.
>
> Yes please go ahead. I will wait for the new upload a bit more. If it
> still does not work I will ping the upstream.

Thanks. I have uploaded now.
Also, if you can please push your branch to salsa I can have a look
sometime next week.


-- 
Regards
Sudip

Bug#972057: mariadb-10.6: FTBFS on m68k: test suite fails to start

Control: retitle -1 mariadb-10.6: FTBFS on m68k: test suite fails to start
Control: reopen -1
Control: reassign -1 mariadb-10.6
Control: found -1 1:10.6.7-1

This bug still exists for MariaDB 10.6.

In 
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.6=m68k=1%3A10.6.7-2%7Eexp1=1645819691=0
the build passes despite skipping the test suite:

...

RULES.override_dh_auto_test
dh_testdir
# Ensure at least an empty file exists
touch mysql-test/unstable-tests
# Run testsuite
make[1]: Leaving directory '/<>'
   create-stamp debian/debhelper-build-stamp
   dh_testroot -a -O--fail-missing
   dh_prep -a -O--fail-missing
rm -f -- debian/libmariadb-dev.substvars ..
rm -fr -- debian/.debhelper/generated/libmariadb-dev/ ...
   debian/rules override_dh_auto_install
make[1]: Entering directory '/<>'
RULES.override_dh_auto_install
dh_testdir
dh_testroot
...

Bug#1006531: mariadb-10.6: FTBFS on hurd-i386: undefined reference to misc functions and files

Source: mariadb-10.6
Version: 1:10.6.7-1
Tags: confirmed, help, ftbfs
User: debian-h...@lists.debian.org
Usertags: hurd

Builds on hurd-i386 currently fail due to unknown reasons. See log at
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.6=hurd-i386=1%3A10.6.7-2%7Eexp1=1645912176=0

There are a lot of misc errors, but they don't make much sense to me:

CheckFunctionExists.c:17: undefined reference to `crypt'
CheckFunctionExists.c:17: undefined reference to `floor'
src.cxx:4:29: error: ‘SO_PEERID’ was not declared in this scope
src.cxx:3:1: note: ‘NULL’ is defined in header ‘’; did you
forget to ‘#include ’?
src.cxx:1:10: fatal error: ucred.h: No such file or directory
src.c:2:10: fatal error: pthread_np.h: No such file or directory

Example of error in full context:

Run Build Command(s):/usr/bin/make -f Makefile cmTC_49a19/fast &&
make[2]: Entering directory
'/<>/builddir/CMakeFiles/CMakeTmp'
/usr/bin/make  -f CMakeFiles/cmTC_49a19.dir/build.make
CMakeFiles/cmTC_49a19.dir/build
make[3]: Entering directory '/<>/builddir/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_49a19.dir/src.c.o
/usr/bin/cc -DHAVE_PTHREAD_GETTHREADID_NP -DPACKAGE=test
-D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE=1 -D_LARGEFILE_SOURCE
-D_LARGE_FILES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS
-D__STDC_LIMIT_MACROS  -g -O2 -ffile-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -Wdate-time -D_FORTIFY_SOURCE=2 -pie -fPIC
-fstack-protector --param=ssp-buffer-size=4  -o
CMakeFiles/cmTC_49a19.dir/src.c.o -c
/<>/builddir/CMakeFiles/CMakeTmp/src.c
/<>/builddir/CMakeFiles/CMakeTmp/src.c:2:10: fatal error:
pthread_np.h: No such file or directory
2 | #include 
  |  ^~
compilation terminated.
CMakeFiles/cmTC_49a19.dir/build.make:77: recipe for target
'CMakeFiles/cmTC_49a19.dir/src.c.o' failed
make[3]: *** [CMakeFiles/cmTC_49a19.dir/src.c.o] Error 1
make[3]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'
Makefile:127: recipe for target 'cmTC_49a19/fast' failed
make[2]: *** [cmTC_49a19/fast] Error 2
make[2]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'

Please help!

Build history shows that at least MariaDB 10.3 used to build back in 2020:
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.3=hurd-i386

This seems to be quite similar to Bug#1006528 for sh4 and Bug#1006530
for x32, so perhaps
fixing this issue could solve three archs at the same time.

Bug#1002872: Reply to: libgl1-mesa-dri: crashes on pre-SSE2 CPUs due to movsd

2022-02-26 Thread Alyssa Rosenzweig

Hi,

I've been prepared an NMU and will be having it uploaded to DELAYED/4.

Patch below.

Alyssa

---

diff -u mesa-21.3.5/debian/changelog mesa-21.3.5/debian/changelog
--- mesa-21.3.5/debian/changelog
+++ mesa-21.3.5/debian/changelog
@@ -1,3 +1,12 @@
+mesa (21.3.5-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Timo Aaltonen ]
+  * rules: Disable sse2 on i386. (Closes: #1002872)
+
+ -- Alyssa Rosenzweig   Sat, 26 Feb 2022 17:15:46 -0500
+
 mesa (21.3.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -u mesa-21.3.5/debian/rules mesa-21.3.5/debian/rules
--- mesa-21.3.5/debian/rules
+++ mesa-21.3.5/debian/rules
@@ -43,6 +43,7 @@
 
 confflags_DRI3 = -Ddri3=disabled
 confflags_OSMESA =  -Dosmesa=true
+confflags_SSE2 = -Dsse2=true
 
 # hurd doesn't do direct rendering
 ifeq ($(DEB_HOST_ARCH_OS), hurd)
@@ -135,6 +136,9 @@
   endif
 endif
 
+ifeq ($(DEB_HOST_ARCH), i386)
+   confflags_SSE2 = -Dsse2=false
+endif
 
 empty:=
 space := $(empty) $(empty)
@@ -168,6 +172,7 @@
$(confflags_GALLIUM) \
$(confflags_GLES) \
$(confflags_OSMESA) \
+   $(confflags_SSE2) \
$(confflags_VALGRIND) \
$(confflags_VULKAN)

Bug#1006530: mariadb-10.6: FTBFS on x32: undefined reference to misc functions and files (regression from MariaDB 10.5)

Source: mariadb-10.6
Version: 1:10.6.7-1
Tags: confirmed, help, ftbfs
User: debian-...@lists.debian.org
Usertags: x32

Builds on x32 currently fail due to unknown reasons. See log at
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.6=x32=1%3A10.6.7-2%7Eexp1=1645782519=0

There are a lot of misc errors, but they don't make much sense to me:

CheckFunctionExists.c:17: undefined reference to `pthread_getspecific'
CheckFunctionExists.c:17: undefined reference to `floor'
CheckTypeSize/SIZEOF_SOCKLEN_T.c:28:22: error: ‘socklen_t’ undeclared
here (not in a function)
cc: error: unrecognized command-line option ‘-Wunused-private-field’
CheckFunctionExists.c:17: undefined reference to `PCRE2regcomp'
src.cxx:6:47: error: invalid conversion from ‘char*’ to ‘int’ [-fpermissive]
src.c:6:38: error: ‘struct dirent’ has no member named ‘d_namlen’; did
you mean ‘d_name’?

Example of error in full context:

Run Build Command(s):/usr/bin/gmake -f Makefile cmTC_ef995/fast &&
gmake[2]: Entering directory
'/<>/builddir/CMakeFiles/CMakeTmp'
/usr/bin/gmake  -f CMakeFiles/cmTC_ef995.dir/build.make
CMakeFiles/cmTC_ef995.dir/build
gmake[3]: Entering directory '/<>/builddir/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_ef995.dir/src.c.o
/usr/bin/cc -DPACKAGE=test -DSTRUCT_DIRENT_HAS_D_NAMLEN
-D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE=1 -D_LARGEFILE_SOURCE
-D_LARGE_FILES -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS
-D__STDC_LIMIT_MACROS  -g -O2 -ffile-prefix-map=/<>=.
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
-Wdate-time -D_FORTIFY_SOURCE=2 -pie -fPIC -fstack-protector
--param=ssp-buffer-size=4  -o CMakeFiles/cmTC_ef995.dir/src.c.o -c
/<>/builddir/CMakeFiles/CMakeTmp/src.c
/<>/builddir/CMakeFiles/CMakeTmp/src.c: In function ‘main’:
/<>/builddir/CMakeFiles/CMakeTmp/src.c:6:38: error:
‘struct dirent’ has no member named ‘d_namlen’; did you mean ‘d_name’?
6 |   (void)sizeof(((struct dirent *)0)->d_namlen);
  |  ^~~~
  |  d_name
gmake[3]: *** [CMakeFiles/cmTC_ef995.dir/build.make:78:
CMakeFiles/cmTC_ef995.dir/src.c.o] Error 1
gmake[3]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'
gmake[2]: *** [Makefile:127: cmTC_ef995/fast] Error 2
gmake[2]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'

Please help!

Build history of mariadb-10.5 when builds still passed:
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.5=x32

This seems to be quite similar to Bug#1006528 for sh4, so perhaps
fixing this issue could solve two archs at the same time.

Bug#1006529: mariadb-10.6: FTBFS on hppa: builds, but test suite crashes immediately with "'aio write' returned OS error 0"

Source: mariadb-10.6
Version: 1:10.6.7-1
Tags: upstream, confirmed, help, ftbfs
User: debian-h...@lists.debian.org
Usertags: hppa

Builds on hppa succeed, but as the mariadbd binary crashes immediately on start:

mysql-test-run: *** ERROR: Error executing mariadbd --bootstrap
Could not install system database from
/<>/builddir/mysql-test/var/log/bootstrap.sql
The /<>/builddir/mysql-test/var/log/bootstrap.log file contains:
/<>/builddir/sql/mariadbd --no-defaults
--disable-getopt-prefix-matching --bootstrap
--basedir=/<>
--datadir=/<>/builddir/mysql-test/var/install.db
--plugin-dir=/<>/builddir/mysql-test/var/plugins
--default-storage-engine=myisam --loose-skip-plugin-feedback
--loose-skip-plugin-innodb --loose-skip-plugin-innodb-buffer-page-lru
--loose-skip-plugin-innodb-buffer-pool-stats
--loose-skip-plugin-innodb-cmp
--loose-skip-plugin-innodb-cmp-per-index
--loose-skip-plugin-innodb-cmp-per-index-reset
--loose-skip-plugin-innodb-cmp-reset --loose-skip-plugin-innodb-cmpmem
--loose-skip-plugin-innodb-cmpmem-reset
--loose-skip-plugin-innodb-ft-being-deleted
--loose-skip-plugin-innodb-ft-config
--loose-skip-plugin-innodb-ft-default-stopword
--loose-skip-plugin-innodb-ft-deleted
--loose-skip-plugin-innodb-ft-index-cache
--loose-skip-plugin-innodb-ft-index-table
--loose-skip-plugin-innodb-sys-columns
--loose-skip-plugin-innodb-sys-fields
--loose-skip-plugin-innodb-sys-foreign
--loose-skip-plugin-innodb-sys-foreign-cols
--loose-skip-plugin-innodb-sys-indexes
--loose-skip-plugin-innodb-sys-tables
--loose-skip-plugin-innodb-sys-tablespaces
--loose-skip-plugin-innodb-sys-tablestats
--loose-skip-plugin-innodb-sys-virtual
--loose-skip-plugin-innodb-tablespaces-encryption
--loose-skip-plugin-partition --loose-skip-plugin-sequence
--loose-skip-plugin-thread-pool-groups
--loose-skip-plugin-thread-pool-queues
--loose-skip-plugin-thread-pool-stats
--loose-skip-plugin-thread-pool-waits --loose-skip-plugin-unix-socket
--loose-skip-plugin-user-variables --loose-innodb
--loose-innodb-log-file-size=10M --disable-sync-frm
--tmpdir=/<>/builddir/mysql-test/var/tmp/ --core-file
--console --character-set-server=latin1
--lc-messages-dir=/<>/builddir/sql/share/
--character-sets-dir=/<>/sql/share/charsets
2022-02-25 13:18:37 0 [Note] /<>/builddir/sql/mariadbd
(server 10.6.7-MariaDB-2~exp1) starting as process 3949 ...
2022-02-25 13:18:37 0 [Warning] Could not increase number of
max_open_files to more than 1024 (request: 32186)
2022-02-25 13:18:37 0 [Warning] Changed limits: max_open_files: 1024
max_connections: 151 (was 151)  table_cache: 421 (was 2000)
2022-02-25 13:18:37 0 [Note] Plugin 'partition' is disabled.
2022-02-25 13:18:37 0 [Note] Plugin 'SEQUENCE' is disabled.
2022-02-25 13:18:37 0 [Note] InnoDB: The first data file './ibdata1'
did not exist. A new tablespace will be created!
2022-02-25 13:18:37 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-02-25 13:18:37 0 [Note] InnoDB: Number of pools: 1
2022-02-25 13:18:37 0 [Note] InnoDB: Using generic crc32 instructions
2022-02-25 13:18:37 0 [Note] InnoDB: Using liburing
2022-02-25 13:18:37 0 [Note] InnoDB: Initializing buffer pool, total
size = 134217728, chunk size = 134217728
2022-02-25 13:18:37 0 [Note] InnoDB: Completed initialization of buffer pool
2022-02-25 13:18:37 0 [Note] InnoDB: Setting O_DIRECT on file ./ibdata1 failed
2022-02-25 13:18:37 0 [Note] InnoDB: Setting file './ibdata1' size to
12 MB. Physically writing the file full; Please wait ...
2022-02-25 13:18:37 0 [Note] InnoDB: File './ibdata1' size is now 12 MB.
2022-02-25 13:18:37 0 [Note] InnoDB: Setting log file ./ib_logfile101
size to 10485760 bytes
2022-02-25 13:18:38 0 [ERROR] InnoDB: File ./ibdata1: 'aio write'
returned OS error 0. Cannot continue operation
220225 13:18:38 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.6.7-MariaDB-2~exp1
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=0
max_threads=153
thread_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads =
466655 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x49000
/<>/builddir/sql/mariadbd(my_print_stacktrace-0xb5a76b42)[0x4203d89c]
The manual page at
https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/
contains
information

Bug#1006528: mariadb-10.6: FTBFS on sh4: undefined reference to misc functions and files

Source: mariadb-10.6
Version: 1:10.6.7-1
Tags: confirmed, help, ftbfs
User: debian-...@lists.debian.org
Usertags: sh4

Builds on sh4 currently fail due to unknown reasons. See log at
https://buildd.debian.org/status/fetch.php?pkg=mariadb-10.6=sh4=1%3A10.6.7-2%7Eexp1=1645784432=0

There are a lot of references to unknown functions or files, but they
don't make much sense:

CheckIncludeFile.c:1:10: fatal error: event.h: No such file or directory
CheckSymbolExists.cxx:8:19: error: ‘krb5_xfree’ was not declared in
this scope; did you mean ‘krb5_cred’?
src.c:2:10: fatal error: pthread_np.h: No such file or directory
src.c:7: undefined reference to `getthrid'
src.c:8: undefined reference to `pthread_threadid_np'
ld: cannot find -lstemmer: No such file or directory
CheckIncludeFile.c:1:10: fatal error: sys/sysctl.h: No such file or directory
CheckFunctionExists.c:22: undefined reference to `floor'


Example with full context:

Run Build Command(s):/usr/bin/gmake -f Makefile cmTC_ba239/fast &&
gmake[2]: Entering directory
'/<>/builddir/CMakeFiles/CMakeTmp'
/usr/bin/gmake  -f CMakeFiles/cmTC_ba239.dir/build.make
CMakeFiles/cmTC_ba239.dir/build
gmake[3]: Entering directory '/<>/builddir/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_ba239.dir/CheckFunctionExists.c.o
/usr/bin/cc -DPACKAGE=test -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE=1
-D_LARGEFILE_SOURCE -D_LARGE_FILES -D__STDC_CONSTANT_MACROS
-D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS  -g -O2
-ffile-prefix-map=/<>=.
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
-Wdate-time -D_FORTIFY_SOURCE=2 -pie -fPIC -fstack-protector
--param=ssp-buffer-size=4 -Wunused -Wlogical-op -Wno-uninitialized
-Wall -Wextra -Wformat-security -Wno-init-self -Wwrite-strings
-Wshift-count-overflow -Wdeclaration-after-statement -Wno-undef
-Wno-unknown-pragmas -DCHECK_FUNCTION_EXISTS=floor -o
CMakeFiles/cmTC_ba239.dir/CheckFunctionExists.c.o -c
/usr/share/cmake-3.22/Modules/CheckFunctionExists.c
: warning: conflicting types for built-in function
‘floor’; expected ‘double(double)’ [-Wbuiltin-declaration-mismatch]
/usr/share/cmake-3.22/Modules/CheckFunctionExists.c:7:3: note: in
expansion of macro ‘CHECK_FUNCTION_EXISTS’
7 |   CHECK_FUNCTION_EXISTS(void);
  |   ^
/usr/share/cmake-3.22/Modules/CheckFunctionExists.c:1:1: note: ‘floor’
is declared in header ‘’
  +++ |+#include 
1 | #ifdef CHECK_FUNCTION_EXISTS
Linking C executable cmTC_ba239
/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_ba239.dir/link.txt
--verbose=1
/usr/bin/cc -g -O2 -ffile-prefix-map=/<>=.
-specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
-Wdate-time -D_FORTIFY_SOURCE=2 -pie -fPIC -fstack-protector
--param=ssp-buffer-size=4 -Wunused -Wlogical-op -Wno-uninitialized
-Wall -Wextra -Wformat-security -Wno-init-self -Wwrite-strings
-Wshift-count-overflow -Wdeclaration-after-statement -Wno-undef
-Wno-unknown-pragmas -DCHECK_FUNCTION_EXISTS=floor
-specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro -Wl,-z,now
-rdynamic CMakeFiles/cmTC_ba239.dir/CheckFunctionExists.c.o -o
cmTC_ba239
/usr/bin/ld: CMakeFiles/cmTC_ba239.dir/CheckFunctionExists.c.o: in
function `main':
/usr/share/cmake-3.22/Modules/CheckFunctionExists.c:22: undefined
reference to `floor'
collect2: error: ld returned 1 exit status
gmake[3]: *** [CMakeFiles/cmTC_ba239.dir/build.make:99: cmTC_ba239] Error 1
gmake[3]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'
gmake[2]: *** [Makefile:127: cmTC_ba239/fast] Error 2
gmake[2]: Leaving directory '/<>/builddir/CMakeFiles/CMakeTmp'

Please help!

Previous version MariaDB 10.5 used to build at some point but failed
to start the test suite:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988349
However previous version MariaDB 10.5 also had similar issues at some
point: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975315

Build history of mariadb-10.5 when builds still at least occasionally
passed: https://buildd.debian.org/status/logs.php?pkg=mariadb-10.5=sh4

Bug#1006527: mariadb-10.6: FTBFS on ppc64/ppc64el: htmxlintrin.h errors

Source: mariadb-10.6
Version: 1:10.6.7-1
Tags: upstream, confirmed, help, ftbfs
User: debian-powe...@lists.debian.org
Usertags: ppc64el, ppc64

Builds on both ppc64 and ppc64el fail due to misc errors related to htmxlintrin:

htmxlintrin.h:25:3: error: #error "HTM instruction set not enabled"
htmxlintrin.h:58:25: error: ‘__builtin_tbegin’ was not declared in
this scope; did you mean ‘__builtin_tan’?
htmxlintrin.h:71:28: error: ‘__builtin_get_texasr’ was not declared in
this scope; did you mean ‘__builtin_gettext’?
htmxlintrin.h:108:3: error: ‘__builtin_tresume’ was not declared in
this scope; did you mean ‘__builtin_trunc’?
htmxlintrin.h:158:7: error: ‘__builtin_ttest’ was not declared in this
scope; did you mean ‘__builtin_strstr’?

Example of error in full context:

In file included from
/<>/storage/innobase/include/transactional_lock_guard.h:73,
 from /<>/storage/innobase/include/buf0buf.h:43,
 from /<>/storage/innobase/include/dict0mem.h:45,
 from /<>/storage/innobase/include/dict0dict.h:32,
 from /<>/storage/innobase/include/btr0btr.h:31,
 from /<>/storage/innobase/btr/btr0btr.cc:28:
/usr/lib/gcc/powerpc64-linux-gnu/11/include/htmxlintrin.h:165:27:
error: ‘__builtin_get_texasr’ was not declared in this scope; did you
mean ‘__builtin_gettext’?
  165 | texasrl = (texasrl_t) __builtin_get_texasr ();
  |   ^~~~
  |   __builtin_gettext



This is a recent regression as builds of 10.6.5 still worked for
ppc64el: https://buildd.debian.org/status/logs.php?pkg=mariadb-10.6=ppc64el

However builds for ppc64 were broken for the lifespan of 10.6 in
Debian: https://buildd.debian.org/status/logs.php?pkg=mariadb-10.6=ppc64

For MariaDB 10.5 builds of both ppc64el and ppc64 worked fine for at
least a year:
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.5=ppc64
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.5=ppc64el

Bug#1006526: pgbouncer: FTBFS with OpenSSL 3.0

Source: pgbouncer
Version: 1.16.1-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| /usr/bin/make -C ssl check
| make[3]: Entering directory '/<>/test/ssl'
| ./test.sh
| initdb
| createdb
| Tue Feb 15 03:13:31 UTC 2022 running test_server_ssl ... FAILED
| # 2022-02-15 03:13:32.830 UTC [450355] DEBUG parse_ini_file: [databases]
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'p0' = 
'port= host=localhost dbname=p0 user=bouncer pool_size=2'
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "port"=""
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "host"="localhost"
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "dbname"="p0"
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "user"="bouncer"
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "pool_size"="2"
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG pktbuf_dynamic(128): 
0x55ec77fcd9a0
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'p0' = 
'port= host=localhost dbname=p0 user=bouncer pool_size=2' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'p1' = 
'port= host=localhost dbname=p1 user=bouncer'
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "port"=""
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "host"="localhost"
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "dbname"="p1"
| # 2022-02-15 03:13:32.831 UTC [450355] NOISE cstr_get_pair: "user"="bouncer"
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG pktbuf_dynamic(128): 
0x55ec77fcdb60
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'p1' = 
'port= host=localhost dbname=p1 user=bouncer' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: [pgbouncer]
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'logfile' = 
'test.log'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'logfile' = 
'test.log' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'pidfile' = 
'test.pid'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'pidfile' = 
'test.pid' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'listen_addr' = 
'127.0.0.1'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'listen_addr' = 
'127.0.0.1' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'listen_port' = 
'6667'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'listen_port' = 
'6667' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'unix_socket_dir' = '/tmp'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'unix_socket_dir' = '/tmp' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'auth_file' = 
'tmp/userlist.txt'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'auth_file' = 
'tmp/userlist.txt' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'pool_mode' = 
'statement'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'pool_mode' = 
'statement' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_check_delay' = '10'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_check_delay' = '10' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'max_client_conn' = '10'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'max_client_conn' = '10' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'default_pool_size' = '5'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'default_pool_size' = '5' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_lifetime' = '120'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_lifetime' = '120' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_idle_timeout' = '60'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_idle_timeout' = '60' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'client_tls_protocols' = 'all'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'client_tls_protocols' = 'all' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_tls_protocols' = 'all'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_tls_protocols' = 'all' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'auth_type' = 
'trust'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 'auth_type' = 
'trust' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_tls_sslmode' = 'require'
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG parse_ini_file: 
'server_tls_sslmode' = 'require' ok:1
| # 2022-02-15 03:13:32.831 UTC [450355] DEBUG loading auth_file:

Bug#1005840: claws-mail-themes: includes non-free content (CC-by-nc-sa-v3.0)

2022-02-26 Thread Ricardo Mones

On Tue, 15 Feb 2022 22:12:54 +0100
"Francesco Poli (wintermute)"  wrote:

> Package: claws-mail-themes
> Version: 20140629+dfsg2-1
> Severity: serious
> Justification: Policy 2.2.1
> 
> Hello and thanks for maintaining claws-mail.
> 
> I noticed that one of the themes shipped in package 'claws-mail-themes'
> is non-free and should not be included in a package in Debian main:
> 
>   Files: UltimateClawsMail0.5.1/*
>   Copyright:
>Daniel LaGesse
>   License: CC-BY-NC-SA-3.0
>   Comment:
>http://creativecommons.org/licenses/by-nc-sa/3.0/
> 
> This is non-free, since it's non-commercial.
> Please persuade its upstream copyright holder to re-license it
> under DFSG-free terms (such as the GNU GPL) or drop the theme
> from the package.

Curiously enough, upstream site¹ says it's licensed under GPL:

> The author of the Ultimate Gnome theme has graciously allowed me to
> publish Ultimate Claws Mail under the GPL rather than Creative Commons.
> UCM is now licensed under the GPL v3.

But the themeinfo metadata included in the tarball still says CC... not sure
if the above is enough to update the license on Debian's copyright and
themeinfo or not though. What do you think?

regards,

¹ https://code.google.com/archive/p/ultimate-claws-mail/
-- 
 Ricardo Mones
 http://people.debian.org/~mones
 «This fortune intentionally says nothing.»


pgpcq5trQxcxd.pgp
Description: Firma digital OpenPGP

Bug#991859: r-bioc-basilisk_1.6.0+ds-1_amd64.changes REJECTED

2022-02-26 Thread Andreas Tille

Hi Steffen,

I'd like to express that my reading of the file is different from
Thorsten and I insist on the interpretation I gave in the ITP bug

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991859#42

I will stop trying to push this package to new.

Kind regards

   Andreas.

Am Sat, Feb 26, 2022 at 07:04:50PM + schrieb Thorsten Alteholz:
> 
> Hi Andreas,
> 
> upstream decided that this test package should have a different license
> than the rest of his software and said so in the corresponding setup.py. 
> 
>   Thorsten
> 
> 
> 
> ===
> 
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
> 
> 
> ___
> R-pkg-team mailing list
> r-pkg-t...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/r-pkg-team
> 

-- 
http://fam-tille.de

Bug#1004710: Invoke "useradd -r" when creating a system user

2022-02-26 Thread Jason Franklin

On Fri, 2022-02-25 at 02:45 -0600, Daniel Lewart wrote:
> Also "sudo apt install openssh-server" warns:
> useradd warning: sshd's uid 116 outside of the UID_MIN 1000 and
> UID_MAX 6 range.

Daniel:

Thanks for making note of this. Using "-r" does solve the issue, but
more needs to be done to ensure that other functionality is not altered
unintentionally.

To those interested, a fix for this is pending review and will be
included in the next upload.

-- 
Jason Franklin

Bug#982925: libgtk: print dialog lists autodetected printer twice

2022-02-26 Thread dxld

Addendum:

I've had another closer look at the temporary queues code and upstream
discussions and I seem to have neglected the most significant configuration
for mr6.1. Namely "without cups-browsed or manual config". This in fact
works now because libgtk specifically doesn't try to just send garbage to
the printer anymore but actually does it via cups by creating a temporary
printer which gets removed after some inactivity.

The queue creation seems to be inhibited only if a manually added printer
of just the right name already exists.

On Sat, Feb 26, 2022 at 07:43:10PM +0100, Daniel Gröber wrote:
> Here are my test results:
> With mr6.1 and cups-browsed auto-detection:
> 
> Brother_HL_L5100DN_series (works)
> 
> With mr6.1, cups manual config and default name[1]:
> 
> Brother_HL-L5100DN_series_ (works)
>   Brother_HL_L5100DN_series (Status: Rejecting jobs, won't print)
> 
> With mr6.1, cups manual config and corrected name[1]:
> 
>   Note: Here we use all underscores in the configured printer name to
>   make the merging logic trigger.
> 
>   Brother_HL_L5100DN_series (works)
> 
> With mr6.1, both cups manual and cups-browsed auto-config and corrected 
> name[1]
> 
> Brother_HL_L5100DN_series (cups manual, works)
> Brother_HL_L5100DN_series@brother-hl-l5100dn.local (cups-browsed, 
> works)   

 With mr6.1, cups installed, no cups-browsed, no manual config:

 Brother_HL_L5100DN_series (cups temporary queue, works)

I'm also not sure what was up with the (manual+default name)
configuration. I tried again and now the libgtk temporary queue entry
prints just fine too:

 With mr6.1, cups manual config and default name[1]:

Brother_HL-L5100DN_series_ (works)
Brother_HL_L5100DN_series (works)

I was able to reproduce the "Rejecting Jobs" outcome a couple of times, but
not reliably.

Together with picking the right printer name I was once able to get into a
state where the rejecting print entry is the only one (: Trying to resume
the temporary queue in the cups web interface also didn't help with that.

So there is still some potential for improvement here but I agree mr6.1 is
the way to go if we want printing to work in more cases than currently.

--Daniel

signature.asc
Description: PGP signature

Bug#1006525: buster-pu: package mailman/1:2.1.29-1+deb10u5

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: car...@debian.org

Hi Stable release managers

Unfortunately on top of the 1:2.1.29-1+deb10u4 another update is
needed:

The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in
logging.

See:
https://mail.python.org/archives/list/mailman-annou...@python.org/thread/D54X2LXETPMVP5KZNM2WP6Z6UOPJXSVD/

On top of 1:2.1.29-1+deb10u4 I'm thus applying the upstream patch to
resolve those issues:

> mailman (1:2.1.29-1+deb10u5) buster; urgency=medium
> 
>   * Non-maintainer upload by the Security Team.
>   * CSRF check for user tokens should not be case sensitive (Closes: #1001685)
> - The fix for CVE-2021-42097 requires that the user submitting a
>   user options form match the user in the CSRF token submitted with
>   the form, but the match is case sensitive and should not be.
> - There is also a potential NameError exception in logging a
>   mismatch.
> 
>  -- Salvatore Bonaccorso   Sat, 26 Feb 2022 20:17:25 +0100

Attached is as well the debdiff (to the previous version only, not the base
version, let me know if you want to have both in this case)

Regards,
Salvatore
diff -Nru mailman-2.1.29/debian/changelog mailman-2.1.29/debian/changelog
--- mailman-2.1.29/debian/changelog 2021-12-12 10:42:54.0 +0100
+++ mailman-2.1.29/debian/changelog 2022-02-26 20:17:25.0 +0100
@@ -1,3 +1,15 @@
+mailman (1:2.1.29-1+deb10u5) buster; urgency=medium
+
+  * Non-maintainer upload by the Security Team.
+  * CSRF check for user tokens should not be case sensitive (Closes: #1001685)
+- The fix for CVE-2021-42097 requires that the user submitting a
+  user options form match the user in the CSRF token submitted with
+  the form, but the match is case sensitive and should not be.
+- There is also a potential NameError exception in logging a
+  mismatch.
+
+ -- Salvatore Bonaccorso   Sat, 26 Feb 2022 20:17:25 +0100
+
 mailman (1:2.1.29-1+deb10u4) buster; urgency=medium
 
   * Non-maintainer upload by the Security Team.
diff -Nru mailman-2.1.29/debian/patches/1954694.patch 
mailman-2.1.29/debian/patches/1954694.patch
--- mailman-2.1.29/debian/patches/1954694.patch 1970-01-01 01:00:00.0 
+0100
+++ mailman-2.1.29/debian/patches/1954694.patch 2022-02-26 20:17:25.0 
+0100
@@ -0,0 +1,30 @@
+Description: CSRF check for user tokens should not be case sensitive
+ The fix for CVE-2021-42097 requires that the user submitting a user options
+ form match the user in the CSRF token submitted with the form, but the match 
is
+ case sensitive and should not be.
+ .
+ There is also a potential NameError exception in logging a mismatch.
+Origin: upstream, 
https://bugs.launchpad.net/mailman/+bug/1954694/+attachment/5547352/+files/patch.txt
+Bug: https://bugs.launchpad.net/mailman/+bug/1954694
+Bug-Debian: https://bugs.debian.org/1001685
+Forwarded: not-needed
+Last-Update: 2021-12-13
+
+=== modified file 'Mailman/CSRFcheck.py'
+--- old/Mailman/CSRFcheck.py   2021-11-30 17:50:49 +
 new/Mailman/CSRFcheck.py   2021-12-13 17:54:34 +
+@@ -85,11 +85,11 @@
+ # of the fix for CVE-2021-42096 but it must match the user for
+ # whom the options page is requested.
+ raw_user = UnobscureEmail(urllib.unquote(user))
+-if cgi_user and cgi_user != raw_user:
++if cgi_user and cgi_user.lower() != raw_user.lower():
+ syslog('mischief',
+'Form for user %s submitted with CSRF token '
+'issued for %s.',
+-   options_user, raw_user)
++   cgi_user, raw_user)
+ return False
+ context = keydict.get(key)
+ key, secret = mlist.AuthContextInfo(context, user)
+
diff -Nru mailman-2.1.29/debian/patches/series 
mailman-2.1.29/debian/patches/series
--- mailman-2.1.29/debian/patches/series2021-12-12 10:42:54.0 
+0100
+++ mailman-2.1.29/debian/patches/series2022-02-26 20:17:25.0 
+0100
@@ -16,3 +16,4 @@
 CVE-2021-43331.patch
 CVE-2021-43332.patch
 CVE-2021-44227.patch
+1954694.patch

Bug#1006524: libxrt-dev: package description not separated as short and long descriptions

2022-02-26 Thread Jonas Smedegaard

Package: libxrt-dev
Version: 202020.2.8.832+dfsg-1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package description is two things:

 * short description
 * long description

The package libxrt-dev wrongly treat short and long description as one
long description field.

Please rewrite as two separate description fields.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmIag4UACgkQLHwxRsGg
ASH2aA//Tdxy5bvSbdbaYRCOz9TJiHphP8Vn1TW+CPJjY6T8nN1O2XldmtPXZMRq
hPafl6FbCBVBwz6WoEGDBrF1Fg1g1kI9jomEaazpWeFIi5FsinkSOnDKN6lSnALk
iF/o+orNYq8r6nAqvnsb0WGRwYpp9X8Lov2Ym4n80QZPS13MWCWv930p+kSGGC0r
XUABjy0W33MKUByhFz7wcOau2fdNhw1zUStHnD8t5SWXM3Ddypqiqi7rssOM0r5s
Jf8sm/7B6gtV9Wp+30LPleWO+qttdslj18hOZDGoz48lXZdwMGqvIxMF2iQNW//g
snUbANKUTMbbH75oKl3aCCrDZS0EaWBuY5JC52H+hRXnmoZ6N1ctPTQc+ac6NyjH
hpn63fySXqN9XSCRqPxSaSR6D7rfA7S73XblOs7bc7c2wIdPPX+O+rlGZUuqMrPA
mmmaL8XRFm7zZSvw9fRC6itNm7H3gPE0+9KsE9llG4NQAqdUaGiAvfuTlAhszGv0
qDTGzLC3NRa28kEJ/7CconKbb3M1FK0NAr+3TTkDb0UTc8XWGxHnZqrI76LVu1WJ
6xCXSG++cM8SQYHXZTwzII19fmNvoBb4I6FxQNscUIYlegUop45jI8uS857js/re
IUMnMPfNQugkxLNo3jtaLG3J8Q+UGWLu9j7d5AusEOoO5mdrB/k=
=kyrl
-END PGP SIGNATURE-

Bug#982925: libgtk: print dialog lists autodetected printer twice

2022-02-26 Thread Daniel Gröber

Here are my test results:

TLDR:

- Printing via cups entry (be that cups-browsed or manual) always succeeds

- Printing via libgtk's fallback entry always fails

- Both proposed fixes work and succeed in removing the duplicate entry for
  cups-browsed, but not for a manually added printer with default name or
  when the user chooses a name that doesn't match the cups-browsed/libgtk
  mangling scheme.

Resultion: printing is still hell on earth :]



 * Which versions of cups-daemon and cups-filters-core-drivers are installed?

cups-filters-core-drivers   1.28.7-1
cups-daemon 2.3.3op2-3+deb11u1

 * Is cups-browsed installed? If yes, which version?

cups-browsed1.28.7-1

 * How many printers are physically present on your network?

One Brother HL-L5100DN

 * Have you configured a printer queue in CUPS manually, or are you only
   using auto-detection?
 * What printer names appear in the GTK print dialog?
 * For each printer name that appears:

With libgtk-3-0 =3.24.24-4 from bullsye, no cups, no browsed:

Brother-HL-L5100DN-series (prints garbage)

With libgtk-3-0 =3.24.24-4 from bullsye and cups-browsed auto-detection:

Brother-HL-L5100DN-series (prints garbage)
Brother_HL_L5100DN_series (works)

With libgtk-3-0 =3.24.24-4, cups manual config and default name[1]:

Brother-HL-L5100DN-series (prints garbage)
Brother_HL-L5100DN_series_ (works)

With libgtk-3-0 =3.24.24-4, cups manual config and corrected name[1]:

Note: with =3.24.24-4 the printer name has to be corrected to match
the all dash version for the merging logic to trigger so that what
we do here.

Brother-HL-L5100DN-series (works)

  Note: I call the entry that appears without cups/browsed the "fallback
  entry". The libgtk code doesn't do any sort of print job
  formatting/filtering that I could find just sending whatever internal
  representation libgtk uses (probably PDF) towards the printer hoping for
  the best.



With mr6.1 and cups-browsed auto-detection:

Brother_HL_L5100DN_series (works)

With mr6.1, cups manual config and default name[1]:

Brother_HL-L5100DN_series_ (works)
Brother_HL_L5100DN_series (Status: Rejecting jobs, won't print)

With mr6.1, cups manual config and corrected name[1]:

Note: Here we use all underscores in the configured printer name to
make the merging logic trigger.

Brother_HL_L5100DN_series (works)

With mr6.1, both cups manual and cups-browsed auto-config and corrected 
name[1]

Brother_HL_L5100DN_series (cups manual, works)
Brother_HL_L5100DN_series@brother-hl-l5100dn.local (cups-browsed, 
works)   



With mr9.1 and cups-browsed auto-detection:

Brother_HL_L5100DN_series (works)

With mr9.1, cups manual config and default name[1]:

Brother_HL-L5100DN_series_ (works)
Brother_HL_L5100DN_series (prints garbage)

With mr9.1, cups manual config and corrected name[1]:

Note: Here we use all underscores in the configured printer name to
make the merging logic trigger.

Brother_HL_L5100DN_series (works)

With mr9.1, both cups manual and cups-browsed auto-config and corrected 
name[1]

Brother_HL_L5100DN_series (cups manual, works)
Brother_HL_L5100DN_series@brother-hl-l5100dn.local (cups-browsed, works)


[1] About the cups default/corrected name:

cups puts a dash in HL-L5100DN and adds a trailing underscore to the
default name compared to cups-browsed auto configured name so merging of
the entries doesn't work if defaults are accepted.

Cups setup procedure:

apt-get purge 'cups-*'; rm -rf /etc/cups
apt-get install cups   (for cups-browse)
apt-get install cups --no-install-recommends   (no cups-browsed)

Manually adding printer via cups webinterface:

[Find New Printers]
 -> Brother HL-L5100DN series (Brother HL-L5100DN series (driverless))
 -> Name: Brother_HL-L5100DN_series_ (in default case)
 -> Make: Brother, Model: {current_make_and_model} - IPP Everywhere ^{TM}
 -> [Add Printer]

 * What printer names are listed in /etc/cups/printers.conf?

For cups-browsed:

 
(when manually configured printer would conflict)

For manual config:
 (default)
 (corrected for =3.24.24-4)
 (corrected for mr{6,}.1)

--Daniel


signature.asc
Description: PGP signature

Bug#1006522: bullseye-pu: package djbdns/1:1.05-13+deb11u1

2022-02-26 Thread Peter Pentchev

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: r...@debian.org

This is a future unblock request before I upload
djbdns-1:1.05-13+deb11u1 to fix an RC bug in stable.

[ Reason ]
See #996807 for more information; in short, the tinydns server
program may stop responding to DNS queries because it has
reached the process data size limit. The reason is that recent
versions of glibc appear to need more memory, so the value of
the limit that has been enough for many years now is no longer
adequate. Note that this only happens on some Debian architectures.

[ Impact ]
The authoritative server (tinydns) from the djbdns package will
stop responding to queries, thus not fulfilling its basic purpose.

[ Tests ]
The attached debdiff also backports some improvements to
the autopkgtest suite, including a new test that sends a lot of
queries to the tinydns server to make sure it keeps responding.

[ Risks ]
The fix itself should not pose any risk at all, except maybe when
running the tinydns server in extremely resource-contstrained
environments when the additional 100K now available to the tinydns
process may eat into some other processes' memory. However, it is
my belief that people running tinydns in such environments will
use their own configuration files or at least be mindful of
changes in the Debian packages.

The changes to the autopkgtest suite should also not pose any
risk at all: they are mostly code clean-up and simplification.
If, however, it is your opinion that they are too extensive,
I can prepare another upload that drops them and only adds
the "raise the process data size limit" patch itself.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The data limit for the djbdns services is raised by an additional
100,000 bytes to reflect the programs' needs imposed by glibc.

The autopkgtest suite's Python code is cleaned up.

The autopkgtest suite performs an additional check: run a lot of
queries against a tinydns server to make sure it keeps responding.

Thanks in advance for looking at this, and keep up the great work!

G'luck,
Peter
diff -Nru djbdns-1.05/debian/changelog djbdns-1.05/debian/changelog
--- djbdns-1.05/debian/changelog2020-07-28 00:03:21.0 +0300
+++ djbdns-1.05/debian/changelog2022-02-26 19:29:35.0 +0200
@@ -1,3 +1,18 @@
+djbdns (1:1.05-13+deb11u1) bullseye; urgency=medium
+
+  * Add the 0011-datalimit patch to catch up with recent versions of
+glibc generating larger executable files. Closes: #996807
+  * Several improvements to the Python tinytest autopkgtest tool:
+- use "with subprocess.Popen()"
+- simplify the command-line parsing a bit
+- minor import statement fixes
+- add a tox.ini file to make it easier to run static code checkers
+- turn a class into a dataclass
+- send a lot of queries to tinydns to make sure that the fix for
+  #996807 actually works
+
+ -- Peter Pentchev   Sat, 26 Feb 2022 19:29:35 +0200
+
 djbdns (1:1.05-13) unstable; urgency=medium
 
   * Do not even consider running tinydns during the package build.
diff -Nru djbdns-1.05/debian/patches/0011-datalimit.patch 
djbdns-1.05/debian/patches/0011-datalimit.patch
--- djbdns-1.05/debian/patches/0011-datalimit.patch 1970-01-01 
02:00:00.0 +0200
+++ djbdns-1.05/debian/patches/0011-datalimit.patch 2022-02-26 
19:29:35.0 +0200
@@ -0,0 +1,38 @@
+Description: Raise the axfrdns, dnscache, and tinydns data limit.
+Bug-Debian: https://bugs.debian.org/996807
+Author: Peter Pentchev 
+Last-Update: 2021-11-13
+
+--- a/axfrdns-conf.c
 b/axfrdns-conf.c
+@@ -50,7 +50,7 @@
+ 
+   start("run");
+   outs("#!/bin/sh\nexec 2>&1\nexec envdir ./env sh -c '\n  exec envuidgid "); 
outs(user);
+-  outs(" softlimit -d30 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
++  outs(" softlimit -d40 tcpserver -vDRHl0 -x tcp.cdb -- \"$IP\" 53 ");
+   outs(auto_home); outs("/sbin/axfrdns\n'\n");
+   finish();
+   perm(0755);
+--- a/dnscache-conf.c
 b/dnscache-conf.c
+@@ -118,7 +118,7 @@
+   seed_addtime(); perm(0644);
+   seed_addtime(); start("env/CACHESIZE"); outs("100\n"); finish();
+   seed_addtime(); perm(0644);
+-  seed_addtime(); start("env/DATALIMIT"); outs("300\n"); finish();
++  seed_addtime(); start("env/DATALIMIT"); outs("400\n"); finish();
+   seed_addtime(); perm(0644);
+   seed_addtime(); start("run");
+   outs("#!/bin/sh\nexec 2>&1\nexec &1\nexec envuidgid "); outs(user);
+-  outs(" envdir ./env softlimit -d30 ");
++  outs(" envdir ./env softlimit -d40 ");
+   outs(auto_home); outs("/sbin/tinydns\n");
+   finish();
+   perm(0755);
diff -Nru djbdns-1.05/debian/patches/series djbdns-1.05/debian/patches/series
--- djbdns-1.05/debian/patches/series

Bug#1006521: ITP: ttyplot -- realtime plotting utility for text mode consoles and terminals

2022-02-26 Thread Daniel Leidert

Package: wnpp
Severity: wishlist
Owner: Daniel Leidert 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: ttyplot
  Version : 1.4 + git commits since then
  Upstream Author : Antoni Sawicki 
* URL : https://github.com/tenox7/ttyplot
* License : Apache-2.0
  Programming Lang: C
  Description : realtime plotting utility for text mode consoles and 
terminals

ttyplot takes data from standard input or a unix pipeline and plots in text
mode on a terminal in real time. It supports rate calculation for counters
and up to two graphs on a single display using reverse video for the second
line.

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmIaaxIACgkQS80FZ8KW
0F1OgA//bAlGNJgjWrXdne+rtJfFHvL5naGYCkW/e7vStspw1kl81/gtJ4s/mMNe
U2qEkTPy6+oUQk/9Khb0liH9tE3h+dIaMFak0u+FSWle4DMcau9CI0rsQOYi6mYz
d6AZz02vbHezxMUR9oWKASqOIl6PyMF0fcdFzfanT900n4GfAyCzjlS4hAkxqd92
VDfQ6PcXUeOYTG7X/5FfQZtkfjFqW4OUIUaDAfJE4IoFy7LqVLKG1JsBXMGIzBqK
UF3KzG1+p1G+l12sHM4ENPKB2/5v1g6tcDcs8aez+XF/LvGIkS+gd+g1n4l1esYj
S8A7b5WspJXyLclu2RMsDta7R/Mp0WUfp5R5h7FYJgohGMiXtO87wzSkmquudL14
lxXifQj+mJjJ8D3/5GIMP4wMvYHEHoQ0I4rayJyIKPNvDpnnv1zV2o6nVNou+CCr
GR3lCBspCdY1xuIpidmC+udhdZnyQ0lfoXAOUu/lAOcjt7fmQGE4Ht+cHkMU4sh1
FV6p19jkdIdScxvkbs58H0AYOpPTs/yci+Ol/RnbTGJfZerc+GpBenv75VGcWtXZ
hGJwgSETXFd05+YN6tvLuLuxLHIpKknjec2DjqW3KCIUxOPK2ibLZRJ2BX3g2/RA
GJ/OA45hiXlJTSlQygMmluq4N8PD6ijauWY1YpD8RCxkih/iV5o=
=F4oI
-END PGP SIGNATURE-

Bug#1006517: openrct2: FTBFS with OpenSSL 3.0

2022-02-26 Thread Mathias Gibbens

forwarded 1006517 https://github.com/OpenRCT2/OpenRCT2/issues/16726
thanks

  Thanks for the report; I've forwarded it to the upstream developers.

Mathias


signature.asc
Description: This is a digitally signed message part

Bug#907691: petri-foo: License incompatibility: links with OpenSSL

On 2018-08-31 15:03:38 [+0300], Yavor Doganov wrote:
> Package: petri-foo
> Version: 0.1.87-4
> Severity: serious
> 
> This package is licensed under GPLv2 only but links with the OpenSSL
> library which makes it impossible for distribution as the licenses are
> incompatible.  See
> 
> https://www.gnu.org/licenses/license-list.html#OpenSSL
> https://people.gnome.org/~markmc/openssl-and-the-gpl.html
> 
> You either have to ask the copyright holders to release it under GPL +
> OpenSSL exception or modify it to link with another cryptographic
> library such as GnuTLS.

OpenSSL is considered as a system library so there should no license
restriction, see #924937.
OpenSSL 3 in experimantal is licensed under the Apache-2 license.

Sebastian

Bug#1006520: pdns-recursor: FTBFS with OpenSSL 3.0

Source: pdns-recursor
Version: 4.6.0-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| g++ -std=c++17 -DHAVE_CONFIG_H -I.  -I/usr/include/luajit-2.1 -I./ext/yahttp 
-pthread  -DNETSNMP_USE_INLINE -DNETSNMP_ENABLE_IPV6 -DNETSNMP_REMOVE_U64 
-DNETSNMP_USE_INLINE   -O3 -Wall -pthread -DSYSCONFDIR=\"/etc/powerdns\"  
-I./ext/json11 -I./ext/protozero/include -I./ext/yahttp  
-DBOOST_CONTAINER_USE_STD_EXCEPTIONS  -I/usr/include/luajit-2.1  -Wdate-time 
-D_FORTIFY_SOURCE=2 -DSYSCONFDIR=\"/etc/powerdns\" 
-DPKGLIBDIR=\"/usr/lib/x86_64-linux-gnu/pdns-recursor\" 
-DLOCALSTATEDIR=\"/var/run\"  -fPIE -DPIE -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 
--param ssp-buffer-size=4 -fstack-protector -Wall -Wextra -Wshadow 
-Wno-unused-parameter -Wmissing-declarations -Wredundant-decls -g -O2 -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -DPACKAGEVERSION='"4.6.0-1.Debian"' -c -o base64.o 
base64.cc
| g++ -std=c++17 -DHAVE_CONFIG_H -I.  -I/usr/include/luajit-2.1 -I./ext/yahttp 
-pthread  -DNETSNMP_USE_INLINE -DNETSNMP_ENABLE_IPV6 -DNETSNMP_REMOVE_U64 
-DNETSNMP_USE_INLINE   -O3 -Wall -pthread -DSYSCONFDIR=\"/etc/powerdns\"  
-I./ext/json11 -I./ext/protozero/include -I./ext/yahttp  
-DBOOST_CONTAINER_USE_STD_EXCEPTIONS  -I/usr/include/luajit-2.1  -Wdate-time 
-D_FORTIFY_SOURCE=2 -DSYSCONFDIR=\"/etc/powerdns\" 
-DPKGLIBDIR=\"/usr/lib/x86_64-linux-gnu/pdns-recursor\" 
-DLOCALSTATEDIR=\"/var/run\"  -fPIE -DPIE -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 
--param ssp-buffer-size=4 -fstack-protector -Wall -Wextra -Wshadow 
-Wno-unused-parameter -Wmissing-declarations -Wredundant-decls -g -O2 -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -DPACKAGEVERSION='"4.6.0-1.Debian"' -c -o credentials.o 
credentials.cc
| credentials.cc: In function â€˜std::string hashPasswordInternal(const 
string&, const string&, uint64_t, uint64_t, uint64_t)â€™:
| credentials.cc:109:46: error: invalid conversion from â€˜const void*â€™ to 
â€˜const char*â€™ [-fpermissive]
|   109 |   if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), reinterpret_cast(password.data()), password.size()) <= 0) {
|   |  
^~
|   |  |
|   |  const void*
| In file included from credentials.cc:33:
| /usr/include/openssl/kdf.h:119:63: note:   initializing argument 2 of â€˜int 
EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX*, const char*, int)â€™
|   119 | int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
|   |   ^~~~
| make[3]: *** [Makefile:1645: credentials.o] Error 1
| make[3]: Leaving directory '/<>'
| make[2]: *** [Makefile:1764: all-recursive] Error 1
| make[2]: Leaving directory '/<>'
| make[1]: *** [Makefile:1314: all] Error 2
| make[1]: Leaving directory '/<>'
| dh_auto_build: error: make -j1 returned exit code 2

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#1006519: openvpn: FTBFS with OpenSSL 3.0

Source: openvpn
Version: 2.5.5-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0
control: forwarded -1

Your package is failing to build using OpenSSL 3.0 with the
following error:

| Testing cipher CHACHA20-POLY1305... OK
| Testing cipher SEED-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
|Testing cipher SM4-CBC... OK
| Testing cipher SM4-CFB... OK
| Testing cipher SM4-OFB... OK
| Testing cipher BF-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a

Bug#1006439: Spamassasin is ignoring own rules

2022-02-26 Thread Noah Meyerhans

Control: tags -1 + moreinfo

Hello Karsten,

On Fri, Feb 25, 2022 at 01:57:08PM +0100, karsten wrote:
> i think this is not a bug and spamassassin is simply not using the rules.
> First i have added my own rules to /etc/spamassassin/local.cf without success.
> Because this has no effect i put the files in an extra file 
> /etc/spamassassin/myrules.cf
> This is ignored too.

How are you testing your rule?  Does spamassassin --lint report anything
notable?  Also consider adding the '-D' flag to generate copious
additional debug output.

I have done the following to test it, and things seem to work as
expected:

1. Install the rules:

root@a103ba41188a:/# cat > /etc/spamassassin/test.cf
header CONTAINS_SUB Subject =~
/(Sex|Potenz|Dating|Finanz|FFP-2|M[aä]dchen|Bett|ficken)/i
score CONTAINS_SUB 5
describe CONTAINS_SUB Betreff enthält Spam-Wörter

2. Construct a message to trigger the rule:

root@a103ba41188a:/# sed 's,Subject:.*,Subject: Potenz,; 
s,GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL,,' 
/usr/share/doc/spamassassin/examples/sample-spam.txt > /tmp/test.txt

3. Process the message with spamassassin. Note the report results at the
bottom:

Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender 
To: Recipient 
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN**C.34X

You should send this test mail from an account outside of your network.

Spam detection software, running on the system "a103ba41188a",
has NOT identified this incoming email as spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  This is the GTUBE, the Generic Test for Unsolicited Bulk Email
   If your spam filter supports it, the GTUBE provides a test by which you can
   verify that the filter is installed correctly and is detecting incoming spam.
   You can send yourself a test mail containing t [...] 

Content analysis details:   (4.9 points, 5.0 required)

 pts rule name  description
 -- --
 5.0 CONTAINS_SUB   Betreff enthält Spam-Wörter
-0.0 NO_RELAYS  Informational: message was not relayed via SMTP
-0.0 NO_RECEIVEDInformational: message has no Received headers

Bug#1006518: nfs-common: mount nfsv4 hangs

2022-02-26 Thread Rafal Olejnik

Package: nfs-common
Version: 1:2.6.1-1
Severity: important

After nfs-common and libnfsidmap update to version
ii  libnfsidmap1:amd64 1:2.6.1-1 amd64  
  NFS idmapping library
ii  nfs-common 1:2.6.1-1 amd64  
  NFS support files common to client and server

mounting nfs v4 hangs, no visible output in dmesg, switching to vers=3 works 
fine.
rpcdebug shows:
Feb 26 15:00:43 vostro kernel: [ 1215.145253] nfs_create_rpc_client: cannot 
create RPC client. Error = -22  

   
Feb 26 15:00:43 vostro kernel: [ 1215.159259] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.162745] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.163454] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.164258] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.165173] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.166036] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.166853] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.167682] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.168433] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:43 vostro kernel: [ 1215.169193] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:44 vostro kernel: [ 1215.273955] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:44 vostro kernel: [ 1215.477807] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:44 vostro kernel: [ 1215.885686] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:45 vostro kernel: [ 1216.717869] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:47 vostro kernel: [ 1218.349984] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:50 vostro kernel: [ 1221.745568] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:00:57 vostro kernel: [ 1228.397803] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:01:10 vostro kernel: [ 1241.453733] nfs41_sequence_process: Error 0 
free the slot 
Feb 26 15:01:22 vostro kernel: [ 1253.340717] <-- nfs4_try_get_tree() = -4 
[error]
Feb 26 15:01:22 vostro kernel: [ 1253.364230] NFS: Got error -512 from the 
server on DESTROY_SESSION. Session has been destroyed regardless...
Feb 26 15:01:22 vostro kernel: [ 1253.364360] NFS: Got error -512 from the 
server NAS on DESTROY_CLIENTID.

did a test on clean 'testing' vm, and after upgrading to 'unstable' same issue 
occured



-- Package-specific info:
-- rpcinfo --
   program vers proto   port  service
104   tcp111  portmapper
103   tcp111  portmapper
102   tcp111  portmapper
104   udp111  portmapper
103   udp111  portmapper
102   udp111  portmapper
1000241   udp  60287  status
1000241   tcp  60425  status
-- /etc/default/nfs-common --
NEED_STATD=
STATDOPTS=
NEED_IDMAPD=
NEED_GSSD=
-- /etc/idmapd.conf --
[General]
Verbosity = 0
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nfs-common depends on:
ii  adduser  3.118
ii  init-system-helpers  1.62
ii  keyutils 1.6.1-2
ii  libc62.33-7
ii  libcap2  1:2.44-1
ii  libcom-err2  1.46.5-2
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libevent-core-2.1-7  2.1.12-stable-1
ii  libgssapi-krb5-2 1.19.2-2
ii  libkeyutils1 1.6.1-2
ii  libkrb5-31.19.2-2
ii  libmount12.37.3-1+b1
ii  libnfsidmap1 1:2.6.1-1
ii  libtirpc31.3.2-2
ii  libwrap0 7.6.q-31
ii  lsb-base 11.1.0
ii  python3  3.9.8-1
ii  rpcbind  1.2.6-2
ii  ucf  3.0043

nfs-common recommends no packages.

Versions of packages nfs-common suggests:
pn  open-iscsi  
pn  watchdog

-- no debconf information

Bug#1006517: openrct2: FTBFS with OpenSSL 3.0

Source: openrct2
Version: 0.3.5.1+ds-3
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| [ 22%] Building CXX object 
CMakeFiles/libopenrct2.dir/src/openrct2/core/Crypt.OpenSSL.cpp.o
| /usr/bin/c++ -DOPENGL_NO_LINK -DUSE_BENCHMARK 
-D__WARN_SUGGEST_FINAL_METHODS__ -D__WARN_SUGGEST_FINAL_TYPES__ 
-I/<> -I/<>/libopenrct2 -isystem 
/usr/include/freetype2 -isystem /usr/include/libpng16 -isystem 
/usr/include/uuid -isystem /<>/src/openrct2/../thirdparty -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 
-fstrict-overflow -fstrict-aliasing -Werror -Wundef -Wmissing-declarations 
-Winit-self -Wall -Wextra -Wshadow -Wno-unknown-pragmas -Wno-missing-braces 
-Wno-comment -Wnonnull -Wno-unused-parameter -DDEBUG=0 -fPIC -Wsuggest-override 
-Wduplicated-cond -Wnon-virtual-dtor -Wduplicated-branches -Wrestrict 
-Wmissing-field-initializers -Wlogical-op -Wold-style-cast 
-Wunused-const-variable=1 -Wno-clobbered -Wredundant-decls -Wnull-dereference 
-Wsuggest-final-types -Wsuggest-final-methods -Wignored-qualifiers 
-Wstrict-overflow=1 -D__ENABLE_LIGHTFX__ -DENABLE_SCRIPTING -std=gnu++17 -MD 
-MT CMakeFiles/libopenrct2.dir/src/openrct2/core/Crypt.OpenSSL.cpp.o -MF 
CMakeFiles/libopenrct2.dir/src/openrct2/core/Crypt.OpenSSL.cpp.o.d -o 
CMakeFiles/libopenrct2.dir/src/openrct2/core/Crypt.OpenSSL.cpp.o -c 
/<>/src/openrct2/core/Crypt.OpenSSL.cpp
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp: In member function 
â€˜void OpenSSLRsaKey::SetKey(std::string_view, bool)â€™:
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:191:58: error: â€˜RSA* 
PEM_read_bio_RSAPrivateKey(BIO*, RSA**, int (*)(char*, int, int, void*), 
void*)â€™ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   191 | auto rsa = isPrivate ? PEM_read_bio_RSAPrivateKey(bio, 
nullptr, nullptr, nullptr)
|   |
~~^~~~
| In file included from /<>/src/openrct2/core/Crypt.OpenSSL.cpp:15:
| /usr/include/openssl/pem.h:447:1: note: declared here
|   447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
|   | ^~
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:192:57: error: â€˜RSA* 
PEM_read_bio_RSAPublicKey(BIO*, RSA**, int (*)(char*, int, int, void*), 
void*)â€™ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   192 |  : PEM_read_bio_RSAPublicKey(bio, 
nullptr, nullptr, nullptr);
|   |
~^~~~
| In file included from /<>/src/openrct2/core/Crypt.OpenSSL.cpp:15:
| /usr/include/openssl/pem.h:448:1: note: declared here
|   448 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
|   | ^~~
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:201:40: error: â€˜int 
RSA_check_key(const RSA*)â€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   201 | if (isPrivate && !RSA_check_key(rsa))
|   |   ~^
| In file included from /usr/include/openssl/x509.h:36,
|  from /usr/include/openssl/pem.h:23,
|  from /<>/src/openrct2/core/Crypt.OpenSSL.cpp:15:
| /usr/include/openssl/rsa.h:278:27: note: declared here
|   278 | OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *);
|   |   ^
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:203:21: error: â€˜void 
RSA_free(RSA*)â€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   203 | RSA_free(rsa);
|   | ^
| In file included from /usr/include/openssl/x509.h:36,
|  from /usr/include/openssl/pem.h:23,
|  from /<>/src/openrct2/core/Crypt.OpenSSL.cpp:15:
| /usr/include/openssl/rsa.h:293:28: note: declared here
|   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
|   |^~~~
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:210:26: error: â€˜int 
EVP_PKEY_set1_RSA(EVP_PKEY*, rsa_st*)â€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   210 | EVP_PKEY_set1_RSA(_evpKey, rsa);
|   | ~^~
| In file included from /<>/src/openrct2/core/Crypt.OpenSSL.cpp:14:
| /usr/include/openssl/evp.h:1344:5: note: declared here
|  1344 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
|   | ^
| /<>/src/openrct2/core/Crypt.OpenSSL.cpp:211:17: error: â€˜void 
RSA_free(RSA*)â€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   211 | RSA_free(rsa);
|   | ^
| In file included from /usr/include/openssl/x509.h:36,
|  from /usr/include/openssl/pem.h:23,
|

Bug#1006374: graphicsmagick breaks ruby-mini-magick autopkgtest: Failure/Error: expect(subject["EXIF:Flash"]).to eq "0"

2022-02-26 Thread GCS

On Sat, Feb 26, 2022 at 4:56 PM Bob Friesenhahn
 wrote:
> I believe that the problem is that mini-magick is retrieving EXIF
> attributes in 'ping' mode but the changeset which caused the problem
> only returns the attributes if the image data was read.  The solution
> was just to move some code.
 Indeed, that was it. Packaged and going to upload the package soon.

> The purpose of 'ping' mode is to avoid expensive operations while
> retrieving basic properties.  In this particular case, the harm would
> already have been done even in 'ping' mode so returning the profiles
> does not incur any additional cost.
 Thanks for the explanation and for the fix itself.

Regards,
Laszlo/GCS

Bug#1006516: nordugrid-arc: FTBFS with OpenSSL 3.0

Source: nordugrid-arc
Version: 6.14.0-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| PASS: UsernameTokenTest
| .There is not wsu:Id attribute in soap body, add a new one
| Envelope: http://www.w3.org/2005/08/addressing; 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 
-wss-wssecurity-utility-1.0.xsd" 
xmlns:soap-enc="http://www.w3.org/2003/05/soap-encoding; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema; xmlns 
:xsi="http://www.w3.org/2001/XMLSchema-instance; 
xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope;>  http://docs.oasis-open.org/wss/oasis-wss-wssec 
urity-secext-1.1.xsd">  http://docs.oasis-open.org/wss/2004/01/oasi 
s-200401-wss-x509-token-profile-1.0#X509v3" 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage-security-1.0#B
 ase64Binary">MIIDYTCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAqMQ0wCwYDVQQKDARHcmlk
| MQwwCgYDVQQLDANBUkMxCzAJBgNVBAMMAkNBMB4XDTIyMDIyNjE2MDgwMloXDTIy
| MDMyODE2MDgwMlowMTENMAsGA1UECgwER3JpZDEMMAoGA1UECwwDQVJDMRIwEAYD
| VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5
| ifhVzIClYXCcNfKFIVMxR4rl39M9OTr3K9wwg8bK5mZOoPZGixiE8UpyxX//nnK8
| 2Hsw3Sfl9ycoKnzxHSliD81MTuAemYqL95xbM3OT2rogtxEpw7rD/taqCP2PW0rh
| CrtXdlpw0bfEyO8WqyNb8/O8D8UWvcOipn1go1WgQo71IaS15WW7s02PHZVIH0xA
| nPX+nWMWKIzLomejELtQl7fPkkzVDLvHB9Ny0szW2vfLduVRialeAxD/0XmwNtiH
| mYKhIyrwVParFmybjOMHeVi+1STGgCdneO5YlXbh+RkpKUgwS9ds44u8sJaoD5Ge
| LBS30VpjyerLw3HLk+TXAgMBAAGjgYowgYcwGAYDVR0RBBEwD4INRE5TOmxvY2Fs
| aG9zdDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
| ATAdBgNVHQ4EFgQU+CzEas3y2XHQfe4w4WFiNNRRrL0wHwYDVR0jBBgwFoAU+L3m
| 0yjZ/RPNT78dOH2CBbzHAMgwDQYJKoZIhvcNAQELBQADggEBAFfwiGbc3x0I5lDW
| QvhtYHzY+a76suKj5c6V//LRzESE84+Em9uvDmNMhJKA5a5DOc1dTzCF8hBYACoj
| Q9Duch/aZno1Kp2jJhEevIk2sr3KHL5zjoVyvJAWx6oFaWJHoEeJPAVBHWZVzrzm
| 4GMdItt4JdA3EmlZpXfHk4YSCtWXfKkYNWsaXOcdTQPVOBO64+6jITXl0KMGZA+3
| zGLTISAYW/fBoyFvRqe8QXHbOnTdlgGFA+SMChF4KJ5ohjtM2HmfQl6f5ChGDZ4r
| /61RwQV25NwUT5MPFgvcMffvmMxwastbe7iH4d+OH5Rg4tzx1bCapFw0+AKu0tN/
| SyWS0jg=http://www.w3.org/2000/09/xmldsig#;>
| 
| http://www.w3.org/2001/10/xml-exc-c14n#"/>
| http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
| 
| 
| http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
| http://www.w3.org/2001/10/xml-exc-c14n#"/>
| 
| http://www.w3.org/2000/09/xmldsig#sha1"/>
| Ahent2k5+9UuVCkbkIgVycWUQE8=
| 
| 
| 
| http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
| http://www.w3.org/2001/10/xml-exc-c14n#"/>
| 
| http://www.w3.org/2000/09/xmldsig#sha1"/>
| StQe2sQQTtLnTV5Dhe5+3MorSLA=
| 
| 
| 
DyWVPP/GAdVgIQd68J54rx7GCc9eJcoCyX99XCaMCoxBBAWKKVDhPBZEmQYL8fgm
| PkA7+q+loDejgdepwWrzEDMBPhI1LDUKwu/w6W/w+SLJDj06jerUCmEZDsfyOZqs
| j1Iq5D4bsbhimdhCEzRYdNpCavIR5PsQwbF2aRz2BFgMLEsac3zimZzJUmTzaOTF
| D7heoNX+OlKYdgDkmcQ49AWcjnWO4fr1a0IJxv1EC9tblqRZD5/dzuU4BHIr841D
| e7vE8dj2TAlLr6qCBBm/yz6kMY6kO0ya6iCV0V87HqkvjOnszwlyhkSTrONUPKut
| e7wztvWEew8aWkUeVr0o1Q==
| 
|
   http://example.com/fabrikam;>   42  
| Can not load public key
| 
F.func=xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:file=app.c:line=1282:obj=unknown:subj=key
 != NULL:error=100:assertion:
| Failed to add key from ../../credential/test/host_cert.pem to keys manager
| func=xmlSecKeyDestroy:file=keys.c:line=553:obj=unknown:subj=key != 
NULL:error=100:assertion:
| 
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=779:obj=unknown:subj=unknown:error=45:key
 is not found:encMethod=rsa-1_5
| 
func=xmlSecEncCtxBinaryEncrypt:file=xmlenc.c:line=296:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec
 library function failed:
| 
func=xmlSecKeyDataEncryptedKeyXmlWrite:file=keyinfo.c:line=1438:obj=enc-key:subj=xmlSecEncCtxBinaryEncrypt:error=1:xmlsec
 library function f ailed:
| 
func=xmlSecKeyInfoNodeWrite:file=keyinfo.c:line=182:obj=enc-key:subj=xmlSecKeyDataXmlWrite:error=1:xmlsec
 library function failed:node=Encry ptedKey
| 
func=xmlSecEncCtxEncDataNodeWrite:file=xmlenc.c:line=832:obj=unknown:subj=xmlSecKeyInfoNodeWrite:error=1:xmlsec
 library function failed:
| 
func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=396:obj=unknown:subj=xmlSecEncCtxEncDataNodeWrite:error=1:xmlsec
 library function failed:
| Encryption failed
| Body new : 
| http://www.w3.org/2003/05/soap-envelope;>
http://example.com/fabrikam;>   42 
 
| 
| Encrypted data :
| 
func=xmlSecPtrListEmpty:file=list.c:line=141:obj=unknown:subj=xmlSecPtrListIsValid(list):error=100:assertion:
| 
func=xmlSecPtrListEmpty:file=list.c:line=141:obj=unknown:subj=xmlSecPtrListIsValid(list):error=100:assertion:
| 
func=xmlSecPtrListFinalize:file=list.c:line=127:obj=unknown:subj=xmlSecPtrListIsValid(list):error=100:assertion:
| 
func=xmlSecPtrListFinalize:file=list.c:line=127:obj=unknown:subj=xmlSecPtrListIsValid(list):error=100:assertion:
|

Bug#1006515: RM: go-md2man -- RoQA; superseded by go-md2man-v2

2022-02-26 Thread Shengjing Zhu

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: z...@debian.org

Hi,

Please remove source:go-md2man and bin:golang-github-cpuguy83-go-md2man-dev

The package name may confuse you.

source:go-md2man builds bin:golang-github-cpuguy83-go-md2man-dev
source:go-md2man-v2 builds bin:go-md2man and 
bin:golang-github-cpuguy83-go-md2man-v2-dev

I use `dak rm -Rn go-md2man` to check, but it seems the command has false 
positives
for bin:go-md2man.

But `dak rm -Rn -b golang-github-cpuguy83-go-md2man-dev` doesn't complain.

Bug#1006514: ITP: termpaint -- low level terminal access

2022-02-26 Thread Christoph Hueffelmann


X-Debbugs-Cc: debian-de...@lists.debian.org, textsh...@uchuujin.de
Subject: ITP: termpaint -- low level terminal access
Package: wnpp
Owner: Christoph Hueffelmann 
Severity: wishlist

* Package name: termpaint
  Version : 0.3.0
  Upstream Author : Martin Hostettler 
* URL : https://github.com/termpaint/termpaint
* License : BSL-1.0
  Programming Lang: C, C++
  Description : low level terminal access

Termpaint is a low level terminal interface library for
character-cell terminals in the tradition of VT1xx (like xterm, etc).
It’s designed to be portable and flexible to integrate. It covers event
handling and rendering.

Bug#1000550: RM: elpy -- RoQA; FTBFS; unmaintained upstream

2022-02-26 Thread Andrey Rahmatullin

On Sat, Feb 26, 2022 at 09:12:10AM -0700, Nicholas D Steeves wrote:
> With that date fast approaching, I decided it was time to test another
> snapshot.  elpy_1.35.0+48.g4248dcc-1 (unreleased in git) is much
> improved. 
Great!

> The community is slow moving, but is making progress.  I won't be able
> to properly investigate the single failing test (down from hundreds
> IIRC) relevant to bookworm before late March.  Given the progress
> upstream has made, I believe this bug may be closed, because the current
> state of Elpy (on Salsa) is now a single failing test, where it was
> hundreds with stalled upstream development before.  If kept open, please
> feel free to ping me in April if progress on the remaining issue appears
> to have stalled.
I have no personal stakes in this except for QA considerations for the
Python Team so I'll let Scott decide.
Thank you for your contributions.


-- 
WBR, wRAR


signature.asc
Description: PGP signature

Bug#1000550: RM: elpy -- RoQA; FTBFS; unmaintained upstream

2022-02-26 Thread Nicholas D Steeves

Hi Andrew and ftpmasters,

Andrey Rahmatullin  writes:

> On Wed, Nov 24, 2021 at 04:18:23PM -0500, Nicholas D Steeves wrote:
[snip]
>> 
>> Thank you for reminding me about this upstream thread.  Yes, it's
>> definitely time that I post another follow-up message there.
>> 
>> Could we please defer this removal until at least 2022-03-07 as a
>> reasonable compromise?

[snip]

> Hi Nicholas. This is now up to ftp-masters but I'll state my opinion on
> this.
> Out of 8 or so RM requests for Python FTBFS stuff not in testing that I
> filed yesterday this one was the hardest, but I decided to send it both
> because a maintainer can object to it and because removing a package even
> from sid is not the end of life for the package.

[snip]

> So on one hand I'm fine with keeping this package in sid if it provides
> some value to its users and will keep doing that when Python 3.10 is the
> default in sid, though the FTP/Release/Security teams may have another
> view on this as it FTBFS, and on the other hand I don't see a huge problem
> with removing it, especially if it doesn't work, as it can always be
> reinstated.
>
>> I'm also not sure what would be a sensitive way to broach a deadline
>> upstream.
> As mentioned above, I don't think this is necessary. What is necessary is
> fixing the RC bugs which can be done by the community.
>

Thanks for the rationale tip!  I didn't mention the deadline I had in
mind anywhere else nor to anyone else.

With that date fast approaching, I decided it was time to test another
snapshot.  elpy_1.35.0+48.g4248dcc-1 (unreleased in git) is much
improved.  With Python 3.9 it now shows:

  Ran 466 tests, 438 results as expected, 3 unexpected, 25 skipped (2022-02-26 
15:12:25+, 46.147115 sec)

  3 unexpected results:
 FAILED  elpy-pdb-debug-buffer-from-beginning-should-enter-pdb
 FAILED  elpy-profile-buffer-or-region-test-fail
 FAILED  elpy-profile-buffer-or-region-test-indir-failed

and with Python 3.10:

  Ran 466 tests, 440 results as expected, 1 unexpected, 25 skipped (2022-02-26 
15:53:30+, 34.279938 sec)

  1 unexpected results:
 FAILED  elpy-pdb-debug-buffer-from-beginning-should-enter-pdb

The community is slow moving, but is making progress.  I won't be able
to properly investigate the single failing test (down from hundreds
IIRC) relevant to bookworm before late March.  Given the progress
upstream has made, I believe this bug may be closed, because the current
state of Elpy (on Salsa) is now a single failing test, where it was
hundreds with stalled upstream development before.  If kept open, please
feel free to ping me in April if progress on the remaining issue appears
to have stalled.

Best,
Nicholas

signature.asc
Description: PGP signature

Bug#1006513: openpace: FTBFS with OpenSSL 3.0

Source: openpace
Version: 1.1.0+ds-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -DCVCDIR=\"/etc/eac/cvc\" 
-DX509DIR=\"/etc/eac/x509\" -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 
-ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
-Werror=format-security -Wall -pedantic -c cv_cert.c  -fPIC -DPIC -o 
.libs/libeac_la-cv_cert.o
| In file included from ./eac/cv_cert.h:37,
|  from ./eac/eac.h:35,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| cv_cert.c:225:1: error: conflicting types for â€˜i2d_CVC_CERTâ€™; have 
â€˜int(const CVC_CERT *, unsigned char **)â€™ {aka â€˜int(const struct 
cvc_cert_seq_st *, unsigned char **)â€™}
|   225 | IMPLEMENT_ASN1_FUNCTIONS(CVC_CERT)
|   | ^~~~
| In file included from ./eac/eac.h:35,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| ./eac/cv_cert.h:341:5: note: previous declaration of â€˜i2d_CVC_CERTâ€™ with 
type â€˜int(CVC_CERT *, unsigned char **)â€™ {aka â€˜int(struct cvc_cert_seq_st 
*, unsigned char **)â€™}
|   341 | int i2d_CVC_CERT(CVC_CERT *a, unsigned char **out);
|   | ^~~~
| cv_cert.c: In function â€˜CVC_pubkey2rsaâ€™:
| cv_cert.c:542:5: warning: â€˜RSA_newâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   542 | rsa = RSA_new();
|   | ^~~
| In file included from ssl_compat.h:8,
|  from cv_cert.c:37:
| /usr/include/openssl/rsa.h:201:28: note: declared here
|   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
|   |^~~
| cv_cert.c:546:5: warning: â€˜RSA_set0_keyâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   546 | check(RSA_set0_key(rsa,
|   | ^
| In file included from ssl_compat.h:8,
|  from cv_cert.c:37:
| /usr/include/openssl/rsa.h:207:27: note: declared here
|   207 | OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, 
BIGNUM *d);
|   |   ^~~~
| cv_cert.c:553:5: warning: â€˜EVP_PKEY_set1_RSAâ€™ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]
|   553 | ok = EVP_PKEY_set1_RSA(out, rsa);
|   | ^~
| In file included from /usr/include/openssl/cmac.h:25,
|  from ./eac/eac.h:39,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| /usr/include/openssl/evp.h:1344:5: note: declared here
|  1344 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
|   | ^
| cv_cert.c:557:9: warning: â€˜RSA_freeâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   557 | RSA_free(rsa);
|   | ^~~~
| In file included from ssl_compat.h:8,
|  from cv_cert.c:37:
| /usr/include/openssl/rsa.h:293:28: note: declared here
|   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
|   |^~~~
| cv_cert.c: In function â€˜CVC_pubkey2eckeyâ€™:
| cv_cert.c:575:9: warning: â€˜EC_KEY_newâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   575 | ec = EC_KEY_new();
|   | ^~
| In file included from ./eac/eac.h:40,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| /usr/include/openssl/ec.h:966:31: note: declared here
|   966 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new(void);
|   |   ^~
| cv_cert.c:587:13: warning: â€˜EC_KEY_freeâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   587 | EC_KEY_free(ec);
|   | ^~~
| In file included from ./eac/eac.h:40,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| /usr/include/openssl/ec.h:1001:28: note: declared here
|  1001 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
|   |^~~
| cv_cert.c:592:9: warning: â€˜EVP_PKEY_set1_EC_KEYâ€™ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]
|   592 | ok = EVP_PKEY_set1_EC_KEY(key, ec);
|   | ^~
| In file included from /usr/include/openssl/cmac.h:25,
|  from ./eac/eac.h:39,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| /usr/include/openssl/evp.h:1370:5: note: declared here
|  1370 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
|   | ^~~~
| cv_cert.c:593:9: warning: â€˜EC_KEY_freeâ€™ is deprecated: Since OpenSSL 3.0 
[-Wdeprecated-declarations]
|   593 | EC_KEY_free(ec);
|   | ^~~
| In file included from ./eac/eac.h:40,
|  from eac_asn1.h:31,
|  from cv_cert.c:32:
| /usr/include/openssl/ec.h:1001:28: note: declared here
|  1001 |

Bug#1006512: ocaml-cohttp: FTBFS with OpenSSL 3.0

Source: ocaml-cohttp
Version: 4.0.0-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0
control: forwarded -1

Your package is failing to build using OpenSSL 3.0 with the
following error:

| OCAMLPATH=/<>/_tmp/usr/lib/ocaml dune build -p cohttp-lwt-unix
| ocamlopt cohttp-lwt-unix/bin/cohttp_curl_lwt.exe (exit 2)
| (cd _build/default && /usr/bin/ocamlopt.opt -w -40 -g -o 
cohttp-lwt-unix/bin/cohttp_curl_lwt.exe /usr/lib/ocaml/fmt/fmt.cmxa 
/usr/lib/ocaml/logs/logs.cmxa /usr/lib/ocaml/result/result.cmxa 
/usr/lib/ocaml/lwt/lwt.cmxa /usr/lib/ocaml/logs/logs_lwt.cmxa 
/usr/lib/ocaml/unix.cmxa -I /usr/lib/ocaml /usr/lib/ocaml/bigarray.cmxa -I 
/usr/lib/ocaml /usr/lib/ocaml/sexplib0/sexplib0.cmxa 
/usr/lib/ocaml/base/caml/caml.cmxa /usr/lib/ocaml/parsexp/parsexp.cmxa 
/usr/lib/ocaml/sexplib/sexplib.cmxa /usr/lib/ocaml/macaddr/macaddr.cmxa 
/usr/lib/ocaml/domain-name/domain_name.cmxa /usr/lib/ocaml/ipaddr/ipaddr.cmxa 
/usr/lib/ocaml/ppx_sexp_conv/runtime-lib/ppx_sexp_conv_lib.cmxa 
/usr/lib/ocaml/ipaddr-sexp/ipaddr_sexp.cmxa 
/usr/lib/ocaml/stringext/stringext.cmxa 
/usr/lib/ocaml/bigarray-compat/bigarray_compat.cmxa 
/usr/lib/ocaml/bigstringaf/bigstringaf.cmxa -I /usr/lib/ocaml/bigstringaf 
/usr/lib/ocaml/angstrom/angstrom.cmxa /usr/lib/ocaml/uri/uri.cmxa 
/usr/lib/ocaml/astring/astring.cmxa /usr/lib/ocaml/conduit/conduit.cmxa 
/usr/lib/ocaml/conduit-lwt/conduit_lwt.cmxa 
/usr/lib/ocaml/magic-mime/magic_mime_library.cmxa /usr/lib/ocaml/mmap/mmap.cmxa 
/usr/lib/ocaml/ocplib-endian/ocplib_endian.cmxa 
/usr/lib/ocaml/ocplib-endian/bigstring/ocplib_endian_bigstring.cmxa 
/usr/lib/ocaml/threads/threads.cmxa -I /usr/lib/ocaml 
/usr/lib/ocaml/lwt/unix/lwt_unix.cmxa -I /usr/lib/ocaml/lwt/unix 
/usr/lib/ocaml/uri/services/uri_services.cmxa 
/usr/lib/ocaml/ipaddr/unix/ipaddr_unix.cmxa /usr/lib/ocaml/ssl/ssl.cmxa -I 
/usr/lib/ocaml/ssl /usr/lib/ocaml/lwt_ssl/lwt_ssl.cmxa 
/usr/lib/ocaml/conduit-lwt-unix/conduit_lwt_unix.cmxa /usr/lib/ocaml/re/re.cmxa 
/usr/lib/ocaml/uri-sexp/uri_sexp.cmxa /usr/lib/ocaml/base64/base64.cmxa 
/<>/_tmp/usr/lib/ocaml/cohttp/cohttp.cmxa 
/<>/_tmp/usr/lib/ocaml/cohttp-lwt/cohttp_lwt.cmxa 
/usr/lib/ocaml/logs/logs_fmt.cmxa cohttp-lwt-unix/src/cohttp_lwt_unix.cmxa 
cohttp_server/cohttp_server.cmxa /usr/lib/ocaml/cmdliner/cmdliner.cmxa 
/usr/lib/ocaml/logs/logs_cli.cmxa 
cohttp-lwt-unix/bin/.cohttp_curl_lwt.eobjs/native/dune__exe.cmx 
cohttp-lwt-unix/bin/.cohttp_curl_lwt.eobjs/native/dune__exe__Cohttp_curl_lwt.cmx)
| /usr/bin/ld: /usr/lib/ocaml/ssl/libssl_stubs.a(ssl_stubs.o): in function 
`ocaml_ssl_get_certificate':
| (.text+0x1c91): undefined reference to `SSL_get_peer_certificate'
| collect2: error: ld returned 1 exit status
| File "caml_startup", line 1:
| Error: Error during linking (exit code 1)
| ocamlopt cohttp-lwt-unix/bin/cohttp_proxy_lwt.exe (exit 2)
| (cd _build/default && /usr/bin/ocamlopt.opt -w -40 -g -o 
cohttp-lwt-unix/bin/cohttp_proxy_lwt.exe /usr/lib/ocaml/fmt/fmt.cmxa 
/usr/lib/ocaml/logs/logs.cmxa /usr/lib/ocaml/result/result.cmxa 
/usr/lib/ocaml/lwt/lwt.cmxa /usr/lib/ocaml/logs/logs_lwt.cmxa 
/usr/lib/ocaml/unix.cmxa -I /usr/lib/ocaml /usr/lib/ocaml/bigarray.cmxa -I 
/usr/lib/ocaml /usr/lib/ocaml/sexplib0/sexplib0.cmxa 
/usr/lib/ocaml/base/caml/caml.cmxa /usr/lib/ocaml/parsexp/parsexp.cmxa 
/usr/lib/ocaml/sexplib/sexplib.cmxa /usr/lib/ocaml/macaddr/macaddr.cmxa 
/usr/lib/ocaml/domain-name/domain_name.cmxa /usr/lib/ocaml/ipaddr/ipaddr.cmxa 
/usr/lib/ocaml/ppx_sexp_conv/runtime-lib/ppx_sexp_conv_lib.cmxa 
/usr/lib/ocaml/ipaddr-sexp/ipaddr_sexp.cmxa 
/usr/lib/ocaml/stringext/stringext.cmxa 
/usr/lib/ocaml/bigarray-compat/bigarray_compat.cmxa 
/usr/lib/ocaml/bigstringaf/bigstringaf.cmxa -I /usr/lib/ocaml/bigstringaf 
/usr/lib/ocaml/angstrom/angstrom.cmxa /usr/lib/ocaml/uri/uri.cmxa 
/usr/lib/ocaml/astring/astring.cmxa /usr/lib/ocaml/conduit/conduit.cmxa 
/usr/lib/ocaml/conduit-lwt/conduit_lwt.cmxa 
/usr/lib/ocaml/magic-mime/magic_mime_library.cmxa /usr/lib/ocaml/mmap/mmap.cmxa 
/usr/lib/ocaml/ocplib-endian/ocplib_endian.cmxa 
/usr/lib/ocaml/ocplib-endian/bigstring/ocplib_endian_bigstring.cmxa 
/usr/lib/ocaml/threads/threads.cmxa -I /usr/lib/ocaml 
/usr/lib/ocaml/lwt/unix/lwt_unix.cmxa -I /usr/lib/ocaml/lwt/unix 
/usr/lib/ocaml/uri/services/uri_services.cmxa 
/usr/lib/ocaml/ipaddr/unix/ipaddr_unix.cmxa /usr/lib/ocaml/ssl/ssl.cmxa -I 
/usr/lib/ocaml/ssl /usr/lib/ocaml/lwt_ssl/lwt_ssl.cmxa 
/usr/lib/ocaml/conduit-lwt-unix/conduit_lwt_unix.cmxa /usr/lib/ocaml/re/re.cmxa 
/usr/lib/ocaml/uri-sexp/uri_sexp.cmxa /usr/lib/ocaml/base64/base64.cmxa 
/<>/_tmp/usr/lib/ocaml/cohttp/cohttp.cmxa 
/<>/_tmp/usr/lib/ocaml/cohttp-lwt/cohttp_lwt.cmxa 
/usr/lib/ocaml/logs/logs_fmt.cmxa cohttp-lwt-unix/src/cohttp_lwt_unix.cmxa 
cohttp_server/cohttp_server.cmxa /usr/lib/ocaml/cmdliner/cmdliner.cmxa 
/usr/lib/ocaml/logs/logs_cli.cmxa 
cohttp-lwt-unix/bin/.cohttp_curl_lwt.eobjs/native/dune__exe.cmx

Bug#860311: simple-scan produces a log file with no size limit

Hello,

I close this bug after some hints from[1][2].

CU
Jörg


[1] https://gitlab.gnome.org/GNOME/simple-scan/-/issues/249
[2] https://valadoc.org/glib-2.0/GLib.FileStream.open.html
-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D


Jörg Frings-Fürst
D-54470 Lieser

git:  https://jff.email/cgit/


Threema: SYR8SJXB
Skype: joergpenguin
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#1006119: uwsgi: FTBFS with ruby3.0 as default

2022-02-26 Thread Antonio Terceiro

On Sun, Feb 20, 2022 at 03:26:42PM -0300, Antonio Terceiro wrote:
> Control: tag -1 + patch
> 
> On Sat, 19 Feb 2022 14:19:46 +0100 Paul Gevers  wrote:
> > Source: uwsgi
> > Version: 2.0.20-2
> > Severity: serious
> > Tags: ftbfs
> > Justification: FTBFS
> > Control: block -1 by 1004915
> > 
> > Dear maintainer,
> > 
> > I tried to binNMU your package for the ongoing ruby3.0 as default ruby
> > transition. It failed:
> > https://buildd.debian.org/status/package.php?p=uwsgi
> > 
> > Paul
> 
> The attached patch converts the rack plugin to ruby3.0. Please let me
> know if I should just upload it (requires going through NEW due to the
> new bianry package).

Sorry, the patch I attached originall is obviously bogus, I typed
"echo" instead of "debdiff" when creating applied it. I'm attaching the
correct patch now (which I just uploaded, since this is blocking the
ruby3.0 transition).
diff -Nru uwsgi-2.0.20/debian/changelog uwsgi-2.0.20/debian/changelog
--- uwsgi-2.0.20/debian/changelog	2021-10-20 11:15:28.0 -0300
+++ uwsgi-2.0.20/debian/changelog	2022-02-26 12:42:07.0 -0300
@@ -1,3 +1,11 @@
+uwsgi (2.0.20-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Replace uwsgi-plugin-rack-ruby2.7 with uwsgi-plugin-rack-ruby3.0
+(Closes: #1006119)
+
+ -- Antonio Terceiro   Sat, 26 Feb 2022 12:42:07 -0300
+
 uwsgi (2.0.20-2) unstable; urgency=medium
 
   * link againt libyajl
diff -Nru uwsgi-2.0.20/debian/control uwsgi-2.0.20/debian/control
--- uwsgi-2.0.20/debian/control	2021-10-20 11:05:25.0 -0300
+++ uwsgi-2.0.20/debian/control	2022-02-26 12:40:26.0 -0300
@@ -736,7 +736,7 @@
  This package provides Python 3 WSGI plugin for uWSGI
  (linked with Python 3 runtime).
 
-Package: uwsgi-plugin-rack-ruby2.7
+Package: uwsgi-plugin-rack-ruby3.0
 Architecture: any
 Depends:
  uwsgi-core (= ${binary:Version}),


signature.asc
Description: PGP signature

Bug#1006374: graphicsmagick breaks ruby-mini-magick autopkgtest: Failure/Error: expect(subject["EXIF:Flash"]).to eq "0"

2022-02-26 Thread Bob Friesenhahn


On Fri, 25 Feb 2022, László Böszörményi wrote:

This should be it. Is your GM the latest version from Mercurial?


Image: /home/bfriesen/src/minimagick.git/spec/fixtures/exif.jpg
 Exif Version: 0220
 Date Time Original: 2016:11:12 09:17:56
 Flash: 0

Package ruby-mini-magick check tree values: EXIF:Flash,
DateTimeOriginal and ExifVersion. With GM 1.3.37 it succeeds and gets
real values in order 0, a string and 0220 just like in your dump. But
with the mentioned GM commit the results are in order "", nil and nil.
Maybe the GM output or its variable types changed somehow and now
ruby-mini-magick can't parse that? Needs more investigation. I think
tomorrow in the evening (CET) I will arrive back home and will try to
support you with more details.


I believe that the problem is that mini-magick is retrieving EXIF 
attributes in 'ping' mode but the changeset which caused the problem 
only returns the attributes if the image data was read.  The solution 
was just to move some code.


GraphicsMagick changset 16670:90e1c92a709c addresses this issue, and 
the fixes are in the 1.4.020220226 signed snapshot.


That same snapshot also addresses build problems with development 
libxml2 which seems to have removed FTP protocol support.


FYI, the change to the way JPEG embedded profiles are read is due to a 
denial of service concern.  JPEG stores embedded profiles in 
several/many chunks.  The denial of service concern is that a 
reasonably sized JPEG file can be constituted mostly of embedded 
profile chunks with very little compressed image data in each chunk. 
In this case the reader can take a very long time to "read" image 
image due to handling embedded profile chunks as the JPEG file is 
parsed.  The new approach improves the efficiency if there are many 
tiny chunks.


The purpose of 'ping' mode is to avoid expensive operations while 
retrieving basic properties.  In this particular case, the harm would 
already have been done even in 'ping' mode so returning the profiles 
does not incur any additional cost.


Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt

Bug#1006483: ITP: python3-mergedeep -- A deep merge function for Python

2022-02-26 Thread Stephen Kitt

Hi,

On Sat, 26 Feb 2022 08:12:27 +, Edward Betts  wrote:
> * Package name: python3-mergedeep
>   Version : 1.3.4
>   Upstream Author : Travis Clarke
> * URL : https://github.com/clarketm/mergedeep
> * License : MIT
>   Programming Lang: Python
>   Description : A deep merge function for Python

This appears to be the same upstream as Carsten Schoenert’s ITP, 1006479
(filed just an hour before yours!).

Regards,

Stephen


pgpRxerDrkXJT.pgp
Description: OpenPGP digital signature

Bug#1005858: gh,gitsome: File conflict, both ship /usr/bin/gh

2022-02-26 Thread 林上智

Hi, gh package maintainer

Axel Beckert  於 2022年2月16日 週三 下午2:15寫道：

> Package: gh,gitsome
> Severity: serious
> Control: found -1 gitsome/0.8.0+ds-6
> Control: found -1 gh/2.4.0+dfsg1-1
>
> Hi,
>
> installing gh fails for me as follows:
>
> Unpacking gh (2.4.0+dfsg1-1) ...
> dpkg: error processing archive
> /tmp/apt-dpkg-install-DkqFj5/24-gh_2.4.0+dfsg1-1_amd64.deb (--unpack):
>  trying to overwrite '/usr/bin/gh', which is also in package gitsome
> 0.8.0+ds-6
>

According to the Debian policy [1], "the two different packages must not
install programs with different functionality
but with the same filenames. ... If this case happens, one of the programs
must be renamed."

[1] https://www.debian.org/doc/debian-policy/ch-files.html#s-binaries

The "gitsome" has used "gh" since 2017, and thus would you mind renaming
the "gh" in your package to avoid the conflict issue?

I would appreciate it if you could consider my request, and feel free to
let me know if you have another proposal.

Regards,

SZ


>
> -- System Information:
> Debian Release: bookworm/sid
>   APT prefers unstable
>   APT policy: (990, 'unstable'), (600, 'testing'), (500,
> 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1,
> 'experimental-debug'), (1, 'buildd-experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 5.16.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> LSM: AppArmor: enabled
>

Bug#920413: simple-scan: unable to connect to Brother 9020-CDW that worked out of the box a few weeks ago

Hello,

no answer since 6 month. So I close this bug.


CU
Jörg
-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D


Jörg Frings-Fürst
D-54470 Lieser

git:  https://jff.email/cgit/


Threema: SYR8SJXB
Skype: joergpenguin
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#1006511: net-snmp: FTBFS with OpenSSL 3.0

Source: net-snmp
Version: 5.9.1+dfsg-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| transports/snmpTLSBaseDomain.c:59:22: error: static declaration of 
â€˜ERR_get_error_allâ€™ follows non-static declaration
|59 | static unsigned long ERR_get_error_all(const char **file, int *line,
|   |  ^
| In file included from transports/snmpTLSBaseDomain.c:31:
| /usr/include/openssl/err.h:406:15: note: previous declaration of 
â€˜ERR_get_error_allâ€™ with type â€˜long unsigned int(const char **, int *, 
const char **, const char **, int *)â€™
|   406 | unsigned long ERR_get_error_all(const char **file, int *line,
|   |   ^
| transports/snmpTLSBaseDomain.c: In function â€˜ERR_get_error_allâ€™:
| transports/snmpTLSBaseDomain.c:64:5: warning: â€˜ERR_get_error_line_dataâ€™ 
is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|64 | return ERR_get_error_line_data(file, line, data, flags);
|   | ^~
| In file included from transports/snmpTLSBaseDomain.c:31:
| /usr/include/openssl/err.h:413:15: note: declared here
|   413 | unsigned long ERR_get_error_line_data(const char **file, int *line,
|   |   ^~~
| make[3]: *** [Makefile:101: transports/snmpTLSBaseDomain.lo] Error 1
| make[3]: Leaving directory '/<>/snmplib'

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#1006510: myproxy: FTBFS with OpenSSL 3.0

Source: myproxy
Version: 6.2.9-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| make  check-TESTS
| make[3]: Entering directory '/<>'
| make[4]: Entering directory '/<>'
| FAIL: myproxy-test-wrapper
| =
|myproxy 6.2.9: ./test-suite.log
| =
| 
| # TOTAL: 1
| # PASS:  0
| # SKIP:  0
| # XFAIL: 0
| # FAIL:  1
| # XPASS: 0
| # ERROR: 0
| 
| .. contents:: :depth: 2
| 
| FAIL: myproxy-test-wrapper
| ==
| 
| anonymous retrievers allowed
| MyProxy v6.2 Aug 2021 PAM SASL KRB5 LDAP VOMS OCSP
| Attempting to connect to 127.0.0.1:35389 
| Successfully connected to localhost:35389 
| 
| User Cert File: /tmp/x509up_u1005
| User Key File: /tmp/x509up_u1005
| 
| Trusted CA Cert Dir: /tmp/rajSSzhqAe/privcerts.4182428/grid-security
| 
| Output File: /tmp/myproxy-proxy.1005.4186176
| Your identity: /CN=MyProxy Test User
| Creating proxy .+
| +
|  Done
| Proxy Verify OK
| Your proxy is valid until: Tue Feb 15 03:09:22 2022
| Expecting non-standard server DN "/CN=MyProxy Test User" 
| using trusted certificates directory 
/tmp/rajSSzhqAe/privcerts.4182428/grid-security
| Using Proxy file (/tmp/myproxy-proxy.1005.4186176)
| server name: /CN=MyProxy Test User
| checking that server name is acceptable...
| server name matches "/CN=MyProxy Test User"
| authenticated server name is acceptable
| ERROR from myproxy-server:
| Failed to accept credentials.
| Error delegating credentials: server-side error: check server logs
| MyProxy Test 1 (store credential with default name): FAILED
| Skipping remaining tests.
| MyProxy Tests Complete: 0 tests passed, 1 tests failed
| FAIL myproxy-test-wrapper (exit status: 1)
| 
| 
| Testsuite summary for myproxy 6.2.9
| 
| # TOTAL: 1
| # PASS:  0
| # SKIP:  0
| # XFAIL: 0
| # FAIL:  1
| # XPASS: 0
| # ERROR: 0
| 
| See ./test-suite.log
| 
| make[4]: *** [Makefile:1449: test-suite.log] Error 1

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#1006509: moonshot-trust-router: FTBFS with OpenSSL 3.0

Source: moonshot-trust-router
Version: 3.5.4+1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| common/tr_dh.c: In function â€˜tr_dh_newâ€™:
| common/tr_dh.c:82:3: error: â€˜DH_newâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|82 |   return DH_new();
|   |   ^~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:199:27: note: declared here
|   199 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
|   |   ^~
| common/tr_dh.c: In function â€˜tr_create_dh_paramsâ€™:
| common/tr_dh.c:92:3: error: â€˜DH_newâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|92 |   if (NULL == (dh = DH_new()))
|   |   ^~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:199:27: note: declared here
|   199 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
|   |   ^~
| common/tr_dh.c:98:5: error: â€˜DH_freeâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|98 | DH_free(dh);
|   | ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:200:28: note: declared here
|   200 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
|   |^~~
| common/tr_dh.c:109:3: error: â€˜DH_set0_pqgâ€™ is deprecated: Since OpenSSL 
3.0 [-Werror=deprecated-declarations]
|   109 |   DH_set0_pqg(dh, p, q, g);
|   |   ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:255:27: note: declared here
|   255 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, 
BIGNUM *g);
|   |   ^~~
| common/tr_dh.c:110:3: error: â€˜DH_generate_keyâ€™ is deprecated: Since 
OpenSSL 3.0 [-Werror=deprecated-declarations]
|   110 |   DH_generate_key(dh);/* generates the public key */
|   |   ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:223:27: note: declared here
|   223 | OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh);
|   |   ^~~
| common/tr_dh.c:113:5: error: â€˜DH_set0_keyâ€™ is deprecated: Since OpenSSL 
3.0 [-Werror=deprecated-declarations]
|   113 | DH_set0_key(dh, NULL, BN_bin2bn(priv_key, keylen, NULL));
|   | ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:258:27: note: declared here
|   258 | OSSL_DEPRECATEDIN_3_0 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM 
*priv_key);
|   |   ^~~
| common/tr_dh.c:115:3: error: â€˜DH_checkâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   115 |   DH_check(dh, _err);
|   |   ^~~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:220:27: note: declared here
|   220 | OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes);
|   |   ^~~~
| common/tr_dh.c: In function â€˜tr_create_matching_dhâ€™:
| common/tr_dh.c:143:3: error: â€˜DH_newâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   143 |   if (NULL == (dh = DH_new())) {
|   |   ^~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:199:27: note: declared here
|   199 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
|   |   ^~
| common/tr_dh.c:148:3: error: â€˜DH_get0_pqgâ€™ is deprecated: Since OpenSSL 
3.0 [-Werror=deprecated-declarations]
|   148 |   DH_get0_pqg(in_dh, _p, NULL, _g);
|   |   ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:253:28: note: declared here
|   253 | OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p,
|   |^~~
| common/tr_dh.c:150:3: error: â€˜DH_set0_pqgâ€™ is deprecated: Since OpenSSL 
3.0 [-Werror=deprecated-declarations]
|   150 |   if (0 == DH_set0_pqg(dh, BN_dup(in_p), NULL, BN_dup(in_g))) {
|   |   ^~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:255:27: note: declared here
|   255 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, 
BIGNUM *g);
|   |   ^~~
| common/tr_dh.c:151:5: error: â€˜DH_freeâ€™ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   151 | DH_free(dh);
|   | ^~~
| In file included from common/tr_dh.c:35:
| /usr/include/openssl/dh.h:200:28: note: declared here
|   200 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
|   |^~~
| common/tr_dh.c:157:3: error: â€˜DH_generate_keyâ€™ is deprecated: Since 
OpenSSL 3.0 [-Werror=deprecated-declarations]
|   157 |   DH_generate_key(dh);/* generates the public key */
|   |   ^~~
| In file included from common/tr_dh.c:35:
|

Bug#1006508: m2crypto: FTBFS with OpenSSL 3.0

Source: m2crypto
Version: 0.38.0-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| tests/test_authcookie.py ... [  
9%]
| tests/test_bio.py Fatal Python error: Segmentation fault
| 
| Current thread 0x7f810c326b80 (most recent call first):
|   File 
"/<>/.pybuild/cpython3_3.10_m2crypto/build/M2Crypto/BIO.py", line 
61 in read
|   File 
"/<>/.pybuild/cpython3_3.10_m2crypto/build/tests/test_bio.py", 
line 57 in try_algo
|   File 
"/<>/.pybuild/cpython3_3.10_m2crypto/build/tests/test_bio.py", 
line 73 in test_algo
|   File "/usr/lib/python3/dist-packages/parameterized/parameterized.py", line 
533 in standalone_func
|   File "/usr/lib/python3.10/unittest/case.py", line 549 in _callTestMethod
|   File "/usr/lib/python3.10/unittest/case.py", line 591 in run
|   File "/usr/lib/python3.10/unittest/case.py", line 650 in __call__
|   File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 321 in 
runtest
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 162 in 
pytest_runtest_call
|   File "/usr/lib/python3/dist-packages/pluggy/callers.py", line 187 in 
_multicall
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 83 in 
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 92 in 
_hookexec
|   File "/usr/lib/python3/dist-packages/pluggy/hooks.py", line 286 in __call__
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 255 in 

|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 311 in 
from_call
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 254 in 
call_runtest_hook
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 215 in 
call_and_report
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 126 in 
runtestprotocol
|   File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 109 in 
pytest_runtest_protocol
|   File "/usr/lib/python3/dist-packages/pluggy/callers.py", line 187 in 
_multicall
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 83 in 
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 92 in 
_hookexec
|   File "/usr/lib/python3/dist-packages/pluggy/hooks.py", line 286 in __call__
|   File "/usr/lib/python3/dist-packages/_pytest/main.py", line 348 in 
pytest_runtestloop
|   File "/usr/lib/python3/dist-packages/pluggy/callers.py", line 187 in 
_multicall
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 83 in 
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 92 in 
_hookexec
|   File "/usr/lib/python3/dist-packages/pluggy/hooks.py", line 286 in __call__
|   File "/usr/lib/python3/dist-packages/_pytest/main.py", line 323 in _main
|   File "/usr/lib/python3/dist-packages/_pytest/main.py", line 269 in 
wrap_session
|   File "/usr/lib/python3/dist-packages/_pytest/main.py", line 316 in 
pytest_cmdline_main
|   File "/usr/lib/python3/dist-packages/pluggy/callers.py", line 187 in 
_multicall
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 83 in 
|   File "/usr/lib/python3/dist-packages/pluggy/manager.py", line 92 in 
_hookexec
|   File "/usr/lib/python3/dist-packages/pluggy/hooks.py", line 286 in __call__
|   File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 162 
in main
|   File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 185 
in console_main
|   File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 5 in 
|   File "/usr/lib/python3.10/runpy.py", line 86 in _run_code
|   File "/usr/lib/python3.10/runpy.py", line 196 in _run_module_as_main
| 
| Extension modules: _m2crypto, M2Crypto._m2crypto (total: 2)
| Segmentation fault
| E: pybuild pybuild:367: test: plugin distutils failed with: exit code=139: cd 
/<>/.pybuild/cpython3_3.10_m2crypto/build; python3.10 -m pytest 
--ignore tests/test_ssl.py
| I: pybuild base:237: cd 
/<>/.pybuild/cpython3_3.9_m2crypto/build; python3.9 -m pytest 
--ignore tests/test_ssl.py
| = test session starts 
==
| platform linux -- Python 3.9.10, pytest-6.2.5, py-1.10.0, pluggy-0.13.0
| rootdir: /<>
| collected 317 items
| 
| tests/test_aes.py    [  
1%]
| tests/test_asn1.py   [  
3%]
| tests/test_authcookie.py ... [  
9%]
| tests/test_bio.py Fatal Python error: Segmentation fault
| 
| Current thread 0x7f5e13c72b80 (most recent call first):
|   File 
"/<>/.pybuild/cpython3_3.9_m2crypto/build/M2Crypto/BIO.py", line 
61 in read
|   File 
"/<>/.pybuild/cpython3_3.9_m2crypto/build/tests/test_bio.py", line 
57 in try_algo
|   File 
"/<>/.pybuild/cpython3_3.9_m2crypto/build/tests/test_bio.py", line 
73 in

Bug#1006507: mit-scheme: FTBFS with OpenSSL 3.0

Source: mit-scheme
Version: 11.2-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| gcc -DHAVE_CONFIG_H -DMIT_SCHEME 
-DDEFAULT_LIBRARY_PATH=\"/usr/lib/x86_64-linux-gnu/mit-scheme\" -Wdate-time 
-D_FORTIFY_SOURCE=2 -I. -I. -O3 -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -frounding-math 
-fno-builtin-floor -Wall -Wclobbered -Wempty-body -Wignored-qualifiers 
-Wimplicit-fallthrough -Wmissing-field-initializers -Wmissing-parameter-type 
-Wnested-externs -Wold-style-declaration -Woverride-init -Wpointer-arith 
-Wredundant-decls -Wshift-negative-value -Wstrict-prototypes -Wtype-limits 
-Wundef -Wuninitialized -Wwrite-strings -Wno-error=stringop-truncation -Werror 
-o chacha12.o -c chacha12.c
| In file included from chacha12.c:49:
| chacha.i:80:22: error: argument 1 of type â€˜uint8_t *â€™ {aka â€˜unsigned 
char *â€™} declared as a pointer [-Werror=array-parameter=]
|80 | chacha_core(uint8_t *out, const uint8_t *in, const uint8_t *k,
|   | ~^~~
| In file included from chacha.i:34,
|  from chacha12.c:49:
| chacha.h:44:23: note: previously declared as an array â€˜uint8_t[64]â€™ {aka 
â€˜unsigned char[64]â€™}
|44 | voidchacha12_core(uint8_t[chacha_core_OUTPUTBYTES],
|   |   ^~~~
| In file included from chacha12.c:49:
| chacha.i:80:42: error: argument 2 of type â€˜const uint8_t *â€™ {aka â€˜const 
unsigned char *â€™} declared as a pointer [-Werror=array-parameter=]
|80 | chacha_core(uint8_t *out, const uint8_t *in, const uint8_t *k,
|   |   ~~~^~
| In file included from chacha.i:34,
|  from chacha12.c:49:
| chacha.h:45:13: note: previously declared as an array â€˜const uint8_t[16]â€™ 
{aka â€˜const unsigned char[16]â€™}
|45 | const uint8_t[chacha_core_INPUTBYTES],
|   | ^
| In file included from chacha12.c:49:
| chacha.i:80:61: error: argument 3 of type â€˜const uint8_t *â€™ {aka â€˜const 
unsigned char *â€™} declared as a pointer [-Werror=array-parameter=]
|80 | chacha_core(uint8_t *out, const uint8_t *in, const uint8_t *k,
|   |  ~~~^
| In file included from chacha.i:34,
|  from chacha12.c:49:
| chacha.h:46:13: note: previously declared as an array â€˜const uint8_t[32]â€™ 
{aka â€˜const unsigned char[32]â€™}
|46 | const uint8_t[chacha_core_KEYBYTES],
|   | ^~~
| In file included from chacha12.c:49:
| chacha.i:81:20: error: argument 4 of type â€˜const uint8_t *â€™ {aka â€˜const 
unsigned char *â€™} declared as a pointer [-Werror=array-parameter=]
|81 | const uint8_t *c)
|   | ~~~^
| In file included from chacha.i:34,
|  from chacha12.c:49:
| chacha.h:47:13: note: previously declared as an array â€˜const uint8_t[16]â€™ 
{aka â€˜const unsigned char[16]â€™}
|47 | const uint8_t[chacha_core_CONSTBYTES]);
|   | ^
| cc1: all warnings being treated as errors
| make[4]: *** [Makefile:182: chacha12.o] Error 1
| make[4]: Leaving directory '/<>/src/microcode'
| make[3]: *** [Makefile:796: microcode/scheme] Error 2
| make[3]: Leaving directory '/<>/src'
| make[2]: *** [Makefile:699: all] Error 2
| make[2]: Leaving directory '/<>/src'
| dh_auto_build: error: cd src && make -j1 returned exit code 2

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#918198: qbittorrent-nox: Please add the relevant systemd .service file for us that want to run it as a daemon

2022-02-26 Thread Christian Marillat

fixed 918198 4.4.1-3
thanks

On 25 févr. 2022 17:55, bruno zanetti  wrote:

> An easy way to include a systemd service template in the qbittorrent-nox
> package would be adding the option  --enable-systemd to the configure
> command.
>
> This can be accomplished by changing debian/rules as per the attached diff.
>
> IMO the package qbittorrent-nox should indeed provide such a launcher
> because its main use is running in background controlled through the WebUI.
>
> This service template is moreover harmless for users who don't need it
> since it wouldn't be enabled by default.

Fixed for the next upload.

If you want to help me, you can send e-mails to opened bug report and
check if you can closes one.

Christian

Bug#1006506: libzorpll: FTBFS with OpenSSL 3.0

Source: libzorpll
Version: 7.0.4.0-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| checking pkg-config is at least version 0.9.0... yes
| checking for openssl >= 1.1.0 openssl < 1.1.2... no
| configure: error: Cannot find OpenSSL library 1.1.0 <= version < 1.1.2: is 
pkg-config in path?
|   cd debian/build-tree && tail -v -n \+0 config.log
| ==> config.log <==
| This file contains any messages produced by compilers while
| running configure, to aid debugging if configure makes a mistake.
…
| configure:18706: checking for openssl >= 1.1.0 openssl < 1.1.2
| configure:18713: $PKG_CONFIG --exists --print-errors "openssl >= 
$OPENSSL_MIN_VERSION openssl < $OPENSSL_MAX_VERSION"
| Requested 'openssl < 1.1.2' but version of OpenSSL is 3.0.1
| configure:18716: $? = 1
| configure:18730: $PKG_CONFIG --exists --print-errors "openssl >= 
$OPENSSL_MIN_VERSION openssl < $OPENSSL_MAX_VERSION"
| Requested 'openssl < 1.1.2' but version of OpenSSL is 3.0.1
| configure:18733: $? = 1
| configure:18747: result: no
| Requested 'openssl < 1.1.2' but version of OpenSSL is 3.0.1
| configure:18763: error: Cannot find OpenSSL library 1.1.0 <= version < 1.1.2: 
is pkg-config in path?

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#1006505: libsecp256k1: FTBFS with OpenSSL 3.0

Source: libsecp256k1
Version: 0.1~20210825-2
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

|dh_auto_test
|   make -j1 check VERBOSE=1
| make[1]: Entering directory '/<>'
| make  check-TESTS
| make[2]: Entering directory '/<>'
| make[3]: Entering directory '/<>'
| ./build-aux/test-driver: line 112: 3364063 Aborted "$@" >> 
"$log_file" 2>&1
| FAIL: tests
| PASS: exhaustive_tests
| 
|libsecp256k1 0.1: ./test-suite.log
| 
| 
| # TOTAL: 2
| # PASS:  1
| # SKIP:  0
| # XFAIL: 0
| # FAIL:  1
| # XPASS: 0
| # ERROR: 0
| 
| .. contents:: :depth: 2
| 
| FAIL: tests
| ===
| 
| test count = 64
| random seed = a7f0a08ee8e02ae3d0de647dc2d533f1
| Failure 10 on 30 30 02 1b 00 c7 ff ff ff fd ff ff ff ff 8e 5c ff ff f9 f0 00 
00 00 80 15 ef ff ff ff ff ff 02 11 f9 ff ff ff 03 00 00 00 00 f0 ff ff ef ff 
01 e7 00 
| src/tests.c:6015: test condition failed: ret == 0
| FAIL tests (exit status: 134)
| 
| 
| Testsuite summary for libsecp256k1 0.1
| 
| # TOTAL: 2
| # PASS:  1
| # SKIP:  0
| # XFAIL: 0
| # FAIL:  1
| # XPASS: 0
| # ERROR: 0
| 
| See ./test-suite.log
| 
| make[3]: *** [Makefile:1307: test-suite.log] Error 1
| make[3]: Leaving directory '/<>'
| make[2]: *** [Makefile:1415: check-TESTS] Error 2
| make[2]: Leaving directory '/<>'

For more information see:
https://www.openssl.org/docs/man3.0/man7/migration_guide.html

Sebastian

Bug#880708: [qbittorrent] debian built wrong according to upstream.

2022-02-26 Thread Christian Marillat

close 880708
fixed 880708 2.0.4
thanks

Hi,

As qbittorrent is now build against libtorrent-rasterbar-dev 2.0,
I close this bug.

Christian

Bug#880708: [qbittorrent] debian built wrong according to upstream.

2022-02-26 Thread Christian Marillat

close 880708
fixed 880708 4.4.1-2
thanks

Hi,

As qbittorrent is now build against libtorrent-rasterbar-dev 2.0,
I close this bug.

Fixed in 4.4.1-2 not 2.0.4

Christian

Bug#1006504: bullseye-pu: package bash/5.1-6~deb11u1

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: car...@debian.org,d...@debian.org

Hi Stable Release Managers,

[X-Debbugs-CC'ed as well Matthias so he can veto or ack from his
maintainer point of view].

There was a request in #1003012 to fix an issue in bash corrupting
multibyte characters in command substitutions.

While looking at it I'm proposing here instead of only picking the 014
patch, to pick up all the changes done since from the bullseye release
on top and so proposing a rebuilding of 5.1-6 which was expoed in
testing for awhile now. Only change reverted would be the bump of
standards version but still including the drop of the pre-wheezy
preinst for the "dash-as-sh"-transition.

Attached is the resulting debdiff as proposed with the rebuild.

Matthias, Stable release managers what do you think on the update?

Regards,
Salvatore


bash_5.1-6~deb11u1.debdiff.xz
Description: application/xz

Bug#1006415: FTBFS with capnproto 0.9.1

2022-02-26 Thread Dirk Eddelbuettel



On 25 February 2022 at 18:39, Tom Lee wrote:
| So the tiledb upstream sources include *pre-generated *capnproto sources
| that were generated using 0.8.0. The *update-serialization* target will

Indeed! I forgot about that. TileDB has a habit of (strongly) enforcing
third-party dependencies, that conflicts somewhat with Debian best practices
but is driven from cross-platform cross-OS multilanguage uses.  Hard to fully
change.

| regenerate those sources for us using whatever version of capnproto is
| installed but that target doesn't run by default. So here I'm making
| *update-serialization* a dependency of tiledb_shared and tiledb_static to
| ensure it runs.

Very clever idea. I like it.

| It could also be achieved by modifying debian/rules to invoke the
| *update-serialization
| *target before running the main build if you'd prefer that, I was just
| trying to come up with something that upstream might be interested in to
| make future upgrades more straightforward for us.

The serialization format is quite important for TileDB as it governs the
interchange one _can_ do from our (Open Source, MIT licensed) TileDB library
and apps to the (not Open Source) TileDB Cloud service. That is conceivably a
key a feature for TileDB ("the company") though of course not a strict
functional requirement for the open source package. I also think CapnProto
might be reliably forward-compatible so I am interested in testing this with
0.9.1.  Whether or not I get my colleagues to take such a patch "in the short
to medium term".

| Why a second variable TILEDB_UPDATE_SERIALIZATION?  To cover the 'yes well
| > it
| > is 0.8.0 but you will live' case from allowing 0.9.1 in the new interval
| > spec
| > '++set(TILEDB_CAPNPROTO_VERSION 0.8.0...0.9.1)' ?
| >
| 
| Again, by default *update-serialization *won't run so this option forces it
| to run by adding it as a dependency of tiledb_shared/tiledb_static.

Yup.

| Now, back to the patch: if it's not clear, the patch I sent you is
| something to be applied to the whole source repo, not something added to
| the quilt series. It's a patch that includes a patch, if you like. :)
| Should apply cleanly against 2.6.2-2 with *patch -p1
| = 0.8.0) *to the Build-Depends in debian/control

Yep

| 2. Set TILEDB_CAPNPROTO_VERSION to 0.8.0...0.9.1 (either directly in the
| configure step or via the cmake foo in my patch)

Yep

| 3. Invoke the *update-serialization* cmake target before building shared
| libraries (either right before the build step or via the cmake foo in my
| patch)

Yep

| You can skip the TILEDB_UPDATE_SERIALIZATION stuff if it's getting in the
| way.

Let me stash / save debian/changelog etc and try again in a bit.

Best,  Dirk

-- 
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#944770: mailgraph: please add documentation for use with Exim

Hello,

thank you for spending your time helping to make Debian better with
this bug report. 

Mailgraph can be applied to any log file using the -l option. This is
also documented in the man page and via --help option. 

So I close this bug.

CU
Jörg


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D


Jörg Frings-Fürst
D-54470 Lieser

git:  https://jff.email/cgit/


Threema: SYR8SJXB
Skype: joergpenguin
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



Am Freitag, dem 15.11.2019 um 12:00 +1100 schrieb Hamish Moffatt:
> Package: mailgraph
> Version: 1.14-15
> Severity: wishlist
> 
> mailgraph's description claims it supports Exim, but there's nothing
> in
> the documentation about how to use this.
> 
> Further, exim does not log to syslog by default and there's nothing
> in
> the stock configuration files to enable it (although it is possible
> according to
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html
> ).
> 
> Can you please add something to README.Debian indicating that exim
> needs
> to be reconfigured in order to make mailgraph useful?
> 
> 
> 
> thanks,
> Hamish
> 
> 
> -- System Information:
> Debian Release: 9.11
>   APT prefers oldstable-updates
>   APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8),
> LANGUAGE=en_AU.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages mailgraph depends on:
> ii  debconf [debconf-2.0]  1.5.61
> ii  libfile-tail-perl  1.3-2
> ii  librrds-perl   1.6.0-1+b2
> ii  lsb-base   9.20161125
> ii  perl   5.24.1-3+deb9u5
> ii  ucf    3.0036
> 
> Versions of packages mailgraph recommends:
> ii  apache2 [httpd]    2.4.25-3+deb9u9
> ii  exim4  4.89-2+deb9u6
> ii  exim4-daemon-heavy [mail-transport-agent]  4.89-2+deb9u6
> 
> mailgraph suggests no packages.
> 
> -- debconf information:
>   mailgraph/start_on_boot: true
>   mailgraph/mail_log: /var/log/mail.log
>   mailgraph/ignore_localhost: false




signature.asc
Description: This is a digitally signed message part

Bug#1006415: FTBFS with capnproto 0.9.1

2022-02-26 Thread Dirk Eddelbuettel

Hi Tom,

On 25 February 2022 at 13:14, Tom Lee wrote:
| Thanks for giving it a shot. Surprised to hear the patch didn't apply
| cleanly, believe I worked directly from the source pulled via
|
| dget -a http://deb.debian.org/debian/pool/main/t/tiledb/tiledb_2.6.2-2.dsc

Would it be possible for you to work off a git checkout?

I still use the one started by Adam (which I took over) in the debian account:

g...@salsa.debian.org:debian/tiledb.git

| I even had a DD co-maintainer try the patch before I sent it your way so
| not quite sure what I messed up.

"Me neither". But sticking the patch into debian/patches/ lead to dpkg-*
failing.

The patch was also (very weirdly) non-unified. Why?

| In terms of testing, tested by myself and the co-maintainer. I'm not sure
| what to suggest here but I can try regenerating the patch, perhaps I should
| try again using dpkg-source --commit.

Yes please do work off git. Whether or not we use pbuilder (I do, "old"
setup) or not should not matter.

We could also proxy on "clean" environments like a Docker container or AWS
instance. But I want to be sure this works.

| Can't speak to the build failure, perhaps send through your own patch and
| the full build log and I'll take a look.

There is no "own" patch. I just tried to follow your (nice !!) logic of
removing the enforced "exact" match (my colleagues at TileDB at strong
proponents
of pinnning as they are used to building in other environments and your logic of recomputing the capnproto
files (as you kindly explained in the other email). My pbuilder is current to
unstable too.

Dirk

--
https://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#1006502: RFS: mailgraph/1.14-19 -- RRDtool frontend for Mail statistics

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "mailgraph":

   Package name: mailgraph
   Version : 1.14-19
   Upstream Author : David Schweikert 
   URL : https://mailgraph.schweikert.ch
   License : GPL-2
   Vcs : https://jff.email/cgit/mailgraph.git
   Section : admin

It builds those binary packages:

  mailgraph - RRDtool frontend for Mail statistics

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/mailgraph/

Alternatively, one can download the package with dget using this
command:

  dget -x 
https://mentors.debian.net/debian/pool/main/m/mailgraph/mailgraph_1.14-19.dsc

or from 

 git https://jff.email/cgit/mailgraph.git?h=release%2Fdebian%2F1.14-19

Changes since the last upload:

 mailgraph (1.14-19) unstable; urgency=medium
 .
   * Remove debian/patches/110_mailgraph.cgi.patch (Closes: #1003093).
 Thanks to Vincent Lefevre .
   * debian/copyright:
 - Add year 2022 to myself.


CU
Jörg

-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D


Jörg Frings-Fürst
D-54470 Lieser

git:  https://jff.email/cgit/


Threema: SYR8SJXB
Skype: joergpenguin
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#1006503: RFS: sane-backends/1.1.1-4 -- API library for scanners

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "sane-backends":

   Package name: sane-backends
   Version : 1.1.1-4
   Upstream Author : 
   URL : http://www.sane-project.org
   License : GFDL-1.1, Artistic, LGPL-2.1+, GPL-2, GPL-2+ with 
 sane exception, GPL-2+, GPL-3+
   Vcs : https://jff.email/cgit/sane-backends.git
   Section : graphics

It builds those binary packages:

  sane-utils - API library for scanners -- utilities
  libsane-common - API library for scanners -- documentation and support files
  libsane1 - API library for scanners
  libsane-dev - API development library for scanners [development files]
  libsane - API library for scanners [transitional package]

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/sane-backends/

Alternatively, one can download the package with dget using this
command:

 dget -x 
https://mentors.debian.net/debian/pool/main/s/sane-backends/sane-backends_1.1.1-4.dsc

or from 

 git https://jff.email/cgit/sane-backends.git/?h=release%2Fdebian%2F1.1.1-4


Changes since the last upload:

 sane-backends (1.1.1-4) unstable; urgency=medium
 .
   * debian/sane-utils.preinst: Remove man file only on update.


CU
Jörg

-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key: 8CA1D25D


Jörg Frings-Fürst
D-54470 Lieser

git:  https://jff.email/cgit/


Threema: SYR8SJXB
Skype: joergpenguin
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.



signature.asc
Description: This is a digitally signed message part

Bug#1006501: ITP: snpsift -- tool to annotate and manipulate genome variants

2022-02-26 Thread Pierre Gruet

Package: wnpp
Severity: wishlist
Owner: Debian-med team 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: snpsift
  Version : 5.1
  Upstream Author : Pablo Cingolani 
* URL : https://pcingola.github.io/SnpEff/ss_introduction/
* License : Expat
  Programming Lang: Java
  Description : tool to annotate and manipulate genome variants

SnpSift is a toolbox that allows one to filter and manipulate annotated files.
Once the genomic variants have been annotated, one needs to filter them out in
order to find the "interesting / relevant variants". Given the large data
files, this is not a trivial task (e.g. one cannot load all the variants into
XLS spreadsheet). SnpSift helps to perform this VCF file manipulation and
filtering required at this stage in data processing pipelines.

The package will be team-maintained by Debian-med team.

Bug#974986: sasl2-bin: Include upstream PAM_RHOST patch


Control: tags -1 wontfix

The patch was not included in the latest release 2.1.28, so I am not including it in Debian's 
version. Please wait for a 2.2 release which will probably contain this.

Bug#1003332: Proposed webpack5 compatible patch for node-es6-promise.

2022-02-26 Thread Caleb A.

Noted.

Thanks for the feedback!

On Sat, 26 Feb 2022 at 09:48, Jonas Smedegaard  wrote:

> Hi Caleb,
>
> Quoting Caleb Adepitan (2022-02-26 00:58:46)
> > I just updated my fork of node-es6-promise which was reported to fail
> > build with webpack5 earlier.
>
> Thanks for bringing my attention to this bugreport.
>
> I guess you did so because I was the last one to work on that package.
>
> I am however not really involved in maintaining that package - I only
> did a minimal change as a "team maintenance" which sort-of means a
> fly-by change within the team.
>
> Although my concrete change involved terser which I notice that your
> changes also affect, I really have no special knowledge on how
> es6-promise should or should not use terser: All I did was to rename the
> call to the terser executable.
>
> I recommend that you try reach out to the package maintainer - Julien
> Puydt  - whom I assume has the most intimate
> knowledge on the packaging setup of this package.
>
> Now that I am looking anyway, I do notice that upstream does _not_ use
> terser but uglify-js (via broccoli-uglify-js).
>
> Also, upstream seemingly does not use webpack either, but rollup (via
> broccoli-rollup).
>
> You might consider looking into _simplifying_ packaging by using rollup
> and uglify-js (but without the broccoli wrappers which are not in
> Debian).  My point is that maybe *not* using webpack here is a more
> sensible way to help migration to webpack5 than to continue deviate from
> upstream build approach.  Just make sure to coordinate such change with
> the maintainer, since that is (from the maintenance point of view) a
> more radical change.
>
>
> Kind regards,
>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private

Bug#1006184: [Debichem-devel] Bug#1006184:

2022-02-26 Thread Michael Banck

Hi,

On Sat, Feb 26, 2022 at 11:20:38AM +0100, Aritz Erkiaga wrote:
> I believe this is incorrect. Those two commits only close #1005006, while
> #1006184 is closed by the single commit linked in this bug report. All
> *three* commits have been merged into upstream, fixing both bugs. For
> clarification, I'll link the *missing* patch (which does close this bug)
> here.
> 
> Fix for #1006184:
> https://github.com/OpenChemistry/avogadrolibs/commit/c47d00c821ba77ea2b13aaa933cfc922f1980469

Ok, I've added this commit to the patch and uploaded another revision,
thanks for the notice; as it was a bit older I didn't see it immediately
in the avogadrolibs git commit history.


Michael

Bug#791814: Info received (sasl2-bin: fails to start saslauthd)


On Wed, 24 Nov 2021 15:55:04 + Nigel Horne wrote:

I changed the MECHANISMS from pam to getpwent and now saslauthd starts and
stays running. So that's an improvement.  However it still doesn't send email
from my phone which claims "no password provided for $address" which is a lie
and since it's sasl that changed not my phone, I continue to suspect the
sasl2 update broke sendmail.


I guess you were experiencing #1003355. This is solved with revision 
2.1.27+dfsg2-3.

Bug#1006500: Missing bnx2x firmware 7.13.21.0 renders NIC unusable with Linux 5.16

2022-02-26 Thread Etienne Dechamps

Package: firmware-bnx2x
Version: 20210818-1
Severity: grave

On Linux 5.16, the bnx2x module requests firmware 7.13.21.0:

# modinfo bnx2x
filename:
/lib/modules/5.16.0-2-amd64/kernel/drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko
firmware:   bnx2x/bnx2x-e2-7.13.21.0.fw
firmware:   bnx2x/bnx2x-e1h-7.13.21.0.fw
firmware:   bnx2x/bnx2x-e1-7.13.21.0.fw

This firmware is not present in the firmware-bnx2x package.

Now, my understanding is that the bnx2x module can fall back to an
earlier version (7.13.15.0) as needed, but in practice that might not
actually help, because update-initramfs only looks for the firmware
version from the module information and doesn't include any other
version:

# update-initramfs -u
W: Possible missing firmware /lib/firmware/bnx2x/bnx2x-e2-7.13.21.0.fw
for module bnx2x
W: Possible missing firmware
/lib/firmware/bnx2x/bnx2x-e1h-7.13.21.0.fw for module bnx2x
W: Possible missing firmware /lib/firmware/bnx2x/bnx2x-e1-7.13.21.0.fw
for module bnx2x

Since no firmware is included in the initramfs, the bnx2x module
unsurprisingly fails to initialize on boot:

kernel: bnx2x :02:00.1: firmware: failed to load
bnx2x/bnx2x-e2-7.13.21.0.fw (-2)
kernel: bnx2x :02:00.1: Direct firmware load for
bnx2x/bnx2x-e2-7.13.21.0.fw failed with error -2
kernel: bnx2x :02:00.1: firmware: failed to load
bnx2x/bnx2x-e2-7.13.15.0.fw (-2)
kernel: bnx2x :02:00.1: Direct firmware load for
bnx2x/bnx2x-e2-7.13.15.0.fw failed with error -2

Adding insult to injury, it doesn't look like it's possible to recover
from this state - as far as I could tell, once bnx2x fails to
initialize, it's game over until the next reboot, even if the module
is unloaded and reloaded, and even if the PCI device is removed and
rescanned.

This basically means that, when booting current Debian Unstable with
Linux 5.16, bnx2x NICs become *permanently unusable*, potentially
locking users and admins out of the system.

My suggested short-term fix would be to update the firmware-bnx2x
package to include the 7.13.21.0 firmware version. There's also a
discussion to be had with regard to update-initramfs, which should
perhaps try harder to find potentially compatible firmware versions -
indeed, if update-initramfs had included 7.13.15.0, I believe this
issue would have been avoided.

For those affected, here's the workaround I used:

1. Manually download the 7.13.21.0 firmware files from
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/bnx2x
2. Put the files in /lib/firmware/bnx2x
3. Run update-initramfs -u
4. Reboot

Bug#1006499: sshfs-fuse: Package clean-up validation fails

2022-02-26 Thread Peter Wienemann

Source: sshfs-fuse
Version: 3.7.1+repack-2
Severity: normal

Hi,

trying to rebuild sshfs-fuse including a package clean-up validation
as described in [0], I obtain the following pre-build post-build diff:

diff /tmp/file-list.pre-build /tmp/file-list.post-build
---

43c43
< /<>/test directory 260
---
> /<>/test directory 300
44a45,56
> /<>/test/.pytest_cache directory 120
> /<>/test/.pytest_cache/.gitignore regular file 37 
> 3ed731b65d06150c138e2dadb0be0697550888a6b47eb8c45ecc9adba8b8e9bd
> /<>/test/.pytest_cache/CACHEDIR.TAG regular file 194 
> ffacb1561d9688b9d9b5e06f3ffa10814a03c2a6f892d7bea3e7fef62599eb23
> /<>/test/.pytest_cache/README.md regular file 295 
> 27a7071ba39c9ef4054eaf99bc59e3f0aa328a62166f426e6549ef923ade7533
> /<>/test/.pytest_cache/v directory 60
> /<>/test/.pytest_cache/v/cache directory 80
> /<>/test/.pytest_cache/v/cache/nodeids regular file 810 
> 864895f6c02636aa7eefcaf0dc06a13ce07f612f79d7802adf6e8dc3ea1c2353
> /<>/test/.pytest_cache/v/cache/stepwise regular file 2 
> 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
> /<>/test/__pycache__ directory 100
> /<>/test/__pycache__/conftest.cpython-39-pytest-6.2.5.pyc 
> regular file 2886 
> 331ef1aa4660614df6f4780e423d6148f1ec5ab776ca778634a2ad6ff90063af
> /<>/test/__pycache__/test_sshfs.cpython-39-pytest-6.2.5.pyc 
> regular file 32510 
> 9395f19862e5adfcdaa0ffdfd66e9669b18f6635962ee0fbbc83df215214f99e
> /<>/test/__pycache__/util.cpython-39.pyc regular file 3224 
> 233b0498f1877dfe7d3c2dcccd2ad04696788e8bac03bf523c70283ee5c5f045

E: Command 'diff /tmp/file-list.pre-build /tmp/file-list.post-build' failed to 
run.

Best regards,

Peter

[0] https://wiki.debian.org/sbuild#Validate_package_cleanup

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#731954: Patch for crypted passwords in db

Control: forwarded -1 https://github.com/cyrusimap/cyrus-sasl/issues/141

On Mon, 9 Nov 2015 11:24:18 -0600 Dan White  wrote:

On 11/09/15 19:29 +0300, Max Kosmach wrote:
>Hi
>
>I have found patch for earlier version of cyrus-sasl that adds an ability to 
use encrypted passwords in db.
>Patch uses unix crypt().
>
>http://pieps.org/cyrus/dist/2.1.19/cyrus-sasl-2.1.19-checkpw.c.patch
>
>Would You please apply this or similar patch to cyrus sasl debian package?

There is a partially implemented, and undocumented 'pwcheck_method:
auxprop-hashed' feature in the code. I believe it supports both sql and
sasldb auxprop backends but not ldapdb.

See git commit 62ce0768aa375cf0d16102570970b232dcb1cb28

This feature was disabled in the latest version because it is undocumented and 
apparently insecure.

Please follow along about crypt() support on the upstream bug.

Bug#1006498: nano: Compile with --enable-multibuffer

2022-02-26 Thread Jari Aalto

Package: nano
Version: 6.2-1
Severity: normal

Please compile with --enable-multibuffer to enable M-f multibuffer
support in the editor.

-

nano -V

GNU nano, version 6.2
(C) 1999-2011, 2013-2022 Free Software Foundation, Inc.
(C) 2014-2022 the contributors to nano
Compiled options: --disable-libmagic --enable-utf8

-

https://www.nano-editor.org/dist/v2.3/faq.html#3.7

3.7. Tell me more about this multibuffer stuff!

To use multiple file buffers, you must be using nano 1.1.0 or newer,
and you must not have configured it with --disable-multibuffer nor
with --enable-tiny (use nano -V to check the compilation
options). Then when you want to insert a file into its own buffer
instead of into the current file, just hit Meta-F, then insert the
file as normal with ^R. If you always want files to be loaded into
their own buffers, use the --multibuffer or -F flag when you invoke
nano.

You can move between the buffers you have open with the Meta-< and
Meta-> keys, or more easily with Meta-, and Meta-. (clear as mud,
right? =-). When you have more than one file buffer open, the ^X
shortcut will say "Close", instead of the normal "Exit" when only one
buffer is open.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nano depends on:
ii  libc6 2.33-5
ii  libncursesw6  6.3-2
ii  libtinfo6 6.3-2

nano recommends no packages.

Versions of packages nano suggests:
pn  hunspell  

-- no debconf information

Bug#1006497: RFS: streamlink/3.1.1-1~bpo11+1 -- CLI for extracting video streams from various websites to a video player

2022-02-26 Thread Alexis Murzeau

Package: sponsorship-requests
Severity: wishlist
X-Debbugs-CC: debian-backpo...@lists.debian.org

Dear mentors,

I am looking for a sponsor for my package "streamlink" into Debian
bullseye-backports repository.

 * Package name: streamlink
   Version : 3.1.1-1~bpo11+1
   Upstream Author : Streamlink Team
 * URL : https://streamlink.github.io/
 * License : BSD-2-clause, Apache-2.0, MIT/Expat, SIL-OFL-1.1
   Section : python

It builds those binary packages:

  python3-streamlink - Python module for extracting video streams from various 
websites
  python3-streamlink-doc - CLI for extracting video streams from various 
websites (documentation)
  streamlink - CLI for extracting video streams from various websites to a 
video player

To access further information about this package, please visit the
following URL:
  https://mentors.debian.net/package/streamlink


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/s/streamlink/streamlink_3.1.1-1~bpo11+1.dsc


Differences from testing package (3.1.1-1):
  * None

Regards,
-- 
Alexis Murzeau
PGP: B7E6 0EBB 9293 7B06 BDBC  2787 E7BD 1904 F480 937F







signature.asc
Description: OpenPGP digital signature

Bug#1006496: hurd: transfer options from d-i to installed system

2022-02-26 Thread Samuel Thibault

Source: grub2
Version: 2.06-2
Severity: normal
Tags: patch

Hello,

It is useful for people to see the Linux kernel options they pass to d-i
to be propagated to the installed system, e.g. for serial console setup,
disk probing etc. We would like to have this propagation performed for
hurd as well, the attach patch implements this.

(I have already made the d-i grub-installer package preseed
grub2/gnumach_cmdline)

Samuel
--- config.in.original  2022-02-24 22:43:14.0 +
+++ config.in   2022-02-24 22:46:16.0 +
@@ -58,6 +58,9 @@
 if [ "${GRUB_CMDLINE_LINUX_DEFAULT+set}" = set ]; then
   db_set grub2/linux_cmdline_default "$GRUB_CMDLINE_LINUX_DEFAULT"
 fi
+if [ "${GRUB_CMDLINE_GNUMACH+set}" = set ]; then
+  db_set grub2/gnumach_cmdline "$GRUB_CMDLINE_GNUMACH"
+fi
 
 case @PACKAGE@ in
   grub-pc)
@@ -72,8 +75,16 @@
   ;;
 esac
 
-db_input ${priority} grub2/linux_cmdline || true
-db_input medium grub2/linux_cmdline_default || true
+case `dpkg --print-architecture` in
+  hurd-*)
+db_input medium grub2/gnumach_cmdline || true
+  ;;
+  *)
+db_input ${priority} grub2/linux_cmdline || true
+db_input medium grub2/linux_cmdline_default || true
+  ;;
+esac
+
 case @PACKAGE@ in
   grub-*efi*)
 db_input low grub2/force_efi_extra_removable || true
--- postinst.in.original2022-02-24 22:44:15.0 +
+++ postinst.in 2022-02-24 22:44:23.0 +
@@ -392,6 +392,7 @@
 
 apply_conf_tweaks "$conf_files" merge_debconf_into_conf GRUB_CMDLINE_LINUX 
grub2/linux_cmdline
 apply_conf_tweaks "$conf_files" merge_debconf_into_conf 
GRUB_CMDLINE_LINUX_DEFAULT grub2/linux_cmdline_default
+apply_conf_tweaks "$conf_files" merge_debconf_into_conf 
GRUB_CMDLINE_GNUMACH grub2/gnumach_cmdline
 
 case @PACKAGE@ in
   grub-pc)
--- templates.in.original   2022-02-24 22:46:36.0 +
+++ templates.in2022-02-24 22:47:12.0 +
@@ -12,6 +12,13 @@
  The following string will be used as Linux parameters for the default menu
  entry but not for the recovery mode.
 
+Template: grub2/gnumach_cmdline
+Type: string
+_Description: GNU Mach command line:
+ The following GNU Mach command line was extracted from /etc/default/grub.
+ Please verify that it is correct, and modify it if necessary. The command line
+ is allowed to be empty.
+
 Template: grub2/force_efi_extra_removable
 Type: boolean
 Default: false
--- default/grub.original   2022-02-26 11:56:38.0 +
+++ default/grub2022-02-24 22:43:55.0 +
@@ -8,6 +8,7 @@
 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
 GRUB_CMDLINE_LINUX_DEFAULT="@DEFAULT_CMDLINE@"
 GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_GNUMACH=""
 
 # Uncomment to enable BadRAM filtering, modify to suit your needs
 # This works with Linux (no patch required) and with any kernel that obtains

Bug#1006495: hurd: Add probing for wd disks

2022-02-26 Thread Samuel Thibault

Package: grub-common
Version: 2.06-2
Severity: important
Tags: patch

Hello,

The Hurd is moving to rump-based disk drivers, which are named wd*. We
thus need grub2 to probe for them so as to propose them for installing
grub. The attached patch implements this.

Samuel
TODO: Submit to Debian

Index: grub2-2.06/util/deviceiter.c
===
--- grub2-2.06.orig/util/deviceiter.c
+++ grub2-2.06/util/deviceiter.c
@@ -392,6 +392,14 @@ get_fio_disk_name (char *name, int unit)
 }
 #endif
 
+#ifdef __GNU__
+static void
+get_rump_disk_name (char *name, int unit)
+{
+  sprintf (name, "/dev/wd%d", unit);
+}
+#endif
+
 static struct seen_device
 {
   struct seen_device *next;
@@ -1041,6 +1049,21 @@ dmraid_end:
 # endif /* HAVE_DEVICE_MAPPER */
 #endif /* __linux__ */
 
+#ifdef __GNU__
+  /* Rump-supported disks.  */
+  for (i = 0; i < 96; i++)
+{
+  char name[16];
+
+  get_rump_disk_name (name, i);
+  if (check_device_readable_unique (name))
+   {
+ if (hook (name, 0, hook_data))
+   goto out;
+   }
+}
+#endif /* __GNU__ */
+
 out:
   clear_seen_devices ();
 }

Bug#798677: sasl2-bin: include LDAP_SASLAUTHD file in the package


Control: retitle -1 sasl2-bin: include LDAP_SASLAUTHD file in the main package, 
not -doc
Control: tags -1 wontfix

On Thu, 13 Apr 2017 09:08:28 -0400 David Magda  wrote:

Any news on this bug? I know that "cyrus-sasl2-doc" exists:

 https://packages.debian.org/search?keywords=cyrus-sasl2-doc

and the file/s are in there, but given that the -doc package is "only" 
250KB, perhaps it's easier to just put everything into the -bin package 
and have one less moving part to worry about.


We will keep this as-is. The information is there and one can find it.

Bug#1006493: bullseye-pu: htmldoc/1.9.11-4+deb11u2

2022-02-26 Thread Thorsten Alteholz


Package: release.debian.org
Severity: normal
Tags: bulleye
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for htmldoc fixes CVE-2022-0534 in Bullseye. This
CVE has been marked as uninportant by the security team, yet it is a bug.

  Thorsten
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-11-15 17:13:36.0 +0100
+++ htmldoc-1.9.11/debian/changelog 2022-02-25 22:03:02.0 +0100
@@ -1,3 +1,12 @@
+htmldoc (1.9.11-4+deb11u2) bullseye; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2022-0534
+A crafted GIF file could lead to a stack out-of-bounds read,
+which could result in a crash (segmentation fault).
+
+ -- Thorsten Alteholz   Fri, 25 Feb 2022 22:03:02 +0100
+
 htmldoc (1.9.11-4+deb11u1) bullseye; urgency=medium
 
   * Add patch from upstream to fix CVEs:
diff -Nru htmldoc-1.9.11/debian/patches/CVE-2022-0534-1.patch 
htmldoc-1.9.11/debian/patches/CVE-2022-0534-1.patch
--- htmldoc-1.9.11/debian/patches/CVE-2022-0534-1.patch 1970-01-01 
01:00:00.0 +0100
+++ htmldoc-1.9.11/debian/patches/CVE-2022-0534-1.patch 2022-02-25 
22:03:02.0 +0100
@@ -0,0 +1,38 @@
+commit 776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50
+Author: Michael R Sweet 
+Date:   Fri Jan 7 10:21:58 2022 -0500
+
+Fix potential stack overflow with GIF images (Issue #463)
+
+Index: htmldoc-1.9.11/htmldoc/image.cxx
+===
+--- htmldoc-1.9.11.orig/htmldoc/image.cxx  2022-02-26 01:11:08.773261658 
+0100
 htmldoc-1.9.11/htmldoc/image.cxx   2022-02-26 01:11:08.773261658 +0100
+@@ -213,8 +213,7 @@
+ 
+ if (done)
+ {
+-  progress_error(HD_ERROR_READ_ERROR,
+- "Not enough data left to read GIF compression code.");
++  progress_error(HD_ERROR_READ_ERROR, "Not enough data left to read GIF 
compression code.");
+   return (-1);/* Sorry, no more... */
+ }
+ 
+@@ -238,7 +237,7 @@
+ * Read in another buffer...
+ */
+ 
+-if ((count = gif_get_block (fp, buf + last_byte)) <= 0)
++if ((count = gif_get_block(fp, buf + last_byte)) <= 0)
+ {
+  /*
+   * Whoops, no more data!
+@@ -252,7 +251,7 @@
+ * Update buffer state...
+ */
+ 
+-curbit= (curbit - lastbit) + 8 * last_byte;
++curbit= curbit + 8 * last_byte - lastbit;
+ last_byte += (unsigned)count;
+ lastbit   = last_byte * 8;
+   }
diff -Nru htmldoc-1.9.11/debian/patches/CVE-2022-0534-2.patch 
htmldoc-1.9.11/debian/patches/CVE-2022-0534-2.patch
--- htmldoc-1.9.11/debian/patches/CVE-2022-0534-2.patch 1970-01-01 
01:00:00.0 +0100
+++ htmldoc-1.9.11/debian/patches/CVE-2022-0534-2.patch 2022-02-25 
22:03:02.0 +0100
@@ -0,0 +1,32 @@
+commit 312f0f9c12f26fbe015cd0e6cefa40e4b99017d9
+Author: Michael R Sweet 
+Date:   Fri Jan 7 18:21:53 2022 -0500
+
+Block GIF images with a code size > 12 (Issue #463)
+
+Index: htmldoc-1.9.11/htmldoc/image.cxx
+===
+--- htmldoc-1.9.11.orig/htmldoc/image.cxx  2022-02-26 01:11:13.177259451 
+0100
 htmldoc-1.9.11/htmldoc/image.cxx   2022-02-26 01:11:13.173259454 +0100
+@@ -293,6 +293,12 @@
+   pass  = 0;
+   code_size = (uchar)getc(fp);
+ 
++  if (code_size > 12)
++  {
++progress_error(HD_ERROR_READ_ERROR, "Bad GIF file \"%s\" - invalid code 
size %d.", img->filename, code_size);
++return (-1);
++  }
++
+   if (gif_read_lzw(fp, 1, code_size) < 0)
+ return (-1);
+ 
+@@ -420,7 +426,7 @@
+   if (sp > stack)
+ return (*--sp);
+ 
+-  while ((code = gif_get_code (fp, code_size, 0)) >= 0)
++  while ((code = gif_get_code(fp, code_size, 0)) >= 0)
+   {
+ if (code == clear_code)
+ {
diff -Nru htmldoc-1.9.11/debian/patches/series 
htmldoc-1.9.11/debian/patches/series
--- htmldoc-1.9.11/debian/patches/series2021-11-15 17:13:36.0 
+0100
+++ htmldoc-1.9.11/debian/patches/series2022-02-25 22:03:02.0 
+0100
@@ -14,3 +14,7 @@
 CVE-2021-26948.patch
 CVE-2021-40985.patch
 CVE-2021-43579.patch
+
+CVE-2022-0534-1.patch
+CVE-2022-0534-2.patch
+

Bug#1006494: buster-pu: htmldoc/1.9.3-1+deb10u3

2022-02-26 Thread Thorsten Alteholz


Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for htmldoc fixes CVE-2022-0534, CVE-2021-43579 and 
CVE-2021-40985 in Buster. These CVEs are marked as uninportant by the 
security team, yet they are bugs. CVE-2021-43579 even has the possibility 
of remote code execution.


  Thorsten

diff -Nru htmldoc-1.9.3/debian/changelog htmldoc-1.9.3/debian/changelog
--- htmldoc-1.9.3/debian/changelog  2021-06-07 16:25:54.0 +0200
+++ htmldoc-1.9.3/debian/changelog  2022-02-25 22:03:02.0 +0100
@@ -1,3 +1,19 @@
+htmldoc (1.9.3-1+deb10u3) buster; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2022-0534
+A crafted GIF file could lead to a stack out-of-bounds read,
+which could result in a crash (segmentation fault).
+  * CVE-2021-43579
+Converting an HTML document, which links to a crafted BMP file,
+could lead to a stack-based buffer overflow, which could result
+in remote code execution.
+  * CVE-2021-40985
+A crafted BMP image could lead to a buffer overflow, which could
+cause a denial of service.
+
+ -- Thorsten Alteholz   Fri, 25 Feb 2022 22:03:02 +0100
+
 htmldoc (1.9.3-1+deb10u2) buster-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru htmldoc-1.9.3/debian/patches/CVE-2021-40985.patch 
htmldoc-1.9.3/debian/patches/CVE-2021-40985.patch
--- htmldoc-1.9.3/debian/patches/CVE-2021-40985.patch   1970-01-01 
01:00:00.0 +0100
+++ htmldoc-1.9.3/debian/patches/CVE-2021-40985.patch   2022-02-25 
22:03:02.0 +0100
@@ -0,0 +1,38 @@
+commit f12b9666e582a8e7b70f11b28e5ffc49ad625d43
+Author: Michael R Sweet 
+Date:   Sat Sep 11 18:12:33 2021 -0400
+
+Fix BMP crash bug (Issue #444)
+
+Index: htmldoc-1.9.3/htmldoc/image.cxx
+===
+--- htmldoc-1.9.3.orig/htmldoc/image.cxx   2022-02-26 01:01:53.117543638 
+0100
 htmldoc-1.9.3/htmldoc/image.cxx2022-02-26 01:01:53.117543638 +0100
+@@ -900,6 +900,9 @@
+   colors_used  = (int)read_dword(fp);
+   read_dword(fp);
+ 
++  if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height 
> 8192)
++return (-1);
++
+   if (info_size > 40)
+ for (info_size -= 40; info_size > 0; info_size --)
+   getc(fp);
+@@ -911,7 +914,7 @@
+   fread(colormap, (size_t)colors_used, 4, fp);
+ 
+   // Setup image and buffers...
+-  img->depth  = gray ? 1 : 3;
++  img->depth = gray ? 1 : 3;
+ 
+   // If this image is indexed and we are writing an encrypted PDF file, bump 
the use count so
+   // we create an image object (Acrobat 6 bug workaround)
+@@ -1061,7 +1064,7 @@
+ if (bit == 0xf0)
+   {
+   if (color < 0)
+-  temp = getc(fp);
++  temp = getc(fp) & 255;
+ else
+   temp = color;
+ 
diff -Nru htmldoc-1.9.3/debian/patches/CVE-2021-43579.patch 
htmldoc-1.9.3/debian/patches/CVE-2021-43579.patch
--- htmldoc-1.9.3/debian/patches/CVE-2021-43579.patch   1970-01-01 
01:00:00.0 +0100
+++ htmldoc-1.9.3/debian/patches/CVE-2021-43579.patch   2022-02-25 
22:03:02.0 +0100
@@ -0,0 +1,27 @@
+commit 27d08989a5a567155d506ac870ae7d8cc88fa58b
+Author: Michael R Sweet 
+Date:   Fri Nov 5 09:35:10 2021 -0400
+
+Fix potential BMP stack overflow (Issue #453)
+
+Index: htmldoc-1.9.3/htmldoc/image.cxx
+===
+--- htmldoc-1.9.3.orig/htmldoc/image.cxx   2022-02-26 01:02:38.045520508 
+0100
 htmldoc-1.9.3/htmldoc/image.cxx2022-02-26 01:02:38.045520508 +0100
+@@ -904,12 +904,16 @@
+ return (-1);
+ 
+   if (info_size > 40)
++  {
+ for (info_size -= 40; info_size > 0; info_size --)
+   getc(fp);
++  }
+ 
+   // Get colormap...
+   if (colors_used == 0 && depth <= 8)
+ colors_used = 1 << depth;
++  else if (colors_used > 256)
++return (-1);
+ 
+   fread(colormap, (size_t)colors_used, 4, fp);
+ 
diff -Nru htmldoc-1.9.3/debian/patches/CVE-2022-0534-1.patch 
htmldoc-1.9.3/debian/patches/CVE-2022-0534-1.patch
--- htmldoc-1.9.3/debian/patches/CVE-2022-0534-1.patch  1970-01-01 
01:00:00.0 +0100
+++ htmldoc-1.9.3/debian/patches/CVE-2022-0534-1.patch  2022-02-25 
22:03:02.0 +0100
@@ -0,0 +1,38 @@
+commit 776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50
+Author: Michael R Sweet 
+Date:   Fri Jan 7 10:21:58 2022 -0500
+
+Fix potential stack overflow with GIF images (Issue #463)
+
+Index: htmldoc-1.9.3/htmldoc/image.cxx
+===
+--- htmldoc-1.9.3.orig/htmldoc/image.cxx   2022-02-26 01:03:05.161506575 
+0100
 htmldoc-1.9.3/htmldoc/image.cxx2022-02-26 01:03:05.161506575 +0100
+@@ -213,8 +213,7 @@
+ 
+ if (done)
+ {
+-  progress_error(HD_ERROR_READ_ERROR,
+- "Not enough data left to read GIF compression code.");
++

Bug#709552: libsasl2-2: Insecure mechanisms are prefered while more secure mechanisms are available


Version: 2.1.27+dfsg-1

The bug was fixed with 
https://github.com/cyrusimap/cyrus-sasl/commit/b6396473b1f54954043101d5fd

Bug#1006491: console-setup should depend on debconf-2.0

2022-02-26 Thread Gioele Barabucci




Package: console-setup
Version: 1.207
Tags: patch

Version 1.207 of console-setup and of keyboard-configuration 
hard-(pre-)depend on debconf. This makes transitioning to cdebconf not 
possible.


console-setup and keyboard-configuration should depend on

debconf | debconf-2.0

just like console-setup-mini.

Patch: 
https://salsa.debian.org/installer-team/console-setup/-/merge_requests/11


Regards,

--
Gioele Barabucci

Bug#1006492: cdebconf should not depend on debconf

2022-02-26 Thread Gioele Barabucci


Package: cdebconf
Version: 0.260

In 2007 cdebconf has been "temporarily" made to depend on debconf «to 
avoid anyone breaking their systems by removing debconf, which 
dependencies now allow». [1]


Now, 15 years and various Debian releases later, all packages in the 
base system depend on some variation of `debconf | debconf-2.0`.


This hard-dependence can now be removed.

[1] 
https://salsa.debian.org/installer-team/cdebconf/-/commit/b4dfa070d676917f12f58cc52fe46fe2f4094fc3


Regards

--
Gioele Barabucci

Bug#964947: dhcpcd5: New upstream version available: 9.1.4

On Sat, Feb 26, 2022 at 12:06 PM Martin-Éric Racine
 wrote:
>
> On Sat, Feb 26, 2022 at 11:54 AM Roy Marples  wrote:
> > >> dhcpcd's wpa_supplicant hook was written to solely support hotplugging a 
> > >> USB
> > >> wireless stick into a machine without any kind of hotplug support.
> > >> Since then I have added then -M flag to wpa_supplicant so it can do it 
> > >> by itself.
> > >
> > > Which is a problem. dhcpcd and systemd currently compete for control
> > > of the wireless device. systemd tries to rename it to follow
> > > Predictable Network Interface Names at the same time as dhcpcd tries
> > > to to connect it to a network. It results in configuration failing.
> >
> > Oh please.
> > This issue was 9 solved years ago when I wrote a udev plugin for dhcpcd that
> > forces dhcpcd to only "use" the interface when udev says the name has 
> > settled.
> > https://github.com/NetworkConfiguration/dhcpcd/commit/12bbc8cb5c7507be15a7e0af4140c3d81125c46c
>
> Sure enough, existing Build-Dep inherited from the current packaging
> did not pull libudev-dev. Added. Built and tested. Works well. Thanks
> for pointing that out.

Btw, it would be a good idea for BUILDING.md to mention which
libraries can optionally be used, such as libudev-dev in the above
case.

Ditto for configure to mention the package-specific options such as
where to find and include additional hooks. Right now, it only shows
generic instructions.

Martin-Éric

Bug#1006490: linux-image-5.16.0-1-amd64: hid-playstation.ko is missing

2022-02-26 Thread Vincent Blut

Hi Anton,

Le 2022-02-26 13:21, Anton Shestakov a écrit :
> Package: src:linux
> Version: 5.16.7-2
> Severity: normal
> X-Debbugs-Cc: a...@dwimlabs.net
> 
> Dear Maintainer,
> 
> On linux-image-5.15.0-3-amd64 there's a hid-playstation.ko module that 
> supports
> DualSense (PS5) controller, but it's missing from linux-image-5.16.0-1-amd64:
> 
> # dpkg -L linux-image-5.15.0-3-amd64 | fgrep hid-playstation
> /lib/modules/5.15.0-3-amd64/kernel/drivers/hid/hid-playstation.ko
> # dpkg -L linux-image-5.16.0-1-amd64 | fgrep hid-playstation
> 
> (Also missing from linux-image-5.16.0-2-amd64.)
> 
> Because of this, a different driver is used for the controller (I assume it's
> hid-generic), and so accelerometer/gyro and touchpad are not supported, and 
> the
> buttons/axes are in a strange order.
> 
> After looking at #1006275 and the patch that fixed it, I found that the older
> kernel config file also used to contain CONFIG_HID_PLAYSTATION=m and
> CONFIG_PLAYSTATION_FF=y. Please consider re-enabling these options too.

Indeed, this driver now depends on LEDS_CLASS_MULTICOLOR which is disabled in
our kernel config. I'll fix this!

Cheers,
Vincent


signature.asc
Description: PGP signature

Bug#1004935: connman: CVE-2022-23096 CVE-2022-23097 CVE-2022-23098


As no package maintainer stepped up to fix this, I am NMUing the package with 
the enclosed changes.diff -Nru connman-1.36/debian/changelog connman-1.36/debian/changelog
--- connman-1.36/debian/changelog   2021-10-09 22:49:52.0 +0200
+++ connman-1.36/debian/changelog   2022-02-26 06:06:06.0 +0100
@@ -1,3 +1,14 @@
+connman (1.36-2.4) unstable; urgency=medium
+
+  * d/patches: (Closes: #1004935)
++ 0008-dnsproxy-Validate-input-data-before-using-them.patch: fixes
+  CVE-2022-23096, CVE-2022-23097
++ 0009-dnsproxy-Avoid-100-busy-loop-in-TCP-server-case.patch: fixes
+  CVE-2022-23098
+  * Bump debhelper version from deprecated 11 to 12
+
+ -- Ross Vandegrift   Fri, 25 Feb 2022 21:06:06 -0800
+
 connman (1.36-2.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru connman-1.36/debian/compat connman-1.36/debian/compat
--- connman-1.36/debian/compat  2021-10-09 22:49:52.0 +0200
+++ connman-1.36/debian/compat  1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-11
diff -Nru connman-1.36/debian/control connman-1.36/debian/control
--- connman-1.36/debian/control 2021-10-09 22:49:52.0 +0200
+++ connman-1.36/debian/control 2022-02-26 06:06:06.0 +0100
@@ -3,7 +3,7 @@
 Uploaders: Alf Gaida 
 Section: net
 Priority: optional
-Build-Depends: debhelper (>= 11~),
+Build-Depends: debhelper-compat (= 12),
libudev-dev,
libglib2.0-dev,
libdbus-1-dev,
diff -Nru 
connman-1.36/debian/patches/0008-dnsproxy-Validate-input-data-before-using-them.patch
 
connman-1.36/debian/patches/0008-dnsproxy-Validate-input-data-before-using-them.patch
--- 
connman-1.36/debian/patches/0008-dnsproxy-Validate-input-data-before-using-them.patch
   1970-01-01 01:00:00.0 +0100
+++ 
connman-1.36/debian/patches/0008-dnsproxy-Validate-input-data-before-using-them.patch
   2022-02-26 06:06:06.0 +0100
@@ -0,0 +1,111 @@
+From: Daniel Wagner 
+Date: Tue, 25 Jan 2022 10:00:24 +0100
+Subject: dnsproxy: Validate input data before using them
+
+dnsproxy is not validating various input data. Add a bunch of checks.
+
+Fixes: CVE-2022-23097
+Fixes: CVE-2022-23096
+---
+ src/dnsproxy.c | 32 ++--
+ 1 file changed, 26 insertions(+), 6 deletions(-)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index e297f1f..852fa44 100644
+--- a/src/dnsproxy.c
 b/src/dnsproxy.c
+@@ -1951,6 +1951,12 @@ static int forward_dns_reply(unsigned char *reply, int 
reply_len, int protocol,
+ 
+   if (offset < 0)
+   return offset;
++  if (reply_len < 0)
++  return -EINVAL;
++  if (reply_len < offset + 1)
++  return -EINVAL;
++  if ((size_t)reply_len < sizeof(struct domain_hdr))
++  return -EINVAL;
+ 
+   hdr = (void *)(reply + offset);
+   dns_id = reply[offset] | reply[offset + 1] << 8;
+@@ -1986,23 +1992,31 @@ static int forward_dns_reply(unsigned char *reply, int 
reply_len, int protocol,
+*/
+   if (req->append_domain && ntohs(hdr->qdcount) == 1) {
+   uint16_t domain_len = 0;
+-  uint16_t header_len;
++  uint16_t header_len, payload_len;
+   uint16_t dns_type, dns_class;
+   uint8_t host_len, dns_type_pos;
+   char uncompressed[NS_MAXDNAME], *uptr;
+   char *ptr, *eom = (char *)reply + reply_len;
++  char *domain;
+ 
+   /*
+* ptr points to the first char of the hostname.
+* ->hostname.domain.net
+*/
+   header_len = offset + sizeof(struct domain_hdr);
++  if (reply_len < header_len)
++  return -EINVAL;
++  payload_len = reply_len - header_len;
++
+   ptr = (char *)reply + header_len;
+ 
+   host_len = *ptr;
++  domain = ptr + 1 + host_len;
++  if (domain > eom)
++  return -EINVAL;
++
+   if (host_len > 0)
+-  domain_len = strnlen(ptr + 1 + host_len,
+-  reply_len - header_len);
++  domain_len = strnlen(domain, eom - domain);
+ 
+   /*
+* If the query type is anything other than A or ,
+@@ -2011,6 +2025,8 @@ static int forward_dns_reply(unsigned char *reply, int 
reply_len, int protocol,
+*/
+   dns_type_pos = host_len + 1 + domain_len + 1;
+ 
++  if (ptr + (dns_type_pos + 3) > eom)
++  return -EINVAL;
+   dns_type = ptr[dns_type_pos] << 8 |
+

Bug#1006490: linux-image-5.16.0-1-amd64: hid-playstation.ko is missing

2022-02-26 Thread Anton Shestakov

Package: src:linux
Version: 5.16.7-2
Severity: normal
X-Debbugs-Cc: a...@dwimlabs.net

Dear Maintainer,

On linux-image-5.15.0-3-amd64 there's a hid-playstation.ko module that supports
DualSense (PS5) controller, but it's missing from linux-image-5.16.0-1-amd64:

# dpkg -L linux-image-5.15.0-3-amd64 | fgrep hid-playstation
/lib/modules/5.15.0-3-amd64/kernel/drivers/hid/hid-playstation.ko
# dpkg -L linux-image-5.16.0-1-amd64 | fgrep hid-playstation

(Also missing from linux-image-5.16.0-2-amd64.)

Because of this, a different driver is used for the controller (I assume it's
hid-generic), and so accelerometer/gyro and touchpad are not supported, and the
buttons/axes are in a strange order.

After looking at #1006275 and the patch that fixed it, I found that the older
kernel config file also used to contain CONFIG_HID_PLAYSTATION=m and
CONFIG_PLAYSTATION_FF=y. Please consider re-enabling these options too.

-- Package-specific info:
** Version:
Linux version 5.16.0-1-amd64 (debian-ker...@lists.debian.org) (gcc-11 (Debian 
11.2.0-16) 11.2.0, GNU ld (GNU Binutils for Debian) 2.37.90.20220130) #1 SMP 
PREEMPT Debian 5.16.7-2 (2022-02-09)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-5.16.0-1-amd64 
root=UUID=ca3e0e88-3073-4e58-9407-e5ae900dfa83 ro security=apparmor quiet

** Tainted: OE (12288)
 * externally-built ("out-of-tree") module was loaded
 * unsigned module was loaded

** Kernel log:
[   17.040596] vboxdrv: module verification failed: signature and/or required 
key missing - tainting kernel
[   17.050604] vboxdrv: Found 4 processor cores
[   17.077985] vboxdrv: TSC mode is Invariant, tentative frequency 238412 Hz
[   17.077990] vboxdrv: Successfully loaded version 6.1.32_Debian r149290 
(interface 0x0032)
[   17.101018] VBoxNetFlt: Successfully started.
[   17.127304] VBoxNetAdp: Successfully started.
[   17.134334] tun: Universal TUN/TAP device driver, 1.6
[   17.253155] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[   17.253160] Bluetooth: BNEP filters: protocol multicast
[   17.253165] Bluetooth: BNEP socket layer initialized
[   17.272242] NET: Registered PF_ALG protocol family
[   17.322653] pcieport :00:1c.0: Intel SPT PCH root port ACS workaround 
enabled
[   17.356449] EXT4-fs (sda2): re-mounted. Opts: errors=remount-ro,commit=600. 
Quota mode: none.
[   17.369267] EXT4-fs (dm-0): re-mounted. Opts: commit=600. Quota mode: none.
[   17.403017] r8169 :01:00.0: firmware: direct-loading firmware 
rtl_nic/rtl8168h-2.fw
[   17.430599] Generic FE-GE Realtek PHY r8169-0-100:00: attached PHY driver 
(mii_bus:phy_addr=r8169-0-100:00, irq=MAC)
[   17.631941] r8169 :01:00.0 enp1s0: Link is Down
[   17.647885] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   17.648881] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   17.649882] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   17.650887] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   17.651882] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   17.652928] Bluetooth: hci0: Failed to read codec capabilities (-56)
[   22.655952] fuse: init (API version 7.35)
[   24.640215] Bluetooth: RFCOMM TTY layer initialized
[   24.640224] Bluetooth: RFCOMM socket layer initialized
[   24.640233] Bluetooth: RFCOMM ver 1.11
[   30.717021] wlp2s0: authenticate with 74:a7:8e:cd:c9:e4
[   30.725610] wlp2s0: send auth to 74:a7:8e:cd:c9:e4 (try 1/3)
[   30.754475] wlp2s0: authenticated
[   30.758659] wlp2s0: associate with 74:a7:8e:cd:c9:e4 (try 1/3)
[   30.774574] wlp2s0: RX AssocResp from 74:a7:8e:cd:c9:e4 (capab=0x431 
status=0 aid=1)
[   30.791376] wlp2s0: associated
[   30.899457] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
[   34.999034] [UFW BLOCK] IN=wlp2s0 OUT= 
MAC=d0:3c:1f:74:e3:2a:74:a7:8e:cd:c9:e4:08:00 SRC=185.52.2.217 DST=192.168.0.5 
LEN=68 TOS=0x10 PREC=0x60 TTL=58 ID=15233 DF PROTO=UDP SPT=1194 DPT=59041 
LEN=48 
[   78.233727] usb 1-2: new high-speed USB device number 4 using xhci_hcd
[   78.382675] usb 1-2: New USB device found, idVendor=054c, idProduct=0ce6, 
bcdDevice= 1.00
[   78.382688] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[   78.382693] usb 1-2: Product: Wireless Controller
[   78.382697] usb 1-2: Manufacturer: Sony Interactive Entertainment
[   78.589510] EXT4-fs (sda2): re-mounted. Opts: errors=remount-ro,commit=600. 
Quota mode: none.
[   78.599241] EXT4-fs (dm-0): re-mounted. Opts: commit=600. Quota mode: none.
[   78.752925] input: Sony Interactive Entertainment Wireless Controller as 
/devices/pci:00/:00:14.0/usb1/1-2/1-2:1.3/0003:054C:0CE6.0002/input/input21
[   78.753120] hid-generic 0003:054C:0CE6.0002: input,hidraw1: USB HID v1.11 
Gamepad [Sony Interactive Entertainment Wireless Controller] on 
usb-:00:14.0-2/input3
[   78.753180] usbcore: registered new interface driver usbhid
[   78.753183] usbhid: USB HID core driver
[   78.786395] usbcore: registered new interface driver snd-usb-audio
[   78.903159] EXT4-fs

Bug#1006184:

2022-02-26 Thread Aritz Erkiaga

I believe this is incorrect. Those two commits only close #1005006, 
while #1006184 is closed by the single commit linked in this bug report. 
All *three* commits have been merged into upstream, fixing both bugs. 
For clarification, I'll link the *missing* patch (which does close this 
bug) here.


Fix for #1006184: 
https://github.com/OpenChemistry/avogadrolibs/commit/c47d00c821ba77ea2b13aaa933cfc922f1980469

Bug#1006483: ITP: python3-mergedeep -- A deep merge function for Python

2022-02-26 Thread Peter Pentchev

On Sat, Feb 26, 2022 at 08:12:27AM +, Edward Betts wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Edward Betts 
> X-Debbugs-Cc: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org
> 
> * Package name: python3-mergedeep
>   Version : 1.3.4
>   Upstream Author : Travis Clarke
> * URL : https://github.com/clarketm/mergedeep
> * License : MIT
>   Programming Lang: Python
>   Description : A deep merge function for Python

I think you may have seen this already, but Carsten Schoenert filed
#1006479 just today for the same library :)

Thanks to both of you for your work!

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Bug#964947: dhcpcd5: New upstream version available: 9.1.4

On Sat, Feb 26, 2022 at 11:54 AM Roy Marples  wrote:
>
> On 26/02/2022 07:53, Martin-Éric Racine wrote:
> > On Fri, Feb 25, 2022 at 3:52 PM Roy Marples  wrote:
> >>
> >> On 25/02/2022 09:25, Martin-Éric Racine wrote:
> >>> Right now, my personal experiements with dhcpcd indicate that
> >>> something as simple as passing options to wpa_supplicant via dhcpcd's
> >>> configuration file is not an easy task.
> >>
> >> Why would you want to? They have separate domains of responsibility. One
> >> configures the addressing and routes and other misc related stuff and the 
> >> other
> >> brings up the actual link to do this on.
> >
> > Because having the configuration data for all interfaces is
> > /etc/network/interfaces' whole point.
>
> Then get /etc/network/interfaces to control wpa_supplicant and don't abuse the
> dhcpcd hook.

Something like this?

allow-hotplug enp9s0 wlp12s0
iface enp9s0 inet manual
iface wlp12s0 inet manual
wpa-ssid 
wpa-psk 

That would probably work. The 'manual' method would let dhcpcd do its
job in the background.

> >> dhcpcd's wpa_supplicant hook was written to solely support hotplugging a 
> >> USB
> >> wireless stick into a machine without any kind of hotplug support.
> >> Since then I have added then -M flag to wpa_supplicant so it can do it by 
> >> itself.
> >
> > Which is a problem. dhcpcd and systemd currently compete for control
> > of the wireless device. systemd tries to rename it to follow
> > Predictable Network Interface Names at the same time as dhcpcd tries
> > to to connect it to a network. It results in configuration failing.
>
> Oh please.
> This issue was 9 solved years ago when I wrote a udev plugin for dhcpcd that
> forces dhcpcd to only "use" the interface when udev says the name has settled.
> https://github.com/NetworkConfiguration/dhcpcd/commit/12bbc8cb5c7507be15a7e0af4140c3d81125c46c

Sure enough, existing Build-Dep inherited from the current packaging
did not pull libudev-dev. Added. Built and tested. Works well. Thanks
for pointing that out.

> > Also, unless I missed something, dhcpcd doesn't currently have the
> > built-in logic to understand whether a device is wireless (needs WPA)
> > or not (doesn't need anythign else than DHCP).
>
> You have missed something.
> dhcpcd can set a profile per SSID so in dhcpcd.conf you could do this
>
> profile AP1
> static ipaddress=192.168.1.100/16
>
> profile AP2
> static ipaddress=10.100.32.1/8
>
> In the hook scripts you also have ${if_wireless} to examine.

Noted.

Martin-Éric

Bug#1006489: libxml2: CVE-2022-23308: Use-after-free of ID and IDREF attributes

Source: libxml2
Version: 2.9.12+dfsg-6
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/327
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libxml2.

CVE-2022-23308[0]:
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF
| attributes.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-23308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/327
[2] 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1006488: ell: please upgrade to release 0.49

2022-02-26 Thread Jonas Smedegaard

Source: ell
Version: 0.48-1
Severity: wishlist
Tags: upstream

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Recent release of IWD requires ell 0.49.

Please upgrade to ell 0.49.

Or, please tell me if ok that I join as co-maintainer of ell and I can
then do upgrades like this myself.

I'd be honored to collaborate closer with you.


Kind regards,

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmIZ+Y4ACgkQLHwxRsGg
ASF/Sg//es8IUqKRXr05xEJmlkQT2HIYDixF500aA1WX6V2PbKpLEtNlYY5iOqLh
+ZCmuP/RPGr/sLFLw+HI9kZn/nTd8i+F78sAauSCXV+SK2RSTsR6T5853MOe+bd+
ISwcGjGqBPAPonseTClj8hap2u+IanHcuYjvxvR7tKku5e4D5jkLGPrum/tdZJ7U
S5WAhT4LPulC52DGLxPnzgYtVIeah9C+fYl65dT2jdMHv9p2DYGnkwjJb4t4Zttd
9qFmftSqC5R79X5V9dWiDaNvGym360aDUs4c0qMYjHU17kmAzGD6CYxBnzWV7wj4
d5YzUPBGDgXlnsXrSZXCzbN9mRQ2moEBPYI00Zrv3YYFj8c1d9mq29tWAb2D126i
0bJuLu70MXe7u+Tap2ftWPL72WNVdqsJFNhrX55skcsp8eJ0BYHLViDtmdyOvgiI
WkzgzS/024XyN/j7NsKC6TojQ01CPWB4JuPumbAiMHmKd/74wtqo2uQBRWvUrkot
rWCm1nYD8f9vsUgUlcsjfbXoHwADW0n4QIZB99PleO835oWPQeqaUC0DhYkx1LYr
cdWUsXWYdSACFwvSmJN4UAqMYD9fdFeIjh7fxxLoWePwTDQCpKEUMEXvCHig4+Qg
ndIGN/ZW+4Gn/Uy6NPeXf3Rp3TIpWhG26YJmXBoR28pY3RbJCa4=
=4+C+
-END PGP SIGNATURE-

Bug#964947: dhcpcd5: New upstream version available: 9.1.4

On Fri, Feb 25, 2022 at 10:31 AM Roy Marples  wrote:
> Looking, someone else decided to redo the NTP hooks entirely for Debian.
> My understanding is that the only thing the upstream hook doesn't do is 
> timesyncd.

On Debian, systemd Recommends systemd-timesyncd or time-daemon.

Packages currently providing time-daemon:

chrony - Versatile implementation of the Network Time Protocol
ntp - Network Time Protocol daemon and utility programs
ntpsec - Network Time Protocol daemon and utility programs
openntpd - OpenBSD NTP daemon
systemd-timesyncd - minimalistic service to synchronize local time
with NTP servers

Nonetheless dhcpcd's configure script tests for whatever NTP service
is currently running on the build host and enables matching hooks.
Works well for building host-specific binaries, but is obviously not
flexible enough for a software distribution to anticipate for any of
the above options being installed on a target host pulling dhcpcd
packages from a repository.

Martin-Éric

Bug#1005438: pygame: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.10 3.9" --system=custom --test-args "/usr/bin/xvfb-run {interpreter} -m pygame.tests.main --exclude opengl"

2022-02-26 Thread Marcin Owsiany

Dnia Tue, Feb 22, 2022 at 08:57:25AM +0100, Andreas Tille napisał(a):
> I had a look into this issue since a Debian Med package received a
> testing removal warning.  I can confirm the build fails with
> 
>Segmentation fault
> 
> in the build time test suite.

Just out of curiosity I ran the tests during build under GDB (simply
inserting "gdb --args" right before the "{interpreter}" in the
overrite_dh_auto_test rule in debian/rules).

It seems like the segfault is in the freetype library, when loading a font,
rather than in pygame (though I guess the root cause could be pygame passing
garbage to freetype? - I have zero knowledge about the API).

Cc-ing Hugh in case he can provide some hints about what might be going on here.

This does not change the fact that it would be great to move to pygame2 :-)

loading pygame.tests.freetype_test
loading pygame.tests.ftfont_test

Thread 1 "python3.10" received signal SIGSEGV, Segmentation fault.
0x7fde9aeb34e3 in FT_Done_Face (face=0x7fde96aa04d8) at 
./src/base/ftobjs.c:2836
2836./src/base/ftobjs.c: No such file or directory.
(gdb) bt full
#0  0x7fde9aeb34e3 in FT_Done_Face (face=0x7fde96aa04d8) at 
./src/base/ftobjs.c:2836
error = 35
driver = 
memory = 
node = 
#1  0x7fde9af11479 in ftc_face_node_done (ftcnode=0x1fce450, 
ftcmanager=) at ./src/cache/ftcmanag.c:272
node = 0x1fce450
manager = 
#2  0x7fde9af11872 in FTC_MruList_New (list=0x1ec9928, key=0x7fde970bb200, 
anode=anode@entry=0x7ffce3eb1bc0) at ./src/cache/ftcmru.c:281
error = 1
node = 0x1fce450
memory = 0x1e70c40
#3  0x7fde9af12bbf in FTC_Manager_LookupFace (manager=, 
face_id=face_id@entry=0x7fde970bb200, aface=aface@entry=0x7ffce3eb1be0) at 
./src/cache/ftcmanag.c:324
_pfirst = 
_compare = 0x7fde9af102d0 
_first = 
_node = 
error = 0
mrunode = 0x7fde9ca14638
#4  0x7fde982a5228 in _PGFT_GetFont (ft=ft@entry=0x20bc470, 
fontobj=fontobj@entry=0x7fde970bb1f0) at src_c/freetype/ft_wrap.c:321
error = 
font = 0x0
#5  0x7fde982a550c in init (ft=ft@entry=0x20bc470, 
fontobj=fontobj@entry=0x7fde970bb1f0) at src_c/freetype/ft_wrap.c:386
font = 
#6  0x7fde982a58be in _PGFT_TryLoadFont_Filename (ft=ft@entry=0x20bc470, 
fontobj=fontobj@entry=0x7fde970bb1f0, filename=, 
font_index=) at src_c/freetype/ft_wrap.c:442
filename_alloc = 
file_len = 
#7  0x7fde9829d3d0 in _ftfont_init (self=0x7fde970bb1f0, args=, kwds=) at src_c/_freetype.c:823
kwlist = {0x7fde982a7bb3 "file", 0x7fde982a7cca "size", 0x7fde982a75cc 
"font_index", 0x7fde982a777c "resolution", 0x7fde982a75d7 "ucs4", 0x0}
file = 0x7fde96f44d30
original_file = 0x7fde96f2a240
font_index = 0
face_size = {x = 1280, y = 0}
ucs4 = 0
resolution = 0
size = 0
height = 0
width = 0
x_ppem = 0
y_ppem = 0
rval = -1
source = 
ft = 0x20bc470
#8  0x00599823 in  ()
#9  0x00531efb in _PyObject_MakeTpCall ()
#10 0x0052c946 in _PyEval_EvalFrameDefault ()
#11 0x0053105a in _PyObject_FastCallDictTstate ()
#12 0x005446ab in  ()
#13 0x00532228 in  ()
#14 0x00549149 in PyObject_Call ()
#15 0x00528a93 in _PyEval_EvalFrameDefault ()
#16 0x0053b7ff in _PyFunction_Vectorcall ()
#17 0x00526ca7 in _PyEval_EvalFrameDefault ()
#18 0x0053b7ff in _PyFunction_Vectorcall ()
--Type  for more, q to quit, c to continue without paging--c
#19 0x00526ca7 in _PyEval_EvalFrameDefault ()
#20 0x0054884c in  ()
#21 0x00526aba in _PyEval_EvalFrameDefault ()
#22 0x0053b7ff in _PyFunction_Vectorcall ()
#23 0x00526ca7 in _PyEval_EvalFrameDefault ()
#24 0x0053b7ff in _PyFunction_Vectorcall ()
#25 0x0054893a in  ()
#26 0x00528a93 in _PyEval_EvalFrameDefault ()
#27 0x0053105a in _PyObject_FastCallDictTstate ()
#28 0x005459b9 in _PyObject_Call_Prepend ()
#29 0x005c2c33 in  ()
#30 0x00531efb in _PyObject_MakeTpCall ()
#31 0x0052b9ee in _PyEval_EvalFrameDefault ()
#32 0x0053b7ff in _PyFunction_Vectorcall ()
#33 0x0054893a in  ()
#34 0x00528a93 in _PyEval_EvalFrameDefault ()
#35 0x0053105a in _PyObject_FastCallDictTstate ()
#36 0x005459b9 in _PyObject_Call_Prepend ()
#37 0x005c2c33 in  ()
#38 0x00531efb in _PyObject_MakeTpCall ()
#39 0x0052b9ee in _PyEval_EvalFrameDefault ()
#40 0x0053b7ff in _PyFunction_Vectorcall ()
#41 0x0054893a in  ()
#42 0x00528a93 in _PyEval_EvalFrameDefault ()
#43 0x0053105a in _PyObject_FastCallDictTstate ()
#44 0x005459b9 in _PyObject_Call_Prepend ()
#45 0x005c2c33 in  ()
#46 0x00531efb in _PyObject_MakeTpCall ()
#47 0x0052b9ee in _PyEval_EvalFrameDefault ()
#48

Bug#1006487: consul: CVE-2022-24687

Source: consul
Version: 1.8.7+dfsg1-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 1.8.7+dfsg1-2

Hi,

The following vulnerability was published for consul.

CVE-2022-24687[0]:
| HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7,
| and 1.11.2 has Uncontrolled Resource Consumption.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-24687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24687
[1] 
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/

Regards,
Salvatore

Bug#1006485: fscrypt: CVE-2022-25326 CVE-2022-25327 CVE-2022-25328

Source: fscrypt
Version: 0.3.1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for fscrypt.

CVE-2022-25326[0]:
| fscrypt through v0.3.2 creates a world-writable directory by default
| when setting up a filesystem, allowing unprivileged users to exhaust
| filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and
| adjusting the permissions on existing fscrypt metadata directories
| where applicable.


CVE-2022-25327[1]:
| The PAM module for fscrypt doesn't adequately validate fscrypt
| metadata files, allowing users to create malicious metadata files that
| prevent other users from logging in. A local user can cause a denial
| of service by creating a fscrypt metadata file that prevents other
| users from logging into the system. We recommend upgrading to version
| 0.3.3 or above


CVE-2022-25328[2]:
| The bash_completion script for fscrypt allows injection of commands
| via crafted mountpoint paths, allowing privilege escalation under a
| specific set of circumstances. A local user who has control over
| mountpoint paths could potentially escalate their privileges if they
| create a malicious mountpoint path and if the system administrator
| happens to be using the fscrypt bash completion script to complete
| mountpoint paths. We recommend upgrading to version 0.3.3 or above

The issues do not warrant a DSA, but depending on feasibility it would
be good th ave the fixes available as well in bullseye and buster
through a point release.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-25326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25326
[1] https://security-tracker.debian.org/tracker/CVE-2022-25327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25327
[2] https://security-tracker.debian.org/tracker/CVE-2022-25328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25328
[3] https://www.openwall.com/lists/oss-security/2022/02/24/1

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1006396: Your mail

2022-02-26 Thread Soenke Huels


Hi everyone,

thanks for your prompt replies!


Probably the bug is related to this issue:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/931


Yes, this does indeed sound like the same issue, thanks for highlighting
it. The workaround mentioned in that report is working for me as well.


Fixed with:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1122



I will confirm that this fixes the issue when the respective updated
packages arrive.

Thanks again!

Regards,
Soenke

Bug#964947: dhcpcd5: New upstream version available: 9.1.4