Bug#1033463: linux-image-6.1.0-6-amd64: fails to mount/recognize NTFS partitions

2023-03-25 Thread Vivek K J


On 25/03/23 21:09, Diederik de Haas wrote:

Control: tag -1 moreinfo

On Saturday, 25 March 2023 15:27:52 CET Vivek K J wrote:

I've been using a automount script (in /etc/fstab) to mount my
windows NTFS partition in Debian Testing. But after updating to
6.1.0-6-amd64 the kernel doesn't boot and stucks at recovery mode. On
commenting the line which I used to automount that drive, I was able to
boot into OS, but it fails to recognize my NTFS partitions.

PS: it's working without any problems in 6.1.0-5-amd64.

Unstable has version 6.1.20-1 aka 6.1.0-7-amd64, can you try whether the
problem is still present in that version?

No.  Unstable version is able to mount that drive without any errors

If it does, then sharing the output when you *manually* mount the drive
successfully on 6.1.0-5-amd64 and when you do the exact same thing on 6.1.0-6-
amd64 with the failure, so it shows some error message(s).


It doesn't even recognizes a NTFS Partition (no output on using sudo 
fdisk -l | grep NTFS

)

--
Regards,

Vivek K J
Debian Maintainer
---
 .''`.
Personal Website:https://vivekkj.codes : :'  :
GPG Key: D017 9263 E202 0E40 7157  4073 A5FF 4BB3 EA53 C5DF `. `'`
  `-



OpenPGP_0xA5FF4BB3EA53C5DF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature


Bug#1033492: unblock: php8.2/8.2.4-1 ????

2023-03-25 Thread Ondřej Surý
Paul,

just a quick reply - PHP already has a security (and if I remember correctly 
release) team exception from the last time. So, we already had this talk about 
upstream policies.

I’m happy to fill the template though when it’s not Sunday.

Ondrej
--
Ondřej Surý  (He/Him)

> On 26. 3. 2023, at 8:15, Paul Gevers  wrote:
> 
> Package: release.debian.org
> Tags: moreinfo
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: ond...@sury.org
> Control: affects -1 src:php8.2
> 
> Dear Ondřej,
> 
> I just noticed that security bug 1031368 is fixed in unstable was fixed in 
> php8.2 version 8.2.3-1. That didn't migrate to testing because we're in the 
> freeze [1], you didn't request an unblock and (to be honest) I deferred when 
> I looked a while back because it involves a new upstream release. New 
> upstream versions are in principle against the freeze policy unless it's a 
> targeted-fix-only release. From a quick look at the upstream NEWS file, that 
> could very well be the case, can you confirm that? I'd like you to provide us 
> the usual information we use in the unblock process so I have added the 
> reportbug template below as an aid; the biggest question I have is: can you 
> point us at the upstream policy that explains what goes into their stable 
> releases?
> 
> php8.2 is a key package.
> 
> Paul
> 
> [1] https://release.debian.org/testing/freeze_policy.html#hard
> 
> Please unblock package php8.2
> 
> (Please provide enough (but not too much) information to help
> the release team to judge the request efficiently. E.g. by
> filling in the sections below.)
> 
> [ Reason ]
> (Explain what the reason for the unblock request is.)
> 
> [ Impact ]
> (What is the impact for the user if the unblock isn't granted?)
> 
> [ Tests ]
> (What automated or manual tests cover the affected code?)
> 
> [ Risks ]
> (Discussion of the risks involved. E.g. code is trivial or
> complex, key package vs leaf package, alternatives available.)
> 
> [ Checklist ]
>  [ ] all changes are documented in the d/changelog
>  [ ] I reviewed all changes and I approve them
>  [ ] attach debdiff against the package in testing
> 
> [ Other info ]
> (Anything else the release team should know.)
> 
> unblock php8.2/8.2.4-1
> 



Bug#1024274: rails: CVE-2022-3704: XSS within Route Error Page

2023-03-25 Thread Lucas Nussbaum
On 16/11/22 at 22:42 +0100, Salvatore Bonaccorso wrote:
> Source: rails
> Version: 2:6.1.7+dfsg-2
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/rails/rails/issues/46244
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> 
> 
> Hi,
> 
> The following vulnerability was published for rails.
> 
> CVE-2022-3704[0]:
> | A vulnerability classified as problematic has been found in Ruby on
> | Rails. This affects an unknown part of the file actionpack/lib/action_
> | dispatch/middleware/templates/routes/_table.html.erb. The manipulation
> | leads to cross site scripting. It is possible to initiate the attack
> | remotely. The name of the patch is
> | be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a
> | patch to fix this issue. The associated identifier of this
> | vulnerability is VDB-212319.
> 
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2022-3704
> https://www.cve.org/CVERecord?id=CVE-2022-3704
> [1] https://github.com/rails/rails/issues/46244
> [2] 
> https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
> 
> Please adjust the affected versions in the BTS as needed.

Hi,

The validity of this CVE has been contested by the rails team.
See last comment on https://github.com/rails/rails/issues/46244

It was fixed upstream in the 6.1 stable branch, but NOT in the 6.1.7.X
security releases. See
https://github.com/rails/rails/commit/1593b13665a62a49a4a5e15992e347227ea2cfdd

I think that we should stick with the rails team analysis on this CVE
and not backport the fix.

Lucas



Bug#853915: Illegal services connected to my android.

2023-03-25 Thread Gina



Bug#1033492: unblock: php8.2/8.2.4-1 ????

2023-03-25 Thread Paul Gevers

Package: release.debian.org
Tags: moreinfo
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ond...@sury.org
Control: affects -1 src:php8.2

Dear Ondřej,

I just noticed that security bug 1031368 is fixed in unstable was fixed 
in php8.2 version 8.2.3-1. That didn't migrate to testing because we're 
in the freeze [1], you didn't request an unblock and (to be honest) I 
deferred when I looked a while back because it involves a new upstream 
release. New upstream versions are in principle against the freeze 
policy unless it's a targeted-fix-only release. From a quick look at the 
upstream NEWS file, that could very well be the case, can you confirm 
that? I'd like you to provide us the usual information we use in the 
unblock process so I have added the reportbug template below as an aid; 
the biggest question I have is: can you point us at the upstream policy 
that explains what goes into their stable releases?


php8.2 is a key package.

Paul

[1] https://release.debian.org/testing/freeze_policy.html#hard

Please unblock package php8.2

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
(Explain what the reason for the unblock request is.)

[ Impact ]
(What is the impact for the user if the unblock isn't granted?)

[ Tests ]
(What automated or manual tests cover the affected code?)

[ Risks ]
(Discussion of the risks involved. E.g. code is trivial or
complex, key package vs leaf package, alternatives available.)

[ Checklist ]
  [ ] all changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)

unblock php8.2/8.2.4-1



OpenPGP_signature
Description: OpenPGP digital signature


Bug#1031042: mariadb-10.5 10.5.19-0+deb11u1 flagged for acceptance

2023-03-25 Thread Paul Gevers

Hi Otto,

On 26-03-2023 06:48, Otto Kekäläinen wrote:

Based on 
https://packages.debian.org/search?keywords=mariadb-server&searchon=names&suite=all§ion=all
this 10.5.19-0+deb11u1 is still pending and a stable update of Debian
11 "Bullseye" has not yet been made in March 2023?


https://lists.debian.org/debian-live/2023/03/msg00025.html


Is it OK if I merge in one regression fix and upload a new version?


I'm not a stable release manager, but I'm pretty sure it's better to 
file a new bug for that request than updating this bug (it's part of the 
workflow).


Paul


OpenPGP_signature
Description: OpenPGP digital signature


Bug#1033464: unblock: fish/3.6.0-3

2023-03-25 Thread Paul Gevers

Control: tags -1 confirmed moreinfo

Hi Mo,

On 25-03-2023 15:39, M. Zhou wrote:

Please unblock package fish
Not yet uploaded. This package does not have a proper
autopkgtest, manual unblock needed.


Please go ahead and remove the moreinfo tag once that happened.

Paul


OpenPGP_signature
Description: OpenPGP digital signature


Bug#1031042: mariadb-10.5 10.5.19-0+deb11u1 flagged for acceptance

2023-03-25 Thread Otto Kekäläinen
Hi!

Based on 
https://packages.debian.org/search?keywords=mariadb-server&searchon=names&suite=all§ion=all
this 10.5.19-0+deb11u1 is still pending and a stable update of Debian
11 "Bullseye" has not yet been made in March 2023?

Is it OK if I merge in one regression fix and upload a new version?

https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/13



Bug#1033234: MariaDB-Server not installing

2023-03-25 Thread Otto Kekäläinen
If you want this fixed, try to reproduce the issue again in a
container or virtual machine. I am sure there was something special in
your situation that you did not yet share, perhaps related to previous
MySQL/MariaDB installations on the system the new install interacted
with or something.

Related:
- https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/26
- https://bugs.launchpad.net/ubuntu/+source/mariadb-10.6/+bug/2011293



Bug#1032861: Acknowledgement (Lintian: fix man page syntax errors)

2023-03-25 Thread Otto Kekäläinen
Forwarded: https://github.com/MariaDB/server/pull/2544



Bug#1033491: jwm: please replace xterm to x-terminal-emulator in system.jwmrc file

2023-03-25 Thread Thom
Package: jwm
Version: 2.4.3-1
Severity: minor
X-Debbugs-Cc: thom1...@gmail.com

Dear Maintainer,


Please replace xterm to x-terminal-emulator in system.jwmrc file
in some rare cases (for example if jwm installed before xorg) we have 
rxvt-unicode instead xterm


See patch in attachments


Thanks


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages jwm depends on:
ii  libc6   2.36-8
ii  libcairo2   1.16.0-7
ii  libglib2.0-02.74.6-1
ii  libjpeg62-turbo 1:2.1.5-2
ii  libpango-1.0-0  1.50.12+ds-1
ii  libpangoft2-1.0-0   1.50.12+ds-1
ii  libpangoxft-1.0-0   1.50.12+ds-1
ii  libpng16-16 1.6.39-2
ii  librsvg2-2  2.54.5+dfsg-1
ii  libx11-62:1.8.4-2
ii  libxext62:1.3.4-1+b1
ii  libxft2 2.3.6-1
ii  libxinerama12:1.1.4-3
ii  libxmu6 2:1.1.3-3
ii  libxpm4 1:3.5.12-1.1
ii  libxrender1 1:0.9.10-1.1
ii  rxvt-unicode [x-terminal-emulator]  9.30-2+b4

Versions of packages jwm recommends:
pn  menu  

Versions of packages jwm suggests:
pn  x11-apps  

-- Configuration Files:
/etc/jwm/system.jwmrc changed [not included]

-- no debconf information
--- system.jwmrc2023-03-26 13:10:30.618632210 +1000
+++ system.jwmrc.edited 2023-03-26 13:11:45.975428038 +1000
@@ -4,7 +4,7 @@
 
 
 /etc/jwm/debian-menu
-xterm
+x-terminal-emulator
 
 
xscreensaver-command -lock


Bug#1033490: unblock: py7zr/0.11.3+dfsg-5

2023-03-25 Thread Sandro Tosi
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: py...@packages.debian.org, mo...@debian.org
Control: affects -1 + src:py7zr

Please unblock package py7zr

This package fixes CVE-2022-44900 aka #1032091

[ Reason ]
fixes a security issue and makes the package RC-free, allowing calibre to stay
in bookwork

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

The package diff is visible 
https://salsa.debian.org/python-team/packages/py7zr/-/compare/debian%2F0.11.3+dfsg-4...debian%2F0.11.3+dfsg-5?from_project_id=56010&straight=false
 (if you prefer an actual debdiff file attached, let me know)

unblock py7zr/0.11.3+dfsg-5



Bug#1033489: sudo lecture is missing

2023-03-25 Thread Thom
Package: sudo
Version: 1.9.13p3-1
Severity: minor
X-Debbugs-Cc: thom1...@gmail.com

Dear Maintainer,


Debian bookworm clean minimal install from media
debian-bookworm-DI-alpha2-amd64-netinst.iso


after first login after installation as regular user
I try to use sudo comand at the first time
but sudo legendary lecture did not display.


user@debian:~$ ls /var/lib/sudo/lectured
user@debian:~$
this directory is epmty


Probably add an option
Defaultslecture=once
in /etc/sudoers config file can fix this issue.


Thanks



-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sudo depends on:
ii  init-system-helpers  1.65.2
ii  libaudit11:3.0.9-1
ii  libc62.36-8
ii  libpam-modules   1.5.2-6
ii  libpam0g 1.5.2-6
ii  libselinux1  3.4-1+b5
ii  zlib1g   1:1.2.13.dfsg-1

sudo recommends no packages.

sudo suggests no packages.

-- Configuration Files:
/etc/sudoers [Errno 13] Отказано в доступе: '/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Отказано в доступе: '/etc/sudoers.d/README'

-- no debconf information


Bug#1033488: should not use dpkg --print-architecture

2023-03-25 Thread Marco d'Itri
Source: flash-kernel
Version: 3.106
Severity: normal

I am currently cross-grading an ARM system from armhf to arm64, and 
flash-kernel generates a non-working boot.scr file because dpkg 
--print-architecture in get_boot_cmd() returns armhf instead of arm64.

-- 
ciao,
Marco


signature.asc
Description: PGP signature


Bug#1033234: MariaDB-Server not installing

2023-03-25 Thread Timothy M Butterworth
On Sat, Mar 25, 2023 at 7:23 PM Otto Kekäläinen  wrote:

> Version: 1:10.11.2-1
> Tags: moreinfo
> Control: retitle -1 initscript action "stop" failed while running 'apt
> install mariadb-server'
>
> Hi!
>
> Can you please provide a reproducible case? Perhaps something I can
> run in a Docker container of LXD container to see this happening?
>

Otto,

Thanks for the response. I got it to install. I copied the mariadb.service
file and made a soft link from it to mysql.service. I was able to
successfully run `systemctl stop` against both service files. There was
nothing to stop since there was no database installed but I tricked the
script into thinking that it stopped the database. Anyway it was a little
hacky but I got mariadb-server installed. Sorry I can not help you
reproduce the issue.

Tim

What happens if you run manually these
>
> invoke-rc.d mariadb stop
> ps faux | grep mariadb
> ps faux | grep mysql
>


-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀


Bug#1033487: apt: apt-get says "This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." but apt-secure(8) doesn't tell where or how

2023-03-25 Thread Axel Beckert
Package: apt
Version: 2.6.0
Control: found -1 1.8.2.3

"apt-get update" says:

E: Repository 'https://debian.ethz.ch/debian experimental InRelease' changed 
its 'Codename' value from 'experimental' to 'rc-buggy'
N: This must be accepted explicitly before updates for this repository can be 
applied. See apt-secure(8) manpage for details.

But apt-secure(8) does not explain how to actually accept it:

  INFORMATION CHANGES
   A Release file contains beside the checksums for the files in the
   repository also general information about the repository like the
   origin, codename or version number of the release.

   This information is shown in various places so a repository owner
   should always ensure correctness. Further more user configuration
   like apt_preferences(5) can depend and make use of this
   information. Since version 1.5 the user must therefore explicitly
   confirm changes to signal that the user is sufficiently prepared
   e.g. for the new major release of the distribution shipped in the
   repository (as e.g. indicated by the codename).

IMHO either the message from apt-get or at least the apt-secure(8) man
page should explain,

a) that (only) "apt update" (and neither apt-get nor aptitude) provides
   an interactive prompt to accept that change, and

b) that apt-get can accept that change via the
   --allow-releaseinfo-change option. (And yeah, aptitude lacks that
   option as of now.)

Had a user nearly going nuts because of not finding out how to fix this
due to not being mentioned in the message nor in the referenced man
page. (He didn't look into the apt-get man page as that one wasn't
referenced.)

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'testing-security'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 
'experimental-debug'), (1, 'buildd-experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser3.132
ii  base-passwd3.6.1
ii  debian-archive-keyring 2023.2
ii  gpgv   2.2.40-1
ii  gpgv1  1.4.23-1.1+b1
ii  libapt-pkg6.0  2.6.0
ii  libc6  2.36-8
ii  libelogind0 [libsystemd0]  246.10-1debian1
ii  libgcc-s1  12.2.0-14
ii  libgnutls303.7.9-1
ii  libseccomp22.5.4-1+b3
ii  libstdc++6 12.2.0-14

Versions of packages apt recommends:
ii  ca-certificates  20230311

Versions of packages apt suggests:
ii  apt-doc 2.6.0
ii  aptitude0.8.13-5+abe+test1+bug1032654
ii  dpkg-dev1.21.21
ii  gnupg   2.2.40-1
ii  gnupg1  1.4.23-1.1+b1
ii  gnupg2  2.2.40-1
ii  powermgmt-base  1.37
ii  wajig   4.0.3

-- no debconf information



Bug#1031863: libqt5sql5-mysql: incompatible change in libmariadb3 breaks kontact, needs upstream fix in libqt5sql5-mysql

2023-03-25 Thread Otto Kekäläinen
 For the record, I have now patches both for 10.3 and 10.5:

https://salsa.debian.org/mariadb-team/mariadb-10.3/-/merge_requests/36
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/13

The upstream PR has not been accepted:
https://github.com/mariadb-corporation/mariadb-connector-c/pull/219

Some +1 might help get these included in next uploads.


Currently there isn't that many people helping with MariaDB
maintenance in Debian. If you want to contribute, please consider
helping by:

- Fixing some other bug listed at
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=mariadb&src=mariadb-10.6&src=mariadb-10.5&src=mariadb-10.3&src=mariadb-10.1
- Review open MRs at
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests
- Review recent commits at https://salsa.debian.org/mariadb-team/mariadb-server

Thanks!



Bug#1032407: Cannot start mariadb-server unless manually mkdir -p /var/lib/mysql

2023-03-25 Thread MichaIng
Who do you mean? Should be reported here by OP who faced the issue: 
https://github.com/puppetlabs/puppetlabs-mysql/issues


Only the Puppet MySQL module developers will know whether they need 
plain text logging for some specific reason and how to hence address 
this best.


Bookworm (and hence this change) is in "testing" now, in hard freeze 
stage of the upcoming Debian release. So a pretty perfect time for 
testing and reporting issues as of changes like this to software 
developers to update their software. And optionally to make it more 
compatible in the same turn by not relying on the existence of 
explicitly configured directories ;).




Bug#1033486: dh-python: Support alternative tox configuration files

2023-03-25 Thread Stefano Rivera
Package: dh-python
Version: 5.20230130
Severity: normal

tox supports configuration in 3 files: tox.ini, pyproject.toml and
setup.cfg. https://tox.wiki/en/latest/config.html

We expect the config to be in tox.ini, we should handle the other
options, too...

SR



Bug#1032407: Cannot start mariadb-server unless manually mkdir -p /var/lib/mysql

2023-03-25 Thread Otto Kekäläinen
Hi!

On Tue, 7 Mar 2023 at 06:51, MichaIng  wrote:
>
> The Puppet module requires an update:
> https://github.com/search?q=repo%3Apuppetlabs%2Fpuppetlabs-mysql%20%2Fvar%2Flog&type=code
>
> One option would be to make it create and chown the directory by itself,
> if plain text logs are for some reason needed/wanted.
>
> The probably cleaner option would be if it did not touch the log file
> option at all (same for PID file) to use the package/server defaults,
> which are to log to STDOUT => systemd journal since Bullseye.

Are you doing an update in Puppet for this?

So far we have only one report about this from one user (albeit the
Debian maintainer of an important package) so I don't feel confident
in reverting 
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/27
just yet.



Bug#1030604: Bug#1033485: Acknowledgement (RM: mariadb-10.5/unstable -- RoM; obsoleted by mariadb (10.11))

2023-03-25 Thread Scott Kitterman
Is it 10.5 or 10.6 that should be removed?  Subject says one and the body says 
the other.

Scott K

On March 25, 2023 11:12:07 PM UTC, "Otto Kekäläinen"  wrote:
>Executing the src:mariadb-10.6 removal request filed in Bug#1033485
>would fix Bug#1030604 about mariadb-10.6 autopkgtests failing in
>Debian unstable.
>
>(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030604)



Bug#1033234: MariaDB-Server not installing

2023-03-25 Thread Otto Kekäläinen
Version: 1:10.11.2-1
Tags: moreinfo
Control: retitle -1 initscript action "stop" failed while running 'apt
install mariadb-server'

Hi!

Can you please provide a reproducible case? Perhaps something I can
run in a Docker container of LXD container to see this happening?

What happens if you run manually these

invoke-rc.d mariadb stop
ps faux | grep mariadb
ps faux | grep mysql



Bug#1032047: mariadb-server: Preinst fails if user has mariadb running while system service stopped.

2023-03-25 Thread Otto Kekäläinen
Hi!

I suggested in my mail on Feb 28th to have this in the MariaDB preinstall:

pgrep -u root,mysql -x --nslist pid --ns $$ "mysqld|mariadbd"

It would safely shut down the Akonadi server before MariaDB goes into
update and the binary it uses vanishes for a while.

However I never got any confirmation/support for this, so I didn't
proceed with it.


If you want to contribute in the open source way to fix this or any
other issue, see
https://salsa.debian.org/mariadb-team/mariadb-server/-/wikis/Contributing-to-MariaDB-packaging-in-Debian
on how to submit a Merge Request!

The places you would want to modify are:
https://salsa.debian.org/mariadb-team/mariadb-server/-/blob/debian/latest/debian/mariadb-server.preinst#L31
https://salsa.debian.org/mariadb-team/mariadb-server/-/blob/debian/latest/debian/mariadb-server.postrm#L17



Bug#774647: can't a use key file stored on an encrypted rootfs to unlock the resume device at initramfs stage

2023-03-25 Thread Christoph Anton Mitterer
Hey.

I recently considered to do the same, i.e.:
- have a passphrase only for the dm-crypt encrypted rootfs
- have a separate dm-crypt encrypted swap device for hibernate only
- use a high-entropy key-file on the rootfs to decrypt the swap device


My understanding of the initramfs-tools boot is as follows:
init-top
...
local-top => here cryptroot opens ("decrypts") the root- and resume-
 device as well as any with "initramfs"-option in crypttab
local-bottom => it retries the same here
local-premount => here, none of these devices has been mounted, yet
  also here, the resume happens, at which point
  the system is completely replaced, the initramfs used
  just before for booting into the resume no longer
  exists, no mounting of the devices will take place,
  no pivot_root either
  (none of this is anyway necessary, as the resumed
  system has all that already done)

So the only way to get a key-file within the (not mounted) rootfs after
local-top/bottom but before the resume in local-premount would be to
actually mount the root fs before.

This is however pretty dangerous.
Even if the mounting is done read-only, filesystems may perform changes
(at least btrfs does, and I think ext4 may do so too).


There was recently [0], where someone mounted the root-fs in-between
suspend and resume and got corruptions.
While it was argued that the filesystem was frozen at suspend and that
btrfs would *try* to detect (since 6.2) whether it was mounted in-
between,... it was also argued that caching (in the resumed system) may
cause corruptions.


The blockdevice would need to be blockdev --setro first, but even that
may be more complex than one might think:
Consider e.g. multi-device filesystems (again e.g. btrfs), where the
other devices are auto-detected via UUID.


So IMO, this feature cannot be safely implemented.


Maybe the only way to do it safely was a hack:
- create a swapfile in the rootfs (this is anyway required to be not
  moved)
- get it's physical offest into the device (beware: for btrfs special
  commands are needed for that)
- let cryptroot read the key raw from that offest

But, again, quite ugly and hacky.


Cheers,
Chris.



[0] 
https://lore.kernel.org/linux-btrfs/ba9fb1c9-ccbc-4b93-92f9-a8c17ffab...@business-insulting.de/



Bug#1030604: Bug#1033485: Acknowledgement (RM: mariadb-10.5/unstable -- RoM; obsoleted by mariadb (10.11))

2023-03-25 Thread Otto Kekäläinen
Executing the src:mariadb-10.6 removal request filed in Bug#1033485
would fix Bug#1030604 about mariadb-10.6 autopkgtests failing in
Debian unstable.

(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030604)



Bug#1033485: RM: mariadb-10.5/unstable -- RoM; obsoleted by mariadb (10.11)

2023-03-25 Thread Otto Kekäläinen
Package: ftp.debian.org
Severity: normal

Hi,

Please remove src:mariadb-10.6 from unstable.

MariaDB 10.6 has been replaced by MariaDB 10.11, which is now
available in unstable and testing.

Ref:
https://tracker.debian.org/pkg/mariadb-10.6
https://tracker.debian.org/pkg/mariadb



Side note:

Running 'apt remove mariadb*' in Debian Sid also reports about MariaDB
5.5, 10.0 etc. Is it possible that some binary package remnants of old
versions are still around? How do I properly check it?

$ docker run -it --rm debian:sid bash
# apt-get update -qq
# apt-get remove 'mariadb*' | grep -E "5.|10."
Package 'mariadb-galera-server-10.0' is not installed, so not removed
Package 'mariadb-galera-server-5.5' is not installed, so not removed
Package 'mariadb-server-10.0' is not installed, so not removed
Package 'mariadb-server-5.1' is not installed, so not removed
Package 'mariadb-server-5.2' is not installed, so not removed
Package 'mariadb-server-5.3' is not installed, so not removed
Package 'mariadb-server-5.5' is not installed, so not removed
Package 'mariadb-backup-10.1' is not installed, so not removed
Package 'mariadb-backup-10.2' is not installed, so not removed
Package 'mariadb-backup-10.3' is not installed, so not removed
Package 'mariadb-client-10.1' is not installed, so not removed
Package 'mariadb-client-10.0' is not installed, so not removed
Package 'mariadb-client-10.2' is not installed, so not removed
Package 'mariadb-client-10.3' is not installed, so not removed
Package 'mariadb-client-10.4' is not installed, so not removed
Package 'mariadb-client-10.5' is not installed, so not removed
Package 'mariadb-client-5.5' is not installed, so not removed
Package 'mariadb-client-core-10.0' is not installed, so not removed
Package 'mariadb-client-core-10.1' is not installed, so not removed
Package 'mariadb-client-core-10.2' is not installed, so not removed
Package 'mariadb-client-core-10.3' is not installed, so not removed
Package 'mariadb-client-core-10.4' is not installed, so not removed
Package 'mariadb-client-core-10.5' is not installed, so not removed
Package 'mariadb-server-10.1' is not installed, so not removed
Package 'mariadb-server-10.2' is not installed, so not removed
Package 'mariadb-server-10.3' is not installed, so not removed
Package 'mariadb-server-10.4' is not installed, so not removed
Package 'mariadb-server-10.5' is not installed, so not removed
Package 'mariadb-client-core-5.5' is not installed, so not removed
Package 'mariadb-server-core-10.3' is not installed, so not removed
Package 'mariadb-server-core-10.4' is not installed, so not removed
Package 'mariadb-server-core-10.5' is not installed, so not removed
Package 'mariadb-connect-engine-10.0' is not installed, so not removed
Package 'mariadb-connect-engine-10.1' is not installed, so not removed
Package 'mariadb-gssapi-client-10.1' is not installed, so not removed
Package 'mariadb-gssapi-client-10.2' is not installed, so not removed
Package 'mariadb-gssapi-server-10.1' is not installed, so not removed
Package 'mariadb-gssapi-server-10.2' is not installed, so not removed
Package 'mariadb-oqgraph-engine-10.0' is not installed, so not removed
Package 'mariadb-oqgraph-engine-10.1' is not installed, so not removed
Package 'mariadb-rocksdb-engine-10.2' is not installed, so not removed
Package 'mariadb-rocksdb-engine-10.3' is not installed, so not removed
Package 'mariadb-tokudb-engine-10.0' is not installed, so not removed
Package 'mariadb-tokudb-engine-10.1' is not installed, so not removed
Package 'mariadb-tokudb-engine-5.5' is not installed, so not removed
Package 'mariadb-server-core-10.0' is not installed, so not removed
Package 'mariadb-server-core-10.1' is not installed, so not removed
Package 'mariadb-server-core-10.2' is not installed, so not removed
Package 'mariadb-server-core-5.5' is not installed, so not removed
Package 'mariadb-test-10.0' is not installed, so not removed
Package 'mariadb-test-10.1' is not installed, so not removed
Package 'mariadb-test-5.5' is not installed, so not removed
Package 'mariadb-test-data-10.0' is not installed, so not removed
Package 'mariadb-testsuite-10.1' is not installed, so not removed
Package 'mariadb-testsuite-10.3' is not installed, so not removed
Package 'mariadb-client-10.6' is not installed, so not removed
Package 'mariadb-client-core-10.6' is not installed, so not removed
Package 'mariadb-server-10.6' is not installed, so not removed
Package 'mariadb-server-core-10.6' is not installed, so not removed



Bug#1033484: mutter assert and kills the session on displaying popups (multiple apps liek nautilus)

2023-03-25 Thread Norbert Lange
Package: mutter
Version: 43.3-5
Severity: grave
X-Debbugs-Cc: nolang...@gmail.com

Right clicking in Nautilus will bring down the Desktop Session immediatly
(as well as in multiple other Application).

This behaviour started with 43.2-? and is still appearing with 43.3-5,
the only way I can use my system is downgrading to 43.0-2 and puttin
libmutter-11-0 mutter on hold.

It sounds identical to this issue:
https://gitlab.gnome.org/GNOME/mutter/-/issues/2563

I have this behaviour on 2 systems, AMD with Opensource drivers and one with a
really old Nvidia Card and "legacy" closed driver.
Wayland / X11 rerspective - the only common thing seems to be 2 attached
Monitors.

Log from the crash:

Mar 25 23:35:14 debian-xyz gnome-shell[2817]:
meta_window_set_stack_position_no_sync: assertion 'window->stack_position >= 0'
failed
Mar 25 23:35:14 debian-xyz systemd[1]: Starting systemd-hostnamed.service -
Hostname Service...
Mar 25 23:35:14 debian-xyz systemd[1]: Started systemd-hostnamed.service -
Hostname Service.
Mar 25 23:35:15 debian-xyz gnome-shell[2817]: Buggy client caused popup to be
placed outside of parent window
Mar 25 23:35:16 debian-xyz gnome-shell[2817]: **
Mar 25 23:35:16 debian-xyz gnome-shell[2817]:
libmutter:ERROR:../src/wayland/meta-wayland-
popup.c:233:meta_wayland_popup_grab_get_top_popup: assertion failed:
(!wl_list_empty (&grab->all_popups))
Mar 25 23:35:16 debian-xyz gnome-shell[2817]: Bail out!
libmutter:ERROR:../src/wayland/meta-wayland-
popup.c:233:meta_wayland_popup_grab_get_top_popup: assertion failed:
(!wl_list_empty (&grab->all_popups))
Mar 25 23:35:16 debian-xyz gnome-shell[2817]: == Stack trace for context
0x55e7f6e26ad0 ==
Mar 25 23:35:16 debian-xyz gnome-shell[4415]: (EE) failed to read Wayland
events: Broken pipe



-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mutter depends on:
ii  adwaita-icon-theme43-1
ii  gnome-settings-daemon-common  43.0-4
ii  gsettings-desktop-schemas 43.0-1
ii  libc6 2.36-8
ii  libgles2  1.6.0-1
ii  libglib2.0-0  2.74.6-1
hi  libmutter-11-043.0-2
ii  libwayland-client01.21.0-1
ii  libx11-6  2:1.8.4-2
ii  libxcomposite11:0.4.5-1
ii  mutter-common 43.3-5
ii  zenity3.44.0-1

mutter recommends no packages.

Versions of packages mutter suggests:
ii  gnome-control-center  1:43.4.1-1
ii  xdg-user-dirs 0.18-1

-- no debconf information



Bug#1033483: checkinstall: Files wrongly excluded because their path contains (not starting) the workdir path

2023-03-25 Thread Vincent Jaquet
Package: checkinstall
Version: 1.6.2+git20170426.d24a630-3+b1
Severity: important

Dear Maintainer,

My workspace path was /myapp and make install created files in 
/usr/include/myapp/...
As the path contained the /myapp it was wrongly excluded due to an error in the 
grep pattern.
Therefore the deb file created by did not contain the files in /usr/include.

The line containing the error is the following (the ^ is missing in the 
pattern, correct pattern at line 1746):
https://salsa.debian.org/debian/checkinstall/-/blob/7175ae9de0e45f42fdd7f185ab9a12043d5efeeb/checkinstall.in#L1757

Best regards,
Vincent

-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), 
(100, 'jammy-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-20-amd64 (SMP w/24 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages checkinstall depends on:
ii  dpkg-dev1.21.1ubuntu2.1
ii  file1:5.41-3
ii  libc6   2.35-0ubuntu3.1
ii  sensible-utils  0.0.17

Versions of packages checkinstall recommends:
ii  make  4.3-4.1build1

Versions of packages checkinstall suggests:
pn  gettext  



Bug#1033368: Bug#1033381: nasm: use i386-baseline compatible NOP alignment

2023-03-25 Thread James Addison
(in reply and with a few cloned bugreport threads on cc)

Thanks for the explanation and taking a look Sebastian; I'd noticed
the SSE2 cpuflag boolean condition, but had mistakenly believed that
the code path could be followed on Geode (and don't currently have
suitable hardware available to test the results on).

More generally it seems like detecting the presence of the NOPL
instruction isn't the clear baseline (in)compatibility indicator that
I hoped it was.  I'll try to be more careful with future reports and
patches.




On Sat, 25 Mar 2023 at 20:07, Sebastian Ramacher  wrote:
>
> On 2023-03-25 19:56:32 +, James Addison wrote:
> > Source: libass
> > Version: 1:0.17.1-1
> > Followup-For: Bug #1033381
> > Control: retitle -1 libass: nasm: use i386-baseline compatible NOP alignment
> > Control: tags -1 patch
> >
> > Please find a patch / merge request for this on Salsa at: 
> > https://salsa.debian.org/multimedia-team/libass/-/merge_requests/5
> >
> > I believe that the file /usr/lib/i386-linux-gnu/libass.so.9.2.1 is affected 
> > in
> > the i386 archive package - 'objdump -d ... | grep nopl' can help to confirm
> > this.
>
> The code is only used if SSE2 or AVX2 is supported. As the Geode
> supports neither, the use of the instructions for those code paths is
> not an issue.
>
> Cheers
> --
> Sebastian Ramacher



Bug#899413: texlive-latex-extra: beamerthemeAachen.sty is missing package tangocolors

2023-03-25 Thread Hilmar Preuße

Control: tags -1 + pending

On 5/23/18 23:49, Tobias Gruetzmacher wrote:

Hello,


The latex-beamer style "Aachen" isn't usable, since it does

\RequirePackage{tangocolors}

but tangocolors.sty is nowhere to be found...


I've uploaded the package to CTAN, so it will be in TL soon. Tag as pending.

H.
--
Testmail



Bug#1033006: unblock: openvpn/2.6.1-1 (preapproval)

2023-03-25 Thread Sebastian Ramacher
Control: tags -1 moreinfo

On 2023-03-24 23:46:56 +0100, Bernhard Schmidt wrote:
> On 15/03/23 04:57 PM, Bernhard Schmidt wrote:
> 
> Hi,
> 
> > The upcoming DCO change will involve a new version of src:openvpn and a new 
> > version
> > of src:openvpn-dco-dkms. The list of changes on the kernel side is already 
> > visible
> > on https://github.com/OpenVPN/ovpn-dco/commits/master .
> > 
> > In the past we managed to break DCO on above mentioned really heavily loaded
> > OpenVPN server within a few hours. The new version is a major overhaul and 
> > more
> > in-line with code upstreamable in Linux, and did survive torture tests.
> > 
> > I know this is kind of late, but I think it would be better to include it 
> > as well
> > as soon as it is released because
> > 
> > - we cannot support the old deprecated module
> > - openvpn uses DCO (of the right version) automatically and will 
> > transparently
> >   fall-back to non-DCO mode if the module is not found (or the wrong 
> > version)
> > - it has not been in Bullseye previously, so if we see that DCO is too 
> > unstable
> >   with the new version we can just drop it before the release
> 
> So, the release of 2.6.2 with the new DCO module has been done
> yesterday, fixing a number of bugs already present in 2.6.0.
> 
> https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst
> 
> ---
> New control packets flow for data channel offloading on Linux. 2.6.2+
> changes the way OpenVPN control packets are handled on Linux when DCO is
> active, fixing the lockups observed with 2.6.0/2.6.1 under high client
> connect/disconnect activity. This is an INCOMPATIBLE change and
> therefore an ovpn-dco kernel module older than v0.2.20230323 (commit ID
> 726fdfe0fa21) will not work anymore and must be upgraded. The kernel
> module was renamed to "ovpn-dco-v2.ko" in order to highlight this change
> and ensure that users and userspace software could easily understand
> which version is loaded. Attempting to use the old ovpn-dco with 2.6.2+
> will lead to disabling DCO at runtime.
> ---
> 
> So I need some guidance from the release team how to proceed. I can
> think of
> 
> - abandoning all of this, leading to a bookworm release using a buggy
>   OpenVPN version with a DCO kernel interface that noone else uses
> - update experimental to 2.6.2 and the new DCO module, then ask for a
>   approval for upload to unstable (2.6.1+2.6.2) in one go
> - upload 2.6.2 and the new DCO module to unstable right away
> - upload 2.6.1 from experimental to unstable, then stage 2.6.2 and the
>   new DCO in experimental for the second review round
> 
> I would prefer the last option.

Let's go ahead with the last option. Please let us know once openvpn
2.6.1 is in unstable.

Cheers
-- 
Sebastian Ramacher



Bug#1033482: debootstrap fails when invoked with --merged-usr

2023-03-25 Thread David Heidelberg
Package: debootstrap
Version: 1.0.128+nmu2
Severity: normal

Dear Maintainer,

Since --merged-usr is default in this configuration, it doesn't have to
be passed.

ARCH can be amd64 or arm64

debootstrap --variant=minbase --arch=$ARCH --components 
main,contrib,non-free,non-free-firmware bookworm /lava-files/rootfs-amd64/ 
http://deb.debian.org/debian

leads to errors as:
...
W: Failure while unpacking required packages.  This will be attempted up to 
five times.
W: See /lava-files/rootfs-amd64/debootstrap/debootstrap.log for details 
(possibly the package /var/cache/apt/archives/usr-is-merged_35_all.deb is at 
fault)

Whole log: https://gitlab.freedesktop.org/okias/mesa/-/jobs/38725690

These errors can be prevented when using --no-merged-usr.


-- System Information:
Debian Release: 12.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (10, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debootstrap depends on:
ii  wget  1.21.3-1+b2

Versions of packages debootstrap recommends:
ii  arch-test   0.20-1
ii  debian-archive-keyring  2021.1.1
ii  gnupg   2.2.40-1

Versions of packages debootstrap suggests:
ii  binutils2.40-2
pn  squid-deb-proxy-client  
pn  ubuntu-archive-keyring  
ii  xz-utils5.4.1-0.2
ii  zstd1.5.4+dfsg2-3

-- no debconf information



Bug#1033400: elpa-org: Bookworm emacs 28 has org-mode included in newer version as provided here.

2023-03-25 Thread Aymeric Agon-Rambosson



Le samedi 25 mars 2023 à 12:40, Sean Whitton 
 a écrit :



Hello,

We can't make either of these metadata changes now the freeze 
has begun.
After the freeze, the correct fix is to just update elpa-org to 
the

latest release.

It's unfortunate that we didn't update elpa-org in time.  Sorry 
about that.


In the meantime, if you want your emacs to load the org provided 
with emacs-el, and not the one provided with elpa-org, you may 
modify the `load-path` variable. It should contain both :

- "/usr/share/emacs/site-lisp/elpa/org-9.5.2"
- "/usr/share/emacs/28.2/lisp/org"

Since the first one comes before the other in the list, it is the 
one loaded when you do "(require 'org)".


You'll need to make sure to have the one you want coming before 
the other *at the moment you require the package*.


Best,

Aymeric



debian-bugs-dist@lists.debian.org

2023-03-25 Thread наб
Control: reassign -1 manpages 6.03-1

Hi!

On Sat, Mar 25, 2023 at 09:13:14PM +0100, Salvatore Bonaccorso wrote:
> Since several releses Debian sets fs.protected_symlinks=1 by default.
> 
> In the above case we have a sticky world-writable directory and the
> directory owner does not match the symlink owner and the follower's
> uid does not match the symlink's uid.

Yep, with some kernel tracing I managed to find this comes from
may_follow_link() and goes away with /proc/sys/fs/protected_symlinks=0,
thanks for confirming that's as-expected and as-appears.

That said, the requirements are esoteric, and symlink(7) says 
  The owner and group of an existing symbolic link can be changed using
  lchown(2).  The only time that the ownership of a symbolic link
  matters is when  the  link is being removed or renamed in a directory
  that has the sticky bit set (see stat(2)).
which initially put me onto "this is a kernel bug" rather than
"this is a security tunable", I'll write a blurb there.

Best,
наб


signature.asc
Description: PGP signature


Bug#1002056: ITP: zlib-ng -- optimized zlib compression library

2023-03-25 Thread David Heidelberg

Hello,

I see you recently pushed some code into git, do you plan to push the 
code also into Debian itself?


Thank you

David

--
David Heidelberg
Consultant Software Engineer



Bug#1033481: postfwd not stopped on systemd stop

2023-03-25 Thread William Edwards

Package: postfwd
Version: 1.35-6

Issue:

When stopping the postfwd systemd unit (using `systemctl stop postfwd`), 
postfwd processes are not stopped.


Logs:

```
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601020 (/usr/sbin/postf) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601021 ( postfwd2::cach) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601022 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601023 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601024 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601025 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601026 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601027 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601028 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601029 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601030 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601031 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: postfwd.service: Unit 
process 601032 ( postfwd2::poli) remains running after unit stopped.
Mar 25 21:01:18 pmg-test.prorelay.nl systemd[1]: Failed to start LSB: 
start and stop the postfw daemon.

```

The following processes are still running:

```
/usr/sbin/postfwd --summary=600 --cache=600 --cache-rdomain-only 
--cache-no-size --daemon --file=/etc/postfix/postfwd.cf 
--interface=127.0.0.1 --port=10040 --user=postfw --group=postfw 
--pidfile=/var/run/postfwd.pid

postfwd2::cache
postfwd2::policy
postfwd2::policy::child
```

Reproduce:

- Install postfwd (`apt install postfwd`)
- Set `STARTUP=1` in /etc/default/postfwd
- Stop postfwd using systemd (`systemctl stop postfwd`)

With kind regards,

William Edwards



debian-bugs-dist@lists.debian.org

2023-03-25 Thread Salvatore Bonaccorso
Hi,

On Sat, Mar 25, 2023 at 05:54:23PM +0100, наб wrote:
> Source: linux
> Version: 6.1.20-1
> Severity: normal
> 
> Dear Maintainer,
> 
> Here's a session that demonstrates the issue:
> -- >8 --
> /srv# echo /srv/f > f
> /srv# mkdir -m 1777 1777
> /srv# ln -s /srv/f 1777/
> /srv# chown _apt 1777/
> 
> /srv$ cat 1777/f
> cat: 1777/f: Permission denied
> /srv$ cat f
> /srv/f
> -- >8 --
> 
> Or, in short:
> -- >8 --
> $ find /srv/ -exec ls -ld {} +
> drwxr-xr-x 3 root root 4096 Mar 25 17:34 /srv/
> drwxrwxrwt 2 _apt root 4096 Mar 25 17:34 /srv/1777
> lrwxrwxrwx 1 root root6 Mar 25 17:34 /srv/1777/f -> /srv/f
> -rw-r--r-- 1 root root7 Mar 25 17:34 /srv/f
> -- >8 --
> 
> If you don't chown (leave it owned 0:0), the cat succeeds.
> If you make it 1755 instead of 1777, the cat succeeds as well!
> 
> This is obviously insane, but I'm assuming no-one noticed
> because no-one uses sticky directories not owned 0:0.
> 
> If you additionally mkdir 1777/dir and make an identical symlink there,
> the cat also succeeds.
> 
> Naturally, it should succeed in every scenario.

Since several releses Debian sets fs.protected_symlinks=1 by default.

>From the documentation:

| protected_symlinks
| --
| 
| A long-standing class of security issues is the symlink-based
| time-of-check-time-of-use race, most commonly seen in world-writable
| directories like ``/tmp``. The common method of exploitation of this flaw
| is to cross privilege boundaries when following a given symlink (i.e. a
| root process follows a symlink belonging to another user). For a likely
| incomplete list of hundreds of examples across the years, please see:
| https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
| 
| When set to "0", symlink following behavior is unrestricted.
| 
| When set to "1" symlinks are permitted to be followed only when outside
| a sticky world-writable directory, or when the uid of the symlink and
| follower match, or when the directory owner matches the symlink's owner.
| 
| This protection is based on the restrictions in Openwall and grsecurity.

https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks

In the above case we have a sticky world-writable directory and the
directory owner does not match the symlink owner and the follower's
uid does not match the symlink's uid.

Regards,
Salvatore



debian-bugs-dist@lists.debian.org

2023-03-25 Thread Bastian Blank
On Sat, Mar 25, 2023 at 05:54:23PM +0100, наб wrote:
> Naturally, it should succeed in every scenario.

This is
https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks

Bastian

-- 
We have found all life forms in the galaxy are capable of superior
development.
-- Kirk, "The Gamesters of Triskelion", stardate 3211.7



Bug#1033480: gitlab-ci-multi-runner: FTBFS on 32 bit archs: src/gitlab.com/gitlab-org/gitlab-runner/common/buildtest/masking.go:48:32: cannot use math.MaxInt64 (untyped int constant 922337203685477580

2023-03-25 Thread Sebastian Ramacher
Source: gitlab-ci-multi-runner
Version: 14.10.1-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=gitlab-ci-multi-runner&arch=i386&ver=14.10.1-1&stamp=1679574486&raw=0

# gitlab.com/gitlab-org/gitlab-runner/common/buildtest
src/gitlab.com/gitlab-org/gitlab-runner/common/buildtest/masking.go:48:32: 
cannot use math.MaxInt64 (untyped int constant 9223372036854775807) as int 
value in argument to buf.Bytes (overflows)
gitlab.com/gitlab-org/gitlab-runner/shells/shellstest
gitlab.com/gitlab-org/gitlab-runner/log/test
gitlab.com/gitlab-org/gitlab-runner/executors/kubernetes
gitlab.com/gitlab-org/gitlab-runner
dh_auto_build: error: cd _build && go install -trimpath -v -p 4 -ldflags "-X 
gitlab.com/gitlab-org/gitlab-runner/common.VERSION=14.10.1 -X 
gitlab.com/gitlab-org/gitlab-runner/common.REVISION=14.10.1" 
gitlab.com/gitlab-org/gitlab-runner 
gitlab.com/gitlab-org/gitlab-runner/apps/gitlab-runner-helper 
gitlab.com/gitlab-org/gitlab-runner/boring 
gitlab.com/gitlab-org/gitlab-runner/cache 
gitlab.com/gitlab-org/gitlab-runner/cache/azure 
gitlab.com/gitlab-org/gitlab-runner/cache/gcs 
gitlab.com/gitlab-org/gitlab-runner/cache/s3 
gitlab.com/gitlab-org/gitlab-runner/cache/test 
gitlab.com/gitlab-org/gitlab-runner/commands 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/archive 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/archive/fastzip 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/archive/gziplegacy 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/archive/raw 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/archive/ziplegacy 
gitlab.com/gitlab-org/gitlab-runner/commands/helpers/meter 
gitlab.com/gitlab-org/gitlab-runner/common 
gitlab.com/gitlab-org/gitlab-runner/common/buildtest 
gitlab.com/gitlab-org/gitlab-runner/executors 
gitlab.com/gitlab-org/gitlab-runner/executors/custom 
gitlab.com/gitlab-org/gitlab-runner/executors/custom/api 
gitlab.com/gitlab-org/gitlab-runner/executors/custom/command 
gitlab.com/gitlab-org/gitlab-runner/executors/docker 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/exec 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/labels 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/networks 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/pull 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/user 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/volumes 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/volumes/parser 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/volumes/permission
 gitlab.com/gitlab-org/gitlab-runner/executors/docker/internal/wait 
gitlab.com/gitlab-org/gitlab-runner/executors/docker/machine 
gitlab.com/gitlab-org/gitlab-runner/executors/parallels 
gitlab.com/gitlab-org/gitlab-runner/executors/shell 
gitlab.com/gitlab-org/gitlab-runner/executors/ssh 
gitlab.com/gitlab-org/gitlab-runner/executors/virtualbox 
gitlab.com/gitlab-org/gitlab-runner/executors/vm 
gitlab.com/gitlab-org/gitlab-runner/helpers 
gitlab.com/gitlab-org/gitlab-runner/helpers/archives 
gitlab.com/gitlab-org/gitlab-runner/helpers/certificate 
gitlab.com/gitlab-org/gitlab-runner/helpers/cli 
gitlab.com/gitlab-org/gitlab-runner/helpers/container/helperimage 
gitlab.com/gitlab-org/gitlab-runner/helpers/container/services 
gitlab.com/gitlab-org/gitlab-runner/helpers/container/services/test 
gitlab.com/gitlab-org/gitlab-runner/helpers/container/windows 
gitlab.com/gitlab-org/gitlab-runner/helpers/dns 
gitlab.com/gitlab-org/gitlab-runner/helpers/dns/test 
gitlab.com/gitlab-org/gitlab-runner/helpers/docker 
gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth 
gitlab.com/gitlab-org/gitlab-runner/helpers/docker/errors 
gitlab.com/gitlab-org/gitlab-runner/helpers/docker/test 
gitlab.com/gitlab-org/gitlab-runner/helpers/featureflags 
gitlab.com/gitlab-org/gitlab-runner/helpers/gitlab_ci_yaml_parser 
gitlab.com/gitlab-org/gitlab-runner/helpers/limitwriter 
gitlab.com/gitlab-org/gitlab-runner/helpers/parallels 
gitlab.com/gitlab-org/gitlab-runner/helpers/path 
gitlab.com/gitlab-org/gitlab-runner/helpers/process 
gitlab.com/gitlab-org/gitlab-runner/helpers/prometheus 
gitlab.com/gitlab-org/gitlab-runner/helpers/retry 
gitlab.com/gitlab-org/gitlab-runner/helpers/secrets 
gitlab.com/gitlab-org/gitlab-runner/helpers/secrets/resolvers/vault 
gitlab.com/gitlab-org/gitlab-runner/helpers/sentry 
gitlab.com/gitlab-org/gitlab-runner/helpers/service 
gitlab.com/gitlab-org/gitlab-runner/helpers/ssh 
gitlab.com/gitlab-org/gitlab-runner/helpers/test 
gitlab.com/gitlab-org/gitlab-runner/helpers/timeperiod 
gitlab.com/gitlab-org/gitlab-runner/helpers/tls 
gitlab.com/gitlab-org/gitlab-runner/helpers/tls/ca_chain 
gitlab.com/gitlab-org/gitlab-runner/helpers/trace 
gitlab.com/gitlab-org/gitlab-

Bug#1033400: elpa-org: Bookworm emacs 28 has org-mode included in newer version as provided here.

2023-03-25 Thread Sean Whitton
Hello,

We can't make either of these metadata changes now the freeze has begun.
After the freeze, the correct fix is to just update elpa-org to the
latest release.

It's unfortunate that we didn't update elpa-org in time.  Sorry about that.

-- 
Sean Whitton



Bug#1033292: Subject:Re: Bug#1033292: unblock: amanda/1:3.5.1-11

2023-03-25 Thread Jose M Calhariz
Hi,

I have updated the git repository on salsa abount amanda and created a
signed tag.  g...@salsa.debian.org:debian/amanda.git

As the debdiff amanda_3.5.1-10_source.changes
amanda_3.5.1-11_source.changes did not work as I expected I am 
doing a git diff:

diff --git a/debian/changelog b/debian/changelog
index d4e1821..498f6f9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+amanda (1:3.5.1-11) unstable; urgency=medium
+
+  * d/p/49-fix-CVE-2022-37705_part_2: 48-fix-CVE-2022-37705 broken one use
+case at least, this patch fix it, fixing the following two bugs.
+  * Bug fix: "backups fail with the following summary "FAILED [no
+backup size line]"", thanks to Norman Lyon (Closes: #1032330).
+  * Bug fix: "Amanda is unusable", thanks to Kamil Jonca (Closes:
+#1032884).
+
+ -- Jose M Calhariz   Tue, 21 Mar 2023 17:35:47 +
+
 amanda (1:3.5.1-10) unstable; urgency=medium
 
   * d/p/48-fix-CVE-2022-37705: Fix CVE-2022-37705.
diff --git a/debian/patches/49-fix-CVE-2022-37705_part_2 
b/debian/patches/49-fix-CVE-2022-37705_part_2
new file mode 100644
index 000..74341a6
--- /dev/null
+++ b/debian/patches/49-fix-CVE-2022-37705_part_2
@@ -0,0 +1,24 @@
+Description: Fix the fix for CVE-2022-37705
+Author: pcahyna https://github.com/pcahyna
+
+Index: amanda.git/client-src/runtar.c
+===
+--- amanda.git.orig/client-src/runtar.c2023-03-05 00:10:46.916884175 
+
 amanda.git/client-src/runtar.c 2023-03-05 00:15:52.189417756 +
+@@ -191,9 +191,13 @@ main(
+   g_str_has_prefix(argv[i],"--newer") ||
+   g_str_has_prefix(argv[i],"--exclude-from") ||
+   g_str_has_prefix(argv[i],"--files-from")) {
+-  good_option++;
+-  } else if (argv[i][0] != '-') {
+-  /* argument values are accounted for here */
++  if (strchr(argv[i], '=')) {
++  good_option++;
++  } else {
++  /* Accept theses options with the following argument */
++  good_option += 2;
++  }
++} else if (argv[i][0] != '-') {
+   good_option++;
+   }
+   }
diff --git a/debian/patches/series b/debian/patches/series
index 92dde9d..2be2df4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -45,6 +45,7 @@ reproducible-build
 ##
 # Patches to fix CVEs from 2022
 48-fix-CVE-2022-37705
+49-fix-CVE-2022-37705_part_2
 50-fix-CVE-2022-37704
 52-fix-CVE-2022-37704_part_2
 56-fix-CVE-2022-37703






I have attached the two patches for CVE-2022-37705 that I use in the
package, the one with the regression and the fix.

Kind regards
Jose M Calhariz





-- 
--
Ha alguma coisa nos armarios que deixa os esqueletos
inquietos.
-- John Barrymore
Description: Fix CVE-2022-37705
Author: Prajwal T R https://github.com/prajwaltr93

Index: amanda.git/client-src/runtar.c
===
--- amanda.git.orig/client-src/runtar.c 2021-06-20 21:02:56.627301251 +0100
+++ amanda.git/client-src/runtar.c  2023-02-24 12:40:05.041286442 +
@@ -191,9 +191,9 @@ main(
g_str_has_prefix(argv[i],"--newer") ||
g_str_has_prefix(argv[i],"--exclude-from") ||
g_str_has_prefix(argv[i],"--files-from")) {
-   /* Accept theses options with the following argument */
-   good_option += 2;
+   good_option++;
} else if (argv[i][0] != '-') {
+   /* argument values are accounted for here */
good_option++;
}
}
Description: Fix the fix for CVE-2022-37705
Author: pcahyna https://github.com/pcahyna

Index: amanda.git/client-src/runtar.c
===
--- amanda.git.orig/client-src/runtar.c 2023-03-05 00:10:46.916884175 +
+++ amanda.git/client-src/runtar.c  2023-03-05 00:15:52.189417756 +
@@ -191,9 +191,13 @@ main(
g_str_has_prefix(argv[i],"--newer") ||
g_str_has_prefix(argv[i],"--exclude-from") ||
g_str_has_prefix(argv[i],"--files-from")) {
-   good_option++;
-   } else if (argv[i][0] != '-') {
-   /* argument values are accounted for here */
+   if (strchr(argv[i], '=')) {
+   good_option++;
+   } else {
+   /* Accept theses options with the following argument */
+   good_option += 2;
+   }
+} else if (argv[i][0] != '-') {
good_option++;
}
}


signature.asc
Description: PGP signature


Bug#1029588: bts: Changes in libio-socket-ssl-perl 2.078 make bts fail to send mail to mail-server via SSL/TLS - hostname verification failed

2023-03-25 Thread Dominique Dumont
On Wed, 22 Mar 2023 15:22:34 +0100 Lee Garrett  wrote:
> While this setup might work for some people, this has IMHO quite a few hefty 
> drawbacks and requires me to maintain a MTA on my local machine. I could 
> elaborate, but I don't think it's on-topic for this bug report.

Agreed.

> I'm sure that bts supports STARTTLS. I am using bts with my MTA on 587/tcp, 
> which enforces STARTTLS and requires credentials (I just double-checked via 
> swaks). With the old libio-socket-ssl-perl 2.069-1 this works, so it's 
> clearly a 
> regression.

BTS uses SSL when the host URL begins with smpts or ssmtp (see [1]), and 
STARTTLS otherwise.

It may be a regression, but I need more data before reporting this problem 
upstream.

Daniel, could you apply the patch below on bts.pl and try again ? You should 
get more traces when 
bts is trying to connect to your server. 

All the best

[1] 
https://salsa.debian.org/debian/devscripts/-/blob/master/scripts/bts.pl#L2697

diff --git a/scripts/bts.pl b/scripts/bts.pl
index 7449c7ca..f280e9a1 100755
--- a/scripts/bts.pl
+++ b/scripts/bts.pl
@@ -64,6 +64,9 @@ use Encode;
 use URI 1.37;
 use URI::QueryParam;
 
+use IO::Socket::SSL;
+$IO::Socket::SSL::DEBUG=2;
+
 use Scalar::Util qw(looks_like_number);
 use POSIX qw(locale_h strftime);



Bug#1028105:

2023-03-25 Thread jsupertoot
I am also having this problem I just wanted to add that on my machine if I
use:

$ pkg-config --dump-personality
Triplet: default
DefaultSearchPaths: /usr/lib/pkgconfig /usr/share/pkgconfig
SystemIncludePaths: /usr/include
SystemLibraryPaths: /lib /lib/i386-linux-gnu /lib/x86_64-linux-gnu
/lib/x86_64-linux-gnux32 /lib64 /libx32 /usr/lib /usr/lib/i386-linux-gnu
/usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnux32 /usr/lib64
/usr/libx32

As you can see, Triplet is "default" and there are only two dirs in
DefaultSearchPath. There is a file installed on my machine at
/usr/share/pkgconfig/personality.d/x86_64-linux-gnu.personality. The
contents of this file are as follows:

$cat /usr/share/pkgconfig/personality.d/x86_64-linux-gnu.personality

Triplet: x86_64-linux-gnu
DefaultSearchPaths:
/usr/local/lib/x86_64-linux-gnu/pkgconfig:/usr/local/lib/pkgconfig:/usr/local/share/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig
SystemIncludePaths: /usr/include
SystemLibraryPaths:
/lib:/lib/i386-linux-gnu:/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnux32:/lib32:/libx32:/usr/lib:/usr/lib/i386-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnux32:/usr/lib32:/usr/libx32

Note that all the expected information is present. So it seems I have the
correct file on my machine but pkg-config isn't "seeing" it for some
reason.

Pkg-config is version 1.8.1-1 and my architecture is amd64.



Bug#1033479: minissdpd: Service fails to start on boot with "Error parsing address/mask..."

2023-03-25 Thread Facundo Gaich
Package: minissdpd
Version: 1.6.0-1
Severity: important

Dear Maintainer,

The minissdpd service fails on boot with the following:

minissdpd[834]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[834]: Error parsing address/mask (or interface name) 
: br-REDACTED
minissdpd-systemd-wrapper[834]: can't parse "br-REDACTED" as a valid interface 
name
minissdpd[834]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd[834]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
minissdpd-systemd-wrapper[834]: Error parsing address/mask (or interface name) 
: docker0
minissdpd-systemd-wrapper[834]: can't parse "docker0" as a valid interface name
minissdpd-systemd-wrapper[834]: Error parsing address/mask (or interface name) 
: enp2s0
minissdpd-systemd-wrapper[834]: can't parse "enp2s0" as a valid interface name
minissdpd[834]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[834]: Error parsing address/mask (or interface name) 
: vethREDACTED
minissdpd-systemd-wrapper[834]: can't parse "vethREDACTED" as a valid interface 
name
minissdpd[834]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[834]: Error parsing address/mask (or interface name) 
: vethREDACTED
minissdpd-systemd-wrapper[834]: can't parse "vethREDACTED" as a valid interface 
name
minissdpd-systemd-wrapper[834]: Usage: /usr/sbin/minissdpd [-d] [-6] [-s 
socket] [-p pidfile] [-t TTL] [-f device] -i  [-i ] ...
minissdpd-systemd-wrapper[834]:is an interface name such as eth0.
minissdpd-systemd-wrapper[834]:   By default, socket will be open as 
/var/run/minissdpd.sock
minissdpd-systemd-wrapper[834]:   and pid written to file /var/run/minissdpd.pid
systemd[1]: minissdpd.service: Control process exited, code=exited, 
status=1/FAILURE
systemd[1]: minissdpd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start minissdpd.service - keep memory of all UPnP devices 
that announced themselves.

If I try to start it manually after boot it succeeds:

systemd[1]: Starting minissdpd.service - keep memory of all UPnP devices that 
announced themselves...
minissdpd[3276]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[3276]: Error parsing address/mask (or interface name) 
: br-REDACTED
minissdpd-systemd-wrapper[3276]: can't parse "br-REDACTED" as a valid interface 
name
minissdpd[3276]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[3276]: Error parsing address/mask (or interface name) 
: vethREDACTED
minissdpd-systemd-wrapper[3276]: can't parse "vethREDACTED" as a valid 
interface name
minissdpd[3276]: ioctl(s, SIOCGIFFLAGS, ...): No such device
minissdpd-systemd-wrapper[3276]: Error parsing address/mask (or interface name) 
: vethREDACTED
minissdpd-systemd-wrapper[3276]: can't parse "vethREDACTED" as a valid 
interface name
systemd[1]: Started minissdpd.service - keep memory of all UPnP devices that 
announced themselves.

Note that it now worked for the docker0 and enp2s0 infterfaces, so
apparently the error on boot is because it can't find a single correct 
interface. The
bridge and veth interfaces are not configured anymore in my system, not
sure how they were added to /etc/default/minissdpd

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages minissdpd depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  init-system-helpers1.65.2
ii  libc6  2.36-8
ii  libnfnetlink0  1.0.2-2
ii  lsb-base   11.6
ii  sysvinit-utils [lsb-base]  3.06-2

minissdpd recommends no packages.

minissdpd suggests no packages.

-- Configuration Files:
/etc/default/minissdpd changed [not included]

-- debconf information excluded



Bug#1033478: release-notes: about #922981 at section 5.2 in the bookworm release-notes

2023-03-25 Thread Patrice Duroux
Package: release-notes
Severity: wishlist

Dear Maintainer,

I think that this issue have been closed by ca-certificates-java/20220719
migrated to testing in 2022-07-25 and testing has now 20230103.

Regards,
Patrice



debian-bugs-dist@lists.debian.org

2023-03-25 Thread наб
On Sat, Mar 25, 2023 at 05:54:23PM +0100, наб wrote:
> -- >8 --
> /srv# echo /srv/f > f
> /srv# mkdir -m 1777 1777
> /srv# ln -s /srv/f 1777/
> /srv# chown _apt 1777/
> 
> /srv$ cat 1777/f
> cat: 1777/f: Permission denied
> /srv$ cat f
> /srv/f
> -- >8 --
Forgot to mention: in this case, the symlink /is/ openable,
but only by the owner (_apt) and root.


signature.asc
Description: PGP signature


debian-bugs-dist@lists.debian.org

2023-03-25 Thread наб
Source: linux
Version: 6.1.20-1
Severity: normal

Dear Maintainer,

Here's a session that demonstrates the issue:
-- >8 --
/srv# echo /srv/f > f
/srv# mkdir -m 1777 1777
/srv# ln -s /srv/f 1777/
/srv# chown _apt 1777/

/srv$ cat 1777/f
cat: 1777/f: Permission denied
/srv$ cat f
/srv/f
-- >8 --

Or, in short:
-- >8 --
$ find /srv/ -exec ls -ld {} +
drwxr-xr-x 3 root root 4096 Mar 25 17:34 /srv/
drwxrwxrwt 2 _apt root 4096 Mar 25 17:34 /srv/1777
lrwxrwxrwx 1 root root6 Mar 25 17:34 /srv/1777/f -> /srv/f
-rw-r--r-- 1 root root7 Mar 25 17:34 /srv/f
-- >8 --

If you don't chown (leave it owned 0:0), the cat succeeds.
If you make it 1755 instead of 1777, the cat succeeds as well!

This is obviously insane, but I'm assuming no-one noticed
because no-one uses sticky directories not owned 0:0.

If you additionally mkdir 1777/dir and make an identical symlink there,
the cat also succeeds.

Naturally, it should succeed in every scenario.

Best,
наб

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: amd64, i386

Kernel: Linux 6.1.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature


Bug#1033476: unblock: lios/2.7.2-4

2023-03-25 Thread Samuel Thibault
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: l...@packages.debian.org
Control: affects -1 + src:lios

Hello,

I have uploaded a fixed version of lios (thanks Gunnar Hjalmarsson!)

[ Reason ]
lios cannot start when gtk4 is installed, because lios is compatible
with gtk3 only, but was not specifying it to gi.

[ Impact ]
So a user would have to choose between installing applications depending
on gtk4 and installing lios.

[ Tests ]
It was tested manually and confirmed by the submitter.

[ Risks ]
The code is very trivial

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock lios/2.7.2-4
diff -Nru lios-2.7.2/debian/changelog lios-2.7.2/debian/changelog
--- lios-2.7.2/debian/changelog 2022-10-23 12:24:21.0 +0200
+++ lios-2.7.2/debian/changelog 2023-03-13 20:00:26.0 +0100
@@ -1,3 +1,17 @@
+lios (2.7.2-4) unstable; urgency=medium
+
+  * Upload fix to unstable, thanks Gunnar!
+
+ -- Samuel Thibault   Mon, 13 Mar 2023 20:00:26 +0100
+
+lios (2.7.2-3.1) experimental; urgency=medium
+
+  * Non-maintainer upload
+  * Use exact versions when importing Gtk and friends
+- Cherry picked upstream commit (closes: #1032895)
+
+ -- Gunnar Hjalmarsson   Mon, 13 Mar 2023 18:03:42 +0100
+
 lios (2.7.2-3) unstable; urgency=medium
 
   [ Samuel Thibault ]
diff -Nru lios-2.7.2/debian/patches/series lios-2.7.2/debian/patches/series
--- lios-2.7.2/debian/patches/series2020-02-09 00:13:30.0 +0100
+++ lios-2.7.2/debian/patches/series2023-03-13 19:57:48.0 +0100
@@ -1,2 +1,3 @@
 tesseract_langpath
 typo
+Use-exact-versions-when-importing-Gtk-and-friends.patch
diff -Nru 
lios-2.7.2/debian/patches/Use-exact-versions-when-importing-Gtk-and-friends.patch
 
lios-2.7.2/debian/patches/Use-exact-versions-when-importing-Gtk-and-friends.patch
--- 
lios-2.7.2/debian/patches/Use-exact-versions-when-importing-Gtk-and-friends.patch
   1970-01-01 01:00:00.0 +0100
+++ 
lios-2.7.2/debian/patches/Use-exact-versions-when-importing-Gtk-and-friends.patch
   2023-03-13 19:57:48.0 +0100
@@ -0,0 +1,274 @@
+From: Mikhail Rudenko 
+Date: Mon, 21 Jun 2021 21:29:30 +0300
+Subject: Use exact versions when importing Gtk and friends
+
+This is necessary in environments where Gtk-3 and Gtk-4 are both
+installed. Otherwise, multiple `AttributeError`s arise, e.g.
+
+```
+Traceback (most recent call last):
+  File "/usr/bin/lios", line 19, in 
+from lios.main import *
+  File "/usr/lib/python3.9/site-packages/lios/main.py", line 27, in 
+from lios import scanner, editor, imageview, cam, ocr, preferences, speech
+  File "/usr/lib/python3.9/site-packages/lios/editor.py", line 20, in 
+from lios.ui.gtk import text_view, tree_view, widget, dialog, 
file_chooser, containers, window
+  File "/usr/lib/python3.9/site-packages/lios/ui/gtk/widget.py", line 166, in 

+class Separator(Gtk.HSeparator):
+  File "/usr/lib/python3.9/site-packages/gi/overrides/__init__.py", line 32, 
in __getattr__
+return getattr(self._introspection_module, name)
+  File "/usr/lib/python3.9/site-packages/gi/module.py", line 123, in 
__getattr__
+raise AttributeError("%r object has no attribute %r" % (
+AttributeError: 'gi.repository.Gtk' object has no attribute 'HSeparator'
+```
+
+Origin: https://github.com/zendalona/lios/commit/73fc343c
+Bug-Debian: https://bugs.debian.org/1032895
+---
+ lios/cam.py | 5 +
+ lios/ui/gtk/about.py| 3 +++
+ lios/ui/gtk/containers.py   | 5 -
+ lios/ui/gtk/dialog.py   | 3 +++
+ lios/ui/gtk/drawing_area.py | 7 +--
+ lios/ui/gtk/file_chooser.py | 3 +++
+ lios/ui/gtk/icon_view.py| 4 
+ lios/ui/gtk/loop.py | 9 ++---
+ lios/ui/gtk/menu.py | 5 -
+ lios/ui/gtk/print_dialog.py | 3 +++
+ lios/ui/gtk/terminal.py | 3 +++
+ lios/ui/gtk/text_view.py| 3 +++
+ lios/ui/gtk/tree_view.py| 4 
+ lios/ui/gtk/widget.py   | 3 +++
+ lios/ui/gtk/window.py   | 4 
+ 15 files changed, 57 insertions(+), 7 deletions(-)
+
+diff --git a/lios/cam.py b/lios/cam.py
+index db0a06f..23087ad 100644
+--- a/lios/cam.py
 b/lios/cam.py
+@@ -16,6 +16,11 @@
+ #You should have received a copy of the GNU General Public License
+ #along with this program.  If not, see .
+ ###
++
++import gi
++gi.require_version("Gtk", "3.0")
++gi.require_version('GstVideo', '1.0')
++
+ from gi.repository import GdkX11, GstVideo
+ from gi.repository import Gtk
+ from gi.repository import Gst
+diff --git a/lios/ui/gtk/about.py b/lios/ui/gtk/about.py
+index b98196c..cfd8e1e 100644
+--- a/lios/ui/gtk/about.py
 b/lios/ui/gtk/about.py
+@@ -18,6 +18,9 @@
+ #along with this program.  If not, see .
+ 

Bug#1033475: tomcat9: CVE-2023-28708

2023-03-25 Thread Salvatore Bonaccorso
Source: tomcat9
Version: 9.0.70-1
Severity: important
Tags: security upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: found -1 9.0.43-2~deb11u4
Control: found -1 9.0.43-2

Hi,

The following vulnerability was published for tomcat9.

CVE-2023-28708[0]:
| When using the RemoteIpFilter with requests received from a reverse
| proxy via HTTP that include the X-Forwarded-Proto header set to https,
| session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,
| 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not
| include the secure attribute. This could result in the user agent
| transmitting the session cookie over an insecure channel.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28708
https://www.cve.org/CVERecord?id=CVE-2023-28708
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
[2] https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Bug#1033474: json-smart: CVE-2023-1370

2023-03-25 Thread Salvatore Bonaccorso
Source: json-smart
Version: 2.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for json-smart.

CVE-2023-1370[0]:
| [Json-smart](https://netplex.github.io/json-smart/) is a performance
| focused, JSON processor lib. When reaching a ‘[‘
| or ‘{‘ character in the JSON input, the code
| parses an array or an object respectively. It was discovered that the
| code does not have any limit to the nesting of such arrays or objects.
| Since the parsing of nested arrays and objects is done recursively,
| nesting too many of them can cause a stack exhaustion (stack overflow)
| and crash the software.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1370
https://www.cve.org/CVERecord?id=CVE-2023-1370
[1] 
https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a
[2] 
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

Regards,
Salvatore



Bug#1033473: unblock: espeakup/1:0.90-13

2023-03-25 Thread Samuel Thibault
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: espea...@packages.debian.org
Control: affects -1 + src:espeakup

Hello,

I have uploaded version 1:0.90-13 of the espeakup package in unstable.

[ Reason ]
It introduces some more debugging logs in the debian installer, in case
several audio cards are detected, to make sure how the kernel calls
them, to make discussion about installation reports easier.

[ Impact ]
Without the change it will be less clear which cards the user has.
(it is quite common for blind users to have several sound cards)

[ Tests ]
It was tested manually.

[ Risks ]
The code is very trivial.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Thanks!

unblock espeakup/1:0.90-13
diff -Nru espeakup-0.90/debian/changelog espeakup-0.90/debian/changelog
--- espeakup-0.90/debian/changelog  2022-11-29 01:13:54.0 +0100
+++ espeakup-0.90/debian/changelog  2023-03-08 00:09:40.0 +0100
@@ -1,3 +1,9 @@
+espeakup (1:0.90-13) unstable; urgency=medium
+
+  * espeakup-udeb.start: Log the number and ids of detected audio cards.
+
+ -- Samuel Thibault   Wed, 08 Mar 2023 00:09:40 +0100
+
 espeakup (1:0.90-12) unstable; urgency=medium
 
   * espeakup-udeb.restart: Avoid warning about missing mbrola voice in 
installer.
diff -Nru espeakup-0.90/debian/espeakup-udeb.start 
espeakup-0.90/debian/espeakup-udeb.start
--- espeakup-0.90/debian/espeakup-udeb.start2022-11-29 01:07:45.0 
+0100
+++ espeakup-0.90/debian/espeakup-udeb.start2023-03-08 00:06:48.0 
+0100
@@ -44,6 +44,8 @@
N=$(echo $IDS | wc -w)
 
echo "Found $N audio card(s)."
+   echo "Found $N audio card(s):" >> /var/log/espeakup.log
+   echo "$IDS" >> /var/log/espeakup.log
 
case $N in
1)


Bug#1033439: pre-unblock: monitoring-plugins/2.3.3-5

2023-03-25 Thread Jan Wagner

Hi Sebastian,

Am 25.03.23 um 10:31 schrieb Sebastian Ramacher:

What's the rationale to include these patches? Do they fix bugs reported
in the BTS or upstream?


upstream

With kind regards, Jan



Bug#1033398: linux-image-amd64: reproducible kernel freeze on 5.19+

2023-03-25 Thread Diederik de Haas
Control: found -1 5.19~rc4-1~exp1
Control: forwarded -1 
https://lore.kernel.org/bpf/20230118051443.78988-1-alexei.starovoi...@gmail.com/

On Saturday, 25 March 2023 16:00:47 CET Florian Lehner wrote:
> > Via https://snapshot.debian.org/binary/linux-image-amd64/ you can easily
> > test various kernel versions. Could you try whether 5.19~rc4-1~exp1
> > indeed produces the problem?
> 
> Yes - I can reproduce the total system freeze with 5.19~rc4-1~exp1

Thanks. Then the most likely case was that it was introduced in
the 5.19 merge window and thus also present in 5.19-rc1, but there isn't a 
prebuild kernel to verify.

> > > Since the running program is rather complex, it is not easily possible
> > > to carve out a small reproducer. We can provide gdb backtraces from
> > > freezes inside qemu.
> > 
> > Someone else would have to chime in for the backtraces; that's beyond my
> > skill set.
> 
> I just learned about
> https://lore.kernel.org/bpf/20230118051443.78988-1-alexei.starovoitov@gmail.
> com/. With the provided patch applied I no longer mange to freeze the
> system.

I see you already responded to that thread, excellent :-)
Hopefully they'll read this whole bug report, but mentioning that your actual
problem was NOT triggered till 5.18, but did trigger from 5.19-rc4 and later,
could be useful. I may not fully understand what upstream talked about, but I
only saw a reference to a 6.0.0 kernel.

Thanks for testing and reporting back :-)

signature.asc
Description: This is a digitally signed message part.


Bug#1033472: adolc: ADOL-C configure step does not enable ColPack

2023-03-25 Thread Eric Brown
Source: adolc
Version: 2.7.2-6
Severity: normal

Dear Maintainer,

A non-Debian package (PSOPT) calls ADOL-C in a way that requires ColPack to be 
enabled.

When I inspected the Debian source:

`apt source adolc'

and configure'd, I saw that ColPack did not say "Yes" at configure time, as it 
does
when I configure in a tarball distro of ADOL-C.

Possible Fix:  add --with-colpack=/usr to debian/rules

Regrettably I am not a Debin package expert to give a better statement of 
problem/fix. 
I would be happy to answer more questions if someone wishes more information.

Best regards,
Eric 

PS This used to work in older Debian's (and downstream such as Ubuntu) so it 
may be recent intro.
Now I am on bookworm


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



Bug#1033471: maximize* commands don't work for Emacs

2023-03-25 Thread David Hedlund

Package: devilspie2
Version: 0.42

###
Affected devilspie2 commands

The command that I'm describing in the sections below is maximize(). However, 
I've also failed with these maximize* commands for Emacs:
- maximize_horizontally()
- maximize_vertically()

#
Background

"To avoid the slightly distracting visual effect of Emacs starting with its default 
frame size and then growing to fullscreen, you can add..." - Emacs FAQ

I added this to .emacs:
```
;; Cirumvent the visual distracting effect caused by: `(add-to-list 
'default-frame-alist '(fullscreen . maximized))` that is added later
(setq frame-resize-pixelwise t)
(set-frame-position (selected-frame) 0 0)
(set-frame-size (selected-frame) (display-pixel-width) (display-pixel-height) t)
;; (display-pixel-width) and (display-pixel-height) above will detect the 
correct resolution, they can be replaced with their values or half their values 
if you want to experiment with them.


;; Maximize the frame
(add-to-list 'default-frame-alist '(fullscreen . maximized))
```

However, the hack did not remove the/visually distracting effect/, so I decided 
to give devilspie2 a shot instead:

#
devilspie2 setup

Add this to ~/.config/devilspie2/test.lua:
```
debug_print("Window Name: " .. get_window_name())
debug_print("Application name: " .. get_application_name())
debug_print("WM_CLASS: " .. get_class_instance_name())
debug_print("Window Class: " .. get_window_class())

if (get_class_instance_name() == "mate-terminal") then maximize(); end -- works
if (get_class_instance_name() == "emacs") then
  maximize(); -- does not work
  set_window_workspace(2); -- works!
end
```

Then run: `devilspie2 --debug &`

Open mate-terminal, it will give you this output in the terminal:
```
Window Name: Terminal
Application name: Terminal
WM_CLASS: mate-terminal
Window Class: Mate-terminal
```

Open Emacs, it will give you this output in the terminal:
```
Window Name: emacs@username-System-Product-Name
Application name: emacs
WM_CLASS: emacs
Window Class: Emacs
```

devilspie2 moved the Emacs window to the second workspace in the DE, and it 
maximized the mate-terminal.
However, it did not maximize Emacs (without error reports). With a more 
profound evaluation, it actually
maximized the Emacs window 2 out of 100 times when I opened multiple devilspie2 
sessions (I could not reproduce this by re-opening Emacs 100 times in a single 
session):
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times. <-- Maximized the first time I 
opened it (5 devilspie2 sessions open)
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times. <-- Maximized the first time I 
opened it (6 devilspie2 sessions open)
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.
- Ctrl+C, open another session:
- devilspie2 --debug &
- open emacs. close emacs. Repeat 10 times.



Bug#1033470: unblock: libopenmpt/0.6.9-1

2023-03-25 Thread Sebastian Ramacher
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libopen...@packages.debian.org, sramac...@debian.org
Control: affects -1 + src:libopenmpt

Please unblock package libopenmpt.

[ Reason ]
libopenmpt 0.6.7 is a bugfix release only that fixes issues with
parsing/rending (potentially untrusted) media files:

[**Bug**] An exception could be thrown during rendering when trying to
access the release node of an empty envelope.

(from upstream's changelog)

It also contains some targetted bug fixes, but no new features.

[ Impact ]
Users may observe crashes when opening and playing certain media files.

[ Tests ]
The package has autopkgtests that succeed.

[ Risks ]
The package is a key-package because of ffmpeg.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock libopenmpt/0.6.9-1


Cheers
-- 
Sebastian Ramacher
diff -Nru libopenmpt-0.6.8/common/versionNumber.h 
libopenmpt-0.6.9/common/versionNumber.h
--- libopenmpt-0.6.8/common/versionNumber.h 2023-01-29 12:59:32.0 
+0100
+++ libopenmpt-0.6.9/common/versionNumber.h 2023-03-05 13:24:48.0 
+0100
@@ -17,7 +17,7 @@
 // Version definitions. The only thing that needs to be changed when changing 
version number.
 #define VER_MAJORMAJOR  1
 #define VER_MAJOR  30
-#define VER_MINOR  10
+#define VER_MINOR  11
 #define VER_MINORMINOR 00
 
 OPENMPT_NAMESPACE_END
diff -Nru libopenmpt-0.6.8/configure libopenmpt-0.6.9/configure
--- libopenmpt-0.6.8/configure  2023-01-29 13:25:43.0 +0100
+++ libopenmpt-0.6.9/configure  2023-03-05 13:49:28.0 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libopenmpt 0.6.8+release.autotools.
+# Generated by GNU Autoconf 2.69 for libopenmpt 0.6.9+release.autotools.
 #
 # Report bugs to .
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='libopenmpt'
 PACKAGE_TARNAME='libopenmpt'
-PACKAGE_VERSION='0.6.8+release.autotools'
-PACKAGE_STRING='libopenmpt 0.6.8+release.autotools'
+PACKAGE_VERSION='0.6.9+release.autotools'
+PACKAGE_STRING='libopenmpt 0.6.9+release.autotools'
 PACKAGE_BUGREPORT='https://bugs.openmpt.org/'
 PACKAGE_URL='https://lib.openmpt.org/'
 
@@ -1475,7 +1475,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libopenmpt 0.6.8+release.autotools to adapt to many 
kinds of systems.
+\`configure' configures libopenmpt 0.6.9+release.autotools to adapt to many 
kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1546,7 +1546,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of libopenmpt 
0.6.8+release.autotools:";;
+ short | recursive ) echo "Configuration of libopenmpt 
0.6.9+release.autotools:";;
esac
   cat <<\_ACEOF
 
@@ -1732,7 +1732,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libopenmpt configure 0.6.8+release.autotools
+libopenmpt configure 0.6.9+release.autotools
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -,7 +,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libopenmpt $as_me 0.6.8+release.autotools, which was
+It was created by libopenmpt $as_me 0.6.9+release.autotools, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3086,7 +3086,7 @@
 
 # Define the identity of the package.
  PACKAGE='libopenmpt'
- VERSION='0.6.8+release.autotools'
+ VERSION='0.6.9+release.autotools'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17253,13 +17253,13 @@
 
 
 
-$as_echo "#define MPT_SVNURL 
\"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.6.8\""; >>confdefs.h
+$as_echo "#define MPT_SVNURL 
\"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.6.9\""; >>confdefs.h
 
 
-$as_echo "#define MPT_SVNVERSION \"18680\"" >>confdefs.h
+$as_echo "#define MPT_SVNVERSION \"18817\"" >>confdefs.h
 
 
-$as_echo "#define MPT_SVNDATE \"2023-01-29T12:13:49.877060Z\"" >>confdefs.h
+$as_echo "#define MPT_SVNDATE \"2023-03-05T12:41:15.297347Z\"" >>confdefs.h
 
 
 $as_echo "#define MPT_PACKAGE true" >>confdefs.h
@@ -22545,7 +22545,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libopenmpt $as_me 0.6.8+release.autotools, which was
+This file was extended by libopenmpt $as_me 0.6.9+release.autotools, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -22603,7 +22603,7 @@
 cat >>$CO

Bug#1033463: linux-image-6.1.0-6-amd64: fails to mount/recognize NTFS partitions

2023-03-25 Thread Diederik de Haas
Control: tag -1 moreinfo

On Saturday, 25 March 2023 15:27:52 CET Vivek K J wrote:
> I've been using a automount script (in /etc/fstab) to mount my
> windows NTFS partition in Debian Testing. But after updating to
> 6.1.0-6-amd64 the kernel doesn't boot and stucks at recovery mode. On
> commenting the line which I used to automount that drive, I was able to
> boot into OS, but it fails to recognize my NTFS partitions.
> 
> PS: it's working without any problems in 6.1.0-5-amd64.

Unstable has version 6.1.20-1 aka 6.1.0-7-amd64, can you try whether the 
problem is still present in that version?

If it does, then sharing the output when you *manually* mount the drive 
successfully on 6.1.0-5-amd64 and when you do the exact same thing on 6.1.0-6-
amd64 with the failure, so it shows some error message(s).

signature.asc
Description: This is a digitally signed message part.


Bug#973883: comment

2023-03-25 Thread Dominik Stadler
I see the same issue about invalid permissions of /var/log/apt-cacher-ng
when installing the latest package on bookworm.

I installed it multiple times on this VM before without this issue, not
sure why it started to fail in this way now.

Somehow the /var/log/apt-cacher-ng directory has owner = "root", no manual
intervention was done as far as I am aware.

When apt-cacher-ng package is installed it fails with the error about
permission on /var/log/apt-cacher-ng folder.

Could it be some sort of regression via some other package which adjusts
permission of files in /var/log?

apt-cacher-ng does not seem to have had any release lately so no regression
there.

Could either the installation of the package perform a check and fix or the
systemd service could adjust access rights during startup to make
apt-cacher-ng more robust against such invalid permissions?


Bug#1033469: unblock: curl/7.88.1-7

2023-03-25 Thread Samuel Henrique
Package: release.debian.org
Control: affects -1 + src:curl
X-Debbugs-Cc: c...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sergi...@debian.org, samuel...@debian.org
Severity: normal

Please unblock package curl

I would like to push the fix for the recent 6 CVEs disclosed:
- CVE-2023-27533: TELNET option IAC injection
- CVE-2023-27534: SFTP path ~ resolving discrepancy
- CVE-2023-27535: FTP too eager connection reuse
- CVE-2023-27536: GSS delegation too eager connection re-use
- CVE-2023-27537: HSTS double-free
- CVE-2023-27538: SSH connection too eager reuse still

I have also prepared the fixes for stable and oldstable and will be
requesting a p-u upload for them shortly (already pushed the commits
to the repo).

I would also appreciate it if the wait time for the migration could be
cut short due to the nature of the changes (low risk and the sooner
they get to testing the better).

[ Reason ]
CVE fixes, the security team said no DSAs will be assigned to them.

[ Impact ]
The highest severity of the CVEs is moderate as per upstream, the
security team considered all of them low (thus no DSA).

[ Tests ]
Curl's test suite passed (the build succeeded on all archs).

[ Risks ]
Only minimal changes were required in order to backport CVE-2023-27533.
There has been no bugfixes related to these CVE fixes in 8.0.1.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

Other small changes in the debdiff are:
Bump Standards-Version to 4.6.2
d/p/06_always-disable-valgrind.patch: Remove unused patch
d/patches: Refresh all patches

None of these three changes modifies the resulting binaries.

I am planning to push 7.88.1-8 after 7.88.1-7 migrates and I will be
requesting an unblock for that revision as well, I figured it's better
to not bundle the changes together to make the review easier and to
let the CVE fixes get to testing sooner.

The changes for -8 will be:
1) Inclusion of autopkgtests.
2) Inclusion of new build profiles to limit the builds to certain TLS
backends (to be used by manual tests or autopkgtests only).
3) And possibly a fix for the multi-arch issue #913995 (the lintian
error that the package has).

I would also like to ask the release team to consider unblocking curl'
s latest release 8.0.1 due to the delta consisting of mostly bugfixes
(biggest change is removal of support for systems that don't have 64
bit data types).
Being able to ship 8.0.1 will make maintenance easier on the long term
(stable, oldstable...). But I want to first get these CVE fixes and
the autopkgtests (coming in rev 8) in testing before asking for
8.0.1's unblock.

PS.: I've made a typo in the changelog entry where I mention "5 CVEs"
rather than 6, but it's fine since all of the 6 CVEs are listed
anyway.

unblock curl/7.88.1-7

-- 
Samuel Henrique 


curl_7.88.1-7.debdiff
Description: Binary data


Bug#1033468: [INTL:ro] Romanian debconf templates translation of roundcube

2023-03-25 Thread Remus-Gabriel Chelu
Package: roundcube
Version: N/A
Severity: wishlist
Tags: l10n, patch

Dear Maintainer,

Please find attached the Romanian translation of the «roundcube» file.

Thanks,
Remus-Gabriel

roundcube_debconf_ro.po
Description: Binary data


Bug#1033398: linux-image-amd64: reproducible kernel freeze on 5.19+

2023-03-25 Thread Florian Lehner



On Fri, 24 Mar 2023 13:50:15 +0100 Diederik de Haas 
 wrote:

On Friday, 24 March 2023 12:44:33 CET Tim Rühsen wrote:
> Package: linux-image-amd64
> Version: 6.1.20-1
> 
> We run a priviledged eBPF based tool with a communication between kernel and

> user space. It runs without issues on kernels 4.15 to 5.18.
> On kernels 5.19+, the whole system freezes after a few minutes.

Via https://snapshot.debian.org/binary/linux-image-amd64/ you can easily test 
various kernel versions. Could you try whether 5.19~rc4-1~exp1 indeed produces 
the problem?


Yes - I can reproduce the total system freeze with 5.19~rc4-1~exp1 
(2022-07-01) from 
https://snapshot.debian.org/package/linux-signed-amd64/5.19~rc4%2B1~exp1/.




> Since the running program is rather complex, it is not easily possible to
> carve out a small reproducer. We can provide gdb backtraces from freezes
> inside qemu.

Someone else would have to chime in for the backtraces; that's beyond my skill 
set.


I just learned about 
https://lore.kernel.org/bpf/20230118051443.78988-1-alexei.starovoi...@gmail.com/. 
With the provided patch applied I no longer mange to freeze the system.


- florian



Bug#1033467: unblock: golang-github-yuin-goldmark/1.5.4-1

2023-03-25 Thread Anthony Fok
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: golang-github-yuin-goldm...@packages.debian.org, 
debian...@lists.debian.org, f...@debian.org
Control: affects -1 + src:golang-github-yuin-goldmark

Please unblock package golang-github-yuin-goldmark

[ Reason ]
golang-github-yuin-goldmark/1.5.4-1 contains two bug fixes:

 * ARIA role attribute in Markdown content is not rendered
   https://github.com/gohugoio/hugo/issues/10661
   https://github.com/yuin/goldmark/issues/357
 * Blockquote tag appears after HTML not ending with newline
   https://github.com/yuin/goldmark/issues/361

and this version is specified in hugo/0.111.3-1 go.mod as its dependency.

[ Impact ]
If the unblock isn't granted, hugo/0.111.3-1 and other bug-fix uploads for
other packages would not be able to migrate Debian 12 bookworm.

[ Tests ]
I used ratt to test rebuild of all 193 packages that directly
or indirectly depend on golang-github-yuin-goldmark.
All 193 packages passed except for the following 5:

  FAILED: dnscrypt-proxy (see buildlogs/dnscrypt-proxy_2.0.45+ds1-1)
  FAILED: gitaly (see buildlogs/gitaly_13.4.6+dfsg1-2)
  FAILED: nomad (see buildlogs/nomad_0.12.10+dfsg1-3)
  FAILED: nomad-driver-podman (see buildlogs/nomad-driver-podman_0.1.0-2)
  FAILED: golang-github-prometheus-common (see 
buildlogs/golang-github-prometheus-common_0.15.0-2)

The first 4 (dnscrypt-proxy, gitaly, nomad, nomad-driver-podman)
currently FTBFS and were removed from testing/bookworm some time ago.
(I've just uploaded an NMU for dnscrypt-proxy as its FTBFS is trivial to
fix.)

The last one "golang-github-prometheus-common" failed because dose-ceve
(which ratt uses) incorrectly returned the version in stable/bullseye.
Rebuilding for golang-github-prometheus-common_0.39.0-2 manually with
the following command completes successfully:

sbuild --arch-all --dist=unstable --nolog \
golang-github-prometheus-common_0.39.0-2 \
--extra-package=../golang-github-yuin-goldmark-dev_1.5.4-1_all.deb

[ Risks ]
I must admit I did not know that golang-github-yuin-goldmark is marked
as a key package, but with the successful "ratt" rebuild of all affected
packages, as well as the minimal bug fixes that simply corrects its HTML
output, there is no risk in upgrading golang-github-yuin-goldmark from
1.5.3-1 to 1.5.4-1.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock golang-github-yuin-goldmark/1.5.4-1

Many thanks!

Anthony Fok
diff -Nru golang-github-yuin-goldmark-1.5.3/debian/changelog 
golang-github-yuin-goldmark-1.5.4/debian/changelog
--- golang-github-yuin-goldmark-1.5.3/debian/changelog  2023-01-23 
07:12:53.0 -0700
+++ golang-github-yuin-goldmark-1.5.4/debian/changelog  2023-03-08 
19:19:12.0 -0700
@@ -1,3 +1,9 @@
+golang-github-yuin-goldmark (1.5.4-1) unstable; urgency=medium
+
+  * New upstream version 1.5.4
+
+ -- Anthony Fok   Wed, 08 Mar 2023 19:19:12 -0700
+
 golang-github-yuin-goldmark (1.5.3-1) unstable; urgency=medium
 
   * New upstream version 1.5.3
diff -Nru golang-github-yuin-goldmark-1.5.3/parser/html_block.go 
golang-github-yuin-goldmark-1.5.4/parser/html_block.go
--- golang-github-yuin-goldmark-1.5.3/parser/html_block.go  2022-11-12 
04:13:03.0 -0700
+++ golang-github-yuin-goldmark-1.5.4/parser/html_block.go  2023-02-02 
05:02:21.0 -0700
@@ -149,7 +149,7 @@
}
}
if node != nil {
-   reader.Advance(segment.Len() - 1)
+   reader.Advance(segment.Len() - util.TrimRightSpaceLength(line))
node.Lines().Append(segment)
return node, NoChildren
}
@@ -172,7 +172,7 @@
}
if htmlBlockType1CloseRegexp.Match(line) {
htmlBlock.ClosureLine = segment
-   reader.Advance(segment.Len() - 1)
+   reader.Advance(segment.Len() - 
util.TrimRightSpaceLength(line))
return Close
}
case ast.HTMLBlockType2:
@@ -211,7 +211,7 @@
}
}
node.Lines().Append(segment)
-   reader.Advance(segment.Len() - 1)
+   reader.Advance(segment.Len() - util.TrimRightSpaceLength(line))
return Continue | NoChildren
 }
 
diff -Nru golang-github-yuin-goldmark-1.5.3/README.md 
golang-github-yuin-goldmark-1.5.4/README.md
--- golang-github-yuin-goldmark-1.5.3/README.md 2022-11-12 04:13:03.0 
-0700
+++ golang-github-yuin-goldmark-1.5.4/README.md 2023-02-02 05:02:21.0 
-0700
@@ -446,6 +446,8 @@
 - [goldmark-embed](https://github.com/13rac1/goldmark-embed): Adds support for 
rendering embeds from YouTube links.
 - [goldmark-latex](https://github.com/soypat/goldmark-latex): A $\LaTeX$ 
renderer that can be passed to `goldmark.WithRenderer()`.
 - [goldmark-fences]

Bug#1033421: newt: nopython not full respected

2023-03-25 Thread henrynmail-deb...@yahoo.com
> >snack.c:2:10: fatal error: Python.h: No such file or directory
> >    2 | #include "Python.h"
> >  |  ^~
> >compilation terminated.
> 
> This is actually interesting as the build continues despite the error 
> (which maybe RC itself). An easy way to reproduce is:
> 
> sbuild --no-arch-all --profiles=nocheck,noinsttest,noudeb,nopython -d 
> unstable newt --host=arm64 --build amd64

Opened as new bug #1033465 with patch included.



Bug#1033436: retitle

2023-03-25 Thread Dominik Stadler
retitle 1033436 Failed to execute goal
org.apache.maven.plugins:maven-surefire-plugin:2.22.3:test


Bug#1032466: Performance problems with nvidia-driver version 525.89.02-1

2023-03-25 Thread Jannick Loch

On Tue, 21 Mar 2023 14:23:04 +0100 Andreas Beckmann  wrote:
> Control: tag -1 moreinfo
>
> On 07/03/2023 15.49, Jannick Loch wrote:
> > Package: nvidia-driver
> > Version: 525.89.02-1
> >
> > The first Problem is, when i enable Vsync at any game, the framerate
> > wont sync to my monitor refreshrate, it stuck at 60hz.
> > And the other Problem is, when i install the Extension Dash to 
Dock, all

> > games say that they has more than 60hz, but i can see with my eyes and
> > with a tool, that my monitor shows only 60 hz.
>
> Please try the 530 driver from experimental.
>
>
> Andreas
>

>


With the 530 Driver, i can say that the bug with dash to dock has solved 
for me, but i still experience the vsync bug that all games run with 
60hz only instead of 165hz from my monitor. I have an RTX3060ti.




Bug#1029342: jexec: can't locate java: No such file or directory

2023-03-25 Thread Patrice Duroux


They are also other d/patches that was removed in the move from openjdk-16 to
openjdk-17 and they are back from openjdk-17 to openjdk-18 (and greater).

$ ( (git -C openjdk diff origin/openjdk-16 origin/openjdk-17 debian/patches | 
grep -B 1 'deleted file' | grep diff ) ; ( git -C openjdk diff 
origin/openjdk-17 origin/openjdk-18 debian/patches | grep -B 1 'new file' | 
grep diff ) ) | sort
diff --git a/debian/patches/8272472.diff b/debian/patches/8272472.diff
diff --git a/debian/patches/accessible-toolkit.diff 
b/debian/patches/accessible-toolkit.diff
diff --git a/debian/patches/accessible-toolkit.diff 
b/debian/patches/accessible-toolkit.diff
diff --git a/debian/patches/enumipv6-fix.diff b/debian/patches/enumipv6-fix.diff
diff --git a/debian/patches/enumipv6-fix.diff b/debian/patches/enumipv6-fix.diff
diff --git a/debian/patches/harfbuzz-cflags.diff 
b/debian/patches/harfbuzz-cflags.diff
diff --git a/debian/patches/hotspot-disable-werror.diff 
b/debian/patches/hotspot-disable-werror.diff
diff --git a/debian/patches/hotspot-disable-werror.diff 
b/debian/patches/hotspot-disable-werror.diff
diff --git a/debian/patches/hotspot-set-compiler.diff 
b/debian/patches/hotspot-set-compiler.diff
diff --git a/debian/patches/hotspot-set-compiler.diff 
b/debian/patches/hotspot-set-compiler.diff
diff --git a/debian/patches/hotspot-warn-no-errformat.diff 
b/debian/patches/hotspot-warn-no-errformat.diff
diff --git a/debian/patches/hotspot-warn-no-errformat.diff 
b/debian/patches/hotspot-warn-no-errformat.diff
diff --git a/debian/patches/include-all-srcs.diff 
b/debian/patches/include-all-srcs.diff
diff --git a/debian/patches/include-all-srcs.diff 
b/debian/patches/include-all-srcs.diff
diff --git a/debian/patches/java-access-bridge-security.diff 
b/debian/patches/java-access-bridge-security.diff
diff --git a/debian/patches/java-access-bridge-security.diff 
b/debian/patches/java-access-bridge-security.diff
diff --git 
a/debian/patches/jdk8211105-aarch64-disable_cos_sin_and_log_intrinsics.patch 
b/debian/patches/jdk8211105-aarch64-disable_cos_sin_and_log_intrinsics.patch
diff --git a/debian/patches/jdk-pulseaudio.diff 
b/debian/patches/jdk-pulseaudio.diff
diff --git a/debian/patches/jdk-pulseaudio.diff 
b/debian/patches/jdk-pulseaudio.diff
diff --git a/debian/patches/jexec.diff b/debian/patches/jexec.diff
diff --git a/debian/patches/jexec.diff b/debian/patches/jexec.diff
diff --git a/debian/patches/no-pch-build.diff b/debian/patches/no-pch-build.diff
diff --git a/debian/patches/no-pch-build.diff b/debian/patches/no-pch-build.diff
diff --git a/debian/patches/pass-extra-flags.diff 
b/debian/patches/pass-extra-flags.diff
diff --git a/debian/patches/pass-extra-flags.diff 
b/debian/patches/pass-extra-flags.diff
diff --git a/debian/patches/reproducible-build-user.diff 
b/debian/patches/reproducible-build-user.diff
diff --git a/debian/patches/reproducible-build-user.diff 
b/debian/patches/reproducible-build-user.diff
diff --git a/debian/patches/set-exec-name.diff 
b/debian/patches/set-exec-name.diff
diff --git a/debian/patches/set-exec-name.diff 
b/debian/patches/set-exec-name.diff
diff --git a/debian/patches/stack-direction.diff 
b/debian/patches/stack-direction.diff
diff --git a/debian/patches/stack-direction.diff 
b/debian/patches/stack-direction.diff



Bug#1033466: libabsl-dev: Please update ASAP

2023-03-25 Thread Matthias Urlichs
Package: libabsl-dev
Version: 20220623.1-1
Severity: normal

Hi,

I want to package the latest version of OR-Tools since the one in Unstable
is way too old by now. Unfortunately, that requires a current release of Abseil.


-- System Information:
Debian Release: 11.6
  APT prefers stable
  APT policy: (750, 'stable'), (700, 'oldstable'), (600, 'unstable'), (550, 
'oldoldstable'), (550, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-10-amd64 (SMP w/24 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libabsl-dev depends on:
ii  libabsl20220623  20220623.1-1

Versions of packages libabsl-dev recommends:
ii  cmake 3.25.1-1
ii  g++   4:10.2.1-1
ii  pkgconf [pkg-config]  1.7.4~git20210206+dcf529b-3

libabsl-dev suggests no packages.

-- no debconf information



Bug#1033465: newt: build ignore error Python.h: No such file or directory

2023-03-25 Thread henrynmail-deb...@yahoo.com
Package: newt
Version: 0.52.23-1
Severity: normal
Tags: ftbfs patch

Dear Maintainer,

if libpython*-dev is not installed, the build give an error

> snack.c:2:10: fatal error: Python.h: No such file or directory
> 2 | #include "Python.h"
>   |  ^~
> compilation terminated.

but the build not stops here.

# apt build-dep newt
# dpkg-buildpackage -B "-Pnocheck noinsttest noudeb nopython" -uc -us

The attached patch fix this problem. But then a build with "nopython"
will fail. To fix this, please add also patch in #1033421

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: unable to detect

-- Henry


newt-despite-error.patch
Description: Binary data


Bug#1033464: unblock: fish/3.6.0-3

2023-03-25 Thread M. Zhou
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fish
Not yet uploaded. This package does not have a proper
autopkgtest, manual unblock needed.

[ Reason ]

I cherry picked two upstream fixes. One of them fixes
crash, while the other fixes undesired behavior.
https://github.com/fish-shell/fish-shell/commit/e84f588d11a86d38ff708d4c16aab1316ac09b6c
https://github.com/fish-shell/fish-shell/commit/37575c5f7983cb5338a1ba23541bbd86a4fd2a4e

And I also added the missing dependency on procps.
It absence leads to unwanted and unnecessary errors:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029940

[ Impact ]

Fish is an interactive shell. These changes would fix unwanted
behavior of the shell.

[ Tests ]
The patches are cherry-picked from the upstream 3.6.1 release
and has been coverted by their CI. My default shell is fish and
it has been locally tested on both sid and the current stable.

[ Risks ]

The two patches are simple. Adding dependency on procps induces
zero risk.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock fish/3.6.0-3
Thank you for using reportbug
diff -Nru fish-3.6.0/debian/changelog fish-3.6.0/debian/changelog
--- fish-3.6.0/debian/changelog	2023-02-17 20:05:29.0 -0500
+++ fish-3.6.0/debian/changelog	2023-03-25 10:20:50.0 -0400
@@ -1,3 +1,10 @@
+fish (3.6.0-3) unstable; urgency=medium
+
+  * Cherry-pick upstream fixes from the v3.6.1 branch.
+  * Add the missing Depends on procps (Closes: #1029940).
+
+ -- Mo Zhou   Sat, 25 Mar 2023 10:20:50 -0400
+
 fish (3.6.0-2) unstable; urgency=medium
 
   * Ignore several flaky tests for armel.
diff -Nru fish-3.6.0/debian/control fish-3.6.0/debian/control
--- fish-3.6.0/debian/control	2023-01-07 11:28:46.0 -0500
+++ fish-3.6.0/debian/control	2023-03-25 10:19:55.0 -0400
@@ -26,6 +26,7 @@
  bsdextrautils,
  groff-base,
  man-db,
+ procps,
  python3,
  ${misc:Depends},
  ${shlibs:Depends}
diff -Nru fish-3.6.0/debian/patches/0001-reader-make-Escape-during-history-search-restore-com.patch fish-3.6.0/debian/patches/0001-reader-make-Escape-during-history-search-restore-com.patch
--- fish-3.6.0/debian/patches/0001-reader-make-Escape-during-history-search-restore-com.patch	1969-12-31 19:00:00.0 -0500
+++ fish-3.6.0/debian/patches/0001-reader-make-Escape-during-history-search-restore-com.patch	2023-03-25 10:18:29.0 -0400
@@ -0,0 +1,58 @@
+From: Johannes Altmanninger 
+Date: Tue, 17 Jan 2023 09:14:54 +0100
+Subject: reader: make Escape during history search restore commandline again
+
+Commit 3b30d92b6 (Commit transient edit when closing pager, 2022-08-31)
+inadvertently introduced two regressions to history search:
+
+1. It made Escape keeps the selected history entry,
+   instead of restoring the commandline before history search.
+2. It made history search commands add undo entries.
+
+Fix both of this issues.
+---
+ src/reader.cpp|  3 ++-
+ tests/checks/tmux-history-search.fish | 12 
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/reader.cpp b/src/reader.cpp
+index c50426f..9fe2d7e 100644
+--- a/src/reader.cpp
 b/src/reader.cpp
+@@ -4477,7 +4477,8 @@ maybe_t reader_data_t::readline(int nchars_or_0) {
+ 
+ // Clear the pager if necessary.
+ bool focused_on_search_field = (active_edit_line() == &pager.search_field_line);
+-if (command_ends_paging(readline_cmd, focused_on_search_field)) {
++if (!history_search.active() &&
++command_ends_paging(readline_cmd, focused_on_search_field)) {
+ clear_pager();
+ }
+ 
+diff --git a/tests/checks/tmux-history-search.fish b/tests/checks/tmux-history-search.fish
+index 9dc1b4f..92bab0b 100644
+--- a/tests/checks/tmux-history-search.fish
 b/tests/checks/tmux-history-search.fish
+@@ -3,6 +3,9 @@
+ # disable on github actions because it's flakey
+ #REQUIRES: test -z "$CI"
+ 
++set -g isolated_tmux_fish_extra_args -C '
++set -g fish_autosuggestion_enabled 0
++'
+ isolated-tmux-start
+ 
+ isolated-tmux send-keys 'true needle' Enter
+@@ -15,3 +18,12 @@ isolated-tmux send-keys C-p C-a M-f M-f M-f M-.
+ # CHECK: prompt 2> true hay needle hay
+ tmux-sleep
+ isolated-tmux capture-pane -p
++
++isolated-tmux send-keys C-e C-u true Up Up Escape
++tmux-sleep
++isolated-tmux capture-pane -p | grep 'prompt 2'
++# CHECK: prompt 2> true
++isolated-tmux send-keys C-z _
++tmux-sleep
++isolated-tmux capture-pane -p | grep 'prompt 2'
++# CHECK: prompt 2> _
diff -Nru fish-3.6.0/debian/patches/0002-reader-Remove-assert-in-history-search.patch fish-3.6.0/debian/patches/0002-reader-Remove-assert-in-history-search.patch
--- fish-3.6.0/debian/patches/0002-reader-Remove-assert-in-his

Bug#1033463: linux-image-6.1.0-6-amd64: fails to mount/recognize NTFS partitions

2023-03-25 Thread Vivek K J
Package: src:linux
Version: 6.1.15-1
Severity: normal

Dear Maintainer,

I've been using a automount script (in /etc/fstab) to mount my windows 
NTFS partition in Debian
Testing. But after updating to 6.1.0-6-amd64 the kernel doesn't boot 
and stucks at recovery mode.
On commenting the line which I used to automount that drive, I was able 
to boot into OS, but it
fails to recognize my NTFS partitions. 

PS: it's working without any problems in 6.1.0-5-amd64.


-- Package-specific info:
** Kernel log: boot messages should be attached

** Model information
sys_vendor: Acer
product_name: Nitro AN515-56
product_version: V1.02
chassis_vendor: Acer
chassis_version: V1.02
bios_vendor: Insyde Corp.
bios_version: V1.02
board_vendor: TGL
board_name: Scala_TLM
board_version: V1.02

** PCI devices:
:00:00.0 Host bridge [0600]: Intel Corporation 11th Gen Core Processor Host 
Bridge/DRAM Registers [8086:9a14] (rev 01)
Subsystem: Acer Incorporated [ALI] 11th Gen Core Processor Host 
Bridge/DRAM Registers [1025:152f]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 

:00:02.0 VGA compatible controller [0300]: Intel Corporation TigerLake-LP 
GT2 [Iris Xe Graphics] [8086:9a49] (rev 01) (prog-if 00 [VGA controller])
Subsystem: Acer Incorporated [ALI] TigerLake-LP GT2 [Iris Xe Graphics] 
[1025:152f]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: i915
Kernel modules: i915

:00:04.0 Signal processing controller [1180]: Intel Corporation 
TigerLake-LP Dynamic Tuning Processor Participant [8086:9a03] (rev 01)
Subsystem: Acer Incorporated [ALI] TigerLake-LP Dynamic Tuning 
Processor Participant [1025:152f]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: proc_thermal
Kernel modules: processor_thermal_device_pci_legacy

:00:06.0 PCI bridge [0604]: Intel Corporation 11th Gen Core Processor PCIe 
Controller [8086:9a09] (rev 01) (prog-if 00 [Normal decode])
Subsystem: Acer Incorporated [ALI] 11th Gen Core Processor PCIe 
Controller [1025:152f]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: 
Kernel driver in use: pcieport

:00:07.0 PCI bridge [0604]: Intel Corporation Tiger Lake-LP Thunderbolt 4 
PCI Express Root Port #0 [8086:9a23] (rev 01) (prog-if 00 [Normal decode])
Subsystem: Intel Corporation Tiger Lake-LP Thunderbolt 4 PCI Express 
Root Port [8086:7270]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: 
Kernel driver in use: pcieport

:00:08.0 System peripheral [0880]: Intel Corporation GNA Scoring 
Accelerator module [8086:9a11] (rev 01)
Subsystem: Acer Incorporated [ALI] GNA Scoring Accelerator module 
[1025:152f]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 

:00:0d.0 USB controller [0c03]: Intel Corporation Tiger Lake-LP Thunderbolt 
4 USB Controller [8086:9a13] (rev 01) (prog-if 30 [XHCI])
Subsystem: Intel Corporation Tiger Lake-LP Thunderbolt 4 USB Controller 
[8086:7270]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- 
SERR- 
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci

:00:0d.2 USB controller [0c03]: Intel Corporation Tiger Lake-LP Thunderbolt 
4 NHI #0 [8086:9a1b] (rev 01) (prog-if 40 [USB4 Host Interface])
Subsystem: Device [:]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Kernel driver in use: thunderbolt
Kernel modules: thunderbolt

:00:0e.0 RAID bus controller [0104]: Intel Corporation Volume Management 
Device NVMe RAID Controller [8086:9a0b]
Subsystem: Acer Incorporated [ALI] Volume Management Device NVM

Bug#1033079: intel-microcode 3.20230214.1~deb11u1 flagged for acceptance

2023-03-25 Thread Adam D Barratt
package release.debian.org
tags 1033079 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: intel-microcode
Version: 3.20230214.1~deb11u1

Explanation: new upstream bug-fix release



Bug#1032120: Tiledb-py fails to build (Was: tiledb: uses atomic operations, but is not linked to libatomic)

2023-03-25 Thread Adam Cecile
Hello,

It seems unittests are running against very new pandas version that wants 
pyarrow (but it does not seems to be available in the archive).
Can you check while self.use_arrow evaluate to True ? That's mostly the root 
cause of the failure.
I'll try to have a look when I'll be in front of my computer.

Regards, Adam.

On March 25, 2023 2:55:39 PM GMT+01:00, Andreas Tille  wrote:
>Hi,
>
>as you can read in the bug log, there was an upload of a new version of
>tiledb a couple of hours before it has migrated to testing.  Thus the
>package remains affected by a testing removal (together with its two
>reverse dependencies tiledb and genomicsdb).  To follow the freeze
>policy I reverted the version bump and NMUed tiledb
>2.15.0really2.14.1-0.1 to experimental (since the maintainer did not
>responded).
>
>As we can see tiledb-py does not build against tiledb 2.15.0[1]
>
>I've now forced (Build-)Depends to
>   tibtiledb-dev (>= 2.15.0really2.14.1~)
>but it seems Salsa CI autopkgtest does not respect the setting
>
>variables:
>  # Build against tiledb in experimental
>  RELEASE: 'experimental'
>
>and thus the autopkgtest log does not reproduce the error I've got
>in my local build:
>
>...
>
>=== FAILURES 
>===
>___ TestNumpyToArray.test_from_numpy_empty_str[1-0] 
>
>
>self = 
>empty_str = '', num_strs = 1
>
>@pytest.mark.parametrize("empty_str", ["", b""])
>@pytest.mark.parametrize("num_strs", [1, 1000])
>def test_from_numpy_empty_str(self, empty_str, num_strs):
>uri = self.path("test_from_numpy_empty_str")
>np_array = np.asarray([empty_str] * num_strs, dtype="O")
>tiledb.from_numpy(uri, np_array)
>
>with tiledb.open(uri, "r") as A:
>assert_array_equal(A[:], np_array)
>if has_pandas():
>>   assert_array_equal(A.query(use_arrow=True).df[:][""], np_array)
>
>tests/test_libtiledb.py:3356:
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>_.
>/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:192: in 
>__getitem__
>return self if self.return_incomplete else self._run_query()
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>_.
>
>self = 
>
>def _run_query(self) -> Union[DataFrame, Table]:
>if self.pyquery is not None:
>self.pyquery.submit()
>
>if self.pyquery is None:
>df = DataFrame(self._empty_results)
>elif self.use_arrow:
>with timing("buffer_conversion_time"):
>>   table = self.pyquery._buffers_to_pa_table()
>E   ModuleNotFoundError: No module named 'pyarrow'
>
>/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:329: 
>ModuleNotFoundError
>___ TestNumpyToArray.test_from_numpy_empty_str[1-1] 
>
>
>self = 
>empty_str = b'', num_strs = 1
>
>@pytest.mark.parametrize("empty_str", ["", b""])
>@pytest.mark.parametrize("num_strs", [1, 1000])
>def test_from_numpy_empty_str(self, empty_str, num_strs):
>uri = self.path("test_from_numpy_empty_str")
>np_array = np.asarray([empty_str] * num_strs, dtype="O")
>tiledb.from_numpy(uri, np_array)
>
>with tiledb.open(uri, "r") as A:
>assert_array_equal(A[:], np_array)
>if has_pandas():
>>   assert_array_equal(A.query(use_arrow=True).df[:][""], np_array)
>
>tests/test_libtiledb.py:3356:
>/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:192: in 
>__getitem__
>return self if self.return_incomplete else self._run_query()
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>_.
>
>self = 
>
>variables:
>  # Build against tiledb in experimental
>  RELEASE: 'experimental'
>def _run_query(self) -> Union[DataFrame, Table]:
>if self.pyquery is not None:
>self.pyquery.submit()
>
>if self.pyquery is None:
>df = DataFrame(self._empty_results)
>elif self.use_arrow:
>with timing("buffer_conversion_time"):
>>   table = self.pyquery._buffers_to_pa_table()
>E   ModuleNotFoundError: No module named 'pyarrow'
>
>/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:329: 
>ModuleNotFoundError
>__ TestNumpyToArray.test_from_numpy_empty_str[1000-0] 
>__
>
>self = 
>empty_str = '', num_strs = 1000
>
>@pytest.mark.parametrize("empty_str", ["", b""])
>@pytest.mark.parametrize("num_strs", [1, 1000])
>def test_from_numpy_empty_str(self, empty_str, num_strs):
>uri = self.path("test_from_numpy_empty_str")
>np_array = np.asarray([empty_str] * num
>
>=== FAILURES 
>===
>___ TestNumpyToArray.test_from_numpy_empty_str[1-0] 
>
>
>self = 
>empty_str = '', num_strs = 1
>
>@

Bug#1033462: kmail: Kmail fails to send emails via Google mail with "Failed to authenticate additional scopes"

2023-03-25 Thread Ariel Garcia
Package: kmail
Version: 4:22.12.3-1
Severity: normal
X-Debbugs-Cc: aog20...@gmail.com

Dear Maintainer,

I have two Google mail (@gmail.com) accounts. Both are configured to use
XOAUTH2 authentication for receiving (Imap / SSL / 993) and sending (smtp /
STARTTLS / 587).

Both accounts can retrieve the email, but ONLY ONE works for sending.
The other account fails to send email with the message "Failed to authenticate
additional scopes", and if i start akonadi in the shell i see the messages:

---
[SASL-XOAUTH2] - Requesting authID!
[SASL-XOAUTH2] - Requesting token!
[SASL-XOAUTH2] - filling prompts!
[SASL-XOAUTH2] - Requesting authID!
[SASL-XOAUTH2] - Requesting token!
org.kde.kgapi: Bad request, Google replied ' "{\n  \"error\":
\"invalid_grant\",\n  \"error_description\": \"Bad Request\"\n}" '
org.kde.pim.mailtransport.smtpplugin: Error obtaining XOAUTH2 token: "Failed to
authenticate additional scopes"
org.kde.pim.ksmtp: SMTP Socket error: QAbstractSocket::RemoteHostClosedError
"The remote host closed the connection"
-

As far as i can tell both accounts are set up identically. I even created the
failing one again (identity and sending account). Same error. I would be happy
to debug/investigate if helpful.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (880, 'testing-security'), (880, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kmail depends on:
ii  akonadi-server   4:22.12.3-1
ii  kdepim-runtime   4:22.12.3-1
ii  kio  5.103.0-1
ii  libc62.36-8
ii  libgcc-s112.2.0-14
ii  libgpgmepp6  1.18.0-3+b1
ii  libkf5akonadiagentbase5 [libkf5akonadiagentbase5-22.12]  4:22.12.3-1
ii  libkf5akonadicontact5 [libkf5akonadicontact5-22.12]  4:22.12.3-1
ii  libkf5akonadicore5abi2 [libkf5akonadicore5-22.12]4:22.12.3-1
ii  libkf5akonadimime5 [libkf5akonadimime5-22.12]4:22.12.3-1
ii  libkf5akonadisearch-bin  4:22.12.3-1
ii  libkf5akonadisearch-plugins  4:22.12.3-1
ii  libkf5akonadisearchdebug5 [libkf5akonadisearchdebug5-22.12]  4:22.12.3-1
ii  libkf5akonadisearchpim5 [libkf5akonadisearchpim5-22.12]  4:22.12.3-1
ii  libkf5akonadiwidgets5abi1 [libkf5akonadiwidgets5-22.12]  4:22.12.3-1
ii  libkf5bookmarks5 5.103.0-1
ii  libkf5calendarcore5abi2  5:5.103.0-1
ii  libkf5calendarutils5 [libkf5calendarutils5-22.12]4:22.12.3-1
ii  libkf5codecs55.103.0-1
ii  libkf5completion55.103.0-1
ii  libkf5configcore55.103.0-1
ii  libkf5configgui5 5.103.0-1
ii  libkf5configwidgets5 5.103.0-1
ii  libkf5contacts5  5:5.103.0-1
ii  libkf5coreaddons55.103.0-1
ii  libkf5crash5 5.103.0-1
ii  libkf5dbusaddons55.103.0-1
ii  libkf5grantleetheme-plugins  22.12.3-1
ii  libkf5gravatar5abi2 [libkf5gravatar5-22.12]  4:22.12.3-1
ii  libkf5guiaddons5 5.103.0-1
ii  libkf5i18n5  5.103.0-1
ii  libkf5iconthemes55.103.0-1
ii  libkf5identitymanagement5 [libkf5identitymanagement5-22.12]  22.12.3-1
ii  libkf5identitymanagementwidgets5 [libkf5identitymanagementw  22.12.3-1
idgets5-22.12]
ii  libkf5itemmodels55.103.0-1
ii  libkf5itemviews5 5.103.0-1
ii  libkf5jobwidgets55.103.0-1
ii  libkf5kcmutils5  5.103.0-3
ii  libkf5kiocore5   5.103.0-1
ii  libkf5kiofilewidgets55.103.0-1
ii  libkf5kiogui55.103.0-1
ii  libkf5kiowidgets

Bug#1033374: pre-unblock: ruby-rack/2.2.6.4-1

2023-03-25 Thread Pirate Praveen

Control: tags -1 -moreinfo
Control: retitle -1 unblock: ruby-rack/2.2.6.4-1

On Fri, Mar 24 2023 at 06:45:30 PM +01:00:00 +01:00:00, Sebastian 
Ramacher  wrote:

Control: tags -1 moreinfo

On 2023-03-24 01:50:25 +0530, Pirate Praveen wrote:

 Package: release.debian.org
 Severity: normal
 User: release.debian@packages.debian.org
 Usertags: unblock
 X-Debbugs-Cc: ruby-r...@packages.debian.org
 Control: affects -1 + src:ruby-rack

 Please see these changes for ruby-rack (I have not uploaded yet) is 
ok.


Please go ahead and let us know once the package is available in
unstable.


Uploaded ruby-rack/2.2.6.4-1 to unstable.



Cheers



 [ Reason ]
 It fixes two CVEs (though it includes some other bug fixes too)

 [ Impact ]
 Some of the changes included in this release are already included 
in the

 debian package as patches, this just reduces maintenance effort.

 [ Tests ]
 Upstream testsuite passes, gitlab is already using the 2.2.6.4 
version.


 [ Risks ]
 If this is not unblocked, two CVEs would have to be backported to 
2.2.4



 [ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

 [ Other info ]

 unblock ruby-rack/2.2.6.4-1


 diff -Nru ruby-rack-2.2.4/CHANGELOG.md 
ruby-rack-2.2.6.4/CHANGELOG.md

 --- ruby-rack-2.2.4/CHANGELOG.md   2022-07-01 03:48:29.0 +0530
 +++ ruby-rack-2.2.6.4/CHANGELOG.md	2023-03-13 23:37:51.0 
+0530

 @@ -2,6 +2,33 @@

  All notable changes to this project will be documented in this 
file. For info on how to format all future additions to this file 
please reference [Keep A 
Changelog](https://keepachangelog.com/en/1.0.0/).


 +## [2.2.6.4] - 2023-03-13
 +
 +- [CVE-2023-27539] Avoid ReDoS in header parsing
 +
 +## [2.2.6.3] - 2023-03-02
 +
 +- [CVE-2023-27530] Introduce multipart_total_part_limit to limit 
total parts

 +
 +## [2.2.6.2] - 2022-01-17
 +
 +- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
 +
 +## [2.2.6.1] - 2022-01-17
 +
 +- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
 +- [CVE-2022-44572] Forbid control characters in attributes (also 
ReDoS)

 +
 +## [2.2.6] - 2022-01-17
 +
 +- Extend `Rack::MethodOverride` to handle 
`QueryParser::ParamsTooDeepError` error. 
([#2011](https://github.com/rack/rack/pull/2011), 
[@byroot](https://github.com/byroot))

 +
 +## [2.2.5] - 2022-12-27
 +
 +### Fixed
 +
 +- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. 
([#1998](https://github.com/rack/rack/pull/1998), 
[@weizheheng](https://github.com/weizheheng))

 +
  ## [2.2.4] - 2022-06-30

  - Better support for lower case headers in `Rack::ETag` 
middleware. ([#1919](https://github.com/rack/rack/pull/1919), 
[@ioquatix](https://github.com/ioquatix))
 diff -Nru ruby-rack-2.2.4/debian/changelog 
ruby-rack-2.2.6.4/debian/changelog
 --- ruby-rack-2.2.4/debian/changelog	2023-02-09 16:17:17.0 
+0530
 +++ ruby-rack-2.2.6.4/debian/changelog	2023-03-24 
01:32:43.0 +0530

 @@ -1,3 +1,10 @@
 +ruby-rack (2.2.6.4-1) unstable; urgency=medium
 +
 +  * Team Upload
 +  * New upstream version 2.2.6.4 (Fixes: CVE-2023-27530, 
CVE-2023-27539)

 +
 + -- Pirate Praveen   Fri, 24 Mar 2023 01:32:43 
+0530

 +
  ruby-rack (2.2.4-3) unstable; urgency=high

* Team upload
 diff -Nru 
ruby-rack-2.2.4/debian/patches/Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch 
ruby-rack-2.2.6.4/debian/patches/Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch
 --- 
ruby-rack-2.2.4/debian/patches/Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch	2023-02-09 
16:17:17.0 +0530
 +++ 
ruby-rack-2.2.6.4/debian/patches/Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch	1970-01-01 
05:30:00.0 +0530

 @@ -1,26 +0,0 @@
  a/lib/rack/utils.rb
 -+++ b/lib/rack/utils.rb
 -@@ -348,17 +348,18 @@
 -   return nil unless http_range && http_range =~ 
/bytes=([^;]+)/

 -   ranges = []
 -   $1.split(/,\s*/).each do |range_spec|
 --return nil  unless range_spec =~ /(\d*)-(\d*)/
 --r0, r1 = $1, $2
 --if r0.empty?
 --  return nil  if r1.empty?
 -+return nil unless range_spec.include?('-')
 -+range = range_spec.split('-')
 -+r0, r1 = range[0], range[1]
 -+if r0.nil? || r0.empty?
 -+  return nil if r1.nil?
 -   # suffix-byte-range-spec, represents trailing suffix of 
file

 -   r0 = size - r1.to_i
 -   r0 = 0  if r0 < 0
 -   r1 = size - 1
 - else
 -   r0 = r0.to_i
 --  if r1.empty?
 -+  if r1.nil?
 - r1 = size - 1
 -   else
 - r1 = r1.to_i
 diff -Nru 
ruby-rack-2.2.4/debian/patches/Fix-ReDoS-vulnerability-in-multipart-parser.patch 
ruby-rack-2.2.6.4/debian/patches/Fix-ReDoS-vulnerability-in-multipart-parser.patch
 --- 
ruby-rack-2.2.4/debian/patches/Fix-ReDoS-vulnerability-in-multipart-parser.patch	2023-02-09 
16:17:17.0 +0530
 +++ 
ruby-rack-2.2.6.4/debian/patches/F

Bug#1033461: [INTL:ro] Romanian debconf templates translation of rkhunter

2023-03-25 Thread Remus-Gabriel Chelu
Package: rkhunter
Version: N/A
Severity: wishlist
Tags: l10n, patch

Dear Maintainer,

Please find attached the Romanian translation of the «rkhunter» file.

Thanks,
Remus-Gabriel

rkhunter_debconf_ro.po
Description: Binary data


Bug#1033460: unblock: xscreensaver/6.06+dfsg1-3

2023-03-25 Thread Tormod Volden
Package: release.debian.org
Control: affects -1 + src:xscreensaver
X-Debbugs-Cc: xscreensa...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package xscreensaver 6.06+dfsg1-3

[ Reason ]
A couple of upstream crash regressions were introduced in 6.06,
and these are fixed in 6.06+dfsg1-3 (#1030909, #1030659).
There was also a regression where DPMS settings were reset,
causing lack of power saving, the patch from upstream was included
for this (#1031076). A missing dependency was fixed together with a
correction of internal dependencies between the binary packages.
A translation was broken simply because of wrong po file encoding
(seen on l10n status report).

[ Impact ]
The user won't be able to set XScreenSaver preferences because
the preference window crashes.
The user will unknowingly leave the power settings disabled and
waste electricity.
The missing dependencies would prevent screensaver modes from
functioning.

[ Tests ]
Bug reporters have verified the fixes in 6.06+dfsg1-3.
I could myself reproduce the issues and their fixes.
There have been no new issues or regressions reported since
6.06+dfsg1-3 was uploaded 21 days ago.

[ Risks ]
The most complex crash issue was analyzed in depth by upstream
and GTK developers, so the applied solution is well understood. The
other fixes are relatively trivial and the risk is low that they have any
unintentional effects.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]

Attachments: xscreensaver_6.06+dfsg1-3.debdiff


xscreensaver_6.06+dfsg1-3.debdiff
Description: Binary data


Bug#1033459: wxmaxima: INTERNAL-SIMPLE-TYPE-ERROR assoc_legendre_p(...) is not of type LIST

2023-03-25 Thread Stanislav Maslovski
Package: wxmaxima
Version: 22.12.0-1
Severity: normal
X-Debbugs-Cc: stanislav.maslov...@gmail.com

Dear Maintainer,

In wxmaxima, when I try to use assoc_legendre_p() function from the
orthopoly package, I get the following error (below is copy-and-pase from
the wxmaxima window):


(%i1) assoc_legendre_p(l,m,cos(theta))*exp(%i*m*phi);

Maxima encountered a Lisp error:

 Condition in FORMAT [or a callee]: INTERNAL-SIMPLE-TYPE-ERROR:
"assoc_legendre_p(l,m,cos(theta))" is not of type LIST: 

Automatically continuing.

To enable the Lisp debugger set *debugger-hook* to nil.


On the other hand, if I just run maxima from a terminal, there is no
error (below is copy-and-paste from the terminal window):

% maxima

Maxima 5.46.0 https://maxima.sourceforge.io
using Lisp GNU Common Lisp (GCL) GCL 2.6.14 git tag Version_2_6_15pre3
Distributed under the GNU Public License. See the file COPYING.
Dedicated to the memory of William Schelter.
The function bug_report() provides bug reporting information.

(%i1) assoc_legendre_p(l,m,cos(theta))*exp(%i*m*phi);

m   %i m phi
(%o1)  P (cos(theta)) %e
l
(%i2)

That is why I am reporting this as wxmaxima bug, and not maxima bug.

With best regards,

Stanislav

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'stable-security'), (500, 
'testing'), (500, 'oldstable'), (300, 'bullseye-fasttrack'), (300, 
'bullseye-backports-staging'), (300, 'stable'), (100, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wxmaxima depends on:
ii  libc6  2.36-8
ii  libgcc-s1  12.2.0-14
ii  libstdc++6 12.2.0-14
ii  libwxbase3.2-1 3.2.2+dfsg-2
ii  libwxgtk-webview3.2-1  3.2.2+dfsg-2
ii  libwxgtk3.2-1  3.2.2+dfsg-2
ii  maxima 5.46.0-11

Versions of packages wxmaxima recommends:
ii  maxima-doc  5.46.0-11

Versions of packages wxmaxima suggests:
ii  fonts-jsmath 0.090709+0-4
pn  ibus-gtk3
ii  texlive-latex-extra  2022.20230122-2

-- no debconf information



Bug#1032120: Tiledb-py fails to build (Was: tiledb: uses atomic operations, but is not linked to libatomic)

2023-03-25 Thread Andreas Tille
Hi,

as you can read in the bug log, there was an upload of a new version of
tiledb a couple of hours before it has migrated to testing.  Thus the
package remains affected by a testing removal (together with its two
reverse dependencies tiledb and genomicsdb).  To follow the freeze
policy I reverted the version bump and NMUed tiledb
2.15.0really2.14.1-0.1 to experimental (since the maintainer did not
responded).

As we can see tiledb-py does not build against tiledb 2.15.0[1]

I've now forced (Build-)Depends to
   tibtiledb-dev (>= 2.15.0really2.14.1~)
but it seems Salsa CI autopkgtest does not respect the setting

variables:
  # Build against tiledb in experimental
  RELEASE: 'experimental'

and thus the autopkgtest log does not reproduce the error I've got
in my local build:

...

=== FAILURES ===
___ TestNumpyToArray.test_from_numpy_empty_str[1-0] 

self = 
empty_str = '', num_strs = 1

@pytest.mark.parametrize("empty_str", ["", b""])
@pytest.mark.parametrize("num_strs", [1, 1000])
def test_from_numpy_empty_str(self, empty_str, num_strs):
uri = self.path("test_from_numpy_empty_str")
np_array = np.asarray([empty_str] * num_strs, dtype="O")
tiledb.from_numpy(uri, np_array)

with tiledb.open(uri, "r") as A:
assert_array_equal(A[:], np_array)
if has_pandas():
>   assert_array_equal(A.query(use_arrow=True).df[:][""], np_array)

tests/test_libtiledb.py:3356:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _.
/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:192: in __getitem__
return self if self.return_incomplete else self._run_query()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _.

self = 

def _run_query(self) -> Union[DataFrame, Table]:
if self.pyquery is not None:
self.pyquery.submit()

if self.pyquery is None:
df = DataFrame(self._empty_results)
elif self.use_arrow:
with timing("buffer_conversion_time"):
>   table = self.pyquery._buffers_to_pa_table()
E   ModuleNotFoundError: No module named 'pyarrow'

/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:329: 
ModuleNotFoundError
___ TestNumpyToArray.test_from_numpy_empty_str[1-1] 

self = 
empty_str = b'', num_strs = 1

@pytest.mark.parametrize("empty_str", ["", b""])
@pytest.mark.parametrize("num_strs", [1, 1000])
def test_from_numpy_empty_str(self, empty_str, num_strs):
uri = self.path("test_from_numpy_empty_str")
np_array = np.asarray([empty_str] * num_strs, dtype="O")
tiledb.from_numpy(uri, np_array)

with tiledb.open(uri, "r") as A:
assert_array_equal(A[:], np_array)
if has_pandas():
>   assert_array_equal(A.query(use_arrow=True).df[:][""], np_array)

tests/test_libtiledb.py:3356:
/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:192: in __getitem__
return self if self.return_incomplete else self._run_query()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _.

self = 

variables:
  # Build against tiledb in experimental
  RELEASE: 'experimental'
def _run_query(self) -> Union[DataFrame, Table]:
if self.pyquery is not None:
self.pyquery.submit()

if self.pyquery is None:
df = DataFrame(self._empty_results)
elif self.use_arrow:
with timing("buffer_conversion_time"):
>   table = self.pyquery._buffers_to_pa_table()
E   ModuleNotFoundError: No module named 'pyarrow'

/usr/lib/python3/dist-packages/tiledb/multirange_indexing.py:329: 
ModuleNotFoundError
__ TestNumpyToArray.test_from_numpy_empty_str[1000-0] __

self = 
empty_str = '', num_strs = 1000

@pytest.mark.parametrize("empty_str", ["", b""])
@pytest.mark.parametrize("num_strs", [1, 1000])
def test_from_numpy_empty_str(self, empty_str, num_strs):
uri = self.path("test_from_numpy_empty_str")
np_array = np.asarray([empty_str] * num

=== FAILURES ===
___ TestNumpyToArray.test_from_numpy_empty_str[1-0] 

self = 
empty_str = '', num_strs = 1

@pytest.mark.parametrize("empty_str", ["", b""])
@pytest.mark.parametrize("num_strs", [1, 1000])
def test_from_numpy_empty_str(self, empty_str, num_strs):
uri = self.path("test_from_numpy_empty_str")
np_array = np.asarray([empty_str] * num_strs, dtype="O")
tiledb.from_numpy(uri, np_array)

with tiledb.open(uri, "r") as A:
assert_array_equal(A[:], np_array)
if has_pandas():
>   assert_array_equal(A.query(use_arrow=True).df[:][""], np_array)

tests/te

Bug#1033458: python3-ortools: Ancient version

2023-03-25 Thread Matthias Urlichs
Package: python3-ortools
Version: 8.2+ds-6+b1
Severity: normal
X-Debbugs-Cc: sm...@smurf.noris.de

ortools is at v9.6 by now. Version 8.2 is two years old and IMHO should not
be in Bookworm at this point. Please upgrade.

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (700, 'testing'), (650, 'stable'), (600, 'oldstable'), (500, 
'stable-security'), (500, 'unstable'), (300, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-ortools depends on:
ii  libabsl20220623  20220623.1-1
ii  libc62.36-8
ii  libgcc-s112.2.0-14
ii  libortools8  8.2+ds-6+b1
ii  libprotobuf233.12.4-1+b5
ii  libstdc++6   12.2.0-14
ii  python3  3.11.2-1

python3-ortools recommends no packages.

python3-ortools suggests no packages.

-- debconf-show failed



Bug#1033457: [INTL:ro] Romanian debconf templates translation of resolvconf

2023-03-25 Thread Remus-Gabriel Chelu
Package: resolvconf
Version: N/A
Severity: wishlist
Tags: l10n, patch

Dear Maintainer,

Please find attached the Romanian translation of the «resolvconf» file.

Thanks,
Remus-Gabriel

resolvconf_debconf_ro.po
Description: Binary data


Bug#1033456: genomicsdb may need build adjustment

2023-03-25 Thread Dirk Eddelbuettel


Package: genomicsdb
Severity: normal

I recently filed #1033410 and requested to have tiledb removed from Debian as
the build has always severely constrained by both a lack of 'cloud' support,
a mismatch with pinned dependencies at different versions of required
libraries, an upcoming change to use of vcpkg, and a general mismatch as
upstream really only looks at x86_64 and arm64.

As I understand it, genomicsdb primarily builds off htslib. I am herebe
asking you to kindly adjust the build to no longer require libtiledb-dev.

Thanks,  Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org



Bug#1033455: xscreensaver: won't unlock if libpam-cap is installed and active

2023-03-25 Thread Athanasius
Package: xscreensaver
Version: 6.06+dfsg1-2
Severity: important

Dear Maintainer,

  TL;DR - If xscreensaver pam authentication is to work it will need to
cause adjustment to libpam-cap related configuration files.

  After upgrading my Debian desktop to bookworm I found that any attempt
to unlock xscreensaver acted as if I had failed to type the password
correctly.  It should be noted that this is an old Debian install that
has been through many different stable versions without a reinstall.
  Running xscreensaver with `-verbose` and temporarily increasing some
PAM auth logging pointed to `unix_chkpwd` being where the failure
occurred, but I couldn't easily delve any deeper there due to even root
not being able to `strace` an `xscreensaver-auth` process.

  To help diagnoise this I performed a clean bookworm install on a
separate drive and re-tested it there.  It worked!

  So, I started looking at differences between the two installs.  I used
`fvwm` on both, and aligned the `~/.xscreensaver` configurations.  Then
I checked `/etc/pam.d/`, saw I had `pam_cap.so` configured on the old
install and tried commenting that out of `/etc/pam.d/common-auth`.  But
re-testing didn't cause xscreensaver auth to work.
  It turns out at least a full restart was necessary, if not a reboot.
This was discovered when `/etc/security/capability.conf` also came to
light, with its default `none  *` line active.
  So, performed an `apt purge libpam-cap`, and rebooted before a re-test,
and then xscreensaver unlocking worked!

  The version of libpam-cap that gets installed is:

ii  libpam-cap:amd64 1:2.66-3

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xscreensaver depends on:
ii  init-system-helpers  1.65.2
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-8
ii  libcrypt11:4.4.33-2
ii  libglib2.0-0 2.74.6-1
ii  libgtk-3-0   3.24.37-2
ii  libpam0g 1.5.2-6
ii  libsystemd0  252.6-1
ii  libx11-6 2:1.8.4-2
ii  libxext6 2:1.3.4-1+b1
ii  libxft2  2.3.6-1
ii  libxi6   2:1.8-1+b1
ii  libxinerama1 2:1.1.4-3
ii  libxml2  2.9.14+dfsg-1.1+b3
ii  libxrandr2   2:1.5.2-2+b1
ii  libxt6   1:1.2.1-1
ii  libxxf86vm1  1:1.1.4-1+b2
ii  xscreensaver-data6.06+dfsg1-2

Versions of packages xscreensaver recommends:
ii  fonts-urw-base35  20200910-7
ii  libjpeg-turbo-progs   1:2.1.5-2
ii  perl  5.36.0-7
ii  wamerican [wordlist]  2020.12.07-2
ii  wbritish [wordlist]   2020.12.07-2
ii  xfonts-100dpi 1:1.0.5

Versions of packages xscreensaver suggests:
ii  chromium [www-browser]  111.0.5563.64-1
ii  fortune-mod [fortune]   1:1.99.1-7.3
pn  gdm3 | kdm-gdmcompat
ii  google-chrome-stable [www-browser]  111.0.5563.110-1
ii  links [www-browser] 2.28-1+b2
ii  lynx [www-browser]  2.9.0dev.12-1
pn  qcam | streamer 
ii  w3m [www-browser]   0.5.3+git20230121-2
ii  xdaliclock  2.46-1
pn  xfishtank   
ii  xscreensaver-data-extra 6.06+dfsg1-2
ii  xscreensaver-gl 6.06+dfsg1-2
ii  xscreensaver-gl-extra   6.06+dfsg1-2

-- no debconf information

-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
  Finger athan(at)fysh.org for PGP key
   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME



Bug#1033453: RM: tiledb-py -- ROM,NPOASR as build-depends tiledb should RM

2023-03-25 Thread Dirk Eddelbuettel


Package: ftp.debian.org
Severity: normal

As argued in #1033410, tiledb is not really a good fit for Debian and should
RM. As such, tiledb-py cannot build and needs to RM as well.

Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org



Bug#1033454: RM: tiledb-r -- ROM,NPOASR as build-depends tiledb should RM

2023-03-25 Thread Dirk Eddelbuettel


Package: ftp.debian.org
Severity: normal

As argued in #1033410, tiledb is not really a good fit for Debian and should
RM. As such, tiledb-r cannot build and needs to RM as well.

Dirk

-- 
dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org



Bug#1033417: newt: missing Build-Depends docbook

2023-03-25 Thread Henry Nestler
Hello Jochen,

this error is the same as in base-passwd, is not critical, because autobild 
works. Please see answer #10 there
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033422#10



Bug#1033417: newt: missing Build-Depends docbook

2023-03-25 Thread henrynmail-deb...@yahoo.com
Jochen Sprickerhof  wrote: 

>Hi Henry,
>
>* Henry N.  [2023-03-24 17:56]:
>>build in a minimal build environmet fails for docbook2html.
>>
>># apt source newt
>># cd newt-0.52.23
>># apt build-dep newt
>>... all dependency installed ...
>># dpkg-buildpackage -B "-Pnocheck noinsttest noudeb" -uc -us
>>...
>>openjade:/tmp/newt-0.52.23/tutorial/../tutorial.sgml:1:61:W: cannot
>>generate system identifier for public text "-//Davenport//DTD DocBook
>>V3.0//EN"
>>openjade:/tmp/newt-0.52.23/tutorial/../tutorial.sgml:1:61:E: reference
>>to entity "ARTICLE" for which no system identifier could be generated
>>...
>>openjade:I: maximum number of errors (200) reached; change with -E
>>option
>>make[1]: *** [debian/rules:53: override_dh_auto_build] Error 8
>>make[1]: Leaving directory '/tmp/newt-0.52.23'
>>make: *** [debian/rules:14: build-arch] Error 2
>>dpkg-buildpackage: error: debian/rules build-arch subprocess returned
>>exit status 2
>
>I can't reproduce this with:
>
>$ sbuild --no-arch-all --profiles=nocheck,noinsttest,noudeb -d unstable newt

Yes, that works.

>>Workaround: After installing "docbook" it works.
>
>newt build depends on docbook-utils that depends on docbook-dsssl that 
>depends on docbook so your minimal system should have installed that 
>already. Can you please verify?

 docbook-dsssl depends on docbook *or* docbook-xml.
docbook-xml has only a suggestion to docbook.
It fails, if docbook-xml is installed and docbook is not installed.

Reproducable way in typically installation of Debian bookworm:
# apt remove docbook
# apt install docbook-xml
# apt source newt
# cd newt-0.52.23
# apt build-dep newt
# dpkg-buildpackage -B --build-profiles=nocheck,noinsttest,noudeb -uc -us

Henry



Bug#1033407: duplicate bugs

2023-03-25 Thread Dominik Stadler
merge 1033407 1032989

--
These two bug-reports sound very similar, #1032989 has a lot of
investigation already.


Bug#1033452: [INTL:ro] Romanian debconf templates translation of refind

2023-03-25 Thread Remus-Gabriel Chelu
Package: refind
Version: N/A
Severity: wishlist
Tags: l10n, patch

Dear Maintainer,

Please find attached the Romanian translation of the «refind» file.

Thanks,
Remus-Gabriel

refind_debconf_ro.po
Description: Binary data


Bug#1030113: openvswitch 2.15.0+ds1-2+deb11u3 flagged for acceptance

2023-03-25 Thread Adam D Barratt
package release.debian.org
tags 1030113 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: openvswitch
Version: 2.15.0+ds1-2+deb11u3

Explanation: fix "openvswitch-switch update leaves interfaces down"



Bug#1025453: still in 0.3.67-1

2023-03-25 Thread graeme vetterlein

I've switched to experimental , for : pipewire + libpipewire*

$ apt-cache policy pipewire
pipewire:
  Installed: 0.3.67-1
  Candidate: 0.3.67-1
  Version table:
 *** 0.3.67-1 800
  1 https://deb.debian.org/debian experimental/main amd64 Packages
    100 /var/lib/dpkg/status
 0.3.65-3 500
    500 http://ftp.uk.debian.org/debian unstable/main amd64 Packages
    500 http://ftp.de.debian.org/debian sid/main amd64 Packages
graeme@real:~/Documents/Remote/Bugs/22mar2023-pipewire-freedeskt>op$


So now 0.3.67-1 .. bug persists




Bug#1033448: black-box-terminal: Package was renamed and most probably should no longer exist

2023-03-25 Thread Santiago Vila

El 25/3/23 a las 12:10, Barak A. Pearlmutter escribió:

Thanks for noting that.
Already filed for RM, see bugs.debian.org/1033450


Thank you.

I'm closing this bug, then, as it's already in ftpmaster hands.

(My suggestion to reassign was to save one bug number,
but nevermind).

Thanks.



Bug#1033412: libdatetime-timezone-perl 2.47-1+2023b flagged for acceptance

2023-03-25 Thread Adam D Barratt
package release.debian.org
tags 1033412 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libdatetime-timezone-perl
Version: 2.47-1+2023b

Explanation: update included data



Bug#1033451: please fix wrong condition contained in debian-edu-ltsp-install script

2023-03-25 Thread Wolfgang Schweer
Package: debian-edu-config
Version: 2.11.56+deb11u4
Severity: normal
Tags: patch

While trying to install a dedicated LTSP diskless workstation chroot, I 
noticed that running 'debian-edu-ltsp-install --dlw' fails in case the 
Debian Edu BD ISO image isn't available. This is due to a missing check.

To fix the issue on a system with 'LTSP-Server' profile, run as root:
sed -i 's/if ! mountpoint/if [ "true" == "$BD_ISO" ] \&\& ! mountpoint/' 
/usr/sbin/debian-edu-ltsp-install

Patch for the d-e-c git master branch:

diff --git a/sbin/debian-edu-ltsp-install b/sbin/debian-edu-ltsp-install
index 3c353202..90627977 100755
--- a/sbin/debian-edu-ltsp-install
+++ b/sbin/debian-edu-ltsp-install
@@ -18,7 +18,7 @@
 # Licence: GPL2+
 # first edited:2019-11-21
 
-version=2021-11-18
+version=2023-03-25
 
 set -e
 
@@ -598,7 +598,7 @@ EOF
mkdir -p /srv/ltsp/dlw
chmod 755 /srv/ltsp/dlw
# Use BD-ISO if available.
-   if ! mountpoint -q /media/cdrom ; then
+   if [ "true" == "$BD_ISO" ] && ! mountpoint -q /media/cdrom ; then
mount /media/cdrom
fi
if grep -q BD /etc/apt/sources.list && [ -f /media/cdrom/.disk/info ] ; 
then


Wolfgang


signature.asc
Description: PGP signature


Bug#1033448: black-box-terminal: Package was renamed and most probably should no longer exist

2023-03-25 Thread Barak A. Pearlmutter
Thanks for noting that.
Already filed for RM, see bugs.debian.org/1033450



Bug#1033450: ROM

2023-03-25 Thread Barak A. Pearlmutter
PS This is at ROM



Bug#1033421: newt: nopython not full respected

2023-03-25 Thread Jochen Sprickerhof

Control: severity -1 normal

Failing to cross build is not release critical, updating the severity 
accordingly.


Hi,

* henrynmail-deb...@yahoo.com  [2023-03-24 19:08]:

the build option "nopython" was not respected in all cases.
In rules exist a check for nopython in DEB_BUILD_PROFILES, but later in
Makefile.in it will overritten by setting PYTHONVERS again.
If libpython*-dev is not installed, the build breaks with

    Python.h: No such file or directory

The fail was detected by cross builing, but also exist in native builds.

# apt remove python3-all libpython3.11-dev libpython3.11-dbg python3-minimal
# dpkg-buildpackage -B "-Pnocheck noinsttest noudeb nopython" -uc -us
...
/bin/sh: 1: python3.11-config: not found
/bin/sh: 1: python3.11-config: not found
/bin/sh: 1: python3.11-config: not found
/bin/sh: 1: python3.11-config: not found
gcc -fPIC -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2
-I/usr/include/tcl8.6 -g -O2 -ffile-prefix-map=/tmp/newt/newt-0.52.23=.
-fstack-protector-strong -Wformat -Werror=format-security
-DMARCH="x86_64-linux-gnu" -fPIC -c -o python3.11/snack.o snack.c
snack.c:2:10: fatal error: Python.h: No such file or directory
    2 | #include "Python.h"
  |  ^~
compilation terminated.


This is actually interesting as the build continues despite the error 
(which maybe RC itself). An easy way to reproduce is:


sbuild --no-arch-all --profiles=nocheck,noinsttest,noudeb,nopython -d unstable 
newt --host=arm64 --build amd64

Cheers Jochen


signature.asc
Description: PGP signature


Bug#1033450: RM: black-box-terminal -- redundant with blackbox-terminal

2023-03-25 Thread Barak A. Pearlmutter
Package: ftp.debian.org
Severity: normal

Upstream requested we use the name blackbox-terminal instead of
black-box-terminal, for compatibility with other distribution
channels. So I changed the name up and uploaded to NEW, but was unable
to stop the old name black-box-terminal from getting through NEW. (I
tried to dcut, and when I realized that wouldn't work, I asked, but by
then it was too late.)

So, please remove source and binary packages black-box-terminal from
the archive, since it is identical (except for naming) with
blackbox-terminal.

tldr: RM black-box-terminal; KEEP (DO NOT RM) blackbox-terminal



Bug#1033449: unblock: fbb/7.011-2

2023-03-25 Thread Christoph Berg
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: f...@packages.debian.org, Debian Hamradio Maintainers 

Control: affects -1 + src:fbb

Please unblock package fbb. The new version fixes a segfault when
listing subdirectories. (Closes: #1032223)

The diff is unfortunately quite noisy since different quilt flags were
used when refreshing the patch where the bug was in. The effective
interdiff is this:

+Index: fbb-7.011/src/ibm.c
+===
+--- fbb-7.011.orig/src/ibm.c
 fbb-7.011/src/ibm.c
-@@ -205,13 +204,10 @@
+@@ -205,13 +204,13 @@ void format_ffblk (struct ffblk *blk, st
else
sprintf (filename, "%s/%s", blk->ff_base, dir->d_name);

 -  ret = lstat (filename, &st);
--
++lstat (filename, &st);
+
if (S_ISLNK (st.st_mode))
{
/* printf ("link\n"); */
blk->ff_attrib |= FA_LINK;
 -  ret = stat (filename, &st);
++stat (filename, &st);
if (S_ISDIR (st.st_mode))
{
blk->ff_attrib |= FA_DIREC;

I.e. the original patch mistakenly removed lstat, and the new patch
restores it to the original place. "ret" is dropped since the code
doesn't use it.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach git diff against the package in testing

unblock fbb/7.011-2

Christoph
diff --git a/debian/changelog b/debian/changelog
index 313edc3..4620c2c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+fbb (7.011-2) unstable; urgency=medium
+
+  * Team upload.
+  * Address segfault when listing subdirectories (Closes: #1032223)
+Thank you to Mike Quin for the bug report and patch.
+
+ -- tony mancill   Sun, 05 Mar 2023 09:53:13 -0800
+
 fbb (7.011-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/05-fix-compile-warnings b/debian/patches/05-fix-compile-warnings
index 485541e..0e87f45 100644
--- a/debian/patches/05-fix-compile-warnings
+++ b/debian/patches/05-fix-compile-warnings
@@ -1,9 +1,14 @@
-Fix trivial compiler warnings, mostly unused vars
+Description: Fix trivial compiler warnings, mostly unused vars
+  Thank you to Mike Quin for patching the patch.
+  See:  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032223
 Author: Colin Tuckley col...@debian.org
+Last-Update: 2023-03-02
 
 a/src/console.c
-+++ b/src/console.c
-@@ -254,7 +254,6 @@
+Index: fbb-7.011/src/console.c
+===
+--- fbb-7.011.orig/src/console.c
 fbb-7.011/src/console.c
+@@ -254,7 +254,6 @@ void connect_fen (void)
  
  void winputs (int voie, int attr, char *ptr)
  {
@@ -11,7 +16,7 @@ Author: Colin Tuckley col...@debian.org
  	int header;
  
  	if (attr == -1)
-@@ -265,7 +264,6 @@
+@@ -265,7 +264,6 @@ void winputs (int voie, int attr, char *
  	else
  		header = 0;
  
@@ -19,9 +24,11 @@ Author: Colin Tuckley col...@debian.org
  	window_write (voie, ptr, strlen (ptr), attr, header);
  }
  
 a/src/drv_mod.c
-+++ b/src/drv_mod.c
-@@ -575,11 +575,6 @@
+Index: fbb-7.011/src/drv_mod.c
+===
+--- fbb-7.011.orig/src/drv_mod.c
 fbb-7.011/src/drv_mod.c
+@@ -575,11 +575,6 @@ int lit_port_modem (int port)
  			ioctl (ptrcom->comfd, TIOCMGET, &mcs);
  			con = (mcs & TIOCM_CAR) ? 1 : 0;
  
@@ -33,7 +40,7 @@ Author: Colin Tuckley col...@debian.org
  			if ((svoie[voie]->sta.connect > 1) && (svoie[voie]->sta.connect < 17) && (!con))
  			{
  md_no_echo (voie);
-@@ -851,10 +846,12 @@
+@@ -851,10 +846,12 @@ int lit_port_modem (int port)
  			con = (nstat & 0x80) ? 1 : 0;
  #endif
  
@@ -46,9 +53,11 @@ Author: Colin Tuckley col...@debian.org
  
  			if ((svoie[voie]->sta.connect > 1) && (svoie[voie]->sta.connect < 17) && (!con))
  			{
 a/src/fwdovl5.c
-+++ b/src/fwdovl5.c
-@@ -737,14 +737,9 @@
+Index: fbb-7.011/src/fwdovl5.c
+===
+--- fbb-7.011.orig/src/fwdovl5.c
 fbb-7.011/src/fwdovl5.c
+@@ -737,14 +737,9 @@ void init_part (void)
  	}
  	else
  	{
@@ -63,9 +72,11 @@ Author: Colin Tuckley col...@debian.org
  		if (jour < 0)
  			jour += 31;
  		if (jour > 15)
 a/src/ibm.c
-+++ b/src/ibm.c
-@@ -190,7 +190,6 @@
+Index: fbb-7.011/src/ibm.c
+===
+--- fbb-7.011.orig/src/ibm.c
 fbb-7.011/src/ibm.c
+@@ -190,7 +190,6 @@ int getftime (int fd, struct ftime *ft)
  
  void format_ffblk (struct ffblk *blk, struct dirent *dir)
  {
@@ -73,23 +84,27 @@ Author: Colin Tuckley col...@debian.org
  	int year;
  	struct stat st;
  	struct tm *tm;
-@@ -205,13 +204,10 @@
+@@ -205,13 +204,13 @@ void format_ffblk (struct ffblk *blk, st
  	else
  		sprintf (filename, "%s/%s",

Bug#1033417: newt: missing Build-Depends docbook

2023-03-25 Thread Jochen Sprickerhof

Hi Henry,

* Henry N.  [2023-03-24 17:56]:

build in a minimal build environmet fails for docbook2html.

# apt source newt
# cd newt-0.52.23
# apt build-dep newt
... all dependency installed ...
# dpkg-buildpackage -B "-Pnocheck noinsttest noudeb" -uc -us
...
openjade:/tmp/newt-0.52.23/tutorial/../tutorial.sgml:1:61:W: cannot
generate system identifier for public text "-//Davenport//DTD DocBook
V3.0//EN"
openjade:/tmp/newt-0.52.23/tutorial/../tutorial.sgml:1:61:E: reference
to entity "ARTICLE" for which no system identifier could be generated
...
openjade:I: maximum number of errors (200) reached; change with -E
option
make[1]: *** [debian/rules:53: override_dh_auto_build] Error 8
make[1]: Leaving directory '/tmp/newt/newt-0.52.23'
make: *** [debian/rules:14: build-arch] Error 2
dpkg-buildpackage: error: debian/rules build-arch subprocess returned
exit status 2


I can't reproduce this with:

$ sbuild --no-arch-all --profiles=nocheck,noinsttest,noudeb -d unstable newt


Workaround: After installing "docbook" it works.


newt build depends on docbook-utils that depends on docbook-dsssl that 
depends on docbook so your minimal system should have installed that 
already. Can you please verify?


Downgrading accordingly.

Cheers Jochen


signature.asc
Description: PGP signature


Bug#1032423: lldb-15: Bug "No module named lldb.embedded_interpreter" reappeared again in lldb-15

2023-03-25 Thread Bernhard Übelacker

Dear Maintainer,
it looks like the searched file ends up here in the current package:
  /usr/lib/llvm-15/lib/python3.11/dist-packages/lldb/embedded_interpreter.py

But by inspecting the strace output it should probably be in this directory:
  /usr/lib/llvm-15/lib/python3/dist-packages/lldb

For a test I moved the files that way manually,
and it makes the error message go away.

Kind regards,
Bernhard



newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/lldb", 
{st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/lldb", 
{st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
newfstatat(AT_FDCWD, "/usr/lib/python3/dist-packages/lldb", 
{st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/lldb", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55ab0a60fdf0 /* 5 entries */, 32768) = 160
getdents64(3, 0x55ab0a60fdf0 /* 0 entries */, 32768) = 0
close(3)= 0
write(2, "Traceback (most recent call last"..., 35Traceback (most recent call 
last):
) = 35
write(2, "  File \"\", line 1, in ", line 1, in 

) = 39
write(2, "ModuleNotFoundError: No module n"..., 65ModuleNotFoundError: No 
module named 'lldb.embedded_interpreter'
) = 65


$ ls -lisah /usr/lib/python3/dist-packages/lldb
1045401 0 lrwxrwxrwx 1 root root 44  3. Jan 20:55 
/usr/lib/python3/dist-packages/lldb -> 
../../llvm-15/lib/python3/dist-packages/lldb


$ ls -lisah /usr/lib/llvm-15/lib/python3/dist-packages/lldb
insgesamt 8,0K
674672 4,0K drwxr-xr-x 2 root root 4,0K 25. Mär 11:02 .
674671 4,0K drwxr-xr-x 3 root root 4,0K 25. Mär 11:02 ..
6747020 lrwxrwxrwx 1 root root   51  3. Jan 20:55 libLLVM-15.0.6.so.1 -> 
../../../../../x86_64-linux-gnu/libLLVM-15.0.6.so.1
6747030 lrwxrwxrwx 1 root root   51  3. Jan 20:55 libLLVM-15.so.1 -> 
../../../../../x86_64-linux-gnu/libLLVM-15.0.6.so.1
6747010 lrwxrwxrwx 1 root root   47  3. Jan 20:55 _lldb.so -> 
../../../../../x86_64-linux-gnu/liblldb-15.so.1


$ dpkg -S embedded
python3-lldb-15: 
/usr/lib/llvm-15/lib/python3.11/dist-packages/lldb/embedded_interpreter.py



  1   2   >