Bug#1038986: Please enable Allwinner H6 modules

[Damon Tarry]

Package: src:linux
Version: 6.3.7-1
Severity: wishlist

Dear Maintainer,

Please enable the following modules to improve support for the
Allwinner H6. This applies to the arm64 kernel.
CONFIG_ARM_ALLWINNER_SUN50I_CPUFREQ_NVMEM
CONFIG_SUN50I_IOMMU
CONFIG_PHY_SUN50I_USB3
CONFIG_IR_SUNXI


Thanks

Bug#1037980: transmission-daemon: memory leaks

[Sandro Tosi]

On Fri, Jun 23, 2023 at 12:57 PM JT Hundley  wrote:
> Yes, we would like any kind of update. It's been over a week now :)

interesting, as i dont remember you syining a support contract with a
clear SLA, nor paying our salary to work on debian (after all it's a
volunteer project, which we do in our spare time, when life allows it)
nor ever contributing to transmission maintenance. So maybe chill?


-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Bug#1038985: baconqrcode: Support phpunit 10

[Athos Ribeiro]

Source: baconqrcode
Version: 2.0.8-1
Severity: normal
X-Debbugs-Cc: athoscribe...@gmail.com

Dear Maintainer,

As part of the phpunit 10 transition efforts, we found out that this
package FTBFS with phpunit 10.

The following salsa MR should fix the issue:

https://salsa.debian.org/php-team/pear/php-bacon-baconqrcode/-/merge_requests/1

Bug#1028659: angband-audio: should this package be removed?

[Alexandre Detiste]

Hi,

I pretty much salvaged Angband,
I need a sponsor now for an upload.

The mp3 files is the one reason
I need to repack yet again.
https://salsa.debian.org/games-team/angband

Yes it will still be usefull after this.

Greetings

Bug#873017: ITA: vim-rails -- vim development tools for Rails

[Thiago Marques]

retitle 873017 ITA: vim-rails -- vim development tools for Rails

Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Georg Faerber]

Control: tag -1 + patch

Hi,

Thanks for the report!

On 23-06-23 11:20:28, Andreas Beckmann wrote:
> Package: schleuder
> 
> during a test with piuparts I noticed your package fails to upgrade
> from 'buster' to 'bullseye' to 'bookworm'.
> It installed fine in 'buster', and upgraded to 'bullseye'
> successfully, but then the upgrade to 'bookworm' failed.

I believe that's caused by ruby-arel, the attached patches fix the issue
in my tests.

Andreas, are you able to test these in your environment?

All the best,
Georg
>From 45bc5cfff9adbacef1174d6bb9cd49ba8a90d860 Mon Sep 17 00:00:00 2001
From: Georg Faerber 
Date: Sat, 24 Jun 2023 00:14:47 +
Subject: [PATCH 1/2] debian/control: add Conflicts: ruby-arel

---
 debian/control | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/control b/debian/control
index 0f08e89..80a6f0c 100644
--- a/debian/control
+++ b/debian/control
@@ -32,6 +32,7 @@ Rules-Requires-Root: no
 
 Package: schleuder
 Architecture: all
+Conflicts: ruby-arel,
 Depends: adduser,
  cron | cron-daemon,
  default-mta | postfix | mail-transport-agent,
-- 
2.30.2

>From 009d8af740408deccafd477bbbeaf8eaa6d54ec1 Mon Sep 17 00:00:00 2001
From: Georg Faerber 
Date: Sat, 24 Jun 2023 00:15:10 +
Subject: [PATCH 2/2] debian/changelog: Debian release 4.0.3-8

---
 debian/changelog | 9 +
 1 file changed, 9 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index edb2aa8..9bda664 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+schleuder (4.0.3-8) unstable; urgency=medium
+
+  * debian/control:
+- Declare that schleuder conflicts with ruby-arel. Before, database
+  migration failed during an upgrade, if ruby-arel was installed.
+  (Closes: #1038935)
+
+ -- Georg Faerber   Sat, 24 Jun 2023 00:05:14 +
+
 schleuder (4.0.3-7) unstable; urgency=medium
 
   * Team upload
-- 
2.30.2

Bug#1038984: fonts-noto-mono: Combining overline U+0305 out of place

[Vincent Lefevre]

Package: fonts-noto-mono
Version: 20201225-1
Severity: normal

The combining overline U+0305 character appears out of place:

zira:~> printf "a\u0305e\n"
a̅e

It appears between the "a" and the "e" instead of over the "a".
See attached screenshot, taken in GNOME Terminal with Noto Mono 12.

-- Package-specific info:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version   Architecture Description
+++-==-=--=
ii  fontconfig 2.14.1-4  amd64generic font configuration 
library - support binaries
ii  libfreetype6:amd64 2.12.1+dfsg-5 amd64FreeType 2 font engine, 
shared library files
ii  libxft2:amd64  2.3.6-1   amd64FreeType-based font drawing 
library for X

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1038983: cppcheck FTBFS on architectures where char is unsigned

[Adrian Bunk]

Source: cppcheck
Version: 2.11-1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=cppcheck=2.11-1

...
Testing Complete
Number of tests: 4379
Number of todos: 346
Tests failed: 1

./test/testcondition.cpp:4483(TestCondition::alwaysTrue): Assertion failed. 
Expected: 
[test.cpp:6]: (style) Condition 'o[1]=='\0'' is always false\n

Actual: 
[test.cpp:4] -> [test.cpp:6]: (style) Condition 'o[1]=='\0'' is always false\n

_
make[1]: *** [debian/rules:51: override_dh_auto_test] Error 1

Bug#873017: I intend to adopt the vim-rails package

[Thiago Marques]

retitle 873017 ITA: vim-rails -- vim development tools for Rails

Hi,

I saw that the package is orphan, I'd like to adopt.

Regards,


-- 
*   Thiago Marques.*

Bug#1038149: libmemcached-dev missing depends (recommends?) on libssl-dev for libcrypto.pc

[Tianon Gravi]

On Thu, 15 Jun 2023 at 16:12, Tianon Gravi  wrote:
> When running `pkg-config --exists libmemcached` after installing
> libmemcached-dev, it returns a non-zero exit code.  When I run strace on
> it, I can see that it's looking for libcrypto.pc.

Feeling sheepish that I used "strace" to figure out the root cause
when pkg-config has a "please, give me error messages" flag I wasn't
aware of that makes the problem (and solution) much clearer:

| $ pkg-config --print-errors --exists -- libmemcached
| Package libcrypto was not found in the pkg-config search path.
| Perhaps you should add the directory containing `libcrypto.pc'
| to the PKG_CONFIG_PATH environment variable
| Package 'libcrypto', required by 'libmemcached', not found

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

Bug#1038981: Acknowledgement (capping maximum frequency no longer works in kernel 6.1)

[AlMa]

I take back "often" and "seldom" because after having heavily loaded the 
laptop with computations, I observed around 400 MHz for all 8 cores 
twice.  Though I did observe what I wrote, I cannot claim "often" and 
"seldom" for the future behavior beyond reasonable doubt.


So instead of

“… often (but not always!) the same: a few cores often (but not always!) 
resist and run at higher frequencies up to 2.4 GHz. Only seldom …“


please read

“… sometimes similar: a few cores sometimes resist and run at higher 
frequencies up to 2.4 GHz. Sometimes …”

Bug#1038982: RFS: dhcping/1.2-6 [ITA] -- DHCP Daemon Ping Program

[Boian Bonev]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "dhcping":

 * Package name : dhcping
   Version  : 1.2-6
   Upstream contact : Edwin Groothuis 
 * URL  : https://www.mavetju.org/unix/general.php
 * License  : BSD-2-Clause
 * Vcs  : https://salsa.debian.org/debian/dhcping
   Section  : admin

The source builds the following binary packages:

  dhcping - DHCP Daemon Ping Program

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/dhcping/

Alternatively, you can download the package with 'dget' using this
command:

  dget -x
https://mentors.debian.net/debian/pool/main/d/dhcping/dhcping_1.2-6.dsc

Changes since the last upload:

 dhcping (1.2-6) unstable; urgency=medium
 .
   * New maintainer (Closes: #934420)
   * Bump standards to 4.6.2, no changes
   * Mark patches as forwarded upstream (by email)
   * Add lintian overrides
   * Update metadata

Regards,
-- 
  Boian Bonev


signature.asc
Description: This is a digitally signed message part

Bug#1038981: capping maximum frequency no longer works in kernel 6.1

[Al Ma]

Package: linux-image-6.1.0-9-amd64
Version: 6.1.27-1
Below, I try to cap the frequency for each of my processor cores, but some 
cores resists:
# for i in `seq 0 7`; do echo "40"> 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_max_freq && cat 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_cur_freq; done 42 44 
399989 230 230 230 400013 399519
Moreover, the cores that resist changes each time; e.g., the next run yields 
this:
# for i in `seq 0 7`; do echo "40"> 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_max_freq && cat 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_cur_freq; done 400024 230 
42 400020 230 40 399930 48
I tried to read the frequency via /proc/cpuinfo:
# for i in `seq 0 7`; do echo "40"> 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_max_freq; done && cat 
/proc/cpuinfo | grep MHz cpu MHz : 400.001 cpu MHz : 399.989 cpu MHz : 2300.000 
cpu MHz : 400.107 cpu MHz : 1028.210 cpu MHz : 399.942 cpu MHz : 400.001 cpu 
MHz : 400.004
I also tried to use tlp (yes, I said TLP_DEFAULT_MODE=BAT, 
TLP_PERSISTENT_DEFAULT=1, CPU_BOOST_ON_BAT=0, and CPU_HWP_DYN_BOOST_ON_BAT=0) 
and sysfs packages; all methods yield the similar results: capping the 
frequency of all cores doesn't work. I tried to cap all at, say, 800 MHz, 1.2 
GHz, and 2 GHz instead, but the result is often (but not always!) the same: a 
few cores often (but not always!) resist and run at higher frequencies up to 
2.4 GHz. Only seldom I see the expected:
# for i in `seq 0 7`; do echo "40"> 
/sys/devices/system/cpu/cpu$i/cpufreq/scaling_max_freq; done && cat 
/proc/cpuinfo | grep MHz cpu MHz : 400.004 cpu MHz : 399.988 cpu MHz : 399.999 
cpu MHz : 400.011 cpu MHz : 399.980 cpu MHz : 400.048 cpu MHz : 400.002 cpu MHz 
: 400.008
But running cat /proc/cpuinfo | grep MHz a few seconds later yields again a few 
lines with 2300.000.
The governor is powersave everywhere.
For kernel 5 with Debian 11 (which I can no longer test), everything worked 
like a charm (or at least I always observed all-400-MHz back then). So either 
the new kernel is erroneous or my processor broke somehow (perhaps, during the 
upgrade). It has Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz.
Who is the culprit? What to do?
Gratefully,
AlMa

Bug#773385: Ping

[Dima Kogan]

Niels Thykier  writes:

> From my PoV, what you experience here with find is a complete different 
> problem.
>
> By default, apt-file uses the `APT::Architectures` configuration variable to
> determine which architectures to search for[1].  If APT's default is not 
> correct
> here and you do not APT to see arm64, then please add the corrected
> `APT::Architectures` to `/etc/apt/apt-file.conf`.

Well yeah. I totally get that this is what it's doing, I'm just
unconvinced that it should be doing this.

I can give you patches, but let's agree on what the patch should do
before I do any work.

apt-cache has databases for every enabled architecture. So the proposal
is to search ALL of them and report ALL the results. If the user wants
to limit the search, they can pass -a or grep the output, or whatever.

Would you accept such a patch?

Thanks for working on apt-file!

Bug#1038980: ITP: guile-avahi -- guile bindings for avahi

[Vagrant Cascadian]

Package: wnpp
Owner: Vagrant Cascadian 
X-Debbugs-Cc: debian-de...@lists.debian.org, vagr...@debian.org, l...@gnu.org

Severity: wishlist

* Package name: guile-avahi
  Version : 0.4.1
  Upstream Contact: l...@gnu.org, guile-avahi-b...@nongnu.org
* URL : https://www.nongnu.org/guile-avahi/
* License : LGPL, GPL, permissive
  Programming Lang: guile, C
  Description : guile bindings for avahi

 This package provides bindings for Avahi. It allows programmers to
 use functionalities of the Avahi client library from Guile Scheme
 programs. Avahi itself is an implementation of multicast DNS (mDNS) and DNS
 Service Discovery (DNS-SD).

guile-avahi is a build-dependency for guix, although it can
technically be built without it and does not use avahi by default, if
enabled at runtime, it errors out in non-obvious ways:

  https://lists.gnu.org/archive/html/help-guix/2023-06/msg00083.html
  https://bugs.debian.org/1038916

Draft packaging available:

  https://salsa.debian.org/vagrant/guile-avahi

Currently, guix and related guile packages are primarily maintained by
me alone, but would welcome help!

live well,
  vagrant

Bug#1038926: cvs fails with "rsh: No host specified!"

[Thorsten Glaser]

tags 1038926 + unreproducible
thanks

Hello Christian,

>Package: cvs
>Version: 2:1.12.13+real-28

>After the latest Debian update (the new stable release),
>CVS suddenly stopped to function completely for me.

if you’ll have a look at the versions, you’ll see that cvs has
the same version in bullseye and bookworm, it’s bit for bit
identical, so this is very much a you problem, I’m afraid.

>First, I got an error message about 'rsh' not found (and indeed

CVS in Debian has defaulted to use ssh as CVS_RSH since the
late 2000s. You should not use rsh, unless you _really_ use
it to connect to the CVS server. It’s an insecure, unencrypted
protocol of the previous millennium.

Let’s try to debug this then!

First, check your environment ($CVS_RSH in particular) and,
if you have a ~/.cvsrc file, that one as well. Also, check
your CVSROOT (both in the environment, the -d option if you
use it, and in the CVS/Root files in your working copy) if
it sets the rsh somewhere.

You can also execute the command…

$ cvs -nttt up -l

… in your working copy somewhere. It will not change the
filesystem (-n), run verbosely (-t for trace), and just try
to update the directory without subdirectories, to keep the
output shorter.

>timed out'.  This is using the cvs.savannah.gnu.org server.  Note

Works for me…

$ cvs -qd :ext:mirabi...@cvs.savannah.gnu.org:/web/grub rls -l grub
 2017-10-11 11:59:01 +0200 1.2.htaccess
 2004-04-16 12:55:22 +0200 1.4.symlinks
 2006-04-16 19:07:40 +0200 1.1bg.png
 2021-08-31 17:07:23 +0200 1.6grub-bugs.html
 2021-08-31 17:07:23 +0200 1.5grub-development.html
 2021-08-31 17:07:23 +0200 1.9grub-documentation.html
 2021-08-31 17:07:23 +0200 1.9grub-download.html
 2021-08-31 17:07:23 +0200 1.6grub-faq.html
 2021-08-31 17:07:24 +0200 1.5grub-legacy-support.html
 2021-08-31 17:07:24 +0200 1.6grub-legacy.html
 2021-08-31 17:07:24 +0200 1.5grub-mailinglist.html
 2021-08-31 17:07:24 +0200 1.33   grub-soc.html
 2010-02-10 20:36:02 +0100 1.4grub.css
 2021-08-31 17:07:24 +0200 1.7grub.html
 2021-08-31 18:28:17 +0200 1.5index.html
 2010-02-10 20:36:02 +0100 1.2print.css
d--- 2010-02-10 20:36:03 +0100archive
d--- 2019-07-05 13:50:16 +0200manual
d--- 2010-06-07 22:40:01 +0200newdesign
d--- 2006-04-16 19:22:23 +0200olddesign20060415
d--- 2004-10-12 01:53:49 +0200oldwebsite_before20041011
d--- 2021-08-31 17:07:25 +0200templates

If you try this and it DOESN’T work for you, do it:

• in a directory that’s NOT a CVS working copy (in / if you must)
• add the -f option *before* the rls to skip ~/.cvsrc

bye,
//mirabilos
PS: Please reply to the bug, not to me directly, or get a proper eMail
provider; Googlemail does not play with others but the BTS should
(hopefully) work.
-- 
16:06⎜ Thank god I found you =)   20:03│«bioe007:#cvs» mira2k: ty
18:36⎜«ThunderChicken:#cvs» mirabilos FTW!  23:03⎜«mithraic:#cvs» aaah. thanks
18:50⎜«grndlvl:#cvs» thankyou18:50⎜«grndlvl:#cvs» worked perfectly
23:39⎜ this worked, thank you very much 16:26⎜ ok
20:08⎜ ...works like a charm.. thanks mirabilos

Bug#1038979: guava-libraries: CVE-2020-8908 CVE-2023-2976

[Salvatore Bonaccorso]

Source: guava-libraries
Version: 31.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerabilities were published for guava-libraries.

CVE-2020-8908[0]:
| A temp directory creation vulnerability exists in all versions of
| Guava, allowing an attacker with access to the machine to
| potentially access data in a temporary directory created by the
| Guava API com.google.common.io.Files.createTempDir(). By default, on
| unix-like systems, the created directory is world-readable (readable
| by an attacker with access to the system). The method in question
| has been marked @Deprecated in versions 30.0 and later and should
| not be used. For Android developers, we recommend choosing a
| temporary directory API provided by Android, such as
| context.getCacheDir(). For other Java developers, we recommend
| migrating to the Java 7 API
| java.nio.file.Files.createTempDirectory() which explicitly
| configures permissions of 700, or configuring the Java runtime's
| java.io.tmpdir system property to point to a location whose
| permissions are appropriately configured.


CVE-2023-2976[1]:
| Use of Java's default temporary directory for file creation in
| `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on
| Unix systems and Android Ice Cream Sandwich allows other users and
| apps on the machine with access to the default Java temporary
| directory to be able to access the files created by the class.  Even
| though the security vulnerability is fixed in version 32.0.0, we
| recommend using version 32.0.1 as version 32.0.0 breaks some
| functionality under Windows.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-8908
https://www.cve.org/CVERecord?id=CVE-2020-8908
[1] https://security-tracker.debian.org/tracker/CVE-2023-2976
https://www.cve.org/CVERecord?id=CVE-2023-2976

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#986545: RFP

[matthias . geiger1024]

Can be tested/built once newer gtk is in unstable ( and libadwaita has to go 
through NEW). fairly minimal otherwise, like obfuscate. my wip is here: 
https://salsa.debian.org/werdahias/gnome-tour
regards,
---
Matthias Geiger (werdahias)
-BEGIN PGP PUBLIC KEY BLOCK-

mQINBGJGNsQBEADCVylaCtYtBQW4NmDrZOIizSrVlv5ZJ5WJ128MAblWk3fRFPya
Cs/klkTT58ehBSr61sXVP+NpkF7MWOBu2CNg66U40a/Eb+v4poxNaIjXKvQtf51S
y5yGwmTc7IJg8HuohT7K3/pcsEt0jvYSwvvDFUIz5WdOR5RmB7WkDRGh8Zaior3z
tzx6AKhx/aXmAc/i4BDavDxZeFC0d79H3S1+TvFsvhyIZXIFTB0sTzWreZZxSOjk
Mz6xxgWGdc27lsbZbKU7N+c+GnWrRlTjimU1AfPLJQgehIejR9pSyZ2Y5BAqB7Qr
f8Tvc8jc1kDx473sUUla6ELEuJMIISK1qam/B7buxZ1r/ngWRiQsqAHznm7OYk69
ttXBeHxS1b+HrcJMWfROkzsTuG6G//axMCb6x0MuyOgLXk87aDnDx1fPn62R+tq7
T4JvW51TSnlNNh75zA+8w3UzDHy2By0H6NSfiLerNnF7LGCXk7AiwQsaplrEjo/1
/4NraAqy1eO69SyozSiRuuA5KemlyPwJokpp2HMJX3cry2J7lV0+wnaaorQzz5Fi
7gRRlqXrOGwEcEG6i62VbIv2VW3Zy+qjaD3HRWXfKXXjpXske41Trv2qPI2/kGtJ
TRWSWdTQ42oYOaEg/KUh0GnEoZerj50JC1qGmwElKYgd+2XQ8qR7uIB5qQARAQAB
tDFNYXR0aGlhcyBHZWlnZXIgPG1hdHRoaWFzLmdlaWdlcjEwMjRAdHV0YW5vdGEu
ZGU+iQJUBBMBCgA+FiEEwuGmy/3s5RGopBdtGL0QaztsVHUFAmJGNsQCGwMFCQPC
ZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQGL0QaztsVHVMxQ/+M5JEQ5wk
DDblHGUlK8IBnPM5peuDrMdQAsOQ5nSv90gl4z4HkRgomS70xMpvoS+g/8hPym4G
PXpSFJsZWjFevACWMzZO84pqJhPaFnmjh3utkkiblNf8Wi350K+luAlRvT1FVD6i
HM6kOxU0P9t9+PU38FH299oRw2qEqDw5Wx+Hrnp4gaGv1mssvAMiXeaaPGx4KSz8
sNXADHJDo78U6RGJM/rSng/8M7zd3c6E8MIH958mlWjUb8T10AZ/otH3nFSRIfds
5MdnnrsKAK3DMW4RanRWHPvTsICDDkuRvigd32waQRdZeA3dNbPxM6tKDL9GEH8Q
AnkShJ7VmTXP9CV20vj15mleoeDMgqhX5KEOsc3DMnKcVqdb9CzHj6jNSFUverk1
bBNaJpIiWwtwjueR4Hgdof80AAgRin4YnWaOaPTSusrKyN8dCRVcRIbauVooWLil
q2OrWftDVmmNciwoHr5/WDPNgkv9DAgY+DX8Y8LMWAkXgpB0KniiQaLzrW34zjnP
ALTLTIvNid6YX8KOY6KhAVWfVdMC5j6GEGfbfyMLz63YPxA9Q1Af6oXS8MbdHyBw
JV8ns2xm5fD2vZVw6JI1e8AMMDjH2fAqmH23MG0fN0zd2NUToHmvhX9APSzJIbET
doFPn/mI/az4Oh24WHf3Ozr+XEDyWcyy1y+5Ag0EYkY2xAEQANL26Ixtq1QMUM+5
MHl2FK4foRODoKHe4ZzdOAumUBPJE/pxGVlVxCqzC+LUeFvA8LTYCt1B60yRveYR
4mmPTA7nAerG2m4aQPeIfzz6HXWkiu9mzgxqjhPxitiMR5f1du1rAWGPZxSkhdW6
fDWT4PkHoY78jbQXWYEnV85rwtZIZIduHGKWzyxln3qjrefmB04QkPJ2BDOsRTtD
YeNddHAvcgZtyepqZka9lpowQTY6TXwM8uYArEa7Hll/4r9rcvkVQUxf8jqYpZ3v
PLSzvvaDouH7WAg5nUaTeWAQdSq108rNRSTgScLZWjwmhFBA46RneRpij2OJ0lW4
QqFTlldjWXzgGj6u4nbXrSERGaPwyLGIkHoKbnTAm7791d/Y5UQImuPb1tIg5Pf7
OhtyWw3bstVDa5MvIUuGpi5yKPirhrtAfdZ3H2/HR814JuL2BYdjyCuR/Sj/lZTx
+gJ0bm+Llr0KZDhjKMeWaqVqsD4bybgEe4d3zE4sj9GZ0tNUvXfPaRGY6tgh9sgT
Iy28vnyYpFX+oSIZXRreDpfzyjDhvNbB+AFsPN5OXqaBpmu/378T5nRpUj/qbqEZ
EsloCbAmgHfvIysQWYdJ+63S3ZqpbEQRa4Y7DeybaLi8xTMfdWa19T7vQY3mVWn5
ZooycK4fkbedu19+5l8zfhR7oWyBABEBAAGJAjwEGAEKACYWIQTC4abL/ezlEaik
F20YvRBrO2xUdQUCYkY2xAIbDAUJA8JnAAAKCRAYvRBrO2xUdRuPD/4tdAf8nxsA
upo5O99E4AS59OTXPQuVgt1U2Z7ssDvZ3O6qbZvIBWQ0NqnCsprCt71M6cWC2dkq
WUs3oRRu4IzuB4LErcTr597k+iltJ60rhDL/hxSumToH6FSX1w8EWJVg3xgP4U39
HSx6QOlZ3bTgd9dS5S46jOptIYzX5wYkNzyMj1hbmTg0lVyMtWjqfCLNmF3EzGGC
BLR3tMOxZURrxx8tL48iJlFyxJG3XahoyxDSNepo5HZ+AUnNq2TJPoPJQfb1/GB/
/LycKSXWgblyWuGRlgoCE1JcdwuRM5hI2xugZQrhgZaPUBch1MSoiIqwgR1A8NPL
iypUPnwG4vEaVbMtem7OUghsx+fYwuGq0T7/ezjyVRv86U2gU1bmbxojct1AXSCT
FCCR3Y8QAHV9o8U/eZ1XzcEZsXFd6siO5nEBl9HaTHh5gWDrk/molP85S7Y9JIBP
wZygBjWOPCCkFlIuiPQlXsJezVu93ydz7uCNIJfHv30oVedcYHN1Wr7B/1j8wXMy
wqW4Nw54yZ8zaJIo01Khym6cFFVXoAUZa+5QRvSmjnm1Go+ZwZA9i7zo/6LLSpeR
04+4a1Daysk0fTf+DscrxQbUBZX17e1n/EtLS8/pp+Xb/k1JK1iiNcdpfLJ7RNik
GX00szhWs5riRMzIibFDsE/FyYVNX2VHQg==
=onWA
-END PGP PUBLIC KEY BLOCK-

Bug#1038903: initscripts: orphan-sysvinit-scripts needs to be a prerequisite, not optional.

[Thorsten Glaser]

On Fri, 23 Jun 2023, Matthew Vernon wrote:

>> Nothing for orphan-sysvinit-scripts, which *really* surprises me,
>> as I’m certain we discussed this earlier.
>
> You may be remembering bullseye? After quite a lot of wrangling, we got a 
> short
> note added to the release notes[0] and installation guide[1] both of which
> basically pointed to the wiki[2].

Might be. But maybe we should figure out a text to state that o-s-s
is now really needed for some packages, perhaps enumerate those that
have it in bookworm and hint at that there are more coming in trixie,
then try to get that added to the release notes while not too many
people have already updated.

> I don't recall any discussion about bookworm release notes; I think if you'd
> have asked me I would have said that Recommends: should be enough for most
> cases!

I think these are orthogonal; Recommends definitely fully suffices
on the package level, but docs are usually still helpful (plus we
can tell people to just RTFM ☻☺).

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg


/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against  Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!

Bug#1038978: deja-dup: Relies on PyDrive or PyDrive2 but neither of these packages available in Debian 12

[Chris Chapman]

Package: deja-dup
Version: 44.0-2
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

Installed Deja-Dup on a new installation of Debian 12.
After setting up backup location of Google Drive attempted to run first backup.
Received error stating that requires googleapi and PyDrive.
Able to install python3-googleapi from Debian 12 repository.
However, PyDrive is depreciated and not available in Debian 12 or any other 
version of debian.
python3-pydrive2 is availabe currently in sid (unstable) but not debian 12.
Without python-pydrive2 installed on system backup to google drive cannot 
function on debian 12, but this package is not available in debian 12. 

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Backup to google drive not possible due to dependency not available in Debian 
12.

   * What was the outcome of this action?

Backup failed. 

   * What outcome did you expect instead?

Backup to be successful. 

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages deja-dup depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  duplicity0.8.22-1+b3
ii  libadwaita-1-0   1.2.2-1
ii  libc62.36-9
ii  libglib2.0-0 2.74.6-2
ii  libgpg-error01.46-1
ii  libgtk-4-1   4.8.3+ds-2
ii  libjson-glib-1.0-0   1.6.6-1
ii  libpackagekit-glib2-18   1.2.6-5
ii  libpango-1.0-0   1.50.12+ds-1
ii  libsecret-1-00.20.5-3
ii  libsoup-3.0-03.2.2-2

Versions of packages deja-dup recommends:
ii  gvfs-backends  1.50.3-1
ii  packagekit 1.2.6-5
ii  policykit-1122-3

Versions of packages deja-dup suggests:
ii  python3-pydrive2  1.15.0-2

-- no debconf information

Bug#1038977: flvmeta: CVE-2023-36243

[Salvatore Bonaccorso]

Source: flvmeta
Version: 1.2.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/noirotm/flvmeta/issues/19
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for flvmeta.

CVE-2023-36243[0]:
| FLVMeta v1.2.1 was discovered to contain a buffer overflow via the
| xml_on_metadata_tag_only function at dump_xml.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36243
https://www.cve.org/CVERecord?id=CVE-2023-36243
[1] https://github.com/noirotm/flvmeta/issues/19
[2] 
https://github.com/noirotm/flvmeta/commit/7b91e5656e27b16639c8de156878c7624346cbd4

Regards,
Salvatore

Bug#1038976: gifsicle: CVE-2023-36193

[Salvatore Bonaccorso]

Source: gifsicle
Version: 1.93-2
Severity: normal
Tags: security upstream
Forwarded: https://github.com/kohler/gifsicle/issues/191
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for gifsicle.

CVE-2023-36193[0]:
| Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via
| the ambiguity_error component at /src/clp.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36193
https://www.cve.org/CVERecord?id=CVE-2023-36193
[1] https://github.com/kohler/gifsicle/issues/191
[2] 
https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1038003: xtrx-dkms: module fails to build for Linux 6.3: error: assignment of read-only member 'vm_flags'

[Ying-Chun Liu (PaulLiu)]

Hi all,

I've fixed this bug.
I plan to do NMU after 10 days if no one complains.
It will be uploaded to delay/10 queue.
The debdiff is as attachment.


Yours,
Paul
diff -Nru xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/changelog 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/changelog
--- xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/changelog2023-01-21 
03:20:02.0 +0800
+++ xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/changelog2023-06-24 
04:22:04.0 +0800
@@ -1,3 +1,11 @@
+xtrx-dkms (0.0.1+git20190320.5ae3a3e-3.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix dkms build failure with kernel 6.3 (Closes: #1038003)
+- add debian/patches/0003-xtrx.c-fix-build-error-with-kernel-6.3.patch
+
+ -- Ying-Chun Liu (PaulLiu)   Sat, 24 Jun 2023 04:22:04 
+0800
+
 xtrx-dkms (0.0.1+git20190320.5ae3a3e-3.2) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0002-xtrx.c-fix-build-error-with-kernel-6.1.patch
 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0002-xtrx.c-fix-build-error-with-kernel-6.1.patch
--- 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0002-xtrx.c-fix-build-error-with-kernel-6.1.patch
2023-01-21 03:20:02.0 +0800
+++ 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0002-xtrx.c-fix-build-error-with-kernel-6.1.patch
2023-06-24 04:22:04.0 +0800
@@ -4,6 +4,7 @@
  const pointer when building with kernel version >= 6.1
 Forwarded: https://github.com/xtrx-sdr/xtrx_linux_pcie_drv/pull/15
 Author: Ying-Chun Liu (PaulLiu) 
+Bug-Debian: http://bugs.debian.org/1029135
 Last-Update: 2023-01-21
 Index: xtrx-dkms-0.0.1+git20190320.5ae3a3e/xtrx.c
 ===
diff -Nru 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0003-xtrx.c-fix-build-error-with-kernel-6.3.patch
 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0003-xtrx.c-fix-build-error-with-kernel-6.3.patch
--- 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0003-xtrx.c-fix-build-error-with-kernel-6.3.patch
1970-01-01 08:00:00.0 +0800
+++ 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/0003-xtrx.c-fix-build-error-with-kernel-6.3.patch
2023-06-24 04:22:04.0 +0800
@@ -0,0 +1,58 @@
+From 68d80b30a74db6c767f9b4d555d7243930c955c4 Mon Sep 17 00:00:00 2001
+From: "Ying-Chun Liu (PaulLiu)" 
+Date: Sat, 24 Jun 2023 04:19:51 +0800
+Forwarded: https://github.com/myriadrf/xtrx_linux_pcie_drv/pull/17
+Bug-Debian: http://bugs.debian.org/1038003
+Last-Update: 2023-06-24
+Subject: [PATCH] xtrx.c: fix build error with kernel 6.3
+
+vma->vm_flags is now read-only. We need to use vm_flags_set() instead.
+
+Please refer kernel commit bc292ab00f6c
+("mm: introduce vma->vm_flags wrapper functions")
+
+Signed-off-by: Ying-Chun Liu (PaulLiu) 
+---
+ xtrx.c | 12 
+ 1 file changed, 12 insertions(+)
+
+Index: xtrx-dkms-0.0.1+git20190320.5ae3a3e/xtrx.c
+===
+--- xtrx-dkms-0.0.1+git20190320.5ae3a3e.orig/xtrx.c
 xtrx-dkms-0.0.1+git20190320.5ae3a3e/xtrx.c
+@@ -1072,7 +1072,11 @@ static int xtrxfd_mmap(struct file *filp
+   return -EINVAL;
+   }
+   //vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
+   vma->vm_flags |= VM_LOCKED;
++#else
++  vm_flags_set(vma, VM_LOCKED);
++#endif
+ 
+   if (remap_pfn_range(vma, vma->vm_start,
+   
virt_to_phys((void*)((unsigned long)xtrxdev->shared_mmap)) >> PAGE_SHIFT,
+@@ -1087,7 +1091,11 @@ static int xtrxfd_mmap(struct file *filp
+   unsigned long pfn;
+   int bar = (region == REGION_CTRL) ? 0 : 1;
+   vma->vm_page_prot = pgprot_device(vma->vm_page_prot);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
+   vma->vm_flags |= VM_IO;
++#else
++  vm_flags_set(vma, VM_IO);
++#endif
+   pfn = pci_resource_start(xtrxdev->pdev, bar) >> PAGE_SHIFT;
+ 
+   if (io_remap_pfn_range(vma, vma->vm_start, pfn,
+@@ -1112,7 +1120,11 @@ static int xtrxfd_mmap(struct file *filp
+   }
+ 
+   //vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)
+   vma->vm_flags |= VM_LOCKED;
++#else
++  vm_flags_set(vma, VM_LOCKED);
++#endif
+ 
+   for (i = 0, off = 0; i < BUFS; ++i, off += bufsize) {
+ #ifdef VA_DMA_ADDR_FIXUP
diff -Nru xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/series 
xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/series
--- xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/series   2023-01-21 
03:20:02.0 +0800
+++ xtrx-dkms-0.0.1+git20190320.5ae3a3e/debian/patches/series   2023-06-24 
04:21:41.0 +0800
@@ -1,2 +1,3 @@
 

Bug#1038975: sngrep: CVE-2023-36192

[Salvatore Bonaccorso]

Source: sngrep
Version: 1.7.0-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/irontec/sngrep/issues/438
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for sngrep.

CVE-2023-36192[0]:
| Sngrep v1.6.0 was discovered to contain a heap buffer overflow via
| the function capture_ws_check_packet at /src/capture.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-36192
https://www.cve.org/CVERecord?id=CVE-2023-36192
[1] https://github.com/irontec/sngrep/issues/438
[2] 
https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Bug#1038660: desktop-base: please set a placeholder theme during development, different from any release

[Aurélien COUDERC]

Dear Jonathan,

Le 23 juin 2023 16:33:43 GMT+02:00, Jonathan Carter  a écrit :
>On 2023/06/19 20:50, Simon McVittie wrote:
>> Prior art: GNOME applications built from their alpha/beta branches often
>> have yellow and black stripes (resembling hazard tape) overlaying part
>> of their icon, and a gear-wheel motif in the titlebar, to distinguish
>> them from the stable version of the same application.
>
>I've been playing with the idea of "egg", a theme based on Juliet Taka's 
>Homeworld theme, previously used on Debian 11.
>
>The egg represents something that hasn't hatched yet, screenshot attached. I 
>can probably work on this a bit more after I've taken care of the live bugs 
>for 12.1.
>
>Any thoughts?

I don't think I would have seen the « egg » look of it without the subtitle, 
but I do like it. 

Are you willing to work on the whole theme including login background, 
wallpaper (and maybe lock screen) variants ? The dark version of the wallpaper 
? (OK we don't even have that until now, but… why not !)

Also while at it I'd like to be able to ship each theme in their own 
debian-artwork-${release} binary package (including that testing theme), but 
still handle the theme n->theme testing->theme n+1 transition automagically for 
users.

I've pondered over it a couple of times but couldn't come up with a nice way of 
doing it.

Thoughts ?

--
Aurélien

Bug#1038974: grub2: Update Linux erases Windows entry in boot list

[bud]

Package: grub2
Severity: important
File: grub2
X-Debbugs-Cc: budheal...@gmail.com

Dear Maintainer,

   * What led up to the situation?
I installed the 2023-04-24 weekly build, downloaded the 2023-06-05 build and 
used that as the jigdo base to download bookworm 12.0.0
Then I added the 21 DVD images and synaptic suggested adding the online main 
repository. After apt-get update --allow-insecure-repositories, I rebooted.
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
The computer booted into bookworm. However, the existing option to boot Windows 
is no longer available. Looking in the Advanced options finds the prior Linux 
entry. 

Compare Bugs #1033985, #1008294 and #250626

   * What was the outcome of this action?
Without a Windows option, there is a suggestion in bug #1033985 that os-prober 
will help set me reset the grub list. Otherwise, the Windows DVD will 
contrarily erase grub. I only added a Linux partition to this laptop to 
investigate a HDMI bug, as this one has HDMI, VGA and DisplayPort connectors.
   * What outcome did you expect instead?
Just because the Linux kernel has been updated, any existing entries should not 
be erased - except for the one being replaced. 

An update should not erase the settings the user or administrator has added to 
customize the system. This looks like a bug.

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/sda5 / ext4 rw,relatime,errors=remount-ro 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_msdos
insmod ext2
set root='hd0,msdos5'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos5 
--hint-efi=hd0,msdos5 --hint-baremetal=ahci0,msdos5  
e1d60c55-5261-4de0-9689-725d6a1ecc08
else
  search --no-floppy --fs-uuid --set=root e1d60c55-5261-4de0-9689-725d6a1ecc08
fi
font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_msdos
insmod ext2
set root='hd0,msdos5'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos5 
--hint-efi=hd0,msdos5 --hint-baremetal=ahci0,msdos5  
e1d60c55-5261-4de0-9689-725d6a1ecc08
else
  search --no-floppy --fs-uuid --set=root e1d60c55-5261-4de0-9689-725d6a1ecc08
fi
insmod png
if background_image /usr/share/desktop-base/emerald-theme/grub/grub-4x3.png; 
then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-e1d60c55-5261-4de0-9689-725d6a1ecc08' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_msdos
insmod ext2
set root='hd0,msdos5'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos5 
--hint-efi=hd0,msdos5 --hint-baremetal=ahci0,msdos5  
e1d60c55-5261-4de0-9689-725d6a1ecc08
else
  search --no-floppy 

Bug#1038023: angband: Depends on SDL 1.2

[Alexandre Detiste]

tag 1038023 +fixed-upstream
thanks

The new upstream releases 4.x provide SDL2 and a lot of other niceties

The VCS Url still point to Alioth.

Can the last upload be imported on Salsa ?

Greetings

https://angband.readthedocs.io/en/latest/customize.html#interface-details
>Interface details
>
>Below are brief descriptions for what you can configure with the standard
>Windows, X11, SDL, SDL2 and Mac front ends.

Bug#1038973: ITP: python-hatch-fancy-pypi-readme -- Hatch metadata plugin for fancy PyPI READMEs

[Timo Röhling]

Package: wnpp
Severity: wishlist
Owner: Timo Röhling 
X-Debbugs-Cc: debian-de...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-hatch-fancy-pypi-readme
  Version : 23.1.0
  Upstream Author : Hynek Schlawack and the hatch-fancy-pypi-readme contributors
* URL : https://github.com/hynek/hatch-fancy-pypi-readme
* License : Expat
  Programming Lang: Python
  Description : Hatch metadata plugin for fancy PyPI READMEs

This plugin is for everyone who cares about the first impression of their
project’s PyPI landing page. It allows you to define your PyPI project
description in terms of concatenated fragments that are based on static
strings, files, and most importantly: parts of files defined using cut-off
points or regular expressions.

Once you’ve assembled your readme, you can additionally run regular
expression-based substitutions over it. For instance to make relative links
absolute or to linkify users and issue numbers in your changelog.

This is a new dependency of python-attrs. The package will be team-maintained
under the umbrella of the Debian Python Team 
at https://salsa.debian.org/python-team/packages/python-hatch-fancy-pypi-readme


-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmSV/+oACgkQ+C8H+466
LVmBMQv/QdiPzR3mGuV/nbHKFstOyD4+cV2Qs3LqWdKoWa5HqdJQ3OnOz7Td/EUn
p4dBYnQhfGTOSf4+SCMkkMA9OzBusvFTZ7V4h5SCIyGjxeqlzz+V39cNsQmYrSpk
c1De8I4539VvfyMGUAMvwUQEm6ZiJC6wNU/eC421UVBtUHZ828jHbiyV6nAYeO7B
p5hAdx0DG1RBDDM9+21uS1rM4n73boidt1y63FFb2N2FlqeiUzjGI0atGnArg6MU
QHdvSQ7FIx5FPo9Jtl8uJTLpbo8rJ9TFjHPwVY9Fu6lgSdo0PLDMA94yJTDttsWR
Zk+PxipSwvtSGZCjQ0eEi3LJ06NxvQUoCbLod81UDOaDkUjSgtHMaN1rCuT5PT04
YRuZba/vMfs9FbPd8AErBzTr7ldehKhKyJbMr9VnYJdF+2pz2mn9Z+VevegLTjQs
q47266yQuxnAHX+5Ng8jMndpuyVif7OJnnKLNaVibuyEHavDWabUAKcA1eikIyAz
2UMfLnlM
=Buse
-END PGP SIGNATURE-

Bug#1036950: schleuder: fails to upgrade from 'buster': insufficient dependency on ruby-activerecord (>= 2:6)

[Georg Faerber]

Control: tag -1 + confirmed bullseye
Control: X-Debbugs-CC: gitcom...@henk.geekmail.org

Hi,

Thanks for reporting this, and sorry for my delay in answering:

On 23-06-23 09:34:13, Andreas Beckmann wrote:
> Followup-For: Bug #1036950
> Control: tag -1 patch
> Control: retitle -1 schleuder: fails to upgrade from 'buster': insufficient 
> dependency on ruby-activerecord (>= 2:6)
> 
> I'm currently testing the attached patch ...

This makes sense -- thanks a lot. Actually, Hendrik Jäger (Cc:ed)
reported this issue and provided a patch [1], which was uploaded to
unstable on 2022/12/26 via 4.0.3-7. After a review of the patch, I also
noticed this only targeted Build-Depends, but not Depends.

Unfortunately, up until now, there wasn't a proposed update targeting
bullseye.

Andreas, how do you want to proceed? Do you have any spare cycles to
handle this? This would be great -- but please don't hesitate to tell me
if that's not the case, if so, I'll take over.

Also, another, related question, looking at #1038935, which will require
an update targeting bookworm: I assume, as Debian, qua definition, only
supports upgrades from one release to the next, fixing the
ruby-activerecord issue in bullseye is sufficient?

All the best,
Georg


[1] 
https://salsa.debian.org/ruby-team/schleuder/-/commit/307f8f5e4125dec9d3a9b2bce5a721394c9657fa

Bug#1034847: lua5.3: CVE-2021-43519

[Guilhem Moulin]

Hi carnil,

On Fri, 23 Jun 2023 at 21:49:21 +0200, Salvatore Bonaccorso wrote:
> thanks for the analysis. I want to point out that it's really
> important to not rely on the POC for making the not-affected
> assessment (and when not confirmed, rather err on the safe side and
> keep something marked affected).

Sure, I started digging further after wondering why I wasn't able to
reproduce this in 5.3 :-)

> Your analysis at first glance seems to make sense, but to be on safe
> side, unless jmm seems it to fit, I would rather go with the still
> affected, but ignored for stable and older suites.

Ack

> If you can prod upstream to double-check with them if you have indeed
> found the introducing commit, then we can update the CVE entry
> accordingly.

FWIW I just noticed the issue is listed at 
https://www.lua.org/bugs.html#5.4.3-7 ,
with a link to the upstream fix 74d99057 (unfortunately the page doesn't
list any CVE ID), and indeed reads “existed since 5.4.2”.

Also in the CVE description (“5.1.0~5.4.4”) the upper bound is
definitely wrong since 74d99057 is an ancestor of v5.4.4.

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#1038972: gnome-shell: Gnome Extensions turn off after logout (with errors in gjs)

[Dmitry K]

Package: gnome-shell
Version: 43.4-1
Severity: important
X-Debbugs-Cc: kuteyni...@gmail.com

Dear Maintainer,
>From time to time after I login I find that all Gnome extensions are turned
off.
This probably happens because of errors hapenning in gjs.

I have reported the issue to Dash to Dock:
https://github.com/micheleg/dash-to-dock/issues/2050

They believe that it is caused by the issue that was fixed in Gnome 44:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5560

If it's true, could you please back-port the fix to the version of Gnome used
in Debian bookworm?
This bug severely affects user experience.


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-shell depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  gir1.2-accountsservice-1.0   22.08.8-6
ii  gir1.2-adw-1 1.2.2-1
ii  gir1.2-atk-1.0   2.46.0-5
ii  gir1.2-atspi-2.0 2.46.0-5
ii  gir1.2-freedesktop   1.74.0-3
ii  gir1.2-gcr-3 3.41.1-1+b1
ii  gir1.2-gdesktopenums-3.0 43.0-1
ii  gir1.2-gdkpixbuf-2.0 2.42.10+dfsg-1+b1
ii  gir1.2-gdm-1.0   43.0-3
ii  gir1.2-geoclue-2.0   2.6.0-2
ii  gir1.2-glib-2.0  1.74.0-3
ii  gir1.2-gnomebluetooth-3.042.5-3
ii  gir1.2-gnomedesktop-3.0  43.2-2
ii  gir1.2-graphene-1.0  1.10.8-1
ii  gir1.2-gstreamer-1.0 1.22.0-2
ii  gir1.2-gtk-3.0   3.24.37-2
ii  gir1.2-gtk-4.0   4.8.3+ds-2
ii  gir1.2-gweather-4.0  4.2.0-2
ii  gir1.2-ibus-1.0  1.5.27-5
ii  gir1.2-mutter-11 43.4-2
ii  gir1.2-nm-1.01.42.4-1
ii  gir1.2-nma-1.0   1.10.6-1
ii  gir1.2-pango-1.0 1.50.12+ds-1
ii  gir1.2-polkit-1.0122-3
ii  gir1.2-rsvg-2.0  2.54.5+dfsg-1
ii  gir1.2-soup-3.0  3.2.2-2
ii  gir1.2-upowerglib-1.00.99.20-2
ii  gir1.2-webkit2-4.1   2.40.2-1~deb12u1
ii  gnome-backgrounds43.1-1
ii  gnome-settings-daemon43.0-4
ii  gnome-shell-common   43.4-1
ii  gsettings-desktop-schemas43.0-1
ii  gstreamer1.0-pipewire0.3.65-3
ii  libatk-bridge2.0-0   2.46.0-5
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libecal-2.0-23.46.4-2
ii  libedataserver-1.2-273.46.4-2
ii  libgcr-base-3-1  3.41.1-1+b1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libgirepository-1.0-11.74.0-3
ii  libgjs0g 1.74.2-1
ii  libgles2 1.6.0-1
ii  libglib2.0-0 2.74.6-2
ii  libglib2.0-bin   2.74.6-2
ii  libgnome-autoar-0-0  0.4.3-1
ii  libgnome-desktop-3-2043.2-2
ii  libgraphene-1.0-01.10.8-1
ii  libgtk-3-0   3.24.37-2
ii  libgtk-4-1   4.8.3+ds-2
ii  libical3 3.0.16-1+b1
ii  libjson-glib-1.0-0   1.6.6-1
ii  libmutter-11-0   43.4-2
ii  libnm0   1.42.4-1
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpangocairo-1.0-0  1.50.12+ds-1
ii  libpolkit-agent-1-0  122-3
ii  libpolkit-gobject-1-0122-3
ii  libpulse-mainloop-glib0  16.1+dfsg1-2+b1
ii  libpulse016.1+dfsg1-2+b1
ii  libsecret-1-00.20.5-3
ii  libsystemd0  252.6-1
ii  libwayland-server0   1.21.0-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libxfixes3   

Bug#1037588: ftbfs with GCC-13 forwarded upstream

[Étienne Mollier]

Control: forwarded -1 https://github.com/arq5x/bedtools2/pull/1045

There is a fix sent upstream, but it is not applied yet.
Thanks to Gentoo people!

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier 
 : :' :  gpg: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/3, please excuse my verbosity
   `-on air: Liquid Tension Experiment - Hypersonic


signature.asc
Description: PGP signature

Bug#1038916: guix: daemon breaks with --discover option specified

[Vagrant Cascadian]

On 2023-06-22, Vagrant Cascadian wrote:
> On 2023-06-22, Philip McGrath wrote:
>> Debian's `guix-daemon` breaks if given the `--discover` option, apparently
>> because some files from upstream Guix 1.4.0 are not installed by the Debian
>> package. Note that the man page for `guix-daemon` in Debian claims that
>> `--discover` is supported.
> ...
>> The Debian package really doesn't seem to contain `(guix scripts discover)`,
>> neither in source nor in compiled form, and it does seem to be present in the
>> upstream Guix 1.4.0 release. I haven't checked for other files that might be
>> missing, but it seems like that would be worth doing.
...
> It is also mentioned as a dependency in doc/guix.texi:
>
>   doc/guix.texi:@item @uref{https://www.nongnu.org/guile-avahi/, Guile-Avahi};
>
> So, some more packaging left to do! Thanks for the bug report!

First draft of packaging:

  https://salsa.debian.org/vagrant/guile-avahi

Tested building guix with a locally-build guile-avahi package, and it
did end up including the relevent parts. I did not test running a daemon
with --discover enabled yet.

live well,
  vagrant


signature.asc
Description: PGP signature

Bug#1038971: c-munipack: reproducible-builds: build path results in different buildid

[Vagrant Cascadian]

Source: c-munipack
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The buildid differs when build in a different build path.

  
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/c-munipack.html

  ...NT_GNU_BUILD_ID·(unique·build·ID·bitstring)»   
Build·ID:·779103372be0782008ccd2307e5a845e0e8e619c
  vs.
  ...NT_GNU_BUILD_ID·(unique·build·ID·bitstring)»   
Build·ID:·e910539f72e2c7c109edc3cee951ea623aa26ca0

The attched patch to debian/rules passes
-DCMAKE_BUILD_RPATH_USE_ORIGIN=ON to use a relative value for rpath.

Alternately, switching to using debhelper compat level 14 would enable
this by default, although that compat level is not yet considered
stable.

According to my local tests, with this patch applied (and the timestamp
patch recently submitted) c-munipack should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining c-munipack!

live well,
  vagrant
From ff3b8afae14d739db9a26facf48bcc7174a5bc4f Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 23 Jun 2023 12:30:40 -0700
Subject: [PATCH 1/2] debian/rules: Pass  -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON to
 configure.

https://tests.reproducible-builds.org/debian/issues/unstable/cmake_rpath_contains_build_path_issue.html
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 11a7cc2..6c2f11a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
 
 override_dh_auto_configure:
 	dh_auto_configure -- \
-	-DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH)
+	-DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH) -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON
 
 override_dh_install:
 	find
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1038970: c-munipack: reproducible-builds: date embedded in manpage

[Vagrant Cascadian]

Source: c-munipack
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps locales
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build date is embedded in the cmunipack manpage:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/c-munipack.html

  ./usr/share/man/man3/cmunipack.3.gz

  .TH·cmunipack·3·"June·22,·2023"·"version·2.1.32"·"C\-Munipack·2.0"
  vs.
  .TH·cmunipack·3·"July·26,·2024"·"version·2.1.32"·"C\-Munipack·2.0"

The attached patch adds support for deterministic timestamps using the
SOURCE_DATE_EPOCH environment variable, which is exported by
dpkg-buildpackage. It also uses a numeric date that is independent of
the build environment locale.

According to my local tests, with this patch applied c-munipack should
build reproducibly on tests.reproducible-builds.org once it migrates to
debian/trixie! There is another issue with build paths that I will
submit a patch for shortly that also affects the build in unstable.

Thanks for maintaining c-munipack!

live well,
  vagrant
From f68afc020268828ff52670e5bb50bd888a1b30f1 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Fri, 23 Jun 2023 12:41:29 -0700
Subject: [PATCH 2/2] lib/doc/manpages/make_manpages.py: Use consistent
 timestamp when generating manpage.

Support SOURCE_DATE_EPOCH, falling back to current time.

Use numeric date, to avoid locale-specific date rendering.

https://reproducible-builds.org/docs/source-date-epoch/
---
 lib/doc/manpages/make_manpages.py | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/doc/manpages/make_manpages.py b/lib/doc/manpages/make_manpages.py
index 545a4a4..2a74189 100644
--- a/lib/doc/manpages/make_manpages.py
+++ b/lib/doc/manpages/make_manpages.py
@@ -253,7 +253,11 @@ def processRefEntry(refentry, info, preface, seealso, output_dir):
 		# File header
 		# .TH airmass 1  "June 7, 2008" "C-Munipack 1.2" "C-Munipack Toolkit"
 		f.write(".TH "+title+" "+manvol+" ")
-		f.write("\"" + time.strftime("%B %d, %Y", time.localtime()) + "\" ")
+		# Support deterministic timestamp for reproducible builds
+		# https://reproducible-builds.org/docs/source-date-epoch/
+		f.write("\"" + time.strftime("%Y-%m-%d",
+		 time.gmtime(int(os.environ.get('SOURCE_DATE_EPOCH',
+		time.time() + "\" ")
 		f.write("\"version "+version+"\" \""+package+"\"\n")
 		# Command name
 		refnamediv = getElement(refentry, "refnamediv")
-- 
2.39.2



signature.asc
Description: PGP signature

Bug#1038969: ITP: ewah-bool-utils -- EWAH Bool Array compression for Python

[Ole Streicher]

Package: wnpp
Severity: wishlist
Owner: Ole Streicher 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-pyt...@lists.debian.org, 
debian-as...@lists.debian.org, debian-scie...@lists.debian.org

* Package name: ewah-bool-utils
  Version : 1.0.2
  Upstream Author : Matthew Turk, Meagan Lang, Navaneeth Suresh
* URL : https://github.com/yt-project/ewah_bool_utils
* License : BSD-3-Clause
  Programming Lang: Python
  Description : EWAH Bool Array compression for Python

EWAH Bool Array compression is a repackaging and Python-exposed version
of "Enhanced Word-Aligned Hybrid" (EWAH) compression. It's a python
wrapper to a compressed bitarray method, for storing large bitsets.

It is a new build dependency of the "yt" package. I will maintain it
within the Debian Python team. Salsa dir is

https://salsa.debian.org/python-team/packages/ewah-bool-utils

Best regards

Ole

Bug#1034847: lua5.3: CVE-2021-43519

[Salvatore Bonaccorso]

Hi Guilhem,

On Fri, Jun 23, 2023 at 12:27:32PM +0200, Guilhem Moulin wrote:
> On Thu, 22 Jun 2023 at 18:08:39 +0200, Guilhem Moulin wrote:
> > bullseye
> > 
> >
> >   $ lua5.1 ./cstack.lua
> >   testing stack overflow detection
> >   nesting coroutines running after recoverable errors
> >   final count:  198
> >
> >   $ lua5.2 ./cstack.lua
> >   testing stack overflow detection
> >   nesting coroutines running after recoverable errors
> >   final count:  197
> >
> >   $ lua5.3 ./cstack.lua
> >   testing stack overflow detection
> >   nesting coroutines running after recoverable errors
> >   final count:  197
> >
> >   $ lua5.4 ./cstack.lua
> >   testing stack overflow detection
> >   nesting coroutines running after recoverable errors
> >   E: Child terminated by signal ‘Segmentation fault’
> 
> One more thing: cstack.lua attached earlier contains the unit test upstream 
> added to
> v5.4.4 in 
> https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868 .
> 
> crash.lua from http://lua-users.org/lists/lua-l/2021-10/msg00123.html
> yields the same result: only bullseye's lua5.4=5.4.2-2 results in a crash.
> All other versions error out in a (controlled) stack overflow as
> intended (like for example1.lua and example2.lua).
> 
> > AFAICT lua5.3 is unaffected since there L->nCcalls is incremented in
> > lua_resume() i.e., outside LUAI_THROW:
> > https://sources.debian.org/src/lua5.3/5.3.3-1.1/src/ldo.c/#L659
> >
> > Didn't try to bisect but I believe this was introduced upstream at
> > https://github.com/lua/lua/commit/287b302acb8d925178e9edb800f0a8d18c7d35f6#diff-a1e6f0be3689739fa1e5707427e78d792c7f6a333bed95fd05c4382d60bda7c4L687-R689
> 
> Tried to build released versions from lua-all.tar.gz meanwhile (in a
> bullseye chroot), I was indeed only able to reproduce this in 5.4.2 and
> 5.4.3 (the above 287b302a was added between 5.4.1 and 5.4.2).
> 
> version  crash.lua
> ---  -
> 5.0  SIGSEGV
> 5.0.1SIGSEGV
> 5.0.2SIGSEGV
> 5.0.3SIGSEGV
> 5.1  SIGSEGV
> 5.1.1SIGSEGV
> 5.1.2SIGSEGV
> 5.1.3success
> 5.1.4success
> 5.1.5success
> 5.2.0SIGSEGV
> 5.2.1success
> 5.2.2success
> 5.2.3success
> 5.2.4success
> 5.3.0success
> 5.3.1success
> 5.3.2success
> 5.3.3success
> 5.3.4success
> 5.3.5success
> 5.3.6success
> 5.4.0success
> 5.4.1success
> 5.4.2SIGSEGV
> 5.4.3SIGSEGV
> 5.4.4success
> 5.4.5success
> 5.4.6success
> 
> All releases in 5.3.x pass the test.  5.0 releases, as well as early 5.1
> releases, and 5.2.0, do segfault, but I believe the reason is
> unrelated and was documented at https://www.lua.org/bugs.html#5.1.2-4
> resp. https://www.lua.org/bugs.html#5.2.0-4.  Either way the test passes
> on bullseye's lua5.1=5.1.5-8.1+b3, lua5.2=5.2.4-1.1+b3, and
> lua5.3=5.3.3-1.1+b1.
> 
> I didn't adjust affected versions CVE/list so the Security Team can make
> their own assessment (also buster and bullseye have the same version and
> AFAIK it's not possible to mark only one release as ).

thanks for the analysis. I want to point out that it's really
important to not rely on the POC for making the not-affected
assessment (and when not confirmed, rather err on the safe side and
keep something marked affected). 

Your analysis at first glance seems to make sense, but to be on safe
side, unless jmm seems it to fit, I would rather go with the still
affected, but ignored for stable and older suites.

If you can prod upstream to double-check with them if you have indeed
found the introducing commit, then we can update the CVE entry
accordingly.

Regards,
Salvatore

Bug#1036933: screen-udeb: Should screen really be installed setgid utmp?

[Sven Joachim]

Control: tags -1 + patch

On 2023-05-29 21:51 +0200, Cyril Brulebois wrote:

> Hallo Sven,
>
> Sven Joachim  (2023-05-29):
>> Recently I noticed that the screen program in the screen-udeb package
>> is installed setgid utmp, and I wonder if this actually makes any
>> sense.  While I do not have much experience with the installer, I
>> would expect it to run all programs as root anyway, so there should be
>> no need for setgid there.
>
> Without being specifically knowledgeable about screen in general or
> in the installer's context in particular, I'm 100% with you here.
>
>> Having screen installed setgid sets up a secure execution environment
>> that precludes the use of certain environment variables, see the
>> "Secure-execution mode" section in ld.so(8).  Recently ncurses has
>> also started to restrict such programs, see #1034372.
>>
>> Hopefully none of this matters much.  I have CC'ed debian-boot, as the
>> people working on the installer will be much more qualified to give
>> advice than I am.
>
> Given the first sentence of this last paragraph, it looks like we're not
> considering doing anything for Bookworm at this time (or at all).

Surely.  I would not expect that any changes will be made in further
Bookworm point releases, unless somebody reports an actual problem.

> We could try it out with Trixie Alpha 1, and see how it goes?

Attached is a patch which installs /usr/bin/screen with standard
permissions in the udeb.  I have tested that it builds correctly, but
not if it works as intended.  This also removes the need for fakeroot in
the build process, see the second patch. :-)

Cheers,
   Sven

From 6f4cf000e3e39d1ea78663546a6e8c38597f6f90 Mon Sep 17 00:00:00 2001
From: Sven Joachim 
Date: Fri, 23 Jun 2023 21:02:18 +0200
Subject: [PATCH 1/2] Do not install /usr/bin/screen setgid utmp in the udeb

A setgid program does not really make sense in the installer context,
as root is the only user there.  Besides, setgid programs are somewhat
restricted for security reasons. e.g. many environment variables have
no effect.
---
 debian/rules | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/debian/rules b/debian/rules
index 9685e9f..49ef9f0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -55,10 +55,6 @@ override_dh_auto_install:
 	rm -f  $(ROOT)/usr/bin/screen  $(ROOT_UDEB)/usr/bin/screen
 	mv -f  $(ROOT)/usr/bin/screen*  $(ROOT)/usr/bin/screen
 	mv -f $(ROOT_UDEB)/usr/bin/screen* $(ROOT_UDEB)/usr/bin/screen
-	# make it setgid utmp only in udeb
-	chown root:utmp $(ROOT_UDEB)/usr/bin/screen
-	chmod 2755  $(ROOT_UDEB)/usr/bin/screen
-	chmod  755  $(ROOT)/usr/bin/screen
 	# Fix package-contains-info-dir-file, remove /usr/share/info/dir.gz
 	rm -f $(ROOT)/usr/share/info/dir*
 	# Remove documentation from udeb
@@ -69,6 +65,3 @@ override_dh_installinit:

 override_dh_installtmpfiles:
 	dh_installtmpfiles --name=screen-cleanup
-
-override_dh_fixperms:
-	dh_fixperms -X/usr/bin/screen
--
2.40.1

From f696247fa6a0343030c90ebff671f215c2a6b79a Mon Sep 17 00:00:00 2001
From: Sven Joachim 
Date: Fri, 23 Jun 2023 21:30:08 +0200
Subject: [PATCH 2/2] Set Rules-Requires-Root to no

With all files having standard ownerships and permissions, there is no
need for fakeroot anymore.
---
 debian/control | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index be07368..657fcc1 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Build-Depends: debhelper-compat (= 13),
 Homepage: https://savannah.gnu.org/projects/screen
 Vcs-Git: https://salsa.debian.org/debian/screen.git
 Vcs-Browser: https://salsa.debian.org/debian/screen
-Rules-Requires-Root: binary-targets
+Rules-Requires-Root: no

 Package: screen
 Architecture: any
--
2.40.1

Bug#1037190: re-introduction of epoch? #1037190 dhcpcd: version is lower than in wheezy

[Andreas Beckmann]

On 23/06/2023 19.50, Martin-Éric Racine wrote:

Is /etc/dhcpc the correct path or should it be /etc/dhcpcd instead?


That's a really ancient location used by the 3.x version.


Shouldn't we instead try to move that resolv.conf instead of deleting it?


That was only a symlink to some location in /var, nothing to be 
preserved. And I only delete it if it is a symlink (to any target).



From the old .postinst:

...
# /etc/dhcpc/resolv.conf is now a link to /var/lib/dhcpcd/resolv.conf
rm -f /etc/dhcpc/resolv.conf
ln -s /var/lib/dhcpcd/resolv.conf /etc/dhcpc/resolv.conf
...


Andreas

PS: there are some obsolete conffiles still lingering around, but 
dpkg-maintscript-helper rm_conffile does not seem to work reliably when 
switching between arch:all and arch:any, so maybe I'll revisit that later.

Bug#1038968: SELinux policy build fails due to duplicate rspamd spamassassin file context declaration

[Christian Schneider]

Package: selinux-policy-src
Version: 2:2.20221101-9

Severity: serious
Tags: patch ftbfs
Justification: fails to build from source

Patch:
diff --git a/debian/patches/0027-services b/debian/patches/0027-services
index 710b5df..245e54c 100644
--- a/debian/patches/0027-services
+++ b/debian/patches/0027-services
@@ -1627,7 +1627,6 @@ Index: 
refpolicy-2.20221101/policy/modules/services/spamassassin.fc
  /var/log/spamd\.log.* --  
gen_context(system_u:object_r:spamd_log_t,s0)
  /var/log/rspamd(/.*)? gen_context(system_u:object_r:spamd_log_t,s0)
  /var/log/rspamd\.log.*--  
gen_context(system_u:object_r:spamd_log_t,s0)
-+/var/log/rspamd(/.*)? 
gen_context(system_u:object_r:spamd_log_t,s0)
  /var/log/mimedefang.* --  
gen_context(system_u:object_r:spamd_log_t,s0)
  
  /var/vmail/\.spamassassin(/.*)?   
gen_context(system_u:object_r:spamassassin_home_t,s0)

-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Kernel taint flags: TAINT_FORCED_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not 
set 
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1038115: transition: gdal

[Paul Gevers]

Hi,

On 23-06-2023 08:49, Sebastiaan Couwenberg wrote:
To make the libgdal-grass autopkgtest pass it needs both gdal and 
libgdal-grass from unstable.


I'll schedule it.

I've scheduled jobs for this, but it seems britney ignores tests it 
hasn't scheduled itself.


That's mostly correct as any authenticated user can re-triggering runs 
done by britney and those also count.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1038967: RFP: meme -- motif-based sequence analysis tools

[Patrice Duroux]

Package: wnpp
Severity: wishlist

* Package name: meme
  Version : 5.5.3
  Upstream Contact: Timothy L. Bailey t.bai...@imb.uq.edu.au,
William Noble no...@gs.washington.edu
* URL : https://meme-suite.org/
* License : Noncommercial.
  Programming Lang: C, Python, Perl, (Java)
  Description : motif-based sequence analysis tools

The following paragraph is from the README file and I just put parenthesis
around 'online':

The  MEME suite provides (online) tools for discovering and using protein and
DNA sequence motifs. A motif is a pattern of nucleotides or amino acids that
appears repeatedly in a group of related DNA or protein sequences. The MEME
suite represents motifs as position-dependent scoring matrices.

The website part (Java webapp) is optional and is disable by default.

I built it on different Debian system (bookworm, sid), but not started
to package it.

If needed, an alternative name may be 'meme-suite'.

It may interest the Debian Med Packaging Team.

Thanks,
Patrice

Bug#624606: gnome-shell: does not remember favorite applications

[Dmitry K]

Package: gnome-shell
Version: 43.4-1
Followup-For: Bug #624606
X-Debbugs-Cc: kuteyni...@gmail.com

Happens on my computer too


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-shell depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  gir1.2-accountsservice-1.0   22.08.8-6
ii  gir1.2-adw-1 1.2.2-1
ii  gir1.2-atk-1.0   2.46.0-5
ii  gir1.2-atspi-2.0 2.46.0-5
ii  gir1.2-freedesktop   1.74.0-3
ii  gir1.2-gcr-3 3.41.1-1+b1
ii  gir1.2-gdesktopenums-3.0 43.0-1
ii  gir1.2-gdkpixbuf-2.0 2.42.10+dfsg-1+b1
ii  gir1.2-gdm-1.0   43.0-3
ii  gir1.2-geoclue-2.0   2.6.0-2
ii  gir1.2-glib-2.0  1.74.0-3
ii  gir1.2-gnomebluetooth-3.042.5-3
ii  gir1.2-gnomedesktop-3.0  43.2-2
ii  gir1.2-graphene-1.0  1.10.8-1
ii  gir1.2-gstreamer-1.0 1.22.0-2
ii  gir1.2-gtk-3.0   3.24.37-2
ii  gir1.2-gtk-4.0   4.8.3+ds-2
ii  gir1.2-gweather-4.0  4.2.0-2
ii  gir1.2-ibus-1.0  1.5.27-5
ii  gir1.2-mutter-11 43.4-2
ii  gir1.2-nm-1.01.42.4-1
ii  gir1.2-nma-1.0   1.10.6-1
ii  gir1.2-pango-1.0 1.50.12+ds-1
ii  gir1.2-polkit-1.0122-3
ii  gir1.2-rsvg-2.0  2.54.5+dfsg-1
ii  gir1.2-soup-3.0  3.2.2-2
ii  gir1.2-upowerglib-1.00.99.20-2
ii  gir1.2-webkit2-4.1   2.40.2-1~deb12u1
ii  gnome-backgrounds43.1-1
ii  gnome-settings-daemon43.0-4
ii  gnome-shell-common   43.4-1
ii  gsettings-desktop-schemas43.0-1
ii  gstreamer1.0-pipewire0.3.65-3
ii  libatk-bridge2.0-0   2.46.0-5
ii  libatk1.0-0  2.46.0-5
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libecal-2.0-23.46.4-2
ii  libedataserver-1.2-273.46.4-2
ii  libgcr-base-3-1  3.41.1-1+b1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libgirepository-1.0-11.74.0-3
ii  libgjs0g 1.74.2-1
ii  libgles2 1.6.0-1
ii  libglib2.0-0 2.74.6-2
ii  libglib2.0-bin   2.74.6-2
ii  libgnome-autoar-0-0  0.4.3-1
ii  libgnome-desktop-3-2043.2-2
ii  libgraphene-1.0-01.10.8-1
ii  libgtk-3-0   3.24.37-2
ii  libgtk-4-1   4.8.3+ds-2
ii  libical3 3.0.16-1+b1
ii  libjson-glib-1.0-0   1.6.6-1
ii  libmutter-11-0   43.4-2
ii  libnm0   1.42.4-1
ii  libpango-1.0-0   1.50.12+ds-1
ii  libpangocairo-1.0-0  1.50.12+ds-1
ii  libpolkit-agent-1-0  122-3
ii  libpolkit-gobject-1-0122-3
ii  libpulse-mainloop-glib0  16.1+dfsg1-2+b1
ii  libpulse016.1+dfsg1-2+b1
ii  libsecret-1-00.20.5-3
ii  libsystemd0  252.6-1
ii  libwayland-server0   1.21.0-1
ii  libx11-6 2:1.8.4-2+deb12u1
ii  libxfixes3   1:6.0.0-2
ii  python3  3.11.2-1+b1

Versions of packages gnome-shell recommends:
ii  bolt   0.9.5-1
ii  chrome-gnome-shell 42.1-3
ii  evolution-data-server  3.46.4-2
ii  gdm3   43.0-3
ii  gkbd-capplet   3.28.1-1
ii  gnome-control-center   1:43.4.1-1
ii  gnome-menus3.36.0-1.1
ii  gnome-remote-desktop   43.3-1
ii  gnome-user-docs43.0-2
ii  ibus   1.5.27-5
ii  iio-sensor-proxy   

Bug#1038904: [Pkg-utopia-maintainers] Bug#1038904: Bug#1038904: firewalld: nftables backend tries to mix ipv6 addresses and ipv4 addresses in the same rule

[Konstantin Nebel]

Hi Michael,

> What I'm interested in is, if python3-nftables 1.0.7 is actually
> required or not.
> Can you test with a bookworm system and only installing firewalld from
> unstable.
>

I reinstalled my sid with bookworm and upgraded just firewalld. My brief test
made it work. Before I made sure it doesnt work on bookworm. Upgraded just
firewalld to sid and it works.

So my original post seems to be wrong. I apologize for it. I installed the
master branch from git and it didnt work in first place. It just worked after
using a different python environment. But that might be an issue with the
specific version i used.

So in my opinion just upgrading the firewalld package should fix the issue.

Cheers
Konstantin Nebel


signature.asc
Description: This is a digitally signed message part.

Bug#1038966: php-net-whois: Bogus license field in d/copyright

[Athos Ribeiro]

Source: php-net-whois
Version: 1.0.5-3.2
Severity: minor
X-Debbugs-Cc: athos.ribe...@canonical.com

Dear Maintainer,

The license field in the d/copyright file for this package seems to be
bogus. It reads "PHP 3.01" when it should read "PHP-3.01". This hinders
at least one lintian check for this file.

regards,

Athos

Bug#1038965: php-net-imap: Bogus license field in d/copyright file

[Athos Ribeiro]

Source: php-net-imap
Version: 1:1.1.3-2.1
Severity: minor
X-Debbugs-Cc: athos.ribe...@canonical.com

Dear Maintainer,

The license listed in the debian/copyright file for php-net-imap seems
to be bogus. It seems it should read PHP-3.01 instead of PHP-3.0.1.

regards,

Athos

Bug#1038964: php-memcached: Bogus d/copyright license string

[Athos Ribeiro]

Source: php-memcached
Version: 3.2.0+2.2.0-4
Severity: minor
X-Debbugs-Cc: athos.ribe...@canonical.com

Dear Maintainer,

The license listed in the debian/copyright file for php-memcached seems
to be bogus. It seems it should read PHP-3.01 instead of PHP-3.0.1.

regards,

Athos

Bug#1038963: rich: outdated Homepage

[Christoph Anton Mitterer]

Source: rich
Version: 13.3.1-1
Severity: minor

Hey.

The homepage seems to be https://github.com/Textualize/rich now.

Cheers,
Chris.

Bug#1037357: closed by Debian FTP Masters (reply to Gürkan Myczko ) (Bug#1037357: fixed in flowblade 2.10.0.1-1)

[fabian]

Am 2023-06-23 20:38, schrieb fab...@greffrath.com:

Not sure what you mean.


Sorry, ignore me. Replied to the wrong bug.

 - Fabian

Bug#1037357: closed by Debian FTP Masters (reply to Gürkan Myczko ) (Bug#1037357: fixed in flowblade 2.10.0.1-1)

[fabian]

Am 2023-06-23 20:31, schrieb Martin-Éric Racine:

Not fixed. Re-opening.


Not sure what you mean.

This has all happened just today. Leave it some time to settle.

https://tracker.debian.org/news/1438362/accepted-fonts-liberation-1215-2-source-all-into-unstable/

 - Fabian

Bug#1038946: ITP: xdg-desktop-portal-xapp -- Xapp's Cinnamon, MATE and Xfce backends for xdg-desktop-portal

[Simon McVittie]

On Fri, 23 Jun 2023 at 16:50:01 +0200, Fabio Fantoni wrote:
> * Package name    : xdg-desktop-portal-xapp

Please make sure to apply
https://github.com/linuxmint/xdg-desktop-portal-xapp/commit/86a1cb27eff487f6245319e850c1c560a8ba33ed
via debian/patches (unless it has got into an upstream release before
your upload), so that it won't break other desktop environments.

Thanks,
smcv

Bug#1038962: python-termcolor: new upstream version

[Christoph Anton Mitterer]

Source: python-termcolor
Version: 1.1.0-3
Severity: wishlist


Hey.

1.1.0 is more then ten years old :-)
2.3.0 would be current.

Cheers,
Chris.

Bug#1038904: [Pkg-utopia-maintainers] Bug#1038904: Bug#1038904: firewalld: nftables backend tries to mix ipv6 addresses and ipv4 addresses in the same rule

[Michael Biebl]

Am 23.06.23 um 17:15 schrieb Konstantin Nebel:

Hello,


Debian unstable already has 1.3.3-1, so when you mean "debian" I suspect
you mean Debian stable, i.e. bookworm?

yes, I mean bookworm.



Also, you mention that this requires an update of python3-nftables. Can
you elaborate here?

stable currently ships 1.0.6-2, unstable 1.0.7-2

I can confirm that sid works. Im actually not quite sure, which version im
using. I used a local penv environment und used this command to install
nftables module:

python3 -m pip install 
'git+https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git=py'

Im not sure which version it is. It states nftables 0.1 which is proably
wrong?

I installed a  VM very quick to confirm that sid is working which it is. But i
think this issue is important enough to make it to bookworm.



What I'm interested in is, if python3-nftables 1.0.7 is actually 
required or not.
Can you test with a bookworm system and only installing firewalld from 
unstable.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1037357: closed by Debian FTP Masters (reply to Gürkan Myczko ) (Bug#1037357: fixed in flowblade 2.10.0.1-1)

[Martin-Éric Racine]

On Fri, Jun 23, 2023 at 5:39 PM Debian Bug Tracking System
 wrote:
>
> This is an automatic notification regarding your Bug report
> which was filed against the flowblade package:
>
> #1037357: flowblade: windows always open off-center
>
> It has been closed by Debian FTP Masters  
> (reply to Gürkan Myczko ).
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Debian FTP Masters 
>  (reply to Gürkan Myczko ) 
> by
> replying to this email.
>
>
> --
> 1037357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037357
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> -- Forwarded message --
> From: Debian FTP Masters 
> To: 1037357-cl...@bugs.debian.org
> Cc:
> Bcc:
> Date: Fri, 23 Jun 2023 14:36:49 +
> Subject: Bug#1037357: fixed in flowblade 2.10.0.1-1
> Source: flowblade
> Source-Version: 2.10.0.1-1
> Done: Gürkan Myczko 
>
> We believe that the bug you reported is fixed in the latest version of
> flowblade, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 1037...@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Gürkan Myczko  (supplier of updated flowblade package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmas...@ftp-master.debian.org)
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Format: 1.8
> Date: Fri, 23 Jun 2023 15:44:52 +0200
> Source: flowblade
> Architecture: source
> Version: 2.10.0.1-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Multimedia Maintainers 
> Changed-By: Gürkan Myczko 
> Closes: 1037357
> Changes:
>  flowblade (2.10.0.1-1) unstable; urgency=medium
>  .
>* New upstream version. (Closes: #1037357)
>* Update my email address.
>* d/copyright: reformatting, update copyright years.
>* d/clean: added.
> Checksums-Sha1:
>  49867cb8fc6405aaf3dbb3bba5ba4d7b6fdbe66a 2181 flowblade_2.10.0.1-1.dsc
>  feaca1fb272a725ac35b93b4fdff244065f7b1b9 19387660 
> flowblade_2.10.0.1.orig.tar.gz
>  bdacc1ce8a2a8f23b4ef5deb26dd2f1a93106583 25012 
> flowblade_2.10.0.1-1.debian.tar.xz
>  4b07b12ead07c56bdfd4dbafefab519171bcf83f 8863 
> flowblade_2.10.0.1-1_source.buildinfo
> Checksums-Sha256:
>  59bfb559dcd62ff9dc8619c5ddf968fbbd614684f03663cbfbabd41bca27e1f8 2181 
> flowblade_2.10.0.1-1.dsc
>  f6a577ccc83f4cbd9fe7c18c08262a9cc6be708de38abd3944f6b43ce7a6176d 19387660 
> flowblade_2.10.0.1.orig.tar.gz
>  320af7d7121b849d930bc1cf148ac86da9b971894fdd9b43a7679cf461927027 25012 
> flowblade_2.10.0.1-1.debian.tar.xz
>  1644c85e453312bcf8bb04f8b8d9606a16c2e6042121ca03f083e171480049c0 8863 
> flowblade_2.10.0.1-1_source.buildinfo
> Files:
>  bc9045eb0a27fc9536bf8b310fa78bbf 2181 video optional flowblade_2.10.0.1-1.dsc
>  3887faa1945b0a2f54acc0d3dc369c81 19387660 video optional 
> flowblade_2.10.0.1.orig.tar.gz
>  cc8b583af71824fcdf07d64fe2ef8f70 25012 video optional 
> flowblade_2.10.0.1-1.debian.tar.xz
>  7a1e2ab9059e9abb331a11aed0f545f0 8863 video optional 
> flowblade_2.10.0.1-1_source.buildinfo
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmSVpL4ACgkQEWhSvN91
> FcCyQRAAmTFXxP4e3zMNnhsdXgAAXhh8k8BJgmFev1lmrlL+bIEmDNZZuxuY9zzl
> F3FxlGWn1xfajTZHWcMCO1niDIx+gY3dEVj7AGnjve2d9iDrq1QsDxfjKxNN4Zkx
> UnpaAVa+RnPFgHz9goag0taTuuvGE8VOVQB5q+ZxbS0Vz2EMTwvEHlgB2LwE6A2t
> 7TLqzPp/+D5RveyQSSb4j0n96Wj8iIkrEn+z1svi+KUL/tadwNfQcBgMYgfY5iHg
> spQmnDaN1KQX/HGm7SeoiAZQblUJvadBjjUGkPViVfS0lVzrwRMvWoV6f72J6esy
> S5PVsRPwW/3vm4NDGpYMOKsW+xNi+ZSNyIhNMQnF6r2a+WozWynVwS0KBZWnO4hW
> agYx5LsgIVVOWL/n3cQO1PiiD4ESTS1hp0ls/nrqG3r7CAwNTX3TPvHCO6Z1sKhC
> hXveqmvBcZay3nuAw1mSmBXCYA0YxFjQtHb/S5N5c+yeubg1lvFqs1JDCqbXIBaP
> bi88tqxlxGjEBzjQghe0svNo4MJWr0JYA6ygqvCjPCpw+4U7pXfhsgJ7LW/4ROgd
> dQgYS85JO6Qi3xYp3N3FzUhGtF80VzA5LQ0qn8IBcwXAcOyu6lMDhpZuSMR8ahxc
> 9RhdAY6t5xKhes4Kg6zOjp9b10BQ2Stc5u75mtwLbkBtwlH/VaI=
> =0P+G
> -END PGP SIGNATURE-
>
>
> -- Forwarded message --
> From: "Martin-Éric Racine" 
> To: Debian Bug Tracking System 
> Cc:
> Bcc:
> Date: Mon, 12 Jun 2023 07:33:47 +0300
> Subject: flowblade: windows allways open off-center
> Package: flowblade
> Version: 2.8.0.3-3
> Severity: important
>
> The first time that Flowblade is run and asks for one's preferred editing 
> mode, the window is maximized.
>
> The next time that Flowblade is run, the window is the same size, except that 
> it's partially off-screen, so it has to be dragged back to the top edge of 
> the desktop environment.
>
> The window should always open 

Bug#1038901: xen dom0 erroneous detected as 'xen' virtualization by systemd-detect-virt

[Michael Biebl]

Control: forwarded -1 https://github.com/systemd/systemd/issues/28113

Am 23.06.23 um 18:14 schrieb zithro:

Hello,

I reported the bug upstream, just added there some comments to reflect 
that the output is different on AMD and Intel platforms.

I also added the commit link, thanks for that.

So, "systemd-detect-virt" on non-nested dom0s reports :
- "xen" on Intel (like this bug report)
- "vm-other" on AMD (like my bug report upstream)



Ok, let's mark https://github.com/systemd/systemd/issues/28113 as the 
relevant upstream bug report.




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1027386: pysam.get_libraries bug unreproducible

[Étienne Mollier]

Hi,

I recently tried running the reproducer below for #1027386, but
now it works correctly in unstable:

$ cat reproducer.py
#! /usr/bin/python3
import pysam
for lib in pysam.get_libraries():
print(lib)

$ python3.11 reproducer.py 

/usr/lib/python3/dist-packages/pysam/libctabixproxies.cpython-311-x86_64-linux-gnu.so

/usr/lib/python3/dist-packages/pysam/libcfaidx.cpython-311-x86_64-linux-gnu.so

/usr/lib/python3/dist-packages/pysam/libcsamfile.cpython-311-x86_64-linux-gnu.so

/usr/lib/python3/dist-packages/pysam/libcvcf.cpython-311-x86_64-linux-gnu.so

/usr/lib/python3/dist-packages/pysam/libcbcf.cpython-311-x86_64-linux-gnu.so

/usr/lib/python3/dist-packages/pysam/libctabix.cpython-311-x86_64-linux-gnu.so

I suspect the initial pairtools failure to build from source
does not occur anymore, or if does ftbfs then the symptoms are
probably different.

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier 
 : :' :  gpg: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/5, please excuse my verbosity
   `-


signature.asc
Description: PGP signature

Bug#1038561: sludge: depends on deprecated SDL1.2 + GTK 2

[Alexandre Detiste]

The only one game using SLUDGE is out-of-order.

An alternative implementation of SLUDGE lives in ScummVM,
but sadly it isn't complete as of now.

https://wiki.scummvm.org/index.php?title=Out_of_Order
https://forums.scummvm.org/viewtopic.php?t=16079

Greetings

Bug#1038961: AttributeError: 'GdkWaylandWindow' object has no attribute 'get_xid'. Did you mean: 'get_width'?

[Martin-Éric Racine]

Package: flowblade
Version: 2.10.0.1-1
Severity: important

Even after the missing dependency on 'ffmpeg' has been installed, this new 
version of flowblade won't work. It crashes on startup:

[...]
ffmpeg available
Loading filters...
Loading transitions...
MLT transition region not found.
RGB Adjustment dropped for Color Adjustment
Hue dropped for Color Adjustment
Gamma dropped for Lift Gain Gamma
Adding full track compositors
restacking compositors!
Adding full track compositors DONE
G'MIC found
Player initialized with profile:  HD 1080p 30 fps
Panel positioning feature not available, too small screen.
Selected color NOT detected
BG color detected
Traceback (most recent call last):
  File "/usr/bin/flowblade", line 93, in 
app.main(modules_path)
  File "/usr/share/flowblade/Flowblade/app.py", line 324, in main
launch_player()
  File "/usr/share/flowblade/Flowblade/app.py", line 524, in launch_player
editorstate.player.set_sdl_xwindow(gui.tline_display)
  File "/usr/share/flowblade/Flowblade/mltplayer.py", line 129, in 
set_sdl_xwindow
os.putenv('SDL_WINDOWID', str(widget.get_window().get_xid()))
  ^^^
AttributeError: 'GdkWaylandWindow' object has no attribute 'get_xid'. Did you 
mean: 'get_width'?
GPU test results {'NVENC H.264 High Profile / .mp4': -11, 'NVENC HEVC Main10 
Profile / .mp4': -11, 'VAAPI H.264 / .mp4': 0}
~$ 

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flowblade depends on:
ii  frei0r-plugins1.8.0-1+b1
ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+b1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-pango-1.0  1.50.12+ds-1
ii  gmic  2.9.4-4+b4
ii  libmlt-data   7.12.0-1
ii  librsvg2-common   2.54.5+dfsg-1
ii  python3   3.11.2-1+b1
ii  python3-cairo 1.20.1-5+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-distutils 3.11.2-3
ii  python3-gi3.42.2-3+b1
ii  python3-gi-cairo  3.42.2-3+b1
ii  python3-mlt   7.12.0-1+b1
ii  python3-numpy 1:1.24.2-1
ii  python3-opencv4.6.0+dfsg-12
ii  python3-pil   9.4.0-1.1+b1
ii  swh-plugins   0.4.17-2

flowblade recommends no packages.

flowblade suggests no packages.

-- no debconf information

Bug#1036797: Acknowledgement (bullseye-pu: package mariadb-10.5 10.5.20-0+deb11u1)

[Adam D. Barratt]

On Fri, 2023-06-23 at 20:45 +0300, Otto Kekäläinen wrote:
> Do you plan to still do a 11.8 release? (Mentioned on
> https://release.debian.org/)
> 

Yes, there's even a thread on debian-release about when it might be.

The standard gap between point releases for oldstable is every four
months, which means one isn't actually due yet in any case. It's likely
it will be sooner, so we can align it more easily with bookworm point
releases, but that's part of the planning thread.

We're not even two weeks past the bookworm release yet. That weekend,
and the process of getting there, takes a lot out of people.

Regards,

Adam

Bug#1003010: closed by Debian FTP Masters (Bug#1038940: Removed package(s) from unstable)

[Martin-Éric Racine]

On Fri, Jun 23, 2023 at 8:58 PM  wrote:
>
> Am 2023-06-23 19:38, schrieb Martin-Éric Racine:
> > The description of the ROM bug makes it pretty clear that v1 is no
> > longer maintained, while v2 is. In other words, fonts-liberation
> > should ahve been removed from the archive, while fonts-liberation2 be
> > kept.
>
> No, everything went alright. The fonts-liberation2 package is continued
> under the fonts-liberation name.
>
> I think I have made this clear here
> https://lists.debian.org/debian-devel/2023/06/msg00220.html
> and here
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038940

The versions currently sitting in unstable disagree.

Martin-Éric

Bug#1003010: closed by Debian FTP Masters (Bug#1038940: Removed package(s) from unstable)

[fabian]

Am 2023-06-23 19:38, schrieb Martin-Éric Racine:

The description of the ROM bug makes it pretty clear that v1 is no
longer maintained, while v2 is. In other words, fonts-liberation
should ahve been removed from the archive, while fonts-liberation2 be
kept.


No, everything went alright. The fonts-liberation2 package is continued 
under the fonts-liberation name.


I think I have made this clear here
https://lists.debian.org/debian-devel/2023/06/msg00220.html
and here
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038940

Greetings,

 - Fabian

Bug#1038960: flowblade: missing dependency on ffmpeg

[Martin-Éric Racine]

Package: flowblade
Version: 2.10.0.1-1
Severity: important

MLT detection succeeded, 184 formats, 122 video codecs and 84 audio codecs 
found.
688 MLT services found.
Loading render profiles...
Traceback (most recent call last):
  File "/usr/bin/flowblade", line 93, in 
app.main(modules_path)
  File "/usr/share/flowblade/Flowblade/app.py", line 263, in main
renderconsumer.load_render_profiles()
  File "/usr/share/flowblade/Flowblade/renderconsumer.py", line 234, in 
load_render_profiles
ret_code = _test_command(FFMPEG_TEST, True)
   
  File "/usr/share/flowblade/Flowblade/renderconsumer.py", line 335, in 
_test_command
process = subprocess.Popen(bash_args_list)
  
  File "/usr/lib/python3.11/subprocess.py", line 1024, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
  File "/usr/lib/python3.11/subprocess.py", line 1901, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'ffmpeg'

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages flowblade depends on:
ii  frei0r-plugins1.8.0-1+b1
ii  gir1.2-gdkpixbuf-2.0  2.42.10+dfsg-1+b1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-gtk-3.03.24.37-2
ii  gir1.2-pango-1.0  1.50.12+ds-1
ii  gmic  2.9.4-4+b4
ii  libmlt-data   7.12.0-1
ii  librsvg2-common   2.54.5+dfsg-1
ii  python3   3.11.2-1+b1
ii  python3-cairo 1.20.1-5+b1
ii  python3-dbus  1.3.2-4+b1
ii  python3-distutils 3.11.2-3
ii  python3-gi3.42.2-3+b1
ii  python3-gi-cairo  3.42.2-3+b1
ii  python3-mlt   7.12.0-1+b1
ii  python3-numpy 1:1.24.2-1
ii  python3-opencv4.6.0+dfsg-12
ii  python3-pil   9.4.0-1.1+b1
ii  swh-plugins   0.4.17-2

flowblade recommends no packages.

flowblade suggests no packages.

-- no debconf information

Bug#1038882: override: isc-dhcp-client:net/optional dhcpcd-base:net/important

[Santiago Ruano Rincón]

Control: retitle -1 override: isc-dhcp-client:net/optional

El 23/06/23 a las 09:36, Holger Levsen escribió:
> On Thu, Jun 22, 2023 at 10:11:21AM -0300, Santiago Ruano Rincón wrote:
> > ISC-DHCP has become EOL'ed by upstream. The best alternative for
> > isc-dhcp-client is dhcpcd-base. Could you please low the isc-dhcp-client
> > priority to optional and bump that of dhcpcd-base to important, as
> > suggested in https://lists.debian.org/debian-devel/2023/06/msg00210.html
> 
> I don't think that thread's consensus was to raise the priority to important,
> quite the contrary actually: they both should become optional.

Hard to say there is a unique consensus in that thread :-P But yeah,
both of them optional makes sense.

Cheers,

 -- Santiago


signature.asc
Description: PGP signature

Bug#1038352: freespace2: Depends on SDL 1.2

[Alexandre Detiste]

tags: +fixed-upstream

Hi,

The newer version 3.8.0 from 2017 supports SDL2.

If you please consider move it under (Salsa/) Games Teams
I would prepare an upload, add a watch file.

#969735 would be closed and handled by game-data-packager instead.

Greetings,

https://www.hard-light.net/forums/index.php?topic=93812.0

Bug#1037190: re-introduction of epoch? #1037190 dhcpcd: version is lower than in wheezy

[Martin-Éric Racine]

On Fri, Jun 23, 2023 at 5:43 PM Andreas Beckmann  wrote:
>
> On 22/06/2023 12.15, Martin-Éric Racine wrote:
> >>> To solve that, we need to add Conflicts: dhcpcd (<< 1:5~) to usrmerge
> >>> which will make dhcpcd in sid (and bookworm) uninstallable due to the
> >>> missing epoch.
> >>
> >> Ack.
> >>
> >> Currently in NEW.
>
> That probably won't work and will cause a reject, since it drops the
> epoch from a source package that previously (up to wheezy) had an epoch.

No, it re-introduces the epoch.

> I've tested adding the epoch to the bookworm package in my piuparts
> framework, and that seems to make the upgrades succeed if the package
> version from wheezy is still installed.
>
> Please also add this dhcpcd.preinst script to clean up leftovers from
> the wheezy package.
>
> = >8 =
> #!/bin/sh
> set -e
>
> if dpkg --compare-versions "$2" lt-nl "1:10.0.1-2~" ; then
>  # cleanup leftovers from dhcpcd 1:3.* in wheezy
> # can be removed after the release of trixie
>  update-alternatives --remove dhcpcd /sbin/dhcpcd3
>  if [ -d /etc/dhcpc ]; then
>  test ! -h /etc/dhcpc/resolv.conf || rm -fv
> /etc/dhcpc/resolv.conf
>  rmdir --ignore-fail-on-non-empty /etc/dhcpc
>  fi
> fi
>
> #DEBHELPER#
> = 8< =
> (the version "1:10.0.1-2~" assumes the preinst gets added in the
> 1:10.0.1-2 upload)

Is /etc/dhcpc the correct path or should it be /etc/dhcpcd instead?

Shouldn't we instead try to move that resolv.conf instead of deleting it?

> > Btw, if you think that this or anything else is worthy of a
> > cherry-pick for bookworm-updates, suggestions are welcome.
>
> The re-addition of the epoch definitively needs to backported to
> bookworm-pu, otherwise the upcoming usrmerge upload (with additional
> Breaks) to bookworm-pu will make dhcpcd uninstallable.

Noted.

> The preinst is needed as well (but with a version of
> "1:9.4.1-22+deb12u1~" in the test) as the leftover alternative seems to
> be the source of the usrmerge conflict noticed in wicd-daemon.

I vaguely recall something in Scott's old maintainer files
adding/removing a symbolic link. That's probably what causes this.

> (The bookworm-pu upload needs to use the old source package name dhcpcd5
> (and version 9.4.1-22+deb12u1), but you can update the Vcs-* URLs if you
> want to put the bookworm branch in the "new" repository location.)

Indeed.

Martin-Éric

Bug#1036797: Acknowledgement (bullseye-pu: package mariadb-10.5 10.5.20-0+deb11u1)

[Otto Kekäläinen]

Hi Adam!

Do you plan to still do a 11.8 release? (Mentioned on
https://release.debian.org/)

Should I abandon this or upload this to oldstable-proposed-updates?

- Otto

Bug#1017919: firefox: All firefox tabs crash at startup and cannot be restored

[Alexandre Lymberopoulos]

Package: firefox
Version: 114.0-1
Followup-For: Bug #1017919

Dear Maintainer,

Confirming this, I can't open firefox here. It starts, but rapidly a
window asking for sending an error report to Mozilla shows up.

Here is the output when opening firefox from a shell:

~$ firefox
Gtk-Message: 14:40:46.947: Failed to load module "xapp-gtk3-module"
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ExceptionHandler::GenerateDump cloned child 4100
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...
Gtk-Message: 14:40:50.438: Failed to load module "xapp-gtk3-module"
Exiting due to channel error.
GConf Error: Failed to activate configuration server: The name
org.gnome.GConf was not provided by any .service files

Failed to open curl lib from binary, use libcurl.so instead

If any further information helps, please tell me how to provide it.

Best, Alexandre

-- Package-specific info:

-- Extensions information
Name: Add-ons Restricted Domains
Location: 
/home/lymber/.mozilla/firefox/7oigojvt.default/features/{2b4fe81d-cbbd-4b4c-b450-f1bb72823e53}/addons-restricted-doma...@mozilla.com.xpi
Status: enabled

Name: Add-ons Search Detection
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: Amazon.com
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: Bing
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: Cookie AutoDelete
Location: ${PROFILE_EXTENSIONS}/cookieautodel...@kennydo.com.xpi
Status: enabled

Name: Dark theme
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: DuckDuckGo
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: DuckDuckGo Privacy Essentials
Location: ${PROFILE_EXTENSIONS}/jid1-zadieub7xoz...@jetpack.xpi
Status: enabled

Name: eBay
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: Facebook Container
Location: ${PROFILE_EXTENSIONS}/@contain-facebook.xpi
Status: enabled

Name: Firefox Alpenglow theme
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: user-disabled

Name: Firefox Screenshots
Location: /usr/lib/firefox/browser/features/screensh...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: Form Autofill
Location: /usr/lib/firefox/browser/features/formautof...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: Google
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled

Name: HTTPS Everywhere
Location: ${PROFILE_EXTENSIONS}/https-everywh...@eff.org.xpi
Status: enabled

Name: Light theme
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: user-disabled

Name: Picture-In-Picture
Location: /usr/lib/firefox/browser/features/pictureinpict...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: Privacy Badger
Location: ${PROFILE_EXTENSIONS}/jid1-mnnxcxisbpn...@jetpack.xpi
Status: enabled

Name: System theme — auto theme
Location: /usr/lib/firefox/omni.ja
Package: firefox
Status: user-disabled

Name: uBlock Origin
Location: ${PROFILE_EXTENSIONS}/ublo...@raymondhill.net.xpi
Status: enabled

Name: Web Compatibility Interventions
Location: /usr/lib/firefox/browser/features/webcom...@mozilla.org.xpi
Package: firefox
Status: enabled

Name: WebCompat Reporter
Location: /usr/lib/firefox/browser/features/webcompat-repor...@mozilla.org.xpi
Package: firefox
Status: user-disabled

Name: Wikipedia (en)
Location: /usr/lib/firefox/browser/omni.ja
Package: firefox
Status: enabled


-- Addons package information
ii  firefox114.0-1  amd64Mozilla Firefox web browser

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.3.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox depends on:
ii  debianutils  5.7-0.4
ii  fontconfig   2.14.1-4
ii  libasound2   1.2.9-1
ii  libatk1.0-0  2.48.3-1
ii  libc62.36-9
ii  libcairo-gobject21.16.0-7
ii  libcairo21.16.0-7
ii  libdbus-1-3  1.14.8-1
ii  libdbus-glib-1-2 0.112-3
ii  libevent-2.1-7   2.1.12-stable-8
ii  libffi8  3.4.4-1
ii  libfontconfig1   2.14.1-4
ii  libfreetype6 2.12.1+dfsg-5
ii  libgcc-s112.2.0-14
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+b1
ii  libglib2.0-0 2.74.6-2
ii  libgtk-3-0   3.24.37-2
ii  libnspr4 2:4.35-1.1
ii  libnss3  2:3.90-2
ii  libpango-1.0-0  

Bug#1003010: closed by Debian FTP Masters (Bug#1038940: Removed package(s) from unstable)

[Martin-Éric Racine]

As far as I can tell, this ROM bug went backwards.

Package: fonts-liberation
Version: 1:1.07.4-11

Package: fonts-liberation2
Version: 2.1.5-1

The description of the ROM bug makes it pretty clear that v1 is no
longer maintained, while v2 is. In other words, fonts-liberation
should ahve been removed from the archive, while fonts-liberation2 be
kept.

Martin-Éric

On Fri, Jun 23, 2023 at 6:39 PM Debian Bug Tracking System
 wrote:
>
> This is an automatic notification regarding your Bug report
> which was filed against the fonts-liberation2 package:
>
> #1003010: fonts-liberation2: please Provides fonts-liberation
>
> It has been closed by Debian FTP Masters .
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Debian FTP Masters 
>  by
> replying to this email.
>
>
> --
> 1003010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003010
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> -- Forwarded message --
> From: Debian FTP Masters 
> To: 1003010-d...@bugs.debian.org
> Cc: fonts-liberati...@packages.debian.org
> Bcc:
> Date: Fri, 23 Jun 2023 15:37:35 +
> Subject: Bug#1038940: Removed package(s) from unstable
> Version: 2.1.5-1+rm
>
> Dear submitter,
>
> as the package fonts-liberation2 has just been removed from the Debian archive
> unstable we hereby close the associated bug reports.  We are sorry
> that we couldn't deal with your issue properly.
>
> For details on the removal, please see https://bugs.debian.org/1038940
>
> The version of this package that was in Debian prior to this removal
> can still be found using https://snapshot.debian.org/.
>
> Please note that the changes have been done on the master archive and
> will not propagate to any mirrors until the next dinstall run at the
> earliest.
>
> This message was generated automatically; if you believe that there is
> a problem with it please contact the archive administrators by mailing
> ftpmas...@ftp-master.debian.org.
>
> Debian distribution maintenance software
> pp.
> Scott Kitterman (the ftpmaster behind the curtain)
>
>
> -- Forwarded message --
> From: "Martin-Éric Racine" 
> To: Debian Bug Tracking System 
> Cc:
> Bcc:
> Date: Sun, 02 Jan 2022 20:44:22 +0200
> Subject: fonts-liberation2: please Provides fonts-liberation
> Package: fonts-liberation2
> Version: 2.1.5-1
> Severity: normal
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> It would be desirable for fonts-liberation2 to Provides fonts-liberation so 
> as to avoid installing two versions of essentially the same font.
>
> - -- System Information:
> Debian Release: bookworm/sid
>   APT prefers unstable
>   APT policy: (900, 'unstable')
> Architecture: i386 (x86_64)
>
> Kernel: Linux 5.10.0-10-amd64 (SMP w/8 CPU threads)
> Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
> Shell: /bin/sh linked to /bin/dash
> Init: unable to detect
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmHR8oMACgkQrh+Cd8S0
> 17Z7+RAAp5YKO9j36vycnMIvKSJP16hMis0Ua8kRKPbQD5yxHZ2esxA924Po5Owr
> DJPfBbHwiMBnZb4FQjDaHYBg+U7HN2ZWZuDJLFPszQr8p9eR+8GA3Wo2WxDTP9Es
> YsYia92X2Ay+T4Dq+OhEIQLdL7Dd72s8+BFpDqDWaZ+EAPNgsXFQneKpdCNS3y5w
> edw8ToH8xaDUnYILjBN7sD1f80RnA2oa6PbauVU+3CS41lsQ4vDZbFyR7Nedtl6n
> +C+HLmxwDHjd2SrvjCjBKkY7IZWMIzvt0fJb7LAoQ39w7+kqeCeTcbb28T+wjyFB
> hgPk30LStOgYCB9dQfhajrwt/rL+4/6ICy82BD7TRMOAhyiO8Z9zNViv151aPuMT
> 6BWSZAM1bjWBdAxDqWgaif9ByZnm7ba/n4NGTOyeQ2MX43HIn21DR1lNypLKsB6J
> t1q21TdeZNSmVJR02EtUZ6MhgXtCMJZoubb1uMkpQkeNuBv828mI0iqkCwMAnjfx
> Z2yYXDcaL7swtgBifGMtx4gtLJO54bFZ/7391f/AX7V1F07zFy0yiM1P7FY5jAkB
> xQ+wHVqGRIeSe0g9j40vQMH9u2T7GkgMCZDcraAiPTREZxUMpSc34o+DgnqOhAfZ
> 6U9cUH7iMvUfVyID/X3FQASnwjXrV2ALRRG+3tZmuIaTU4GnXKo=
> =k7Xm
> -END PGP SIGNATURE-

Bug#1038812: ITP: sexp -- S-expressions parser and generator C++ library and command-line tool

[Daniel Kahn Gillmor]

On Thu 2023-06-22 19:01:05 +0200, Alexander Sulfrian wrote:
> Hi,
>
> On Wed, Jun 21, 2023 at 12:20:52PM -0400, Daniel Kahn Gillmor wrote:
>> * URL : https://github.com/rnp/sexp
>
> this URL is 404, maybe you meant https://github.com/rnpgp/sexp ?

yes, that's correct.  sorry for the mistake in the original bug report,
and thanks to both Alexander and Victor for catching it.

This also potentially has a library naming conflict for the binary
packages with debian's current sfsexp source (though the library symbols
are entirely different).  This is being discussed upstream right now as
well:

   https://github.com/rnpgp/sexp/issues/45

--dkg


signature.asc
Description: PGP signature

Bug#1038959: RFS: gcc-sh-elf/6 -- GNU C compiler for embedded SuperH devices plus Newlib

[John Scott]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "gcc-sh-elf":

 * Package name : gcc-sh-elf
   Version  : 6
 * License  : many, but primarily GPL 3+ for GCC and permissive 
licenses for Newlib
 * Vcs  : 
https://salsa.debian.org/electronics-team/toolchains/gcc-sh-elf
   Section  : devel

The source builds the following binary packages:

  gcc-sh-elf - GNU C compiler for embedded SuperH devices
  libnewlib-sh-elf-dev - small ISO C standard library for embedded SuperH 
devices

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/gcc-sh-elf/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/g/gcc-sh-elf/gcc-sh-elf_6.dsc

Changes since the last upload:

 gcc-sh-elf (6) unstable; urgency=medium
 .
   * Upload to unstable.

Indeed, this is simply an upload of the package from experimental to unstable 
which uses GCC 13. GCC 13 is about to migrate to Trixie, so it's an appropriate 
time.
Even though a rare issue that is unlikely to happen again kept this package (w/ 
GCC 12) from migrating to Bookworm, I'm nevertheless adamant that it's 
appropriate for a stable release, and it's necessary to build carl9170 which 
I'm about to resume my work on after a hiatus. I'm going to be resuming my 
contributions to Debian and figured this would be a good start.

Thanks!


signature.asc
Description: This is a digitally signed message part


smime.p7s
Description: S/MIME cryptographic signature

Bug#1037980: transmission-daemon: memory leaks

[JT Hundley]

Yes, we would like any kind of update. It's been over a week now :)

On Mon, 19 Jun 2023 13:49:10 -0400 Sandro Tosi  wrote:
> On Thu, 15 Jun 2023 14:09:47 +0800 tanying  wrote:
> > Package: transmission-daemon
> > Version: 3.00-2.1+b1
> > Severity: normal
> > X-Debbugs-Cc: pls...@hotmail.com
>
> (resending to an open bug, didnt realize the original bug i replied to
> is closed)
>
> Sebastian,
> it appears the NMU you performed at
>
https://tracker.debian.org/news/1326874/accepted-transmission-300-21-source-into-unstable/
> is causing issues with transmission in stable -- are you going to
> address these issues? ideally a fix should be committed to the repo
> (or open an MR), a fix uploaded to proposed-updates, and the BTS bugs
> should be consolidated into one and closed in the upload.
>
> I'm sure users would also like to know a timeline for the fix, so it'd
> be great if you can share that as well
>
> thanks!
>
>

Bug#1038958: installation-reports: gnome-control-center very slow to start - modemmanager timeout

[Alessandro De Zorzi]

Package: installation-reports
Severity: normal

After a Debian11 to Debian12 upgrade on my Desktop NUC Intel
gnome-control-center very slow to start, I discover with

gnome-control-center -v

a modemmanager timeout, after modemmanager removed problem seems solved on my 
system

HTH
Alessandro - Lota

==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="11 (bullseye) - installer build 20210731+deb11u4"
X_INSTALLATION_MEDIUM=cdrom

==
Installer hardware-summary:
==
uname -a: Linux nuc 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) 
x86_64 GNU/Linux
lspci -knn: 00:00.0 Host bridge [0600]: Intel Corporation 11th Gen Core 
Processor Host Bridge/DRAM Registers [8086:9a14] (rev 01)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:02.0 VGA compatible controller [0300]: Intel Corporation UHD 
Graphics [8086:9a49] (rev 01)
lspci -knn: DeviceName: Onboard - Video
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:06.0 PCI bridge [0604]: Intel Corporation 11th Gen Core 
Processor PCIe Controller [8086:9a09] (rev 01)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:07.0 PCI bridge [0604]: Intel Corporation Tiger Lake-LP 
Thunderbolt PCI Express Root Port #1 [8086:9a25] (rev 01)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:07.2 PCI bridge [0604]: Intel Corporation Tiger Lake-LP 
Thunderbolt PCI Express Root Port #2 [8086:9a27] (rev 01)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:08.0 System peripheral [0880]: Intel Corporation Device 
[8086:9a11] (rev 01)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:0d.0 USB controller [0c03]: Intel Corporation Tiger Lake-LP 
Thunderbolt USB Controller [8086:9a13] (rev 01)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Kernel driver in use: xhci_hcd
lspci -knn: Kernel modules: xhci_pci
lspci -knn: 00:0d.2 USB controller [0c03]: Intel Corporation Tiger Lake-LP 
Thunderbolt NHI #0 [8086:9a1b] (rev 01)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Device [:]
lspci -knn: 00:0d.3 USB controller [0c03]: Intel Corporation Tiger Lake-LP 
Thunderbolt NHI #1 [8086:9a1d] (rev 01)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Device [:]
lspci -knn: 00:14.0 USB controller [0c03]: Intel Corporation Tiger Lake-LP USB 
3.2 Gen 2x1 xHCI Host Controller [8086:a0ed] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: Kernel driver in use: xhci_hcd
lspci -knn: Kernel modules: xhci_pci
lspci -knn: 00:14.2 RAM memory [0500]: Intel Corporation Tiger Lake-LP Shared 
SRAM [8086:a0ef] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: 00:14.3 Network controller [0280]: Intel Corporation Wi-Fi 6 AX201 
[8086:a0f0] (rev 20)
lspci -knn: DeviceName: Onboard - Ethernet
lspci -knn: Subsystem: Intel Corporation Device [8086:0070]
lspci -knn: Kernel modules: iwlwifi
lspci -knn: 00:15.0 Serial bus controller [0c80]: Intel Corporation Tiger 
Lake-LP Serial IO I2C Controller #0 [8086:a0e8] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:15.1 Serial bus controller [0c80]: Intel Corporation Tiger 
Lake-LP Serial IO I2C Controller #1 [8086:a0e9] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:16.0 Communication controller [0780]: Intel Corporation Tiger 
Lake-LP Management Engine Interface [8086:a0e0] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:16.3 Serial controller [0700]: Intel Corporation Device 
[8086:a0e3] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: Kernel driver in use: serial
lspci -knn: 00:17.0 SATA controller [0106]: Intel Corporation Device 
[8086:a0d3] (rev 20)
lspci -knn: DeviceName: Onboard - SATA
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: Kernel driver in use: ahci
lspci -knn: Kernel modules: ahci
lspci -knn: 00:1d.0 PCI bridge [0604]: Intel Corporation Device [8086:a0b1] 
(rev 20)
lspci -knn: Kernel driver in use: pcieport
lspci -knn: 00:1f.0 ISA bridge [0601]: Intel Corporation Tiger Lake-LP LPC 
Controller [8086:a082] (rev 20)
lspci -knn: DeviceName: Onboard - Other
lspci -knn: Subsystem: Intel Corporation Device [8086:3003]
lspci -knn: 00:1f.3 Audio device [0403]: Intel Corporation Tiger Lake-LP Smart 
Sound Technology Audio 

Bug#1026965: ACPI Error: Needed [Integer/String/Buffer], found [Package] 0000000020c8cab7 (20220331/exresop-469)

[AlMa]

Same or similar issue for me here with kernel 6.1.0-9. Journal:



Jun 23 05:25:33 ComputerName kernel: ppdev: user-space parallel port driver

Jun 23 05:25:33 ComputerName systemd[1]: Finished 
systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev.


Jun 23 05:25:33 ComputerName systemd[1]: Starting systemd-udevd.service 
- Rule-based Manager for Device Events and Files...


Jun 23 05:25:33 ComputerName systemd[1]: Finished 
systemd-modules-load.service - Load Kernel Modules.


Jun 23 05:25:33 ComputerName systemd[1]: Starting systemd-sysctl.service 
- Apply Kernel Variables...


Jun 23 05:25:33 ComputerName systemd[1]: Finished keyboard-setup.service 
- Set the console keyboard layout.


Jun 23 05:25:33 ComputerName systemd[1]: Finished systemd-sysctl.service 
- Apply Kernel Variables.


Jun 23 05:25:33 ComputerName systemd-journald[322]: Journal started

Jun 23 05:25:33 ComputerName systemd-journald[322]: Runtime Journal 
(/run/log/journal/2784fafb491c48e897697c3de57db145) is 8.0M, max 317.2M, 
309.2M free.


Jun 23 05:25:33 ComputerName systemd-modules-load[325]: Inserted module 'lp'

Jun 23 05:25:33 ComputerName systemd-modules-load[325]: Inserted module 
'ppdev'


Jun 23 05:25:33 ComputerName systemd-modules-load[325]: Inserted module 
'parport_pc'


Jun 23 05:25:33 ComputerName systemd-modules-load[325]: Inserted module 
'msr'


Jun 23 05:25:33 ComputerName systemd[1]: Starting 
systemd-journal-flush.service - Flush Journal to Persistent Storage...


Jun 23 05:25:33 ComputerName systemd[1]: Started 
systemd-journald.service - Journal Service.


Jun 23 05:25:33 ComputerName systemd-journald[322]: Time spent on 
flushing to /var/log/journal/2784fafb491c48e897697c3de57db145 is 
73.133ms for 1026 entries.


Jun 23 05:25:33 ComputerName systemd-journald[322]: System Journal 
(/var/log/journal/2784fafb491c48e897697c3de57db145) is 1.9G, max 4.0G, 
2.0G free.


Jun 23 05:25:33 ComputerName systemd-journald[322]: Received client 
request to flush runtime journal.


Jun 23 05:25:33 ComputerName kernel: intel_pmc_core INT33A1:00: initialized

Jun 23 05:25:33 ComputerName kernel: Consider using thermal netlink 
events interface


Jun 23 05:25:33 ComputerName kernel: ACPI Error: Needed 
[Integer/String/Buffer], found [Package] 20c8cab7 
(20220331/exresop-469)


Jun 23 05:25:33 ComputerName kernel: ACPI Error: AE_AML_OPERAND_TYPE, 
While resolving operands for [OpcodeName unavailable] (20220331/dswexec-431)


Jun 23 05:25:33 ComputerName kernel: ACPI Error: Aborting method \ADBG 
due to previous error (AE_AML_OPERAND_TYPE) (20220331/psparse-529)


Jun 23 05:25:33 ComputerName kernel: ACPI Error: Aborting method 
\_SB.HIDD._DSM due to previous error (AE_AML_OPERAND_TYPE) 
(20220331/psparse-529)


Jun 23 05:25:33 ComputerName kernel: ACPI: \_SB_.HIDD: failed to 
evaluate _DSM b356ecee-4244-8f40-a792-4edd4d758054 (0x3003)


Jun 23 05:25:33 ComputerName kernel: ACPI: AC: AC Adapter [AC] (on-line)



The texts “ACPI Error: …” are red, the text “ACPI: \_SB_.HIDD: failed to 
…” is yellow, and the remaining lines are normal.




dmesg:



[ 6.004439] ppdev: user-space parallel port driver

[ 6.010994] systemd[1]: Finished systemd-tmpfiles-setup-dev.service - 
Create Static Device Nodes in /dev.


[ 6.011709] systemd[1]: Starting systemd-udevd.service - Rule-based 
Manager for Device Events and Files...


[ 6.016646] systemd[1]: Finished systemd-modules-load.service - Load 
Kernel Modules.


[ 6.017587] systemd[1]: Starting systemd-sysctl.service - Apply Kernel 
Variables...


[ 6.021892] systemd[1]: Finished keyboard-setup.service - Set the 
console keyboard layout.


[ 6.023434] systemd[1]: Finished systemd-sysctl.service - Apply Kernel 
Variables.


[ 6.026124] systemd[1]: Started systemd-journald.service - Journal Service.

[ 6.030330] systemd-journald[322]: Received client request to flush 
runtime journal.


[ 6.114199] intel_pmc_core INT33A1:00: initialized

[ 6.130965] Consider using thermal netlink events interface

[ 6.140263] ACPI Error: Needed [Integer/String/Buffer], found [Package] 
20c8cab7 (20220331/exresop-469)


[ 6.140336] ACPI Error: AE_AML_OPERAND_TYPE, While resolving operands 
for [OpcodeName unavailable] (20220331/dswexec-431)


[ 6.140404] ACPI Error: Aborting method \ADBG due to previous error 
(AE_AML_OPERAND_TYPE) (20220331/psparse-529)


[ 6.140480] ACPI Error: Aborting method \_SB.HIDD._DSM due to previous 
error (AE_AML_OPERAND_TYPE) (20220331/psparse-529)


[ 6.140554] ACPI: \_SB_.HIDD: failed to evaluate _DSM 
b356ecee-4244-8f40-a792-4edd4d758054 (0x3003)


[ 6.143080] ACPI: AC: AC Adapter [AC] (on-line)



Here, the texts following „ACPI Error: ” are red, the text “\_SB_.HIDD: 
failed to evaluate _DSM b356ecee-4244-8f40-a792-4edd4d758054 (0x3003)” 
is bold, and everything else is normal.

Bug#1038957: jtreg7: please make the build reproducible

[Chris Lamb]

Source: jtreg7
Version: 7.2+1-3
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
jtreg7 could not be built reproducibly.

This is because jtreg.jar file:

a) Includes a BuildDate field in the manifest file (which is later
parsed by the 'About' dialog) that is based on the current build date
instead of SOURCE_DATE_EPOCH.

b) The build system creates a .jar file that is not writable
(ie. -r--r--r---) so that it is ignored by strip-nondeterminism and
thus the timestamps are not normalised.

A patch is attached that addresses both issues.

 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/patches/reproducible-build.patch   1970-01-01 01:00:00.0 
+0100
--- b/debian/patches/reproducible-build.patch   2023-06-22 19:43:10.340572525 
+0100
@@ -0,0 +1,29 @@
+Description: Make the build reproducible
+Author: Chris Lamb 
+Last-Update: 2023-06-22
+
+--- jtreg7-7.2+1.orig/make/Rules.gmk
 jtreg7-7.2+1/make/Rules.gmk
+@@ -60,6 +60,13 @@ $(CLASSDIR) $(BUILDDIR) $(BUILDDIR)/test
+ # default copyright; override as necessary
+ JAR_COPYRIGHT = -C $(TOPDIR) COPYRIGHT
+ 
++DATE_FMT = +%B %d, %Y
++ifdef SOURCE_DATE_EPOCH
++BUILD_DATE ?= $(shell LC_ALL=C date -u -d "@$(SOURCE_DATE_EPOCH)" 
"$(DATE_FMT)" 2>/dev/null || LC_ALL=C date -u -r "$(SOURCE_DATE_EPOCH)" 
"$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)")
++else
++BUILD_DATE ?= $(shell date "$(DATE_FMT)")
++endif
++
+ $(IMAGES_DIR)/%.jar: pkgsToFiles.sh
+   $(RM) $@ $(@:$(IMAGES_DIR)/%.jar=$(BUILDDIR)/jarData/%)
+   $(MKDIR) -p $(@D)
+@@ -73,7 +80,7 @@ $(IMAGES_DIR)/%.jar: pkgsToFiles.sh
+ echo "$(@F:%.jar=%)-Build: $(BUILD_NUMBER)" ; \
+ echo "$(@F:%.jar=%)-BuildJavaVersion: `$(JDKJAVA) -fullversion 2>&1 | 
awk '{print $$NF}'  | \
+   sed -e 's|^"\(.*\)"$$|Java(TM) 2 SDK, Version \1|'`" ; \
+-echo "$(@F:%.jar=%)-BuildDate: `/bin/date +'%B %d, %Y'`" ; \
++echo "$(@F:%.jar=%)-BuildDate: $(BUILD_DATE)" ; \
+   ) \
+   > $(@:$(IMAGES_DIR)/%.jar=$(BUILDDIR)/jarData/%/manifest.txt)
+   sh pkgsToFiles.sh $(CLASSDIR) $($(@F:%.jar=PKGS.JAR.%)) > 
$(@:$(IMAGES_DIR)/%.jar=$(BUILDDIR)/jarData/%/includes.txt)
--- a/debian/patches/series 2023-06-22 16:26:43.865668373 +0100
--- b/debian/patches/series 2023-06-22 19:43:09.036561740 +0100
@@ -1,3 +1,4 @@
 launchers.patch
 add-jcommander-to-classpath.patch
 do-not-export-headless-display.patch
+reproducible-build.patch
--- a/debian/rules  2023-06-22 16:26:43.865668373 +0100
--- b/debian/rules  2023-06-22 17:52:43.345400601 +0100
@@ -40,3 +40,6 @@
# Generate the manpages
JT_HOME=./build/images/jtreg/lib/ help2man --no-discard-stderr 
--name="Regression Test Harness" --help-option="-help all" 
./build/images/jtreg/bin/jtdiff > jtdiff.1
JT_HOME=./build/images/jtreg/lib/ help2man --no-discard-stderr 
--name="Regression Test Harness" --help-option="-help all" 
./build/images/jtreg/bin/jtreg > jtreg.1
+
+   # Make jtreg.jar writable so it is not ignored by strip-nondeterminism
+   chmod +w build/images/jtreg/lib/jtreg.jar

Bug#979982: emacsen-common: emacs -batch is noisy

[Michael Hoffman]

I would prefer `(load file nil t)` to `(load file nil noninteractive)`
as even in interactive mode, extra output likes this makes it more
difficult to notice actual warnings or errors that might need attention.

But either way would be a big improvement.

Michael

Bug#1034903: Possible missing firmware /lib/firmware/amdgpu/sienna_cichlid_mes.bin navi10_mes.bin for module amdgpu

[Alex Deucher]

On Wed, Jun 21, 2023 at 11:38 AM Ben Hutchings  wrote:
>
> On Thu, 27 Apr 2023 15:43:28 +0800 xiao sheng wen(肖盛文）
>  wrote:
> > Package: firmware-amd-graphics
> > Version: 20230310-1~exp1
> > Severity: normal
> > X-Debbugs-Cc: atzli...@sina.com
> >
> > Hi,
> >
> >  When I upgrade to kernel 5.10.0-22-arm64, there are following error
> >  infos:
> >
> > W: Possible missing firmware /lib/firmware/amdgpu/sienna_cichlid_mes.bin 
> > for module amdgpu
> > W: Possible missing firmware /lib/firmware/amdgpu/navi10_mes.bin for module 
> > amdgpu
> [...]

Those could be dropped.  They are not really used by the driver.  They
are for a feature which was not ultimately productized on those parts.

>
> I see that the amdgpu driver has had references to these files for
> several years, but they've never been added to linux-firmware.git.
> More recently amdgpu added:
>
> MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes.bin");
> MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes_2.bin");
> MODULE_FIRMWARE("amdgpu/gc_11_0_3_mes1.bin");
>
> and these are also missing from linux-firmware.git.
>
> Is this firmware intended to be available to the public?

Yes, those will be available soon.

Alex

Bug#1038956: sitesummary-client: please recommends "cron | cron-daemon"

[Alexandre Detiste]

Package: sitesummary-client
Version: 0.1.51
Severity: normal

Hi

Please recommends "cron | cron-daemon" to allow
the use of an alternative cron implemenation like
cronie, bcron or systemd-cron.

Greetings,


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#1038901: xen dom0 erroneous detected as 'xen' virtualization by systemd-detect-virt

[zithro]

Hello,

I reported the bug upstream, just added there some comments to reflect 
that the output is different on AMD and Intel platforms.

I also added the commit link, thanks for that.

So, "systemd-detect-virt" on non-nested dom0s reports :
- "xen" on Intel (like this bug report)
- "vm-other" on AMD (like my bug report upstream)

Bug#1038955: buildd: please depends on "cron | cron-daemon" to allow for alternative cron-daemon

[Alexandre Detiste]

Package: buildd
Version: 0.85.2
Severity: normal


Please depends on "cron | cron-daemon" to allow for alternative cron-daemon
this is already the case for "sbuild-debian-developer-setup".

Greetings,


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages buildd depends on:
ii  adduser3.134
pn  cron   
ii  devscripts 2.23.5
pn  dupload
pn  libsbuild-perl 
pn  libyaml-tiny-perl  
ii  nullmailer [mail-transport-agent]  1:2.2+10~g7ed88a0-1
ii  perl   5.36.0-7
pn  sbuild 
ii  schroot1.6.13-3+b2
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages buildd recommends:
ii  sudo  1.9.13p3-1

Versions of packages buildd suggests:
pn  wanna-build  

Bug#1036171: debian-installer: /etc/apt/sources.list isn't populated if mirror can't be reached during installation

[xalt7x . service]

On Fri, 23 Jun 2023 18:51:02 +0300 xalt7x.serv...@gmail.com wrote:
> I can confirm this.
> Using different install options of Debian installer produce different
> sources.list. With default options selected of without internet
> connection user receives system that can't be updated and where many
> packages can't be installed without sources.list modifications
> 
> # STEPS TO REPRODUCE
> 1. Boot into official debian-12.0.0-amd64-DVD-1.iso
> 2. Select Graphical install
> 3. Proceed until step "Configure package manager" and question "Scan
> extra installation media?"
> 4. Leave default option ("No")
> 5. Finish installation, boot into system
> 6. check /etc/apt/sources.list
> 
> # TEST RESULTS:
> 
> 1. With "Scan extra installation media?" = "No" I've got sources.list
> with such content:
> ```
> deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD
> Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-
firmware
> ```
> 
> 2. With "Scan extra installation media?" = "Yes" I've got
sources.list
> with such content:
> 
> ```
> deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD
> Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-
firmware
> 
> deb http://deb.debian.org/debian/ bookworm main non-free-firmware
> deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
> 
> deb http://security.debian.org/debian-security bookworm-security main
> non-free-firmware
> deb-src http://security.debian.org/debian-security bookworm-security
> main non-free-firmware
> 
> # bookworm-updates, to get updates before a point release is made;
> # see
>
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
> deb http://deb.debian.org/debian/ bookworm-updates main non-free-
> firmware
> deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-
> firmware
> ```
> 
> 3. With Calamares installer from live media ("debian-live-12.0.0-
amd64-
> gnome.iso") I've got sources.list with such content:
> 
> ```
> # See https://wiki.debian.org/SourcesList for more information.
> deb http://deb.debian.org/debian bookworm main non-free-firmware
> deb-src http://deb.debian.org/debian bookworm main non-free-firmware
> 
> deb http://deb.debian.org/debian bookworm-updates main non-free-
> firmware
> deb-src http://deb.debian.org/debian bookworm-updates main non-free-
> firmware

^ There's mistake in the description.
Choice that affects resulting sources.list is on the step
"Configure the package manager" > "Use a network mirror?"

Bug#1038841: libsys-info-driver-linux-perl: transition from /etc/timezone to /etc/localtime

[Luca Boccassi]

On Fri, 23 Jun 2023 at 16:47, gregor herrmann  wrote:
>
> On Wed, 21 Jun 2023 23:16:58 +0100, bl...@debian.org wrote:
>
> > libsys-info-driver-linux-perl is currently referencing /etc/timezone
> > without support for /etc/localtime. /etc/timezone is a legacy
> > interface that is Debian specific. The cross-distro standard
> > /etc/localtime (as a symlink to the appropriate timezone file), so
> > please switch your package to /etc/localtime. tzsetup will stop
> > creating /etc/timezone soon.
>
> /etc/localtime is a _text_ file, containing the name of the timezone;
> /etc/timezone is a symlink to the corresponding _binary_ timezone
> file.
>
> The code in lib/Sys/Info/Driver/Linux/OS.pm just reads the text from
> /etc/localtime currently; replacing it with /etc/localtime therefore
> won't work.
>
> Is there any facility to get the name of the timezone out of
> /etc/localtime (short of following the symlink and mangling the
> target file name)?

If you want to restrict it to filesystem access, then reading the link
and cutting the leading directories is exactly the suggested pattern:

$ cat /etc/timezone
Europe/London
$ readlink /etc/localtime | sed "s|/usr/share/zoneinfo/||"
Europe/London

Or any variations thereof, it's quite trivial as you can see.

If you want fully programmatic API there's timedate1 via D-Bus:

https://www.freedesktop.org/software/systemd/man/org.freedesktop.timedate1.html

or the command line equivalent via timedatectl:

https://www.freedesktop.org/software/systemd/man/timedatectl.html

Kind regards,
Luca Boccassi

Bug#1036171: -

[xalt7x . service]

I can confirm this.
Using different install options of Debian installer produce different
sources.list. With default options selected of without internet
connection user receives system that can't be updated and where many
packages can't be installed without sources.list modifications

# STEPS TO REPRODUCE
1. Boot into official debian-12.0.0-amd64-DVD-1.iso
2. Select Graphical install
3. Proceed until step "Configure package manager" and question "Scan
extra installation media?"
4. Leave default option ("No")
5. Finish installation, boot into system
6. check /etc/apt/sources.list

# TEST RESULTS:

1. With "Scan extra installation media?" = "No" I've got sources.list
with such content:
```
deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD
Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-firmware
```

2. With "Scan extra installation media?" = "Yes" I've got sources.list
with such content:

```
deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD
Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-firmware

deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main
non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security
main non-free-firmware

# bookworm-updates, to get updates before a point release is made;
# see
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-
firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-
firmware
```

3. With Calamares installer from live media ("debian-live-12.0.0-amd64-
gnome.iso") I've got sources.list with such content:

```
# See https://wiki.debian.org/SourcesList for more information.
deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main non-free-
firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-
firmware

deb http://security.debian.org/debian-security/ bookworm-security main
non-free-firmware
deb-src http://security.debian.org/debian-security/ bookworm-security
main non-free-firmware

# Backports allow you to install newer versions of software made
available for this release
deb http://deb.debian.org/debian bookworm-backports main non-free-
firmware
deb-src http://deb.debian.org/debian bookworm-backports main non-free-
firmware
```

Bug#1038954: python3-pdbfixer depends on python3-simtk no longer built by src:openmm

[Adrian Bunk]

Package: python3-pdbfixer
Version: 1.8.1-2
Severity: serious

openmm (8.0.0~beta+dfsg-1) experimental; urgency=medium
...
  * Rename Python package python3-simtk -> python3-openmm.
...
 -- Andrius Merkys   Tue, 25 Oct 2022 06:59:05 -0400

Bug#1038953: mailman3: please depends on "cron | cron-daemon"

[Alexandre Detiste]

Package: mailman3
Version: 3.3.8-1
Severity: normal

Please depends on "cron | cron-daemon" to allow
usage with an alternative cron implementation
(bcron, cronie or systemd-cron)

Greetings,

Alexandre Detiste


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (501, 'testing'), (450, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#1038841: libsys-info-driver-linux-perl: transition from /etc/timezone to /etc/localtime

[gregor herrmann]

On Wed, 21 Jun 2023 23:16:58 +0100, bl...@debian.org wrote:

> libsys-info-driver-linux-perl is currently referencing /etc/timezone
> without support for /etc/localtime. /etc/timezone is a legacy
> interface that is Debian specific. The cross-distro standard
> /etc/localtime (as a symlink to the appropriate timezone file), so
> please switch your package to /etc/localtime. tzsetup will stop
> creating /etc/timezone soon.

/etc/localtime is a _text_ file, containing the name of the timezone;
/etc/timezone is a symlink to the corresponding _binary_ timezone
file.

The code in lib/Sys/Info/Driver/Linux/OS.pm just reads the text from
/etc/localtime currently; replacing it with /etc/localtime therefore
won't work.

Is there any facility to get the name of the timezone out of
/etc/localtime (short of following the symlink and mangling the
target file name)?


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Bug#1038952: debsecan: Missing support for bookworm

[Ole Toft Jensen]

Package: debsecan
Version: 0.4.20.1
Severity: important

Dear Maintainer,

when running 'dpkg-reconfigure debsecan' it doesn't offer newly released
bookworm as an option, could you please include that?

Kind regards

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable'), (100, 
'bookworm-fasttrack'), (100, 'bookworm-backports-staging')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages debsecan depends on:
ii  ca-certificates20230311
ii  debconf [debconf-2.0]  1.5.82
ii  python33.11.2-1+b1
ii  python3-apt2.6.0

Versions of packages debsecan recommends:
ii  cron [cron-daemon]  3.0pl1-162
ii  postfix [mail-transport-agent]  3.7.5-2

debsecan suggests no packages.

-- debconf information:
* debsecan/source:
* debsecan/mailto: root
* debsecan/report: true
* debsecan/suite: bullseye

Bug#1038904: [Pkg-utopia-maintainers] Bug#1038904: firewalld: nftables backend tries to mix ipv6 addresses and ipv4 addresses in the same rule

[Konstantin Nebel]

Hello,

> Debian unstable already has 1.3.3-1, so when you mean "debian" I suspect
> you mean Debian stable, i.e. bookworm?
yes, I mean bookworm.

>
> Also, you mention that this requires an update of python3-nftables. Can
> you elaborate here?
>
> stable currently ships 1.0.6-2, unstable 1.0.7-2
I can confirm that sid works. Im actually not quite sure, which version im
using. I used a local penv environment und used this command to install
nftables module:

python3 -m pip install 
'git+https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git=py'

Im not sure which version it is. It states nftables 0.1 which is proably
wrong?

I installed a  VM very quick to confirm that sid is working which it is. But i
think this issue is important enough to make it to bookworm.

Cheers
Konstantin Nebel


signature.asc
Description: This is a digitally signed message part.

Bug#1038951: fdkaac: CVE-2023-34823 CVE-2023-34824

[Moritz Mühlenhoff]

Source: fdkaac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for fdkaac.

CVE-2023-34823[0]:
| fdkaac before 1.0.5 was discovered to contain a stack overflow in
| read_callback function in src/main.c.

CVE-2023-34824[1]:
| fdkaac before 1.0.5 was discovered to contain a heap buffer overflow
| in caf_info function in caf_reader.c.

https://github.com/nu774/fdkaac/issues/55
https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8 
(v1.0.5)


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34823
https://www.cve.org/CVERecord?id=CVE-2023-34823
[1] https://security-tracker.debian.org/tracker/CVE-2023-34824
https://www.cve.org/CVERecord?id=CVE-2023-34824

Please adjust the affected versions in the BTS as needed.

Bug#1038949: sabnzbdplus: CVE-2023-34237

[Moritz Mühlenhoff]

Source: sabnzbdplus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for sabnzbdplus.

CVE-2023-34237[0]:
| SABnzbd is an open source automated Usenet download tool. A design
| flaw was discovered in SABnzbd that could allow remote code
| execution. Manipulating the Parameters setting in the Notification
| Script functionality allows code execution with the privileges of
| the SABnzbd process. Exploiting the vulnerabilities requires access
| to the web interface. Remote exploitation is possible if
| users[exposed their setup to the internet or other untrusted
| networks without setting a username/password. By default SABnzbd is
| only accessible from `localhost`, with no authentication required
| for the web interface. This issue has been patched in commits
| `e3a722` and `422b4f` which have been included in the 4.0.2 release.
| Users are advised to upgrade. Users unable to upgrade should ensure
| that a username and password have been set if their instance is web
| accessible.

https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc
 (4.0.2RC2)
https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429
 (4.0.2RC2)
https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34237
https://www.cve.org/CVERecord?id=CVE-2023-34237

Please adjust the affected versions in the BTS as needed.

Bug#1038950: ruby-doorkeeper: CVE-2023-34246

[Moritz Mühlenhoff]

Source: ruby-doorkeeper
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for ruby-doorkeeper.

CVE-2023-34246[0]:
| Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior
| to version 5.6.6, Doorkeeper automatically processes authorization
| requests without user consent for public clients that have been
| previous approved. Public clients are inherently vulnerable to
| impersonation, their identity cannot be assured. This issue is fixed
| in version 5.6.6.

https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
https://github.com/doorkeeper-gem/doorkeeper/issues/1589
https://github.com/doorkeeper-gem/doorkeeper/pull/1646
Fixed by: 
https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907
 (v5.6.6)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34246
https://www.cve.org/CVERecord?id=CVE-2023-34246

Please adjust the affected versions in the BTS as needed.

Bug#1038948: flask-appbuilder: CVE-2023-34110

[Moritz Mühlenhoff]

Source: flask-appbuilder
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for flask-appbuilder.

CVE-2023-34110[0]:
| Flask-AppBuilder is an application development framework, built on
| top of Flask. Prior to version 4.3.2, an authenticated malicious
| actor with Admin privileges, could by adding a special character on
| the add, edit User forms trigger a database error, this error is
| surfaced back to this actor on the UI. On certain database engines
| this error can include the entire user row including the
| pbkdf2:sha256 hashed password. This vulnerability has been fixed in
| version 4.3.2.

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3
https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34110
https://www.cve.org/CVERecord?id=CVE-2023-34110

Please adjust the affected versions in the BTS as needed.

Bug#1038947: netty: CVE-2023-34462

[Moritz Mühlenhoff]

Source: netty
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for netty.

CVE-2023-34462[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid development of maintainable high performance protocol
| servers & clients. The `SniHandler` can allocate up to 16MB of heap
| for each channel during the TLS handshake. When the handler or the
| channel does not have an idle timeout, it can be used to make a TCP
| server using the `SniHandler` to allocate 16MB of heap. The
| `SniHandler` class is a handler that waits for the TLS handshake to
| configure a `SslHandler` according to the indicated server name by
| the `ClientHello` record. For this matter it allocates a `ByteBuf`
| using the value defined in the `ClientHello` record. Normally the
| value of the packet should be smaller than the handshake packet but
| there are not checks done here and the way the code is written, it
| is possible to craft a packet that makes the
| `SslClientHelloHandler`. This vulnerability has been fixed in
| version 4.1.94.Final.

https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34462
https://www.cve.org/CVERecord?id=CVE-2023-34462

Please adjust the affected versions in the BTS as needed.

Bug#1038946: ITP: xdg-desktop-portal-xapp -- Xapp's Cinnamon, MATE and Xfce backends for xdg-desktop-portal

[Fabio Fantoni]

Package: wnpp
Severity: wishlist
Owner: Fabio Fantoni 
X-Debbugs-Cc: debian-de...@lists.debian.org, fantonifa...@tiscali.it

* Package name    : xdg-desktop-portal-xapp
  Version : 1.0.1
  Upstream Contact: Linux Mint Project 
* URL : https://github.com/linuxmint/xdg-desktop-portal-xapp
* License : GPL-2+ and LGPL-2+ and LGPL-2.1+
  Description : Xapp's Cinnamon, MATE and Xfce backends for 
xdg-desktop-portal



I'll package it under the debian cinnamon team:
https://salsa.debian.org/cinnamon-team/xdg-desktop-portal-xapp

Bug#1037190: re-introduction of epoch? #1037190 dhcpcd: version is lower than in wheezy

[Andreas Beckmann]

On 22/06/2023 12.15, Martin-Éric Racine wrote:

To solve that, we need to add Conflicts: dhcpcd (<< 1:5~) to usrmerge
which will make dhcpcd in sid (and bookworm) uninstallable due to the
missing epoch.


Ack.

Currently in NEW.


That probably won't work and will cause a reject, since it drops the 
epoch from a source package that previously (up to wheezy) had an epoch.


I've tested adding the epoch to the bookworm package in my piuparts 
framework, and that seems to make the upgrades succeed if the package 
version from wheezy is still installed.


Please also add this dhcpcd.preinst script to clean up leftovers from 
the wheezy package.


= >8 =
#!/bin/sh
set -e

if dpkg --compare-versions "$2" lt-nl "1:10.0.1-2~" ; then
# cleanup leftovers from dhcpcd 1:3.* in wheezy
# can be removed after the release of trixie
update-alternatives --remove dhcpcd /sbin/dhcpcd3
if [ -d /etc/dhcpc ]; then
test ! -h /etc/dhcpc/resolv.conf || rm -fv 
/etc/dhcpc/resolv.conf

rmdir --ignore-fail-on-non-empty /etc/dhcpc
fi
fi

#DEBHELPER#
= 8< =
(the version "1:10.0.1-2~" assumes the preinst gets added in the 
1:10.0.1-2 upload)



Btw, if you think that this or anything else is worthy of a
cherry-pick for bookworm-updates, suggestions are welcome.


The re-addition of the epoch definitively needs to backported to 
bookworm-pu, otherwise the upcoming usrmerge upload (with additional 
Breaks) to bookworm-pu will make dhcpcd uninstallable.
The preinst is needed as well (but with a version of 
"1:9.4.1-22+deb12u1~" in the test) as the leftover alternative seems to 
be the source of the usrmerge conflict noticed in wicd-daemon.
(The bookworm-pu upload needs to use the old source package name dhcpcd5 
(and version 9.4.1-22+deb12u1), but you can update the Vcs-* URLs if you 
want to put the bookworm branch in the "new" repository location.)


Andreas

Bug#1018730: lvm2: Initramfs does not activate root LVs if VG is incomplete since 2.03.15 or 2.03.16, boot failure

[Javier Miqueleiz (ethereal)]

I would like to share some more info. Yesterday I had a look at how 
dracut (version 059-4) manages LVM activation. It uses the older LVM way 
that allows partial VG activation:


-

mkdir /var/tmp/dracut

cd /var/tmp/dracut/

lsinitrd --unpack /boot/initrd.img-6.1.0-9-amd64

cat etc/udev/rules.d/64-lvm.rules

...

RUN+="/sbin/initqueue --settled --onetime --unique /sbin/lvm_scan"
RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique 
/sbin/lvm_scan --activationmode degraded"


...

-

On one AlmaLinux 9 VM I have for tests, the exact same udev rules are 
present for the initramfs, so it seems dracut-based distros still 
support partial VG activation (or at least some of them do).


I've done some initial tests to check if those partial VGs can actually 
be activated by dracut. The preliminary answer is yes, they can. But I 
intend to do further tests to check there are no issues with complex 
storage architectures that involve a combination of RAID, LVM, LUKS, etc.


If reopening this bug and allowing for initramfs-tools to use partial VG 
activation seems inappropriate, maybe dracut could be a suitable 
alternative for the users affected by this issue.


Best wishes.

--
 Javier Miqueleiz (ethereal)  --

  "Since the best man could not be obtained, mediocre ones would have
to be accepted."

-- Leipzig mayor Abraham Platz, 1723, commenting on appointing
   Bach as the Cantor of St Thomas School, Leipzig, when
   Graupner refused the post (Graupner is a now long-forgotten
   minor musician); quoted in Werner Neuman, Bach (1961)





OpenPGP_signature
Description: OpenPGP digital signature

Bug#1038945: linux: kernel null pointer dereference loading an invalid AppArmor profile, regression since 6.1

[Simon McVittie]

Source: linux
Version: 6.3.7-1
Severity: normal
X-Debbugs-Cc: appar...@packages.debian.org
Control: affects -1 + apparmor quake4

The AppArmor profile in quake4:i386 from src:game-data-packager (attached
as "bad.txt") is loaded successfully by Debian 12 and older, albeit with
some warnings about uses of sanitized_helper in the xdgopen child profile
(which were probably always wrong).

Since unstable was upgraded from Linux 6.1 to 6.3, I get a null pointer
dereference when I load that profile, and the boot process hangs and
will not complete.

The null pointer dereference is easily reproduced by logging in to a
virtual machine recently generated by autopkgtest-build-qemu, as root,
and loading the offending profile with `apparmor_parser -Tr bad.txt`:

Jun 23 14:19:01 host kernel: audit: type=1400 audit(1687529941.812:11): 
apparmor="STATUS" operation="profile_replace" profile="unconfined" 
name="quake4" pid=1098 comm="apparmor_parser"
Jun 23 14:19:01 host kernel: audit: type=1400 audit(1687529941.836:12): 
apparmor="STATUS" operation="profile_load" profile="unconfined" 
name="quake4//xdgopen" pid=1098 comm="apparmor_parser"
Jun 23 14:19:01 host kernel: BUG: kernel NULL pointer dereference, address: 
0030
Jun 23 14:19:01 host kernel: #PF: supervisor read access in kernel mode
Jun 23 14:19:01 host kernel: #PF: error_code(0x) - not-present page
Jun 23 14:19:01 host kernel: PGD 0 P4D 0 
Jun 23 14:19:01 host kernel: Oops:  [#1] PREEMPT SMP PTI
Jun 23 14:19:01 host kernel: CPU: 0 PID: 1098 Comm: apparmor_parser Not tainted 
6.3.0-1-amd64 #1  Debian 6.3.7-1
Jun 23 14:19:01 host kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 
2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Jun 23 14:19:01 host kernel: RIP: 0010:aafs_create.constprop.0+0x6a/0x110
Jun 23 14:19:01 host kernel: Code: 39 9e 48 89 0c 24 89 c3 e8 23 5c f0 ff 85 c0 
74 19 48 63 e8 48 83 c4 10 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc 
cc <4d> 8b 54 24 30 4d 8d ba a0 00 00 00 4c 89 54 24 08 4c 89 ff e8 1d
Jun 23 14:19:01 host kernel: RSP: 0018:a809c0797c80 EFLAGS: 00010246
Jun 23 14:19:01 host kernel: RAX:  RBX: 41ed RCX: 

Jun 23 14:19:01 host kernel: RDX: 0001 RSI: 9e393768 RDI: 

Jun 23 14:19:01 host kernel: RBP: 9c632b8a R08:  R09: 

Jun 23 14:19:01 host kernel: R10: 8e2941d22340 R11:  R12: 

Jun 23 14:19:01 host kernel: R13:  R14:  R15: 

Jun 23 14:19:01 host kernel: FS:  7f7d64f2c740() 
GS:8e2ab7c0() knlGS:
Jun 23 14:19:01 host kernel: CS:  0010 DS:  ES:  CR0: 80050033
Jun 23 14:19:01 host kernel: CR2: 0030 CR3: 00010d3e2003 CR4: 
00370ef0
Jun 23 14:19:01 host kernel: DR0:  DR1:  DR2: 

Jun 23 14:19:01 host kernel: DR3:  DR6: fffe0ff0 DR7: 
0400
Jun 23 14:19:01 host kernel: Call Trace:
Jun 23 14:19:01 host kernel:  
Jun 23 14:19:01 host kernel:  ? __die+0x23/0x70
Jun 23 14:19:01 host kernel:  ? page_fault_oops+0x17d/0x4c0
Jun 23 14:19:01 host kernel:  ? exc_page_fault+0x74/0x170
Jun 23 14:19:01 host kernel:  ? asm_exc_page_fault+0x26/0x30
Jun 23 14:19:01 host kernel:  ? aafs_create.constprop.0+0x6a/0x110
Jun 23 14:19:01 host kernel:  __aafs_profile_mkdir+0x366/0x400
Jun 23 14:19:01 host kernel:  aa_replace_profiles+0x844/0x1270
Jun 23 14:19:01 host kernel:  policy_update+0xbf/0x150
Jun 23 14:19:01 host kernel:  profile_replace+0xa5/0x120
Jun 23 14:19:01 host kernel:  ? security_file_permission+0x33/0x60
Jun 23 14:19:01 host kernel:  vfs_write+0xc8/0x410
Jun 23 14:19:01 host kernel:  ? fpregs_assert_state_consistent+0x26/0x50
Jun 23 14:19:01 host kernel:  ? exit_to_user_mode_prepare+0x40/0x1d0
Jun 23 14:19:01 host kernel:  ksys_write+0x6f/0xf0
Jun 23 14:19:01 host kernel:  do_syscall_64+0x5c/0xc0
Jun 23 14:19:01 host kernel:  ? syscall_exit_to_user_mode+0x1b/0x40
Jun 23 14:19:01 host kernel:  ? do_syscall_64+0x6b/0xc0
Jun 23 14:19:01 host kernel:  ? exit_to_user_mode_prepare+0x40/0x1d0
Jun 23 14:19:01 host kernel:  ? syscall_exit_to_user_mode+0x1b/0x40
Jun 23 14:19:01 host kernel:  ? do_syscall_64+0x6b/0xc0
Jun 23 14:19:01 host kernel:  ? do_syscall_64+0x6b/0xc0
Jun 23 14:19:01 host kernel:  ? do_syscall_64+0x6b/0xc0
Jun 23 14:19:01 host kernel:  entry_SYSCALL_64_after_hwframe+0x72/0xdc
Jun 23 14:19:01 host kernel: RIP: 0033:0x7f7d650270e0
Jun 23 14:19:01 host kernel: Code: 40 00 48 8b 15 21 9d 0d 00 f7 d8 64 89 02 48 
c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 01 25 0e 00 00 74 17 b8 01 00 00 00 0f 
05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
Jun 23 14:19:01 host kernel: RSP: 002b:7ffd587e0358 EFLAGS: 0202 
ORIG_RAX: 0001
Jun 23 14:19:01 host kernel: RAX: ffda RBX: 5592d8b2ef10 RCX: 
7f7d650270e0

Bug#1038944: automake1.11: Keep out of testing

[Bastian Germann]

Source: automake1.11
Version: 1:1.11.6-6
Severity: serious

Please keep automake1.11 out of testing. It is very old and not needed anymore 
by packages
other than libjpeg6b which people want to keep in unstable.

Bug#1008975:

[Andreas Hasenack]

Hi,

could this fix please be applied? Or, if something is missing or
unclear, please let me know.

I can also create a PR for this, but there is no vcs tag in d/control,
so I don't know where to create it.

Thanks for considering it!

Bug#1009179: dkms: Upstream has removed mkdeb|mkdsc|mkbmdeb

[Andreas Steinel]

Hi everyone,

On Fri, 08 Apr 2022 13:04:04 +0300 Jaak Pruulmann-Vengerfeldt  
wrote:
> With the new upstream version arriving in unstable, it is not clear what
> is now the proper way to create binary-only module packages, for
> example?

Now it reached stable/bookworm ...

I just ran into it and are in desperate need for packaging (also zfs), do first
tried to manually reverse the changes referenced above, but there were too many
changes, so I started to manually craft the package on basis of a working 
bullseye
package.

This needs polishing, yet it "works for me", so maybe it is of some use for
anyone trying to package zfs modules.

---%<
#!/bin/bash

export LANG=C

DETECTED_VERSION=""

# be smart and try to detect if we have only one kernel
if [ "$( find /lib/modules/  -maxdepth 1 -mindepth 1 -type d | sed -e 's%/% %g' 
| awk '{print $NF }' | wc -l )" == "1" ]
then
DETECTED_VERSION=$( find /lib/modules/  -maxdepth 1 -mindepth 1 -type d | 
sed -e 's%/% %g' | awk '{print $NF }' )
fi

KERNEL_VERSION=${1:-$DETECTED_VERSION}

if [ "$KERNEL_VERSION" == "" ]
then
echo "ERROR: Please provide kernel version!"
exit 1
fi

if [ ! -e "/usr/lib/modules/$KERNEL_VERSION/updates/dkms/zfs.ko" ]
then
if [ -e "/usr/lib/modules/${KERNEL_VERSION}-amd64/updates/dkms/zfs.ko" ]
then
KERNEL_VERSION=${KERNEL_VERSION}-amd64
else
echo "ERROR: ZFS module for kernel $KERNEL_VERSION was not found, 
cannot continue!"
echo ""
find /usr/lib/modules/*/updates/* -type f
exit 1
fi
fi

ZFS_VERSION=$( modinfo /lib/modules/${KERNEL_VERSION}/updates/dkms/zfs.ko | 
grep ^version | awk '{ print $NF }' | cut -d- -f1 )

TMPDIR="/tmp/build.$KERNEL_VERSION"
rm -rf $TMPDIR
mkdir -p $TMPDIR/debian
cd $TMPDIR

mkdir -p src/lib/modules/$KERNEL_VERSION/updates/dkms
cp -R /usr/lib/modules/$KERNEL_VERSION/updates/dkms/*.ko 
src/lib/modules/$KERNEL_VERSION/updates/dkms

cat > debian/changelog <  $( date +"%a, %d %b %Y %H:%M:%S %z" )
EOF

cat > debian/control <
Section: misc
Priority: optional
Standards-Version: 4.5.1
Build-Depends: bash (>= 4.2), debhelper (>= 13)


Package: zfs-modules-${KERNEL_VERSION}
Architecture: amd64
Depends: linux-image-${KERNEL_VERSION}
Provides: zfs-modules
Description: zfs binary drivers for linux-image-${KERNEL_VERSION}
 This package contains zfs drivers for the ${KERNEL_VERSION} Linux kernel,
 built from zfs-dkms for the amd64 architecture.
EOF

echo 13 > debian/compat

cat > Makefile <<'EOF'
all:

install:
@cp -R src/* $(DESTDIR)

clean-all:
@rm -rf src/*
EOF

cat >debian/rules <<'EOF'
#!/usr/bin/make -f

%:
dh $@
EOF
chmod +x debian/rules

dpkg-buildpackage -d -b -us -uc 1>/dev/null

rm -rf $TMPDIR

>%---

-- 
Best regards

Andreas STEINEL 
M.Sc. Visual Computing, M.Sc. Informatik 
Durchwahl: +49 6881 5 91
eXirius IT Dienstleistungen GmbH
Juchem-Straße 24 | 66571 Eppelborn
T +49 6881 5 0 | i...@exirius.de
http://www.exirius.de

Amtsgericht Saarbrücken HRB 12124
Geschäftsführer: Michael Royar, Claus Cullmann

eXirius ist Mitglied im Netzwerk Digital Fellows
www.fellows.digital

Bug#1037242: liblapacke: dsyev() only returns upper/lower triangle of eigenvector matrix

[Sébastien Villemot]

Dear David,

Le vendredi 09 juin 2023 à 10:16 +, David Houseman a écrit :
> Package: liblapacke
> Version: 3.9.0-3
> Severity: important
> X-Debbugs-Cc: da...@grey-house.net
> 
> Given a symmetric matrix, LAPACKE dsyev() should return in place the matrix 
> of eigenvectors
> (when JOBZ = 'V'). The eigenvector matrix is not symmetric (it is 
> orthogonal). However,
> it appears that dsyev() only returns the upper/lower triangle of the 
> eigenvector matrix,
> which is not enough to easily construct the full eigenvector matrix.

[…]

> This is a fairly critical problem that would silently lead
> to quite wrong answers for certain mathematical techniques
> possibly including symmetric matrix inversion and/or
> multilinear regression. I think it would be better to have
> it fixed but I have no idea how difficult it would be to
> patch debian stable. I will try the new debian testing and
> see whether it is also affected.

Thanks for your report.

I confirm that the bug is present in Debian “Bullseye” 11, and that it
is fixed in the recently Debian “Bookworm” 12.

I am going to fix it in bullseye (see #1038943 for the details).

Cheers,

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄  https://www.debian.org



signature.asc
Description: This is a digitally signed message part