Bug#1067582: gnuplot: please provide a profile to break B-D cycle

2024-03-30 Thread Thorsten Glaser
Hi Dima,

>- Today leptonlib Build-Depends on gnuplot-nox only if !nocheck. So if
>  you build leptonlib with testing disabled, there's no dependency on
>  gnuplot

oh, that is maybe new? But I see other packages depending on
gnuplot-nox, so this would still be very helpful.

>- Today the gnuplot source package has a hard Build-Depends on wxt and
>  qt. Removing either of those (even in a specific profile) would make
>  it impossible to build gnuplot-qt and gnuplot-x11 packages with the
>  same set of functionality they normally have.

Yes, I just hacked the package to just not build these two packages,
basically by commenting lines from d/rules and removing the paragraphs
from d/control (although the -N flag for dh would also do) and I got
the expected gnuplot-nox and no -qt/-x11. (m68k only, the other arches
will need this as well, so… still needed.)

>  If a profile was added
>  to loosen either of these dependencies, but that dramatically changed
>  the end product, would that be useful?

Build profiles are allowed to remove packages from the result, as long
as the other packages are not drastically changed.

Since gnuplot builds x11, qt and nox separately anyway (and arch:all is
also built separately), that would work.

It may be best to look at another package where a build profile is used
to elide a binary package to have an example of how this can go. If you
want, I can search one for you, I’ve worked with several of them during
the last few weeks.

Thanks,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)



Bug#1068024: Potential solution to your downgrade problem in dpkg

2024-03-30 Thread Thorsten Glaser
Joshua Hudson dixit:

>2) Statically link all the decompressor libraries into dpkg. Yes this means

Totally no.

Also, at this point in time, I’m pretty sure that new external
suggestions are… not very helpful. The situation is being analysed
by a cross-team taskforce, please let them do the already-stressing
job ☻

bye,
//mirabilos
-- 
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against
 ╳  HTML eMail! Also,
╱ ╲ header encryption!



Bug#970021: Seeking a small group to package Apache Arrow (was: Bug#970021: RFP: apache-arrow -- cross-language development platform for in-memory analytics)

2024-03-30 Thread Diane Trout
Hi Julian,

On Sat, 2024-03-30 at 20:22 +, Julian Gilbey wrote:
> Lovely to hear from you, and oh wow, that's amazing, thank you!
> 
> I can't speak for anyone else, but I suggest that pushing your
> updates
> to the science-team package would be very sensible; it would be silly
> for someone else to have to redo your work.
> 
> What more is needed for it to be ready for unstable?


The things I think are kind of broken are:

We've got 7.0.0 and upstreams current version is 15.0.2.

the pyarrow 7.0.0 tests fail because it depends on a python test
library that breaks with pytest 8.0. Either I need to disable the
python tests or upgrade to a newer version.

My upgrade didn't go smoothly because uscan found also upstreams debian
watch file which is too loose and matches some other tar balls on their
distribution site.

(Though I don't know why uscan keeps looking for watch files after
finding one in debian/watch)

And you were probably right in that arrow needs to be a team, because I
have no idea how to get other the other languages interfaces packaged.

Oh and I probably need to get the pyarrow installed somewhere, since it
was stopping at the tests I hadn't run into dh_missing errors yet.

Diane



Bug#1068117: dieharder: dab_monobit2 crashes with ntuple > 17

2024-03-30 Thread Lucas Thode
Package: dieharder
Version: 3.31.1.4-1.1
Severity: normal
X-Debbugs-Cc: thode...@gmail.com

Dear Maintainer,

`dieharder -d 209 -n $nvalue` crashes for $nvalue>17:

$ dieharder -d 209
#=#
#dieharder version 3.31.1 Copyright 2003 Robert G. Brown  #
#=#
   rng_name|rands/second|   Seed   |
mt19937|  1.55e+08  |2819069712|
#=#
test_name   |ntup| tsamples |psamples|  p-value |Assessment
#=#
dab_monobit2|  12|  6500|   1|0.40510331|  PASSED
$ dieharder -d 209 -n 12
#=#
#dieharder version 3.31.1 Copyright 2003 Robert G. Brown  #
#=#
   rng_name|rands/second|   Seed   |
mt19937|  2.54e+08  | 152376536|
#=#
test_name   |ntup| tsamples |psamples|  p-value |Assessment
#=#
dab_monobit2|  12|  6500|   1|0.10580971|  PASSED
$ dieharder -d 209 -n 17
#=#
#dieharder version 3.31.1 Copyright 2003 Robert G. Brown  #
#=#
   rng_name|rands/second|   Seed   |
mt19937|  2.29e+08  |2998370165|
#=#
test_name   |ntup| tsamples |psamples|  p-value |Assessment
#=#
dab_monobit2|  17|  6500|   1|1.|  FAILED
$ dieharder -d 209 -n 18
*** stack smashing detected ***: terminated
Aborted
$ dieharder -d 209 -n 27
*** stack smashing detected ***: terminated
Aborted
$ dieharder -d 209 -n 28
Segmentation fault

P.S. There are more issues with this test not liking non-standard n values, as
can be seen from it failing miserably on mt19937 with -n 17, but the crash is
the most glaring problem.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dieharder depends on:
ii  libc6 2.37-15
ii  libdieharder3t64  3.31.1.4-1.1
ii  libgsl27  2.7.1+dfsg-6+b1

dieharder recommends no packages.

dieharder suggests no packages.

-- no debconf information



Bug#1067952: mes: FTBFS on armhf

2024-03-30 Thread Vagrant Cascadian
Control: forwarded 1067952 
https://lists.gnu.org/archive/html/bug-mes/2024-01/msg8.html

On 2024-03-29, Kentaro HAYASHI wrote:
> mes 0.26-1 fails to build on armhf.
>
> FYI:
>
> https://buildd.debian.org/status/fetch.php?pkg=mes&arch=armhf&ver=0.26-1&stamp=1704511792&raw=0

Yeah, forwarded this upstream in January, but have not yet found a fix.

live well,
  vagrant


signature.asc
Description: PGP signature


Bug#1068024: Potential solution to your downgrade problem in dpkg

2024-03-30 Thread Joshua Hudson
The dpkg -> xz-utils downgrade problem has a suggestion that suggests
itself.

1) Downgrade dpkg's dependency to the last known good. It doesn't matter
how old so long as it can read the file formats. I understand this is
likely to be 5.4.1.

2) Statically link all the decompressor libraries into dpkg. Yes this means
gzip, bzip2, zstd, and xz's libraries. Today's compile and link time
optimizers are pretty good; it should be able to drop all references to the
compression side pretty much by itself. This would generally be a pretty
good change of its own as it makes the minimal system easier to understand
and the net-install CD smaller.

Then you're free to do what you need to do for all the other dependencies
of xz-utils.


Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Thorsten Glaser
Christoph Anton Mitterer dixit:

>Is anyone on the Debian side trying to figure out how far we've been
>practically affected?

Yes, a multi-team task force is working on it and will inform users
once it is known how to proceed, inclusing how much to throw away
and rebuild.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Thorsten Glaser
Pierre Ynard dixit:

>version into the Debian archive, as seen in #1067708. To quote Thorsten
>from that thread:
>
>> Very much *not* a fan of NMUs doing large changes such as
>> new upstream versions.
>
>I can't say why exactly he would not be a fan, but with hindsight that
>was an interesting call.

It turned out to indeed be related, although I cannot blame Sebastian
for not spotting it, as well as it was hidden. I actually wrote about
that earlier on Fedi: (Markdown formatting lost here though)

| I was considering replying to this comment on the “please update xz
| package” bugreport earlier with that the discussion is not irrelevant
| and that it’s the maintainer’s responsibility on new upgrades to check
| for new legal issues and “other hidden gems”.
|
| I didn’t because I didn’t want to bother going in with an annoyed
| self-righteous “user”.
|
| Now it turns out all three of the involved ones were “string + number
| @ freemailer” #JiaT75 sockpuppets, so it’s probably okay I didn’t
| bother.
|
| Not that I blame Sebastian — it was very well hidden, and even my
| usual diffing between old and new version would not have found it.
|
| I do take away from this to also check the diff between VCS repo at
| the time of the release and release tarball. Perhaps also between
| branch and tag if they, like Apache Tomcat, introduce extra commits
| there.

>Is xz-utils going to be maintained? Will we want to keep in the archive
>an unmaintained low-level library - low-level as in, susceptible of
>getting pulled as a dependency in lots of places - and rely on it for
>components such as dpkg?

That scenario you describing here would actually be much less of a
problem. The problem comes when the library in that state then does
get updates that probably are not even necessary but shiny enough
people demand them.

bye,
//mirabilos (also a Debian Developer, despite the From)
-- 
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival



Bug#940151: unattended-upgrades: i configure my unattended-upgrade conf with following Origins:

2024-03-30 Thread Wesley Schwengle


Hi,

> Unattended-Upgrade::Allowed-Origins {
> "o=Debian, a=stable";
> "o=Debian Backports, a=buster-backports"; };

The problem with the example is that it uses a=CODENAME-backports and not
a=stable-backports. The a= should be n= or codename= when using the CODENAME.

I've created PR https://github.com/mvo5/unattended-upgrades/pull/359 for this.

Cheers,
Wesley



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Thorsten Glaser
Christoph Anton Mitterer dixit:

>Can we be confidently sure that going back to 5.4.5 is enough?

No.

>The last one, still from Lasse Collin seems to be 5.4.1:

In this bugreport, we’re discussing going back to before any
contributions by the adversary. To see whether it’s an option
at all (and it sounds like a sensible step right now) which
joeyh confirmed (thanks).

bye,
//mirabilos
-- 
22:20⎜ The crazy that persists in his craziness becomes a master
22:21⎜ And the distance between the craziness and geniality is
only measured by the success 18:35⎜ "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Christoph Anton Mitterer
One more thing:


Is anyone on the Debian side trying to figure out how far we've been
practically affected?

I mean let's assume we're "lucky", and the backdoor is only in
5.6.0/5.6.1... and that none of the adversary's earlier commits
introduced any serious holes[0] which wouldn't be known yet.

Then many servers running Debian (which is then typically Debian
stable), would be sill safe.

However, many people (and I'd guess that includes DDs/DMs) run their
workstations/laptops with testing/unstable.
So IMO it's not enough to know that Debian stable is likely not
affected - I'd be rather relieved if I'd knew that there's a good
chance that the personal computers of most DDs/DMs (who push uploads,
etc. pp.) were (at least practically) safe.

Some guy decrypted[1] the strings from the maleware's binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115
where only /usr/sbin/sshd would be named.

Should(!) it turn out, that the actual binary payload actually only
affects sshd and especially does not on it's own pull in evil code, it
might at least be that all people who hadn't sshd running (or not
directly accessible because a router/firewall/etc. was in front of it),
would effectively still be safe.
No idea whether or not this is really the case - but if so, it might at
least mean that many workstations/laptops are safe, because they're not
usually directly accessible from the internet.


But even then, it would probably need to be checked whether all the
versions that Debian ever used/shipped in
testing/unstable(/experimental) were actually fully identical to the
versions that are now analysed by forensic folks.

Is the security team doing anything like that?


Cheers,
Chris.


PS: if someone from the security team reads along,
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
which is from Sam James of Gentoo, seems to collect good information on
what is known so far.
Might be worth to add to the links in the security tracker.


[0] There are reports about an added '.' in the CMakeLists.txt
disabling some sandboxing, but AFAICS at least the current version uses
autotools for building?!

[1] He also provided the code he used to do so.
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006546#gistcomment-5006546



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Alberto Garcia
On Sun, Mar 31, 2024 at 01:16:07AM +0100, Christoph Anton Mitterer wrote:
> The last one, still from Lasse Collin seems to be 5.4.1:
> https://git.tukaani.org/?p=xz.git;a=tag;h=f52502e78bf84f516a739e8d8a1357f27eeea75f

There are commits from Jia before that, and some that are authored by
Lasse but thank Jia for the contribution (the oldest one is 20e7a33e).

The most recent release that does not contain any of that seems to be
v5.3.2alpha.

Berto



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Christoph Anton Mitterer
Hey.

Can we be confidently sure that going back to 5.4.5 is enough?

At least the git tag for that seems to be still signed by the
adversary:
https://git.tukaani.org/?p=xz.git;a=tag;h=9e4835399118b98954f110f76af2a0d504d2f531

The last one, still from Lasse Collin seems to be 5.4.1:
https://git.tukaani.org/?p=xz.git;a=tag;h=f52502e78bf84f516a739e8d8a1357f27eeea75f


Cheers,
Chris.



Bug#1067376: [nore...@release.debian.org: gforth is marked for autoremoval from testing]

2024-03-30 Thread Bernd Paysan
I had a look at building gforth 0.7.3 from within Debian sid and dpkg-
buildpackage.

What's happening here is that lt_dlopen() can't find the just generated files; 
the generated libraries are in the build directory (a subdirectory of it) and 
fine, they are just in a place where the loader doesn't look at.  The 
development snapshots (which will become Gforth 1.0 soon) have a solution for 
that that isn't too easy to backport, and doesn't work for cross-compiling 
(the cross compiled libraries won't load into the host's Gforth), in which 
case these errors are just ignored.

Therefore I recommend to ignore the error, see attached

libcc-err-ignore.patch

(to be applied last).

Furthermore, I have some issues building Gforth 0.7.3 when the current 
development Gforth is already installed.  That patch (gforth-ditc-for-
kernel.patch) could become useful in future.

When you already are at it: What I would strongly recommend to revert the 
removal of the documentation: It's GFDL with no invariant sections, so 
it is compatible with the Debian rules since 2006 (which was even before we 
released Gforth 0.7). Gforth without documentation isn't very useful, we 
recommend Gforth users not to use Debian's package for any other purpose than 
to compile the source code (from git; the tarball doesn't need it). But for 
that purpose it should stay there.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
net2o id: kQusJzA;7*?t=uy@X}1GWr!+0qqp_Cn176t4(dQ*
https://net2o.de/
Description: Ignore failure on open-lib with libcc build stuff
Author: Bernd Paysan 
Bug-Debian: https://bugs.debian.org/1067376
Last-Update: 2024-03-30

--- gforth-0.7.3+dfsg.orig/Makefile.in
+++ gforth-0.7.3+dfsg/Makefile.in
@@ -652,7 +652,7 @@ uninstall:	FORCE
 
 build-libcc-named: $(LIBCC_BUILD_SRC) $(FORTH_GEN) $(GEN) FORCE
 		$(RMTREE) lib/gforth/$(VERSION)/libcc-named/
-		for i in $(LIBCC_BUILD_SRC); do ./gforth -e "s\" `pwd`/lib/gforth/$(VERSION)/libcc-named/\" libcc-named-dir-v 2! libcc-path clear-path libcc-named-dir libcc-path also-path :noname 2drop s\" $(libccdir)\" ; is replace-rpath" $(srcdir)/$$i -e bye; done
+		-for i in $(LIBCC_BUILD_SRC); do ./gforth -e "s\" `pwd`/lib/gforth/$(VERSION)/libcc-named/\" libcc-named-dir-v 2! libcc-path clear-path libcc-named-dir libcc-path also-path :noname 2drop s\" $(libccdir)\" ; is replace-rpath" $(srcdir)/$$i -e bye; done
 
 check:		gforths	gforth.fi 
 		$(MAKE) checkone check-nofast ENGINE="./gforth --no-dynamic" >/dev/null 2>&1
Description: Build gforth-ditc first before building the kernel, use gforth-ditc for that
Author: Bernd Paysan 
Bug-Debian: https://bugs.debian.org/1067376
Last-Update: 2024-03-30

--- gforth-0.7.3+dfsg.orig/Makefile.in
+++ gforth-0.7.3+dfsg/Makefile.in
@@ -449,7 +449,7 @@ FORTH_GEN =  $(FORTH_GEN0) @KERNEL@ gfor
 FORTH_GEN1 = $(FORTH_GEN0) @kernel_fi@ build-ec
 
 #kernel dependencies
-KERN_DEPS = $(KERN_SRC) kernel/version.fs machpc.fs $(FORTH_GEN0) compat/strcomp.fs
+KERN_DEPS = $(KERN_SRC) kernel/version.fs machpc.fs $(FORTH_GEN0) gforth-ditc$(EC)$(EXE) compat/strcomp.fs
 
 #distributed documentation
 DOCDIST = doc/gforth.info doc/gforth.info-* doc/gforth.ps \
--- gforth-0.7.3+dfsg.orig/preforth.in
+++ gforth-0.7.3+dfsg/preforth.in
@@ -17,7 +17,7 @@
 #You should have received a copy of the GNU General Public License
 #along with this program. If not, see http://www.gnu.org/licenses/.
 
-test -z "$ENGINE" && ENGINE=./gforth
+test -z "$ENGINE" && ENGINE=./gforth-ditc
 test -f "@srcdir@/@kernel_fi@" && KERNEL="@srcdir@/@kernel_fi@"
 test -f "@kernel_fi@" && KERNEL="@kernel_fi@"
 if test -f $ENGINE -a -f $KERNEL; then 


signature.asc
Description: This is a digitally signed message part.


Bug#1065157: cups-core-drivers: Filters ignore cupsManualCopies

2024-03-30 Thread Till Kamppeter

On 30/03/2024 23:19, Paul Szabo wrote:

Most issues now reported upstream:
https://github.com/OpenPrinting/cups/issues/917
https://github.com/OpenPrinting/cups/issues/918
https://github.com/OpenPrinting/cups/issues/919

The issue with pdftopdf not reported upstream, because I could not find
the corresponding "current" source.

Cheers, Paul


The current source of pdftopdf is libcupsfilters:

https://github.com/OpenPrinting/libcupsfilters/issues

   Till



Bug#1068116: python-pylibdmtx: depends on pre-t64 packages

2024-03-30 Thread Sebastian Ramacher
Source: python-pylibdmtx
Version: 0.1.10-1
Severity: serious
X-Debbugs-Cc: sramac...@debian.org

python3-pylibdtmtx depends on a package that was renamed for the time_t
64 transition. The dependency needs to be updated to the new package
name.

Cheers
-- 
Sebastian Ramacher



Bug#1068115: tardy: FTBFS on arm{el,hf}: ./tardy/main.cc:282:(.text.startup+0x578): undefined reference to `tardy_mtime(long)'

2024-03-30 Thread Sebastian Ramacher
Source: tardy
Version: 1.25-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org

https://buildd.debian.org/status/fetch.php?pkg=tardy&arch=armel&ver=1.25-2%2Bb2&stamp=1711746975&raw=0

g++ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 -Wdate-time 
-D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -I. -c libtardy/version.cc
mv version.o libtardy/version.o
rm -f libtardy/libtardy.a
ar qc libtardy/libtardy.a libtardy/ac/stdio.o libtardy/ac/string.o 
libtardy/ac/zlib.o libtardy/arglex.o libtardy/cannonical.o libtardy/endian.o 
libtardy/file/input.o libtardy/file/input/factory.o 
libtardy/file/input/gunzip.o libtardy/file/input/normal.o 
libtardy/file/input/position.o libtardy/file/input/stdin.o 
libtardy/file/output.o libtardy/file/output/buffer.o 
libtardy/file/output/factory.o libtardy/file/output/gzip.o 
libtardy/file/output/hexdump.o libtardy/file/output/normal.o 
libtardy/file/output/stdout.o libtardy/filenamelist.o 
libtardy/filenamelist/file.o libtardy/filenamelist/filter.o 
libtardy/filenamelist/filter/progress.o libtardy/format_family.o 
libtardy/fstrcmp.o libtardy/gmatch.o libtardy/mprintf.o libtardy/rcstring.o 
libtardy/rcstring/accumulator.o libtardy/rcstring/accumulator/pop_front.o 
libtardy/rcstring/accumulator/printf.o libtardy/rcstring/basename.o 
libtardy/rcstring/clear.o libtardy/rcstring/dirname.o 
libtardy/rcstring/downcase.o libtardy/rcstring/ends_with.o 
libtardy/rcstring/eq.o libtardy/rcstring/hexdump.o 
libtardy/rcstring/list/appelistuniq.o libtardy/rcstring/list/append.o 
libtardy/rcstring/list/append_list.o libtardy/rcstring/list/append_uniqu.o 
libtardy/rcstring/list/assign_op.o libtardy/rcstring/list/clear.o 
libtardy/rcstring/list/constructor.o libtardy/rcstring/list/copy.o 
libtardy/rcstring/list/destructor.o libtardy/rcstring/list/equal.o 
libtardy/rcstring/list/intersection.o libtardy/rcstring/list/member.o 
libtardy/rcstring/list/member_nocas.o libtardy/rcstring/list/pop_back.o 
libtardy/rcstring/list/pop_front.o libtardy/rcstring/list/prepend.o 
libtardy/rcstring/list/prepend_list.o libtardy/rcstring/list/quote.o 
libtardy/rcstring/list/remove.o libtardy/rcstring/list/remove_list.o 
libtardy/rcstring/list/sort.o libtardy/rcstring/list/sort_long_short.o 
libtardy/rcstring/list/sort_nocase.o libtardy/rcstring/list/sort_vers.o 
libtardy/rcstring/list/str2wl.o libtardy/rcstring/list/subset.o 
libtardy/rcstring/list/validate.o libtardy/rcstring/list/wl2str.o 
libtardy/rcstring/list/xor.o libtardy/rcstring/printf.o 
libtardy/rcstring/quote_c.o libtardy/rcstring/substitute.o 
libtardy/rcstring/substring.o libtardy/rcstring/upcase.o 
libtardy/read_whole_directory.o libtardy/roff.o libtardy/symtab.o 
libtardy/tar/format.o libtardy/tar/header.o libtardy/tar/input.o 
libtardy/tar/input/ar.o libtardy/tar/input/ar/bsd.o 
libtardy/tar/input/ar/factory.o libtardy/tar/input/ar/pdp11.o 
libtardy/tar/input/ar/v7.o libtardy/tar/input/cpio.o 
libtardy/tar/input/cpio/binary.o libtardy/tar/input/cpio/crc.o 
libtardy/tar/input/cpio/factory.o libtardy/tar/input/cpio/new_ascii.o 
libtardy/tar/input/cpio/old_ascii.o libtardy/tar/input/directory.o 
libtardy/tar/input/factory.o libtardy/tar/input/filename.o 
libtardy/tar/input/filenamelist.o libtardy/tar/input/filter.o 
libtardy/tar/input/filter/ar_long_names.o 
libtardy/tar/input/filter/ar_long_names2.o libtardy/tar/input/filter/clean.o 
libtardy/tar/input/filter/exclude.o libtardy/tar/input/filter/group_name.o 
libtardy/tar/input/filter/group_numbr.o libtardy/tar/input/filter/gunzip.o 
libtardy/tar/input/filter/mode_clear.o libtardy/tar/input/filter/mode_set.o 
libtardy/tar/input/filter/mtime.o libtardy/tar/input/filter/prefix.o 
libtardy/tar/input/filter/relative_paths.o 
libtardy/tar/input/filter/remov_prefi.o 
libtardy/tar/input/filter/remove_prefix_count.o 
libtardy/tar/input/filter/suppr_direc.o libtardy/tar/input/filter/user_name.o 
libtardy/tar/input/filter/user_number.o libtardy/tar/input/tar.o 
libtardy/tar/input/tar/bsd.o libtardy/tar/input/tar/posix.o 
libtardy/tar/input/tar/ustar.o libtardy/tar/input/tar_output_factory.o 
libtardy/tar/output.o libtardy/tar/output/ar.o libtardy/tar/output/ar/bsd.o 
libtardy/tar/output/ar/pdp11.o libtardy/tar/output/ar/port5.o 
libtardy/tar/output/ar/v7.o libtardy/tar/output/cpio.o 
libtardy/tar/output/cpio/binary.o libtardy/tar/output/cpio/crc.o 
libtardy/tar/output/cpio/newascii.o libtardy/tar/output/cpio/oldascii.o 
libtardy/tar/output/extract.o libtardy/tar/output/filter.o 
libtardy/tar/output/filter/ar_long_names.o 
libtardy/tar/output/filter/ar_long_names2.o 
libtardy/tar/output/filter/basename.o libtardy/tar/output/filter/gzip.o 
libtardy/tar/output/filter/list.o libtardy/tar/output/tar.o 
libtardy/tar/output/tar/bsd.o libtardy/tar/output/tar/posix.o 
libtardy/tar/output/tar/ustar.o libtardy/tar/output/tar/v7.o l

Bug#1068114: libfluidsynth-dev: package depends on libsystemd-dev

2024-03-30 Thread Gravis
Package: libfluidsynth-dev
Version: 2.3.4-1+b3
Severity: important
X-Debbugs-Cc: noreply+debian.reportbug.photofilmst...@adaptivetime.com

Dear Maintainer,

I have libfluidsynth3 installed and it correctly does not depend on libsystemd.
However,
when trying to install libfluidsynth-dev insists it must install libsystemd-
dev. This
hard dependency should be removed as it is clearly unnecessary and is
preventing me from
being able to install libfluidsynth-dev.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages libfluidsynth-dev depends on:
ii  libasound2-dev   1.2.11-1+b1
ii  libdbus-1-dev1.14.10-4+b1
pn  libfluidsynth2   
ii  libfluidsynth3   2.3.4-1+b3
pn  libinstpatch-dev 
ii  libjack-dev  1:0.126.0-2+b2
ii  libpipewire-0.3-dev  1.0.4-3
ii  libpulse-dev 16.1+dfsg1-3+b1
ii  libreadline-dev  8.2-4
ii  libsdl2-dev  2.30.1+dfsg-4
pn  libsndfile-dev   
pn  libsystemd-dev   

libfluidsynth-dev recommends no packages.

libfluidsynth-dev suggests no packages.



Bug#1068100: armci-mpi: autopkgtest spuriously fails

2024-03-30 Thread Samuel Thibault
Samuel Thibault, le sam. 30 mars 2024 16:55:11 +0100, a ecrit:
> I have forwarded a fix to upstream
> https://github.com/pmodels/armci-mpi/pull/47
> which is already merged.
> 
> Unless somebody objects, I'll NMU it.

I have uploaded the attached changes to delayed/2.

Samuel
diff -Nru armci-mpi-0.3.1~beta/debian/changelog 
armci-mpi-0.3.1~beta/debian/changelog
--- armci-mpi-0.3.1~beta/debian/changelog   2023-03-19 14:08:54.0 
+0100
+++ armci-mpi-0.3.1~beta/debian/changelog   2024-03-30 23:17:18.0 
+0100
@@ -1,3 +1,12 @@
+armci-mpi (0.3.1~beta-7.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * patches/fix-test.patch: Fix test_mpi_indexed_gets.c test and strengthen
+the others. Closes: #1066227.
+  * patches/ftbfs.patch: Fix build with qa=+bug-implicit-func.
+
+ -- Samuel Thibault   Sat, 30 Mar 2024 23:17:18 +0100
+
 armci-mpi (0.3.1~beta-7) unstable; urgency=medium
 
   * Team upload.
diff -Nru armci-mpi-0.3.1~beta/debian/patches/fix-test.patch 
armci-mpi-0.3.1~beta/debian/patches/fix-test.patch
--- armci-mpi-0.3.1~beta/debian/patches/fix-test.patch  1970-01-01 
01:00:00.0 +0100
+++ armci-mpi-0.3.1~beta/debian/patches/fix-test.patch  2024-03-30 
23:17:18.0 +0100
@@ -0,0 +1,193 @@
+https://github.com/pmodels/armci-mpi/pull/47
+
+commit 80cc91748392aec9eced295eb531548a565dac0e
+Author: Samuel Thibault 
+Date:   Sat Mar 30 16:35:11 2024 +0100
+
+tests/mpi/test_mpi_indexed_gets.c: Fix reception buffer initialization
+
+loc_buf was completely uninitialized, while the second and third loop nests
+are checking that the values are 1.0 + rank. With luck it would be zero, 
and
+thus the actual - expected > 1e-10 check would pass (since the difference 
is
+then negative). With less luck the check would spuriously fail for the part
+that is not overwritten by the MPI_Get.
+
+Signed-off-by: Samuel Thibault 
+
+commit 9c0f6b08ba706a7c2f3e74d325cfd2a010300108
+Author: Samuel Thibault 
+Date:   Sat Mar 30 16:38:58 2024 +0100
+
+tests/mpi: Fix comparison of floating-double types
+
+In case the actual value is zero and the expected value is positive, the
+check would spuriously succeed.
+
+Signed-off-by: Samuel Thibault 
+
+commit cd001a46801fed9f406ea57238a131b0a0e063fe
+Author: Samuel Thibault 
+Date:   Sat Mar 30 16:41:58 2024 +0100
+
+tests/mpi/test_mpi_indexed_gets.c: Strengthen test
+
+Now that it is fixed, we can make it actually perform strided accesses.
+
+Signed-off-by: Samuel Thibault 
+
+---
+ tests/mpi/test_mpi_accs.c  |2 +-
+ tests/mpi/test_mpi_indexed_accs.c  |6 +++---
+ tests/mpi/test_mpi_indexed_gets.c  |   12 +++-
+ tests/mpi/test_mpi_indexed_puts_gets.c |6 +++---
+ tests/mpi/test_mpi_subarray_accs.c |6 +++---
+ 5 files changed, 17 insertions(+), 15 deletions(-)
+
+--- a/tests/mpi/test_mpi_indexed_gets.c
 b/tests/mpi/test_mpi_indexed_gets.c
+@@ -19,7 +19,7 @@
+ 
+ #define XDIM 8
+ #define YDIM 1024
+-#define SUB_XDIM 8
++#define SUB_XDIM 4
+ #define SUB_YDIM 256
+ 
+ int main(int argc, char **argv) {
+@@ -44,8 +44,10 @@ int main(int argc, char **argv) {
+ if (rank == 0)
+ printf("MPI RMA Strided Get Test:\n");
+ 
+-for (i = 0; i < XDIM*YDIM; i++)
++for (i = 0; i < XDIM*YDIM; i++) {
+ *(win_buf + i) = 1.0 + rank;
++*(loc_buf + i) = 1.0 + rank;
++}
+ 
+ MPI_Win_create(win_buf, bufsize, 1, MPI_INFO_NULL, MPI_COMM_WORLD, 
&buf_win);
+ 
+@@ -88,7 +90,7 @@ int main(int argc, char **argv) {
+   for (j = 0; j < SUB_YDIM; j++) {
+ const double actual   = *(loc_buf + i + j*XDIM);
+ const double expected = (1.0 + peer);
+-if (actual - expected > 1e-10) {
++if (fabs(actual - expected) > 1e-10) {
+   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
+   rank, j, i, expected, actual);
+   errors++;
+@@ -100,7 +102,7 @@ int main(int argc, char **argv) {
+   for (j = 0; j < SUB_YDIM; j++) {
+ const double actual   = *(loc_buf + i + j*XDIM);
+ const double expected = 1.0 + rank;
+-if (actual - expected > 1e-10) {
++if (fabs(actual - expected) > 1e-10) {
+   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
+   rank, j, i, expected, actual);
+   errors++;
+@@ -112,7 +114,7 @@ int main(int argc, char **argv) {
+   for (j = SUB_YDIM; j < YDIM; j++) {
+ const double actual   = *(loc_buf + i + j*XDIM);
+ const double expected = 1.0 + rank;
+-if (actual - expected > 1e-10) {
++if (fabs(actual - expected) > 1e-10) {
+   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
+   rank, j, i, expected, actual);
+   errors++;
+--- a/tests/mpi/test_mpi_accs.c
 b/tests/mpi/test_mpi_accs.c
+@@ -55,7 +55,7 @@ int main(int argc, char **argv) {
+  

Bug#1066060: libpam-modules: pam_lastlog.so missing

2024-03-30 Thread Colin Watson
On Mon, Mar 11, 2024 at 10:12:29PM +0100, Mourad De Clerck wrote:
> I noticed the following line in my logs:
> 
> login[2449]: PAM unable to dlopen(pam_lastlog.so): 
> /usr/lib/security/pam_lastlog.so: cannot open shared object file: No such 
> file or directory
> 
> I looked in the deb files from snapshot.debian.org, and noticed the last 
> version
> that had it was 1.5.2-9.1 - starting from 1.5.3-1 it disappeared.
> 
> Maybe it's fallout from the time_t transition and you're already aware of it, 
> in
> which case feel free to close.

I don't know what the Debian pam maintainers intend to do about it, but
this is surely the result of:

  
https://github.com/linux-pam/linux-pam/commit/357a4ddbe9b4b10ebd805d2af3e32f3ead5b8816

A note in NEWS.Debian might be worthwhile.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]



Bug#1065157: cups-core-drivers: Filters ignore cupsManualCopies

2024-03-30 Thread Paul Szabo
Most issues now reported upstream:
https://github.com/OpenPrinting/cups/issues/917
https://github.com/OpenPrinting/cups/issues/918
https://github.com/OpenPrinting/cups/issues/919

The issue with pdftopdf not reported upstream, because I could not find
the corresponding "current" source.

Cheers, Paul
-- 
Paul Szabo   p...@maths.usyd.edu.au   www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics   University of SydneyAustralia

Join the Union and fight for a better University: www.nteu.au/join



Bug#1067122: cups-daemon: cupsd ignores job-originating-host-name

2024-03-30 Thread Paul Szabo
Issue now reported upstream:
https://github.com/OpenPrinting/cups/issues/916

Cheers, Paul
-- 
Paul Szabo   p...@maths.usyd.edu.au   www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics   University of SydneyAustralia

Join the Union and fight for a better University: www.nteu.au/join



Bug#1068043: BinNMU 1.11-1+b1 depends on both, libmspack0 and libmspack0t64, and is hence uninstallable (at least on armhf)

2024-03-30 Thread Eric Sharkey
On Fri, Mar 29, 2024 at 6:30 PM Axel Beckert  wrote:

> This is likely caused by hardcoding a dependency on libmspack0 in
> debian/control:
>
> https://sources.debian.org/src/cabextract/1.11-1/debian/control/#L10
>

The hardcoded dependency was added for Debian bug #914263 to work around an
issue in libmspack0.  It's probably been long enough that it's no longer
needed and can be removed.

Eric Sharkey


Bug#1067582: gnuplot: please provide a profile to break B-D cycle

2024-03-30 Thread Dima Kogan
Hi.

I might be misunderstanding what you're asking specifically, but two
notes:

- Today leptonlib Build-Depends on gnuplot-nox only if !nocheck. So if
  you build leptonlib with testing disabled, there's no dependency on
  gnuplot

- Today the gnuplot source package has a hard Build-Depends on wxt and
  qt. Removing either of those (even in a specific profile) would make
  it impossible to build gnuplot-qt and gnuplot-x11 packages with the
  same set of functionality they normally have. If a profile was added
  to loosen either of these dependencies, but that dramatically changed
  the end product, would that be useful?

Thanks



Bug#1068113: ITP: libsmb2 -- SMB2/3 client library

2024-03-30 Thread Joe Mondloch
ITP: libsmb2 -- SMB2/3 client library
Package: wnpp
Severity: wishlist
Owner: Joe Mondloch 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libsmb2
  Version : 4.0.0
  Upstream Authors: Ronnie Sahlberg 
  URL : https://github.com/sahlberg/libsmb2
* License : LGPL-2.1+
  Description : SMB2/3 client library
 Libsmb2 is a userspace client library for accessing SMB2/SMB3 shares on a
 network. It is high performance and fully async. It supports both zero-copy
 for SMB READ/WRITE commands as well as compounded commands.



Bug#1067096: ITP: galvani -- reads data from a device with graphical plots and evaluation

2024-03-30 Thread Dima Kogan
"Dr. Burkard Lutz"  writes:

> The actual version ("0.34") is the first which contains all desired
> functions, and after extensive testing I hope that there are only
> minor bugs left.

Thanks for explaining.


> Therfore I decided to make an attempt for publishing it on debian.
> Should I rename it to "0.10"?

No. 0.34 is fine. I just wanted to understand the state of things


> Now you can see the project under the following address:
> https://gitlab.com/b.lutz1/galvani I changed the group name to
> "galvani" but the path to the project remained the same.

OK. Excellent. A distro-agnostic location to host the upstream version
control is desirable. You do your development there, and when you're
ready to release, you should make a tag. Currently there aren't any:

  https://gitlab.com/b.lutz1/galvani/-/tags

To indicate which commit, exactly is being released, you should make a
tag called 'v0.34' or '0.34' or something like that.

Once you make a tab, gitlab will create a tarball with your sources at
that tag. This is your "release tarball".

The debianization repo should live on salsa. Generally you have 3
branches:

- "pristine-tar" contains the release tarballs

- "upstream" contains the unpacked upstream sources. Each upstream
  release is one commit

- "master" branches off "upstream"; contains the debianization

This isn't the "best" way to do it, but it's how most packages are set
up. Look around on salsa; you'll see this layout everywhere. The "gbp"
tool is useful to manipulate the debianized repo. In particularly, you
can import new release tarballs with

  gbp import-orig --pristine-tar whatever.tar.gz

The upstream release tarball location is encoded in the debian/watch
file. The "uscan" tool is used to interpret this file, and to see if new
release tarballs are available, and to download them. In order for this
to work, debian/watch has to be written properly. This is described here:

  https://wiki.debian.org/debian/watch

It looks like gitlab keeps changing their file layout, so you'll need to
play with it until

  uscan --verbose --report-status

sees your tarball.


> I saw that you are a member of debian-science-team. Did you have some
> time so far to have a look at my project? Do you think debian-science-
> team could be interested in that project?

Yes. Joining a team is what you usually want. It doesn't mean that
somebody else will fix all your problems (you're still the primary
maintainer), but it's a signal that if a team member wants to fix stuff
while you're not available, you're ok with that.

debian-science is a fine place for this. Follow the policy:

  https://science-team.pages.debian.net/policy/

Mostly it means that you put your debianization into their subdirectory
on salsa:

  https://salsa.debian.org/science-team/

And that you set the team to be the Maintainer and yourself as the
Uploader. Read the policy.


> I'm looking for a sponsor to publish the project on debian. Can you
> perhaps help me in that issue?

Sure. Try to make a debianized repository as I described above, and let
me know when you're done. Or if you need help.



Bug#1067924: dgit: can't clone/fetch dockerfile-mode past few days

2024-03-30 Thread Ian Jackson
Sean Whitton writes ("Bug#1067924: dgit: can't clone/fetch dockerfile-mode past 
few days"):
> spwhitton@chiark:~/tmp>dgit clone dockerfile-mode
> canonical suite name for unstable is sid
> fetching existing git history
> fatal: Could not read from remote repository.
> 
> Please make sure you have the correct access rights
> and the repository exists.
> dgit: failed command: git ls-remote -q --refs 
> https://git.dgit.debian.org/dockerfile-mode 'refs/tags/archive/debian/*' 
> 'refs/tags/debian/*' refs/dgit/sid refs/dgit-rewrite/map
> 
> dgit: error: subprocess failed with error exit status 128
> 255 spwhitton@chiark:~/tmp>
> 
> I was able to successfully dgit push the package, after doing an
> import-dsc for the purposes I wanted to fetch.

It seems to be working now.  I'm afraid going to close this bug
without doing much else.

In the future, a DSA ticket is probably more helpful.  I don't think
DSA are aware of the frequency of these problems.

As a workaround, when this happens, "dgit --for-push clone" is
very likely to work, since it goes to the underlying git server via
ssh, rather than the public mirror via the git protocol.

I guess we could change dgit to suggest filing a DSA ticket...

Sorry,
Ian.

-- 
Ian JacksonThese opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.



Bug#1068068: Need rebootstrapping on armel and armhf

2024-03-30 Thread tony mancill
On Sat, Mar 30, 2024 at 01:29:42PM +0500, Andrey Rakhmatullin wrote:
> Package: icmake,libbobcat6
> Severity: serious
> Tags: ftbfs
> 
> As src:icmake B-D:libbobcat-dev, src:bobcat B-D:icmake, there seems to be zero
> packaging-level support for bootstrapping, the packages are not 
> cross-buildable
> and the upstream bootstrapping instructions are too tedious, I'm filing this
> for visibility (as there are ~14 packages B-D:libbobcat-dev).

Thank you for the bug report.  Frank (the upstream author) is in the
process of updating icmake to no longer depend on bobcat, thus breaking
the cycle.


signature.asc
Description: PGP signature


Bug#1043686: Please provide a proper download location for beads

2024-03-30 Thread Andreas Tille
Ping?

Am Thu, Jan 25, 2024 at 12:46:17PM +0100 schrieb Andreas Tille:
> Hi Filippo,
> 
> I intended to have a look at bug #1043686 noticing that beads is
> shipping a copy of cimg (which is packaged and should probably be
> excluded from upstream source in favour of the packaged code).
> When checking the download locations mentioned in d/watch I realised
> that the last two packaged versions are not available for download.
> 
> It would be great if you could point the watch file to some place
> where the latest tags could be found.
> 
> Kind regards
> Andras.
> 
> -- 
> http://fam-tille.de
> 
> ___
> Debian-med-packaging mailing list
> debian-med-packag...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-packaging
> 

-- 
https://fam-tille.de



Bug#1068017: util-linux: please ship liblastlog2 packages

2024-03-30 Thread Steve Langasek
On Sat, Mar 30, 2024 at 08:32:40AM +0100, Sven Joachim wrote:
> >> So we could either put pam_lastlog2.so into a common-* file from
> >> src:pam, or openssh and shadow should switch their setup.

> >> What do we all think about that?

> > pam should not be adding any modules to common-* that it itself does not
> > ship.  Instead they should be added via pam-auth-config.

> I think you mean pam-auth-update here.

Yes.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature


Bug#1068112: pcp: CVE-2024-3019

2024-03-30 Thread Salvatore Bonaccorso
Source: pcp
Version: 6.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for pcp.

CVE-2024-3019[0]:
| A flaw was found in PCP. The default pmproxy configuration exposes
| the Redis server backend to the local network, allowing remote
| command execution with the privileges of the Redis user. This issue
| can only be exploited when pmproxy is running. By default, pmproxy
| is not running and needs to be started manually. The pmproxy service
| is usually started from the 'Metrics settings' page of the Cockpit
| web interface. This flaw affects PCP versions 4.3.4 and newer.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-3019
https://www.cve.org/CVERecord?id=CVE-2024-3019
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2271898
[2] 
https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Bug#1068111: wireshark: CVE-2024-2955

2024-03-30 Thread Salvatore Bonaccorso
Source: wireshark
Version: 4.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/19695
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for wireshark.

CVE-2024-2955[0]:
| T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13
| allows denial of service via packet injection or crafted capture
| file


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-2955
https://www.cve.org/CVERecord?id=CVE-2024-2955
[1] https://www.wireshark.org/security/wnpa-sec-2024-06.html
[2] https://gitlab.com/wireshark/wireshark/-/issues/19695

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Bug#1060371: git-buildpackage: feature request: gbp sync

2024-03-30 Thread Otto Kekäläinen
Today I filed https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/342
("Detect missing tags: force maintainer to continue tagging upload
commits if it was done before") which would be easy to implement if
something like `gbp sync` already existed.



Bug#970021: Seeking a small group to package Apache Arrow (was: Bug#970021: RFP: apache-arrow -- cross-language development platform for in-memory analytics)

2024-03-30 Thread Julian Gilbey
Hi Diane,

On Fri, Mar 29, 2024 at 11:49:07AM -0700, Diane Trout wrote:
> On Mon, 2024-03-25 at 18:17 +, Julian Gilbey wrote:
> > 
> > 
> > So this is a plea for anyone looking for something really helpful to
> > do: it would be great to have a group of developers finally package
> > this!  There was some initial work done (see the RFP bug report for
> > details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970021),
> > but that is fairly old now.  As Apache Arrow supports numerous
> > languages, it may well benefit from having a group of developers with
> > different areas of expertise to build it.  (Or perhaps it would make
> > more sense to split the upstream source into a collection of
> > different
> > Debian source packages for the different supported languages.  I
> > don't
> > know.)  Unfortunately I don't have the capacity to devote any time to
> > it myself.
> > 
> > Thanks in advance for anyone who can step forward for this!
> 
> I've been maintain dask and anndata and saw that apache arrow was
> getting increasingly popular.
> 
> I took the current science-team preliminary packaging 7.0.0 packaging
> and managed to get it to build through a combination of patches and
> turning off features.
> 
> I even mostly managed to get pyarrow to build. (Though some tests fail
> due to pytest lazy-fixture being abandoned).
> 
> I pushed my current work in progress to.
> 
> https://salsa.debian.org/diane/arrow.git
> 
> Was anyone else planning on working on it or should I push my updates
> to the science-team package?

Lovely to hear from you, and oh wow, that's amazing, thank you!

I can't speak for anyone else, but I suggest that pushing your updates
to the science-team package would be very sensible; it would be silly
for someone else to have to redo your work.

What more is needed for it to be ready for unstable?

Best wishes,

   Julian



Bug#1068110: netty: CVE-2024-29025

2024-03-30 Thread Salvatore Bonaccorso
Source: netty
Version: 1:4.1.48-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for netty.

CVE-2024-29025[0]:
| Netty is an asynchronous event-driven network application framework
| for rapid development of maintainable high performance protocol
| servers & clients. The `HttpPostRequestDecoder` can be tricked to
| accumulate data. While the decoder can store items on the disk if
| configured so, there are no limits to the number of fields the form
| can have, an attacher can send a chunked post consisting of many
| small fields that will be accumulated in the `bodyListHttpData`
| list. The decoder cumulates bytes in the `undecodedChunk` buffer
| until it can decode a field, this field can cumulate data without
| limits. This vulnerability is fixed in 4.1.108.Final.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-29025
https://www.cve.org/CVERecord?id=CVE-2024-29025
[1] https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
[2] 
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



Bug#1068024:

2024-03-30 Thread Jeffrey Walton
It looks like more analysis has revealed this is a RCE with the
payload in the modulus of a public key: "The payload is extracted from
the N value (the public key) passed to RSA_public_decrypt, checked
against a simple fingerprint, and decrypted with a fixed ChaCha20 key
before the Ed448 signature verification..." Also see
.



Bug#1068109: sudo: [INTL:pt_BR] Brazilian Portuguese debconf templates translation

2024-03-30 Thread Adriano Rafael Gomes


Package: sudo
Tags: l10n patch
Severity: wishlist

Hello,

Could you please update the Brazilian Portuguese translation?

Attached you will find the file pt_BR.po. It is UTF-8 encoded and tested with
msgfmt and podebconf-display-po.

Kind regards.


pt_BR.po.gz
Description: application/gzip


signature.asc
Description: PGP signature


Bug#1068108: ITP: python-pysocks -- Python SOCKS client module

2024-03-30 Thread Josenilson Ferreira da Silva
Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva 
X-Debbugs-Cc: debian-de...@lists.debian.org, nilsonfsi...@hotmail.com

* Package name: python-pysocks
  Version : 1.7.1
  Upstream Contact: Anorov 
* URL : https://github.com/Anorov/PySocks
* License : BSD
  Programming Lang: Python
  Description : Python SOCKS client module

 PySocks is a Python project that provides an easy way to configure
 and use SOCKS clients. The module is capable of sending traffic through
 SOCKS proxy servers, acting as a direct replacement for the socket module,
 allowing you to configure any socket object by calling the "set_proxy()"
 method, facilitating the routing of network traffic through SOCKS proxies.
 .
 stands out for:
  * Compatibility: Support most features of the SOCKS protocol, including TCP
and, to some extent, UDP, allowing communication with a variety of network
services.
  * Integration: PySocks can be integrated with other Python libraries that
support SOCKS proxies, such as requests.
  * Traffic Anonymization: In projects that require anonymity in network
communication, such as web data scraping or API automation, PySocks can
be integrated to route traffic by hiding the client's IP address.

 Note: This package is a required dependency for the TeraBoxUtility
 ITP package: #1067395



Bug#1066438: backuppc-rsync: FTBFS: lib/compat.c:154:16: error: too few arguments to function ‘gettimeofday’

2024-03-30 Thread J. Fernando LAGRANGE

Le 13/03/2024 à 13:02, Lucas Nussbaum a écrit :

[…]
Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.

[…]


Thanks for such information. Since no action was taken in last 2 weeks, 
I opened a bug upstream [1].


[1] https://github.com/backuppc/rsync-bpc/issues/40

I was able to reproduce this bug, but I am not able to resolv it as I do 
not understand how rsync-bpc is made from rsync. :-/



Thanks for any hint and regards.
--
J. Fernando Lagrange
Absent les mercredis des semaines paires
PROBESYS - Spécialistes OpenSource
9 rue de chamrousse
38100 Grenoble
Standard : 09 74 76 47 86
GLPi: 01 86 95 99 85
site web : https://www.probesys.com



Bug#1068107: cloud.debian.org: pull images with compromised xz packages

2024-03-30 Thread Ross Vandegrift
Package: cloud.debian.org
Severity: important
X-Debbugs-Cc: rvandegr...@debian.org

Hi team,

We should probably pull the daily sid and trixie images built with the
compromised xz-utils.  Looking at the json manifests, this would be:

  sid: all images since 2024-02-27 
  trixie: 2024-03-05 through 2024-03-28, inclusive

I determined these dates by looking at the azure amd64 manifest, since it's
first in the dir listing.  I haven't looked into why the sid builds still say
they include liblzma5 5.6.0-0.2.

Finally, apologies for not being able to do this myself - I still do not have
my account setup for access to core machines.

Ross



Bug#1012325: dialog: Multi-Arch: foreign package should not contain static library

2024-03-30 Thread Thomas Dickey
On Sat, Mar 30, 2024 at 08:02:18PM +0100, Sven Joachim wrote:
> On 2024-03-30 12:38 +0100, Santiago Vila wrote:
> 
> > El 30/3/24 a las 9:43, Sven Joachim escribió:
> >> I think it would make sense for Debian to follow what Arch and Fedora
> >> are doing, introduce a libdialog15 package with the shared library and a
> >> libdialog-dev package with the .so symlink but without libdialog.a,
> >> because that requires (if I understood you correctly) configuring and
> >> building dialog twice, greatly complicating packaging.
> >> Santiago, do you think this is a good plan?
> >
> > Yes. If we can avoid the static library to keep it simple, that would be 
> > better.
> >
> > Simple question: Is that really allowed these days? I wanted to be sure
> > by reading Policy but did not find any statement saying they are required
> > or not.
> 
> I could only find the following two sentences in §8.3:
> 
> ,
> | The static library ("libraryname.a") is usually provided in addition
> | to the shared version. It is placed into the development package (see
> | below).
> `
> 
> So shipping static libraries is recommended but not required, and there
> are certainly quite a few packages where upstream does not support them.
> But see below.

Actually, for development on MacOS, I have to use static libraries,
because there's no useful analog for LD_LIBRARY_PATH :-)
 
> >> I can work on an updated patch.
> >
> > That would definitely help.
> 
> This afternoon I got my hands dirty.  The first attempt to simply pass
> --with-shared to configure failed to give me a libdialog.a, and it also
> produced the following odd collection of *.so* files:
> 
> libdialog.so -> libdialog.so.15.0.0
> libdialog.so.1.3
> libdialog.so.15.0.0 -> libdialog.so.1.3

fwiw, ncurses, dialog and cdk use the same scripts (and version information)
 
> Not what you would expect, and it does not match the files shipped in
> the Fedora and Arch packages.  A closer look revealed that they both
> configure dialog --with-libtool, and that worked great because it gave
> me not only the expected layout of *.so* files, but also a static
> libdialog.a library. :-)

perhaps - but since aside from Linux, libtool support is not reliable,
it's not going to be of primary concern to me.

-- 
Thomas E. Dickey 
https://invisible-island.net


signature.asc
Description: PGP signature


Bug#1068103: Cannot disable touchpad acceleration after upgrading to GNOME 46

2024-03-30 Thread Jeremy Bícha
On Sat, Mar 30, 2024 at 2:06 PM Josh Triplett  wrote:
> After upgrading GNOME to 46, the touchpad seems to have some sort of
> acceleration enabled: it feels like it has a painfully large amount of
> inertia.
>
> I've tried
> gsettings set org.gnome.desktop.peripherals.touchpad accel-profile flat
> and that doesn't seem to change anything.

Please note that 'flat' should be in single quotes.

You could also try using the GNOME Tweaks app to disable Touchpad
Acceleration which should do the same thing as the gsettings command
but without needing to know the correct syntax.

Thank you,
Jeremy Bícha



Bug#1012325: dialog: Multi-Arch: foreign package should not contain static library

2024-03-30 Thread Sven Joachim
On 2024-03-30 12:38 +0100, Santiago Vila wrote:

> El 30/3/24 a las 9:43, Sven Joachim escribió:
>> I think it would make sense for Debian to follow what Arch and Fedora
>> are doing, introduce a libdialog15 package with the shared library and a
>> libdialog-dev package with the .so symlink but without libdialog.a,
>> because that requires (if I understood you correctly) configuring and
>> building dialog twice, greatly complicating packaging.
>> Santiago, do you think this is a good plan?
>
> Yes. If we can avoid the static library to keep it simple, that would be 
> better.
>
> Simple question: Is that really allowed these days? I wanted to be sure
> by reading Policy but did not find any statement saying they are required
> or not.

I could only find the following two sentences in §8.3:

,
| The static library ("libraryname.a") is usually provided in addition
| to the shared version. It is placed into the development package (see
| below).
`

So shipping static libraries is recommended but not required, and there
are certainly quite a few packages where upstream does not support them.
But see below.

>> I can work on an updated patch.
>
> That would definitely help.

This afternoon I got my hands dirty.  The first attempt to simply pass
--with-shared to configure failed to give me a libdialog.a, and it also
produced the following odd collection of *.so* files:

libdialog.so -> libdialog.so.15.0.0
libdialog.so.1.3
libdialog.so.15.0.0 -> libdialog.so.1.3

Not what you would expect, and it does not match the files shipped in
the Fedora and Arch packages.  A closer look revealed that they both
configure dialog --with-libtool, and that worked great because it gave
me not only the expected layout of *.so* files, but also a static
libdialog.a library. :-)

Patch attached, I have tested that it builds on amd64 and i386. looked
at the generated Dependencies and verified that lintian does not go
crazy, but that's it.  Note that I had to add libtool-bin rather than
just libtool to Build-Depends to prevent configure from complaining, and
also pacify dh_missing considering the not installed .la file.

There are certainly a few improvements possible (e.g. adding a symbols
file, testing R³ support), I leave this up to you.

Cheers,
   Sven

diff -Nru dialog-1.3-20240101/debian/changelog dialog-1.3-20240101/debian/changelog
--- dialog-1.3-20240101/debian/changelog	2024-01-23 18:05:00.0 +0100
+++ dialog-1.3-20240101/debian/changelog	2024-03-30 19:21:27.0 +0100
@@ -1,3 +1,11 @@
+dialog (1.3-20240101-2) UNRELEASED; urgency=medium
+
+  * Split out libdialog-dev into its own package. Closes: #1012325.
+  * Build a shared library.
+  * Add libtool-bin to Build-Depends.
+
+ -- Sven Joachim   Sat, 30 Mar 2024 19:21:27 +0100
+
 dialog (1.3-20240101-1) unstable; urgency=medium

   * New upstream release.
diff -Nru dialog-1.3-20240101/debian/control dialog-1.3-20240101/debian/control
--- dialog-1.3-20240101/debian/control	2024-01-23 17:00:00.0 +0100
+++ dialog-1.3-20240101/debian/control	2024-03-30 19:21:27.0 +0100
@@ -3,13 +3,12 @@
 Priority: optional
 Maintainer: Santiago Vila 
 Standards-Version: 4.6.2
-Build-Depends: debhelper-compat (= 13), gettext, libncurses-dev (>= 5.3)
+Build-Depends: debhelper-compat (= 13), gettext, libncurses-dev (>= 5.3), libtool-bin
 Homepage: https://invisible-island.net/dialog/dialog.html

 Package: dialog
 Architecture: any
 Depends: debianutils (>= 1.6), ${misc:Depends}, ${shlibs:Depends}
-Provides: libdialog-dev
 Multi-Arch: foreign
 Description: Displays user-friendly dialog boxes from shell scripts
  This application provides a method of displaying several different types
@@ -29,3 +28,29 @@
   tail Allows viewing the end of files (tail) that auto updates
   background tail  Similar to tail but runs in the background.
   editbox  Allows editing an existing file
+
+Package: libdialog15
+Architecture: any
+Section: libs
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Multi-Arch: same
+Description: Displays user-friendly dialog boxes -- shared library
+ The dialog application provides a method of displaying several different
+ types of dialog boxes from shell scripts.  This allows a developer of a
+ script to interact with the user in a much friendlier manner.
+ .
+ This package contains the shared library.
+
+Package: libdialog-dev
+Architecture: any
+Section: libdevel
+Depends: ${misc:Depends}, libdialog15 (= ${binary:Version}), libncurses-dev
+Multi-Arch: same
+Replaces: dialog (<< 1.3-20240101-2~)
+Breaks: dialog (<< 1.3-20240101-2~)
+Description: Displays user-friendly dialog boxes -- development files
+ The dialog application provides a method of displaying several different
+ types of dialog boxes from shell scripts.  This allows a developer of a
+ script to interact with the user in a much friendlier manner.
+ .
+ This package contains the development files and the API documentation.
diff -Nru dialog-1.3-20240101/debian/dialog.

Bug#1068106: bookworm-pu: package libarchive/3.6.2-1+deb12u1

2024-03-30 Thread Peter Pentchev
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: libarch...@packages.debian.org, r...@debian.org
Control: affects -1 + src:libarchive
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Revert a change made by the same person that smuggled
the backdoor into xz. See #1068047 for more details.

[ Impact ]
In the discussion in the upstream bugtracker, the consensus is that
the reverted change may not really introduce any vulnerability, but
still some concerns were expressed regarding some unlikely scenarios.
It might be a safer bet to revert it, just in case.

[ Tests ]
None yet.

[ Risks ]
The change reverting the previous one is straightforward, limited to
a specific piece of code (specific error logging in
the bsdtar(1) command-line tool), and changes the source code back to
using the same error reporting functions that are used elsewhere
throughout the bsdtar and libarchive source code. Thus, IMHO the risks
are negligible, if any.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Introduce a patch that uses libarchive's own error reporting functions
instead of unchecked fprintf().
diff -Nru libarchive-3.6.2/debian/changelog libarchive-3.6.2/debian/changelog
--- libarchive-3.6.2/debian/changelog   2022-12-24 23:17:29.0 +0200
+++ libarchive-3.6.2/debian/changelog   2024-03-30 20:36:47.0 +0200
@@ -1,3 +1,9 @@
+libarchive (3.6.2-1+deb12u1) bookworm; urgency=medium
+
+  * Add the robust-error-reporting upstream patch. Closes: #1068047
+
+ -- Peter Pentchev   Sat, 30 Mar 2024 20:36:47 +0200
+
 libarchive (3.6.2-1) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru libarchive-3.6.2/debian/patches/robust-error-reporting.patch 
libarchive-3.6.2/debian/patches/robust-error-reporting.patch
--- libarchive-3.6.2/debian/patches/robust-error-reporting.patch
1970-01-01 02:00:00.0 +0200
+++ libarchive-3.6.2/debian/patches/robust-error-reporting.patch
2024-03-30 20:31:38.0 +0200
@@ -0,0 +1,20 @@
+Description: tar: make error reporting more robust and use correct errno
+Debian-Bug: https://bugs.debian.org/1068047
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/6110e9c82d8ba830c3440f36b990483ceaaea52c
+Author: Ed Maste 
+Last-Update: 2024-03-30
+
+--- a/tar/read.c
 b/tar/read.c
+@@ -372,8 +372,9 @@
+   if (r != ARCHIVE_OK) {
+   if (!bsdtar->verbose)
+   safe_fprintf(stderr, "%s", 
archive_entry_pathname(entry));
+-  fprintf(stderr, ": %s: ", 
archive_error_string(a));
+-  fprintf(stderr, "%s", strerror(errno));
++  safe_fprintf(stderr, ": %s: %s",
++  archive_error_string(a),
++  strerror(archive_errno(a)));
+   if (!bsdtar->verbose)
+   fprintf(stderr, "\n");
+   bsdtar->return_value = 1;
diff -Nru libarchive-3.6.2/debian/patches/series 
libarchive-3.6.2/debian/patches/series
--- libarchive-3.6.2/debian/patches/series  2022-12-24 23:17:29.0 
+0200
+++ libarchive-3.6.2/debian/patches/series  2024-03-30 20:31:52.0 
+0200
@@ -1,2 +1,3 @@
 typos.patch
 iconv-pkgconfig.patch
+robust-error-reporting.patch


signature.asc
Description: PGP signature


Bug#1068105: drop the Python3-Version attribute

2024-03-30 Thread Matthias Klose

Package: src:libsbml
Version: 5.20.2+dfsg-2.1
Severity: important
Tags: sid trixie ftbfs patch
User: debian-pyt...@lists.debian.org
Usertags: python3.12

please drop the Python3-Version attribute. we're not using these 
anymore, and it prevents the package to be built with 3.12.


diff -Nru libsbml-5.20.2+dfsg/debian/control 
libsbml-5.20.2+dfsg/debian/control

--- libsbml-5.20.2+dfsg/debian/control  2024-03-09 18:21:16.0 +
+++ libsbml-5.20.2+dfsg/debian/control  2024-03-29 13:44:06.0 +
@@ -37,7 +37,6 @@
 Vcs-Browser: https://salsa.debian.org/med-team/libsbml
 Vcs-Git: https://salsa.debian.org/med-team/libsbml.git
 Homepage: http://www.sbml.org/
-X-Python3-Version: 3.11
 Rules-Requires-Root: no
 Testsuite: autopkgtest-pkg-python



Bug#1006146: also useful for other Gnome settings

2024-03-30 Thread Ferenc Wágner
For example in my case gsd-rfkill was necessary for enabling the
Bluetooth settings in gnome-control-center.  It is also provided by
/usr/lib/systemd/user/gnome-session@gnome-flashback-metacity.target.d
(for xmonad 0.17.1-1 in Debian bookworm).
-- 
Feri.



Bug#1068096: chromium: --temp-profile has no effect if it appears after --ozone-platform=wayland

2024-03-30 Thread Andres Salomon
Thanks for reporting! This is a bug in our wrapper script 
(/usr/bin/chromium), not in the upstream binary (/usr/lib/chromium).


We have some, uh, not great arg checking in the shell script:

while [ $# -gt 0 ]; do
  case "$1" in
--temp-profile )
  want_temp_profile=1
  shift ;;

-- ) # Stop option prcessing
  shift
  break ;;


So when you run with --ozone-platform[0], it hits the "Stop option 
prcessing" code path and doesn't look at further args.


If you're so inclined, I'd happily take a (tested) patch to rework the 
way we handle arg processing. Otherwise, I will get to this after I deal 
with some higher priority chromium stuff. :)



 [0] you can use --ozone-platform=auto to have it automatically detect 
whether to run in X or Wayland mode, btw



On 3/30/24 10:36, Daniel Kahn Gillmor wrote:

Package: chromium
Version: 122.0.6261.57-1
Severity: normal
X-Debbugs-Cc: Daniel Kahn Gillmor 

I regularly launch chromimum with --temp-profile to have a completely
isolated, throwaway browsing session.

I am experimenting with switching to wayland.  To use chromium with
wayland, i need to launch it with --ozone-platform=wayland.

Surprisingly, i discovered that if i launch it this way:

 chromium --ozone-platform=wayland --temp-profile

Then it launches with the primary chromium profile, *not* an ephemeral
profile.

But if i launch it this way:

 chromium --temp-profile --ozone-platform=wayland

then it does in fact use an ephemeral profile.  I discovered this by
using the former invocation to visit a site where i have a login, and
noticed that i was already logged in as soon as i visited it.

I consider this a pretty serious privacy violation: my entire client
side state was mapped in to a process that i expected to be otherwise
anonymous.

  --dkg


-- System Information:
Debian Release: trixie/sid
   APT prefers testing-debug
   APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  chromium-common  122.0.6261.57-1
ii  libasound2   1.2.10-3
ii  libatk-bridge2.0-0   2.50.0-1+b1
ii  libatk1.0-0  2.50.0-1+b1
ii  libatomic1   14-20240201-3
ii  libatspi2.0-02.50.0-1+b1
ii  libc62.37-15
ii  libcairo21.18.0-1+b1
ii  libcups2 2.4.7-1+b1
ii  libdbus-1-3  1.14.10-4
ii  libdouble-conversion33.3.0-1+b1
ii  libdrm2  2.4.120-2
ii  libevent-2.1-7t64 [libevent-2.1-7]   2.1.12-stable-8.1+b1
ii  libexpat12.5.0-2+b2
ii  libflac121.4.3+ds-2+b1
ii  libfontconfig1   2.15.0-1.1
ii  libfreetype6 2.13.2+dfsg-1+b1
ii  libgbm1  23.3.5-1
ii  libgcc-s114-20240201-3
ii  libglib2.0-0 2.78.4-1
ii  libgtk-3-0   3.24.41-1
ii  libjpeg62-turbo  1:2.1.5-2+b2
ii  libjsoncpp25 1.9.5-6+b2
ii  liblcms2-2   2.14-2+b1
ii  libminizip1  1:1.3.dfsg-3+b1
ii  libnspr4 2:4.35-1.1+b1
ii  libnss3  2:3.99-1
ii  libopenh264-72.4.1+dfsg-1
ii  libopenjp2-7 2.5.0-2+b2
ii  libopus0 1.4-1+b1
ii  libpango-1.0-0   1.52.0+ds-1
ii  libpng16-16t64 [libpng16-16] 1.6.43-5
ii  libpulse016.1+dfsg1-3
ii  libsnappy1v5 1.1.10-1+b1
ii  libstdc++6   14-20240201-3
ii  libwebp7 1.3.2-0.4
ii  libwebpdemux21.3.2-0.4
ii  libwebpmux3

Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Joey Hess
I have prepared a git repository that is a fork of xz from the point I
identified before the attacker(s) did anything to it. In my fork, I have
renamed liblzma to liblzmaunscathed. That allows it to be installed
alongside current dpkg without breaking dpkg with an old version of
liblzma. 

My git repository is here (note all my commits are gpg signed):
https://git.joeyh.name/index.cgi/xz-unscathed/

It also has a debian branch which contains a debian directory. I've
built packages of that, as well as building dpkg-1.22.6 against it.
I've attached the patch I used to build dpkg.

My build of dpkg ended up not being linked to a lzma library at all,
because liblzmaunscathed is too old to support concurrent decompression,
which the configure script detects. So dpkg-deb instead uses xz-utils
to decompress debs. I replaced xz-utils.deb with the one built from my
fork, and dpkg seems to work fine using it.

If Debian decided to go this route, you could add xz-utils-unscathed
to unstable, and at the same time update xz-utils to not build
xz-utils.deb. Then build dpkg against it. Then look into forward porting
or re-implementing concurrent decompression if that is really important
to have.

I only plan to maintain this fork minimally, eg backporting security
fixes. The goal is not to take over from xz upstream, but to get the
possibly backdoored code off of production systems ASAP. Presumably xz
upstream will come up with their own solution long-term.

-- 
see shy jo
diff -ur orig/dpkg-1.22.6/Makefile.in dpkg-1.22.6/Makefile.in
--- orig/dpkg-1.22.6/Makefile.in	2024-03-10 15:21:24.0 -0400
+++ dpkg-1.22.6/Makefile.in	2024-03-30 13:28:12.823685407 -0400
@@ -344,7 +344,7 @@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-LZMA_LIBS = @LZMA_LIBS@
+LZMAUNSCATHED_LIBS = @LZMAUNSCATHED_LIBS@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MD_LIBS = @MD_LIBS@
diff -ur orig/dpkg-1.22.6/config.h.in dpkg-1.22.6/config.h.in
--- orig/dpkg-1.22.6/config.h.in	2024-03-10 15:21:24.0 -0400
+++ dpkg-1.22.6/config.h.in	2024-03-30 13:28:12.563685572 -0400
@@ -511,8 +511,8 @@
 /* Define to 1 to use bz2 library rather than console tool */
 #undef WITH_LIBBZ2
 
-/* Define to 1 to use lzma library rather than console tool */
-#undef WITH_LIBLZMA
+/* Define to 1 to use lzmaunscathed library rather than console tool */
+#undef WITH_LIBLZMAUNSCATHED
 
 /* Define to 1 to compile in SELinux support */
 #undef WITH_LIBSELINUX
diff -ur orig/dpkg-1.22.6/configure.ac dpkg-1.22.6/configure.ac
--- orig/dpkg-1.22.6/configure.ac	2024-03-02 21:30:15.0 -0400
+++ dpkg-1.22.6/configure.ac	2024-03-30 13:15:26.981883607 -0400
@@ -113,7 +113,7 @@
 DPKG_LIB_MD
 DPKG_LIB_Z
 DPKG_LIB_BZ2
-DPKG_LIB_LZMA
+DPKG_LIB_LZMAUNSCATHED
 DPKG_LIB_ZSTD
 DPKG_LIB_SELINUX
 AS_IF([test "x$build_dselect" = "xyes"], [
@@ -336,7 +336,7 @@
 libselinux  . . . . . . . . . : $have_libselinux
 libmd . . . . . . . . . . . . : $have_libmd
 libz  . . . . . . . . . . . . : $have_libz_impl
-liblzma . . . . . . . . . . . : $have_liblzma
+liblzmaunscathed . . . . . . .: $have_liblzmaunscathed
 libzstd . . . . . . . . . . . : $have_libzstd
 libbz2  . . . . . . . . . . . : $have_libbz2
 libcurses . . . . . . . . . . : ${have_libcurses:-no}
diff -ur orig/dpkg-1.22.6/debian/control dpkg-1.22.6/debian/control
--- orig/dpkg-1.22.6/debian/control	2024-03-02 21:30:15.0 -0400
+++ dpkg-1.22.6/debian/control	2024-03-30 13:14:37.746223895 -0400
@@ -20,7 +20,7 @@
  zlib1g-dev,
  libbz2-dev,
 # Version needed for multi-threaded decompressor support.
- liblzma-dev (>= 5.4.0),
+ liblzmaunscathed-dev,
 # Version needed for the new streaming API.
  libzstd-dev (>= 1.4.0),
  libselinux1-dev [linux-any],
@@ -28,7 +28,7 @@
 # Needed for the functional test.
  bzip2 ,
 # Version needed for multi-threaded decompressor support.
- xz-utils (>= 5.4.0) ,
+ xz-utils ,
 # Needed for the functional test.
  zstd ,
 # Needed for the author release process.
@@ -89,7 +89,7 @@
  libmd-dev,
  zlib1g-dev,
 # Version needed for multi-threaded decompressor support.
- liblzma-dev (>= 5.4.0),
+ liblzmaunscathed-dev,
 # Version needed for the new streaming API.
  libzstd-dev (>= 1.4.0),
  libbz2-dev,
@@ -113,7 +113,7 @@
  tar (>= 1.28-1),
  bzip2,
 # Version needed for multi-threaded decompressor support.
- xz-utils (>= 5.4.0),
+ xz-utils,
 # Version needed for git-style diff support.
  patch (>= 2.7),
  make,
@@ -165,7 +165,7 @@
  liblocale-gettext-perl,
  bzip2,
 # Version needed for multi-threaded decompressor support.
- xz-utils (>= 5.4.0),
+ xz-utils,
 Suggests:
  debian-keyring,
  gnupg | sq | sqop | pgpainless-cli | sequoia-chameleon-gnupg,
diff -ur orig/dpkg-1.22.6/debian/libdpkg-dev.install dpkg-1.22.6/debian/libdpkg-dev.install
--- orig/dpkg-1.22.6/debian/libdpkg-dev.install	2024-02-04 22:31:16.0 -0400
+++ dpkg-1.22.6/debian/libdpkg-dev.install	2024-03-30 13:25:27.043840706 -0400
@@ -1,4 +1,5 @@
 u

Bug#1068104: pandas: FTBFS on 32-bit architectures with -D_TIME_BITS=64

2024-03-30 Thread Graham Inggs
Source: pandas
Version: 2.1.4+dfsg-6
Severity: serious
Tags: ftbfs patch

Hi Maintainer

pandas FTBFS on 32-bit architectures with -D_TIME_BITS=64 (e.g. armel
and armhf), due to tests expected to fail, now passing.  I've copied
what I hope are the relevant parts of the log below.

The following is my first attempt at a patch, which would pass on
armel and armhf, but fail on i386 and hurd-i386, which are not built
with -D_TIME_BITS=64.

--- a/pandas/tests/indexes/datetimes/test_ops.py
+++ b/pandas/tests/indexes/datetimes/test_ops.py
@@ -33,7 +33,7 @@
 )
 def test_resolution(self, request, tz_naive_fixture, freq, expected):
 tz = tz_naive_fixture
-if freq == "A" and not IS64 and isinstance(tz, tzlocal):
+if freq == "A" and isinstance(tz, tzlocal):
 request.node.add_marker(
 pytest.mark.xfail(reason="OverflowError inside
tzlocal past 2038")
 )
--- a/pandas/tests/tseries/offsets/test_common.py
+++ b/pandas/tests/tseries/offsets/test_common.py
@@ -139,7 +139,7 @@
 if tz is not None:
 assert t.tzinfo is not None

-if isinstance(tz, tzlocal) and not IS64 and _offset is not DateOffset:
+if isinstance(tz, tzlocal) and _offset is not DateOffset:
 # If we hit OutOfBoundsDatetime on non-64 bit machines
 # we'll drop out of the try clause before the next test
 request.node.add_marker(

The following is my second attempt at a patch, which does not fail if
the expected test failures succeed.

--- a/pandas/tests/indexes/datetimes/test_ops.py
+++ b/pandas/tests/indexes/datetimes/test_ops.py
@@ -35,7 +35,7 @@
 tz = tz_naive_fixture
 if freq == "A" and not IS64 and isinstance(tz, tzlocal):
 request.node.add_marker(
-pytest.mark.xfail(reason="OverflowError inside
tzlocal past 2038")
+pytest.mark.xfail(reason="OverflowError inside
tzlocal past 2038",strict=False)
 )

 idx = date_range(start="2013-04-01", periods=30, freq=freq, tz=tz)
--- a/pandas/tests/tseries/offsets/test_common.py
+++ b/pandas/tests/tseries/offsets/test_common.py
@@ -143,7 +143,7 @@
 # If we hit OutOfBoundsDatetime on non-64 bit machines
 # we'll drop out of the try clause before the next test
 request.node.add_marker(
-pytest.mark.xfail(reason="OverflowError inside
tzlocal past 2038")
+pytest.mark.xfail(reason="OverflowError inside
tzlocal past 2038", strict=False)
 )
 elif (
 isinstance(tz, tzlocal)

Regards
Graham


[1] https://buildd.debian.org/status/logs.php?pkg=pandas&arch=armhf
[2] https://buildd.debian.org/status/logs.php?pkg=pandas&arch=armel


=== short test summary info 
FAILED 
pandas/tests/indexes/datetimes/test_ops.py::TestDatetimeIndexOps::test_resolution[tzlocal()-A-day]
= 1 failed, 15623 passed, 383 skipped, 5 deselected, 46 xfailed, 4
xpassed in 47.98s =
rdjoqkol test state = false

=== short test summary info 
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BusinessDay]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BusinessHour]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BusinessMonthEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BusinessMonthBegin]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BQuarterEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-BQuarterBegin]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-CustomBusinessDay]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-CustomBusinessHour]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-CustomBusinessMonthEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-CustomBusinessMonthBegin]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-MonthEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-MonthBegin]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-SemiMonthBegin]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-SemiMonthEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-QuarterEnd]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-LastWeekOfMonth]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-WeekOfMonth]
FAILED 
pandas/tests/tseries/offsets/test_common.py::test_apply_out_of_range[tzlocal()-We

Bug#1068103: Cannot disable touchpad acceleration after upgrading to GNOME 46

2024-03-30 Thread Josh Triplett
Package: gnome-settings-daemon
Version: 46.0-1
Severity: normal
X-Debbugs-Cc: j...@joshtriplett.org

After upgrading GNOME to 46, the touchpad seems to have some sort of
acceleration enabled: it feels like it has a painfully large amount of
inertia.

I've tried
gsettings set org.gnome.desktop.peripherals.touchpad accel-profile flat
and that doesn't seem to change anything.

If I run
libinput list-devices
all three mouse devices show this:
Accel profiles:   flat *adaptive custom




-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 6.7.9-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-settings-daemon depends on:
ii  gnome-settings-daemon-common  46.0-1
ii  gsettings-desktop-schemas 46.0-1
ii  libasound2t64 1.2.11-1+b1
ii  libc6 2.37-15.1
ii  libcairo2 1.18.0-1+b1
ii  libcanberra-gtk3-0t64 0.30-12.2+b1
ii  libcanberra0t64   0.30-12.2+b1
ii  libcolord21.4.7-1
ii  libcups2t64   2.4.7-1.2+b1
ii  libfontconfig12.15.0-1
ii  libgck-2-24.2.0-4
ii  libgcr-4-44.2.0-4
ii  libgdk-pixbuf-2.0-0   2.42.10+dfsg-3+b1
ii  libgeoclue-2-02.7.1-2
ii  libgeocode-glib-2-0   3.26.3-6+b1
ii  libglib2.0-0t64   2.78.4-6
ii  libgnome-desktop-3-20t64  44.0-5
ii  libgtk-3-0t64 3.24.41-4
ii  libgudev-1.0-0238-5
ii  libgweather-4-0t644.4.2-1
ii  libmm-glib0   1.22.0-3+b1
ii  libnm01.46.0-1+b1
ii  libnotify40.8.3-1
ii  libp11-kit0   0.25.3-4
ii  libpam-systemd [logind]   255.4-1+b1
ii  libpango-1.0-01.52.1+ds-1
ii  libpangocairo-1.0-0   1.52.1+ds-1
ii  libpolkit-gobject-1-0 124-2
ii  libpulse-mainloop-glib0   16.1+dfsg1-3
ii  libpulse0 16.1+dfsg1-3
ii  libspa-0.2-bluetooth  1.0.4-3
ii  libsystemd0   255.4-1+b1
ii  libupower-glib3   1.90.2-8+b1
ii  libwacom9 2.9.0-2
ii  libwayland-client01.22.0-2.1+b1
ii  libx11-6  2:1.8.7-1
ii  libxext6  2:1.3.4-1+b1
ii  libxfixes31:6.0.0-2
ii  libxi62:1.8.1-1
ii  pipewire-audio1.0.3-1

Versions of packages gnome-settings-daemon recommends:
pn  iio-sensor-proxy   
ii  pipewire-audio 1.0.3-1
ii  pkexec 124-2
ii  x11-xserver-utils  7.7+10

Versions of packages gnome-settings-daemon suggests:
pn  usbguard  

-- no debconf information



Bug#1068102: FileNotFoundError in process_manpages()

2024-03-30 Thread Andrey Rakhmatullin
Package: dh-debputy
Version: 0.1.23
Severity: normal

I've tried to convert the cpuid package to dh-sequence-zz-debputy, when
building it I got:

   dh_debputy
debputy: info: Loaded plugin debputy
debputy: info: The following directories are considered search dirs (in order):
debputy: info:  * debian/tmp  (skipped; absent)
debputy: info:  * .
debputy: info: The following directories are considered for "not-installed"
paths;
debputy: info:  * debian/tmp (skipped; absent)
debputy: info: Looking up build-ids via: file -00 -N
/<>/debian/.debhelper/_debputy/scratch-dir/_pb-615671/generated-
fs-content/no-package/tmpqr8svzjr__cpuid
debputy: info: Removing unnecessary ELF debug info via: strip --remove-
section=.comment --remove-section=.note
/<>/debian/.debhelper/_debputy/scratch-dir/_pb-615671/generated-
fs-content/no-package/tmpqr8svzjr__cpuid
debputy: info: Ensuring manpages have utf-8 encoding via: man-recode --to-code
UTF-8 --suffix .encoded /<>/debian/.debhelper/_debputy/scratch-
dir/_pb-615671/generated-fs-content/no-package/tmp7zgxlblf__cpuid.1.gz
/<>/debian/.debhelper/_debputy/scratch-dir/_pb-615671/generated-
fs-content/no-package/tmp8zbqi23u__cpuinfo2cpuid.1.gz
debputy: warning: Unhandled exception (Re-run with --debug to see the raw stack
trace)
debputy: warning:   - 8<  BEGIN STACK TRACE  8< -
Traceback (most recent call last):
  File "/usr/share/dh-debputy/debputy/commands/debputy_cmd/__main__.py", line
1459, in main
ROOT_COMMAND(cmd_arg)
  File "/usr/share/dh-debputy/debputy/commands/debputy_cmd/context.py", line
609, in __call__
self._aliases[v](command_arg)
  File "/usr/share/dh-debputy/debputy/commands/debputy_cmd/context.py", line
609, in __call__
self._aliases[v](command_arg)
  File "/usr/share/dh-debputy/debputy/commands/debputy_cmd/context.py", line
442, in __call__
return self._handler(context)
   ^^
  File "/usr/share/dh-debputy/debputy/commands/debputy_cmd/__main__.py", line
749, in _dh_integration_generate_debs
run_package_processors(manifest, package_metadata_context, fs_root)
  File "/usr/share/dh-debputy/debputy/deb_packaging_support.py", line 826, in
run_package_processors
.run_package_processor(fs_root, None, package_metadata_context)
  File "/usr/share/dh-debputy/debputy/plugin/api/impl_types.py", line 788, in
run_package_processor
self.package_processor(fs_root, unused, context)
  File "/usr/share/dh-debputy/debputy/plugin/debputy/package_processors.py",
line 120, in process_manpages
os.rename(f"{manpage}.encoded", manpage)
FileNotFoundError: [Errno 2] No such file or directory:
'/<>/debian/.debhelper/_debputy/scratch-dir/_pb-615671/generated-
fs-content/no-package/tmp7zgxlblf__cpuid.1.gz.encoded' ->
'/<>/debian/.debhelper/_debputy/scratch-dir/_pb-615671/generated-
fs-content/no-package/tmp7zgxlblf__cpuid.1.gz'


Note that cpuid.1 is not mentioned in the packaging. It's installed to
debian/cpuid/usr/share/man/man1/cpuid.1.gz at the moment of the error.

All changes:

diff --git a/debian/control b/debian/control
index bc4f9ac..83f15f5 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: cpuid
 Section: admin
 Priority: optional
 Maintainer: Andrey Rahmatullin 
-Build-Depends: debhelper-compat (= 13)
+Build-Depends: debhelper-compat (= 13), dh-sequence-zz-debputy
 Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/debian/cpuid.git
 Vcs-Browser: https://salsa.debian.org/debian/cpuid
@@ -11,7 +11,6 @@ Rules-Requires-Root: no

 Package: cpuid
 Architecture: any-i386 any-amd64
-Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}
 Description: tool to dump x86 CPUID information about the CPU(s)
  cpuid dumps detailed information about the CPU(s) gathered from the
  CPUID instruction, and also determines the exact model of CPU(s). It
diff --git a/debian/debputy.manifest b/debian/debputy.manifest
new file mode 100644
index 000..669437f
--- /dev/null
+++ b/debian/debputy.manifest
@@ -0,0 +1,4 @@
+manifest-version: '0.1'
+installations:
+- install-docs:
+source: FUTURE
diff --git a/debian/docs b/debian/docs
deleted file mode 100644
index 3cb5077..000
--- a/debian/docs
+++ /dev/null
@@ -1 +0,0 @@
-FUTURE


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dh-debputy depends on:
ii  debhelper 13.15.3
ii  man-db2.12.0-3+b1
ii  perl  5.38.2-3.2
ii  python3   3.11.

Bug#1065221: O: py7zr -- pure Python 7-zip library

2024-03-30 Thread Andreas Metzler
On 2024-03-30 yokota  wrote:
> I'm interested in py7zr because it is required by Calibre.

> New py7zr requires some other modules that not packaged by Debian yet.
> I make those modules into Debian packages.
> https://salsa.debian.org/yokota/python-multivolumefile
> https://salsa.debian.org/yokota/python-bcj
> https://salsa.debian.org/yokota/python-brotlicffi
> https://salsa.debian.org/yokota/python-inflate64
> https://salsa.debian.org/yokota/python-pyppmd
> https://salsa.debian.org/yokota/python-pyzstd

> And here is my py7zr repository.
> https://salsa.debian.org/yokota/py7zr

> I am a Debian Maintainer, so I want mentor to upload these packages.

Amazing. :-)  Thank you very much for the heads-up.

I am not yet confident enough in python packaging to sponsor the
uploads. I trust you'll find knowledgeable helpers in Debian Python
Team, of which you are already a member.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Bug#1067905: mpg321: Does not work on modern system (pipewire)

2024-03-30 Thread Andreas Metzler
On 2024-03-30 Peter B  wrote:
> "mpg321 simply produces no sound output here on a system running pipewire."

> How strange!

> Just wondering; have you got pipewire-alsa installed?


Hello Peter,

yes, I have got the recommended meta-package (pipewire-audio)
installed.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Bug#1068047: Suspicious commit merged in 2021 from account responsible for xz backdoor

2024-03-30 Thread Salvatore Bonaccorso
Control: severity -1 serious
Control: found -1 3.6.0-1

Hi Russ,

On Fri, Mar 29, 2024 at 07:24:13PM -0700, Russ Allbery wrote:
> Package: libarchive13t64
> Version: 3.7.2-1.1
> Severity: important
> X-Debbugs-Cc: r...@debian.org
> 
> So far it looks like no one has been able to figure out an obvious way
> for this to be exploitable, but I wanted to make sure that you were
> aware of this upstream issue:
> 
> https://github.com/libarchive/libarchive/pull/1609
> 
> The author of this commit is the same GitHub account that was used to
> create the xz backdoor. Upstream has merged a revert of this change at:
> 
> https://github.com/libarchive/libarchive/pull/2101
> 
> It may be worth expediting getting this change into Debian in case the
> potential attacker knows something that we don't. However, I don't have
> any reason to currently believe that this is a security vulnerability,
> so I've kept the severity at important and not applied the security tag.

Let's be on the safe side, and at least make it RC.

Regards,
Salvatore



Bug#714549: Bug fixed in 1.30-10

2024-03-30 Thread Alexandru Mihail
Hello Alexander,

I've incorporated your suggestions into a patch present in the next
version of mini-httpd (1.30-10). This is already committed in VCS, I'm
waiting for a FTP upload for now. Thanks a lot for your
contribution(s)to Debian !

This is what your test commands produce now with the latest (1.30-10)
version of the program (default config):

worker@sid:~$ echo -en 'GET /no/such/file HTTP/1.0\r\n\r\n' | nc
127.0.0.1 80 | grep -i Content-Type
Content-Type: text/html;charset=iso-8859-1
worker@sid:~$ echo -en 'GET /directory/ HTTP/1.0\r\n\r\n' | nc
127.0.0.1 80 | grep -i Content-Type
Content-Type: text/html; charset=UTF-8
worker@sid:~$ apt list --installed | grep mini-httpd

WARNING: apt does not have a stable CLI interface. Use with caution in
scripts.

mini-httpd/now 1.30-10 amd64 [installed,local]

Does this look OK to you now ? Seems fixed from my point of view. If
possible, please retest when you get an official upgrade of the package
throught apt. If everything is OK, nothing else needs to be done.
However, if you still see wrong output please open another bug report
and we'll take it from there since this one will automatically close
pending FTP upload.

Thanks again and have a good one,
Alexandru Mihail





signature.asc
Description: This is a digitally signed message part


Bug#1068024:

2024-03-30 Thread Jeffrey Walton
Lasse Collin provided a statement at .



Bug#1068101: RFS: mini-httpd/1.30-10 -- Small HTTP server

2024-03-30 Thread Alexandru Mihail

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "mini-httpd":

 * Package name : mini-httpd
   Version  : 1.30-10
   Upstream contact : Jef Poskanzer j...@mail.acme.com
 * URL  : https://www.acme.com/software/mini_httpd
 * License  : BSD-2-clause
 * Vcs  : https://salsa.debian.org/debian/mini-httpd
   Section  : web

The source builds the following binary packages:

  mini-httpd - Small HTTP server

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/mini-httpd/

Alternatively, you can download the package with 'dget' using this
command:

  dget -x
https://mentors.debian.net/debian/pool/main/m/mini-httpd/mini-httpd_1.30-10.dsc

Changes since the last upload:

mini-httpd (1.30-10) unstable; urgency=medium

  * Added patch improving handling of "charset=%s" in error pages
and directory listing. Before, a literal "%s" was output as opposed
to the actual charset. Now, the correct charset (UTF-8 for dirs and
ISO-8859-1 for err) is output. Thanks again, Alexander Foken !
(Closes: #714549)
  * Added a SystemD DocumentationKey entry fixing lintian warning. This
points to the manpage for now.
  * Added SystemD hardening features to service. The directives
I have provided should have no impact. I've confirmed no impact to
basic functionality, vhosting, error pages and CGI. I managed to
get the service to a "4.7 - OK" rating by using
systemd-analyze security mini-httpd (all the way from 9.6).
I have NOT enabled hardening features which have a high change of
impacting functionality such as removing CAP_CHROOT which would
mean mini_httpd's chroot mode of operation is forbidden.
Help is welcome in improving these options (maybe someone with a
security background could chip in).

Regards,
--
  Alexandru Mihail
  mini-httpd maintainer


signature.asc
Description: This is a digitally signed message part


Bug#1053196: Please remove librados-dev build-depends on all 32 bits arch

2024-03-30 Thread Sunil Mohan Adapa

Hi,

Looks like a patch with fix for this issue is already in the repository. 
A release with this fix before April 8th would prevent auto-removal of a 
uwsgi and a large number of dependencies including freedombox from testing.


Thank you for all the contributions,

--
Sunil


OpenPGP_0x36C361440C9BC971.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature


Bug#1068100: armci-mpi: autopkgtest spuriously fails

2024-03-30 Thread Samuel Thibault
Source: armci-mpi
Version: 0.3.1~beta-7
Severity: serious
Tags: patch upstream fixed-upstream
Forwarded: https://github.com/pmodels/armci-mpi/pull/47
Justification: Prevents mpich migration

Hello,

The test_mpi_indexed_gets test is currently failing spuriously
in debian unstable due to an uninitialized value, e.g.
https://ci.debian.net/packages/a/armci-mpi/testing/amd64/44486187/ ,
preventing the newer mpich version from migrating to unstable.

I have forwarded a fix to upstream
https://github.com/pmodels/armci-mpi/pull/47
which is already merged.

Unless somebody objects, I'll NMU it.

Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'unreleased'), 
(500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.8.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
commit 80cc91748392aec9eced295eb531548a565dac0e
Author: Samuel Thibault 
Date:   Sat Mar 30 16:35:11 2024 +0100

tests/mpi/test_mpi_indexed_gets.c: Fix reception buffer initialization

loc_buf was completely uninitialized, while the second and third loop nests
are checking that the values are 1.0 + rank. With luck it would be zero, and
thus the actual - expected > 1e-10 check would pass (since the difference is
then negative). With less luck the check would spuriously fail for the part
that is not overwritten by the MPI_Get.

Signed-off-by: Samuel Thibault 

commit 9c0f6b08ba706a7c2f3e74d325cfd2a010300108
Author: Samuel Thibault 
Date:   Sat Mar 30 16:38:58 2024 +0100

tests/mpi: Fix comparison of floating-double types

In case the actual value is zero and the expected value is positive, the
check would spuriously succeed.

Signed-off-by: Samuel Thibault 

commit cd001a46801fed9f406ea57238a131b0a0e063fe
Author: Samuel Thibault 
Date:   Sat Mar 30 16:41:58 2024 +0100

tests/mpi/test_mpi_indexed_gets.c: Strengthen test

Now that it is fixed, we can make it actually perform strided accesses.

Signed-off-by: Samuel Thibault 

diff --git a/tests/mpi/test_mpi_indexed_gets.c 
b/tests/mpi/test_mpi_indexed_gets.c
index dc1bd9d..3570492 100644
--- a/tests/mpi/test_mpi_indexed_gets.c
+++ b/tests/mpi/test_mpi_indexed_gets.c
@@ -44,8 +44,10 @@ int main(int argc, char **argv) {
 if (rank == 0)
 printf("MPI RMA Strided Get Test:\n");
 
-for (i = 0; i < XDIM*YDIM; i++)
+for (i = 0; i < XDIM*YDIM; i++) {
 *(win_buf + i) = 1.0 + rank;
+*(loc_buf + i) = 1.0 + rank;
+}
 
 MPI_Win_create(win_buf, bufsize, 1, MPI_INFO_NULL, MPI_COMM_WORLD, 
&buf_win);
 
diff --git a/tests/mpi/test_mpi_accs.c b/tests/mpi/test_mpi_accs.c
index ee9b0a9..730a632 100644
--- a/tests/mpi/test_mpi_accs.c
+++ b/tests/mpi/test_mpi_accs.c
@@ -55,7 +55,7 @@ int main(int argc, char **argv) {
   for (j = 0; j < YDIM; j++) {
 const double actual   = *(buffer + i + j*XDIM);
 const double expected = (1.0 + rank) + (1.0 + 
((rank+nranks-1)%nranks)) * (ITERATIONS);
-if (actual - expected > 1e-10) {
+if (fabs(actual - expected) > 1e-10) {
   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
   rank, j, i, expected, actual);
   errors++;
diff --git a/tests/mpi/test_mpi_indexed_accs.c 
b/tests/mpi/test_mpi_indexed_accs.c
index 78c06bd..0fc3baa 100644
--- a/tests/mpi/test_mpi_indexed_accs.c
+++ b/tests/mpi/test_mpi_indexed_accs.c
@@ -97,7 +97,7 @@ int main(int argc, char **argv) {
   for (j = 0; j < SUB_YDIM; j++) {
 const double actual   = *(win_buf + i + j*XDIM);
 const double expected = (1.0 + rank) + (1.0 + 
((rank+nranks-1)%nranks)) * (ITERATIONS);
-if (actual - expected > 1e-10) {
+if (fabs(actual - expected) > 1e-10) {
   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
   rank, j, i, expected, actual);
   errors++;
@@ -109,7 +109,7 @@ int main(int argc, char **argv) {
   for (j = 0; j < SUB_YDIM; j++) {
 const double actual   = *(win_buf + i + j*XDIM);
 const double expected = 1.0 + rank;
-if (actual - expected > 1e-10) {
+if (fabs(actual - expected) > 1e-10) {
   printf("%d: Data validation failed at [%d, %d] expected=%f 
actual=%f\n",
   rank, j, i, expected, actual);
   errors

Bug#1066964: ITA: newlib -- C library and math library for embedded systems

2024-03-30 Thread Petter Reinholdtsen
[Matthias Klose]
> Petter, is there a way to move the VCS on salsa?

I suspect so, but not sure how.  I doubt I have more privileges than you
in this regard, but could give it a try if you want me to.

-- 
Happy hacking
Petter Reinholdtsen



Bug#981690: gross: Wrong homepage

2024-03-30 Thread Antti Salmela
The homepage is not wrong. It's the page from the original
upstream that matches what is shipped in the Debian. The project and page
may have been abandoded, but users of the package are better informed by
knowledge of that instead of pointing to some random page in the net.

In light of recent supply chain attacks via xz/lzma, any "new" upstreams
should be consired with utmost suspicion.

The repository Dimitry linked to does not inspire any confidence. So many
changes with minimal commit messages and no explanations why changes
are needed.

-- 
Antti Salmela



Bug#1067905: mpg321: Does not work on modern system (pipewire)

2024-03-30 Thread Peter B

Hi Andreas,

"mpg321 simply produces no sound output here on a system running pipewire."


How strange!

Just wondering; have you got pipewire-alsa installed?


Regards,
Peter



Bug#1068099: python-cursive: please remove extraneous python3-six dependencies

2024-03-30 Thread Alexandre Detiste
Source: python-cursive
Version: 0.2.3-2
Severity: normal

It's gone.

tchet@brix /tmp/python-cursive $ grep six -r
debian/control: python3-six,
debian/control: python3-six,
tchet@brix /tmp/python-cursive $

Greetings



Bug#1068098: python-sqlalchemy-utils: please remove extraneous python3-six & python3-mock dependencies

2024-03-30 Thread Alexandre Detiste
Source: python-sqlalchemy-utils
Version: 0.41.0-2
Severity: normal

Six usage has been removed before.

tchet@brix /tmp/python-sqlalchemy-utils $ grep six -r
CHANGES.rst:- Remove the dependency on the six package. (#605)
debian/control: python3-six,
debian/control: python3-six,

Package uses a bit of unittest.mock
& also flexmock.

tchet@brix /tmp/python-sqlalchemy-utils $ grep mock -r | grep -e debian -e 
import
debian/control: python3-flexmock,
debian/control: python3-mock,
sqlalchemy_utils/functions/__init__.py:from .mock import create_mock_engine, 
mock_engine  # noqa
sqlalchemy_utils/functions/render.py:from .mock import create_mock_engine
tests/primitives/test_weekdays.py:from flexmock import flexmock
tests/test_proxy_dict.py:from flexmock import flexmock
tests/test_translation_hybrid.py:from flexmock import flexmock
tests/types/test_choice.py:from flexmock import flexmock
tests/types/test_color.py:from flexmock import flexmock
tests/types/test_password.py:import unittest.mock as mock


Greetings



Bug#1068097: Please provide a way to open a shell from aptitude

2024-03-30 Thread Josh Triplett
Package: aptitude
Version: 0.8.13-6
Severity: wishlist
X-Debbugs-Cc: j...@joshtriplett.org

Sometimes, when things go horribly wrong in an upgrade (e.g. in the
recent t64 transition if a library disappears and makes dpkg and sudo
and su unrunnable), it would help to have a root shell available. In
such circumstances, sometimes it would avoid the need for a rescue
system if aptitude provided a means of starting a shell.

Thank you.



Bug#1068096: chromium: --temp-profile has no effect if it appears after --ozone-platform=wayland

2024-03-30 Thread Daniel Kahn Gillmor
Package: chromium
Version: 122.0.6261.57-1
Severity: normal
X-Debbugs-Cc: Daniel Kahn Gillmor 

I regularly launch chromimum with --temp-profile to have a completely
isolated, throwaway browsing session.

I am experimenting with switching to wayland.  To use chromium with
wayland, i need to launch it with --ozone-platform=wayland.

Surprisingly, i discovered that if i launch it this way:

chromium --ozone-platform=wayland --temp-profile

Then it launches with the primary chromium profile, *not* an ephemeral
profile.

But if i launch it this way:

chromium --temp-profile --ozone-platform=wayland

then it does in fact use an ephemeral profile.  I discovered this by
using the former invocation to visit a site where i have a login, and
noticed that i was already logged in as soon as i visited it.

I consider this a pretty serious privacy violation: my entire client
side state was mapped in to a process that i expected to be otherwise
anonymous.

 --dkg


-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages chromium depends on:
ii  chromium-common  122.0.6261.57-1
ii  libasound2   1.2.10-3
ii  libatk-bridge2.0-0   2.50.0-1+b1
ii  libatk1.0-0  2.50.0-1+b1
ii  libatomic1   14-20240201-3
ii  libatspi2.0-02.50.0-1+b1
ii  libc62.37-15
ii  libcairo21.18.0-1+b1
ii  libcups2 2.4.7-1+b1
ii  libdbus-1-3  1.14.10-4
ii  libdouble-conversion33.3.0-1+b1
ii  libdrm2  2.4.120-2
ii  libevent-2.1-7t64 [libevent-2.1-7]   2.1.12-stable-8.1+b1
ii  libexpat12.5.0-2+b2
ii  libflac121.4.3+ds-2+b1
ii  libfontconfig1   2.15.0-1.1
ii  libfreetype6 2.13.2+dfsg-1+b1
ii  libgbm1  23.3.5-1
ii  libgcc-s114-20240201-3
ii  libglib2.0-0 2.78.4-1
ii  libgtk-3-0   3.24.41-1
ii  libjpeg62-turbo  1:2.1.5-2+b2
ii  libjsoncpp25 1.9.5-6+b2
ii  liblcms2-2   2.14-2+b1
ii  libminizip1  1:1.3.dfsg-3+b1
ii  libnspr4 2:4.35-1.1+b1
ii  libnss3  2:3.99-1
ii  libopenh264-72.4.1+dfsg-1
ii  libopenjp2-7 2.5.0-2+b2
ii  libopus0 1.4-1+b1
ii  libpango-1.0-0   1.52.0+ds-1
ii  libpng16-16t64 [libpng16-16] 1.6.43-5
ii  libpulse016.1+dfsg1-3
ii  libsnappy1v5 1.1.10-1+b1
ii  libstdc++6   14-20240201-3
ii  libwebp7 1.3.2-0.4
ii  libwebpdemux21.3.2-0.4
ii  libwebpmux3  1.3.2-0.4
ii  libwoff1 1.0.2-2+b1
ii  libx11-6 2:1.8.7-1
ii  libxcb1  1.15-1
ii  libxcomposite1   1:0.4.5-1
ii  libxdamage1  1:1.1.6-1
ii  libxext6 2:1.3.4-1+b1
ii  libxfixes3   1:6.0.0-2
ii  libxkbcommon01.6.0-1
ii  libxml2  2.9.14+dfsg-1.3+b2
ii  libxnvctrl0  530.41.03-1
ii  libxrandr2   2:1.5.4-1
ii  libxslt1.1   1.

Bug#1068095: python-botocore: please drop python3-mock from the build-dependencies

2024-03-30 Thread Alexandre Detiste
Source: python-botocore
Version: 1.34.46+repack-1
Severity: normal

This packages has switched to newer unittest.mock
from the standard library.

Greetings

python-botocore $ grep mock -r | grep import | grep -v 'from tests import'
tests/__init__.py:from unittest import mock
tests/functional/configured_endpoint_urls/test_configured_endpoint_url.py:from 
unittest import mock
tests/unit/test_endpoint_provider.py:from unittest.mock import Mock



Bug#1068085: RM: golang-github-go-git-go-git-fixtures -- RoM; possible vector for security vulnerabilities

2024-03-30 Thread Maytham Alsudany

Control: tags -1 + moreinfo

There's ongoing discussion regarding the urgency of go-git-fixtures' 
removal, and whether such drastic action is necessary. Additionally, it 
has 2 rdeps in testing that need to be dealt with first. The uploader 
for the go-git-fixtures package also needs to be consulted.


https://lists.debian.org/debian-go/2024/03/msg00041.html

Kind regards,
Maytham


OpenPGP_0xD597897206C5F07F.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature


Bug#1035595: gl-117: Crash on exit

2024-03-30 Thread Bernhard Übelacker



> malloc(): unsorted double linked list corrupted
> abort


Hello,
I could not reproduce this in a minimal bullseye or trixie amd64 VM,
and also not in a bookworm i386 VM.

But valgrind shows a few "Mismatched free() / delete / delete []"
or "Conditional jump or move depends on uninitialised value(s)".
Maybe those are responsible for the malloc abort.

Attached file fixes most of the issues shown by valgrind entering the 
main menu.


Kind regards,
BernhardDescription: Fix a few delete and uninitilised values shown by valgrind

Author: Bernhard Übelacker 
Last-Update: 2024-03-30

Index: gl-117-1.3.2/src/3ds.cpp
===
--- gl-117-1.3.2.orig/src/3ds.cpp
+++ gl-117-1.3.2/src/3ds.cpp
@@ -69,7 +69,7 @@ BinaryFile::BinaryFile (char *filename)
 
 BinaryFile::~BinaryFile ()
 {
-  delete data;
+  delete[] data;
 }
 
 int BinaryFile::readFloat (float *f)
@@ -503,7 +503,7 @@ void CLoad3DS::ReadUVCoordinates (CObjec
   
   for (int i = 0; i < object->numTexVertex; i ++)
 object->vertex [i].tex.take (&p [i]);
-  delete p;
+  delete[] p;
 }
 
 void CLoad3DS::ReadVertices (CObject *object, Chunk *previousChunk)
@@ -532,7 +532,7 @@ void CLoad3DS::ReadVertices (CObject *ob
 object->vertex [i].vector.y = object->vertex [i].vector.z;
 object->vertex [i].vector.z = -fTempY;
   }
-  delete p;
+  delete[] p;
 }
 
 void CLoad3DS::ReadObjectMaterial (CModel *model, CObject *object, Chunk 
*previousChunk)
Index: gl-117-1.3.2/src/model.cpp
===
--- gl-117-1.3.2.orig/src/model.cpp
+++ gl-117-1.3.2/src/model.cpp
@@ -616,7 +616,7 @@ CModel::~CModel ()
 delete object [i];
   if (refpoint)
   {
-delete refpoint;
+delete[] refpoint;
   }
 }
 
Index: gl-117-1.3.2/src/gl.cpp
===
--- gl-117-1.3.2.orig/src/gl.cpp
+++ gl-117-1.3.2/src/gl.cpp
@@ -239,10 +239,11 @@ void GL::shadeSmooth ()
 
 void GL::enableFog (float view)
 {
-  float fcol [3];
+  float fcol [4];
   fcol [0] = fogcolor [0] * foglum;
   fcol [1] = fogcolor [1] * foglum;
   fcol [2] = fogcolor [2] * foglum;
+  fcol [3] = 0.0;
   glEnable (GL_FOG);
   glFogfv (GL_FOG_COLOR, fcol);
   glFogf (GL_FOG_DENSITY, 0.1);
Index: gl-117-1.3.2/src/aiobject.cpp
===
--- gl-117-1.3.2.orig/src/aiobject.cpp
+++ gl-117-1.3.2/src/aiobject.cpp
@@ -87,6 +87,7 @@ void DynamicObj::dinit ()
   forcex = 0; forcez = 0; forcey = 0;
   maxthrust = 0.3; braking = 0/*0.99*/; manoeverability = 0.5;
   thrust = maxthrust; recthrust = thrust; recheight = 5.0;
+  realspeed = 1.0;
   ttl = -1;
   shield = 0.01F; maxshield = 0.01F;
   immunity = 0;


Bug#1068045: [Pkg-openssl-devel] Bug#1068045: libssl3: breaks YAPET

2024-03-30 Thread Sebastian Andrzej Siewior



On 30 March 2024 13:14:37 CET, Sean Whitton  wrote:
>Hello,

Hi,


>I downgraded, changed the password for my database to 'asdf',
>changed it back to the password it had before, upgraded libssl3,
>and the bug did not appear.
>
>I reverted to my original db, downgraded again, deleted an entry without
>changing the password, upgraded, and the bug appeared.
>
>I can't really say more without compromising my opsec.  But does the
>above give any clues / further debugging ideas?

I would look at the function yapet is using from openssl and compare the 
results.
Could create  a database from scratch an use similar patterns in terms number 
of entries and password (length, special characters) until you have something 
that you can share with me. I don't mind if throw it in my inbox without Cc: 
the bug.

>
>> Also, yapet is unchanged in unstable. Is the problem there, too?
>
>Unfortunately I do not have an unstable machine to hand right now, and
>until we know more about the xz-utils situation I would want to set up
>something air-gapped before copying my password db in there -- but can
>do that if we can't otherwise make progress.

The 5.6 xz is no more in unstable. But as you wish. I was just curious why this 
was not yet reported.

>
>Thanks for looking!
>

-- 
Sebastian



Bug#1068068: Need rebootstrapping on armel and armhf

2024-03-30 Thread Andrey Rakhmatullin
On Sat, Mar 30, 2024 at 02:14:24PM +0100, Frank B. Brokken wrote:
> > there seems to be zero packaging-level support for bootstrapping, the
> > packages are not cross-buildable and the upstream bootstrapping instructions
> > are too tedious,
> 
> So far no issues were encountered when the bootstrapping procedure as
> described in the README.bobatbootstrap file in icmake's src distribution is
> followed. 
> 
> If you could be a bit more specific about what you mean by 'bootstrapping
> instructions are too tedious' then I'm sure those instructions can be changed
> so that they're less tedious. 
It looked to me that I need to make a chroot, run the bootstrap script to
build some kind of local bootstrap bobcat, build local icmake with that
bobcat, build local bobcat with that icmake, build the icmake .deb,
install it in a new chroot, build the bobcat .deb, then ideally build a
clean icmake .deb again; and do that twice as two architectures need
bootstrapping. This is much much much more than I'm going to do for random
packages so I decided against it.

> Wrt the package not being cross-buildable:
> 
> The https://packages.debian.org/sid/libbobcat-dev shows the following lines
> for armel and armhf:
> 
> armel   6.04.00-1   1,604.2 kB  8,598.0 kB  [list of files]
> armhf   6.04.00-1   1,608.4 kB  8,126.0 kB  [list of files] 
> 
> although I also see packages for which version 6.04.00-1+b2 or 6.04.00-1+b4 is
> listed. So maybe for unstable some issues recently appeared?
Not sure what did you want to say here, sorry? By not being
cross-buildable I mean they lack cross-building support, both at the
packaging level (no proper M-A headers, no B-D annotation) and at the
upstream level (the gcc running was not the cross one).

> Also, the bootstrapping procedure is only required when icmake isn't avaialble
> yet. For the construction of the bobcat library icmake 11.01.02-1 is required,
> and icmake.01.02-1 needs libbobcat-dev >= 5.07.00, which is available since
> bullseye (oldstable).
icmake is indeed not available on armel and armhf until libbobcat6 is
rebuilt against libssl3t64.

-- 
WBR, wRAR


signature.asc
Description: PGP signature


Bug#1068094: RFH: sbcl -- Common Lisp compiler and development system

2024-03-30 Thread Sean Whitton
Package: wnpp
Severity: normal
X-Debbugs-Cc: s...@packages.debian.org, debian-de...@lists.debian.org, 
debian-emac...@lists.debian.org
Control: affects -1 + src:sbcl

I request assistance with maintaining SBCL in Debian.

It is the most popular Free Software compiler for Common Lisp.
So, most anyone who is interested in both Debian and Common Lisp is likely
interested in SBCL, too.

The upstream project is stable but seems relatively often to introduce changes
that break our packaging scripts.
Possibly there should be an attempt made to simplify how we do things.

This would be good for a new contributor to Debian who is otherwise
experienced with bootstrapping compilers / development environments.
You definitely don't need to be a Debian Developer to help.

The package description is:
 SBCL is a development environment for the ANSI Common Lisp language.
 It provides a native-code compiler and an integrated debugger, as well
 as all the features in the ANSI specification.
 .
 SBCL also contains other extensions to the ANSI specification, including
 a foreign-function interface, a pseudo-server API, user-extensible
 stream functionality, a Meta-Object Protocol, and an ability to run
 external processes.
 .
 To browse SBCL source definitions with development environments,
 install the sbcl-source package. For documentation on SBCL's usage
 and internals, the package sbcl-doc is provided.

-- 
Sean Whitton


signature.asc
Description: PGP signature


Bug#1068068: Need rebootstrapping on armel and armhf

2024-03-30 Thread Frank B. Brokken
Dear Andrey Rakhmatullin, you wrote:
> 
> Package: icmake,libbobcat6
> Severity: serious
> Tags: ftbfs
> 
> As src:icmake B-D:libbobcat-dev, src:bobcat B-D:icmake, there seems to be zero
> packaging-level support for bootstrapping, the packages are not 
> cross-buildable
> and the upstream bootstrapping instructions are too tedious, I'm filing this
> for visibility (as there are ~14 packages B-D:libbobcat-dev).

Thanks for your bug report. You write: 

> there seems to be zero packaging-level support for bootstrapping, the
> packages are not cross-buildable and the upstream bootstrapping instructions
> are too tedious,

So far no issues were encountered when the bootstrapping procedure as
described in the README.bobatbootstrap file in icmake's src distribution is
followed. 

If you could be a bit more specific about what you mean by 'bootstrapping
instructions are too tedious' then I'm sure those instructions can be changed
so that they're less tedious. 

Wrt the package not being cross-buildable:

The https://packages.debian.org/sid/libbobcat-dev shows the following lines
for armel and armhf:

armel   6.04.00-1   1,604.2 kB  8,598.0 kB  [list of files]
armhf   6.04.00-1   1,608.4 kB  8,126.0 kB  [list of files] 

although I also see packages for which version 6.04.00-1+b2 or 6.04.00-1+b4 is
listed. So maybe for unstable some issues recently appeared?

Also, the bootstrapping procedure is only required when icmake isn't avaialble
yet. For the construction of the bobcat library icmake 11.01.02-1 is required,
and icmake.01.02-1 needs libbobcat-dev >= 5.07.00, which is available since
bullseye (oldstable).

So maybe you can also provide some info about why the bootstrapping procedure
is needed/used?

In any case: the dependence on icmake when constructing the full bobcat
library could be avoided, but I'd rather not do that once icmake *is*
available. So please advise.


-- 
Frank B. Brokken
(+31) 6 5353 2509
PGP Key Fingerprint: DF32 13DE B156 7732 E65E  3B4D 7DB2 A8BE EAE4 D8AA


signature.asc
Description: PGP signature


Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Ivan Shmakov
> On 2024-03-30, Guillem Jover wrote:
> On Sat, 2024-03-30 at 00:48:34 +, Stephan Verbücheln wrote:

 >> Subject: Re: Bug#1068024: Or remove xz altogether?

 >> Maybe the people who criticized xz back in the day for being an amateur
 >> project implementing a defective file format were right all along?

 >> https://www.nongnu.org/lzip/xz_inadequate.html

 > *Sigh*, the current situation is bad enough, and has nothing to do
 > with the xz format or design, or the FUD and propaganda from that
 > link.  Please drop it…

While I wouldn’t have brought it up myself, nor the arguably
provocative Subject: change (reverted), as it’s indeed only
tangentially related to the issue at hand (which apparently
have resulted from the absense of good faith developers
volunteering to maintain this project – and in a word of
defense, the design quality of a software project /does/
influence both the amount of maintenance work and, other
things being equal, the desire to get involved), the comment
above got me curious: which parts of the document linked are
‘FUD and propaganda’?  Because I’ve just glanced it over and
I don’t find any obvious examples.

Granted, I’m not an expert in the field of compression and
coding, per se, and can’t readily speak on the validity of
most of the arguments given there, those at least appear
plausible.  Some arguments I find obvious, such as, e. g.:

 ADD> A well-known property of CRCs is their ability to detect burst
 ADD> errors up to the size of the CRC itself.  Using a CRC larger
 ADD> than the dataword is an error because a CRC just as large as
 ADD> the dataword equally detects all errors while it produces
 ADD> a lower number of false positives.

If there’s a reasonable rebuttal to the points raised in that
document, I believe that a pointer to it would be appropriate
for this discussion.  Other than that, I’m not going to go on
this tangent any further here.  I’ll be monitoring a handful
of Internet fora for that, though (news:alt.os.linux.debian,
news:comp.misc, irc://irc.efnet.org/%23coders, etc.)

-- 
FSF associate member #7257  np. Moonsong — Shane Jackman



Bug#1068093: ITP: python-cotengrust -- Fast contraction ordering primitives for tensor networks

2024-03-30 Thread Yogeswaran Umasankar
Package: wnpp
Severity: wishlist
Owner: Yogeswaran Umasankar 
X-Debbugs-Cc: debian-de...@lists.debian.org, kd8...@gmail.com

* Package name: python-cotengrust
  Version : 0.1.1
  Upstream Contact: Johnnie Gray 
* URL : https://github.com/jcmgray/cotengrust
* License : AGPL-3
  Programming Lang: Python, Rust
  Description : Fast contraction ordering primitives for tensor networks

`cotengrust` provides fast rust implementations of contraction
 ordering primitives for tensor networks or einsum expressions.
 The two main functions are `optimize_optimal(inputs, output, size_dict,
 **kwargs)` and `optimize_greedy(inputs, output, size_dict, **kwargs)`.
 Planning to maintain it under DPT, need sponsor.



Bug#1068092: www.debian.org: Website states you could install using a live system which is misleading

2024-03-30 Thread doak
Package: www.debian.org
Severity: normal
X-Debbugs-Cc: tldr+...@posteo.net

Dear Maintainer,

the website at [1] states that "The live images contain the
end-user-friendly Calamares Installer, a distribution-independent
installer framework, as alternative to our well known
Debian-Installer.". This is imho misleading in two ways.

First, the Calamares Installer is not available in the standard live CD
since it requires a graphical UI.

Second, it sounds like the Debian-Installer is an alternative in this
manner, i.e. it can be started from a running live system as well which
afaik is not the case. You need to start the installer from bootloaders
menu.

Would be nice to find a better, still dense, wording for this.

Regards,
doak



Bug#1065221: O: py7zr -- pure Python 7-zip library

2024-03-30 Thread yokota
Hello,

I'm interested in py7zr because it is required by Calibre.

New py7zr requires some other modules that not packaged by Debian yet.
I make those modules into Debian packages.
https://salsa.debian.org/yokota/python-multivolumefile
https://salsa.debian.org/yokota/python-bcj
https://salsa.debian.org/yokota/python-brotlicffi
https://salsa.debian.org/yokota/python-inflate64
https://salsa.debian.org/yokota/python-pyppmd
https://salsa.debian.org/yokota/python-pyzstd

And here is my py7zr repository.
https://salsa.debian.org/yokota/py7zr

I am a Debian Maintainer, so I want mentor to upload these packages.

--
YOKOTA Hiroshi



Bug#1068091: dh-make-perl: Build fails with invalid git tag when using manual version and epoch

2024-03-30 Thread Andy Beverley
Package: dh-make-perl
Version: 0.122
Severity: normal

Dear Maintainer,

When specifying a version with an epoch, and when a tag is used with
a git repo, the build fails with an invalid tag error.

For example:

  cpan2deb --version=1:1.006 --revision=1  PDF::Table

Fails with:

  fatal: 'upstream/1:1.006' is not a valid tag name.

The problem appears to be caused by this line in DhMakePerl::Command::make

  $git->command( 'tag', "upstream/".$self->version, 'upstream/latest' )

I assume a fix would simply be to replace all occurences of a colon with
another suitable character?

Many thanks,

Andy


-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-17-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dh-make-perl depends on:
ii  debhelper  13.11.4
ii  dpkg-dev   1.21.22
ii  fakeroot   1.31-1.2
ii  libapt-pkg-perl0.1.40+b2
ii  libarray-unique-perl   0.08-4
ii  libclass-accessor-perl 0.51-2
ii  libconfig-ini-perl 1:0.029-1
ii  libconfig-model-dpkg-perl  2.165
ii  libdebian-source-perl  0.122
ii  libdpkg-perl   1.21.22
ii  libemail-address-xs-perl   1.05-1+b1
ii  libemail-date-format-perl  1.008-1
ii  libfile-which-perl 1.27-2
ii  liblist-moreutils-perl 0.430-2
ii  libmodule-depends-perl 0.16-5
ii  libpod-parser-perl 1.65-1
ii  libsoftware-license-perl   0.104002-1
ii  libtie-ixhash-perl 1.23-4
ii  libwww-mechanize-perl  2.16-1
ii  libwww-perl6.68-1
ii  libyaml-libyaml-perl   0.86+ds-1
ii  libyaml-perl   1.30-2
ii  make   4.3-4.1
ii  perl   5.36.0-7+deb12u1

Versions of packages dh-make-perl recommends:
ii  apt-file  3.3
ii  git   1:2.39.2-1.1
ii  libmodule-build-perl  0.423200-1
pn  libsys-cpu-perl   
ii  pristine-tar  1.50

dh-make-perl suggests no packages.

-- no debconf information



Bug#1068024: revert to version that does not contain changes by bad actor

2024-03-30 Thread Joey Hess
Aurelien Jarno wrote:
> Note that reverted to such an old version will break packages that use
> new symbols introduced since then. From a quick look, this is at least:
> - dpkg
> - erofs-utils
> - kmod
> 
> Having dpkg in that list means that such downgrade has to be planned
> carefully.

I agree this would be a challanging downgrade. I've tried it myself
experimentally and once a downgraded liblzma5 is unpacked, dpkg-deb is broken
with missing symbol 'XZ_5.4'.

Renaming liblzma5 to something else (liblzma6?) and making dpkg-deb
depend on that seems like one way to go that would avoid messy situations.


FWIW, I rebuilt xz-utils 5.2.5-2.1~deb11u1 (from bullseye) on sid
and then got dpkg to build against that successfully after a few minor
changes to dpkg's packaging:

--- debian/libdpkg-dev.install.orig 2024-03-30 07:31:46.635365816 -0400
+++ debian/libdpkg-dev.install  2024-03-30 07:34:48.667477725 -0400
@@ -1,4 +1,5 @@
 usr/include/dpkg/*.h
-usr/lib/*/pkgconfig/libdpkg.pc
-usr/lib/*/libdpkg.a
+usr/lib/pkgconfig/libdpkg.pc
+usr/lib/libdpkg.a
 usr/share/aclocal/dpkg-*.m4
+usr/lib/libdpkg.la

(And after disabling the test suite since changes in xz message output
caused a test failure.)

-- 
see shy jo


signature.asc
Description: PGP signature


Bug#774068: ExtUtils-MakeMaker and NO_PERLLOCAL

2024-03-30 Thread Andrew Beverley

On 11/06/2022 12:58, Damyan Ivanov wrote:

-=| Niko Tyni, 30.12.2014 11:47:23 +0200 |=-

(cc'ing the debian-perl list)

On Tue, Dec 30, 2014 at 08:38:56AM +, Damyan Ivanov wrote:

-=| Andrew Beverley, 29.12.2014 00:16:14 + |=-

Is there any harm in having the option in there, especially as the
upstream version of EU-MM defaults to creating perllocal.pod files, and
provides this option to prevent it happening?


As I see it, adding and maintaining a line to 2000+ debian/rules files
is a bit of a burden. Not an unbearable one, but we embraced the tiny
dh rules exactly because they made things really simple.


Presumably Debian's version uses a patched version of EU-MM, which was
required before this option was available.


I wonder if debhelper would be the right place to add this. This would
solve the problem this patch solves, and maybe also simplify the patch
in the perl package package [1]

[1]
https://anonscm.debian.org/cgit/perl/perl.git/tree/debian/patches/debian/no_packlist_perllocal.diff


Right, that seems like the right long term approach to me. Ideally,
debhelper could pass both NO_PACKLIST and NO_PERLLOCAL to EU::MM, and
the above patch wouldn't be needed at all.

This would be a similar transition to the (still unfinished) PREFIX one,
see #579461 and
  
https://lintian.debian.org/tags/debian-rules-makemaker-prefix-is-deprecated.html

Packages not using the short form dh rules would need to be modified
before the patch could be removed. The required steps would be something
like
  1) change the Perl policy to recommend NO_PACKLIST + NO_PERLLOCAL
  2) change debhelper v9 to use them
  3) add a lintian check and/or do a mass bug filing for the other packages
  4) wait for (most of) the packages to be fixed
  5) change the Perl policy to require NO_PACKLIST + NO_PERLLOCAL
  6) remove the patch from the perl package


I've been thinking about this. Even made the changes in debhelper¹ and
considered a possible wording for the Perl policy.

  ¹ 
https://salsa.debian.org/dmn/debhelper/-/commits/b9cdc9696464f67f0c75479383a002ff666ffd6b

Then it occured to me that this is a titanic work that would take
months if not years - rebuilding the archive, analyzing the results,
providing patches to the packages that need them and track their
progress.

All this so that a patch is dropped from Debian's EU:MM and packages
created with dh-make-perl could be built in a rather non-standard
environment.

And perhaps the other patches to Debian's EU:MM also have some purpose
that would still be missing, so another round of the same would be
needed.

Somehow, to me it seems that the gain is not worth the effort. By
a huge margin.

So how about this instead:

Add a special option to dh-make-perl like '--pristine-upstream-eumm'
that causes it to make whatever changes are necessary to the resulting
package for it to build with the non-standard envronment. Including
a warning to the docs that such a package is not intented for the
official Debian archive.

Andrew, are you still interested in this and willing to provide
a merge request/patch that provides such an option?


Thanks for coming back to this and for the willingness to solve it.


If you have solved the issue by other means (e.g. --data-dir), then
perhaps we should just close this bugreport.


I've actually now always been in the habit of prefixing any use of 
cpan2deb with the following, which I think solves the problem:


PERL_MM_OPT='NO_PACKLIST=1 NO_PERLLOCAL=1'

Reading through the history of this bug though, I'm not sure I really 
need that anymore, as I don't think I'm using a local version of EU::MM 
(presumably the one now shipped with Debian is new enough for most 
purposes).


So yes, I think just closing the bug report is best. At least there is a 
history here for anyone else encountering the same issues.


Many thanks for your assistance.

Andy



Bug#1068090: Update Build-Depends for the time64 library renames

2024-03-30 Thread Andrey Rakhmatullin
Source: tetzle
Version: 2.2.3-1
Severity: serious
Tags: ftbfs

The package explicitly Build-Depends: libqt6*, this needs to be changed to
libqt6*t64 if it's needed at all.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



Bug#1068089: FTBFS: error: cannot convert ‘long int*’ to ‘const time_t*’ {aka ‘const long long int*’}

2024-03-30 Thread Andrey Rakhmatullin
Source: ukui-control-center
Version: 3.22.1.25-2
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/fetch.php?pkg=ukui-control-
center&arch=armhf&ver=3.22.1.25-2&stamp=1711794461&raw=0

plugins/about/aboutinterface.cpp: In member function ‘char*
AboutInterface::ntpdate(char*)’:
plugins/about/aboutinterface.cpp:438:18: error: cannot convert ‘long int*’ to
‘const time_t*’ {aka ‘const long long int*’}
  438 | return ctime(&tmit);
  |  ^
  |  |
  |  long int*
In file included from /usr/include/features.h:490,
 from /usr/include/arm-linux-
gnueabihf/c++/13/bits/os_defines.h:39,
 from /usr/include/arm-linux-
gnueabihf/c++/13/bits/c++config.h:679,
 from /usr/include/c++/13/type_traits:38,
 from /usr/include/arm-linux-gnueabihf/qt5/QtCore/qglobal.h:45,
 from /usr/include/arm-linux-
gnueabihf/qt5/QtCore/qnamespace.h:43,
 from /usr/include/arm-linux-
gnueabihf/qt5/QtCore/qobjectdefs.h:48,
 from /usr/include/arm-linux-gnueabihf/qt5/QtCore/qobject.h:46,
 from /usr/include/arm-linux-gnueabihf/qt5/QtCore/QObject:1,
 from plugins/about/aboutinterface.h:21,
 from plugins/about/aboutinterface.cpp:18:
/usr/include/time.h:186:14: note:   initializing argument 1 of ‘char*
ctime(const time_t*)’
  186 | extern char *__REDIRECT_NTH (ctime, (const time_t *__timer),
__ctime64);
  |  ^~


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


Bug#1068045: [Pkg-openssl-devel] Bug#1068045: libssl3: breaks YAPET

2024-03-30 Thread Sean Whitton
Hello,

On Sat 30 Mar 2024 at 09:29am +01, Sebastian Andrzej Siewior wrote:

> On 2024-03-30 09:25:27 [+0800], Sean Whitton wrote:
>> Package: libssl3
>> Version: 3.0.13-1~deb12u1
>> Severity: grave
>> Justification: renders package unusable
>> X-Debbugs-Cc: t...@security.debian.org
>> Control: affects -1 + yapet
>>
>> Dear maintainer,
>>
>> This version of libssl3 from bookworm-proposed-updates breaks YAPET.
>> When I try to open my passwords database, it claims the master password I 
>> type
>> is incorrect.  But downgrading libssl3 fixes the problem.
>
> Can you give me more to go on? I installed yapet created a database,
> updated and it remains to work.
> Maybe supply a test database which works with the old but not with the
> new library.

I downgraded, changed the password for my database to 'asdf',
changed it back to the password it had before, upgraded libssl3,
and the bug did not appear.

I reverted to my original db, downgraded again, deleted an entry without
changing the password, upgraded, and the bug appeared.

I can't really say more without compromising my opsec.  But does the
above give any clues / further debugging ideas?

> Also, yapet is unchanged in unstable. Is the problem there, too?

Unfortunately I do not have an unstable machine to hand right now, and
until we know more about the xz-utils situation I would want to set up
something air-gapped before copying my password db in there -- but can
do that if we can't otherwise make progress.

Thanks for looking!

-- 
Sean Whitton


signature.asc
Description: PGP signature


Bug#1066964: ITA: newlib -- C library and math library for embedded systems

2024-03-30 Thread Matthias Klose
Control: retitle -1 ITA: newlib -- C library and math library for 
embedded systems


placing this package under the GCC Maintainers umbrella. Both nvptx and 
amdgcn offload compilers are dependent on this.


Petter, is there a way to move the VCS on salsa?



Bug#1068088: apscheduler: please drop python3-mock build dependency

2024-03-30 Thread Alexandre Detiste
Source: apscheduler
Version: 3.9.1-2
Severity: normal

Dear Maintainer,

The python3-mock library is obsolete and slowly removed from Debian.

apscheduler has switched to using the newer "unittest.mock"
from the Python standard library.

Please remove the extraneous python3-mock buil dependency.

Greetings,

Alexandre Detiste


-

try:
from unittest.mock import Mock
except ImportError:
from mock import Mock



Bug#1068056: ccls: FTBFS on armhf,i386 (test_response failures)

2024-03-30 Thread Shengjing Zhu
Control: severity -1 wishlist
Control: forcemerge 1068055 -1

On Sat, Mar 30, 2024 at 2:57 PM Kentaro HAYASHI  wrote:
>
> Source: ccls
> Severity: serious
> Tags: ftbfs
> Control: found -1 0.20230717-1
> X-Debbugs-Cc: ken...@xdump.org
>
> Dear Maintainer,
>
> ccls fails to build on armhf, i386.
>

As explained in 1068055.

-- 
Shengjing Zhu



Bug#1068055: ccls: FTBFS on armel (undefined reference to symbol '__atomic_load_8@@LIBATOMIC_1.0')

2024-03-30 Thread Shengjing Zhu
Control: severity -1 wishlist

On Sat, Mar 30, 2024 at 3:00 PM Kentaro HAYASHI  wrote:
>
> Source: ccls
> Severity: serious
> Tags: ftbfs
> Control: found -1 2.6.0-1
> X-Debbugs-Cc: ken...@xdump.org
>
> Dear Maintainer,
>
> ccls fails to build on armel. (missing linking against with -latomic)

It's fine, as it never successfully built before.

Even if it builds, the test will fail. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934408

-- 
Shengjing Zhu



Bug#1068087: ansible-runner: please remove dependency on python3-six (and fix repos on Salsa ?)

2024-03-30 Thread Alexandre Detiste
Source: ansible-runner
Version: 2.3.6-1
Severity: normal

Dear Miantainer,

I'm having a hard time trying to understand what's happening at
https://salsa.debian.org/saki/ansible-runner/-/commits/debian

It looks like "gbp" is not used and the 'upstream' changes are never
merged into the 'debian' branch.

So what's shipped as 2.3.6-1 isd actually much older
and doesn't include this old change:

https://github.com/ansible/ansible-runner/commit/2a51c8b29be9e962c38521a2d23fb9a70b6216aa


When this is fixed, please also remove python3-six dependency.
(https://wiki.debian.org/Python3-six-removal)

Greetings



Bug#1012325: dialog: Multi-Arch: foreign package should not contain static library

2024-03-30 Thread Santiago Vila

El 30/3/24 a las 9:43, Sven Joachim escribió:

I think it would make sense for Debian to follow what Arch and Fedora
are doing, introduce a libdialog15 package with the shared library and a
libdialog-dev package with the .so symlink but without libdialog.a,
because that requires (if I understood you correctly) configuring and
building dialog twice, greatly complicating packaging.

Santiago, do you think this is a good plan?


Yes. If we can avoid the static library to keep it simple, that would be better.

Simple question: Is that really allowed these days? I wanted to be sure
by reading Policy but did not find any statement saying they are required
or not.


I can work on an updated patch.


That would definitely help.

Thanks a lot!



Bug#1068086: ansible-runner: please drop dependency on python3-mock

2024-03-30 Thread Alexandre Detiste
Source: ansible-runner
Version: 2.3.6-1
Severity: normal

Dear Maintainer,

python3-mock is an old library that is now merged
into the Python standard library as unittest.mock.

python3-mock is slowly being removed from Debian.

Your project use neither "mock" or "unittest.mock",
so please remove the extraneous python3-mock dependency.

Greetings



tchet@brix /tmp/ansible-runner $ grep mock -r debian/
debian/control: python3-mock,
tchet@brix /tmp/ansible-runner $ grep mock -r | grep import
tchet@brix /tmp/ansible-runner $



Bug#1068085: RM: golang-github-go-git-go-git-fixtures -- RoM; possible vector for security vulnerabilities

2024-03-30 Thread Maytham Alsudany
Package: ftp.debian.org
Severity: normal

go-git-fixtures is mainly made up of tgz archives containing bare Git repos,
which are decompressed and used in the testing of golang-github-go-git-go-git.
In light of the recent xz-utils drama, having binary archives without any easy
method of regenerating them seems like a bad idea.

Kind regards,
Maytham


signature.asc
Description: This is a digitally signed message part


Bug#1068084: bookworm-pu: package intel-microcode/3.20240312.1~deb12u1

2024-03-30 Thread Henrique de Moraes Holschuh
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]

As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bullseye and Bookworm to match what
we have in Sid and Trixie.  This is the bug report for Bookworm, a
separate one will be filled for Bullseye.

This fixes:
* Several CVEs in many Intel processors
  - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368)
  - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575)
  - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS
  - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA
  - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490)
* Other unspecified functional issues on many processors

There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for bookworm and bullseye.

[ Impact ]

If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected against RFDS as well as the other issues listed above.

[ Tests ]

There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-03-13 (sid), 2024-03-18
(trixie).

[ Risks ]

Unknown, but not believed to be any different from other Intel microcode
updates.

Linux kernel updates related to the RFDS microcode update fixes are
either already available in Bookworm and Bullseye, or have already been
requested as spu's.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.

Diffstat:
 b/changelog|   77 +++
 b/debian/changelog |   88 
 b/intel-ucode/06-55-03 |binary
 b/intel-ucode/06-55-06 |binary
 b/intel-ucode/06-55-07 |binary
 b/intel-ucode/06-55-0b |binary
 b/intel-ucode/06-56-05 |binary
 b/intel-ucode/06-5f-01 |binary
 b/intel-ucode/06-6a-06 |binary
 b/intel-ucode/06-6c-01 |binary
 b/intel-ucode/06-7a-01 |binary
 b/intel-ucode/06-7a-08 |binary
 b/intel-ucode/06-7e-05 |binary
 b/intel-ucode/06-8c-01 |binary
 b/intel-ucode/06-8c-02 |binary
 b/intel-ucode/06-8d-01 |binary
 b/intel-ucode/06-8e-0c |binary
 b/intel-ucode/06-8f-05 |binary
 b/intel-ucode/06-8f-06 |binary
 b/intel-ucode/06-8f-07 |binary
 b/intel-ucode/06-8f-08 |binary
 b/intel-ucode/06-96-01 |binary
 b/intel-ucode/06-97-02 |binary
 b/intel-ucode/06-97-05 |binary
 b/intel-ucode/06-9a-03 |binary
 b/intel-ucode/06-9a-04 |binary
 b/intel-ucode/06-9c-00 |binary
 b/intel-ucode/06-9e-09 |binary
 b/intel-ucode/06-9e-0a |binary
 b/intel-ucode/06-9e-0c |binary
 b/intel-ucode/06-9e-0d |binary
 b/intel-ucode/06-a5-02 |binary
 b/intel-ucode/06-a5-03 |binary
 b/intel-ucode/06-a5-05 |binary
 b/intel-ucode/06-a6-00 |binary
 b/intel-ucode/06-a6-01 |binary
 b/intel-ucode/06-a7-01 |binary
 b/intel-ucode/06-aa-04 |binary
 b/intel-ucode/06-b7-01 |binary
 b/intel-ucode/06-ba-02 |binary
 b/intel-ucode/06-ba-03 |binary
 b/intel-ucode/06-ba-08 |binary
 b/intel-ucode/06-be-00 |binary
 b/intel-ucode/06-bf-02 |binary
 b/intel-ucode/06-bf-05 |binary
 b/intel-ucode/06-cf-01 |binary
 b/intel-ucode/06-cf-02 |binary
 b/releasenote.md   |   96 +
 49 files changed, 261 insertions(+)

[ Other info ]

The package version with "~" is needed to guarantee smooth updates to
the next debian release.

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index cbf9f66..fe44e7e 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,80 @@
+2024-03-12:
+  * New upstream microcode datafile 20240312
+- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+  Protection mechanism failure of bus lock regulator for some Intel
+  Processors may allow an unauthenticated user to potentially enable
+  denial of service via network access.
+- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+  Non-transparent sharing of return predictor targets between contexts in
+  some Intel Processors may allow an authorized user to potentially
+  enable information disclosure via local access.  Affects SGX as well.
+- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+  Information exposure through microarchitectural state after transient
+  execution from some register files for some Intel Atom Processors and
+  E-cores of Intel Core Processors may allow an authenticated user to
+  potentially enable information disclosure via local access.  Enhances
+  VERW instruction to clear stale register buffers.  

Bug#1068083: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-03-30 Thread Henrique de Moraes Holschuh
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]

As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bullseye and Bookworm to match what
we have in Sid and Trixie.  This is the bug report for Bullseye, a
separate one will be filled for Bookmorm.

This fixes:
* Several CVEs in many Intel processors
  - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368)
  - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575)
  - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS
  - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA
  - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490)
* Other unspecified functional issues on many processors

There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for bookworm and bullseye.

[ Impact ]

If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected against RFDS as well as the other issues listed above.

[ Tests ]

There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-03-13 (sid), 2024-03-18
(trixie).

[ Risks ]

Unknown, but not believed to be any different from other Intel microcode
updates.

Linux kernel updates related to the RFDS microcode update fixes are
either already available in Bookworm and Bullseye, or have already been
requested as spu's.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.

Diffstat:
 b/changelog|   77 +++
 b/debian/changelog |   89 +
 b/intel-ucode/06-55-03 |binary
 b/intel-ucode/06-55-06 |binary
 b/intel-ucode/06-55-07 |binary
 b/intel-ucode/06-55-0b |binary
 b/intel-ucode/06-56-05 |binary
 b/intel-ucode/06-5f-01 |binary
 b/intel-ucode/06-6a-06 |binary
 b/intel-ucode/06-6c-01 |binary
 b/intel-ucode/06-7a-01 |binary
 b/intel-ucode/06-7a-08 |binary
 b/intel-ucode/06-7e-05 |binary
 b/intel-ucode/06-8c-01 |binary
 b/intel-ucode/06-8c-02 |binary
 b/intel-ucode/06-8d-01 |binary
 b/intel-ucode/06-8e-0c |binary
 b/intel-ucode/06-8f-05 |binary
 b/intel-ucode/06-8f-06 |binary
 b/intel-ucode/06-8f-07 |binary
 b/intel-ucode/06-8f-08 |binary
 b/intel-ucode/06-96-01 |binary
 b/intel-ucode/06-97-02 |binary
 b/intel-ucode/06-97-05 |binary
 b/intel-ucode/06-9a-03 |binary
 b/intel-ucode/06-9a-04 |binary
 b/intel-ucode/06-9c-00 |binary
 b/intel-ucode/06-9e-09 |binary
 b/intel-ucode/06-9e-0a |binary
 b/intel-ucode/06-9e-0c |binary
 b/intel-ucode/06-9e-0d |binary
 b/intel-ucode/06-a5-02 |binary
 b/intel-ucode/06-a5-03 |binary
 b/intel-ucode/06-a5-05 |binary
 b/intel-ucode/06-a6-00 |binary
 b/intel-ucode/06-a6-01 |binary
 b/intel-ucode/06-a7-01 |binary
 b/intel-ucode/06-aa-04 |binary
 b/intel-ucode/06-b7-01 |binary
 b/intel-ucode/06-ba-02 |binary
 b/intel-ucode/06-ba-03 |binary
 b/intel-ucode/06-ba-08 |binary
 b/intel-ucode/06-be-00 |binary
 b/intel-ucode/06-bf-02 |binary
 b/intel-ucode/06-bf-05 |binary
 b/intel-ucode/06-cf-01 |binary
 b/intel-ucode/06-cf-02 |binary
 b/releasenote.md   |   96 +
 49 files changed, 262 insertions(+)

[ Other info ]

The package version with "~" is needed to guarantee smooth updates to
the next debian release.

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index cbf9f66..fe44e7e 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,80 @@
+2024-03-12:
+  * New upstream microcode datafile 20240312
+- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+  Protection mechanism failure of bus lock regulator for some Intel
+  Processors may allow an unauthenticated user to potentially enable
+  denial of service via network access.
+- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+  Non-transparent sharing of return predictor targets between contexts in
+  some Intel Processors may allow an authorized user to potentially
+  enable information disclosure via local access.  Affects SGX as well.
+- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+  Information exposure through microarchitectural state after transient
+  execution from some register files for some Intel Atom Processors and
+  E-cores of Intel Core Processors may allow an authenticated user to
+  potentially enable information disclosure via local access.  Enhances
+  VERW instruction to clear stale register buffers. 

Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1

2024-03-30 Thread Henrique de Moraes Holschuh
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

(duplicate submission, this one is signed. sorry about that!)

[ Reason ]

As requested by the security team, I would like to bring the microcode
update level for Intel processors in Bullseye and Bookworm to match what
we have in Sid and Trixie.  This is the bug report for Bullseye, a
separate one will be filled for Bookmorm.

This fixes:
* Several CVEs in many Intel processors
  - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368)
  - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575)
  - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS
  - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA
  - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490)
* Other unspecified functional issues on many processors

There are no releavant issues reported on this microcode update,
considering the version of intel-microcode already available as security
updates for bookworm and bullseye.

[ Impact ]

If this update is not approved, owners of most recent "client" Intel
processors and a few server processors will depend on UEFI updates to be
protected against RFDS as well as the other issues listed above.

[ Tests ]

There were no bug reports from users of Debian sid or Trixie, these
packages have been tested there since 2024-03-13 (sid), 2024-03-18
(trixie).

[ Risks ]

Unknown, but not believed to be any different from other Intel microcode
updates.

Linux kernel updates related to the RFDS microcode update fixes are
either already available in Bookworm and Bullseye, or have already been
requested as spu's.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

As per the debdiff, only documentation changes, package documentation
changes, and the binary blob change from upstream.

Diffstat:
 b/changelog|   77 +++
 b/debian/changelog |   89 +
 b/intel-ucode/06-55-03 |binary
 b/intel-ucode/06-55-06 |binary
 b/intel-ucode/06-55-07 |binary
 b/intel-ucode/06-55-0b |binary
 b/intel-ucode/06-56-05 |binary
 b/intel-ucode/06-5f-01 |binary
 b/intel-ucode/06-6a-06 |binary
 b/intel-ucode/06-6c-01 |binary
 b/intel-ucode/06-7a-01 |binary
 b/intel-ucode/06-7a-08 |binary
 b/intel-ucode/06-7e-05 |binary
 b/intel-ucode/06-8c-01 |binary
 b/intel-ucode/06-8c-02 |binary
 b/intel-ucode/06-8d-01 |binary
 b/intel-ucode/06-8e-0c |binary
 b/intel-ucode/06-8f-05 |binary
 b/intel-ucode/06-8f-06 |binary
 b/intel-ucode/06-8f-07 |binary
 b/intel-ucode/06-8f-08 |binary
 b/intel-ucode/06-96-01 |binary
 b/intel-ucode/06-97-02 |binary
 b/intel-ucode/06-97-05 |binary
 b/intel-ucode/06-9a-03 |binary
 b/intel-ucode/06-9a-04 |binary
 b/intel-ucode/06-9c-00 |binary
 b/intel-ucode/06-9e-09 |binary
 b/intel-ucode/06-9e-0a |binary
 b/intel-ucode/06-9e-0c |binary
 b/intel-ucode/06-9e-0d |binary
 b/intel-ucode/06-a5-02 |binary
 b/intel-ucode/06-a5-03 |binary
 b/intel-ucode/06-a5-05 |binary
 b/intel-ucode/06-a6-00 |binary
 b/intel-ucode/06-a6-01 |binary
 b/intel-ucode/06-a7-01 |binary
 b/intel-ucode/06-aa-04 |binary
 b/intel-ucode/06-b7-01 |binary
 b/intel-ucode/06-ba-02 |binary
 b/intel-ucode/06-ba-03 |binary
 b/intel-ucode/06-ba-08 |binary
 b/intel-ucode/06-be-00 |binary
 b/intel-ucode/06-bf-02 |binary
 b/intel-ucode/06-bf-05 |binary
 b/intel-ucode/06-cf-01 |binary
 b/intel-ucode/06-cf-02 |binary
 b/releasenote.md   |   96 +
 49 files changed, 262 insertions(+)

[ Other info ]

The package version with "~" is needed to guarantee smooth updates to
the next debian release.

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index cbf9f66..fe44e7e 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,80 @@
+2024-03-12:
+  * New upstream microcode datafile 20240312
+- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+  Protection mechanism failure of bus lock regulator for some Intel
+  Processors may allow an unauthenticated user to potentially enable
+  denial of service via network access.
+- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+  Non-transparent sharing of return predictor targets between contexts in
+  some Intel Processors may allow an authorized user to potentially
+  enable information disclosure via local access.  Affects SGX as well.
+- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+  Information exposure through microarchitectural state after transient
+  execution from some register files for some Intel Atom Processors and
+  E-cores of Intel Core Processors may allow an authenticated user to
+  potentially enable information disclosure via local access.  Enh

Bug#1068081: rust-dns-lookup: "lookup::test_rev_localhost' panicked at 'assertion failed" on loong64

2024-03-30 Thread zhangdandan

Source: rust-dns-lookup
Version: 1.0.8-4
Severity: wishlist
Tags: ftbfs
User: debian-loonga...@lists.debian.org
Usertags: loong64

Dear maintainers,

Compiling the rust-dns-lookup package failed for loong64 in the Debian 
Package Auto-Building environment, the error log is as follows:

```
test lookup::test_rev_localhost ... FAILED
failures:

 lookup::test_rev_localhost stdout 
thread 'lookup::test_rev_localhost' panicked at 'assertion failed: 
`(left == right)`

  left: `"loong64-loongson-03.local"`,
 right: `"localhost"`', src/lookup.rs:77:3
```

The full build log can be found at 
https://buildd.debian.org/status/logs.php?pkg=rust-dns-lookup&ver=1.0.8-4&arch=loong64.


After analysis, I think the maintainer may need to improve the 
test_rev_localhost() test case in the 
rust-dns-lookup-1.0.8/src/lookup.rs file.

The reasons are as follows:
1. If the first line of the /etc/hosts file is "127.0.0.1 localhost", 
the test case is successful.

```
# cat /etc/hosts
127.0.0.1   localhost
127.0.0.1   loong64-loongson-03.local loong64-loongson-03
```
Based on the above configure in /etc/hosts, the rust-dns-lookup package 
was compiled successfully on my local loong64 rootfs environment.


2. On the contrary, if the first line's content of the /etc/hosts file 
is not "127.0.0.1 localhost", the test case fails.
Even if the /etc/hosts file contains "127.0.0.1 localhost" in other 
lines except the first line, the test case fails.

```
# cat /etc/hosts
127.0.0.1   loong64-loongson-03.local loong64-loongson-03
127.0.0.1   localhost
```

Alternatively, we could set the first line of the '/etc/hosts' file to 
'127.0.0.1 localhost' on the loong64 buildd machines.

Your opinions are welcome.
If you have any questions, you can contact me at any time.

Thanks,
Dandan Zhang



Bug#1067771: cdk.h file location has changed, breaks application build

2024-03-30 Thread Thomas Dickey
On Fri, Mar 29, 2024 at 01:30:58PM -0500, Steven Robbins wrote:
> On Thursday, March 28, 2024 8:04:30 P.M. CDT Thomas Dickey wrote:
> 
> > I suppose that I _could_ have made a symlink in /usr/include/cdk,
> > to address both old/new locations.  You might consider that for
> > the package...
> 
> That's a good idea.  I've implemented your suggestion and closed the bug.

no problem (report bugs)

-- 
Thomas E. Dickey 
https://invisible-island.net


signature.asc
Description: PGP signature


Bug#1068080: Depends on a pre-t64 library name: libvdeplug2

2024-03-30 Thread Andrey Rakhmatullin
Package: libvdeslirp0
Version: 0.1.1-1
Severity: serious

libvdeslirp0 explicitly Depends on libvdeplug2, this needs to be changed to
libvdeplug2t64.


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvdeslirp0 depends on:
ii  libc6 2.37-15.1
ii  libslirp0 4.7.0-1+b1
ii  libvdeplug2t64 [libvdeplug2]  4.0.1-5.1

libvdeslirp0 recommends no packages.

libvdeslirp0 suggests no packages.



Bug#1068079: crash: FTBFS on loong64

2024-03-30 Thread zhangdandan

Source: crash
Version: 8.0.4-1
Severity: wishlist
Tags: ftbfs
User: debian-loonga...@lists.debian.org
Usertags: loong64

Dear maintainers,

Compiling the crash package failed for loong64 in the Debian Package 
Auto-Building environment.
The full build log can be found at 
https://buildd.debian.org/status/logs.php?pkg=crash&ver=8.0.4-1&arch=loong64.


The LoongArch architecture has been supported in crash upstream [1].
Details of support for the LoongArch architecture can also be obtained 
from crash-utility's mailing list [2].


Would it be possible to include LoongArch support in the next upload?
Your opinions are welcome.
If you have any questions, you can contact me at any time.

[1]: https://github.com/crash-utility/crash/tree/master
[2]: 
https://listman.redhat.com/archives/crash-utility/2023-September/author.html


Thanks,
Dandan Zhang



Bug#1068078: FTBFS on armel: shiboken2:smart::smart_pointer Newly detected Real test failure!

2024-03-30 Thread Andrey Rakhmatullin
Source: pyside2
Version: 5.15.12-6.1
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/fetch.php?pkg=pyside2&arch=armel&ver=5.15.12-6.1&stamp=1711789575&raw=0

RUN 2: Test project /<>/pyside3_build/py3.11-qt5.15.10-32bit-
relwithdebinfo/shiboken2
RUN 2: Start 181: smart_smart_pointer
RUN 2: 1/1 Test #181: smart_smart_pointer ..***Failed0.23 sec
RUN 2: Running garbage collector for reference test
RUN 2: FFF
RUN 2: ==
RUN 2: FAIL: testObjSmartPointer
(__main__.SmartPointerTests.testObjSmartPointer)
RUN 2: --
RUN 2: Traceback (most recent call last):
RUN 2:   File
"/<>/sources/shiboken2/tests/smartbinding/smart_pointer_test.py",
line 94, in testObjSmartPointer
RUN 2: self.assertEqual(integerCount(), 1)
RUN 2: AssertionError: 2 != 1
RUN 2:
RUN 2: ==
RUN 2: FAIL: testSmartPointerConversions
(__main__.SmartPointerTests.testSmartPointerConversions)
RUN 2: --
RUN 2: Traceback (most recent call last):
RUN 2:   File
"/<>/sources/shiboken2/tests/smartbinding/smart_pointer_test.py",
line 221, in testSmartPointerConversions
RUN 2: self.assertEqual(integerCount(), 1)
RUN 2: AssertionError: 2 != 1
RUN 2:
RUN 2: ==
RUN 2: FAIL: testSmartPointersWithNamespace
(__main__.SmartPointerTests.testSmartPointersWithNamespace)
RUN 2: --
RUN 2: Traceback (most recent call last):
RUN 2:   File
"/<>/sources/shiboken2/tests/smartbinding/smart_pointer_test.py",
line 182, in testSmartPointersWithNamespace
RUN 2: self.assertEqual(integerCount(), 2)
RUN 2: AssertionError: 3 != 2
RUN 2:
RUN 2: --
RUN 2: Ran 7 tests in 0.010s
RUN 2:
RUN 2: FAILED (failures=3)
RUN 2:
RUN 2:
RUN 2: 0% tests passed, 1 tests failed out of 1
RUN 2:
RUN 2: Total Test time (real) =   0.25 sec
RUN 2:
RUN 2: The following tests FAILED:
RUN 2:  181 - smart_smart_pointer (Failed)
RUN 2: Errors while running CTest
End of the test run


RES 2: Test #181: FAIL!  smart::smart_pointer()


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



Bug#1068077: python3-adal: adal/authentication_parameters.py:92: SyntaxWarning: invalid escape sequence '\s'

2024-03-30 Thread Paul Wise
Package: python3-adal
Version: 1.2.7-3
Severity: normal
usertags warnings 
User: debian-pyt...@lists.debian.org
Usertags: python3.12

I got some warnings when upgrading, probably caused by Python 3.12:

   Preparing to unpack .../python3-adal_1.2.7-3_all.deb ...
   Unpacking python3-adal (1.2.7-3) over (1.2.7-2) ...
   Setting up python3-adal (1.2.7-3) ...
   /usr/lib/python3/dist-packages/adal/authentication_parameters.py:92: 
SyntaxWarning: invalid escape sequence '\s'
 
"""^\s*Bearer\s+([^,\s="]+?)="([^"]*?)"\s*(,\s*([^,\s="]+?)="([^"]*?)"\s*)*$""")
   /usr/lib/python3/dist-packages/adal/authentication_parameters.py:94: 
SyntaxWarning: invalid escape sequence '\s'
 first_key_value_pair_regex = 
re.compile("""^\s*Bearer\s+([^,\s="]+?)="([^"]*?)"\s*""")
   /usr/lib/python3/dist-packages/adal/authentication_parameters.py:98: 
SyntaxWarning: invalid escape sequence '\s'
 all_other_key_value_pair_regex = 
re.compile("""(?:,\s*([^,\s="]+?)="([^"]*?)"\s*)""")
   
-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental'), 
(500, 'stable-updates'), (500, 'stable-security-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), 
(500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-adal depends on:
ii  python3   3.11.6-1
ii  python3-cryptography  41.0.7-4
ii  python3-dateutil  2.9.0-2
ii  python3-jwt   2.7.0-1
ii  python3-requests  2.31.0+dfsg-1

python3-adal recommends no packages.

python3-adal suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part


  1   2   >