Bug#993640: Please turn on the SimpleDRM driver in 6.11

[Mourad De Clerck]

Control: retitle -1 Please turn on the SimpleDRM driver in 6.11
Control: found -1 6.11.2-1

Hi,

Since 6.11 entered unstable, I've noticed plymouth falling back to the 3 
dot text-mode boot splash on some of my devices using amdgpu.


The most likely reason was reported in:
https://gitlab.freedesktop.org/plymouth/plymouth/-/issues/264

The proposed workaround is to use SimpleDRM, however this module isn't 
built in Debian's kernels. In /boot/config-6.11.2-amd64:


# CONFIG_DRM_SIMPLEDRM is not set

Would it be possible to include this module?

Thanks,

-- Mourad DC

Bug#1082906: linux-image-6.11-amd64: ipu6 camera is not working

[Diederik de Haas]

Control: tag -1 moreinfo

On Sat, 28 Sep 2024 03:09:54 + gabriel  wrote:
> Package: src:linux
> Version: 6.11-1~exp1
> 
> ipu6 mipi camera drivers were not part of previous kernels, now they have
> been upstreamed.
> After upgrading kernel to 6.11 the ipu6 kernel modules are loaded, however
> there are 32 video devices /dev/video0 to /dev/video32 and none of them is
> working  (gstreamer, vlc, firefox or cheese)

Do you have firmware-intel-graphics installed?

signature.asc
Description: This is a digitally signed message part.

Bug#1078696: [PATCH 3/4] ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]

[Hans de Goede]

Thank you for reporting this. I have submitted a patch adding the DMI quirk for 
this upstream:

https://lore.kernel.org/linux-acpi/20240927141606.66826-3-hdego...@redhat.com/

Bug#1082514: liblcms2-dev: Please upload version 2.16 to Unstable

[Diederik de Haas]

Package: liblcms2-dev
Version: 2.14-2+b1
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Version 2.16-1 was uploaded to Experimental in the beginning of the
year, but it would be great if it was uploaded to Unstable too.

Cheers,
  Diederik

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.11-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages liblcms2-dev depends on:
ii  liblcms2-2  2.14-2+b1

liblcms2-dev recommends no packages.

liblcms2-dev suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZu7AQAAKCRDXblvOeH7b
bgLqAPsFtkfygZSwmW4uF/CCVqBCdWCHdRGQybH/OAzL4u3n5AD/SqKRavmEMEXd
Hy9rFhe22T1qoAOETKPIDtW7hiszNQs=
=kLHj
-END PGP SIGNATURE-

Bug#1082297: gnome-shell: Crashes gdm on startup

[Mourad De Clerck]

On 9/19/24 20:45, Jeremy Bícha wrote:

Could you try plugging in a keyboard and see if that avoids the issue?


Yes, makes no difference.


If you revert to using gjs 1.80.2-1 from Unstable/Testing, does that
avoid the issue?


Also makes no difference.

However, I managed to find a way to workaround and reproduce it:

I moved the dconf settings in /var/lib/gdm3 (the Debian-gdm user's home) 
aside, and restarted gdm. This made it work again.


Next, I enabled the OSK in the greeter's accessibility menu. On restart 
it crashed again. So it seems having the OSK enabled in gsettings/dconf 
when gdm starts makes it crash.


-- M

Bug#1082297: gnome-shell: Crashes gdm on startup

[Mourad De Clerck]

Package: gnome-shell
Version: 47.0-1
Severity: grave
Justification: renders package unusable

Upgrading Gnome-Shell to 47.0 makes GDM crash on boot. I've got almost the 
exact same set of packages (& versions) installed on two other machines that 
don't exhibit this issue.

Two things are specific for the crashing machine, not sure if it's relevant:

* It uses systemd-homed - but that shouldn't come into play I think because it 
crashes even before I can attempt to log in.
* It doesn't have a keyboard, so the OSK usually pops up in GDM.



Sep 19 19:42:32 belle systemd[1]: Starting gdm.service - GNOME Display 
Manager...
Sep 19 19:42:32 belle systemd[1]: Started gdm.service - GNOME Display Manager.
Sep 19 19:42:32 belle gdm-launch-environment][157876]: 
pam_systemd_home(gdm-launch-environment:account): New sd-bus connection 
(system-bus-pam-systemd-home-157876) opened.
Sep 19 19:42:32 belle gdm-launch-environment][157876]: 
pam_unix(gdm-launch-environment:session): session opened for user 
Debian-gdm(uid=280) by (uid=0)
Sep 19 19:42:32 belle gdm-launch-environment][157876]: 
pam_systemd(gdm-launch-environment:session): New sd-bus connection 
(system-bus-pam-systemd-157876) opened.
Sep 19 19:42:32 belle systemd-logind[1203]: New session c282 of user Debian-gdm.
Sep 19 19:42:32 belle systemd[1]: Started session-c282.scope - Session c282 of 
User Debian-gdm.
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/ldac
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/aptx_hd
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx_hd
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/aptx
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/opus_g
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/opus_g
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/sbc
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/sbc
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx_ll_1
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx_ll_0
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx_ll_duplex_1
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/aptx_ll_duplex_0
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/faststream
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/faststream_duplex
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/opus_05
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/opus_05
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSink/opus_05_duplex
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint unregistered: sender=:1.2026 
path=/MediaEndpoint/A2DPSource/opus_05_duplex
Sep 19 19:42:32 belle wireplumber[7814]: spa.bluez5.midi: 
org.bluez.GattManager1.RegisterApplication() failed: 
GDBus.Error:org.bluez.Error.AlreadyExists: Already Exists
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/ldac
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSink/aptx_hd
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/aptx_hd
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSink/aptx
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/aptx
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSink/opus_g
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/opus_g
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSink/sbc
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/sbc
Sep 19 19:42:32 belle bluetoothd[93401]: Endpoint registered: sender=:1.2030 
path=/MediaEndpoint/A2DPSource/aptx_ll_1
Sep 19 19:42:32 belle blue

Bug#1038882: Replacing isc-dhcp-client with dhcpcd-base (Was: ifupdown maintenance)

[Henrique de Moraes Holschuh]

On Sat, Sep 14, 2024, at 09:30, Daniel Gröber wrote:
>  3) dhcpcd-base enables IPv6 privacy addressess by default.

Please never do this *by silent default* when DHCPv6 is being used for stateful 
address assignment, privacy addresses are a big issue on non-home networks and 
even on home networks depending on firewall rules...

Although I suppose a relevant note on NEWS.Debian *and* the Release Notes might 
be enough if.we consider it is desirable for most installs.

> 3) Since ifupdown is mainly used in the server/embedded sorts of
> enviornments I'm not sure privacy addressing is the right default.
> (cf. /etc/dhcpcd.conf having `slaac private` thus enabling RFC 7217
> addressing). We can assume NM will be in use for most Desktop users so I
> believe it's safe in principle to retain the current MAC based SLAAC
> address behaviour we used to get from the kernel RA implementation.
> Thoughts?

Agreed, the less surprises here, the better.

-- 
  Henrique de Moraes Holschuh 

Bug#508558: Add sloc2html to sloccount package

[Elie De Brauwer]

Hi Andreas,

Please find attached a revised version of 'sloc2html.py'. Some issues were
addressed and it's in full Python 3 now.


Kind regards
E.

On Sat, Sep 7, 2024 at 2:20 PM Andreas Tille  wrote:

> Control: tags -1 moreinfo
> Thanks
>
> Hi,
>
> since package sloccount came up in the Bug of the Day[1] we tried to
> salvage this packege[2].  I followed your hint to add sloc2html in
> Git[3].  I've used 2to3 to convert the script to Python3. Unfortunately
> it does not work.  If you can fix the script I'd happily add it to the
> package but for the moment I do not see any advantage for our users.
>
> Kind regards
> Andreas.
>
> [1] https://salsa.debian.org/tille/tiny_qa_tools/-/wikis/Tiny-QA-tasks
> [2] https://bugs.debian.org/1078785
> [3]
> https://salsa.debian.org/salvage-team/sloccount/-/tree/master/debian/sloc2html?ref_type=heads
>
> --
> https://fam-tille.de
>
>

-- 
Elie De Brauwer
#!/usr/bin/env python
"""
Written by Rasmus Toftdahl Olesen 
Modified slightly by David A. Wheeler and Elie De Brauwer.
Brought into the year 2024 by Elie De Brauwer
Released under the GNU General Public License v. 2 or higher
"""

import sys

NAME = "sloc2html"
VERSION = "0.0.3"

if len(sys.argv) != 2:
print("Usage:")
print("\t" + sys.argv[0] + " ")
print("\nThe output of sloccount should be with --wide and --multiproject formatting")
sys.exit()

colors = { "python" : "blue",
   "ansic" : "yellow",
   "perl" : "purple",
   "cpp" : "green",
   "sh" : "red",
   "yacc" : "brown",
   "lex" : "silver",
   # Feel free to make more specific colors.
   "ruby" : "maroon",
   "cs" : "gray",
   "java" : "navy",
   "javascript" : "navy",
   "ada" : "olive",
   "lisp" : "fuchsia",
   "objc" : "purple",
   "fortran" : "purple",
   "cobol" : "purple",
   "pascal" : "purple",
   "asm" : "purple",
   "csh" : "purple",
   "tcl" : "purple",
   "exp" : "purple",
   "awk" : "purple",
   "sed" : "purple",
   "makefile" : "purple",
   "sql" : "purple",
   "php" : "purple",
   "modula3" : "purple",
   "ml" : "purple",
   "haskell" : "purple",
   "vhdl" : "purple",
   "xml" : "purple"
  }


print("")
print("")
print("Counted Source Lines of Code (SLOC)")
print("")
print("")
print("Counted Source Lines of Code")

with open(sys.argv[1], "r", encoding="utf-8") as file:

print("Projects")
line = ""
while line != "SLOC\tDirectory\tSLOC-by-Language (Sorted)\n":
line = file.readline()

print("")
print("LinesProjectLanguage distribution")
line = file.readline()
while line != "\n":
num, project, langs = line.split()
print("" + num + "" + project + "")
print("")
if langs != "(none)":
for lang in langs.split(","):
l, n = lang.split("=")
color = colors[l] if l in colors else "pink"
print("" + l + "=" + n + " (" + str(int(float(n) / float(num) * 100)) + "%)")
print("")
print("")
line = file.readline()
print("")

print("Languages")
while line != "Totals grouped by language (dominant language first):\n":
line = file.readline()

print("")
print("LanguageLines")
line = file.readline()
while line != "\n":
lang, lines, per = line.split()
lang = lang[:-1]
print("" + lang + "" + lines + " " + per + "")
line = file.readline()
print("")

print("Totals")
while line == "\n":
line = file.readline()

print("")
print("Total Physical Lines of Code (SLOC):" + line.split("=")[1].strip() + "")
line = file.readline()
print("Estimated development effort:" + line.split("=")[1].strip() + " person-years (person-months)")
line = file.readline()
line = file.readline()
print("Schedule estimate:" + line.split("=")[1].strip() + " years (months)")
line = file.readline()
line = file.readline()
print("Total estimated cost to develop:" + line.split("=")[1].strip() + "")
print("")

print("Please credit this data as \"generated using 'SLOCCount' by David A. Wheeler.\"\n")
print("")
print("")

Bug#1080278: python-autopage: diff for NMU version 0.4.0-3.1

[Guilherme de Paula Xavier Segundo]

On Mon, 9 Sep 2024 11:20:39 +0100 Colin Watson wrote:
> On Mon, Sep 09, 2024 at 11:15:58AM +0100, Colin Watson wrote:
> > I've prepared an NMU for python-autopage (versioned as 0.4.0-3.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I should delay
> > it longer.
>
> This is also
> 
https://salsa.debian.org/openstack-team/python/python-autopage/-/merge_requests/1

> for your convenience.
>
> --
> Colin Watson (he/him) [cjwat...@debian.org]
>
>


Thanks Colin,

Go ahead.

I've been away due to health issues but as soon as your NMU is accepted 
I plan to update the package.

Bug#1057384: openresolv: Please don't change resolv.conf when it's a symlink

[Fabio A. De Muzio Tobich]

Daniel,

Em 09/09/2024 10:28, Daniel Gröber escreveu:


My understanding is that in the "Debian" salsa group we're all maintainers,
that's the whole point of it :-)

Consequently I was going to do this as a "Debian" Team
upload. cf. 
https://wiki.debian.org/Salsa/Doc#Collaborative_Maintenance:_.22Debian.22_group

In case this is not what you want you should probably move the repo out of
debian/.



IMO your understanding is not correct, Salsa is a tool and the documentation you linked talking about collaborative maintenance is valid for use in Salsa itself, and in it, yes, we are all maintainers of all projects published in the Debian group, and you can make commits directly without needing to agree anything with anyone first, however it is a 
good practice to, at least, give a warning beforehand to the official maintainer of the package (I, personally, prefer the technique of forking and sending a merge request, so the maintainer will be more comfortable evaluating the proposed changes and taking the most appropriate action).


And the fact that we are all seen as maintainers of packages published in the 
Debian group within Salsa, when it comes to packaging the maintainer continues 
to be whoever is declared as such in the Maintainer field, in debian/control, 
as defined in the Debian Policy [1] .

The Developers Reference [2] further defines best practices for collaborative 
maintenance.

Simply uploading the package, of which you are not the maintainer, and pushing 
it to Salsa just assuming that this is ok because the package is published in 
the Debian group on Salsa is, in my opinion, not the correct and recommended 
procedure .

You, being a DD, can upload a package that you are not the maintainer of if 
necessary, that is what NMU exists for [3].

As I said before, your contribution is very welcome, and you can make a merge 
request, or you can push it directly to Salsa and I'll upload it without any 
problems, or I even suggested making an NMU with delay 0.

I don't understand your resistance to adopting any of the options I suggested, 
but going around uploading any package (not NMUing) that has a Maintainer is 
not ok and, being a DD, I expected you to know that.

Best regards.

[1] https://www.debian.org/doc/debian-policy/ch-binary.html#s-maintainer
[2] 
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#collaborative-maintenance
[3] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu


--
⢀⣴⠾⠻⢶⣦
⣾⠁⢠⠒⠀⣿⡁   Fabio Augusto De Muzio Tobich
⢿⡄⠘⠷⠚⠋⠀   9730 4066 E5AE FAC2 2683  D03D 4FB3 B4D3 7EF6 3B2E
⠈⠳⣄


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1057384: openresolv: Please don't change resolv.conf when it's a symlink

[Fabio A. De Muzio Tobich]

Em 09/09/2024 10:00, Daniel Gröber escreveu:


I don't see a reason not to just upload to unstable and push to
debian/openresolv.

Do you have a reason?



Making the fork was just a suggestion, you can do the direct push if you wish, 
without any problems.

As for uploading, you are not the maintainer of the package, so if you want to 
upload it yourself I ask you to do it as an NMU, you can do it with delay 0, no 
problem.

--
⢀⣴⠾⠻⢶⣦
⣾⠁⢠⠒⠀⣿⡁   Fabio Augusto De Muzio Tobich
⢿⡄⠘⠷⠚⠋⠀   9730 4066 E5AE FAC2 2683  D03D 4FB3 B4D3 7EF6 3B2E
⠈⠳⣄


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1057384: openresolv: Please don't change resolv.conf when it's a symlink

[Fabio A. De Muzio Tobich]

Hi Daniel,

Sorry for the long delay in responding.

Yes, openresolv is in salsa and open to collaborative maintenance. If you 
decide to contribute, I suggest you fork it in your own userspace, make your 
changes, and then submit a merge request.

Your contributions will be most welcome.

Cheers.

Em 12/08/2024 20:03, Daniel Gröber escreveu:

Hi Fabio,

a ping on this.

Heads up: I notice openresolv is in the [salsa debian group], so I may
decide to upload fixes for this bug and #1057387.

[salsa debian group]: 
https://wiki.debian.org/Salsa/Doc#Collaborative_Maintenance:_.22Debian.22_group

--Daniel

On Mon, Dec 04, 2023 at 12:30:03PM +0100, Daniel Gröber wrote:

On Mon, Dec 04, 2023 at 11:41:57AM +0100, Daniel Gröber wrote:

This is similar to how networkmanager and systemd-resolvd handle
ownership conflicts and following this protocol will ensure only one
(or none in my case :) managment system will try to change
resolv.conf.


Additional datapoint the old resolvconf package also follows this
protocol. It prints a warning and doesn't touch resolv.conf:

 # resolvconf -u
 /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic 
link to /run/resolvconf/resolv.conf

It does however have logic in it's postinst to overwrite /etc/resolv.conf
with it's symlink on installation.

--Daniel


--
⢀⣴⠾⠻⢶⣦
⣾⠁⢠⠒⠀⣿⡁   Fabio Augusto De Muzio Tobich
⢿⡄⠘⠷⠚⠋⠀   9730 4066 E5AE FAC2 2683  D03D 4FB3 B4D3 7EF6 3B2E
⠈⠳⣄


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1080303: wlr-randr: New upstream release (0.4.1)

[Diederik de Haas]

On Mon Sep 2, 2024 at 1:55 PM CEST, Guido Günther wrote:
> On Sun, Sep 01, 2024 at 08:15:36PM +0200, Diederik de Haas via 
> Debian-on-mobile-maintainers wrote:
> > Package: wlr-randr
> > 
> > Upstreamed release version 0.4.1 some time ago ...
> > 
> > I made an attempt at packaging that and you can find it here:
> > https://salsa.debian.org/diederik/wlr-randr/-/tree/debian/experimental
> > ...
> > But hopefully my branch still contains something useful.
> > Feel free to grab what is useful and ignore what isn't :-)
>
> I could cherry pick some things, thanks! I opted to wait for the manpage
> to tickle in with the next upstream version.

Great and thanks for uploading the new version; much appreciated :-)

Cheers,
  Diederik


signature.asc
Description: PGP signature

Bug#1080303: wlr-randr: New upstream release (0.4.1)

[Diederik de Haas]

Package: wlr-randr
Version: 0.3.0-1
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi!

Upstreamed release version 0.4.1 some time ago and it would be great to
have that in Debian.

I made an attempt at packaging that and you can find it here:
https://salsa.debian.org/diederik/wlr-randr/-/tree/debian/experimental

I didn't turn it into a MR for the following reasons:

1. I'd need to make 3 MRs for 3 different branches (AFAIK)
2. I thought the `upstream/0.4.1` tag would be signed with my key, but
   maybe you'd want that to be from a maintainer. But it appears that
   tag hasn't been signed at all.
3. I first copied the `gbp.conf` from the `eg25-manager` project, but
   adapted it to this projects branch names. I don't know if you'd want
   to change the branch names and thereby make the `gbp.conf` files
   identical to each other.

But hopefully my branch still contains something useful.
Feel free to grab what is useful and ignore what isn't :-)

Cheers,
  Diederik

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wlr-randr depends on:
ii  libc6   2.40-2
ii  libwayland-client0  1.23.0-1

wlr-randr recommends no packages.

wlr-randr suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZtSvQQAKCRDXblvOeH7b
blfoAP4gQzlJqR7Jw/uxyacanUMKUeNzzzi9MKtaRUc4uag5pAEA9tnLxnPUQw0b
/XfzJgv7IJCofjw813atTkFllugYJw8=
=Ouss
-END PGP SIGNATURE-

Bug#1080072: fixed in wvkbd 0.15-1)

[Diederik de Haas]

On Sun Sep 1, 2024 at 14:39 CEST, Debian Bug Tracking System wrote:
> Source: wvkbd
> Architecture: source
> Version: 0.15-1
> Changed-By: Jochen Sprickerhof 
> Closes: 1080072
> Changes:
>  wvkbd (0.15-1) unstable; urgency=3Dmedium
>  .
>* New upstream release (Closes: #1080072)
>* Rediff patches
>* Bump policy version (no changes)

Awesome, thanks! Also for renaming the branch :-)


signature.asc
Description: PGP signature

Bug#1080072: wvkbd: New upstream release (0.15)

[Diederik de Haas]

Package: wvkbd
Version: 0.14.3-1
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Upstream has a new upstream version available, 0.15, and I'd like it a
lot of that could be packaged for Debian.

Could you possibly also rename your 'master' branch to 'upstream/latest'
so that it's compatible with DEP-14? AFAICT it contains the upstream
source, not the Debian packaging source which is in the already DEP-14
compatible 'debian/sid' branch.

Cheers,
  Diederik

Link: https://dep-team.pages.debian.net/deps/dep14/

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wvkbd depends on:
ii  libc62.40-2
ii  libcairo21.18.0-3+b1
ii  libpango-1.0-0   1.54.0+ds-2
ii  libpangocairo-1.0-0  1.54.0+ds-2
ii  libwayland-client0   1.23.0-1

wvkbd recommends no packages.

wvkbd suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZtGPSQAKCRDXblvOeH7b
bgnVAP4oBG4+yCRFRqdllAC5ql0+TE5Nc1gkohr6kjgKadZ4QgD/YBpeozqJTWwI
vpbuu32S3XbVj6XLSf5kDzEOMUSzdw0=
=mMbi
-END PGP SIGNATURE-

Bug#1080008: wlroots: Please review the B-Ds for wlroots 0.18

[Diederik de Haas]

Source: wlroots
Version: 0.18.0-2
Severity: wishlist

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Triggered by a comment from 'emersion' [1] (upstream maintainer for both
sway and wlroots) I started looking at wlroots 0.18 B-Ds.
Directly related to that, AFAICT wlroots needs a B-D on `liblcms2-dev`
to have color management support (in sway, but possibly all wlroot based
compositors).

I started to work on a patch, but by now I'm (too) confused, so I
figured I'd make it into a wishlist bug instead.

Some of the things I found:
1. Some B-Ds have different version requirements from the wlroots source
package compared to the Depends of the `libwlroots-0.18-dev` package.
This seems illogical to me, but could be intentional and I just didn't
find the reason behind it (possibly PEBKAC).
2. I (initially) thought that it would also need a B-D on `libudev`,
but while writing this bug I found that it's listed as a (B-)D for
*sway*, when wlroots has the libinput_backend feature, which is or
should be the case for the Debian package.
3. While looking through the upstream commits and various `meson.build`
files, I noticed that a lot of features have been made optional. Which
in turn IIUC means that some features that were available in f.e.
wlroots 0.17 are no longer available because a/some dependencies are not
available. Or in my opinion worse: they could be accidentally available.
4. Related to 3. I think that more features need to be explicitly
enabled. In `debian/rules` I saw that the 'drm', 'libinput' and 'x11'
backends are enabled, but maybe that should be extended?
It seems that it is unlikely that the wlroots build fails, but it could
be that it succeeds while it actually does NOT have certain features
that you actually want(ed) to have? Having a build failure in this case
seems preferable *to me*.

But while working on this I came to the conclusion that I need to learn
more about the meson build system to *fully* understand it.
And having an 'x11' backend while there's also an xwayland feature is
confusing too, so I concluded I'd better leave it up to the maintainers
of the Debian packages.

I will include my WIP patch in case it helps, but won't add the 'patch'
tag to this bug.

Cheers,
  Diederik

[1] https://github.com/swaywm/sway/pull/7681#issuecomment-2308926702

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZtBmnQAKCRDXblvOeH7b
bgZQAQCK7mP0m7ZtGrn7uaEFyMtQtElqLLVLqIxXdPRSVco89QEAk5LbdVV3qZVT
lplNL5vm+T3/iRg396h5dW5/83CmmwA=
=6SZw
-END PGP SIGNATURE-
>From 79b06c8ac9c8c0f983528e802cbe10ede153ade7 Mon Sep 17 00:00:00 2001
From: Diederik de Haas 
Date: Wed, 28 Aug 2024 16:36:31 +0200
Subject: [PATCH] d/control: Update Build Dependencies

>From ``meson.build``:

8bbe8624dfdb ("build: bump pixman version")
Upped the minimal required version of libpixman to version 0.42.0.
Note that this commit was already part of wlroots 0.17.

>From ``backend/drm/meson.build``:

22d9df2af483 ("backend/drm: send output layer feedback events")
Upped the minimal required version of libliftoff to 0.4.0, not 0.4.1.
The right version was set in libwlroots-0.18-dev binary package.

6e6c4408d36d ("backend/drm: add support for libliftoff v0.5.0")
OTOH prepared for version 0.5.0, but doesn't require it (yet).

0a79bc28c7eb ("build: require libinput v1.19")
Upped the minimal required version of libinput to 1.19.
Note that that version is available in Stable, but not older versions.
56c842fcde8a ("d/control: Drop version superfluous information")
Dropped the version requirement (of 1.9.0) because "We have recent
enough versions even in stable.", but even o-o-s has 1.12, so I do
consider this different enough to bring back the version requirement.

>From ``render/meson.build``:

895e3d18b903 ("render/color: introduce wlr_color_transform")
Added color management support to wlroots, but only if liblcms2-dev is
available. This can be used by sway if wlroots has this functionality.

Fixes: 89f88ab37a7f ("d/control: Update build-deps for new upstream version")
Link: 
https://gitlab.freedesktop.org/wlroots/wlroots/-/commit/8bbe8624dfdb4fbf120aee3dd6f0f8d3bf7e
Link: 
https://gitlab.freedesktop.org/wlroots/wlroots/-/commit/22d9df2af483bb862c24bcb973e8ab3475759ebe
Link: 
https://gitlab.freedesktop.org/wlroots/wlroots/-/commit/6e6c4408d36ddad705458ca4b2e301192f7963fd

Bug#1061616: pixman: FTBFS on armhf: Error: garbage following instruction -- `bne 01f'

[Diederik de Haas]

Control: tag -1 -patch -upstream -fixed-upstream
Control: notforwarded -1

On 26 Aug 2024 17:22:19 +0200 Diederik de Haas  wrote:
> Control: tag -1 upstream fixed-upstream patch
> Control: forwarded -1 https://gitlab.freedesktop.org/pixman/pixman/-/issues/96

Oeps, my CC-ing this bug also modified the metadata ... incorrectly.
Should now be fixed again.

signature.asc
Description: This is a digitally signed message part.

Bug#1061616: pixman: FTBFS on armhf: Error: garbage following instruction -- `bne 01f'

[Diederik de Haas]

Control: tag -1 upstream fixed-upstream patch
Control: forwarded -1 https://gitlab.freedesktop.org/pixman/pixman/-/issues/96

On 12 Jul 2024 13:38:30 +0900 Mike Hommey  wrote:
> Source: pixman
> Version: 0.42.2-1
> Severity: serious
> 
> The package fails to build on armhf on current sid/testing with:
> 
> ../../pixman/pixman-arm-simd-asm.h:821: Error: garbage following instruction 
> -- `bne 01f'
> ../../pixman/pixman-arm-simd-asm.h:869:  Info: macro invoked from here
>  ...
> See https://gitlab.freedesktop.org/pixman/pixman/-/issues/96 and bug
> 1073870.

https://gitlab.freedesktop.org/pixman/pixman/-/commit/865e6ce00bb79a6b925ed4c2c436e1533e4472aa
is the commit where upstream fixed this bug and for your convenience attached.

BUT this patch won't apply on top of 0.42.2, but it would apply on top
version 0.43.4 which bug 1061616 requests for.
So it would be great if both bugs can be fixed in 1 go.

Cheers,
  Diederik>From 865e6ce00bb79a6b925ed4c2c436e1533e4472aa Mon Sep 17 00:00:00 2001
From: Mike Hommey 
Date: Fri, 12 Jul 2024 11:11:17 -0400
Subject: [PATCH] pixman: Adjust arm assembly for binutils change

A change in the latest version of binutils broke building pixman for arm.

The binutils change:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c607d6428d6c81e1e7e7a994b

Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/96
---
 pixman/pixman-arm-simd-asm.S | 44 ++--
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/pixman/pixman-arm-simd-asm.S b/pixman/pixman-arm-simd-asm.S
index 34d38f1f..3dfe723a 100644
--- a/pixman/pixman-arm-simd-asm.S
+++ b/pixman/pixman-arm-simd-asm.S
@@ -820,13 +820,13 @@ generate_composite_function \
 .macro over_white___ca_1pixel_tail
 mvn TMP0, WK1
 teq WK1, WK1, asr #32
-bne 01f
-bcc 03f
+bne 1f
+bcc 3f
 mov WK3, WK1
-b   02f
-01: over_white___ca_combine WK1, WK3
-02: pixst   , 4, 3, DST
-03:
+b   2f
+1:  over_white___ca_combine WK1, WK3
+2:  pixst   , 4, 3, DST
+3:
 .endm
 
 .macro over_white___ca_2pixels_head
@@ -837,21 +837,21 @@ generate_composite_function \
 pixld   , 8, 3, DST
 mvn TMP0, WK1
 teq WK1, WK1, asr #32
-bne 01f
+bne 1f
 movcs   WK3, WK1
-bcs 02f
+bcs 2f
 teq WK2, #0
-beq 05f
-b   02f
-01: over_white___ca_combine WK1, WK3
-02: mvn TMP0, WK2
+beq 5f
+b   2f
+1:  over_white___ca_combine WK1, WK3
+2:  mvn TMP0, WK2
 teq WK2, WK2, asr #32
-bne 03f
+bne 3f
 movcs   WK4, WK2
-b   04f
-03: over_white___ca_combine WK2, WK4
-04: pixst   , 8, 3, DST
-05:
+b   4f
+3:  over_white___ca_combine WK2, WK4
+4:  pixst   , 8, 3, DST
+5:
 .endm
 
 .macro over_white___ca_process_head  cond, numbytes, firstreg, unaligned_src, unaligned_mask, preload
@@ -1067,9 +1067,9 @@ generate_composite_function \
   .if \offset != 0
 ldrbORIG_W, [SRC, #\offset]
   .endif
-beq 01f
+beq 1f
 teq STRIDE_M, #0xFF
-beq 02f
+beq 2f
  .endif
 uxtb16  SCRATCH, \d /* rb_dest */
 uxtb16  \d, \d, ror #8   /* ag_dest */
@@ -1079,13 +1079,13 @@ generate_composite_function \
 uxtab16 \d, \d, \d, ror #8
 mov SCRATCH, SCRATCH, ror #8
 sel \d, SCRATCH, \d
-b   02f
+b   2f
  .if \offset == 0
 48: /* Last mov d,#0 of the set - used as part of shortcut for
  * source values all 0 */
  .endif
-01: mov \d, #0
-02:
+1:  mov \d, #0
+2:
 .endm
 
 .macro in_reverse___tail  numbytes, reg1, reg2, reg3, reg4
-- 
GitLab



signature.asc
Description: This is a digitally signed message part.

Bug#1067709: FTBFS in armel/armhf: some symbols disappeared

[Diederik de Haas]

On Tue, 26 Mar 2024 01:06:34 +0200 Peter Pentchev  wrote:
> Control: tag -1 + confirmed
> 
> On Tue, Mar 26, 2024 at 01:29:08AM +0500, Andrey Rakhmatullin wrote:
> > Source: dante
> > Version: 1.4.3+dfsg-1
> > Severity: serious
> > Tags: ftbfs
> > 
> > https://buildd.debian.org/status/fetch.php?pkg=dante&arch=armhf&ver=1.4.3+dfsg-1&stamp=1710761774&raw=0
> 
> Thanks for reporting this. I noticed it as soon as I uploaded this
> version of dante, and I started looking into it; it is, at least partly,
> fallout from the new "implicit function declarations are errors" GCC
> option setting. FTR, I believe this is a good idea, no complaints here.
> However, it turns out to be a bit more complicated than sprinkling
> a couple of #include directives here and there; I will hopefully be
> able to upload a fixed version within the next couple of days.

Friendly ping?
https://release.debian.org/transitions/html/glibc-2.40.html seems to
indicate it's a problem for glibc 2.40 which has just been uploaded to
Unstable. 

Cheers,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#1079567: systemd: Should not raise errors when not (all) BPF features are available

[Diederik de Haas]

Package: systemd
Version: 256.5-1
Severity: normal
X-Debbugs-Cc: debian-ker...@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I build a custom (arm64) kernel based on Debian's config and in that I
disabled debug info, which in turn disabled ``CONFIG_DEBUG_INFO_BTF``.

Build was successful and I tried it out on my Rock64 and what I always
do when testing kernels is check dmesg for errors/warnings etc:

```sh
root@rock64-test:~# dmesg --level 0,1,2
root@rock64-test:~# dmesg --level 0,1,2,3
[9.807992] rockchip-pm-domain ff10.syscon:power-controller: failed to 
get ack on domain 'hevc', val=0x88220
[   16.014046] systemd[1]: bpf-restrict-fs: Failed to load BPF object: No such 
process
```

Former is known (and in the works of being fixed), the latter is new.

Looking for that error message led me to upstream issue 32968 [1] which
led me to the upstream README with the following:

```
Required for RestrictFileSystems= in service units:
  CONFIG_BPF
  CONFIG_BPF_SYSCALL
  CONFIG_BPF_LSM
  CONFIG_DEBUG_INFO_BTF
  CONFIG_LSM="...,bpf" or kernel booted with lsm="...,bpf".
```

I (actually) do have most of those, but not CONFIG_DEBUG_INFO_BTF and
that appears to be why systemd throws an error.

Looking further I found another issue [2] which says that using
``lockdown=confidentiality`` will also be problematic.

I think/assume it's great that systemd would use kernel features like
BPF *if* they're available. But if not, it should not throw an ERROR.

An informational message is fine and possibly a warning* if it's really
important. But it should detect so at *runtime* and not assume what
happens to be enabled in the (Debian) kernel at a certain point in time.

I did grep my system for ``bpf-restrict-fs`` to see if I could disable 
that feature, but it only found ``libsystemd-core-256.so``.

Cheers,
  Diederik

*) Preferably not as I'm also trying to fix those as much as possible

[1] https://github.com/systemd/systemd/issues/32968
[2] https://github.com/anthraxx/linux-hardened/issues/93#issuecomment-1974260571


- -- Package-specific info:

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl12.3.2-2
ii  libapparmor1   3.1.7-1+b1
ii  libaudit1  1:4.0.1-1
ii  libblkid1  2.40.2-7
ii  libc6  2.39-7
ii  libcap21:2.66-5
ii  libmount1  2.40.2-7
ii  libpam0g   1.5.3-7
ii  libseccomp22.5.5-1+b1
ii  libselinux13.7-1+b1
ii  libssl3t64 3.3.1-7
ii  libsystemd-shared  256.5-1
ii  libsystemd0256.5-1
ii  mount  2.40.2-7

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]  1.14.10-4+b1
ii  libzstd11.5.6+dfsg-1
pn  linux-sysctl-defaults   
ii  ntpsec [time-daemon]1.2.3+dfsg1-3
pn  systemd-cryptsetup  

Versions of packages systemd suggests:
ii  libcryptsetup12 2:2.7.4-1
ii  libgcrypt20 1.11.0-6
ii  libidn2-0   2.3.7-2
ii  liblz4-11.9.4-3
ii  liblzma55.6.2-2
pn  libtss2-rc0t64  
ii  libtss2-tcti-device0t64 [libtss2-tcti-device0]  4.1.3-1
ii  polkitd 125-2
pn  systemd-boot
ii  systemd-container   256.5-1
pn  systemd-homed   
pn  systemd-repart  
pn  systemd-resolved
pn  systemd-userdbd 

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.10-4+b1
pn  dracut 
ii  initramfs-tools0.145
pn  libnss-systemd 
ii  libpam-systemd 256.5-1
ii  udev   256.5-1

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZsoI3QAKCRDXblvOeH7b
bpA2AQDrLI0m5V/IkTepJVF4NyIlRbnFEjdvRIqjAyWliyCBJAEAorba1BU9D3p4
u9nOA3NGJyY1qPzQbS2Guc1niBbImAg=
=m50o
-END PGP SIGNATURE-

Bug#1079543: bookworm-pu: package amd64-microcode/3.20240820.1~deb12u1

[Henrique de Moraes Holschuh]

Uploaded!  Thank you!

On Sat, Aug 24, 2024, at 10:01, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2024-08-24 at 09:51 -0300, Henrique de Moraes Holschuh wrote:
>> I would like to bring the *firmware* update level for AMD processors
>> in Bullseye and Bookworm to match what we have in Sid and Trixie. 
>> This is the bug report for Bookworm, a separate one will be filled
>> for Bullseye.
>> 
>> The update is a security update for AMD-SEV (AMD-SB-3003).  It does
>> not change the processor microcode.
>
> Please go ahead.
>
> Regards,
>
> Adam

-- 
  Henrique de Moraes Holschuh 

Bug#1079544: bullseye-pu: package amd64-microcode/3.20240820.1~deb11u1

[Henrique de Moraes Holschuh]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]

I would like to bring the *firmware* update level for AMD processors in
Bullseye and Bookworm to match what we have in Sid and Trixie.  This is
the bug report for Bullseye, a separate one will be filled for Bookworm.

The update is a security update for AMD-SEV (AMD-SB-3003).  It does not
change the processor microcode.

[ Impact ]

These updates fix security issues on AMD SEV.

[ Tests ]

The package was tested, but AMD-SEV was not specifically tested.  I
could not find any reports of AMD-SEV issues due to this firmware
update though.

This update only changed a few docs and the binary blob files, so it is
as safe as what is already accepted for bullseye and bookworm.

[ Risks ]

AMD-SEV changes cannot cause boot regressions, but it could cause SEV
functionality regressions.  I am not aware of any regressions related
to this SEV firmware update.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

* Documentation was updated with upstream information

* Binary microcode blobs were updated with new upstream binary blobs.

[ Extra Information ]

Diff was generated from the git tree, in order to avoid excessive noise
due to the changes to the binary blobs.

diffstat:
 README   |   20 
 amd/amd_sev_fam17h_model3xh.sbin |binary
 amd/amd_sev_fam19h_model0xh.sbin |binary
 amd/amd_sev_fam19h_model1xh.sbin |binary
 amd/amd_sev_fam19h_modelaxh.sbin |binary
 debian/changelog |   30 ++
 6 files changed, 50 insertions(+)

-- 
  Henrique Holschuh

diff --git a/README b/README
index 63c0879..67a4e0e 100644
--- a/README
+++ b/README
@@ -11,6 +11,26 @@ amdtee/ currently includes firmware for the amd_pmf driver.
 
 latest commits in this release:
 
+commit ace84e6edc27bcba8e44ba8588e93a4c74a4fba1
+Author: John Allen 
+Date:   Tue Aug 20 18:26:55 2024 +
+
+linux-firmware: Update AMD SEV firmware
+
+Update AMD SEV firmware to version 0.24 build 20 for AMD family 17h processors
+with models in the range 30h to 3fh.
+
+Update AMD SEV firmware to version 1.55 build 21 for AMD family 19h processors
+with models in the range 00h to 0fh.
+
+Update AMD SEV firmware to version 1.55 build 37 for AMD family 19h processors
+with models in the range 10h to 1fh.
+
+Add AMD SEV firmware version 1.55 build 37 for AMD family 19h processors with
+models in the range a0h to afh.
+
+Signed-off-by: John Allen 
+
 commit 091bd5adf19c7ab01214c64689952acb4833b21d
 Author: John Allen 
 Date:   Wed Jul 10 14:58:02 2024 +
diff --git a/amd/amd_sev_fam17h_model3xh.sbin b/amd/amd_sev_fam17h_model3xh.sbin
index ea49929..a1a59d4 100644
Binary files a/amd/amd_sev_fam17h_model3xh.sbin and b/amd/amd_sev_fam17h_model3xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model0xh.sbin b/amd/amd_sev_fam19h_model0xh.sbin
index 9cde6ad..0e21813 100644
Binary files a/amd/amd_sev_fam19h_model0xh.sbin and b/amd/amd_sev_fam19h_model0xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model1xh.sbin b/amd/amd_sev_fam19h_model1xh.sbin
index 529dcb5..5855e82 100644
Binary files a/amd/amd_sev_fam19h_model1xh.sbin and b/amd/amd_sev_fam19h_model1xh.sbin differ
diff --git a/amd/amd_sev_fam19h_modelaxh.sbin b/amd/amd_sev_fam19h_modelaxh.sbin
new file mode 100644
index 000..5855e82
Binary files /dev/null and b/amd/amd_sev_fam19h_modelaxh.sbin differ
diff --git a/debian/changelog b/debian/changelog
index 3b97a91..dc29a0e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+amd64-microcode (3.20240820.1~deb11u1) bullseye; urgency=medium
+
+  * Rebuild for bullseye
+  * Revert merged-usr changes from unstable
+  * Revert move to non-free-firmware
+
+ -- Henrique de Moraes Holschuh   Sat, 24 Aug 2024 09:28:39 -0300
+
+amd64-microcode (3.20240820.1) unstable; urgency=high
+
+  * Update package data from linux-firmware 20240820
+* New AMD-SEV firmware from AMD upstream (20240820)
+  + Updated SEV firmware:
+Family 17h models 30h-3fh: version 0.24 build 20
+Family 19h models 00h-0fh: version 1.55 build 21
+Family 19h models 10h-1fh: version 1.55 build 37
+  + New SEV firmware:
+Family 19h models a0h-afh: version 1.55 build 37
+  * SECURITY UPDATE (AMD-SB-3003):
+* Mitigates CVE-2023-20584: IOMMU improperly handles certain special
+  address ranges with invalid device table entries (DTEs), which may allow
+  an attacker with privileges and a compromised Hypervisor to induce DTE
+  faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of
+  guest integrity.
+* Mitigates CVE-2023-31356: Incomplete system memory cleanup in SEV
+  firmware could

Bug#1079543: bookworm-pu: package amd64-microcode/3.20240820.1~deb12u1

[Henrique de Moraes Holschuh]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]

I would like to bring the *firmware* update level for AMD processors in
Bullseye and Bookworm to match what we have in Sid and Trixie.  This is
the bug report for Bookworm, a separate one will be filled for Bullseye.

The update is a security update for AMD-SEV (AMD-SB-3003).  It does not
change the processor microcode.

[ Impact ]

These updates fix security issues on AMD SEV.

[ Tests ]

The package was tested, but AMD-SEV was not specifically tested.  I
could not find any reports of AMD-SEV issues due to this firmware
update though.

This update only changed a few docs and the binary blob files, so it is
as safe as what is already accepted for bullseye and bookworm.

[ Risks ]

AMD-SEV changes cannot cause boot regressions, but it could cause SEV
functionality regressions.  I am not aware of any regressions related
to this SEV firmware update.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

* Documentation was updated with upstream information

* Binary microcode blobs were updated with new upstream binary blobs.

[ Extra Information ]

Diff was generated from the git tree, in order to avoid excessive noise
due to the changes to the binary blobs.

diffstat:
 README   |   20 
 amd/amd_sev_fam17h_model3xh.sbin |binary
 amd/amd_sev_fam19h_model0xh.sbin |binary
 amd/amd_sev_fam19h_model1xh.sbin |binary
 amd/amd_sev_fam19h_modelaxh.sbin |binary
 debian/changelog |   28 
 6 files changed, 48 insertions(+)

-- 
  Henrique Holschuh

diff --git a/README b/README
index 63c0879..67a4e0e 100644
--- a/README
+++ b/README
@@ -11,6 +11,26 @@ amdtee/ currently includes firmware for the amd_pmf driver.
 
 latest commits in this release:
 
+commit ace84e6edc27bcba8e44ba8588e93a4c74a4fba1
+Author: John Allen 
+Date:   Tue Aug 20 18:26:55 2024 +
+
+linux-firmware: Update AMD SEV firmware
+
+Update AMD SEV firmware to version 0.24 build 20 for AMD family 17h processors
+with models in the range 30h to 3fh.
+
+Update AMD SEV firmware to version 1.55 build 21 for AMD family 19h processors
+with models in the range 00h to 0fh.
+
+Update AMD SEV firmware to version 1.55 build 37 for AMD family 19h processors
+with models in the range 10h to 1fh.
+
+Add AMD SEV firmware version 1.55 build 37 for AMD family 19h processors with
+models in the range a0h to afh.
+
+Signed-off-by: John Allen 
+
 commit 091bd5adf19c7ab01214c64689952acb4833b21d
 Author: John Allen 
 Date:   Wed Jul 10 14:58:02 2024 +
diff --git a/amd/amd_sev_fam17h_model3xh.sbin b/amd/amd_sev_fam17h_model3xh.sbin
index ea49929..a1a59d4 100644
Binary files a/amd/amd_sev_fam17h_model3xh.sbin and b/amd/amd_sev_fam17h_model3xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model0xh.sbin b/amd/amd_sev_fam19h_model0xh.sbin
index 9cde6ad..0e21813 100644
Binary files a/amd/amd_sev_fam19h_model0xh.sbin and b/amd/amd_sev_fam19h_model0xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model1xh.sbin b/amd/amd_sev_fam19h_model1xh.sbin
index 529dcb5..5855e82 100644
Binary files a/amd/amd_sev_fam19h_model1xh.sbin and b/amd/amd_sev_fam19h_model1xh.sbin differ
diff --git a/amd/amd_sev_fam19h_modelaxh.sbin b/amd/amd_sev_fam19h_modelaxh.sbin
new file mode 100644
index 000..5855e82
Binary files /dev/null and b/amd/amd_sev_fam19h_modelaxh.sbin differ
diff --git a/debian/changelog b/debian/changelog
index 72b76b1..26983aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+amd64-microcode (3.20240820.1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm (revert merged-usr changes from unstable)
+
+ -- Henrique de Moraes Holschuh   Sat, 24 Aug 2024 09:24:14 -0300
+
+amd64-microcode (3.20240820.1) unstable; urgency=high
+
+  * Update package data from linux-firmware 20240820
+* New AMD-SEV firmware from AMD upstream (20240820)
+  + Updated SEV firmware:
+Family 17h models 30h-3fh: version 0.24 build 20
+Family 19h models 00h-0fh: version 1.55 build 21
+Family 19h models 10h-1fh: version 1.55 build 37
+  + New SEV firmware:
+Family 19h models a0h-afh: version 1.55 build 37
+  * SECURITY UPDATE (AMD-SB-3003):
+* Mitigates CVE-2023-20584: IOMMU improperly handles certain special
+  address ranges with invalid device table entries (DTEs), which may allow
+  an attacker with privileges and a compromised Hypervisor to induce DTE
+  faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of
+  guest integrity.
+* Mitigates CVE-2023-31356: Incomplete system memory cleanup in SEV
+  firmware could allow a privileged attacker to corrupt guest

Bug#1050812: u-boot-rockchip: Please add support for Pine64 Quartz64 devices

[Diederik de Haas]

On 07 Jun 2024 15:44:14 +0200 Diederik de Haas  wrote:
> On Friday, 1 September 2023 12:02:30 CEST Diederik de Haas wrote:
> > > > AFAICT, TF-A for *rk356x* is really close to being mergeable?
> > > I'm not entirely sure about that. In any case, for the rk3588 in U-Boot
> 
> https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/21840 for 
> rk3588 
> now has a Merge Conflict (due to merging the rk3568 stuff?), but that has 
> seen 
> activity in the last month too, so hopefully that'll progress (soon) too.

Support for rk3588 has been merged upstream ... yesterday \o/

signature.asc
Description: This is a digitally signed message part.

Bug#1071959: arm-trusted-firmware: New upstream versions (lts-v2.10.4 and v2.11)

[Diederik de Haas]

On 26 May 2024 16:23:07 +0200 Diederik de Haas  wrote:
> Source: arm-trusted-firmware
> Version: 2.10.0+dfsg-1
> 
> Upstream recently released two new versions:
> - - lts-v2.10.4
> - - v2.11
> 
> If you want to stay on a LTS release, then updating to 2.10.4 gives
> quite a number of workarounds for errata.
> 
> If you want to switch to the latest upstream release, then you can drop
> my patch for rk3328 as that's included upstream.

That patch is actually (also) part of lts-v2.10.1

signature.asc
Description: This is a digitally signed message part.

Bug#1079175: python3-pkg-resources: pkg_resources cannot be imported: No module named 'packaging'

[Diederik de Haas]

On Tue Aug 20, 2024 at 11:45 PM CEST, Cyril Brulebois wrote:
> Emanuele Rocca  (2024-08-20):
> > Package: python3-pkg-resources
> > Version: 72.2.0-1
> > Severity: serious
> >
> > Importing pkg_resources fails with the following error:
> >
> >   (sid-amd64-sbuild)ema@ariel:~$ python3
> >   Python 3.12.5 (main, Aug  7 2024, 13:49:14) [GCC 14.2.0] on linux
> >   Type "help", "copyright", "credits" or "license" for more information.
> >   >>> import pkg_resources
> >   Traceback (most recent call last):
> > File "", line 1, in 
> > File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 
> > 95, in 
> >   import packaging.specifiers
> >   ModuleNotFoundError: No module named 'packaging'
> >
> > This is a regression in version 72.2.0-1, whereas 70.3.0-2 worked fine.
> >
> > For an example of d-i build failure caused by this problem, see:
> > https://salsa.debian.org/installer-team/debian-installer/-/jobs/6155545
> >
> > It seems that installing python3-packaging, python3-jaraco.text, and
> > python3-platformdirs fixes it.
>
> I couldn't replicate the FTBFS within a devel sid chroot that has tons of
> extra packages, including python3-packaging, and python3-platformdirs, but
> not python3-jaraco.text.

I'm not sure if this is related or will be helpful, but I just got an
error related to 'jaraco' in a CI pipeline in reprotest, while the build
itself succeeded:

```sh
$ su salsa-ci -c "timeout ${SALSA_CI_BUILD_TIMEOUT_ARGS} reprotest \
  --min-cpus $(nproc --all) \
  --store-dir ${WORKING_DIR}/reprotest \
  --verbosity=2  \
  --vary=-time \
  --vary=user_group.available+=salsa-ci,domain_host.use_sudo=1 \
  
${SALSA_CI_DPKG_BUILDPACKAGE_ARGS:+--append-build-command=${SALSA_CI_DPKG_BUILDPACKAGE_ARGS}}
 \
  ${SALSA_CI_REPROTEST_ARGS} \
  ${WORKING_DIR}/*.dsc -- null" |& OUTPUT_FILENAME=reprotest.log filter-output
Traceback (most recent call last):
  File "/usr/bin/reprotest", line 33, in 
sys.exit(load_entry_point('reprotest==0.7.27', 'console_scripts', 
'reprotest')())
 
^
  File "/usr/bin/reprotest", line 25, in importlib_load_entry_point
return next(matches).load()
   
  File "/usr/lib/python3.12/importlib/metadata/__init__.py", line 205, in load
module = import_module(match.group('module'))
 
  File "/usr/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
   
  File "", line 1387, in _gcd_import
  File "", line 1360, in _find_and_load
  File "", line 1331, in _find_and_load_unlocked
  File "", line 935, in _load_unlocked
  File "", line 995, in exec_module
  File "", line 488, in _call_with_frames_removed
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 20, in 

import pkg_resources
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 96, in 

from jaraco.text import (
ModuleNotFoundError: No module named 'jaraco'
```

src: https://salsa.debian.org/diederik/simplescreenrecorder/-/jobs/6158157

HTH,
  Diederik


signature.asc
Description: PGP signature

Bug#1006027: jsjac: FTBFS: java.io.FileNotFoundException: jsjac.uncompressed.js (No such file or directory)

[Thadeu Lima de Souza Cascardo]

Source: jsjac
Followup-For: Bug #1006027
Control: tags -1 ftbfs

I tested this with sbuild and the package builds just fine.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.9-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1006027: jsjac: FTBFS: java.io.FileNotFoundException: jsjac.uncompressed.js (No such file or directory)

[Thadeu Lima de Souza Cascardo]

Source: jsjac
Followup-For: Bug #1006027
Control: tags -1 ftbfs

It does work on my current sid installation. I will check on a brand new
chroot.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.9-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1079140: bookworm-pu: package intel-microcode/3.20240813.1~deb12u1

[Henrique de Moraes Holschuh]

On Tue, Aug 20, 2024, at 13:28, Adam D. Barratt wrote:
> Control: tags -1 + confirmed

> Please go ahead.

Uploaded, Thank you!

> I was going to ask if we were affected by the issue mentioned in
> https://www.openwall.com/lists/oss-security/2024/08/16/3 , but then I
> read the upstream issue and saw you had already commented there. :-)

Yeah, I was a bit late and that helped us this time :-)

-- 
  Henrique de Moraes Holschuh 

Bug#1079141: bullseye-pu: package intel-microcode/3.20240813.1~deb11u1

[Henrique de Moraes Holschuh]

On Tue, Aug 20, 2024, at 13:28, Adam D. Barratt wrote:
> Control: tags -1 + confirmed

> Please go ahead.

Uploaded, thank you!

-- 
  Henrique de Moraes Holschuh 

Bug#1079035: kmod: latest upgrade break system startup

[Diederik de Haas]

On Tue Aug 20, 2024 at 5:55 PM CEST, Antonio wrote:
> I tried to install the new version of kmod 33+20240816-2 but it seems to
> remove essential packages:
>
> $ sudo apt install kmod
> ...
>
> Upgrading:
>   kmod  libkmod-dev  libkmod2
>
> REMOVING:
>   cryptsetup-initramfs  initramfs-tools   yubikey-luks
>   dracut-install    initramfs-tools-core
>
> Summary:
>   Upgrading: 3, Installing: 0, Removing: 5, Not Upgrading: 0
>   Download size: 182 kB
>   Freed space: 168 MB
>
> Continue? [S/n] n
> Interrotto.

Then the new package version is working as intended and you should NOT
upgrade kmod until a new version of src:dracut has been uploaded,
which would 'fix' the Breaks relation.

So you gave the right response: 'n' (No)

IIUC: When a new version of src:dracut is uploaded, it will build
against the latest kmod version and then the 'undefined symbol' issue
will be resolved, which in turn means that the generation of a new
initramfs will do the right thing.

At least that's the theory ;-)

HTH


signature.asc
Description: PGP signature

Bug#1079141: bullseye-pu: package intel-microcode/3.20240813.1~deb11u1

[Henrique de Moraes Holschuh]

++
 30 files changed, 244 insertions(+), 15 deletions(-)

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index 83989c4..d5e45bc 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,60 @@
+2024-08-13:
+  * New upstream microcode datafile 20240813 (second release)
+- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
+  Incorrect behavior order in transition between executive monitor and SMI
+  transfer monitor (STM) in some Intel Processors may allow a privileged
+  user to potentially enable escalation of privilege via local access.
+- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
+  Mirrored regions with different values in 3rd Generation Intel Xeon
+  Scalable Processors may allow a privileged user to potentially enable
+  denial of service via local access.
+- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
+  Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
+  Xeon Processors may allow a privileged user to potentially enable
+  escalation of privilege via local access.
+- Mitigations for INTEL-SA-01038 (CVE-2023-42667)
+  Improper isolation in the Intel Core Ultra Processor stream cache
+  mechanism may allow an authenticated user to potentially enable
+  escalation of privilege via local access.
+- Mitigations for INTEL-SA-01046 (CVE-2023-49141)
+  Improper isolation in some Intel® Processors stream cache mechanism may
+  allow an authenticated user to potentially enable escalation of
+  privilege via local access.
+- Fix for unspecified functional issues on several processor models
+  * Updated microcodes:
+sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
+sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
+sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
+sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
+sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
+sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
+sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
+sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
+sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
+sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
+sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
+sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
+sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
+sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
+sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
+sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
+sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
+sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
+
+2024-05-31:
+  * New upstream microcode datafile 20240531
+- Fix unspecified functional issues on Pentium Silver N/J5xxx,
+  Celeron N/J4xxx
+  * Updated Microcodes:
+sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
+
 2024-05-14:
   * New upstream microcode datafile 20240514
 - Mitigations for INTEL-SA-01051 (CVE-2023-45733)
diff --git a/debian/changelog b/debian/changelog
index 10f37f4..e8240e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,75 @@
+intel-microcode (3.20240813.1~deb11u1) bullseye; urgency=medium
+
+  * Build for bullseye (no changes from 3.20240813.1)
+
+ -- Henrique de Moraes Holschuh   Mon, 19 Aug 2024 22:26:47 -0300
+
+intel-microcode (3.20240813.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20240813 (closes: #1078742)
+- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
+  Incorrect behavior order in transition between executive monitor and SMI
+  transfer monitor (STM) in some Intel Processors may allow a privileged
+  user to potentially enable escalation of privilege via local access.
+- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
+  Mirrored regions with different values in 3rd Generation Intel Xeon
+  Scalable Processors may allow a privileged user to potentially enable
+  denial of service via local access.
+- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
+  Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
+  Xeon Processors may allow a privileged user to potentially enable

Bug#1079140: bookworm-pu: package intel-microcode/3.20240813.1~deb12u1

[Henrique de Moraes Holschuh]

++
 30 files changed, 244 insertions(+), 15 deletions(-)

-- 
  Henrique Holschuh
diff --git a/changelog b/changelog
index 83989c4..d5e45bc 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,60 @@
+2024-08-13:
+  * New upstream microcode datafile 20240813 (second release)
+- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
+  Incorrect behavior order in transition between executive monitor and SMI
+  transfer monitor (STM) in some Intel Processors may allow a privileged
+  user to potentially enable escalation of privilege via local access.
+- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
+  Mirrored regions with different values in 3rd Generation Intel Xeon
+  Scalable Processors may allow a privileged user to potentially enable
+  denial of service via local access.
+- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
+  Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
+  Xeon Processors may allow a privileged user to potentially enable
+  escalation of privilege via local access.
+- Mitigations for INTEL-SA-01038 (CVE-2023-42667)
+  Improper isolation in the Intel Core Ultra Processor stream cache
+  mechanism may allow an authenticated user to potentially enable
+  escalation of privilege via local access.
+- Mitigations for INTEL-SA-01046 (CVE-2023-49141)
+  Improper isolation in some Intel® Processors stream cache mechanism may
+  allow an authenticated user to potentially enable escalation of
+  privilege via local access.
+- Fix for unspecified functional issues on several processor models
+  * Updated microcodes:
+sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
+sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
+sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
+sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
+sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
+sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
+sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
+sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
+sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
+sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
+sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
+sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
+sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
+sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
+sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
+sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
+sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
+sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
+sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
+sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
+
+2024-05-31:
+  * New upstream microcode datafile 20240531
+- Fix unspecified functional issues on Pentium Silver N/J5xxx,
+  Celeron N/J4xxx
+  * Updated Microcodes:
+sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
+
 2024-05-14:
   * New upstream microcode datafile 20240514
 - Mitigations for INTEL-SA-01051 (CVE-2023-45733)
diff --git a/debian/changelog b/debian/changelog
index 92b7e2b..5038f31 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,75 @@
+intel-microcode (3.20240813.1~deb12u1) bookworm; urgency=medium
+
+  * Build for bookworm (no changes from 3.20240813.1)
+
+ -- Henrique de Moraes Holschuh   Mon, 19 Aug 2024 21:59:40 -0300
+
+intel-microcode (3.20240813.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20240813 (closes: #1078742)
+- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
+  Incorrect behavior order in transition between executive monitor and SMI
+  transfer monitor (STM) in some Intel Processors may allow a privileged
+  user to potentially enable escalation of privilege via local access.
+- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
+  Mirrored regions with different values in 3rd Generation Intel Xeon
+  Scalable Processors may allow a privileged user to potentially enable
+  denial of service via local access.
+- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
+  Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
+  Xeon Processors may allow a privileged user to potentially enable

Bug#1079035: kmod: latest upgrade break system startup

[Diederik de Haas]

Control: notfound -1 30+20230519-1

On Mon Aug 19, 2024 at 12:59 PM CEST, Antonio wrote:
> because i did log report after system restore, so it took that version.
> The affected version is 33+20240816-1.

Thanks, updating/fixing the found versions then.

> Il 19/08/24 12:54, Diederik de Haas ha scritto:
> > Package: kmod
> > Version: 30+20230519-1
>
> Why did you report it against 30+20230519-1?
> Because AFAICT 30+20230519-1 and 32+20240611-1 are fine.



signature.asc
Description: PGP signature

Bug#1079035: kmod: latest upgrade break system startup

[Diederik de Haas]

On Mon, 19 Aug 2024 09:45:26 +0200 Antonio  wrote:
> Package: kmod
> Version: 30+20230519-1

Why did you report it against 30+20230519-1?
Because AFAICT 30+20230519-1 and 32+20240611-1 are fine.

signature.asc
Description: This is a digitally signed message part.

Bug#1079022: kmod: symbol lookup error: /usr/lib/dracut/dracut-install: undefined symbol: kmod_module_get_weakdeps, version LIBKMOD_5

[Diederik de Haas]

On Mon, 19 Aug 2024 11:41:59 +0200 Christoph Anton Mitterer 
 wrote:
> On Mon, 2024-08-19 at 05:12 +0200, Marco d'Itri wrote:
> > > With the new version, initramfs generation gives:
> > I know, the plan it to rebuild dracut-install.
> 
> Thanks. Then I guess from my side we could also already close the bug.
> Your choice :-)

Please don't. At least not yet so that people get warned about this bug before 
they try to reboot into an unbootable system.

signature.asc
Description: This is a digitally signed message part.

Bug#1079022: kmod: symbol lookup error: /usr/lib/dracut/dracut-install: undefined symbol: kmod_module_get_weakdeps, version LIBKMOD_5

[Diederik de Haas]

Control: affects -1 dracut initramfs-tools

On Mon, 19 Aug 2024 16:18:44 +1200 Ash Joubert  wrote:
> Control: severity -1 critical
> 
> This bug is critical because the dracut failure results in a nonbootable 
> initrd when followed by "apt-get install -f":
> 
> update-initramfs: Generating /boot/initrd.img-6.10.4-amd64
> /usr/lib/dracut/dracut-install: symbol lookup error: 
> /usr/lib/dracut/dracut-install: undefined symbol: 
> kmod_module_get_weakdeps, version LIBKMOD_5
> /usr/lib/dracut/dracut-install: symbol lookup error: 
> /usr/lib/dracut/dracut-install: undefined symbol: 
> kmod_module_get_weakdeps, version LIBKMOD_5
> /usr/lib/dracut/dracut-install: symbol lookup error: 
> /usr/lib/dracut/dracut-install: undefined symbol: 
> kmod_module_get_weakdeps, version LIBKMOD_5

I got the above error too, but I did my normal upgrade routine with just
``aptitude safe-upgrade``

Looks like I had a partial KDE (Frameworks) upgrade yesterday, so things look 
a bit 'funny', so the initial plan was to reboot immediately after today's 
upgrade ... when I saw the above error.

It was only after I saw https://bugs.debian.org/1079031 that I realized how 
serious it was:

```sh
root@bagend:~# ls -lh /boot/initrd.img-*
-rw-r--r-- 1 root root  33M Apr  4  2022 /boot/initrd.img-5.10.0-13-amd64
-rw-r--r-- 1 root root  37M Aug 13 01:45 /boot/initrd.img-6.10.3-amd64
-rw-r--r-- 1 root root 9.5M Aug 19 11:10 /boot/initrd.img-6.10.4-amd64
-rw-r--r-- 1 root root  35M Jun 14  2023 /boot/initrd.img-6.1.0-9-amd64
-rw-r--r-- 1 root root  37M Jul 26 00:52 /boot/initrd.img-6.9.10-amd64
```

So my original plan, reboot immediately, would've failed.

But the last dracut upgrade was from 2024-07-25, so that couldn't be it.
And that's when I noticed the kmod upgrade and found this bug.

```
aptitude install kmod/testing libkmod2/testing
```

Downgraded kmod and then my ``initrd.img-6.10.4-amd64`` was 37M again, so I'm 
pretty sure a reboot is NOW safe again.

signature.asc
Description: This is a digitally signed message part.

Bug#1078781: bookworm-pu: package amd64-microcode/3.20240710.2~deb12u1

[Henrique de Moraes Holschuh]

Uploaded!

Thank you!

On Sat, Aug 17, 2024, at 13:46, Adam D. Barratt wrote:
> Control: tags -1 + confirmed

Bug#1078782: bullseye-pu: package amd64-microcode/3.20240710.2~deb11u1

[Henrique de Moraes Holschuh]

Uploaded.

Thank you!

On Sat, Aug 17, 2024, at 13:47, Adam D. Barratt wrote:
> Control: tags -1 + confirmed

-- 
  Henrique de Moraes Holschuh 

Bug#1076703: amd64-microcode: Please clarify how to check if I'm running the latest microcode

[Diederik de Haas]

On Mon Aug 12, 2024 at 1:43 AM CEST, Henrique de Moraes Holschuh wrote:
> > I got the *impression* that some heuristic was used to determine whether the
> > microcode update should be applied.
>
> No. It has a simple heuristic to not increase the initramfs size by adding AMD
> microcode updates unless either it is running on an AMD processor when the
> amd64-microcode package is installed, OR you configure amd64-microcode to
> always add the updates to the initramfs.   It is an "all or nothing" thing,
> and currently it has absolutely no "processor-model-aware" logic.

Good to know, thanks :)
And now I could also find that ``debian/initramfs.hook`` has it.

The main thing that had me worried was from ``amd64-microcode-blacklist.conf``:

> # The microcode module attempts to apply a microcode update when
> # it autoloads.  This is not always safe, so we block it by default.

I had written a couple of paragraphs before I realized the check is for kernels
*older* then 4.4. Since then the module is built-in (and not selectable), so
that file no longer 'actually' does something.

> *Uploading* the microcode update to the processor is handled by the kernel
> ... [ interesting description on how it works ] ...

It turns out that the problem is not with the CPU, but Asus BIOS/firmware:

> It appears that the BIOS has blocked access to the MMIO range for the
> CCP so that during initialization, when attempting to read the number of
> queues available, 0x is read instead of the actual number of
> queues available, which as Jason noted, results in the "broken BIOS"
> message.

https://lore.kernel.org/linux-crypto/c28836c4-e823-dc36-e753-1a5ee3831...@amd.com/

But it seems Asus isn't interested in fixing it because they consider AM4 an
outdated platform and I should just accept that some things won't work...
Which I ofc will never accept, so that'll be a RMA :-/

> > I'd like to know whether I'm actually running the latest microcode, but I
> > haven't figured out a way how?
>
> /proc/cpuinfo should report the running microcode version on a recent enough
> kernel.  It will also log the microcode revision when it does a microcode
> update.

FWIW: That same version is also reported in ``dmesg``.

> There is no facility to check whether what is in your system's
> /lib/firmware/amd-ucode is the latest available microcode update that has been
> issued by AMD to the linux-firmware project,

That sucks as this was the thing I was looking for. But as written above, it
seems irrelevant to the original problem I tried so solve.

> I hope this information solves any lingering doubts about how it works?

It does and was an interesting read, so thanks for that.

AFAIC you can close this bug. I'll leave it up to you whether it's useful/worth
it to maybe update some comments (like not applicable with kernels > 4.4).

Cheers,
  Diederik


signature.asc
Description: PGP signature

Bug#1060200: intel-microcode: install files into /usr (DEP17)

[Henrique de Moraes Holschuh]

> I reopened this bug report (which has become RC in the mean time [1]), 
> as the latest upload 3.20240813.1 did not incorporate the changes from 
> the NMU done by Chris in 3.20240531.1+nmu1.

Ugh, yeah, I screwed up and forgot to merge the NMU.  I had just noticed it 
from tracker.debian.org alerts that the upload had reintroduced bugs in Trixie, 
when I got your email on this bug report.

I have uploaded 3.20240813.2 a few minutes ago merging in the NMU changes and 
hopefully fixing the oversight and closing this bug once again. Sorry about 
that!

-- 
  Henrique de Moraes Holschuh 

Bug#1078871: some backlog from #1076952 (installer: reserve first 16 MiB space in default recipes for ARM devices?)

[Diederik de Haas]

Copying my latest response on this subject into this bug (too) ...

On Sat Aug 17, 2024 at 1:00 PM CEST, Holger Wansing wrote:
> A summary from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug76952#65
> and follow-ups:
> 
>
> Pascal Hambourg  wrote:
> > On 16/08/2024 at 00:27, Diederik de Haas wrote:
> > > On Thu Aug 15, 2024 at 10:24 PM CEST, Pascal Hambourg wrote:
> > >> Then I guess a 16 MiB unused partition could be added to relevant
> > >> recipes. Now, which are the relevant recipes ? In other words, which
> > >> arch/subarch need it ?
> > >
> > >> recipes-armhf-efi (= recipes-amd64-efi)
> > >> recipes-armhf
> > >> recipes-arm64-efi (= recipes-amd64-efi)
> > >> recipes-arm64 (= recipes-armhf)
> > >
> > > Rockchip makes both 32bit as 64bit ARM SoCs, so `recipes-armhf` is
> > > relevant.
> >
> > If only Rockchip SoCs need the reserved partition and are detected as a
> > specific subarchitecture by archdetect, new specific recipes for this
> > subarchitecture could be added.

I used Rockchip as an example as I'm familiar with that AND *afaik* they
expect the U-Boot stuff to start at the furthest offset.

But when U-Boot is used, every platform uses *some* offset and then needs
some space/bytes for the U-Boot binary/bits.
If that goes above the 2MB mark, then the current recipes overwrite part
of whole of the U-Boot binary ... making the system unbootable.

So you could special case Rockchip and only use the 16MB offset for the
Operating System partitions and data for Rockchip SoCs.
Or you could keep the first 16MB free for all ARM SoCs and then it
should work for all ARM SoCs as long as they stay below the 16MB 'mark'.
Which AFAIK are all of them.

> > I don't know if it's common, but AFAIK you can use U-Boot with EFI, but
> > it sounds 'weird' to add it to a recipe with AMD64 in its name...
>
> Indeed. If some ARM EFI platforms need the reserved partition, then one
> of the recipes-arm*-efi symlinks could be replaced with a directory
> containing new specific recipes and the other could be changed to point
> to it.

And the above principle also applies when EFI is being used with U-Boot
as it's specific to U-Boot.


signature.asc
Description: PGP signature

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Fri Aug 16, 2024 at 8:39 AM CEST, Pascal Hambourg wrote:
> On 16/08/2024 at 00:27, Diederik de Haas wrote:
> > On Thu Aug 15, 2024 at 10:24 PM CEST, Pascal Hambourg wrote:
> >> Then I guess a 16 MiB unused partition could be added to relevant
> >> recipes. Now, which are the relevant recipes ? In other words, which
> >> arch/subarch need it ?
> >
> >> recipes-armhf-efi (= recipes-amd64-efi)
> >> recipes-armhf
> >> recipes-arm64-efi (= recipes-amd64-efi)
> >> recipes-arm64 (= recipes-armhf)
> >
> > Rockchip makes both 32bit as 64bit ARM SoCs, so `recipes-armhf` is
> > relevant.
>
> If only Rockchip SoCs need the reserved partition and are detected as a
> specific subarchitecture by archdetect, new specific recipes for this
> subarchitecture could be added.

I used Rockchip as an example as I'm familiar with that AND *afaik* they
expect the U-Boot stuff to start at the furthest offset.

But when U-Boot is used, every platform uses *some* offset and then needs
some space/bytes for the U-Boot binary/bits.
If that goes above the 2MB mark, then the current recipes overwrite part
of whole of the U-Boot binary ... making the system unbootable.

So you could special case Rockchip and only use the 16MB offset for the
Operating System partitions and data for Rockchip SoCs.
Or you could keep the first 16MB free for all ARM SoCs and then it
should work for all ARM SoCs as long as they stay below the 16MB 'mark'.
Which AFAIK are all of them.

> > I don't know if it's common, but AFAIK you can use U-Boot with EFI, but
> > it sounds 'weird' to add it to a recipe with AMD64 in its name...
>
> Indeed. If some ARM EFI platforms need the reserved partition, then one
> of the recipes-arm*-efi symlinks could be replaced with a directory
> containing new specific recipes and the other could be changed to point
> to it.

And the above principle also applies when EFI is being used with U-Boot
as it's specific to U-Boot.

HTH,
  Diederik


signature.asc
Description: PGP signature

Bug#1078803: Please consider updating to 0.18

[Diederik de Haas]

On Fri, 16 Aug 2024 13:37:48 +0200 Jonathan Carter  wrote:
> Source: wlroots
> Version: 0.17.4-1
> 
> Please consider updating wlroots to 0.18, as some new software need it
> as a dependency.

It's already available in Experimental. Note that the binary packages now have 
"-0.18" in their names as upstream now supports multiple versions.

https://tracker.debian.org/pkg/wlroots shows that too and 
https://release.debian.org/transitions/html/auto-wlroots.html shows there's 
'even' a transition tracker for it.

But I assume you('d) know all this, so what am I missing?

signature.asc
Description: This is a digitally signed message part.

Bug#1078782: bullseye-pu: package amd64-microcode/3.20240710.2~deb11u1

[Henrique de Moraes Holschuh]

zx9C5
+bisCiEwf4gg7ffQPLYW9MCsK3yjTaQ==
+=vQEt
 -END PGP SIGNATURE-
diff --git a/amd-ucode/microcode_amd_fam19h.bin b/amd-ucode/microcode_amd_fam19h.bin
index 02a5d05..4dcdca8 100644
Binary files a/amd-ucode/microcode_amd_fam19h.bin and b/amd-ucode/microcode_amd_fam19h.bin differ
diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
index 8cff901..dcd5a23 100644
--- a/amd-ucode/microcode_amd_fam19h.bin.asc
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
@@ -1,11 +1,11 @@
 -BEGIN PGP SIGNATURE-
 
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmTEYrcACgkQ5L5TOfMo
-rnN4IQf/QKbOezXZ4OYzaPANvsZQEAzLNfuylC/aQMwrPaO7daz5/zmCN4HU5XkH
-dDT8DYfPg+fQHIgxAw0/L24xPOm5Op/QuLVDyDqVr4qvL8+65eeI+JqxD/wXMXYN
-V34kkLM2p8iuyY1Nc8IDLXu4X75KGNPbKZlMRKMU3Pr7ai5O4ihmiAM+N6qv1KEJ
-YToNN6vrg0qt1cv0SLM8sa4e7L1+oblUrg/o0FViYE8pxsU3ZRRVSJMUg+lKjvl/
-1ZPGKOdD80fcNJ+ItYGHNNs3eCc3WgW7Kc/E668eH75Yu9Zt7ewWZX8Sg/mygleY
-OzMwhbPJg4bF4zm7C/Pku7i1T2Omcg==
-=km2X
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmX9xsgACgkQ5L5TOfMo
+rnP2aQf/QBOiKUZsrVIbnn0+Ls84yDYovoesYriy1rbK+K5CVRb/0iqoFn5xKIu6
+bvyHN0fnj7Ko+oedNvcRCmlu+jiw08s3WArQb6r3fK4QT/2Wj2f+qX14uoFuCGUd
+QgZTc4hZxNxSZBbQuKVbtDmT0iFtV0jKBp/ajdYD9++rA+VcIemKtwX/sxEZnUFi
+fXg016uAs/Q9LQ5KWvz3VhFz2G77BEXjDIJNAHSVCxmWCvsd05kf1SbXUswlj/T8
+JtuH840zfZicZEk8e3grO4fSywLyrZCjqATSXa+XY63thCIglM9c6V+EBL3jGXxh
+Cs2tZH8/ge+tL/UBBJ8FdOZcVSpkeQ==
+=HHoV
 -END PGP SIGNATURE-
diff --git a/amd/amd_sev_fam19h_model0xh.sbin b/amd/amd_sev_fam19h_model0xh.sbin
index 141d5d0..9cde6ad 100644
Binary files a/amd/amd_sev_fam19h_model0xh.sbin and b/amd/amd_sev_fam19h_model0xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model1xh.sbin b/amd/amd_sev_fam19h_model1xh.sbin
new file mode 100644
index 000..529dcb5
Binary files /dev/null and b/amd/amd_sev_fam19h_model1xh.sbin differ
diff --git a/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin b/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
new file mode 100644
index 000..6b454bf
Binary files /dev/null and b/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin differ
diff --git a/amdtee/amd_pmf_v3.bin b/amdtee/amd_pmf_v3.bin
new file mode 12
index 000..e340752
--- /dev/null
+++ b/amdtee/amd_pmf_v3.bin
@@ -0,0 +1 @@
+773bd96f-b83f-4d52-b12dc529b13d8543.bin
\ No newline at end of file
diff --git a/debian/README.Debian b/debian/README.Debian
index b0116a4..cd91c25 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -44,13 +44,7 @@ the initramfs using dracut, and reboot.  Note that since Linux kernel 4.4,
 one must use dracut 044 or later.
 
 Applying the microcode updates without the use of an early initramfs is
-not automatically supported anymore, due to future safety concerns.
-However, the local administrator may trigger an immediate microcode update
-attempt at any time, at her own risk:
-
-  USING AN INITRAMFS+REBOOT IS SAFER.  DO THIS ONLY WHEN YOU KNOW BETTER:
-  as root:
-  echo 1 > /sys/devices/system/cpu/microcode/reload
+not supported in Debian.
 
 
 RECOVERY PROCEDURE:
@@ -97,4 +91,4 @@ the initramfs images for every installed kernel.
 Please report any issues caused by microcode updates to the mailing-list or
 to the Debian bug tracker.
 
- -- Henrique de Moraes Holschuh , 2016-04-05
+ -- Henrique de Moraes Holschuh , 2024-08-11
diff --git a/debian/amd64-microcode.dirs b/debian/amd64-microcode.dirs
index 0790bdb..60f0777 100644
--- a/debian/amd64-microcode.dirs
+++ b/debian/amd64-microcode.dirs
@@ -2,3 +2,4 @@ etc/default
 etc/modprobe.d
 lib/firmware/amd-ucode
 lib/firmware/amd
+lib/firmware/amdtee
diff --git a/debian/amd64-microcode.install b/debian/amd64-microcode.install
index 40d0e9c..07af704 100644
--- a/debian/amd64-microcode.install
+++ b/debian/amd64-microcode.install
@@ -1,2 +1,3 @@
 amd-ucode/*bin	lib/firmware/amd-ucode
+amdtee/*lib/firmware/amdtee
 amd/*sev*bin	lib/firmware/amd
diff --git a/debian/amd64-microcode.postinst b/debian/amd64-microcode.postinst
index 453fd98..7fdc28b 100644
--- a/debian/amd64-microcode.postinst
+++ b/debian/amd64-microcode.postinst
@@ -19,11 +19,14 @@ set -e
 
 case "$1" in
 configure)
-	# do it like udev and firmware-linux-*
-	if [ -x /usr/sbin/update-initramfs ] && [ -e /etc/initramfs-tools/initramfs.conf ] ; then
-	update-initramfs -u && {
+	RC=0
+	dpkg-trigger --no-await update-initramfs || RC=$?
+	[ "$RC" -ne 0 ] && [ -e /etc/initramfs-tools/initramfs.conf ] && {
+		RC=0
+		update-initramfs -u || RC=$?
+	}
+	if [ "$RC" -eq 0 ] ; then
 		echo "amd64-microcode: microcode will be updated at next boot" >&2
-	}
 	else
 	echo "amd64-microcode: initramfs support missing" >&2
 	fi
diff --git a/debian/amd64-microcode.postrm b/debian/amd64-microcode.postrm
index c775b42..4b187d0 100644
--- a/debian/amd64-microcode.postrm
+++ b/debian/amd64-microcode.postrm
@@ -20,9 +20,10 @@ set -e
 
 case "$1" in
 purge|remove)
-	if 

Bug#1078781: bookworm-pu: package amd64-microcode/3.20240710.2~deb12u1

[Henrique de Moraes Holschuh]

zx9C5
+bisCiEwf4gg7ffQPLYW9MCsK3yjTaQ==
+=vQEt
 -END PGP SIGNATURE-
diff --git a/amd-ucode/microcode_amd_fam19h.bin b/amd-ucode/microcode_amd_fam19h.bin
index 02a5d05..4dcdca8 100644
Binary files a/amd-ucode/microcode_amd_fam19h.bin and b/amd-ucode/microcode_amd_fam19h.bin differ
diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
index 8cff901..dcd5a23 100644
--- a/amd-ucode/microcode_amd_fam19h.bin.asc
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
@@ -1,11 +1,11 @@
 -BEGIN PGP SIGNATURE-
 
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmTEYrcACgkQ5L5TOfMo
-rnN4IQf/QKbOezXZ4OYzaPANvsZQEAzLNfuylC/aQMwrPaO7daz5/zmCN4HU5XkH
-dDT8DYfPg+fQHIgxAw0/L24xPOm5Op/QuLVDyDqVr4qvL8+65eeI+JqxD/wXMXYN
-V34kkLM2p8iuyY1Nc8IDLXu4X75KGNPbKZlMRKMU3Pr7ai5O4ihmiAM+N6qv1KEJ
-YToNN6vrg0qt1cv0SLM8sa4e7L1+oblUrg/o0FViYE8pxsU3ZRRVSJMUg+lKjvl/
-1ZPGKOdD80fcNJ+ItYGHNNs3eCc3WgW7Kc/E668eH75Yu9Zt7ewWZX8Sg/mygleY
-OzMwhbPJg4bF4zm7C/Pku7i1T2Omcg==
-=km2X
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmX9xsgACgkQ5L5TOfMo
+rnP2aQf/QBOiKUZsrVIbnn0+Ls84yDYovoesYriy1rbK+K5CVRb/0iqoFn5xKIu6
+bvyHN0fnj7Ko+oedNvcRCmlu+jiw08s3WArQb6r3fK4QT/2Wj2f+qX14uoFuCGUd
+QgZTc4hZxNxSZBbQuKVbtDmT0iFtV0jKBp/ajdYD9++rA+VcIemKtwX/sxEZnUFi
+fXg016uAs/Q9LQ5KWvz3VhFz2G77BEXjDIJNAHSVCxmWCvsd05kf1SbXUswlj/T8
+JtuH840zfZicZEk8e3grO4fSywLyrZCjqATSXa+XY63thCIglM9c6V+EBL3jGXxh
+Cs2tZH8/ge+tL/UBBJ8FdOZcVSpkeQ==
+=HHoV
 -END PGP SIGNATURE-
diff --git a/amd/amd_sev_fam19h_model0xh.sbin b/amd/amd_sev_fam19h_model0xh.sbin
index 141d5d0..9cde6ad 100644
Binary files a/amd/amd_sev_fam19h_model0xh.sbin and b/amd/amd_sev_fam19h_model0xh.sbin differ
diff --git a/amd/amd_sev_fam19h_model1xh.sbin b/amd/amd_sev_fam19h_model1xh.sbin
new file mode 100644
index 000..529dcb5
Binary files /dev/null and b/amd/amd_sev_fam19h_model1xh.sbin differ
diff --git a/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin b/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
new file mode 100644
index 000..6b454bf
Binary files /dev/null and b/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin differ
diff --git a/amdtee/amd_pmf_v3.bin b/amdtee/amd_pmf_v3.bin
new file mode 12
index 000..e340752
--- /dev/null
+++ b/amdtee/amd_pmf_v3.bin
@@ -0,0 +1 @@
+773bd96f-b83f-4d52-b12dc529b13d8543.bin
\ No newline at end of file
diff --git a/debian/README.Debian b/debian/README.Debian
index b0116a4..cd91c25 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -44,13 +44,7 @@ the initramfs using dracut, and reboot.  Note that since Linux kernel 4.4,
 one must use dracut 044 or later.
 
 Applying the microcode updates without the use of an early initramfs is
-not automatically supported anymore, due to future safety concerns.
-However, the local administrator may trigger an immediate microcode update
-attempt at any time, at her own risk:
-
-  USING AN INITRAMFS+REBOOT IS SAFER.  DO THIS ONLY WHEN YOU KNOW BETTER:
-  as root:
-  echo 1 > /sys/devices/system/cpu/microcode/reload
+not supported in Debian.
 
 
 RECOVERY PROCEDURE:
@@ -97,4 +91,4 @@ the initramfs images for every installed kernel.
 Please report any issues caused by microcode updates to the mailing-list or
 to the Debian bug tracker.
 
- -- Henrique de Moraes Holschuh , 2016-04-05
+ -- Henrique de Moraes Holschuh , 2024-08-11
diff --git a/debian/amd64-microcode.dirs b/debian/amd64-microcode.dirs
index 0790bdb..60f0777 100644
--- a/debian/amd64-microcode.dirs
+++ b/debian/amd64-microcode.dirs
@@ -2,3 +2,4 @@ etc/default
 etc/modprobe.d
 lib/firmware/amd-ucode
 lib/firmware/amd
+lib/firmware/amdtee
diff --git a/debian/amd64-microcode.install b/debian/amd64-microcode.install
index 40d0e9c..07af704 100644
--- a/debian/amd64-microcode.install
+++ b/debian/amd64-microcode.install
@@ -1,2 +1,3 @@
 amd-ucode/*bin	lib/firmware/amd-ucode
+amdtee/*lib/firmware/amdtee
 amd/*sev*bin	lib/firmware/amd
diff --git a/debian/amd64-microcode.postinst b/debian/amd64-microcode.postinst
index 453fd98..7fdc28b 100644
--- a/debian/amd64-microcode.postinst
+++ b/debian/amd64-microcode.postinst
@@ -19,11 +19,14 @@ set -e
 
 case "$1" in
 configure)
-	# do it like udev and firmware-linux-*
-	if [ -x /usr/sbin/update-initramfs ] && [ -e /etc/initramfs-tools/initramfs.conf ] ; then
-	update-initramfs -u && {
+	RC=0
+	dpkg-trigger --no-await update-initramfs || RC=$?
+	[ "$RC" -ne 0 ] && [ -e /etc/initramfs-tools/initramfs.conf ] && {
+		RC=0
+		update-initramfs -u || RC=$?
+	}
+	if [ "$RC" -eq 0 ] ; then
 		echo "amd64-microcode: microcode will be updated at next boot" >&2
-	}
 	else
 	echo "amd64-microcode: initramfs support missing" >&2
 	fi
diff --git a/debian/amd64-microcode.postrm b/debian/amd64-microcode.postrm
index c775b42..4b187d0 100644
--- a/debian/amd64-microcode.postrm
+++ b/debian/amd64-microcode.postrm
@@ -20,9 +20,10 @@ set -e
 
 case "$1" in
 purge|remove)
-	if 

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Thu Aug 15, 2024 at 10:24 PM CEST, Pascal Hambourg wrote:
> Then I guess a 16 MiB unused partition could be added to relevant
> recipes. Now, which are the relevant recipes ? In other words, which
> arch/subarch need it ?
> Currently, partman-auto has the following recipes for ARM:
>
> recipes-armel-kirkwood
> recipes-armel-orion5x
> recipes-armhf-efikasb

These ones are NOT relevant for this.

> recipes-armhf-efi (=recipes-amd64-efi)
> recipes-armhf
> recipes-arm64-efi (=recipes-amd64-efi)
> recipes-arm64 (=recipes-armhf)

Rockchip makes both 32bit as 64bit ARM SoCs, so `recipes-armhf` is
relevant.
I don't know if it's common, but AFAIK you can use U-Boot with EFI, but
it sounds 'weird' to add it to a recipe with AMD64 in its name...


signature.asc
Description: PGP signature

Bug#1014593: Now with CVE-2023-31315 (amd64-microcode: Updated version for bullseye/stable?)

[Henrique de Moraes Holschuh]

The current plan is that amd64-microcode will be updated through the next point 
release for both stable and oldstable, which should happen in a few weeks. I 
was about to file the two proposed-update requests, in fact.

If you need them sooner, you could get them *now* from git:

https://salsa.debian.org/hmh/amd64-microcode/-/tree/releases/bookworm?ref_type=heads
https://salsa.debian.org/hmh/amd64-microcode/-/tree/releases/bullseye?ref_type=heads

You could also try to build the source package already in unstable, or just 
plain copy the datafiles out of the linux-firmware git tree...

-- 
  Henrique de Moraes Holschuh 

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Thu Aug 15, 2024 at 5:50 PM CEST, Pascal Hambourg wrote:
> On 15/08/2024 at 16:25, Diederik de Haas wrote:
> >> I do not know any way to reserve unallocated space in recipes. The
> >> recipes could create a 16-MiB unused partition but the table in [2]
> >> lists a lot of special partitions within the first 16 MiB. Are these
> >> actual partitions ? If yes, how are they supposed to be created ?
> >
> > I think you technically could create those partitions, but those are not
> > relevant. All that matter is that the first 16 MiB stay unused so that
> > U-Boot can be put there.
>
> It is still unclear to me if it can be an unused partition or if it must
> be unallocated space which can be used to create new partitions.
> AFAIK, only the former can be done in recipes.

Either would work.



signature.asc
Description: PGP signature

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Thu Aug 15, 2024 at 3:46 PM CEST, Pascal Hambourg wrote:
> On 15/08/2024 at 08:26, Holger Wansing wrote:
> > Am 15. August 2024 00:47:22 MESZ schrieb Diederik de Haas 
> > :
> >>
> >> I'm not 100% sure if this fits into this subject/discussion, but ...
>
> It is beyond the original scope (partition size limits) and I believe it
> would deserve its own discussion involving people who are familiar with
> ARM platforms.

Ok.

> Disclaimer: I have no experience nor knowledge about ARM (or any other
> architectures than x86) and its boot process.

For partitioning there's nothing special ... apart that the first 16MiB
should not be used.

> >> The U-Boot bootloader is normally put in the first part of the boot
> >> device and for Rockchip based devices that can extend to the 16MB
> >> 'mark'. AFAIK bootloaders for other SoCs are before that.
> >>
> >> If you use the current recipes you end up with an unbootable system as
> >> the U-Boot bootloader get overwritten with the / (root) partition and
> >> the data on it.
>
> AFAICS, the first partition in all non-EFI ARM recipes is /boot, not /.

I shouldn't have written which partition, but the important thing is
that the first 'real' partition starts at 16 MiB.

> >> Right now, the instruction is to choose manual partitioning and create
> >> a 16MB partition ([1] says 32MB, but it should be 16MB [2]) and then the
> >> normal partitions and after that you could remove that partition again.
> >> And if you type in 16MB, then you need to 'hope' that it is actually
> >> 16MB and not something (a bit) smaller.
>
> 16 MB (~15.3 MiB) or 16 MiB (~16.8 MB) ?
> In partman, 1 MB really means 10^6 bytes, not 1 MiB (2^20 bytes).

I think I've actually tried both and IIRC that didn't make a difference.

> >> So it would be very helpful if the recipe(s) for ARM devices would
> >> reserve the first 16MB automatically with plain partitioning.
>
> What do you mean exactly by "plain partitioning" ? Manual partitioning ?
> Guiding partitioning with all files in one filesystem ? Other ?

Partitioning NOT involving LVM.
I 'jumped in' when the subject of creating blank/reserved partitions
with LVM and then the question arose if that should also be used for
"plain" partitioning, which I interpreted as not using LVM.

> >> [1] https://wiki.pine64.org/wiki/ROCK64_Software_Releases#Debian
> >> [2] https://opensource.rock-chips.com/wiki_Partitions
>
> I do not know any way to reserve unallocated space in recipes. The
> recipes could create a 16-MiB unused partition but the table in [2]
> lists a lot of special partitions within the first 16 MiB. Are these
> actual partitions ? If yes, how are they supposed to be created ?

I think you technically could create those partitions, but those are not
relevant. All that matter is that the first 16 MiB stay unused so that
U-Boot can be put there.

> > Looks like another incarnation of
> > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+770666>
>
> It looks like a different issue to me. IIUC these bug reports are about
> parted_server erasing the boot loader location when creating a new
> partition table, not the first partition overlapping with the boot
> loader location.

AIUI bug #770666 is the same/similar as this 'Rockchip' issue.
Bug #751704 OTOH is related, but does deal with problems wrt partition
table. But I don't know/understand which of parted* sub programs is
responsible for which part.

Cheers,
  Diederik


signature.asc
Description: PGP signature

Bug#1075633: wasmedge: ftbfs with GCC-14

[Diederik de Haas]

On Mon Aug 12, 2024 at 1:05 PM CEST, Faidon Liambotis wrote:
> On Sun, Aug 11, 2024 at 12:31:21PM -0400, Reinhard Tartler wrote:
> > But you are right, ultimately this decision is up to the maintainer to make.
>
> Maintainer here :)
>
> For this particular case, I think removing -Werror made sense as a quick
> fix to avoid kicking out the entire WasmEdge -> crun -> podman stack out

I wondered why wasmedge ended up on my radar, but that explains it ;-)

> of testing, for what is a bug that existed before (i.e. not a
> regression), and was just surfaced by a new compiler version. I had
> looked into the bug before Reinhard NMUed and the fix wasn't obvious to
> me. So taking a shortcut and prioritizing expediency over correctness
> made sense to me, in this particular case.

Yeah, makes a lot of sense.

> But, at the same time, I agree that addressing this properly means
> reporting this upstream so that the underlying bug gets fixed. I see
> this has happened now, and upstream is already responsive (as they
> usually are!).

And what happened is why I like FLOSS so much:
a bunch of people working together to solve a problem :-D

As you may have seen I was able to verify that the proposed fix indeed
solved the GCC-14 compiler issue, so I've DEP-3-ified that patch and
attached it here.

HTH,
  Diederik
From: hydai 
Date: Thu, 15 Aug 2024 13:59:51 +0800
Subject: [Loader] Fix GCC 14 maybe-uninitialized warning (#3659)
Origin: upstream, https://github.com/WasmEdge/WasmEdge/commit/e427a71c5a50982c35e124340fc4febcd7600226

Fix #3640

Signed-off-by: hydai 
---
 lib/loader/filemgr.cpp | 5 +
 1 file changed, 5 insertions(+)

diff --git a/lib/loader/filemgr.cpp b/lib/loader/filemgr.cpp
index 14afba28..a6e2b95e 100644
--- a/lib/loader/filemgr.cpp
+++ b/lib/loader/filemgr.cpp
@@ -49,6 +49,11 @@ Expect FileMgr::setCode(Span CodeData) {
 // Set code data. See "include/loader/filemgr.h".
 Expect FileMgr::setCode(std::vector CodeData) {
   reset();
+  // Tell GCC 14 that DataHolder has no data.
+  // Fix the false positive warning,
+  // which is reported by GCC 14 with `maybe-uninitialized`
+  assuming(!DataHolder);
+
   DataHolder.emplace(std::move(CodeData));
   Data = DataHolder->data();
   Size = DataHolder->size();
-- 
2.45.2



signature.asc
Description: PGP signature

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Thu Aug 15, 2024 at 8:26 AM CEST, Holger Wansing wrote:
> Am 15. August 2024 00:47:22 MESZ schrieb Diederik de Haas 
> :
> >On ARM devices it would be very useful if the first 16MB would be
> >(automatically) reserved.
> >The U-Boot bootloader is normally put in the first part of the boot
> >device and for Rockchip based devices that can extend to the 16MB
> >'mark'. AFAIK bootloaders for other SoCs are before that.
> >
> >So it would be very helpful if the recipe(s) for ARM devices would
> >reserve the first 16MB automatically with plain partitioning.
> >
> >[1] https://wiki.pine64.org/wiki/ROCK64_Software_Releases#Debian
> >[2] https://opensource.rock-chips.com/wiki_Partitions
>
> Looks like another incarnation of
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+770666>

Yep


signature.asc
Description: PGP signature

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Fri Aug 9, 2024 at 10:08 PM CEST, Pascal Hambourg wrote:
> Guided partitioning with LVM already provides a feature to reserve space
> in the VG. Maybe it could be extended to guided partitioning with plain
> partitions.

I'm not 100% sure if this fits into this subject/discussion, but ...

On ARM devices it would be very useful if the first 16MB would be
(automatically) reserved.
The U-Boot bootloader is normally put in the first part of the boot
device and for Rockchip based devices that can extend to the 16MB
'mark'. AFAIK bootloaders for other SoCs are before that.

If you use the current recipes you end up with an unbootable system as
the U-Boot bootloader get overwritten with the / (root) partition and
the data on it.
There should be a bug for it, but I didn't manage to find it.

Right now, the instruction is to choose manual partitioning and create
a 16MB partition ([1] says 32MB, but it should be 16MB [2]) and then the
normal partitions and after that you could remove that partition again.
And if you type in 16MB, then you need to 'hope' that it is actually
16MB and not something (a bit) smaller.
I like to think that I'm more advanced then most users and I found it
quite difficult to do.

So it would be very helpful if the recipe(s) for ARM devices would
reserve the first 16MB automatically with plain partitioning.

[1] https://wiki.pine64.org/wiki/ROCK64_Software_Releases#Debian
[2] https://opensource.rock-chips.com/wiki_Partitions


signature.asc
Description: PGP signature

Bug#1075263: Patch for MCPP GCC14 FTBFS

[Jose Gutierrez de la Concha]

Hi all,

I have attached a patch for the MCPP FTBFS reported in  #1075263 can
somebody upload the patch to debian?

Cheers,
José

--
José Gutiérrez de la Concha
ZeroC, Inc.
--- a/src/expand.c
+++ b/src/expand.c
@@ -710,7 +710,9 @@
 } else {
 m_inf->locs.start_col = m_inf->locs.start_line = 0L;
 }
-m_inf->args = m_inf->loc_args = NULL;   /* Default args */
+/* Default args */
+m_inf->args = NULL;
+m_inf->loc_args = NULL;
 for (num = 1, recurs = 0; num < m_num; num++)
 if (mac_inf[ num].defp == defp)
 recurs++;   /* Recursively nested macro */
--- a/src/configed.H
+++ b/src/configed.H
@@ -299,7 +299,7 @@
 #define _POSIX_ 1
 #define _POSIX_SOURCE   1
 #ifndef _POSIX_C_SOURCE
-#define _POSIX_C_SOURCE 1
+#define _POSIX_C_SOURCE 200112L // Ensure readlink is available
 #define _POSIX_C_SOURCE_defined 1
 #endif
 #include"limits.h"

Bug#1078688: Please use filecaps for /usr/sbin/unix_chkpwd instead of setgid shadow

[Daan De Meyer]

Package: libpam-modules
Version: 1.5.3-7

Dear Maintainer,

As described in https://github.com/linux-pam/linux-pam/pull/373,
unix_chkpwd does not need to be setuid or setgid anymore if it is
given cap_dac_override via filecaps instead. I would like debian to
use filecaps instead of setgid shadow for /usr/sbin/unix_chkpwd so
that the file itself can be owned by root:root and the setgid bit can
be removed from the file. Having all files in /usr owned by root:root
is useful for image builders as it allows building debian images in a
stripped down user namespace with only the root user and nothing else
available.

Cheers,

Daan

Bug#1075633: wasmedge: ftbfs with GCC-14

[Diederik de Haas]

On Sun Aug 11, 2024 at 6:31 PM CEST, Reinhard Tartler wrote:
> I'm afraid we'll have to agree to disagree

Agreed


signature.asc
Description: PGP signature

Bug#1072451: simplescreenrecorder: FTBFS with ffmpeg 7.0: AudioEncoder.cpp:169:43: error: ‘AVFrame’ {aka ‘struct AVFrame’} has no member named ‘channels’ no member named ‘channels’

[Diederik de Haas]

On Mon Aug 12, 2024 at 8:42 AM CEST, Petter Reinholdtsen wrote:
>
> Control: tags -1 + patch
>
> The following debian/patches/1020-ffmpeg-7.patch seem to fix the build:
>
> Description: More fixes for ffmpeg 7.0
>  Use class method GetChannels() as a wrapper to get the ffmpeg version
>  dependent implementation instead of the channels method which
>  disappeared with ffmpeg 7.
> Author: Petter Reinholdtsen
> Forwarded: no

Why not? This isn't specific to Debian and with forwarding everyone benefits.
And if a new upstream version gets released, you can likely drop the
patch.

> Last-Updated: 2024-08-12
> ---
> Index: simplescreenrecorder-salsa/src/AV/Output/AudioEncoder.cpp
> ==> --- 
> simplescreenrecorder-salsa.orig/src/AV/Output/AudioEncoder.cpp
> 2024-08-12 06:33:54.881267389 +
> +++ simplescreenrecorder-salsa/src/AV/Output/AudioEncoder.cpp 2024-08-12 
> 06:35:49.514541002 +
> @@ -42,7 +42,7 @@
>   if(GetCodecContext()->frame_size <= 1) {
>   // This is really weird, the old API uses the size of the 
> *output* buffer to determine the number of
>   // input samples if the number of input samples (i.e. 
> frame_size) is not fixed (i.e. frame_size <= 1).
> - m_temp_buffer.resize(DEFAULT_FRAME_SAMPLES * 
> GetCodecContext()->channels * 
> av_get_bits_per_sample(GetCodecContext()->codec_id) / 8);
> + m_temp_buffer.resize(DEFAULT_FRAME_SAMPLES * GetChannels() * 
> av_get_bits_per_sample(GetCodecContext()->codec_id) / 8);
>   } else {
>   m_temp_buffer.resize(std::max(FF_MIN_BUFFER_SIZE, 256 * 1024));
>   }
> @@ -166,7 +166,11 @@
>   assert((unsigned int) frame->GetFrame()->nb_samples == 
> GetFrameSize());
>  #endif
>  #if SSR_USE_AVFRAME_CHANNELS
> - assert(frame->GetFrame()->channels == 
> GetCodecContext()->channels);
> +#  if LIBAVCODEC_VERSION_MAJOR < 61
> + assert(frame->GetFrame()->channels == GetChannels());
> +#  else
> + assert(frame->GetFrame()->ch_layout.nb_channels == 
> GetChannels());
> +#  endif /* LIBAVCODEC_VERSION_MAJOR < 61 */
>  #endif
>  #if SSR_USE_AVFRAME_SAMPLE_RATE
>   assert(frame->GetFrame()->sample_rate == 
> GetCodecContext()->sample_rate);

Probably a PEBKAC issue, but it seems it didn't apply cleanly?
The Salsa CI pipeline now does succeed:
https://salsa.debian.org/diederik/simplescreenrecorder/-/pipelines/715297

(at time of writing at least the 'build' stage where it failed before)


signature.asc
Description: PGP signature

Bug#1078505: developers-reference: document corner case of debian version and rational

[Henrique de Moraes Holschuh]

> salsa. Some user used +deb12u1~1
> but it is not safe against +deb12u1~debu11u1 upgrade for instance. So a 
> suffix
> like ~pre should be used, and should be documented

Maybe we could set aside "~~~" for such uses.  ~pre is not going to be 
foolproof.

I am *very* happy that ~deb sorts later than ~bpo, as that updates a backport 
to a stable / oldstable / oldoldstable update.  But that was sheer luck.  This 
is not true for ~pre, but would work for ~~pre or whatever...

-- 
  Henrique de Moraes Holschuh 

Bug#1076703: amd64-microcode: Please clarify how to check if I'm running the latest microcode

[Henrique de Moraes Holschuh]

> I got the *impression* that some heuristic was used to determine whether
> the microcode update should be applied.

No. It has a simple heuristic to not increase the initramfs size by adding AMD 
microcode updates unless either it is running on an AMD processor when the 
amd64-microcode package is installed, OR you configure amd64-microcode to 
always add the updates to the initramfs.   It is an "all or nothing" thing, and 
currently it has absolutely no "processor-model-aware" logic.

For *Intel*, we have more heuristics, but that's because the full Intel 
microcode package is *very large*.  The one for AMD is nowhere near large 
enough to justify the added complexity, yet.

*Uploading* the microcode update to the processor is handled by the kernel 
during early boot, and it is done only if the processor signature matches one 
in a microcode update, and the new microcode revision in the update is strictly 
higher than whatever is already running in the processor.  *Accepting* and 
*activating* the microcode update is on the processor.

There are microcode updates that absolutely must be loaded very early during 
the reset (and sometimes even the power-up) sequence, and those can only be 
applied by the firmware itself, so they must be installed as a firmware update. 
 These updates are *not* distributed by AMD to the general public (at least not 
on purpose), and Debian does not include them (at least not on purpose...).

On some AMD processor models, there are microcode revisions from which you must 
NOT update the processor to some other microcode revision at all. I have no 
idea why, although i can come up with a few possible scenarios for this.  The 
kernel driver for AMD microcode updates has logic that detects this situation, 
and does not send any microcode updates to the processor.  Note that if the 
processor is not yet on any of those specific microcode revisions, it should 
apply the microcode update, that's why such updates are distributed even if 
some systems will have to detect that they must not apply them.

> I'd like to know whether I'm actually running the latest microcode,
> but I haven't figured out a way how?

/proc/cpuinfo should report the running microcode version on a recent enough 
kernel.  It will also log the microcode revision when it does a microcode 
update.

There is no facility to check whether what is in your system's 
/lib/firmware/amd-ucode is the latest available microcode update that has been 
issued by AMD to the linux-firmware project, nor is there any facility to know 
whether there is a newer revision that is restricted to firmware vendors.

I believe the needrestart package will actually warn if you need to reboot to 
update the microcode on your system processor, based on not-foolproof 
heuristics that look at /proc/cpuinfo and what has been installed by 
amd64-microcode (and intel-microcode).

Oh, and the date-based versioning of the amd64-microcode package has no 
relationship to the dates on any of the microcode updates inside it.  It is the 
date of the latest commit in linux-firmware that changed any of the several 
firmware files (AMD ucode, AMD SEV,  AMD TEE) inside it.

I hope this information solves any lingering doubts about how it works?

-- 
  Henrique de Moraes Holschuh 

Bug#1075633: wasmedge: ftbfs with GCC-14

[Diederik de Haas]

On Sun Aug 11, 2024 at 4:56 PM CEST, Reinhard Tartler wrote:
> On 2024-08-11 08:55, Diederik de Haas wrote:
> > On 03 Aug 2024 11:08:58 -0400 Reinhard Tartler 
> > wrote:
> >> I noticed this package is listed as low-NMU. As such, I'm taking the
> >> liberty of uploading the following patch as NMU to sid:
> >> ...
> >> new file   debian/patches/don-t-fail-on-unknown-gcc-warnings.patch
> >> @@ -0,0 +1,20 @@
> >> +From: Reinhard Tartler 
> >> +Date: Sat, 3 Aug 2024 10:46:50 -0400
> >> +Subject: don't fail on unknown gcc warnings
> >> +
> >> +---
> >> + cmake/Helper.cmake | 1 -
> >> + 1 file changed, 1 deletion(-)
> >> +
> >> +diff --git a/cmake/Helper.cmake b/cmake/Helper.cmake
> >> +index f9cdcf2..126e93f 100644
> >> +--- a/cmake/Helper.cmake
> >>  b/cmake/Helper.cmake
> >> +@@ -39,7 +39,6 @@ else()
> >> +
> >> +   if(NOT WASMEDGE_PLUGIN_WASI_NN_GGML_LLAMA_CUBLAS)
> >> + list(APPEND WASMEDGE_CFLAGS
> >> +-  -Werror
> >> +   -Wno-error=pedantic
> >> + )
> >> + if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" AND
> >> CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 13)
> >> new file   debian/patches/series
> >> @@ -0,0 +1 @@
> >> +don-t-fail-on-unknown-gcc-warnings.patch
> >
> > Why do you consider this an appropriate solution?
> >
> > Upstream explicitly want all warnings to be treated as errors and now
> > with gcc-14 it generates a new warning.
> > This sounds like something upstream explicitly wants to know about?
>
> I think this is a reasonable stance to take upstream. I've now filed
> https://github.com/WasmEdge/WasmEdge/issues/3640 to document this issue,
> in the hope that someone with more expertise can have a look.

Thanks for reporting it upstream :-)

> For Debian, I do think that this workaround is acceptable, at least for
> the purposes of allowing further testing in the "testing" Distribution,
> so that we get additional datapoints whether there actually are runtime
> issues that stem from unitialized variables that GCC claims to detect.

I disagree, but I'll let it up to the maintainer to reopen this bug or
not.

Packages don't transition to Testing to get additional datapoints (even
though that will happen), but because there are no RC bugs, like FTBFS,
currently known. That's not the case here.

If you can make the argument that a specific warning can be ignored, you
could override that specific warning with a clear explanation why that's
OK in this particular case.
This patch OTOH essentially says to ignore ALL warnings.

My 0.02


signature.asc
Description: PGP signature

Bug#1072451: simplescreenrecorder: FTBFS with ffmpeg 7.0: AudioEncoder.cpp:169:43: error: ‘AVFrame’ {aka ‘struct AVFrame’} has no member named ‘channels’ no member named ‘channels’

[Diederik de Haas]

Control: notforwarded -1
Control: tag -1 -fixed-upstream

On Sun Aug 11, 2024 at 3:43 PM CEST, Petter Reinholdtsen wrote:
> [Diederik de Haas]
> >> during a rebuild of the reverse dependencies for the transition to
> >> ffmpeg 7.0, your package failed to build
> >
> > Someone made a PR and that got merged upstream. Updated metadata
> > accordingly.
>
> This is strange, as debian/patches/0020-ffmpeg-7.patch from
> https://github.com/MaartenBaert/ssr/pull/1031/ > is already part
> of version 0.4.4-5.  Is the patch incomplete?  The error seem to happen in
> code protected by '#if LIBAVCODEC_VERSION_MAJOR < 61'.

Which means my forwarded was incorrect, fixing metadata accordingly.


signature.asc
Description: PGP signature

Bug#1072451: simplescreenrecorder: FTBFS with ffmpeg 7.0: AudioEncoder.cpp:169:43: error: ‘AVFrame’ {aka ‘struct AVFrame’} has no member named ‘channels’ no member named ‘channels’

[Diederik de Haas]

On Sun Aug 11, 2024 at 3:43 PM CEST, Petter Reinholdtsen wrote:
> [Diederik de Haas]
> >> during a rebuild of the reverse dependencies for the transition to
> >> ffmpeg 7.0, your package failed to build
> >
> > Someone made a PR and that got merged upstream. Updated metadata
> > accordingly.
>
> This is strange, as debian/patches/0020-ffmpeg-7.patch from
> https://github.com/MaartenBaert/ssr/pull/1031/ > is already part
> of version 0.4.4-5.  Is the patch incomplete?  The error seem to happen in
> code protected by '#if LIBAVCODEC_VERSION_MAJOR < 61'.

Yes, the patch is incomplete.

> /<>/src/AV/Output/AudioEncoder.cpp: In member function ‘virtual 
> bool AudioEncoder::EncodeFrame(AVFrameWrapper*)’:
> /<>/src/AV/Output/AudioEncoder.cpp:169:43: error: ‘AVFrame’ {aka 
> ‘struct AVFrame’} has no member named ‘channels’
>   169 | assert(frame->GetFrame()->channels == 
> GetCodecContext()->channels);
>   |   ^~~~
> /<>/src/AV/Output/AudioEncoder.cpp:169:74: error: 
> ‘AVCodecContext’ {aka ‘struct AVCodecContext’} has no member named ‘channels’
>   169 | assert(frame->GetFrame()->channels == 
> GetCodecContext()->channels);
>   |   
>^~~~

Note the line numbers. The lines that were fixed in that file did NOT
include the ``bool AudioEncoder::EncodeFrame(AVFrameWrapper* frame)``
function.

HTH


signature.asc
Description: PGP signature

Bug#1075633: wasmedge: ftbfs with GCC-14

[Diederik de Haas]

On 03 Aug 2024 11:08:58 -0400 Reinhard Tartler  wrote:
> I noticed this package is listed as low-NMU. As such, I'm taking the
> liberty of uploading the following patch as NMU to sid:
> ...
> new file   debian/patches/don-t-fail-on-unknown-gcc-warnings.patch
> @@ -0,0 +1,20 @@
> +From: Reinhard Tartler 
> +Date: Sat, 3 Aug 2024 10:46:50 -0400
> +Subject: don't fail on unknown gcc warnings
> +
> +---
> + cmake/Helper.cmake | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/cmake/Helper.cmake b/cmake/Helper.cmake
> +index f9cdcf2..126e93f 100644
> +--- a/cmake/Helper.cmake
>  b/cmake/Helper.cmake
> +@@ -39,7 +39,6 @@ else()
> +
> +   if(NOT WASMEDGE_PLUGIN_WASI_NN_GGML_LLAMA_CUBLAS)
> + list(APPEND WASMEDGE_CFLAGS
> +-  -Werror
> +   -Wno-error=pedantic
> + )
> + if(CMAKE_CXX_COMPILER_ID MATCHES "GNU" AND CMAKE_CXX_COMPILER_VERSION 
> VERSION_GREATER 13)
> new file   debian/patches/series
> @@ -0,0 +1 @@
> +don-t-fail-on-unknown-gcc-warnings.patch

Why do you consider this an appropriate solution?

Upstream explicitly want all warnings to be treated as errors and now
with gcc-14 it generates a new warning.
This sounds like something upstream explicitly wants to know about?



signature.asc
Description: PGP signature

Bug#1037281: Support of Banana Pi R3

[Diederik de Haas]

On Friday, 9 August 2024 08:02:42 CEST Bernhard Wörner wrote:
> Hello Diederik
> Hello Vagrant
> 
> You wrote, that there are now the board configs in u-boot:
> 
> configs/mt7986a_bpir3_emmc_defconfig  configs/mt7986a_bpir3_sd_defconfig
> 
> But the arm-trusted-firmware is missing.
> 
> Is it possible, to boot the BananaPi without this firmware?
> 
> 
> What is your opinion:
> Is it time to order this BananaPi now?
> Can we get the Banana Pi to work?

I don't have an answer to any of your questions, but due to 
https://bugs.debian.org/1072968 the BPI-R3 is now properly supported in the 
Debian kernel since version 6.10.

For the rest I suggest to search and/or participate in the BananaPi and 
OpenWrt forums where they likely know (a lot) more about BPI-R3 then I do.

signature.asc
Description: This is a digitally signed message part.

Bug#1077980: gnome-network-displays: Set Depends: to "wpasupplicant | iwd" as using iwd as an alternative is actually possible now

[Mourad De Clerck]

On 8/7/24 20:47, Matthias Geiger wrote:
have you tested this ? I'm willing to go ahead enabling iwd if both 
Chromecast and miracast work.


I've tested it with Miracast on a LG OLED55CX and it works. I haven't 
tried it with a Chromecast.


-- M

Bug#1076952: [RFD] partman-auto: Update guided partitioning size limits for current and future needs

[Diederik de Haas]

On Wednesday, 7 August 2024 20:33:02 CEST Holger Wansing wrote:
> > > Could probably solve the long standing issue
> > > "#987503 swap partition only 1 GB instead of at least 1 x RAM size"
> > > stating that hibernation is broken for machines with RAM bigger than
> > > 1G...
> > 
> > Do you mean to create specific recipes for hibernation ?
> 
> A recipe specific for server installations, which limits the swap to let's
> say 1G or 2G, because the machine has enough RAM built-in.
> The other (already existing) recipes could be focused on desktops/laptops,
> which use something like Swap=RAM, to allow hibernation.
> Having such concept, would probably allow to get rid of the
> partman-auto/cap-ram thingy, which solved one problem by creating a new
> one...

FWIW: +1

I found it odd that the default was changed to cater for what I consider to be 
an exceptional situation (but could be common in server env?).

signature.asc
Description: This is a digitally signed message part.

Bug#1077980: gnome-network-displays: Set Depends: to "wpasupplicant | iwd" as using iwd as an alternative is actually possible now

[Mourad De Clerck]

Package: gnome-network-displays
Severity: normal

Hi,

As I mentioned in upstream bug #392, using iwd instead of wpasupplicant is 
possible now.

iwd implemented the necessary bits at the end of 2021, and I've verified 
Miracast functionality is working with the current Flatpak version of Gnome 
Network Displays.

It'd be nice to be able to use the Debian version instead.

Thank you,

-- Mourad DC


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.9.10-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-network-displays depends on:
ii  libadwaita-1-0  1.5.3-1
ii  libavahi-common30.8-13+b2
pn  libavahi-gobject0   
ii  libc6   2.39-6
ii  libglib2.0-0t64 2.81.1-3
ii  libgstreamer-plugins-base1.0-0  1.24.6-1
ii  libgstreamer1.0-0   1.24.6-1
ii  libgstrtspserver-1.0-0  1.24.6-1
ii  libgtk-4-1  4.14.4+ds-8
ii  libjson-glib-1.0-0  1.8.0-2+b1
ii  libnm0  1.48.6-1
ii  libportal-gtk4-10.7.1-5+b1
ii  libportal1  0.7.1-5+b1
ii  libprotobuf-c1  1.4.1-1+b2
ii  libpulse-mainloop-glib0 16.1+dfsg1-5.1
ii  libpulse0   16.1+dfsg1-5.1
ii  libsoup-3.0-0   3.4.4-5+b1
ii  network-manager 1.48.6-1
pn  wpasupplicant   

gnome-network-displays recommends no packages.

gnome-network-displays suggests no packages.

Bug#1072425: k3b: FTBFS with ffmpeg 7.0: k3bf fmpegwrapper.cpp:143:26: error: ‘AVCodecContext’ {aka ‘struct AVCodecContext’} has no member named ‘channels’ xt’ {aka ‘struct AVCodecContext’} has n o m

[Diederik de Haas]

On dinsdag 23 juli 2024 17:56:34 CEST you wrote:
> > during a rebuild of the reverse dependencies for the transition to
> > ffmpeg 7.0, your package failed to build
> 
> In the upstream git repo there are 2 commits on 2024-04-13 which probably do
> fix the FTBFS issue, but don't make it compatible with ffmpeg 7.0. F.e. it
> now just returns '0' for the number of channels with ffmpeg 7.0, while it
> does return the actual value when < 7.0 ...
> 
> So, linking to those commits seems pointless.

No offense, but I don't consider the following a solution:
```
int K3bFFMpegFile::channels() const
{
#if LIBAVCODEC_VERSION_MAJOR < 61
return d->codecContext->channels;
#else
#pragma Unimplemented
return 0;
#endif
}
```
(Upstream commits 712ef4adc992 + 071535a79c3d)

I'm sure it does fix the FTBFS problem, so this is just to inform users
if they care about it.

signature.asc
Description: This is a digitally signed message part.

Bug#972396: Comment on «initramfs-tools: Installation fails (no space left on device)»

[Diederik de Haas]

On Wednesday, 31 July 2024 16:37:48 CEST Pascal Hambourg wrote:
> On 31/07/2024 at 00:38, Thomas Hahn wrote:
> > On Fri, 26 Jul 2024 14:00:51 +0200 Pascal Hambourg
> > 
> >  wrote:
> > > firmware-nvidia-graphics was installed on systems which already had
> > > firmware-misc-nonfree because firmware-misc-nonfree recommends
> > > firmware-misc-nonfree so that systems which rely on Nvidia firmware are
> > > not disrupted.
> > 
> > Is it possible to only install it on systems, which have a NVIDIA
> > graphics card?
> 
> Maybe firmware-misc-nonfree could check if a Nvidia GPU is present then
> trigger installation of firmware-nvidia-graphics instead of recommending
> firmware-nvidia-graphics. Sounds quite convoluted.

Sounds more like a recipe for disaster.
Just uninstall the recommended packages you don't need.

signature.asc
Description: This is a digitally signed message part.

Bug#1075633: wasmedge: ftbfs with GCC-14

[Diederik de Haas]

On Wed, 03 Jul 2024 12:47:52 + Matthias Klose  wrote:
> Package: src:wasmedge
> Version: 0.13.5+dfsg-1
> Usertags: ftbfs-gcc-14
> 
> The package fails to build in a test rebuild on at least amd64 with
> gcc-14/g++-14, but succeeds to build with gcc-13/g++-13. The
> severity of this report will be raised before the trixie release.
> 
> The full build log can be found at:
> http://qa-logs.debian.net/2024/07/01/wasmedge_0.13.5+dfsg-1_unstable_gccexp.log
> The last lines of the build log are at the end of this report.

Those last lines don't contain the error though, but the build log does:

```
[ 34%] Building CXX object lib/aot/CMakeFiles/wasmedgeAOT.dir/cache.cpp.o
cd /<>/obj-x86_64-linux-gnu/lib/aot && /usr/bin/c++ -DFMT_SHARED 
-DSPDLOG_COMPILED_LIB -DSPDLOG_FMT_EXTERNAL -DSPDLOG_SHARED_LIB 
-I/<>/obj-x86_64-linux-gnu/include 
-I/<>/thirdparty/blake3 -I/<>/include 
-I/<>/obj-x86_64-linux-gnu/lib/system -isystem 
/usr/lib/llvm-16/include -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 
-std=c++17 -fPIC -fvisibility=hidden -fvisibility-inlines-hidden  
-fno-exceptions -Wall -Wextra -Werror -Wno-error=pedantic 
-Wno-error=dangling-reference -Wno-psabi -MD -MT 
lib/aot/CMakeFiles/wasmedgeAOT.dir/cache.cpp.o -MF 
CMakeFiles/wasmedgeAOT.dir/cache.cpp.o.d -o 
CMakeFiles/wasmedgeAOT.dir/cache.cpp.o -c /<>/lib/aot/cache.cpp
In file included from /usr/include/c++/14/vector:66,
 from /usr/include/c++/14/functional:64,
 from /usr/include/spdlog/common.h:16,
 from /usr/include/spdlog/spdlog.h:12,
 from /<>/include/common/log.h:18,
 from /<>/include/common/enum_errcode.hpp:18,
 from /<>/include/common/errcode.h:16,
 from /<>/include/loader/filemgr.h:17,
 from /<>/lib/loader/filemgr.cpp:4:
In destructor ‘std::_Vector_base<_Tp, _Alloc>::~_Vector_base() [with _Tp = 
unsigned char; _Alloc = std::allocator]’,
inlined from ‘std::vector<_Tp, _Alloc>::~vector() [with _Tp = unsigned 
char; _Alloc = std::allocator]’ at 
/usr/include/c++/14/bits/stl_vector.h:738:7,
inlined from ‘constexpr void std::_Optional_payload_base<_Tp>::_M_destroy() 
[with _Tp = std::vector]’ at /usr/include/c++/14/optional:283:35,
inlined from ‘constexpr void std::_Optional_payload_base<_Tp>::_M_reset() 
[with _Tp = std::vector]’ at /usr/include/c++/14/optional:314:14,
inlined from ‘constexpr void std::_Optional_base_impl<_Tp, _Dp>::_M_reset() 
[with _Tp = std::vector; _Dp = 
std::_Optional_base, false, false>]’ at 
/usr/include/c++/14/optional:466:53,
inlined from ‘std::enable_if_t<((bool)is_constructible_v<_Tp, _Args ...>), 
_Tp&> std::optional<_Tp>::emplace(_Args&& ...) [with _Args = 
{std::vector >}; _Tp = 
std::vector]’ at /usr/include/c++/14/optional:915:18,
inlined from ‘WasmEdge::Expect 
WasmEdge::FileMgr::setCode(std::vector)’ at 
/<>/lib/loader/filemgr.cpp:52:21:
/usr/include/c++/14/bits/stl_vector.h:369:59: error: 
‘((std::_Vector_base 
>*)((char*)this + 8))[2].std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::std::_Vector_base >::_Vector_impl_data.std::_Vector_base >::_Vector_impl_data::_M_start’ may be used 
uninitialized [-Werror=maybe-uninitialized]
  369 |   _M_impl._M_end_of_storage - _M_impl._M_start);
  |   ^~~~
/usr/include/c++/14/bits/stl_vector.h:369:31: error: 
‘((std::_Vector_base 
>*)((char*)this + 8))[2].std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::std::_Vector_base >::_Vector_impl_data.std::_Vector_base >::_Vector_impl_data::_M_end_of_storage’ 
may be used uninitialized [-Werror=maybe-uninitialized]
  369 |   _M_impl._M_end_of_storage - _M_impl._M_start);
  |   ^
cc1plus: all warnings being treated as errors
make[3]: *** [lib/loader/CMakeFiles/wasmedgeLoaderFileMgr.dir/build.make:79: 
lib/loader/CMakeFiles/wasmedgeLoaderFileMgr.dir/filemgr.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs
```

HTH

signature.asc
Description: This is a digitally signed message part.

Bug#1077238: Upgrade will break networking, thus unable to download missing packages

[Diederik de Haas]

Control: reopen -1
Control: retitle -1 Please extend NEWS to clarify what users can and should do

On Saturday, 27 July 2024 11:30:37 CEST Dan Jacobson wrote:
> Yes. The news item needs to warn:
> 
> ** Warning: if you take no action, upon the next boot you might
> 1. Not be able to network.
> 2. Not be able to see your screen.
> 3. Not be able to boot.
> and thus unable to install the new packages to fix it too.
> Therefore be sure to install the new packages ... now, unless you are
> sure you know what you are doing.

I guess it won't hurt to expand the NEWS item to:
- Make sure users have installed the Recommended packages they need
- Inform them that they can remove the automatically installed Recommended
  packages they don't need (which may help with the initramfs-tools bug in
  0.142 and the IMO too small default /boot partition)

signature.asc
Description: This is a digitally signed message part.

Bug#1077238: Upgrade will break networking, thus unable to download missing packages

[Diederik de Haas]

On Saturday, 27 July 2024 10:54:22 CEST Dan Jacobson wrote:
> That's exactly what happened to me.
> Not all users automatically install recommends.

Those users are ofc allowed to make that choice, but they then also accept the 
consequences that go with it.

What you asked for is exactly how it was implemented:
misc-nonfree Recommends all the packages where firmware files which were in 
misc-nonfree before, but are now in one of the new packages.
Which allows them to remove the Recommended packages they don't need.

Next to the Recommends solution, you should have also received/seen a NEWS 
item, which explains what to do in the new situation.
Did you not receive/see that? Or was the text unclear?

signature.asc
Description: This is a digitally signed message part.

Bug#1076372: Re.: linux-image-6.5.0-0.deb12.4-amd64: ext4 file corruption with newer kernels

[Diederik de Haas]

Control: found -1 6.3.7-1

On Friday, 26 July 2024 10:49:00 CEST Stefan wrote:
> The complete sentence is:
> 
> oldest non-working kernel is 6.3.7 (package linux-image-6.3.0-1-amd64),
> 6.3.5 (latest version of package package linux-image-6.3.0-0-amd64) works.

Excellent, that narrows down the 'suspect list' to 332 commits.

me@pc:~/dev/kernel.org/linux$ git log --oneline v6.3.5..v6.3.7 | grep "ext4: "
9ca777c1ef9a ext4: enable the lazy init thread when remounting read/write
8664693a8ff2 ext4: add lockdep annotations for i_data_sem for ea_inode's
9d993659ed77 ext4: disallow ea_inodes with extended attributes
982f2501e753 ext4: set lockdep subclass for the ea_inode in 
ext4_xattr_inode_cache_find()
2f1dace530e8 ext4: add EA_INODE checking to ext4_iget()

And those are all pretty close to the v6.3.7 tag:
$ git log --oneline 2f1dace530e8..v6.3.7 | wc -l
28

Hopefully this means there a fast/short `git bisect` possible ...

signature.asc
Description: This is a digitally signed message part.

Bug#1076617: installation-guide: Severely outdated information wrt partitioning

[Diederik de Haas]

On Thursday, 25 July 2024 20:50:23 CEST Holger Wansing wrote:
> Diederik de Haas  wrote (Tue, 23 Jul 2024 22:14:46
> +0200):
> > > > >Or as I phrased it in https://bugs.debian.org/1076582#27 :
> > > > >"Maybe that document should be updated for this CENTURY?"
> > > 
> > > I have prepared a patch, to update the installation-guide (attached),
> > > mostly a removal of outdated / no longer needed information.
> > 
> > Much better!
> > 
> > It may be possible to improve/extend the information further, but that
> > could happen another time (too).
> > The real problematic parts are gone now, so thanks for that :-)
> 
> Just pushed to git.

Thanks!

signature.asc
Description: This is a digitally signed message part.

Bug#1077049: libliftoff: Updated debian/watch file

[Diederik de Haas]

On 25 Jul 2024 16:35:40 +0200 Diederik de Haas  wrote:
> Source: libliftoff
> Version: 0.4.1-1
> Severity: minor
> Tags: patch
> 
> https://tracker.debian.org/pkg/libliftoff reported it had a problem with
> finding a new upstream release, which does exist, so I updated the
> ``debian/watch`` file so that it now does find new versions.
> 
> When running ``uscan`` it does report the following:
> 
> ```
> uscan warn: Possible OpenPGP signature found at:
>
> https://gitlab.freedesktop.org/emersion/libliftoff/-/tags-/archive/v0.5.0/libliftoff-v0.5.0.tar.bz2.asc

Updated patch which results in a (slightly) better output, attached.

```
 => Newer package available from:
=> 
https://gitlab.freedesktop.org/emersion/libliftoff/-/archive/v0.5.0/libliftoff-v0.5.0.tar.bz2
uscan warn: Possible OpenPGP signature found at:
   
https://gitlab.freedesktop.org/emersion/libliftoff/-/archive/v0.5.0/libliftoff-v0.5.0.tar.bz2.asc
 * Add opts=pgpsigurlmangle=s/$/.asc/ or opts=pgpmode=auto to debian/watch
 * Add debian/upstream/signing-key.asc.
```>From b54309239a510a4a5e1574f17bf42fd25f8a961b Mon Sep 17 00:00:00 2001
From: Diederik de Haas 
Date: Thu, 25 Jul 2024 16:27:11 +0200
Subject: [PATCH] d/watch: Update uscan params

https://tracker.debian.org/pkg/libliftoff reported the following issue:
"Problems while searching for a new upstream version"

And it (apparently) didn't notice version 0.5.0 was released.
With the new uscan parameters it does find the new version.
---
 debian/watch | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/watch b/debian/watch
index dc3a39f..3bb3cc7 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,4 @@
 version=4
-https://gitlab.freedesktop.org/emersion/libliftoff/-/tags archive/v?@ANY_VERSION@/.*@ARCHIVE_EXT@
+opts="searchmode=plain" \
+ https://gitlab.freedesktop.org/emersion/@PACKAGE@/-/tags \
+ archive/v?@ANY_VERSION@/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@
-- 
2.45.2



signature.asc
Description: This is a digitally signed message part.

Bug#1077049: libliftoff: Updated debian/watch file

[Diederik de Haas]

Source: libliftoff
Version: 0.4.1-1
Severity: minor
Tags: patch

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

https://tracker.debian.org/pkg/libliftoff reported it had a problem with
finding a new upstream release, which does exist, so I updated the
``debian/watch`` file so that it now does find new versions.

When running ``uscan`` it does report the following:

```
uscan warn: Possible OpenPGP signature found at:
   
https://gitlab.freedesktop.org/emersion/libliftoff/-/tags-/archive/v0.5.0/libliftoff-v0.5.0.tar.bz2.asc
 * Add opts=pgpsigurlmangle=s/$/.asc/ or opts=pgpmode=auto to debian/watch
 * Add debian/upstream/signing-key.asc.
```

I did NOT add the upstream signing key or add ``uscan``'s suggestion for
additional parameters.

Cheers,
  Diederik

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.9.10-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZqJivAAKCRDXblvOeH7b
bm2uAQDJoeaXr3Zm4gVKabqT4uP/mVDS4SSOcBI2YJi023EPlAD9HwJo0YKGVr2D
/DbZn+1NV9JGblhXtiNNm9HIiM58dgA=
=roS1
-END PGP SIGNATURE-
>From 7a8628f6bad0dcbaeac7d34e92e7828c358bab5c Mon Sep 17 00:00:00 2001
From: Diederik de Haas 
Date: Thu, 25 Jul 2024 16:27:11 +0200
Subject: [PATCH] d/watch: Update uscan params

https://tracker.debian.org/pkg/libliftoff reported the following issue:
"Problems while searching for a new upstream version"

And it (apparently) didn't notice version 0.5.0 was released.
With the new uscan parameters it does find the new version.
---
 debian/watch | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/watch b/debian/watch
index dc3a39f..80eefa5 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,4 @@
 version=4
-https://gitlab.freedesktop.org/emersion/libliftoff/-/tags 
archive/v?@ANY_VERSION@/.*@ARCHIVE_EXT@
+opts="searchmode=plain" \
+ https://gitlab.freedesktop.org/emersion/@PACKAGE@/-/tags \
+ -/archive/v?@ANY_VERSION@/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@
-- 
2.45.2

Bug#1075180: libliftoff: ftbfs with GCC-14

[Diederik de Haas]

Control: tag -1 upstream fixed-upstream patch

On Wed, 03 Jul 2024 12:33:34 + Matthias Klose  wrote:
> Package: src:libliftoff
> Version: 0.4.1-1
> Usertags: ftbfs-gcc-14
> 
> The package fails to build in a test rebuild on at least amd64 with
> gcc-14/g++-14, but succeeds to build with gcc-13/g++-13. The
> severity of this report will be raised before the trixie release.

https://gitlab.freedesktop.org/emersion/libliftoff/-/merge_requests/78 is the 
upstream MR which fixes that issue. It has been merged and is part of the 0.5.0 
release, which the tracker (apparently) doesn't see, but was tagged on 
2024-05-28.

So the best solution seems to package version 0.5.0?

Alternatively, you can add the attached patch.
https://salsa.debian.org/diederik/libliftoff/-/tree/gcc-14-compat
can also be turned into a MR and via that you can see it does build 
successfully with GCC-14, while without it, the build failed.

HTH,
  Diederik>From 29a06add8ef184f85e37ff8abdc34fbaa2f4ee1e Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich 
Date: Thu, 21 Dec 2023 20:15:29 +
Subject: [PATCH] layer.c: fix build against upcoming `gcc-14` (`-Werror=calloc-transposed-args`)

`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `libliftoff`:

../layer.c: In function 'liftoff_layer_create':
../layer.c:20:48: error: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in t
ument [-Werror=calloc-transposed-args]
   20 | layer->candidate_planes = calloc(sizeof(layer->candidate_planes[0]),
  |^
../layer.c:20:48: note: earlier argument should specify number of elements, later size of each element
---
 layer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/layer.c b/layer.c
index 73a8186..6510ea7 100644
--- a/layer.c
+++ b/layer.c
@@ -17,8 +17,8 @@ liftoff_layer_create(struct liftoff_output *output)
 		return NULL;
 	}
 	layer->output = output;
-	layer->candidate_planes = calloc(sizeof(layer->candidate_planes[0]),
-	 output->device->planes_cap);
+	layer->candidate_planes = calloc(output->device->planes_cap,
+	 sizeof(layer->candidate_planes[0]));
 	if (layer->candidate_planes == NULL) {
 		liftoff_log_errno(LIFTOFF_ERROR, "calloc");
 		free(layer);
--
GitLab



signature.asc
Description: This is a digitally signed message part.

Bug#1076564: pahole BTF processing seems flaky on powerpc

[Arnaldo Carvalho de Melo]

On Wed, Jul 24, 2024 at 11:04:51AM +0100, Alan Maguire wrote:
> On 19/07/2024 20:13, Arnaldo Carvalho de Melo wrote:
> > Adding Alan and Jiri to the CC list.
> >
> 
> I'm late chiming in on this one, but judging by the output:
> 
>   BTF .btf.vmlinux.bin.o
> + LLVM_OBJCOPY=powerpc-linux-gnu-objcopy pahole -J -j
> --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func
> --lang_exclude=rust .tmp_vmlinux.btf
> [102044] ARRAY (anon) type_id=99491 index_type_id=14 nr_elems=12 Error
> emitting BTF type
> Encountered error while encoding BTF.
> 
> 
> ...we hit an error in btf_encoder__add_array() as a result of
> btf__add_array() failing:
> 
> btf__log_err(btf, BTF_KIND_ARRAY, NULL, true,
>   "type_id=%u index_type_id=%u nr_elems=%u
> Error emitting BTF type",
>   type, index_type, nelems);
> 
> 
> Unfortunately we don't preserve the negative id value (containing the
> error code) in btf__log_err(); I'm thinking one thing we should do is
> modify btf__log_err() to preserves errors for cases where the encoding
> errors out due to a libbpf-returned -errno, something like
> 
> 
> -__attribute ((format (printf, 5, 6)))
> +__attribute ((format (printf, 6, 7)))
> -static void btf__log_err(const struct btf *btf, int kind, const char *name,
> +static void btf__log_err(const struct btf *btf, int libbpf_err, int
> kind, const char *name,
>  bool output_cr, const char *fmt, ...)
> {
> fprintf(stderr, "[%u] %s %s", btf__type_cnt(btf),
> btf_kind_str[kind], name ?: "(anon)");
> 
>   if (fmt && *fmt) {
> va_list ap;
> 
> fprintf(stderr, " ");
> va_start(ap, fmt);
> vfprintf(stderr, fmt, ap);
> va_end(ap);
> }
> 
> + if (libbpf_err)
> + fprintf(stderr, " libbpf error %d", libbpf_err);
> if (output_cr)
> fprintf(stderr, "\n");
> }
> 
> 
> So at least if this error recurs we'd have a clearer picture of what's
> happening in libbpf. What do you think? I'll submit a patch for this if
> it makes sense.

I agree completely that the error reporting we have is lacking, we
better go and add extra info for these cases so that we can more quickly
get a clue of what is taking place, so please submit patches for that
and I'll consider them.

Thanks,

- Arnaldo

Bug#1076372: Re.: linux-image-6.5.0-0.deb12.4-amd64: ext4 file corruption with newer kernels

[Diederik de Haas]

Control: found -1 6.9.7-1~bpo12+1

On Wednesday, 24 July 2024 17:24:44 CEST Stefan wrote:
> I ran a few other tests:
> 
> 1. tried package "linux-image-6.1.0-22-amd64": works
> 2. tried package "linux-image-6.9.7+bpo-amd64": does not work

Via https://snapshot.debian.org/package/linux-signed-amd64/ you can find
older (bpo) kernels then 6.5.10+1~bpo12+1 (where it was initially filed 
against) and it's useful to know what the last kernel version after 6.1
was where it worked properly and the first one where it broke.

signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

On Wednesday, 24 July 2024 13:21:36 CEST Vincent Lefevre wrote:
> On 2024-07-24 10:58:24 +0200, Diederik de Haas wrote:
> > Uninstalling firmware YOU DON'T NEED is a perfectly valid solution.
> 
> How can one do that? I mean, get only the Nvidia firmware for my
> particular Nvidia card, not everything of all the existing cards
> (which is really the issue).

No, uninstalling firmware *packages* you don't need.
firmware-misc-nonfree recommends firmware-nvidia-graphics, firmware-intel-
graphics, firmware-intel-misc and firmware-mediatek because firmware *files*
which were previously in misc-nonfree got moved into their own package.

But if you don't have mediatek hardware, you don't have a reason to install 
the firmware-mediatek package and when you did, you can remove/uninstall
it again.

> > What IS a general solution is upgrading initramfs-tools to version 0.143
> > currently available in Experimental as that can handle symlinks to
> > *directories*, whereas 0.142 could only deal with symlinks to files.
> 
> Will it be uploaded to unstable soon?
> Installing core packages from Experimental is rather scary.

There's nothing scary about Experimental, it's just another archive area.
The only difference is that it has priority: 1 (by default), which means that
when a new version is uploaded to Experimental, it won't ('even') upgrade
to that new version. And you only get packages from Experimental when
you explicitly request them, which is what you need to do in this case.

> BTW, why doesn't compression make the symlink limitation disappear?
> I mean that if there are several copies of the same firmware, why
> doesn't compression remove all the redundancies?

The bug, afaik fixed in 0.143, is that it didn't maintain the directory 
symlinks, but instead copied the linked directory in full ... resulting in
a MUCH larger size.

signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

On Sunday, 21 July 2024 13:13:23 CEST Simon John wrote:
> Realistically we need a fix for whatever happened here and it can't be
> any of:
> 
>   * remove plymouth or firmware (not practical for desktop)

Plymouth is not the problem. It turns out it's installed on my laptop and I 
don't have this problem.
Uninstalling firmware YOU DON'T NEED is a perfectly valid solution.

>   * make /boot bigger (not upgrade friendly)

Changes to make /boot bigger by default are already in the works, but this 
will only affect NEW installations. There is no (easy) fix for existing systems.

>   * MODULES=dep (not effective)

This can be useful way to tweak things in individual situations, but I don't 
consider that a general solution.

What IS a general solution is upgrading initramfs-tools to version 0.143 
currently available in Experimental as that can handle symlinks to 
*directories*, whereas 0.142 could only deal with symlinks to files.

I already mentioned this in message #44, so it's rather disappointing that 
people insist on ranting about the problem, but not willing to try the 
suggested solution. Or they did and just didn't care to report the results 
back, which normally means it did fix the problem.

I already closed https://bugs.debian.org/1076539 because of that and I'm 
inclined to do the same/similar here too, soon.
(Probably just force-merging all those reports into 1)

signature.asc
Description: This is a digitally signed message part.

Bug#1076617: installation-guide: Severely outdated information wrt partitioning

[Diederik de Haas]

Hi,

On Tuesday, 23 July 2024 20:34:25 CEST Holger Wansing wrote:
> > Am 19. Juli 2024 20:54:24 MESZ schrieb Diederik de Haas 
:
> > >In bug #1076582 it was pointed out that the documentation at
> > >https://www.debian.org/releases/stable/amd64/apcs05.en.html
> > >
> > >has the following line:
> > >"create a small (25–50MB should suffice) partition at the beginning
> > >of the disk to be used as the boot partition"
> > >
> > >Earlier in that bug and also in #1076539 (which likely is the same
> > >issue) I made the argument that 512MB (the current d-i default) for the
> > >``/boot`` partition is already problematic.
> > >
> > >https://bugs.debian.org/960181#15 contains the following line:
> > >> There may be a bug here, in that the /boot partition was too small.
> > >> That has been fixed in the installer, but unfortunately we don't have
> > >> a general way to grow the partition on installed systems.
> > >
> > >And there have been other reports that the kernel is getting too big.
> > >
> > >Plymouth is installed by default and that includes the GPU modules and
> > >the firmware for it. And the firmware files have been getting bigger
> > >too, especially for nvidia where they just added firmware files which
> > >are respectively 23MB and 38MB in size ... (sigh)
> > >
> > >So the recommendation of a 25-50MB ``/boot`` partition is BAD.
> > >REALLY BAD as "we don't have a general way to grow the partition
> > >on installed systems."
> > >
> > >But then I read a bit further on the above referenced page and found the
> > >following:
> > >
> > >- - "If you have a large IDE disk"
> > >- - "This restriction doesn't apply if you have a BIOS newer than around
> > >1995–98" - - Seeing the word "cylinder" all over the place ...
> > >- - "CHS translation mode (“Large”)" = Cylinder/Head/Sector I presume?
> > >
> > >At that point I fell off my chair :-O
> > >
> > >Or as I phrased it in https://bugs.debian.org/1076582#27 :
> > >"Maybe that document should be updated for this CENTURY?"
> 
> I have prepared a patch, to update the installation-guide (attached),
> mostly a removal of outdated / no longer needed information.

Much better!

It may be possible to improve/extend the information further, but that could 
happen another time (too).
The real problematic parts are gone now, so thanks for that :-)

Cheers,
  Diederik


signature.asc
Description: This is a digitally signed message part.

Bug#1072451: simplescreenrecorder: FTBFS with ffmpeg 7.0: AudioEncoder.cpp:169:43: error: ‘AVFrame’ {aka ‘struct AVFrame’} has no member named ‘channels’ no member named ‘channels’

[Diederik de Haas]

Control: forwarded -1 https://github.com/MaartenBaert/ssr/pull/1031/
Control: tag -1 +upstream +fixed-upstream

On 2 Jun 2024 15:26:24 +0200 Sebastian Ramacher  wrote:
> Source: simplescreenrecorder
> Version: 0.4.4-5
> Severity: important
> Tags: trixie sid ftbfs
> Usertags: ffmpeg-7.0
> 
> Hi,
> 
> during a rebuild of the reverse dependencies for the transition to
> ffmpeg 7.0, your package failed to build

Someone made a PR and that got merged upstream. Updated metadata accordingly.

signature.asc
Description: This is a digitally signed message part.

Bug#1072425: k3b: FTBFS with ffmpeg 7.0: k3bf fmpegwrapper.cpp:143:26: error: ‘AVCodecContext’ {aka ‘struct AVCodecContext’} has no member named ‘channels’ xt’ {aka ‘struct AVCodecContext’} has n o m

[Diederik de Haas]

Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=485432
Control: tag -1 +upstream

On 2 Jun 2024 15:20:46 +0200 Sebastian Ramacher  wrote:
> Source: k3b
> Version: 23.08.3-1
> Severity: important
> Tags: trixie sid ftbfs
> Usertags: ffmpeg-7.0
> 
> Hi,
> 
> during a rebuild of the reverse dependencies for the transition to
> ffmpeg 7.0, your package failed to build

In the upstream git repo there are 2 commits on 2024-04-13 which probably do 
fix the FTBFS issue, but don't make it compatible with ffmpeg 7.0.
F.e. it now just returns '0' for the number of channels with ffmpeg 7.0, while 
it does return the actual value when < 7.0 ...

So, linking to those commits seems pointless.

signature.asc
Description: This is a digitally signed message part.

Bug#1076539: plymouth: Updating plymouth fails with "No space left on device"

[Diederik de Haas]

Control: reassign -1 src:initramfs-tools 0.142
Control: fixed -1 0.143

On Friday, 19 July 2024 20:05:52 CEST Diederik de Haas wrote:
> Control: tag -1 moreinfo
> 
> On Friday, 19 July 2024 17:27:39 CEST Diederik de Haas wrote:
> They are symlinks in the firmware-nvidia-graphics package, which leads
> to initramfs-tools being the problem.
> 
> In *Experimental* there's version 0.143 and there's at least 1 report
> that that keeps the symlinks (IOW: fixes the problem most likely)
> 
> Can you test whether the problem is indeed fixed with initramfs-tools
> version 0.143?

No response, so I guess that means the problem is fixed with initramfs-tools 
version 0.143, so closing the bug with that version.

signature.asc
Description: This is a digitally signed message part.

Bug#1076703: amd64-microcode: Please clarify how to check if I'm running the latest microcode

[Diederik de Haas]

On Tuesday, 23 July 2024 10:02:57 CEST Diederik de Haas wrote:
> On 22 Jul 2024 11:52:36 +0200 Diederik de Haas  wrote:
> > Package: amd64-microcode
> > Version: 3.20240116.2+nmu1
> > 
> > I was testing with `rngtest` on arm64 devices and wanted to know the
> > results on my amd64 AMD (Ryzen) CPU/APU.
> > 
> > System 1:
> > CPU: AMD Ryzen 7 1800X Eight-Core Processor (family: 0x17, model: 0x1,
> > stepping: 0x1)
> > CPU family: 23 (in decimal)
> > microcode revision: 0x08001138 (according to dmesg)
> > 
> > System 2:
> > CPU/APU: AMD Ryzen 5 5500GT with Radeon Graphics (family: 0x19, model:
> > 0x50, stepping: 0x0)
> > CPU family: 25 (in decimal)
> > microcode revision: 0x0a5f (according to dmesg)
> > 
> > While `rngtest` results looked excellent on System 1, it revealed that
> > the HWRNG on System 2 is broken.
> > I'm currently triaging it (with Asus; MB manufacturer) and they asked me
> > to test with the latest microcode. So hereby a '+1' on bug #1076128.
> 
> I looked closely how previous updates were done and made a 20240710.1+nmu1
> release myself and then used the .deb file created by Salsa's CI:
> https://salsa.debian.org/diederik/amd64-microcode/-/commits/release-3.202407
> 10.1+nmu1
> 
> Before:
> root@cknowsvr04:~# dmesg | grep microcode
> [0.587262] microcode: Current revision: 0x0a5f
> 
> After:
> root@cknowsvr04:~# dmesg | grep microcode
> [0.587102] microcode: Current revision: 0x0a5f
> 
> I'm pretty sure I did the 'nmu' correctly, but it seems the microcode
> update isn't applied (at all).

Set ``AMD64UCODE_INITRAMFS=early`` in ``/etc/default/amd64-microcode``
and regenerated the initramfs: same result.
With that changed file did an ``apt reinstall ./  Tue, 23 Jul 2024 09:26:50 +0200
```

System 2: "family: 0x19, model: 0x50, stepping: 0x0"
... which isn't listed in the changelog, so it didn't get an update ...
thus AFAIUI the reported microcode revision shouldn't have changed.

Guess I can report to Asus/AMD that I either need a new microcode update
or that the CPU needs a RMA ...

(The original request of this bug report still stands though).

Cheers,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#1076703: amd64-microcode: Please clarify how to check if I'm running the latest microcode

[Diederik de Haas]

On 22 Jul 2024 11:52:36 +0200 Diederik de Haas  wrote:
> Package: amd64-microcode
> Version: 3.20240116.2+nmu1
> 
> I was testing with `rngtest` on arm64 devices and wanted to know the
> results on my amd64 AMD (Ryzen) CPU/APU.
> 
> System 1:
> CPU: AMD Ryzen 7 1800X Eight-Core Processor (family: 0x17, model: 0x1,
> stepping: 0x1)
> CPU family: 23 (in decimal)
> microcode revision: 0x08001138 (according to dmesg)
> 
> System 2:
> CPU/APU: AMD Ryzen 5 5500GT with Radeon Graphics (family: 0x19, model: 0x50,
> stepping: 0x0)
> CPU family: 25 (in decimal)
> microcode revision: 0x0a5f (according to dmesg)
> 
> While `rngtest` results looked excellent on System 1, it revealed that
> the HWRNG on System 2 is broken.
> I'm currently triaging it (with Asus; MB manufacturer) and they asked me
> to test with the latest microcode. So hereby a '+1' on bug #1076128.
> 
> I am running the latest amd64-microcode package on both and looked
> further into all the package files and actually got confused.
> I got the *impression* that some heuristic was used to determine whether
> the microcode update should be applied.
> That impression was based on what I saw in ``/etc/default/amd64-microcode``
> and ``/etc/modprobe.d/amd64-microcode-blacklist.conf``.
> 
> I also went looking for the microcode revision number reported by
> ``dmesg`` in the upstream repo, but the relevant data seems to be part
> of ``/usr/share/doc/amd64-microcode/README.gz``.
> But no where did I find those microcode revision codes.
> 
> I'd like to know whether I'm actually running the latest microcode,
> but I haven't figured out a way how?
> So hereby a request to clarify/document how I (and others) can verify
> whether they're (actually) *running* the latest (amd64-)microcode.

I looked closely how previous updates were done and made a 20240710.1+nmu1
release myself and then used the .deb file created by Salsa's CI:
https://salsa.debian.org/diederik/amd64-microcode/-/commits/release-3.20240710.1+nmu1

Before:
root@cknowsvr04:~# dmesg | grep microcode
[0.587262] microcode: Current revision: 0x0a5f

root@cknowsvr04:~# apt install 
./amd64-microcode_3.20240710.1+nmu1+salsaci+20240723+2_amd64.deb 
Note, selecting 'amd64-microcode' instead of 
'./amd64-microcode_3.20240710.1+nmu1+salsaci+20240723+2_amd64.deb'

Upgrading:
  amd64-microcode

...
Setting up amd64-microcode (3.20240710.1+nmu1+salsaci+20240723+2) ...
update-initramfs: deferring update (trigger activated)
amd64-microcode: microcode will be updated at next boot
Processing triggers for initramfs-tools (0.142) ...
update-initramfs: Generating /boot/initrd.img-6.9.9-amd64
root@cknowsvr04:~# reboot

After:
root@cknowsvr04:~# dmesg | grep microcode
[0.587102] microcode: Current revision: 0x0a5f


I'm pretty sure I did the 'nmu' correctly, but it seems the microcode
update isn't applied (at all).

signature.asc
Description: This is a digitally signed message part.

Bug#1059854: libdrm2: New upstream available for libdrm

[Diederik de Haas]

On 02 Jan 2024 07:49:47 -0500 Richard Ayotte  wrote:
> Package: libdrm2
> Version: 2.4.117-1
> Severity: wishlist
> 
> A new upstream version of available for the libdrm2 package is available and
> needed to run Hyprland.

I guess this bug has technically be fixed, but as it hasn't been marked as such 
(and closed), I hope it's ok to 'reuse' this bug to request 2.4.122 which is 
needed for wlroots 0.18?

signature.asc
Description: This is a digitally signed message part.

Bug#1076703: amd64-microcode: Please clarify how to check if I'm running the latest microcode

[Diederik de Haas]

Package: amd64-microcode
Version: 3.20240116.2+nmu1
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I was testing with `rngtest` on arm64 devices and wanted to know the
results on my amd64 AMD (Ryzen) CPU/APU.

System 1:
CPU: AMD Ryzen 7 1800X Eight-Core Processor (family: 0x17, model: 0x1, 
stepping: 0x1)
CPU family: 23 (in decimal)
microcode revision: 0x08001138 (according to dmesg)

System 2:
CPU/APU: AMD Ryzen 5 5500GT with Radeon Graphics (family: 0x19, model: 0x50, 
stepping: 0x0)
CPU family: 25 (in decimal)
microcode revision: 0x0a5f (according to dmesg)

While `rngtest` results looked excellent on System 1, it revealed that
the HWRNG on System 2 is broken.
I'm currently triaging it (with Asus; MB manufacturer) and they asked me
to test with the latest microcode. So hereby a '+1' on bug #1076128.

I am running the latest amd64-microcode package on both and looked
further into all the package files and actually got confused.
I got the *impression* that some heuristic was used to determine whether
the microcode update should be applied.
That impression was based on what I saw in ``/etc/default/amd64-microcode``
and ``/etc/modprobe.d/amd64-microcode-blacklist.conf``.

I also went looking for the microcode revision number reported by
``dmesg`` in the upstream repo, but the relevant data seems to be part
of ``/usr/share/doc/amd64-microcode/README.gz``.
But no where did I find those microcode revision codes.

I'd like to know whether I'm actually running the latest microcode,
but I haven't figured out a way how?
So hereby a request to clarify/document how I (and others) can verify
whether they're (actually) *running* the latest (amd64-)microcode.

Cheers,
  Diederik

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.9.10-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

amd64-microcode depends on no packages.

Versions of packages amd64-microcode recommends:
ii  initramfs-tools  0.142

amd64-microcode suggests no packages.

- -- no debconf information

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZp4r3QAKCRDXblvOeH7b
bq07AP9eCVDDdE8Wvz/NUeibJ+PJCFObGyF93qO/i/I4ZizjNwEAgpSK/CBUAoZX
B+IEmONl1FxVeKNCs2aaWOKMzim5rwQ=
=2pIO
-END PGP SIGNATURE-

Bug#1076617: installation-guide: Severely outdated information wrt partitioning

[Diederik de Haas]

On Saturday, 20 July 2024 17:07:18 CEST Holger Wansing wrote:
> This bug seems firstly a documentation issue, but one could also argue,
> that there's another topic with the /boot partition being to small these
> days in the light of bigger initrds due to firmware includes etc.

Agreed.

> So, before changing the doc, we should first evaluate, if the default size
> should be increased.
> 
> Thoughts?

For my thoughts, I'll just quote what I said in the submission:

On vrijdag 19 juli 2024 20:54:24 CEST Diederik de Haas wrote:
> For ``/boot`` size it should minimally follow d-i's default, but I
> actually think both should be updated to 1G in size, which should
> (generally) not be a problem with current TBs NVMe drives.


signature.asc
Description: This is a digitally signed message part.

Bug#1076564: pahole BTF processing seems flaky on powerpc

[Arnaldo Carvalho de Melo]

Adding Alan and Jiri to the CC list.

On Fri, Jul 19, 2024 at 08:53:24AM +0200, Domenico Andreoli wrote:
> Hi Arnaldo,
> 
> On Thu, Jul 18, 2024 at 11:56:09PM +0200, Ben Hutchings wrote:
> > Package: pahole
> > Version: 1.27-1
> > Severity: normal
> > X-Debbugs-Cc: debian-ker...@lists.debian.org
> > 
> > Several kernel builds on powerpc have failed recently:
> > 
> > 6.8.12-1:
> > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.8.12-1&stamp=1717234422&raw=1
> > 6.9.9-1: 
> > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.9.9-1&stamp=1720906547&raw=1
> > 6.10-1~exp1: 
> > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.10-1%7Eexp1&stamp=1721287862&raw=1
> > 
> > Note, these log files are up to 270 MB in size and should be
> > downloaded; at least Firefox becomes unresponsive when trying to
> > display them.
> > 
> > For each of these, the failure seems to start with an error from
> > pahole such as:
> > 
> > [102044] ARRAY (anon) type_id=99491 index_type_id=14 nr_elems=12 Error 
> > emitting BTF type
> > Encountered error while encoding BTF.
> 
> Does the above error ring any bell?

Nope
 
> Is there anything I can do to help?

>From the 6.10-1~exp1:
https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.10-1%7Eexp1&stamp=1721287862&raw=1
file:

+ LLVM_OBJCOPY=powerpc-linux-gnu-objcopy pahole -J -j 
--btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func
 --lang_exclude=rust .tmp_vmlinux.btf

Can I have access to that .tmp_vmlinux.btf file so that I can try to
reproduce it here?

- Arnaldo
 
> > 
> > This does *not* happen consistently.  Compare these successful
> > builds:
> > 
> > 6.8.12-1:
> > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.8.12-1&stamp=1717278092&raw=1
> > - This same version failed to build on the first try.
> > 6.9.7-1: 
> > https://buildd.debian.org/status/fetch.php?pkg=linux&arch=powerpc&ver=6.9.7-1&stamp=1719538806&raw=1
> > - Earlier and later 6.9.x versions failed to build.
> > 
> > Both pahole versions 1.26-1 and 1.27-1 have been used in both
> > successful and failing builds.
> > 
> > Ben.
> > 
> > -- System Information:
> > Debian Release: trixie/sid
> >   APT prefers unstable-debug
> >   APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
> > 'stable-security'), (500, 'oldstable-updates'), (500, 
> > 'oldstable-security'), (500, 'oldoldstable-updates'), (500, 
> > 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), 
> > (1, 'experimental')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> > 
> > Kernel: Linux 6.9.9-amd64 (SMP w/12 CPU threads; PREEMPT)
> > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE 
> > not set
> > Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> > 
> > Versions of packages pahole depends on:
> > ii  libbpf1 1:1.4.3-1
> > ii  libc6   2.39-4
> > ii  libdw1t64   0.191-2
> > ii  libelf1t64  0.191-2
> > ii  zlib1g  1:1.3.dfsg+really1.3.1-1
> > 
> > pahole recommends no packages.
> > 
> > pahole suggests no packages.
> > 
> > -- debconf-show failed
> 
> -- 
> rsa4096: 3B10 0CA1 8674 ACBA B4FE  FCD2 CE5B CF17 9960 DE13
> ed25519: FFB4 0CC3 7F2E 091D F7DA  356E CC79 2832 ED38 CB05

Bug#1076617: installation-guide: Severely outdated information wrt partitioning

[Diederik de Haas]

Source: installation-guide
Version: 20230623
Severity: normal

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

In bug #1076582 it was pointed out that the documentation at
https://www.debian.org/releases/stable/amd64/apcs05.en.html

has the following line:
"create a small (25–50MB should suffice) partition at the beginning
of the disk to be used as the boot partition"

Earlier in that bug and also in #1076539 (which likely is the same
issue) I made the argument that 512MB (the current d-i default) for the
``/boot`` partition is already problematic.

https://bugs.debian.org/960181#15 contains the following line:

> There may be a bug here, in that the /boot partition was too small.
> That has been fixed in the installer, but unfortunately we don't have
> a general way to grow the partition on installed systems.

And there have been other reports that the kernel is getting too big.

Plymouth is installed by default and that includes the GPU modules and
the firmware for it. And the firmware files have been getting bigger
too, especially for nvidia where they just added firmware files which
are respectively 23MB and 38MB in size ... (sigh)

So the recommendation of a 25-50MB ``/boot`` partition is BAD.
REALLY BAD as "we don't have a general way to grow the partition
on installed systems."

But then I read a bit further on the above referenced page and found the
following:

- - "If you have a large IDE disk"
- - "This restriction doesn't apply if you have a BIOS newer than around 
1995–98"
- - Seeing the word "cylinder" all over the place ...
- - "CHS translation mode (“Large”)" = Cylinder/Head/Sector I presume?

At that point I fell off my chair :-O

Or as I phrased it in https://bugs.debian.org/1076582#27 :
"Maybe that document should be updated for this CENTURY?"

I actually think this bug should be RC, but couldn't (quickly) find
which (if any) Policy rules it violated.
And 'critical' is possibly a bit much?

But I think these recommendations ought to be updated before Trixie is
released and possibly current Stable docs updated in case someone
follows the Installation Guide recommendation (which is normally and
otherwise a good thing).

For ``/boot`` size it should minimally follow d-i's default, but I
actually think both should be updated to 1G in size, which should
(generally) not be a problem with current TBs NVMe drives.

Cheers,
  Diederik

- -- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.9.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCZpq2WQAKCRDXblvOeH7b
bkzhAQCWg9McvuTHGa23GOMygGw1kBk7ubr+U1aawm5e1vtmHAEAwHSzQBAzAft+
iKW6W2syMOTg4dcAncK5uO7k2QCe1AI=
=+qN2
-END PGP SIGNATURE-

Bug#1076539: plymouth: Updating plymouth fails with "No space left on device"

[Diederik de Haas]

Control: tag -1 moreinfo

On Friday, 19 July 2024 17:27:39 CEST Diederik de Haas wrote:
> Today I learned something new and that is that plymouth includes
> GPU modules AND their firmware in the initramfs.

And learned something else via https://bugs.debian.org/1076582#37 :

On vrijdag 19 juli 2024 17:56:30 CEST Chris Hofstaedtler wrote:
> One of the things I've noticed:
> 
> /usr/lib/firmware/nvidia/tu104/gsp is supposed to be a symlink to
> /usr/lib/firmware/nvidia/tu102/gsp. However, in initrd.img, this is
> a copy of the directory; accounting for 25M on its own.
> 
> No wonder the initrd is way too large.

They are symlinks in the firmware-nvidia-graphics package, which leads
to initramfs-tools being the problem.

In *Experimental* there's version 0.143 and there's at least 1 report
that that keeps the symlinks (IOW: fixes the problem most likely)

Can you test whether the problem is indeed fixed with initramfs-tools
version 0.143?

signature.asc
Description: This is a digitally signed message part.

Bug#1072968: linux-image-6.7.12-arm64: Add support for Mediatek MT7986 SoC

[Diederik de Haas]

Control: tag -1 pending

On Friday, 28 June 2024 08:47:52 CEST Diederik de Haas wrote:
> Control: tag -1 patch
> 
> I submitted a MR to fix this bug with my changes here:
> https://salsa.debian.org/kernel-team/linux/-/merge_requests/1109

And that MR has been merged into master and thus should land in the
next 6.10 upload \o/

signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

Control: affects -1 firmware-nvidia-graphics

On Friday, 19 July 2024 17:56:30 CEST Chris Hofstaedtler wrote:
> Control: retitle -1 initramfs-tools: duplicates nvidia firmware files
> 
> On Fri, Jul 19, 2024 at 04:43:47PM +0200, Diederik de Haas wrote:
> > > In any case, the upgrade should work for any user, including when
> > > all these packages are needed.
> > 
> > The real problem seems to be the size of /boot/ ...
> 
> Not really. 

It's nice that we can *postpone* that problem a while longer.

> A large part of the problem is that initramfs explodes
> the size of the nvidia firmware.
> 
> On the root file system, in /usr/lib/firmware, the nvidia firmware
> files are 66MB (uncompressed!).
> However, the initrd.img grows from 64M to 250M (compressed!) when
> firmware-nvidia-graphics is installed. There is something seriously
> wrong here.
> 
> One of the things I've noticed:
> 
> /usr/lib/firmware/nvidia/tu104/gsp is supposed to be a symlink to
> /usr/lib/firmware/nvidia/tu102/gsp. However, in initrd.img, this is
> a copy of the directory; accounting for 25M on its own.
> 
> No wonder the initrd is way too large.

Nice find! Adding firmware-nvidia-graphics as affects (which hopefully
will warn users of that package of this problem)

> There are probably more cases where the symlinks are not preserved.
> This needs to be fixed in initramfs (or whatever hook script copies
> the firmware files).

There was a relatively recent upload of initramfs-tools 0.143 to 
*Experimental* and I'm curious if that would help in this case.

signature.asc
Description: This is a digitally signed message part.

Bug#1076539: plymouth: Updating plymouth fails with "No space left on device"

[Diederik de Haas]

Control: severity -1 important

On Thursday, 18 July 2024 10:54:48 CEST Diederik de Haas wrote:
> Control: severity -1 minor
> 
> On 18 Jul 2024 09:43:38 +0200 Bastian Venthur  wrote:
> > Package: plymouth
> > Version: 24.004.60-2
> > Severity: important
> > X-Debbugs-Cc: vent...@debian.org
> > 
> > Dear Maintainer,
> > 
> > trying to update plymouth fails with "No space left on device":
> > 
> > sudo aptitude -u
> > Performing actions...
> > Setting up initramfs-tools (0.142) ...
> > update-initramfs: deferring update (trigger activated)
> > Setting up plymouth (24.004.60-2) ...
> > update-initramfs: Generating /boot/initrd.img-6.9.9-amd64
> > ...
> > W: Possible missing firmware /lib/firmware/amdgpu/smu_14_0_2.bin for
> > module amdgpu zstd: error 70 : Write error : cannot write block : No
> > space left on device E: mkinitramfs failure zstd -q -9 -T0 70
> > update-initramfs: failed for /boot/initrd.img-6.9.9-amd64 with 1.
> > 
> > dpkg: error processing package plymouth (--configure):
> >  installed plymouth package post-installation script subprocess returned
> >  error exit status 1> 
> > dpkg: dependency problems prevent configuration of plymouth-label:
> >  plymouth-label depends on plymouth (= 24.004.60-2); however:
> >   Package plymouth is not configured yet.
> > 
> > /boot still has 170MB free:
> > 
> > # df -h /boot
> > Filesystem  Size  Used Avail Use% Mounted on
> > /dev/nvme0n1p2  471M  275M  172M  62% /boot
> 
> I fail to see how this is any package's problem.
> Your boot partition is too small to perform the requested operation.
> 
> During compression it needs the space for the uncompressed files and
> the space needed for the compressed archive, so it generally needs
> (much) more space then it finally needs as the uncompressed files will
> be removed again once the compressed archive is complete.

Looks like I was incorrect on that one; from 929424#10 :
"initramfs-tools doesn't store temporary files on /boot"

Apologies for that.

Today I learned something new and that is that plymouth includes
GPU modules AND their firmware in the initramfs.
And with the now much larger firmware packages/files, that made
the actual problem much more urgent.

> Solution: make your boot partition larger. Or remove older/other
> kernels, but IMO this will only delay the inevitable.

And that is IMO still the actual issue.

Due to a VERY similar bug report, I was made aware of some rather
horrific advise ... in the official Debian documentation:
https://bugs.debian.org/1076582#27

On the d-i size (in code) things were apparently already evolved into
this century, but I still think 512MB for /boot partition is problematic.
And even more so when plymouth is in the mix, where (too many?) firmware
files get included in initramfs.

> Reducing severity to minor, but I actually think it should just be closed.

So I bumped up the severity, but not reassigned it as I think it's useful
if all these reports came in on the same Mailing List, which in this case
is the debian-kernel ML ...

> On 18 Jul 2024 10:17:20 +0200 Laurent Bigonville  wrote:
> > It's related to firmware-misc-nonfree that is now pulling
> > firmware-nvidia-graphics that contains a lot of (non-free) firmwares.
> > 
> > With firmware-nvidia-graphics installed, my initramfs grows to something
> > like 200M compared to 64M without it.
> 
> The firmware-nvidia-graphics package was created exactly because its size
> got big(ger) and (partially therefor) deserved its own package instead of
> making the firmware-misc-nonfree extremely large. That package is meant
> for 'the other' firmware which don't deserve their own package.
> The firmware-nvidia-graphics is recommended by firmware-misc-nonfree as
> the nvidia graphics firmware files were moved from the latter to the former.
> 
> Solution: If you don't need firmware-nvidia-graphics, don't install it.
> If you do need it, but don't have the space for it, then increase your
> storage size.

That's still correct (though).
But it may be useful to extend the NEWS to be more explicit and verbose
about the potential consequences.

Cheers,
  Diederik

signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

[ not including debian-release for this ]

On Friday, 19 July 2024 15:54:57 CEST Vincent Lefevre wrote:
> On 2024-07-19 14:32:28 +0200, Diederik de Haas wrote:
> > On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> > > When upgrading the firmware:
> > > 
> > > [...]
> > > Setting up firmware-intel-graphics (20240610-1) ...
> > > Setting up firmware-iwlwifi (20240610-1) ...
> > > Setting up firmware-misc-nonfree (20240610-1) ...
> > > Setting up firmware-nvidia-graphics (20240610-1) ...
> > > Setting up firmware-intel-misc (20240610-1) ...
> > > Setting up firmware-mediatek (20240610-1) ...
> > > Processing triggers for initramfs-tools (0.142) ...
> > > update-initramfs: Generating /boot/initrd.img-6.9.9-amd64
> > > zstd: error 70 : Write error : cannot write block : No space left on
> > > device
> > 
> > If you do not need all that firmware, try removing the ones you
> > don't need. Especially if you don't need nvidia-graphics firmware,
> > remove that because that is BIG (and the reason it got split out
> > from misc-nonfree). It's a RECOMMENDS, so you can remove it (if you
> > don't need it).
> 
> The graphics card is a Nvidia one, so I probably need this firmware.

Agreed, you should have that firmware package installed.
I learned something new today: Are you using plymouth?
Because plymouth does include GPU kernel modules and the firmware for it.

> In any case, the upgrade should work for any user, including when
> all these packages are needed.

The real problem seems to be the size of /boot/ ...

> > On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> > > This is wrong. There's plenty of space:
> > > 
> > > FilesystemSize  Used Avail Use% Mounted on
> > > ...
> > > 
> > >   456M  243M  189M  57% /boot
> > 
> > While generating the initramfs it needs a LOT more space then what's
> > needed
> > when the generation completes successfully. It's all the uncompressed
> > files + the size of the compressed archived/initramfs.
> > When done, it can remove all the uncompressed files.
> 
> But it would be silly to use the /boot partition (which is typically
> small) for storing the temporary uncompressed files.

Smaller then the root partition, but it's problematic when /boot partition is 
actually 'small' ...

> Note that https://www.debian.org/releases/stable/amd64/apcs01.en.html
> does not recommend anything for the /boot partition.
> 
> https://www.debian.org/releases/stable/amd64/apcs05.en.html says
> "25–50MB should suffice" (though this is probably not sufficient
> for most uses).
> 
> https://linuxhint.com/boot-partition-size-debian/ says
> 256 MB / 512 MB for Debian 11.
> 
> Mine has 512 MB (more that 10 times the recommended 25–50MB).

You may have guessed by my previous reply (which did include debian-release) 
that those recommendations are ABSURD.

A 512 MB /boot/ partition *can* work nowadays, but it gets problematic when 
you use plymouth which then includes firmware for GPU modules ... and those 
have exploded in size ... mainly nvidia though.

See f.e. 
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f4a3c72e5c413a601d1e21f9606f1c94a610d05d

But IIUC, the default size for /boot/ partition by d-i is 512 MB and I think 
that's problematic, especially since enlarging the /boot partition is not easy 
to do for 'average' users.

The kernels themselves have got bigger over time which was previously already 
reported as (being/becoming) problematic, especially if you have several 
kernels installed.
But it seems the initrd file sizes increase now really causes problems.
Especially if GPU firmware files get included in them.

I don't use plymouth and (therefor) I don't have GPU modules nor GPU firmware 
files in them ... and my initrd is 37M in size (for 6.9.9).
And when I installed my system, I made the /boot/ partition 2G in size...

signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

[ adding debian-release to the list for some troubling observations ]

On Friday, 19 July 2024 15:54:57 CEST Vincent Lefevre wrote:
> On 2024-07-19 14:32:28 +0200, Diederik de Haas wrote:
> > On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> > > When upgrading the firmware:
> > > 
> > > [...]
> > > Setting up firmware-intel-graphics (20240610-1) ...
> > > Setting up firmware-iwlwifi (20240610-1) ...
> > > Setting up firmware-misc-nonfree (20240610-1) ...
> > > Setting up firmware-nvidia-graphics (20240610-1) ...
> > > Setting up firmware-intel-misc (20240610-1) ...
> > > Setting up firmware-mediatek (20240610-1) ...
> > > Processing triggers for initramfs-tools (0.142) ...
> > > update-initramfs: Generating /boot/initrd.img-6.9.9-amd64
> > > zstd: error 70 : Write error : cannot write block : No space left on
> > > device
> > 
> > If you do not need all that firmware, try removing the ones you
> > don't need. Especially if you don't need nvidia-graphics firmware,
> > remove that because that is BIG (and the reason it got split out
> > from misc-nonfree). It's a RECOMMENDS, so you can remove it (if you
> > don't need it).
> 
> The graphics card is a Nvidia one, so I probably need this firmware.
> 
> In any case, the upgrade should work for any user, including when
> all these packages are needed.
> 
> > On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> > > This is wrong. There's plenty of space:
> > > 
> > > FilesystemSize  Used Avail Use% Mounted on
> > > ...
> > > 
> > >   456M  243M  189M  57% /boot
> > 
> > While generating the initramfs it needs a LOT more space then what's
> > needed
> > when the generation completes successfully. It's all the uncompressed
> > files + the size of the compressed archived/initramfs.
> > When done, it can remove all the uncompressed files.
> 
> But it would be silly to use the /boot partition (which is typically
> small) for storing the temporary uncompressed files.
> 
> Note that https://www.debian.org/releases/stable/amd64/apcs01.en.html
> does not recommend anything for the /boot partition.
> 
> https://www.debian.org/releases/stable/amd64/apcs05.en.html says
> "25–50MB should suffice" (though this is probably not sufficient
> for most uses).
> 
> https://linuxhint.com/boot-partition-size-debian/ says
> 256 MB / 512 MB for Debian 11.
> 
> Mine has 512 MB (more that 10 times the recommended 25–50MB).

Holy crap! Some quotes from the Stable documentation:

"If you have a large IDE disk"
"This restriction doesn't apply if you have a BIOS newer than around 1995–98"
Seeing the word "cylinder" all over the place ...
"CHS translation mode (“Large”)" = Cylinder/Head/Sector I presume?

And then indeed "25–50MB should suffice" (for /boot/ partition).

Maybe that document should be updated for this CENTURY?


signature.asc
Description: This is a digitally signed message part.

Bug#1076582: initramfs-tools-core: mkinitramfs failure zstd -q -9 -T0 70 (No space left on device)

[Diederik de Haas]

Control: tag -1 moreinfo

On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> When upgrading the firmware:
> 
> [...]
> Setting up firmware-intel-graphics (20240610-1) ...
> Setting up firmware-iwlwifi (20240610-1) ...
> Setting up firmware-misc-nonfree (20240610-1) ...
> Setting up firmware-nvidia-graphics (20240610-1) ...
> Setting up firmware-intel-misc (20240610-1) ...
> Setting up firmware-mediatek (20240610-1) ...
> Processing triggers for initramfs-tools (0.142) ...
> update-initramfs: Generating /boot/initrd.img-6.9.9-amd64
> zstd: error 70 : Write error : cannot write block : No space left on device

If you do not need all that firmware, try removing the ones you don't need. 
Especially if you don't need nvidia-graphics firmware, remove that because that 
is BIG (and the reason it got split out from misc-nonfree).
It's a RECOMMENDS, so you can remove it (if you don't need it).

On Friday, 19 July 2024 13:08:50 CEST Vincent Lefevre wrote:
> This is wrong. There's plenty of space:
> 
> FilesystemSize  Used Avail Use% Mounted on
> ...
>   456M  243M  189M  57% /boot

While generating the initramfs it needs a LOT more space then what's needed 
when the generation completes successfully. It's all the uncompressed files + 
the size of the compressed archived/initramfs.
When done, it can remove all the uncompressed files.

signature.asc
Description: This is a digitally signed message part.