Bug#1031451: marked as done (poliastro: FTBFS: make[1]: *** [debian/rules:9: override_dh_auto_test] Error 1)

[Debian Bug Tracking System]

Your message dated Thu, 23 Feb 2023 07:49:40 +
with message-id 
and subject line Bug#1031451: fixed in poliastro 0.17.0-2
has caused the Debian Bug report #1031451,
regarding poliastro: FTBFS: make[1]: *** [debian/rules:9: 
override_dh_auto_test] Error 1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: poliastro
Version: 0.17.0-1
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230216 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> === FAILURES 
> ===
> __ test_maneuver_constructor_raises_error_if_invalid_delta_v 
> ___
> 
> def test_maneuver_constructor_raises_error_if_invalid_delta_v():
> dv1 = np.zeros(3) * u.km / u.s
> dv2 = np.ones(2) * u.km / u.s  # Incorrect dv
> with pytest.raises(ValueError) as excinfo:
> with warnings.catch_warnings():
> # Different length numpy arrays generate a deprecation 
> warning.
> warnings.simplefilter(
> "ignore", category=np.VisibleDeprecationWarning
> )
> Maneuver((0 * u.s, dv1), (2 * u.s, dv2))
> >   assert "Delta-V must be three dimensions vectors" in excinfo.exconly()
> E   AssertionError: assert 'Delta-V must be three dimensions vectors' in 
> 'ValueError: setting an array element with a sequence. The requested array 
> has an inhomogeneous shape after 1 dimensions. The detected shape was (2,) + 
> inhomogeneous part.'
> E+  where 'ValueError: setting an array element with a sequence. The 
> requested array has an inhomogeneous shape after 1 dimensions. The detected 
> shape was (2,) + inhomogeneous part.' =  of  requested array has an inhomogeneous shape after 1 dimensions. The detected 
> shape was (2,) + inhomogeneous part.') tblen=4>>()
> E+where  ValueError('setting an array element with a sequence. The requested array has 
> an inhomogeneous shape after 1 dimensions. The detected shape was (2,) + 
> inhomogeneous part.') tblen=4>> =  element with a sequence. The requested array has an inhomogeneous shape after 
> 1 dimensions. The detected shape was (2,) + inhomogeneous part.') 
> tblen=4>.exconly
> 
> tests/test_maneuver.py:26: AssertionError
> __ test_stumpff_functions_above_zero 
> ___
> 
> def test_stumpff_functions_above_zero():
> psi = 3.0
> expected_c2 = (1 - cos(psi**0.5)) / psi
> expected_c3 = (psi**0.5 - sin(psi**0.5)) / psi**1.5
> 
> assert_equal(c2(psi), expected_c2)
> >   assert_equal(c3(psi), expected_c3)
> E   AssertionError: 
> E   Items are not equal:
> EACTUAL: 0.143379966939162
> EDESIRED: 0.14337996693916197
> 
> tests/test_stumpff.py:22: AssertionError
> __ test_stumpff_functions_under_zero 
> ___
> 
> def test_stumpff_functions_under_zero():
> psi = -3.0
> expected_c2 = (cosh((-psi) ** 0.5) - 1) / (-psi)
> expected_c3 = (sinh((-psi) ** 0.5) - (-psi) ** 0.5) / (-psi) ** 1.5
> 
> >   assert_equal(c2(psi), expected_c2)
> E   AssertionError: 
> E   Items are not equal:
> EACTUAL: 0.6381924800586426
> EDESIRED: 0.6381924800586427
> 
> tests/test_stumpff.py:30: AssertionError
> === warnings summary 
> ===
> ../../../usr/lib/python3/dist-packages/llvmlite/binding/ffi.py:159
>   /usr/lib/python3/dist-packages/llvmlite/binding/ffi.py:159: 
> DeprecationWarning: path is deprecated. Use files() instead. Refer to 
> https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
>  for migration advice.
> _lib_handle = importlib.resources.path(pkgname, _lib_name)
> 
> tests/test_frames.py::test_round_trip_from_GeocentricSolarEcliptic_gives_same_results
> tests/test_frames.py::test_GeocentricSolarEcliptic_against_data
>   /<>/src/poliastro/frames/ecliptic.py:78: 
> AstropyDeprecationWarning: The matrix_product function is deprecated and may 
> be removed in a future version.
>   Use @ instead.
> return matrix_product(rot_matrix, _earth_detilt_matrix)
> 
> tests/test_maneuver.py::test_hohmann_maneuver[nu0]
>   

Bug#1031809: Bump webp-pixbuf-loader version to 0.1.2 as it contains important bugfixes

[Nikolay Kyx]

Package: webp-pixbuf-loader
Version: 0.0.5-5
Severity: serious

Steps to reproduce:
1. Install gpicview.
2. Skip through webp images (cycling between 2 is sufficient) and
monitor its RAM consumption.
3. Consider updating to latest tag
https://github.com/aruiz/webp-pixbuf-loader/releases

Bug#983990: marked as done (bino: ftbfs with GCC-11)

[Debian Bug Tracking System]

Your message dated Thu, 23 Feb 2023 06:09:19 +
with message-id 

and subject line bino: New version avaliable
has caused the Debian Bug report #983990,
regarding bino: ftbfs with GCC-11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
983990: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983990
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:bino
Version: 1.6.6-3
Severity: normal
Tags: sid bookworm
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-11

[This bug is not targeted to the upcoming bullseye release]

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-11/g++-11, but succeeds to build with gcc-10/g++-10. The
severity of this report will be raised before the bookworm release,
so nothing has to be done for the bullseye release.

The full build log can be found at:
http://people.debian.org/~doko/logs/20210228/filtered/gcc11/bino_1.6.6-3_unstable_gcc11.log
The last lines of the build log are at the end of this report.

To build with GCC 11, either set CC=gcc-11 CXX=g++-11 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-11/porting_to.html

GCC 11 defaults to the GNU++17 standard.  If your package installs
header files in /usr/include, please don't work around C++17 issues
by choosing a lower C++ standard for the package build, but fix these
issues to build with the C++17 standard.

[...]
moc -o zoomdialog-moc.cpp zoomdialog.h
moc -o opendevicedialog-moc.cpp opendevicedialog.h
moc -o qualitydialog-moc.cpp qualitydialog.h
moc -o videodialog-moc.cpp videodialog.h
moc -o subtitledialog-moc.cpp subtitledialog.h
moc -o mainwindow-moc.cpp mainwindow.h
moc -o preferences-moc.cpp preferences.h
moc -o video_output_qt-moc.cpp video_output_qt.h
MACRONAME="`echo video_output_color.fs.glsl | sed -e s/^.*\\\/// -e 
s/\\\.glsl$// -e s/[\\\.-]/_/g | tr [a-z] [A-Z]`_GLSL_STR"; \
(echo "/* GENERATED AUTOMATICALLY FROM video_output_color.fs.glsl */"; \
 echo "#ifndef $MACRONAME"; \
 echo "#define $MACRONAME \\"; \
 sed -e s///g \
 -e s/\"/\"/g \
 -e s/^/\"/ \
 -e s/$/n\"/ < video_output_color.fs.glsl; \
 echo \"\"; \
 echo "#endif") > video_output_color.fs.glsl.h
MACRONAME="`echo video_output_render.fs.glsl | sed -e s/^.*\\\/// -e 
s/\\\.glsl$// -e s/[\\\.-]/_/g | tr [a-z] [A-Z]`_GLSL_STR"; \
(echo "/* GENERATED AUTOMATICALLY FROM video_output_render.fs.glsl */"; \
 echo "#ifndef $MACRONAME"; \
 echo "#define $MACRONAME \\"; \
 sed -e s///g \
 -e s/\"/\"/g \
 -e s/^/\"/ \
 -e s/$/n\"/ < video_output_render.fs.glsl; \
 echo \"\"; \
 echo "#endif") > video_output_render.fs.glsl.h
rcc -o qt_resources-rcc.cpp qt_resources.qrc
make  all-recursive
make[4]: Entering directory '/<>/src'
Making all in base
make[5]: Entering directory '/<>/src/base'
g++ -DHAVE_CONFIG_H -I. -I../..  -I../../src -pthread -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIC -c -o str.o 
str.cpp
g++ -DHAVE_CONFIG_H -I. -I../..  -I../../src -pthread -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIC -c -o msg.o 
msg.cpp
g++ -DHAVE_CONFIG_H -I. -I../..  -I../../src -pthread -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIC -c -o dbg.o 
dbg.cpp
g++ -DHAVE_CONFIG_H -I. -I../..  -I../../src -pthread -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 -ffile-prefix-map=/<>=. 
-fstack-protector-strong -Wformat -Werror=format-security -fPIC -c -o exc.o 
exc.cpp
dbg.cpp: In function ‘void dbg::init_crashhandler()’:
dbg.cpp:77:14: error: ‘set_unexpected’ is not a member of ‘std’
   77 | std::set_unexpected(exception_crash);
  |  ^~
dbg.cpp:78:14: error: ‘set_terminate’ is not a member of ‘std’
   78 | std::set_terminate(exception_crash);
  |  ^

Bug#1019841: Works fine with the patch

[Michael Fritscher]

Good day,

amule works just fine with the patch. Tested: Connecting to the
networks, searching, downloading and uploading. So it seems to be good
to apply the patch and let it through the machinery :-)

It seems that we missed the soft freeze. But is there any chance to get
an exception to get it back to testing? I mean, this is a "leaf" package
(nothing should depend on it or use it), so there should be no risk, and
this way, users who upgrade to bookworm are not left with unmaintained
versions of some libraries on which amule depends on, which is a
security problem.
Or can we use the -backports way, which used by phpmyadmin some releases
ago iirc?

Hint: If you like to test it yourself, you can search for debian or
ubuntu (which has more sources anyhow). Then you'll find e.g. some iso
files from e.g. Debian 10 or Ubuntu 22.04. The program does not up- or
download any data you don't request. You probably need a current
server.met, which can you find on the internet (I hesitate to link at it
directly here, but I can if you prefer this way)

Best regards,
Michael

Bug#1029731: libglapi-mesa: Apps fail with 'DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory' after upgrade from 22.3.2-1 to 22.3.3-1

[Stuart Young]

Hi All,

Just a note that it looks like this patch got picked up in the 22.3.6
release that just went out.


On Thu, 23 Feb 2023 at 06:03, Diederik de Haas 
wrote:

> Control: tag -1 upstream fixed-upstream patch
>
> On Tue, 31 Jan 2023 01:19:54 +0300 Andrey Skvortsov
>  wrote:
> > Here is link to created upstream issue.
> > https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198
>
> In https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21330 this
> issue
> got fixed upstream and I've attached the patch/diff to this message.
>
> When adding it to debian/patches and adding it to debian/patches/series
> and
> running `debian/rules patch`, it applies cleanly (which is not the case
> for
> all of them):
>
> ```
> me@laptop:~/dev/debian/salsa/xorg-team/lib/mesa$ debian/rules patch
> dh patch --with quilt \
> --builddirectory=build/ \
> --buildsystem=meson
>dh_quilt_patch -O--builddirectory=build/ -O--buildsystem=meson
> Applying patch 07_gallium-fix-build-failure-on-powerpcspe.diff
> patching file src/gallium/include/pipe/p_config.h
>
> Applying patch path_max.diff
> patching file src/util/tests/cache_test.cpp
> Hunk #1 succeeded at 82 (offset 1 line).
> patching file src/util/tests/process_test.c
> patching file src/gallium/auxiliary/pipe-loader/pipe_loader.c
> Hunk #1 succeeded at 42 (offset -1 lines).
>
> Applying patch src_glx_dri_common.h.diff
> patching file src/glx/dri_common.h
> Hunk #1 succeeded at 57 (offset 2 lines).
>
> Applying patch bug102973-lima.diff
> patching file src/gallium/drivers/lima/lima_resource.c
>
> Now at patch bug102973-lima.diff
> ```
>
> HTH



-- 
Stuart Young (aka Cefiar)

Bug#1031295: marked as done (pcp fails to install without systemd)

[Debian Bug Tracking System]

Your message dated Thu, 23 Feb 2023 02:52:35 +
with message-id 
and subject line Bug#1031295: fixed in pcp 6.0.3-1
has caused the Debian Bug report #1031295,
regarding pcp fails to install without systemd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031295: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pcp
Version: 6.0.2-1
Severity: serious

https://piuparts.debian.org/sid/fail/pcp_6.0.2-1.log

...
Setting up pcp (6.0.2-1) ...
  /var/lib/dpkg/info/pcp.postinst: 242: systemctl: not found
  dpkg: error processing package pcp (--configure):
   installed pcp package post-installation script subprocess returned error 
exit status 127
  Processing triggers for libc-bin (2.36-8) ...
  Errors were encountered while processing:
   pcp
  E: Sub-process /usr/bin/dpkg returned an error code (1)
--- End Message ---
--- Begin Message ---
Source: pcp
Source-Version: 6.0.3-1
Done: Nathan Scott 

We believe that the bug you reported is fixed in the latest version of
pcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nathan Scott  (supplier of updated pcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 23 Feb 2023 10:52:31 +1100
Source: pcp
Architecture: source
Version: 6.0.3-1
Distribution: unstable
Urgency: low
Maintainer: PCP Development Team 
Changed-By: Nathan Scott 
Closes: 1031295
Changes:
 pcp (6.0.3-1) unstable; urgency=low
 .
   * New release (full details in CHANGELOG).
   * Fix installation on systems without systemd (closes: #1031295)
Checksums-Sha1:
 dae8c17edbc047b4e54f57af46b47a855d5e1f88 5167 pcp_6.0.3-1.dsc
 95226962735397d880243e0437fa6748ae31b67b 49072049 pcp_6.0.3.orig.tar.gz
 73cfa5204690c448faedb6b23b001c05fb2648a5 26108 pcp_6.0.3-1.debian.tar.xz
 315f0908cda9426d716a6cd45949a0d499ee729c 14433 pcp_6.0.3-1_source.buildinfo
Checksums-Sha256:
 7b3412ae322ed175fa8f2a80ab157e5f67b00f63138937b460b24e7c73e8db49 5167 
pcp_6.0.3-1.dsc
 3e745bc93f3573cf6df29bde07faa991753ac5f0f8904471c9de2ac84f16439f 49072049 
pcp_6.0.3.orig.tar.gz
 d1fb0cc62e97c63e44a55c029fa4372050db5e416f817fa70d23e9f6c5f0ddeb 26108 
pcp_6.0.3-1.debian.tar.xz
 846628c7894e6c963cd4f25b7e9fd38378eef95f089e110ce2d91d5d1f2e317a 14433 
pcp_6.0.3-1_source.buildinfo
Files:
 4e7d302e92e16fbb003baa53b864bb00 5167 utils extra pcp_6.0.3-1.dsc
 f7b287c5d291808d766edde709ae9a06 49072049 utils extra pcp_6.0.3.orig.tar.gz
 50645d9fa16344dda2679309bffd18a7 26108 utils extra pcp_6.0.3-1.debian.tar.xz
 219ad83a7cd4d4a29f18b7258afc2e0d 14433 utils extra pcp_6.0.3-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE96vodh5v5oY45ig6/ghC7jbdjAwFAmP2xqUACgkQ/ghC7jbd
jAxhSA/+OnGpwyvVJcv0+AQZjmy7UvPxn/0AGKlu9OErIpJdm18abWNGGpED0DY8
z/hyM7bGeIIcZgfddwaKENux6gX06J7ND6aWalgEGtWvR3aqhzP0EdenPr1e+XL/
9V1rgzTZ102H7TbsTxw7OJ/r/qtdeYAhURlKpIlC4f8SsB6whKDwYClcKc1y7i5n
WAykJE0qmMl0h4S9o/y2lHNbp/yejrz2eLOai6poO4KYzI8cTPl2LudSlOLMGPSo
UftNEqIKkFSufjz1KmmqoC/jmH3rXJfxO/5PYE3lmbsmf60e2kmvB9XIWVh3XL4B
pH9HlrXSiIxg4YwrE9BgommbAymyNfKdz+8mehoam2AMGY37OzSO/viRHXPslf3x
Pn44X7bKlUPv9EGMI+7sfKUK3ax4DP8OoaAt8ZZWDgst2i2wY9UsrWZuOa1HLqDI
fRIbMVK+9hWVIdUoH+xo/uA5c/y34Svo5ZIbWO4gZXELc4KK5SL+kh3SmlmlQsRa
zvI0U0sBBWJBVi1yUg2C9ue90hDjoOakUlYGgFjq4T0OPBiiZnRLjEYWky8+1CNR
EltyKuqpBzGWHe6d24Emk+kzjKZeGQETmqVmQnRqUn9WWvqTeklO8Wz9OiKTD80F
cmVjR9IkTY5OTtETtsnP97FQxqiTQDobYlB5/ycoi6BJsWQhAVo=
=wSV0
-END PGP SIGNATURE End Message ---

Bug#1031744: httpdirfs: usage of ubsan might introduce vulnerabilities

[Fufu Fang]

Hi Adrian,
I have pushed a commit to Github which removes the usage of UBSAN. I am
happy to go with this method. 

Do let me know if you prefer ASAN to be added alongside UBSAN, rather
than simply removing UBSAN.
Best wishes,
Fufu

Bug#1031744: httpdirfs: usage of ubsan might introduce vulnerabilities

[Fufu Fang]

Hi Adrian,
I am the author of httpdirfs. Do you reckon I should just remove ubsan,
or should I add asan into the Makefile? I reckon I should just remove
ubsan.
Best wishes,
Fufu
 
On Tue, 2023-02-21 at 21:41 +0200, Adrian Bunk wrote:
> Package: httpdirfs
> Version: 1.2.4-1
> Severity: serious
> Tags: security
> X-Debbugs-Cc: Debian Security Team 
> 
> Package: httpdirfs
> Version: 1.2.4-2
> Depends: ..., libubsan1 (>= 8), ...
> 
> 
> This is a bad idea not only due to slower execution,
> but might even introduce vulnerabilities:
> https://www.openwall.com/lists/oss-security/2016/02/17/9
> 
> While there are safe usages of ubsan, httpdirfs being the
> only package in the archive that uses ubsan but not asan
> is something that sounds wrong and underreviewed.
> 

Bug#1031450: marked as done (gearmand: FTBFS: ld: /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: undefined reference to `memcached_server_minor_version')

[Debian Bug Tracking System]

Your message dated Thu, 23 Feb 2023 01:19:20 +
with message-id 
and subject line Bug#1031450: fixed in libmemcached 1.1.3-3
has caused the Debian Bug report #1031450,
regarding gearmand: FTBFS: ld: 
/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: 
undefined reference to `memcached_server_minor_version'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031450
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gearmand
Version: 1.1.19.1+ds-2
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230216 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> /bin/bash ./libtool  --tag=CXX   --mode=link c++  -g -O2 
> -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -Wno-unknown-pragmas -Wno-pragmas -Wall -Wextra 
> -Wno-attributes -Wvarargs -Waddress -Warray-bounds -Wchar-subscripts 
> -Wcomment -Wctor-dtor-privacy -Wfloat-equal -Wformat=2 -Wformat-y2k 
> -Wmaybe-uninitialized -Wmissing-field-initializers -Wlogical-op 
> -Wnon-virtual-dtor -Wnormalized=id -Woverloaded-virtual -Wpointer-arith 
> -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum 
> -Wtrampolines -Wundef -funsafe-loop-optimizations -Wc++11-compat -Wclobbered 
> -Wunused -Wunused-result -Wunused-variable -Wunused-parameter 
> -Wunused-local-typedefs -Wwrite-strings -Wformat-security -fwrapv -pipe -fPIE 
> -pie -Wsizeof-pointer-memaccess -Wpacked -std=c++0x  -Wl,-z,relro -Wl,-z,now 
> -Wl,--as-needed -o t/httpd tests/httpd_test.o libgearman/libgearman.la 
> libtest/libtest.la tests/libstartworker.la 
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_minor_version'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_instance_by_position'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_behavior_set'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_set_sasl_auth_data'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_free'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_flush'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_clone'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_major_version'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_version'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_behavior_get'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_micro_version'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_cursor'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_error_return'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_stat_free'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_server_error'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_create'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference to `memcached_stat'
> /usr/bin/ld: 
> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>  undefined reference 

Bug#1031450: gearmand: FTBFS: ld: /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: undefined reference to `memcached_server_minor_version'

[Andrey Rakhmatullin]

Control: reassign -1 libmemcachedutil2 1.1.3-2
Control: affects -1 src:gearmand

> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_minor_version'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_instance_by_position'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_behavior_set'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_set_sasl_auth_data'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_free'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_flush'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_clone'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_major_version'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_version'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_behavior_get'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_micro_version'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_cursor'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_error_return'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_stat_free'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_error'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_create'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_stat'
> > /usr/bin/ld: 
> > /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
> >  undefined reference to `memcached_server_add'

It's indeed underlinked. I assume it needs to be linked with
libmemcached.so.11.

Processed: Re: Bug#1031586: deap: FTBFS in testing: AttributeError: module 'numpy' has no attribute 'bool'

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + upstream
Bug #1031586 [src:deap] deap: FTBFS in testing: AttributeError: module 'numpy' 
has no attribute 'bool'
Added tag(s) upstream.

-- 
1031586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1031450: gearmand: FTBFS: ld: /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: undefined reference to `memcached_server_minor_version'

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 libmemcachedutil2 1.1.3-2
Bug #1031450 [src:gearmand] gearmand: FTBFS: ld: 
/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: 
undefined reference to `memcached_server_minor_version'
Bug reassigned from package 'src:gearmand' to 'libmemcachedutil2'.
No longer marked as found in versions gearmand/1.1.19.1+ds-2.
Ignoring request to alter fixed versions of bug #1031450 to the same values 
previously set
Bug #1031450 [libmemcachedutil2] gearmand: FTBFS: ld: 
/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: 
undefined reference to `memcached_server_minor_version'
Marked as found in versions libmemcached/1.1.3-2.
> affects -1 src:gearmand
Bug #1031450 [libmemcachedutil2] gearmand: FTBFS: ld: 
/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: 
undefined reference to `memcached_server_minor_version'
Added indication that 1031450 affects src:gearmand

-- 
1031450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031450
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031586: deap: FTBFS in testing: AttributeError: module 'numpy' has no attribute 'bool'

[Andrey Rakhmatullin]

Control: tags -1 + upstream

This doesn't seem to be fixed or even reported upstream yet.
https://numpy.org/devdocs/release/1.20.0-notes.html#using-the-aliases-of-builtin-types-like-np-int-is-deprecated
needs to be followed to fix this.

Bug#1027439: elementpath breaks python-xmlschema autopkgtest: 'XMLSchemaContext' object has no attribute 'iter'

[Andrey Rakhmatullin]

On Sat, Dec 31, 2022 at 03:34:33PM +0100, Paul Gevers wrote:
>   File 
> "/tmp/autopkgtest-lxc.0cuhskff/downtmp/build.pHW/src/xmlschema/testing/_builders.py",
> line 128, in check_xsd_file
> xpath_context_elements = [x for x in context.iter() if isinstance(x,
> XsdValidator)]
>  
> AttributeError: 'XMLSchemaContext' object has no attribute 'iter'
I think this is fixed in
https://github.com/sissaschool/xmlschema/commit/52c31478dc2dcd0e2fdbaaa45d17de7913d36906
(included in xmlschema 2.0.0).

Bug#953326: marked as done (axtls: CVE-2019-9689 CVE-2019-10013)

[Debian Bug Tracking System]

Your message dated Thu, 23 Feb 2023 00:13:09 +
with message-id 
and subject line Bug#1031768: Removed package(s) from unstable
has caused the Debian Bug report #953326,
regarding axtls: CVE-2019-9689 CVE-2019-10013
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
953326: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953326
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: axtls
Version: 2.1.5+ds-1
Severity: grave
Tags: security upstream

Hi,

The following vulnerabilities were published for axtls.

CVE-2019-9689[0]:
| process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through
| 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake
| message with zero certificates.


CVE-2019-10013[1]:
| The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS
| through 2.1.5 has a Buffer Overflow that allows remote attackers to
| cause a denial of service (memory and CPU consumption) via a crafted
| certificate in the TLS certificate handshake message, because the
| result of get_asn1_length() is not checked for a minimum or maximum
| size.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9689
[1] https://security-tracker.debian.org/tracker/CVE-2019-10013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10013
[2] https://seclists.org/bugtraq/2019/Nov/44

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.1.5+ds-1+rm

Dear submitter,

as the package axtls has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1031768

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#1031786: logcheck: Filtering not working with entries from journald

[Mathias Gibbens]

Control: severity -1 normal

  You can disable the checking of the systemd journal:

> $ sudo cat /etc/logcheck/logcheck.logfiles.d/journal.logfiles
> ## The word 'journal' tells logcheck to check log entries in the
> ## systemd journal
> 
> # (This is enabled by default, but if you do not want to check entries
> # in the journal you can comment out the next line)
> journal

  I did have to update some of my local rules to account for the format
of the journal entries, but it wasn't too hard. From your example,
something like this should work for both:

> meinfjell courierd(\[[[:digit:]]+\])?: Installing uucp

Mathias


signature.asc
Description: This is a digitally signed message part

Processed: Re: logcheck: Filtering not working with entries from journald

[Debian Bug Tracking System]

Processing control commands:

> severity -1 normal
Bug #1031786 [logcheck] logcheck: Filtering not working with entries from 
journald
Severity set to 'normal' from 'grave'

-- 
1031786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031786
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031786: logcheck: Filtering not working with entries from journald

[Richard Lewis]

On Wed, 22 Feb 2023, 17:51 Helge Kreutzmann,  wrote:

> Package: logcheck
> Version: 1.4.1
> Severity: grave
> Justification: renders package unusable
>
> The change for #1025719 broke logcheck massively.
>
> I've extensivly tuned logcheck files which nicely filter out lots of
> messages (see statistics at the end).
>
> Now I see them all again (only those comming from the journal).
>
> I don't see any information what I should do for migration.
>

sorry about that.

i agree there is a bug in the documentation - we should add a NEWS.Debian
entry - my fault i simply forgot. But this is hardly a grave bug.


 It is trivial to disable checking of the journal. just edit

/etc/logcheck/logcheck.logfiles.d/journal.logfiles

and add a # before the word  "journal".

this will take effect on the next run of logcheck. This is also documented
in that file --- as a heavy logcheck user i would recommend reading new
config files when installing a new version. (We dont plan more changes for
bookworm but in the longer-term there could be some changes to make
logcheck more efficient)

HOWEVER,  you might want to consider adjusting to this in the long-term -
if your log messages are different in the journal and syslog then not
checking the journal means you are by definition not being informed of
things. That would rather seem to defeat the point of monitoring the log
messges. But it is of course up to you.


But given debian has demoted syslog logcheck does need to "move with the
times" and support systemd by default - we will not force anyone to adapt,
but we cant predict what settings work for you.


Let's use a trivial example. The following harmless message is emitted
> by courier to the journal:
> Feb 22 16:37:40 meinfjell courierd[401638]: Installing uucp
>
> In syslog this is:
> syslog:2023-02-22T14:37:40.491690+00:00 meinfjell courierd: Installing uucp
>
> I have the following in
> /etc/logcheck/ignore.d.server:
> meinfjell courierd: Initializing uucp


Is this a typo?

this rule is not going to filter that message regardless of whether it is
in the journal or syslog. one says initiailizing one says installing
(Maybe courier changed its logging? )

I also note you have the "new" timestamp format for syslog- that's an
rsyslog change and nothing to do with logcheck. I believe you can revert
that change quite easily as well.


As you can see, the message from the journal is slightly different
> than from syslog, breaking tons of rules.
>


that sounds like a bug in courier. As above you can choose to only check
one source of messages. Most programs put the same messages in both in my
experience.


> For statistics:
> On my local system, I have 11396 lines of rules, on my server system
> currently 2721 (I'm in the processing of setting this up, so this will
> grow).
>

wow! but yes, logcheck-databse does need a lot of manual tuning to be
useful. (I am surprised it copes with thay many lines tbh!)

sorry again for the inconvenience.

Processed: bug 1031483 is forwarded to https://github.com/confluentinc/confluent-kafka-python/pull/1467 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1031483 
> https://github.com/confluentinc/confluent-kafka-python/pull/1467
Bug #1031483 [src:python-confluent-kafka] python-confluent-kafka: FTBFS: 
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11 
returned exit code 13
Set Bug forwarded-to-address to 
'https://github.com/confluentinc/confluent-kafka-python/pull/1467'.
> tags 1031483 + upstream fixed-upstream patch
Bug #1031483 [src:python-confluent-kafka] python-confluent-kafka: FTBFS: 
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11 
returned exit code 13
Added tag(s) patch, fixed-upstream, and upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031450: gearmand: FTBFS: ld: /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: undefined reference to `memcached_server_minor_version'

[Sergio Durigan Junior]

Control: tags -1 + patch

On Friday, February 17 2023, Lucas Nussbaum wrote:

> Hi,
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
>
>
> Relevant part (hopefully):
>> /bin/bash ./libtool --tag=CXX --mode=link c++ -g -O2
>> -ffile-prefix-map=/<>=. -fstack-protector-strong
>> -Wformat -Werror=format-security -Wno-unknown-pragmas -Wno-pragmas
>> -Wall -Wextra -Wno-attributes -Wvarargs -Waddress -Warray-bounds
>> -Wchar-subscripts -Wcomment -Wctor-dtor-privacy -Wfloat-equal
>> -Wformat=2 -Wformat-y2k -Wmaybe-uninitialized
>> -Wmissing-field-initializers -Wlogical-op -Wnon-virtual-dtor
>> -Wnormalized=id -Woverloaded-virtual -Wpointer-arith
>> -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1
>> -Wswitch-enum -Wtrampolines -Wundef -funsafe-loop-optimizations
>> -Wc++11-compat -Wclobbered -Wunused -Wunused-result
>> -Wunused-variable -Wunused-parameter -Wunused-local-typedefs
>> -Wwrite-strings -Wformat-security -fwrapv -pipe -fPIE -pie
>> -Wsizeof-pointer-memaccess -Wpacked -std=c++0x -Wl,-z,relro
>> -Wl,-z,now -Wl,--as-needed -o t/httpd tests/httpd_test.o
>> libgearman/libgearman.la libtest/libtest.la tests/libstartworker.la
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_minor_version'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_instance_by_position'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_behavior_set'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_set_sasl_auth_data'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_free'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_flush'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_clone'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_major_version'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_version'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_behavior_get'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_micro_version'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_cursor'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_error_return'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_stat_free'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_error'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_create'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_stat'
>> /usr/bin/ld: 
>> /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so:
>>  undefined reference to `memcached_server_add'
>> collect2: error: ld returned 1 exit status

The problem happens because of the order of the "-l" parameters during
link-time.  libmemcachedutil depends on libmemcached, and as such should
be specified first in the command line.

I filed https://github.com/gearman/gearmand/pull/365 upstream and I'm
inlining a patch that fixes the problem for me.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

diff --git a/debian/changelog b/debian/changelog
index c274aba..4065db1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+gearmand (1.1.19.1+ds-3) UNRELEASED; urgency=medium
+
+  [ Jenkins ]
+  * Apply multi-arch hints. + libgearman-doc: Add Multi-Arch: foreign.
+Changes-By: apply-multiarch-hints
+
+  [ Sergio Durigan Junior ]
+  * d/p/0006-Fix-order-of-linking.patch:
+Adjust linking order for 

Processed: Re: Bug#1031450: gearmand: FTBFS: ld: /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: undefined reference to `memcached_server_minor_version'

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + patch
Bug #1031450 [src:gearmand] gearmand: FTBFS: ld: 
/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/libmemcachedutil.so: 
undefined reference to `memcached_server_minor_version'
Added tag(s) patch.

-- 
1031450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031450
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031801: libduktape.so.207: undefined symbol: log2

[Daniel Albers]

Package: libduktape207
Version: 2.7.0-1+b1
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

with this package version installed starting e.g. polkitd fails with:

/usr/lib/polkit-1/polkitd: symbol lookup error:
  /usr/lib/x86_64-linux-gnu/libduktape.so.207: undefined symbol: log2

It appears that libduktape.so.207 is missing a link against libm:

$ ldd /usr/lib/x86_64-linux-gnu/libduktape.so.207
linux-vdso.so.1 (0x7ffda6777000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fb0fce14000)
/lib64/ld-linux-x86-64.so.2 (0x7fb0fd04c000)

Recompiling and linking with -lm fixes the issue.

Cheers
Daniel


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (700, 'stable-updates'), (700, 'stable-security'), (700, 
'stable'), (500, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libduktape207 depends on:
ii  libc6  2.36-8

libduktape207 recommends no packages.

libduktape207 suggests no packages.

-- no debconf information

Processed: block 1031467 with 1031686

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> block 1031467 with 1031686
Bug #1031467 [src:eclipse-collections] eclipse-collections: FTBFS: 
build-dependency not installable: libeclipse-osgi-util-java
1031467 was not blocked by any bugs.
1031467 was not blocking any bugs.
Added blocking bug(s) of 1031467: 1031686
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031467
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 1026739 is forwarded to https://github.com/miracle2k/python-glob2/pull/22, tagging 1026739

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1026739 https://github.com/miracle2k/python-glob2/pull/22
Bug #1026739 [python3-glob2] pytest-bdd: FTBFS: dh_auto_test: error: pybuild 
--test --test-pytest -i python{version} -p "3.11 3.10" --system=custom 
"--test-args={interpreter} -m pytest -k 'not test_generate_with_quotes and not 
test_unicode_characters'" returned exit code 13
Set Bug forwarded-to-address to 
'https://github.com/miracle2k/python-glob2/pull/22'.
> tags 1026739 + upstream fixed-upstream patch
Bug #1026739 [python3-glob2] pytest-bdd: FTBFS: dh_auto_test: error: pybuild 
--test --test-pytest -i python{version} -p "3.11 3.10" --system=custom 
"--test-args={interpreter} -m pytest -k 'not test_generate_with_quotes and not 
test_unicode_characters'" returned exit code 13
Added tag(s) patch, fixed-upstream, and upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1026739: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026739
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 1030905 is forwarded to https://gitlab.com/sardana-org/sardana/-/merge_requests/1864 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1030905 https://gitlab.com/sardana-org/sardana/-/merge_requests/1864
Bug #1030905 [src:sardana] sardana: FTBFS (cannot import name 'getargspec' from 
'sphinx.util.inspect')
Set Bug forwarded-to-address to 
'https://gitlab.com/sardana-org/sardana/-/merge_requests/1864'.
> tags 1030905 + upstream fixed-upstream
Bug #1030905 [src:sardana] sardana: FTBFS (cannot import name 'getargspec' from 
'sphinx.util.inspect')
Added tag(s) upstream and fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1030905: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030905
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 1025808

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1025808 + upstream fixed-upstream
Bug #1025808 [python3-jinja2] python3-jinja2: Bug in jinja2 template macros 
causes ansible problems
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1025808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025808
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: bug 1031763 is forwarded to https://github.com/mongodb/motor/pull/185, tagging 1031763

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1031763 https://github.com/mongodb/motor/pull/185
Bug #1031763 [python3-motor] python3-motor asyncio broken with python3.11
Set Bug forwarded-to-address to 'https://github.com/mongodb/motor/pull/185'.
> tags 1031763 + upstream fixed-upstream patch
Bug #1031763 [python3-motor] python3-motor asyncio broken with python3.11
Added tag(s) upstream, patch, and fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031763: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031763
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: affects 1030495

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 1030495 src:navarp
Bug #1030495 [python3-igor] navarp: FTBFS: AttributeError: module 'numpy' has 
no attribute 'complex'
Added indication that 1030495 affects src:navarp
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1030495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030495
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1030495: navarp: FTBFS: AttributeError: module 'numpy' has no attribute 'complex'

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 python3-igor 0.3-4
Bug #1030495 [src:navarp] navarp: FTBFS: AttributeError: module 'numpy' has no 
attribute 'complex'
Bug reassigned from package 'src:navarp' to 'python3-igor'.
No longer marked as found in versions navarp/1.3.0-1.
Ignoring request to alter fixed versions of bug #1030495 to the same values 
previously set
Bug #1030495 [python3-igor] navarp: FTBFS: AttributeError: module 'numpy' has 
no attribute 'complex'
Marked as found in versions python-igor/0.3-4.
> tags -1 + upstream
Bug #1030495 [python3-igor] navarp: FTBFS: AttributeError: module 'numpy' has 
no attribute 'complex'
Added tag(s) upstream.

-- 
1030495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030495
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1030495: navarp: FTBFS: AttributeError: module 'numpy' has no attribute 'complex'

[Andrey Rakhmatullin]

Control: reassign -1 python3-igor 0.3-4
Control: tags -1 + upstream

On Sat, Feb 04, 2023 at 08:56:51AM +0100, Lucas Nussbaum wrote:
> >   File "/usr/lib/python3/dist-packages/igor/binarywave.py", line 110, in 
> > 
> > 1:_numpy.complex, # NT_CMPLX, makes number complex.
> >   ^^
> >   File "/usr/lib/python3/dist-packages/numpy/__init__.py", line 284, in 
> > __getattr__
> > raise AttributeError("module {!r} has no attribute "
> > AttributeError: module 'numpy' has no attribute 'complex'
Reassigning.
The upstream repo links needs to be updated to
http://git.tremily.us/?p=igor.git but the project is dead since 2016
anyway.
The fix needs to follow 
https://numpy.org/devdocs/release/1.20.0-notes.html#using-the-aliases-of-builtin-types-like-np-int-is-deprecated

Processed: Re: Bug#1030453: devpi-common: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11 returned exit code 13

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + upstream
Bug #1030453 [src:devpi-common] devpi-common: FTBFS: dh_auto_test: error: 
pybuild --test --test-pytest -i python{version} -p 3.11 returned exit code 13
Added tag(s) upstream.

-- 
1030453: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030453
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1030453: devpi-common: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.11 returned exit code 13

[Andrey Rakhmatullin]

Control: tags -1 + upstream

https://github.com/devpi/devpi/issues/939
https://github.com/devpi/devpi/issues/948

"The latest packaging breaks devpi and until the next major version one
has to use a version <22. See #939

I have a fix ready for latest packaging, but that might change behaviour
with sorting, which is why I hold it back for the next major release."

As far as I can see the fix is not even in the main branch yet (at least
the one that was proposed in
https://github.com/devpi/devpi/issues/939#issuecomment-1347924626 ).

Bug#1019841: Please scratch the last message

[Michael Fritscher]

Sorry for the noise :-( Please scratch the last message - somehow the
diff got lost. I'rebuilding now.

Bug#1029439: feynmf: FTBFS in bookworm (I can't open file `fmfsamp4')

[Hilmar Preuße]

On 2/21/23 22:00, James Addison wrote:

Hi all,


I'm adding the 'help' tag to this bug, and am cc'ing the debian-tex-maint list,
because it feels like extra brainpower could aid in figuring this one out more
quickly.

A brief recap of this bug so far, for folks reading the list:

   * the feynmf Debian package is failing to build in testing (bookworm)
   * the bug may somehow be related to the mflogo TeX package
   * successful build logs are available on buildd.debian.org for comparison


Sorry, I'm not of any help here. At the first glance we look at a syntax
error in the feynmf.dtx file however I'm wondering why this did not pop
within the last > 25 years. As feynmf upstream seems to be dead I
suggest to contact the people from https://tex.stackexchange.com/ . I
already had a short look, but I could not find a posting describing this
issue.

Therefore I suggest to ask there; they should be able at least to
clarify if the issue is located in the LaTeX3 code or in feynmf.

Sorry,
  Hilmar
--
Testmail

Processed: libsepol: Inaccurate copyright file

[Debian Bug Tracking System]

Processing control commands:

> tags -1 patch
Bug #1031798 [src:libsepol] libsepol: Inaccurate copyright file
Added tag(s) patch.

-- 
1031798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031798
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031798: libsepol: Inaccurate copyright file

[Bastian Germann]

Source: libsepol
Version: 3.4-2
Severity: serious
Control: tags -1 patch

The d/copyright file points to a 404 URL as source. The Zlib license is missing.
Also, it does not present all copyright information that is contained in the 
source.
I have a fix for these Policy violations attached in the machine-readable 
format.Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Comment:
 This is the Debian package for libsepol.
 .
 This package was debianized by Russell Coker  on
 Fri, 20 Aug 2004 17:26:18 +1000.
Source: https://github.com/SELinuxProject/selinux/wiki/Releases

Files: *
Copyright: libsepol is
 Copyright (C) 2003, 2004 Stephen Smalley 
 Copyright (C) 2003-2007  Red Hat, Inc.
 Copyright (C) 2004, 2005 Trusted Computer Solutions, Inc.
 Copyright (C) 2003-2008, 2011 Tresys Technology, LLC
 Copyright (C) 2017 Mellanox Techonolgies Inc.
 Copyright (c) 2008 NEC Corporation
License: LGPL-2.1+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
 .
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.
 .
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
Comment:
 On Debian GNU/Linux systems, the complete text of the Lesser GNU General
 Public License version 2.1 can be found in 
`/usr/share/common-licenses/LGPL-2.1'.

Files: cil/test/unit/CuTest.*
Copyright: (c) 2003 Asim Jalis
License: Zlib
 This software is provided 'as-is', without any express or implied
 warranty. In no event will the authors be held liable for any damages
 arising from the use of this software.
 .
 Permission is granted to anyone to use this software for any purpose,
 including commercial applications, and to alter it and redistribute it
 freely, subject to the following restrictions:
 .
 1. The origin of this software must not be misrepresented; you must not
 claim that you wrote the original software. If you use this software in
 a product, an acknowledgment in the product documentation would be
 appreciated but is not required.
 .
 2. Altered source versions must be plainly marked as such, and must not
 be misrepresented as being the original software.
 .
 3. This notice may not be removed or altered from any source
 distribution.

Files: debian/*
Copyright: © 2005-2008, Manoj Srivastava 
License: GPL-2
The Debian specific changes are distributed under the terms of the
GNU General Public License, version 2.
 .
A copy of the GNU General Public License is also available at
http://www.gnu.org/copyleft/gpl.html>.  You may also obtain
it by writing to the Free Software Foundation, Inc., 51 Franklin
St, Fifth Floor, Boston, MA 02110-1301 USA
Comment:
 On Debian GNU/Linux systems, the complete text of the GNU General
 Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'.

Files: man/*man8/chkcon.8
   man/man8/genpolusers.8
Copyright: (c) 1997 Manoj Srivastava 
License: GPL-2+
This is free documentation; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
Comment:
 On Debian GNU/Linux systems, the complete text of the GNU General
 Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'.

Bug#1031797: libsemanage: Inaccurate copyright file

[Bastian Germann]

Source: libsemanage
Version: 3.4-1
Severity: serious
Control: tags -1 patch

The d/copyright file points to a 404 URL as source.
Also, it does not present all copyright information that is contained in the 
source.
I have a fix for these Policy violations attached in the machine-readable 
format.Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Comment: This is the Debian package for libsemanage.
Source: https://github.com/SELinuxProject/selinux/wiki/Releases

Files: *
Copyright: (C) 2004-2007, 2009 Tresys Technology, LLC
   (C) 2005 Red Hat, Inc.
   (C) 2005-2021 Red Hat, Inc.
   (C) 2017 Mellanox Technologies Inc.
License: LGPL-2.1+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
 .
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.
 .
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1
Comment:
 On Debian GNU/Linux systems, the complete text of the Lesser GNU General
 Public License version 2.1 can be found in 
`/usr/share/common-licenses/LGPL-2.1'.

Files: debian/*
Copyright: © 2005-2009, Manoj Srivastava 
License: GPL-2
The Debian specific changes are distributed under the terms of the
GNU General Public License, version 2.
 .
A copy of the GNU General Public License is also available at
http://www.gnu.org/copyleft/gpl.html>.  You may also obtain
it by writing to the Free Software Foundation, Inc., 51 Franklin
St, Fifth Floor, Boston, MA 02110-1301, USA.
Comment:
 On Debian GNU/Linux systems, the complete text of the GNU General
 Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'.

Processed: libsemanage: Inaccurate copyright file

[Debian Bug Tracking System]

Processing control commands:

> tags -1 patch
Bug #1031797 [src:libsemanage] libsemanage: Inaccurate copyright file
Added tag(s) patch.

-- 
1031797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031797
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031794: socklog: fails to extract source package: dpkg-source: error: pathname 'socklog-2.1.0+repack/debian/service/socklog-unix/log/supervise' points outside source root (to '/run/runit/supervis

[Sven Joachim]

On 2023-02-22 21:45 +0100, Lucas Nussbaum wrote:

> Source: socklog
> Version: 2.1.0+repack-4
> Severity: serious
>
> dpkg-source: info: extracting socklog in socklog-2.1.0+repack
> dpkg-source: info: unpacking socklog_2.1.0+repack.orig.tar.gz
> dpkg-source: info: unpacking socklog_2.1.0+repack-4.debian.tar.xz
> dpkg-source: info: using patch list from debian/patches/series
> dpkg-source: info: applying 0001-socklog-conf-update-service.patch
> dpkg-source: info: applying 0002-tryto-c.patch
> dpkg-source: info: applying 0003-patches-fix-build-warnings.patch
> dpkg-source: error: pathname 
> 'socklog-2.1.0+repack/debian/service/socklog-unix/log/supervise' points 
> outside source root (to '/run/runit/supervise/socklog-unix.log')
>
> That's on a system with a mix of testing and unstable. I'm not sure of
> which package introduced that additional check. Let me know if you
> cannot reproduce.

I can reproduce this, but only if the target directory
(/run/runit/supervise) actually exists.  Otherwise dpkg-source does not
complain.

Lintian reports the absolute symlink as a warning, but maybe turning it
into an error would be more appropriate.

Cheers,
   Sven

Bug#1030658: More info needed on the RC bug you opened

[Damyan Ivanov]

-=| Martin Quinson, 22.02.2023 08:58:42 +0100 |=-
> tag 1030658 +moreinfo
> thanks
> 
> Hello Damyan,
> 
> sorry for not noticing this bug before, I thought I was subscribed to the
> package.

No problem.

Today, however, everything works again. I tried on two systems 
tracking sid, including the one I used to report the issue. Strange.

> It looks like a missing dependency to me. Could you please give me 
> the output
> of `ldd /usr/bin/zeal` ?

linux-vdso.so.1 (0x7fff9f3be000)
libQt5Widgets.so.5 => /lib/x86_64-linux-gnu/libQt5Widgets.so.5 
(0x7fa243c0)
libQt5Core.so.5 => /lib/x86_64-linux-gnu/libQt5Core.so.5 
(0x7fa24360)
libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 
(0x7fa2434a1000)
libQt5Concurrent.so.5 => /lib/x86_64-linux-gnu/libQt5Concurrent.so.5 
(0x7fa2443a)
libQt5Gui.so.5 => /lib/x86_64-linux-gnu/libQt5Gui.so.5 
(0x7fa242c0)
libQt5Network.so.5 => /lib/x86_64-linux-gnu/libQt5Network.so.5 
(0x7fa2432f7000)
libQt5WebEngineWidgets.so.5 => 
/lib/x86_64-linux-gnu/libQt5WebEngineWidgets.so.5 (0x7fa244352000)
libQt5WebEngineCore.so.5 => 
/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5 (0x7fa23aa0)
libQt5WebChannel.so.5 => /lib/x86_64-linux-gnu/libQt5WebChannel.so.5 
(0x7fa24432c000)
libX11.so.6 => /lib/x86_64-linux-gnu/libX11.so.6 (0x7fa242abe000)
libQt5X11Extras.so.5 => /lib/x86_64-linux-gnu/libQt5X11Extras.so.5 
(0x7fa244325000)
libxcb-keysyms.so.1 => /lib/x86_64-linux-gnu/libxcb-keysyms.so.1 
(0x7fa23a60)
libxcb.so.1 => /lib/x86_64-linux-gnu/libxcb.so.1 (0x7fa2442f9000)
libarchive.so.13 => /lib/x86_64-linux-gnu/libarchive.so.13 
(0x7fa23a938000)
libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 
(0x7fa23a20)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
(0x7fa2442d9000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fa23a41f000)
/lib64/ld-linux-x86-64.so.2 (0x7fa24451f000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7fa23a859000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7fa2442b8000)
libdouble-conversion.so.3 => 
/lib/x86_64-linux-gnu/libdouble-conversion.so.3 (0x7fa243beb000)
libicui18n.so.72 => /lib/x86_64-linux-gnu/libicui18n.so.72 
(0x7fa239e0)
libicuuc.so.72 => /lib/x86_64-linux-gnu/libicuuc.so.72 
(0x7fa239c02000)
libpcre2-16.so.0 => /lib/x86_64-linux-gnu/libpcre2-16.so.0 
(0x7fa243b5d000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x7fa23a144000)
libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 
(0x7fa239aca000)
libGL.so.1 => /lib/x86_64-linux-gnu/libGL.so.1 (0x7fa239a43000)
libpng16.so.16 => /lib/x86_64-linux-gnu/libpng16.so.16 
(0x7fa242a88000)
libharfbuzz.so.0 => /lib/x86_64-linux-gnu/libharfbuzz.so.0 
(0x7fa23993f000)
libmd4c.so.0 => /lib/x86_64-linux-gnu/libmd4c.so.0 (0x7fa2432e5000)
libgssapi_krb5.so.2 => /lib/x86_64-linux-gnu/libgssapi_krb5.so.2 
(0x7fa23a807000)
libQt5Quick.so.5 => /lib/x86_64-linux-gnu/libQt5Quick.so.5 
(0x7fa23920)
libQt5PrintSupport.so.5 => 
/lib/x86_64-linux-gnu/libQt5PrintSupport.so.5 (0x7fa2398cb000)
libQt5QuickWidgets.so.5 => 
/lib/x86_64-linux-gnu/libQt5QuickWidgets.so.5 (0x7fa2432d)
libQt5Qml.so.5 => /lib/x86_64-linux-gnu/libQt5Qml.so.5 
(0x7fa238c0)
libQt5Positioning.so.5 => /lib/x86_64-linux-gnu/libQt5Positioning.so.5 
(0x7fa23983d000)
libnss3.so => /lib/x86_64-linux-gnu/libnss3.so (0x7fa2390a7000)
libnssutil3.so => /lib/x86_64-linux-gnu/libnssutil3.so 
(0x7fa23980b000)
libnspr4.so => /lib/x86_64-linux-gnu/libnspr4.so (0x7fa2397c9000)
libevent-2.1.so.7 => /lib/x86_64-linux-gnu/libevent-2.1.so.7 
(0x7fa239772000)
libjpeg.so.62 => /lib/x86_64-linux-gnu/libjpeg.so.62 
(0x7fa238b6d000)
libopus.so.0 => /lib/x86_64-linux-gnu/libopus.so.0 (0x7fa238b0f000)
libvpx.so.7 => /lib/x86_64-linux-gnu/libvpx.so.7 (0x7fa23880)
libXcomposite.so.1 => /lib/x86_64-linux-gnu/libXcomposite.so.1 
(0x7fa2442ab000)
libXdamage.so.1 => /lib/x86_64-linux-gnu/libXdamage.so.1 
(0x7fa243b58000)
libXext.so.6 => /lib/x86_64-linux-gnu/libXext.so.6 (0x7fa242a73000)
libXfixes.so.3 => /lib/x86_64-linux-gnu/libXfixes.so.3 
(0x7fa242a6b000)
libXrandr.so.2 => /lib/x86_64-linux-gnu/libXrandr.so.2 
(0x7fa23a137000)
libXtst.so.6 => /lib/x86_64-linux-gnu/libXtst.so.6 (0x7fa242a63000)
libwebpmux.so.3 => /lib/x86_64-linux-gnu/libwebpmux.so.3 
(0x7fa23a12b000)
libwebpdemux.so.2 => /lib/x86_64-linux-gnu/libwebpdemux.so.2 
(0x7fa23976c000)
libwebp.so.7 => 

Bug#933757: marked as done (Firefox-esr FTBFS "failed to open: /sbuild-nonexistent/.cargo/.package-cache")

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 21:44:45 +0100
with message-id 
and subject line Re: Bug#933757: Firefox-esr FTBFS "failed to open: 
/sbuild-nonexistent/.cargo/.package-cache"
has caused the Debian Bug report #933757,
regarding Firefox-esr FTBFS "failed to open: 
/sbuild-nonexistent/.cargo/.package-cache"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
933757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933757
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: firefox-esr
Version: 60.8.0esr-1
Severity: serious
x-debbugs-cc: pkg-rust-maintain...@alioth-lists.debian.net

While trying to update firefox-esr in raspbian bullseye I ran into a 
"failed to open: /sbuild-nonexistent/.cargo/.package-cache" error. The 
failure also shows up on the reproducible builds site for i386 and arm64 
so it's not raspbian specific. I suspect it is only reproducible in 
builds with a nonexistent homedir (as is the standard sbuild configuration).


I would guess this was triggered by the recent upload of a new version 
of cargo.



error: failed to acquire package cache lock

Caused by:
   failed to open: /nonexistent/first-build/.cargo/.package-cache

Caused by:
   Permission denied (os error 13)
/usr/bin/g++ -o buddhcal.o -c 
-I/build/1st/firefox-esr-60.8.0esr/build-browser/dist/system_wrappers -include 
/build/1st/firefox-esr-60.8.0esr/config/gcc_hidden.h -DNDEBUG=1 -DTRIMMED=1 
-DU_I18N_IMPLEMENTATION -DUCONFIG_NO_TRANSLITERATION 
-DUCONFIG_NO_REGULAR_EXPRESSIONS -DUCONFIG_NO_LEGACY_CONVERSION 
-DU_USING_ICU_NAMESPACE=0 -DU_NO_DEFAULT_INCLUDE_UTF_HEADERS=1 
-DU_CHARSET_IS_UTF8 -DU_HAVE_NL_LANGINFO_CODESET=0 
-I/build/1st/firefox-esr-60.8.0esr/config/external/icu/i18n 
-I/build/1st/firefox-esr-60.8.0esr/build-browser/config/external/icu/i18n 
-I/build/1st/firefox-esr-60.8.0esr/intl/icu/source/common 
-I/build/1st/firefox-esr-60.8.0esr/build-browser/dist/include 
-I/usr/include/nspr -I/usr/include/nss -fPIC -DMOZILLA_CLIENT -include 
/build/1st/firefox-esr-60.8.0esr/build-browser/mozilla-config.h -Wdate-time 
-D_FORTIFY_SOURCE=2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -Wempty-body 
-Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare 
-Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof 
-Wc++1z-compat -Wduplicated-cond -Wimplicit-fallthrough 
-Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations 
-Wno-error=array-bounds -Wno-error=free-nonheap-object -Wformat 
-Wformat-overflow=2 -fno-sized-deallocation -fstack-protector-strong -Wformat 
-Werror=format-security -fno-schedule-insns2 -fno-lifetime-dse 
-fno-delete-null-pointer-checks -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 
-fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections 
-fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g 
-freorder-blocks -O2 -fomit-frame-pointer -frtti  -MD -MP -MF 
.deps/buddhcal.o.pp   
/build/1st/firefox-esr-60.8.0esr/intl/icu/source/i18n/buddhcal.cpp
make[6]: *** [/build/1st/firefox-esr-60.8.0esr/config/rules.mk:979: 
force-cargo-library-build] Error 101
make[6]: Leaving directory 
'/build/1st/firefox-esr-60.8.0esr/build-browser/toolkit/library/rust'
make[5]: *** [/build/1st/firefox-esr-60.8.0esr/config/recurse.mk:73: 
toolkit/library/rust/target] Error 2
make[5]: *** Waiting for unfinished jobs
--- End Message ---
--- Begin Message ---
On 2019-08-15 11:35:43 +0900, Mike Hommey wrote:
> On Thu, Aug 15, 2019 at 03:16:20AM +0100, peter green wrote:
> > So the libvpx transition prompted me to take a look at this, I added some 
> > code to debian/rules to create a fake homedir, use it for the build and 
> > remove it in the clean target.
> 
> https://salsa.debian.org/mozilla-team/firefox/commit/c5bcfb20fde52a1f659270210e4cd40f5f1e8d59

So let'S close this issue.

Cheers

> 
> > Unfortunately I then ran into another failure.
> > 
> > > /firefox-esr/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp9/vp9_impl.cc:858:17:
> > >  error: âstruct vpx_svc_ref_frame_configâ has no member named 
> > > âframe_flagsâ
> > >  sf_conf.frame_flags[layer_idx] = layer_flags;
> > 
> > I have no idea what to make of this. My google searches aren't turning up 
> > anything useful.
> 
> libvpx's API changed.
> 
> https://salsa.debian.org/mozilla-team/firefox/commit/f26d0387eea70b2ebceabeb86ec728227199f302
> 
> Mike

-- 
Sebastian Ramacher--- End Message ---

Bug#1031794: socklog: fails to extract source package: dpkg-source: error: pathname 'socklog-2.1.0+repack/debian/service/socklog-unix/log/supervise' points outside source root (to '/run/runit/supervis

[Lucas Nussbaum]

Source: socklog
Version: 2.1.0+repack-4
Severity: serious

Hi,

# dget 
https://deb.debian.org/debian/pool/main/s/socklog/socklog_2.1.0+repack-4.dsc
dget: retrieving 
https://deb.debian.org/debian/pool/main/s/socklog/socklog_2.1.0+repack-4.dsc
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100  1980  100  19800 0   8615  0 --:--:-- --:--:-- --:--:--  8646
dget: retrieving 
https://deb.debian.org/debian/pool/main/s/socklog/socklog_2.1.0+repack.orig.tar.gz
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100 59796  100 597960 0   162k  0 --:--:-- --:--:-- --:--:--  163k
dget: retrieving 
https://deb.debian.org/debian/pool/main/s/socklog/socklog_2.1.0+repack-4.debian.tar.xz
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100 11080  100 110800 0  46909  0 --:--:-- --:--:-- --:--:-- 46751
socklog_2.1.0+repack-4.dsc:
  Good signature found
   validating socklog_2.1.0+repack.orig.tar.gz
   validating socklog_2.1.0+repack-4.debian.tar.xz
All files validated successfully.
dpkg-source: info: extracting socklog in socklog-2.1.0+repack
dpkg-source: info: unpacking socklog_2.1.0+repack.orig.tar.gz
dpkg-source: info: unpacking socklog_2.1.0+repack-4.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 0001-socklog-conf-update-service.patch
dpkg-source: info: applying 0002-tryto-c.patch
dpkg-source: info: applying 0003-patches-fix-build-warnings.patch
dpkg-source: error: pathname 
'socklog-2.1.0+repack/debian/service/socklog-unix/log/supervise' points outside 
source root (to '/run/runit/supervise/socklog-unix.log')

That's on a system with a mix of testing and unstable. I'm not sure of
which package introduced that additional check. Let me know if you
cannot reproduce.

Lucas

Bug#1030047: marked as done (ruby-sanitize: CVE-2023-23627)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 20:39:18 +
with message-id 
and subject line Bug#1030047: fixed in ruby-sanitize 6.0.0-1.1
has caused the Debian Bug report #1030047,
regarding ruby-sanitize: CVE-2023-23627
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1030047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-sanitize
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for ruby-sanitize.

CVE-2023-23627[0]:
| Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0
| and later, prior to 6.0.1, are vulnerable to Cross-site Scripting.
| When Sanitize is configured with a custom allowlist that allows
| `noscript` elements, attackers are able to include arbitrary HTML,
| resulting in XSS (cross-site scripting) or other undesired behavior
| when that HTML is rendered in a browser. The default configurations do
| not allow `noscript` elements and are not vulnerable. This issue only
| affects users who are using a custom config that adds `noscript` to
| the element allowlist. This issue has been patched in version 6.0.1.
| Users who are unable to upgrade can prevent this issue by using one of
| Sanitize's default configs or by ensuring that their custom config
| does not include `noscript` in the element allowlist.

https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-23627
https://www.cve.org/CVERecord?id=CVE-2023-23627

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: ruby-sanitize
Source-Version: 6.0.0-1.1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
ruby-sanitize, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1030...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ruby-sanitize 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Feb 2023 20:28:45 +0100
Source: ruby-sanitize
Architecture: source
Version: 6.0.0-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 

Changed-By: Salvatore Bonaccorso 
Closes: 1030047
Changes:
 ruby-sanitize (6.0.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Update tests to remove deprecated minitest 'must_be'
   * Forcibly escape content in "unescaped text" elements inside math or svg
 namespaces
   * Always remove `` elements (CVE-2023-23627) (Closes: #1030047)
Checksums-Sha1:
 074e06989526a8dd794110538a0fe34309f01def 2268 ruby-sanitize_6.0.0-1.1.dsc
 ed6c9c8b7fdff481b6940baa4cdcb52e5cce736c 17396 
ruby-sanitize_6.0.0-1.1.debian.tar.xz
 ba6d200a358aa6ec49fc6498175cf237ff5af824 7578 
ruby-sanitize_6.0.0-1.1_source.buildinfo
Checksums-Sha256:
 634f3aa9d393b001a1fdf7cb86d6679f260b5b16d17b5c2b3d3faa687c9d9941 2268 
ruby-sanitize_6.0.0-1.1.dsc
 cf515cf52292c418cf81248d17aaf0c1b8e4b67871c6d0d3fe9493282522bbf9 17396 
ruby-sanitize_6.0.0-1.1.debian.tar.xz
 745e7ad616af1c07f6f5e5d2d0662aff422baa499fc45e598c26e5f5ccfa9079 7578 
ruby-sanitize_6.0.0-1.1_source.buildinfo
Files:
 bfd909295b2c8dc0d9d5fce5fd567679 2268 ruby optional ruby-sanitize_6.0.0-1.1.dsc
 3b10ff09974f4864f01f3f389c4fa8a8 17396 ruby optional 
ruby-sanitize_6.0.0-1.1.debian.tar.xz
 1f7186cf9f2a39574fb9e93069599493 7578 ruby optional 
ruby-sanitize_6.0.0-1.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPzzYtfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EoGAP/3jjiHgBlpLRLnEqfGLmjpUdb5WHalBU
JMVMa4cvYhOTBA+dcqNjvVmDw7hpecufL8Yjhjr+QIaDm2J/vpV/DmjfsSd/gltz
xeF7rwzs76Bqs56J2oYPJ55poveRb4EZkd6tojUdgLqIezi83XU5X98Jdn2Y6WvF

Bug#837091: firefox-esr: EME DRM extention present and enabled

[Sebastian Ramacher]

Control: severity -1 normal

On 2017-05-27 13:47:45 +0100, Simon McVittie wrote:
> On Thu, 08 Sep 2016 at 20:14:28 +0200, Tjeerd Pinkert wrote:
> > after reading up a bit (late(ly)) on the W3C EME proposed standard for
> > embedding of DRM managed content in web pages, I decided to have a
> > look if it is present in the firefox browser
> [...]
> > I think the presence of code that requires closed source components to
> > function, might violate the DFSG for the main section? On the other
> > hand, no package relation is available in the non-free section as far
> > as I see that is actively depended on. If a decision has been taken on
> > this already, then please close.
> 
> I don't see a freeness problem here.
> 
> Firefox with the EME API enabled at compile time, but no CDM (DRM
> implementation) installed, is presumably no less functional than Firefox
> with the EME API disabled at compile time - so the CDM is not a
> dependency, because Firefox without a CDM is a perfectly acceptable web
> browser (just missing an optional feature). If we shipped CDMs in
> non-free, I don't think Firefox would have a stronger relationship to
> them than Suggests (or more likely, the CDMs would declare an Enhances
> relationship on Firefox, which means the same thing). Packages in main
> are allowed to have Suggests on non-free or even not-in-Debian packages,
> just not (Pre-)Depends or Recommends.
> 
> Free CDMs do seem to exist -
> https://github.com/fraunhoferfokus/open-content-decryption-module is one
> example. It is fairly likely that content publishers will not actually
> *use* those CDMs, but that's between you and the content providers whose
> products you choose to buy. So from a freeness point of view, this
> doesn't seem any worse than any other plugin interface that can accept
> both Free and non-Free plugins - for example glibc NSS, PAM, GStreamer,
> Firefox NPAPI, kernel modules, and OpenGL/EGL/Vulkan drivers.
> 
> I understand your desire to avoid DRM, but I don't think opening
> release-critical bugs requesting that features are removed from our
> builds of Firefox is an appropriate way to go about it.

ACK, so let's downgrade the severity.

Cheers

> > P.S. yes I know, having flash installed as a plugin is as bad as
> > having EME enabled...
> 
> In particular, I believe having the Flash NPAPI plugin installed means
> your copy of Firefox already loads a DRM implementation, because there's
> one in Flash. You might as well use one that is better-sandboxed, which
> is the purpose of EME.
> 
> S

-- 
Sebastian Ramacher

Processed: Re: Bug#837091: firefox-esr: EME DRM extention present and enabled

[Debian Bug Tracking System]

Processing control commands:

> severity -1 normal
Bug #837091 [firefox-esr] firefox-esr: EME DRM extention present and enabled
Severity set to 'normal' from 'serious'

-- 
837091: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031730: marked as done (emacs: CVE-2022-48339 CVE-2022-48338 CVE-2022-48337)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 20:35:33 +
with message-id 
and subject line Bug#1031730: fixed in emacs 1:28.2+1-11
has caused the Debian Bug report #1031730,
regarding emacs: CVE-2022-48339 CVE-2022-48338 CVE-2022-48337
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031730: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031730
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: emacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for emacs.

CVE-2022-48339[0]:
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has
| a command injection vulnerability. In the hfy-istext-command function,
| the parameter file and parameter srcdir come from external input, and
| parameters are not escaped. If a file name or directory name contains
| shell metacharacters, code may be executed.

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c

CVE-2022-48338[1]:
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el,
| the ruby-find-library-file function has a local command injection
| vulnerability. The ruby-find-library-file function is an interactive
| function, and bound to C-c C-f. Inside the function, the external
| command gem is called through shell-command-to-string, but the
| feature-name parameters are not escaped. Thus, malicious Ruby source
| files may cause commands to be executed.

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c

CVE-2022-48337[2]:
| GNU Emacs through 28.2 allows attackers to execute commands via shell
| metacharacters in the name of a source-code file, because lib-
| src/etags.c uses the system C library function in its implementation
| of the etags program. For example, a victim may use the "etags -u *"
| command (suggested in the etags documentation) in a situation where
| the current working directory has contents that depend on untrusted
| input.

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-48339
https://www.cve.org/CVERecord?id=CVE-2022-48339
[1] https://security-tracker.debian.org/tracker/CVE-2022-48338
https://www.cve.org/CVERecord?id=CVE-2022-48338
[2] https://security-tracker.debian.org/tracker/CVE-2022-48337
https://www.cve.org/CVERecord?id=CVE-2022-48337

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: emacs
Source-Version: 1:28.2+1-11
Done: Sean Whitton 

We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton  (supplier of updated emacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 22 Feb 2023 11:01:50 -0700
Source: emacs
Architecture: source
Version: 1:28.2+1-11
Distribution: unstable
Urgency: high
Maintainer: Rob Browning 
Changed-By: Sean Whitton 
Closes: 1031730
Changes:
 emacs (1:28.2+1-11) unstable; urgency=high
 .
   * Cherry-pick upstream fixes for command injection vulnerabilities
 (CVE-2022-48337, CVE-2022-48338, CVE-2022-48339) (Closes: #1031730).
Checksums-Sha1:
 223dc2f593382eccceafc981e05660ef6427632f 2995 emacs_28.2+1-11.dsc
 b40e13562fceaff333833d18f75e5723be3a79fb 119512 emacs_28.2+1-11.debian.tar.xz
Checksums-Sha256:
 b9cdcf6248a472293f12b8e6dfc302e43fe4b87bda5262a393f6df30e7b496a6 2995 
emacs_28.2+1-11.dsc
 043409b864361b16b0baf338dd7d5b85d1d0db07e16af1b2d7e9edaec4055815 119512 
emacs_28.2+1-11.debian.tar.xz
Files:
 e8fe1e2fb7af9e707fcfa67a916484c6 2995 editors optional emacs_28.2+1-11.dsc
 a3a3ec1a4cc1fa36daee7ff11ba4abc9 119512 editors optional 
emacs_28.2+1-11.debian.tar.xz

-BEGIN PGP SIGNATURE-

Processed: closing 831835

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # upstream issue if at all
> close 831835
Bug #831835 [iceweasel] iceweasel: Padlock icon indicates a secure SSL 
connection established w  MitM-ed
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
831835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831835
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1012927: marked as done (firefox-esr: ftbfs with GCC-12)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 21:06:26 +0100
with message-id 
and subject line Re: Bug#1012927: firefox-esr: ftbfs with GCC-12
has caused the Debian Bug report #1012927,
regarding firefox-esr: ftbfs with GCC-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1012927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012927
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:firefox-esr
Version: 91.10.0esr-1
Severity: normal
Tags: sid bookworm
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-12

[This bug is targeted to the upcoming bookworm release]

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-12/g++-12, but succeeds to build with gcc-11/g++-11. The
severity of this report will be raised before the bookworm release.

The full build log can be found at:
http://qa-logs.debian.net/2022/06/09/gcc12/firefox-esr_91.10.0esr-1_unstable_gcc12.log
The last lines of the build log are at the end of this report.

To build with GCC 11, either set CC=gcc-11 CXX=g++-11 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-11/porting_to.html

GCC 11 defaults to the GNU++17 standard.  If your package installs
header files in /usr/include, please don't work around C++17 issues
by choosing a lower C++ standard for the package build, but fix these
issues to build with the C++17 standard.

[...]
 1135 |   JS::Rooted global(aCx, FindAssociatedGlobal(aCx, 
aObject->GetParentObject()));
  | ^~
WebrtcDeprecatedBinding.cpp:1135:25: note: ‘aCx’ declared here
In member function ‘void 
JS::Rooted::registerWithRootLists(JS::RootedListHeads&) [with T = 
JSObject*]’,
inlined from ‘JS::Rooted::Rooted(const RootingContext&, S&&) [with 
RootingContext = JSContext*; S = JSObject*; T = JSObject*]’ at 
/<>/build-browser/dist/include/js/RootingAPI.h:1162:26,
inlined from ‘virtual JSObject* 
mozilla::dom::mozRTCSessionDescription::WrapObject(JSContext*, 
JS::Handle)’ at WebrtcDeprecatedBinding.cpp:1666:96:
/<>/build-browser/dist/include/js/RootingAPI.h:1116:12: warning: 
storing the address of local variable ‘obj’ in 
‘((JS::Rooted**)aCx)[3]’ [-Wdangling-pointer=]
 1116 | *stack = reinterpret_cast*>(this);
  | ~~~^
WebrtcDeprecatedBinding.cpp: In member function ‘virtual JSObject* 
mozilla::dom::mozRTCSessionDescription::WrapObject(JSContext*, 
JS::Handle)’:
WebrtcDeprecatedBinding.cpp:1666:25: note: ‘obj’ declared here
 1666 |   JS::Rooted obj(aCx, 
mozRTCSessionDescription_Binding::Wrap(aCx, this, aGivenProto));
  | ^~~
WebrtcDeprecatedBinding.cpp:1666:25: note: ‘aCx’ declared here
In member function ‘void 
JS::Rooted::registerWithRootLists(JS::RootedListHeads&) [with T = 
JSObject*]’,
inlined from ‘JS::Rooted::Rooted(const RootingContext&, S&&) [with 
RootingContext = JSContext*; S = JSObject*; T = JSObject*]’ at 
/<>/build-browser/dist/include/js/RootingAPI.h:1162:26,
inlined from ‘bool 
mozilla::dom::WindowGlobalChild_Binding::Wrap(JSContext*, 
mozilla::dom::WindowGlobalChild*, nsWrapperCache*, JS::Handle, 
JS::MutableHandle)’ at WindowGlobalActorsBinding.cpp:1502:90:
/<>/build-browser/dist/include/js/RootingAPI.h:1116:12: warning: 
storing the address of local variable ‘global’ in 
‘((JS::Rooted**)aCx)[3]’ [-Wdangling-pointer=]
 1116 | *stack = reinterpret_cast*>(this);
  | ~~~^
WindowGlobalActorsBinding.cpp: In function ‘bool 
mozilla::dom::WindowGlobalChild_Binding::Wrap(JSContext*, 
mozilla::dom::WindowGlobalChild*, nsWrapperCache*, JS::Handle, 
JS::MutableHandle)’:
WindowGlobalActorsBinding.cpp:1502:25: note: ‘global’ declared here
 1502 |   JS::Rooted global(aCx, FindAssociatedGlobal(aCx, 
aObject->GetParentObject()));
  | ^~
WindowGlobalActorsBinding.cpp:1502:25: note: ‘aCx’ declared here
In member function ‘void 

Bug#828159: marked as done (firefox-esr: session tabs lost after upgrade from iceweasel to firefox-esr)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 20:58:40 +0100
with message-id 
and subject line Re: Bug#828159: iceweasel -> firefox-esr upgrades won't be 
relevant for buster
has caused the Debian Bug report #828159,
regarding firefox-esr: session tabs lost after upgrade from iceweasel to 
firefox-esr
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
828159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: firefox-esr
Version: 45.2.0esr-1
Severity: grave
Justification: causes non-serious data loss

Dear Maintainer,

I updated from Iceweasel to Firefox ESR and after restarting, my old tabs were 
lost.

The session tabs appear to be still saved in sessionstore.bak in the profile 
folder.
However, I have no idea how to make Firefox ESR use that file.

-- Package-specific info:

-- Extensions information
Name: Default theme
Location: 
/usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Package: firefox-esr
Status: enabled

Name: Firefox Hello Beta
Location: ${PROFILE_EXTENSIONS}/l...@mozilla.org.xpi
Status: enabled

Name: NoScript
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232}
Package: xul-ext-noscript
Status: enabled

Name: Tree Style Tab
Location: 
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/treestyle...@piro.sakura.ne.jp
Package: xul-ext-treestyletab
Status: enabled

-- Plugins information

-- Addons package information
ii  firefox-esr45.2.0esr-1  i386 Mozilla Firefox web browser - Ext
ii  xul-ext-noscri 2.6.9.30-1   all  permissions manager for Iceweasel
ii  xul-ext-treest 0.15.2015030 all  Show browser tabs like a tree

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.13-1-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages firefox-esr depends on:
ii  debianutils   4.5.1
ii  fontconfig2.11.0-6.3
ii  libasound21.0.29-1
ii  libatk1.0-0   2.16.0-2
ii  libc6 2.19-19
ii  libcairo2 1.14.2-2
ii  libdbus-1-3   1.10.4-1
ii  libdbus-glib-1-2  0.102-1
ii  libevent-2.0-52.0.21-stable-2
ii  libffi6   3.2.1-3
ii  libfontconfig12.11.0-6.3
ii  libfreetype6  2.5.2-4
ii  libgcc1   1:4.9.2-10
ii  libgdk-pixbuf2.0-02.31.5-1
ii  libglib2.0-0  2.46.2-3
ii  libgtk2.0-0   2.24.28-1
ii  libhunspell-1.4-0 1.4.1-2
ii  libnspr4  2:4.10.8-2
ii  libnss3   2:3.19.2-1
ii  libpango-1.0-01.40.1-1
ii  libsqlite3-0  3.8.10.2-1
ii  libstartup-notification0  0.12-4
ii  libstdc++65.2.1-17
ii  libvpx3   1.5.0-2
ii  libx11-6  2:1.6.3-1
ii  libxcomposite11:0.4.4-1
ii  libxdamage1   1:1.1.4-2+b1
ii  libxext6  2:1.3.3-1
ii  libxfixes31:5.0.1-2+b2
ii  libxrender1   1:0.9.8-1+b1
ii  libxt61:1.1.4-1+b1
ii  procps2:3.3.9-9
ii  zlib1g1:1.2.8.dfsg-2+b1

Versions of packages firefox-esr recommends:
ii  gstreamer1.0-libav 1.4.5-3
ii  gstreamer1.0-plugins-good  1.8.1-1

Versions of packages firefox-esr suggests:
ii  fonts-lmodern  2.004.4-5
pn  fonts-stix | otf-stix  
ii  libcanberra0   0.30-2.1
ii  libgnomeui-0   2.24.5-3
ii  libgssapi-krb5-2   1.12.1+dfsg-20
pn  mozplugger 

-- no debconf information
--- End Message ---
--- Begin Message ---
On 2017-05-25 20:12:55 +0300, Adrian Bunk wrote:
> tags 828159 wheezy jessie stretch
> thanks
> 
> iceweasel -> firefox-esr upgrades won't be relevant for buster since
> iceweasel won't ever be in post-release stretch.

Which is no longer relevant. So let's close this bug.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Bug#925681: marked as done (firefox-esr: ftbfs with GCC-9)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 20:54:46 +0100
with message-id 
and subject line Re: Bug#925681: firefox-esr: ftbfs with GCC-9
has caused the Debian Bug report #925681,
regarding firefox-esr: ftbfs with GCC-9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925681: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925681
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:firefox-esr
Version: 60.6.1esr-1
Severity: normal
Tags: sid bullseye
User: debian-...@lists.debian.org
Usertags: ftbfs-gcc-9

Please keep this issue open in the bug tracker for the package it
was filed for.  If a fix in another package is required, please
file a bug for the other package (or clone), and add a block in this
package. Please keep the issue open until the package can be built in
a follow-up test rebuild.

The package fails to build in a test rebuild on at least amd64 with
gcc-9/g++-9, but succeeds to build with gcc-8/g++-8. The
severity of this report will be raised before the bullseye release,
so nothing has to be done for the buster release.

The full build log can be found at:
http://people.debian.org/~doko/logs/gcc9-20190321/firefox-esr_60.6.1esr-1_unstable_gcc9.log
The last lines of the build log are at the end of this report.

To build with GCC 9, either set CC=gcc-9 CXX=g++-9 explicitly,
or install the gcc, g++, gfortran, ... packages from experimental.

  apt-get -t=experimental install g++ 

Common build failures are new warnings resulting in build failures with
-Werror turned on, or new/dropped symbols in Debian symbols files.
For other C/C++ related build failures see the porting guide at
http://gcc.gnu.org/gcc-9/porting_to.html

GCC 9 also passes the linker option --as-needed by default; typical
build issues are passing libraries before object files to the linker,
or underlinking of convenience libraries built from the same source.

[...]
   31 |   NS_INTERFACE_MAP_ENTRY(nsISupports)
  |   ^~
/<>/dom/bindings/SimpleGlobalObject.cpp: In member function 
'virtual nsresult mozilla::dom::SimpleGlobalObject::QueryInterface(const 
nsIID&, void**)':
/<>/build-browser/dist/include/nsISupportsImpl.h:936:3: warning: 
macro expands to multiple statements [-Wmultistatement-macros]
  936 |   foundInterface = 0;\
  |   ^~
/<>/build-browser/dist/include/nsISupportsImpl.h:994:30: note: in 
expansion of macro 'NS_IMPL_QUERY_TAIL_GUTS'
  994 | #define NS_INTERFACE_MAP_END NS_IMPL_QUERY_TAIL_GUTS
  |  ^~~
/<>/dom/bindings/SimpleGlobalObject.cpp:42:1: note: in expansion 
of macro 'NS_INTERFACE_MAP_END'
   42 | NS_INTERFACE_MAP_END
  | ^~~~
/<>/build-browser/dist/include/nsISupportsImpl.h:918:3: note: some 
parts of macro expansion are not guarded by this 'else' clause
  918 |   else
  |   ^~~~
/<>/build-browser/dist/include/nsISupportsImpl.h:988:44: note: in 
expansion of macro 'NS_IMPL_QUERY_BODY'
  988 | #define NS_INTERFACE_MAP_ENTRY(_interface) 
NS_IMPL_QUERY_BODY(_interface)
  |^~
/<>/dom/bindings/SimpleGlobalObject.cpp:41:3: note: in expansion 
of macro 'NS_INTERFACE_MAP_ENTRY'
   41 |   NS_INTERFACE_MAP_ENTRY(nsIGlobalObject)
  |   ^~
/<>/dom/bindings/nsScriptErrorWithStack.cpp: In member function 
'virtual nsresult nsScriptErrorWithStack::QueryInterface(const nsIID&, void**)':
/<>/build-browser/dist/include/nsISupportsImpl.h:936:3: warning: 
macro expands to multiple statements [-Wmultistatement-macros]
  936 |   foundInterface = 0;\
  |   ^~
/<>/build-browser/dist/include/nsISupportsImpl.h:994:30: note: in 
expansion of macro 'NS_IMPL_QUERY_TAIL_GUTS'
  994 | #define NS_INTERFACE_MAP_END NS_IMPL_QUERY_TAIL_GUTS
  |  ^~~
/<>/dom/bindings/nsScriptErrorWithStack.cpp:61:1: note: in 
expansion of macro 'NS_INTERFACE_MAP_END'
   61 | NS_INTERFACE_MAP_END
  | ^~~~
/<>/build-browser/dist/include/nsISupportsImpl.h:918:3: note: some 
parts of macro expansion are not guarded by this 'else' clause
  918 |   else
  |   ^~~~
/<>/build-browser/dist/include/nsISupportsImpl.h:988:44: note: in 
expansion of macro 'NS_IMPL_QUERY_BODY'
  988 | #define NS_INTERFACE_MAP_ENTRY(_interface) 
NS_IMPL_QUERY_BODY(_interface)
  |^~

Bug#1029731: libglapi-mesa: Apps fail with 'DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory' after upgrade from 22.3.2-1 to 22.3.3-1

[Diederik de Haas]

Control: tag -1 upstream fixed-upstream patch

On Tue, 31 Jan 2023 01:19:54 +0300 Andrey Skvortsov 
 wrote:
> Here is link to created upstream issue.
> https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198

In https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21330 this issue 
got fixed upstream and I've attached the patch/diff to this message.

When adding it to debian/patches and adding it to debian/patches/series and 
running `debian/rules patch`, it applies cleanly (which is not the case for 
all of them):

```
me@laptop:~/dev/debian/salsa/xorg-team/lib/mesa$ debian/rules patch
dh patch --with quilt \
--builddirectory=build/ \
--buildsystem=meson
   dh_quilt_patch -O--builddirectory=build/ -O--buildsystem=meson
Applying patch 07_gallium-fix-build-failure-on-powerpcspe.diff
patching file src/gallium/include/pipe/p_config.h

Applying patch path_max.diff
patching file src/util/tests/cache_test.cpp
Hunk #1 succeeded at 82 (offset 1 line).
patching file src/util/tests/process_test.c
patching file src/gallium/auxiliary/pipe-loader/pipe_loader.c
Hunk #1 succeeded at 42 (offset -1 lines).

Applying patch src_glx_dri_common.h.diff
patching file src/glx/dri_common.h
Hunk #1 succeeded at 57 (offset 2 lines).

Applying patch bug102973-lima.diff
patching file src/gallium/drivers/lima/lima_resource.c

Now at patch bug102973-lima.diff
```

HTH>From c426e5677f36c3b0b8e8ea199ed4f2c7fad06d47 Mon Sep 17 00:00:00 2001
From: Erico Nunes 
Date: Sun, 12 Feb 2023 22:33:30 +0100
Subject: [PATCH] lima: don't use resource_from_handle while creating scanout

resource_from_handle implementations create an additional reference to
the scanout resource, which caused lima to leak those resources after
commit ad4d7ca8332488be8a75aff001f00306a9f6402e.

Do as the other drivers do and import the bo directly while creating
the scanount resource.

Cc: 22.3 mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198
Signed-off-by: Erico Nunes 
Reviewed-by: Vasily Khoruzhick 
Part-of: 
---
 src/gallium/drivers/lima/lima_resource.c | 26 ++--
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/src/gallium/drivers/lima/lima_resource.c b/src/gallium/drivers/lima/lima_resource.c
index 54869ec03d24..0b7691f2b46f 100644
--- a/src/gallium/drivers/lima/lima_resource.c
+++ b/src/gallium/drivers/lima/lima_resource.c
@@ -59,7 +59,10 @@ lima_resource_create_scanout(struct pipe_screen *pscreen,
struct lima_screen *screen = lima_screen(pscreen);
struct renderonly_scanout *scanout;
struct winsys_handle handle;
-   struct pipe_resource *pres;
+
+   struct lima_resource *res = CALLOC_STRUCT(lima_resource);
+   if (!res)
+  return NULL;
 
struct pipe_resource scanout_templat = *templat;
scanout_templat.width0 = width;
@@ -71,20 +74,31 @@ lima_resource_create_scanout(struct pipe_screen *pscreen,
if (!scanout)
   return NULL;
 
+   res->base = *templat;
+   res->base.screen = pscreen;
+   pipe_reference_init(>base.reference, 1);
+   res->levels[0].offset = handle.offset;
+   res->levels[0].stride = handle.stride;
+
assert(handle.type == WINSYS_HANDLE_TYPE_FD);
-   pres = pscreen->resource_from_handle(pscreen, templat, ,
-PIPE_HANDLE_USAGE_FRAMEBUFFER_WRITE);
+   res->bo = lima_bo_import(screen, );
+   if (!res->bo) {
+  FREE(res);
+  return NULL;
+   }
+
+   res->modifier_constant = true;
 
close(handle.handle);
-   if (!pres) {
+   if (!res->bo) {
   renderonly_scanout_destroy(scanout, screen->ro);
+  FREE(res);
   return NULL;
}
 
-   struct lima_resource *res = lima_resource(pres);
res->scanout = scanout;
 
-   return pres;
+   return >base;
 }
 
 static uint32_t
-- 
GitLab



signature.asc
Description: This is a digitally signed message part.

Processed: Re: Bug#1029731: libglapi-mesa: Apps fail with 'DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory' after upgrade from 22.3.2-1 to 22.3.3-1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 upstream fixed-upstream patch
Bug #1029731 [libglapi-mesa] libglapi-mesa: Apps fail with 
'DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory' after upgrade from 
22.3.2-1 to 22.3.3-1
Added tag(s) upstream, patch, and fixed-upstream.

-- 
1029731: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029731
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031748: marked as done (zoph fails to purge when adduser is not installed)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 18:53:49 +
with message-id 
and subject line Bug#1031748: fixed in zoph 1.0.1-2
has caused the Debian Bug report #1031748,
regarding zoph fails to purge when adduser is not installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031748
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zoph
Version: 0.9.19-1
Severity: serious

https://piuparts.debian.org/sid/fail/zoph_1.0.1-1.log

...
  Purging configuration files for zoph (1.0.1-1) ...
  /var/lib/dpkg/info/zoph.postrm: 39: delgroup: not found
  dpkg: error processing package zoph (--purge):
   installed zoph package post-removal script subprocess returned error exit 
status 127
  Errors were encountered while processing:
   zoph
...


https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#summary-of-ways-maintainer-scripts-are-called

The postrm script is called after the package’s files have been removed or 
replaced. The package whose postrm is being called may have previously been 
deconfigured and only be “Unpacked”, at which point subsequent package changes 
do not consider its dependencies. Therefore, all postrm actions must only rely 
on essential packages and must gracefully skip any actions that require the 
package’s dependencies if those dependencies are unavailable.
--- End Message ---
--- Begin Message ---
Source: zoph
Source-Version: 1.0.1-2
Done: John Lines 

We believe that the bug you reported is fixed in the latest version of
zoph, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Lines  (supplier of updated zoph package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 22 Feb 2023 18:30:04 +
Source: zoph
Architecture: source
Version: 1.0.1-2
Distribution: unstable
Urgency: medium
Maintainer: John Lines 
Changed-By: John Lines 
Closes: 1031675 1031748
Changes:
 zoph (1.0.1-2) unstable; urgency=medium
 .
   * Depend on adduser
   * Use groupdel to remove zoph group if delgroup is not available
 (Closes: #1031748)
   * Standards version to 4.6.2
   * Remove /var/lib/zoph even if non empty if keep_images is false
   * Updated German debconf translation (Closes: #1031675)
Checksums-Sha1:
 c56dbaed982a5436a9baae10e1ec642a2db905ec 1713 zoph_1.0.1-2.dsc
 27deb17e5cdf8fd2ee04c0f49f23ce86fd63e7a2 15896 zoph_1.0.1-2.debian.tar.xz
 7ec468f9e62646e5e9740bea7593c632aeb122ba 6274 zoph_1.0.1-2_source.buildinfo
Checksums-Sha256:
 a7acba8301d2838e491ddbca78c7f8a97eab9aa77684254c5908c3ba84753828 1713 
zoph_1.0.1-2.dsc
 8c33577cad453ce388dda30589411d5b2d4d1ad166ac3257c800b2e6d018f821 15896 
zoph_1.0.1-2.debian.tar.xz
 23a393fe541ac1ff33242d36778d0ee730d9011d3a7314d8b76fcd02fd683498 6274 
zoph_1.0.1-2_source.buildinfo
Files:
 0007ba3b3081ec41a7cf566a6d16e515 1713 web optional zoph_1.0.1-2.dsc
 8b27ad6fc72a324bc4a0ca302e7619b7 15896 web optional zoph_1.0.1-2.debian.tar.xz
 ecb08b2774671264008cf52fbad98ac0 6274 web optional 
zoph_1.0.1-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEEqH8J6LTFSJCxem30HxJlOZZGhecFAmP2X14RHGpvaG5AcGFs
YWR5bi5vcmcACgkQHxJlOZZGhedW5g/9FGiNulQjVjBjPAWaZbrcULQ1EMsfCVKC
8L97+i9KAbs1wdjmocuw03Qad47E4mnmuGu2UMC6gYDcCyb2UXHJWLuSQjI3LbHm
P/fzSYnR+WYmbfAuUko1fLX6NRrgcCvKsXDwYvcKpXQ4QXG5RlZFyQOY0dhL+EdK
qv3QXM0pKXOQ9hVE8rGK/21V/wt/avlOow8t99ccolyt6y2KhD4/fSDRgRLIDiWu
Q8NR1i0UyS9nzXnbe7+PD7aQ7oseYG++15EL80pofJUX9Qpiuh0GArxjLnSZQklU
StlhCYU9lwxQzxAqLHD9azrisJOjMLD9lCnPuje1R79nBAVJuHmmFUEEgH2aOtq4
FwPCmJ8lhiCeGI+uJh0MvLMqA0MgfN4MzTz/lH223+o1Dtb+MqhwjYDJg09AMJsx
Fv3ExfyKjAqHpBOnKPxZM+ajiJZuhNNEbdLfcXNB1Acy4wOmY/QwndfDG/fP0Gbl
uXqO1m1AdxPZoLPvYHA/ZNoQ9AQ2+U5clAVQOciU6tX3tls6Q4/SmsSmgvNFYuXl
w7men2OHJm8cyTXxBcE8tOmicGF1xGBADNb9LvhTxCb5/BM7l/d9N7ArPRJQigJD
iKNNwAJeYZj+/71njE5Y0f3K+m6CEqmCULtNIdou/LVhMG+tcMfdnBNUgQTusJGK
7tz4eR6VRPg=
=r8rz
-END PGP SIGNATURE End Message ---

Bug#1031745: gdb: breaks rustc gdb debuginfo tests

[Fabian Grünbichler]

Hi!

I extracted one of the failing tests and the corresponding gdb commands
so that you can more easily (and quicker) reproduce the issue:

https://salsa.debian.org/fg/rustc-gdb-1031745

instructions are contained within as well. changing the triggering
function (multiple_arguments) to either just have the tuple as argument,
or making the signature

 fn multiple_arguments((oo, pp): (isize, isize), (qq, rr): (isize, isize)) { 

(and adapting the call accordingly) makes the problem go away.

just having multiple_arguments with the call as standalone test case
also doesn't trigger the issue.

Bug#1031786: logcheck: Filtering not working with entries from journald

[Helge Kreutzmann]

Package: logcheck
Version: 1.4.1
Severity: grave
Justification: renders package unusable

The change for #1025719 broke logcheck massively.

I've extensivly tuned logcheck files which nicely filter out lots of
messages (see statistics at the end).

Now I see them all again (only those comming from the journal). 

I don't see any information what I should do for migration.

Let's use a trivial example. The following harmless message is emitted
by courier to the journal:
Feb 22 16:37:40 meinfjell courierd[401638]: Installing uucp

In syslog this is:
syslog:2023-02-22T14:37:40.491690+00:00 meinfjell courierd: Installing uucp

I have the following in 
/etc/logcheck/ignore.d.server:
meinfjell courierd: Initializing uucp


As you can see, the message from the journal is slightly different
than from syslog, breaking tons of rules.

If such a feature is introduced, it should definitely have a switch so
that admins can decide when to change (requires adapting many rules).
Filtering both looks very impractical.

For statistics:
On my local system, I have 11396 lines of rules, on my server system
currently 2721 (I'm in the processing of setting this up, so this will
grow).


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.9 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logcheck depends on:
ii  adduser3.131
ii  cron [cron-daemon] 3.0pl1-156
ii  exim4-daemon-light [mail-transport-agent]  4.96-14
ii  lockfile-progs 0.1.19
ii  logtail1.4.1
ii  mime-construct 1.12+really1.11-1

Versions of packages logcheck recommends:
ii  logcheck-database  1.4.1

Versions of packages logcheck suggests:
ii  rsyslog [system-log-daemon]  8.2212.0-1

-- Configuration Files:
/etc/logcheck/header.txt [Errno 13] Keine Berechtigung: 
'/etc/logcheck/header.txt'
/etc/logcheck/logcheck.conf [Errno 13] Keine Berechtigung: 
'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Keine Berechtigung: 
'/etc/logcheck/logcheck.logfiles'
/etc/logcheck/logcheck.logfiles.d/journal.logfiles [Errno 13] Keine 
Berechtigung: '/etc/logcheck/logcheck.logfiles.d/journal.logfiles'
/etc/logcheck/logcheck.logfiles.d/syslog.logfiles [Errno 13] Keine 
Berechtigung: '/etc/logcheck/logcheck.logfiles.d/syslog.logfiles'

-- no debconf information

-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software "libre": http://www.ffii.de/


signature.asc
Description: PGP signature

Bug#1019841: Testing the patch

[Michael Fritscher]

Good day,

I would like to test it in "full connectivity" mode more than happily.

Could you provide a binary package with this patch included? Else I will
try to build it myself - but no guarantee that I will succeed^^

Best regards
Michael

Bug#1031238: marked as pending in debci

[Antonio Terceiro]

Control: tag -1 pending

Hello,

Bug #1031238 in debci reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ci-team/debci/-/commit/917430ee7492279993eef2fa5599944866ce6793


debci generate-apt-sources: add support for non-free-firmware

Closes: #1031238


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1031238

Processed: Bug#1031238 marked as pending in debci

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1031238 [debci] debci: fails for source packages in non-free-firmware
Added tag(s) pending.

-- 
1031238: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031238
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1017302: Thank you for contacting us.

[Apple Support]

Thank you for contacting us.
 

We’ve received your support request and will get back to you in one to two 
business days. Your case number is 3001605065.

For additional information on development-related topics, visit:
https://developer.apple.com/support/

Best regards, 

Apple Developer Program Support


Copyright (c) 2023 Apple Inc. All rights reserved.

Contact Us
https://developer.apple.com/contact/

Developer
https://developer.apple.com/

My Apple ID
https://appleid.apple.com

Privacy Policy
https://www.apple.com/privacy/

Bug#1027870: Thank you for contacting us.

[Apple Support]

Thank you for contacting us.
 

We’ve received your support request and will get back to you in one to two 
business days. Your case number is 3001595937.

For additional information on development-related topics, visit:
https://developer.apple.com/support/

Best regards, 

Apple Developer Program Support


Copyright (c) 2023 Apple Inc. All rights reserved.

Contact Us
https://developer.apple.com/contact/

Developer
https://developer.apple.com/

My Apple ID
https://appleid.apple.com

Privacy Policy
https://www.apple.com/privacy/

Bug#1029261: Thank you for contacting us.

[Apple Support]

Thank you for contacting us.
 

We’ve received your support request and will get back to you in one to two 
business days. Your case number is 3001596588.

For additional information on development-related topics, visit:
https://developer.apple.com/support/

Best regards, 

Apple Developer Program Support


Copyright (c) 2023 Apple Inc. All rights reserved.

Contact Us
https://developer.apple.com/contact/

Developer
https://developer.apple.com/

My Apple ID
https://appleid.apple.com

Privacy Policy
https://www.apple.com/privacy/

Bug#1031310: closing 1031310, found 1031310 in 1:2.30.2-1

[Salvatore Bonaccorso]

close 1031310 1:2.30.2-1+deb11u2
found 1031310 1:2.30.2-1
thanks

Processed: closing 1031310, found 1031310 in 1:2.30.2-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 1031310 1:2.30.2-1+deb11u2
Bug #1031310 {Done: Salvatore Bonaccorso } [src:git] git: 
CVE-2023-22490 CVE-2023-23946
The source 'git' and version '1:2.30.2-1+deb11u2' do not appear to match any 
binary packages
Marked as fixed in versions git/1:2.30.2-1+deb11u2.
Bug #1031310 {Done: Salvatore Bonaccorso } [src:git] git: 
CVE-2023-22490 CVE-2023-23946
Bug 1031310 is already marked as done; not doing anything.
> found 1031310 1:2.30.2-1
Bug #1031310 {Done: Salvatore Bonaccorso } [src:git] git: 
CVE-2023-22490 CVE-2023-23946
Ignoring request to alter found versions of bug #1031310 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1028728: Thank you for contacting us.

[Apple Support]

Thank you for contacting us.
 

We’ve received your support request and will get back to you in one to two 
business days. Your case number is 3001567911.

For additional information on development-related topics, visit:
https://developer.apple.com/support/

Best regards, 

Apple Developer Program Support


Copyright (c) 2023 Apple Inc. All rights reserved.

Contact Us
https://developer.apple.com/contact/

Developer
https://developer.apple.com/

My Apple ID
https://appleid.apple.com

Privacy Policy
https://www.apple.com/privacy/

Bug#1029803: command-not-found breaks dist-upgrade bullseye → bookworm

[Paul Gevers]

Control: tags -1 pending

On 20-02-2023 16:20, Paul Gevers wrote:
I have the attached debdiff ready to handle with the stable release 
managers.


I have uploaded the attached debdiff, I took the liberty to also fix the 
autopkgtest (cherry-pick from unstable).


Paul
diff --git a/debian/changelog b/debian/changelog
index da6aa89..15f7177 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+command-not-found (20.10.1-1+deb11u1) bullseye; urgency=medium
+
+  * creator.py: add new non-free-firmware component (Closes: #1029803)
+  * debian/tests: Add adduser dependency, fix test to not assume vim-tiny
+matches for vim. (from bookworm branch)
+
+ -- Paul Gevers   Wed, 22 Feb 2023 16:09:19 +0100
+
 command-not-found (20.10.1-1) unstable; urgency=medium
 
   * Trim trailing whitespace.
diff --git 
a/debian/patches/0001-creator.py-add-new-non-free-firmware-component.patch 
b/debian/patches/0001-creator.py-add-new-non-free-firmware-component.patch
new file mode 100644
index 000..ad4b3d8
--- /dev/null
+++ b/debian/patches/0001-creator.py-add-new-non-free-firmware-component.patch
@@ -0,0 +1,25 @@
+From 95e94853f4abff33f576e58ebeab795f6cb1a62e Mon Sep 17 00:00:00 2001
+From: Paul Gevers 
+Date: Sun, 19 Feb 2023 21:45:07 +0100
+Subject: [PATCH] creator.py: add new non-free-firmware component
+
+Closes: #1029803
+---
+ CommandNotFound/db/creator.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CommandNotFound/db/creator.py b/CommandNotFound/db/creator.py
+index 75d01f1..8f6ef70 100755
+--- a/CommandNotFound/db/creator.py
 b/CommandNotFound/db/creator.py
+@@ -20,6 +20,7 @@ component_priorities = {
+ 'universe': 100,
+ 'contrib': 80,
+ 'restricted': 60,
++'non-free-firmware': 50,
+ 'non-free': 40,
+ 'multiverse': 20,
+ }
+-- 
+2.39.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 28cdfac..a459c03 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 bts.diff
 0003-cnf-update-db-Add-support-for-Contents-files.patch
+0001-creator.py-add-new-non-free-firmware-component.patch
diff --git a/debian/tests/control b/debian/tests/control
index 4062764..956933f 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,4 +1,4 @@
 Tests: smoke
 Restrictions: needs-root
-Depends: command-not-found
+Depends: command-not-found, adduser
 
diff --git a/debian/tests/smoke b/debian/tests/smoke
index 4f0e5ae..7236ab2 100755
--- a/debian/tests/smoke
+++ b/debian/tests/smoke
@@ -10,7 +10,7 @@ apt-get update
 
 echo "Ensure we have results from c-n-f"
 /usr/lib/command-not-found --ignore-installed vim 2>&1 | grep vim
-/usr/lib/command-not-found --ignore-installed vim 2>&1 | grep vim-tiny
+/usr/lib/command-not-found --ignore-installed vim 2>&1 | grep "command '.*' 
from deb "
 
 
 echo "Add testuser"


OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: command-not-found breaks dist-upgrade bullseye → bookworm

[Debian Bug Tracking System]

Processing control commands:

> tags -1 pending
Bug #1029803 [command-not-found] command-not-found breaks dist-upgrade bullseye 
→ bookworm
Added tag(s) pending.

-- 
1029803: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029803
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1017302: marked as done (golang-github-powerman-check: FTBFS: dh_auto_test: error: cd _build && go test -vet=off -v -p 8 github.com/powerman/check returned exit code 1)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 15:28:17 +
with message-id 
and subject line Bug#1017302: fixed in golang-github-powerman-check 1.6.0-1
has caused the Debian Bug report #1017302,
regarding golang-github-powerman-check: FTBFS: dh_auto_test: error: cd _build 
&& go test -vet=off -v -p 8 github.com/powerman/check returned exit code 1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1017302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017302
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-powerman-check
Version: 1.2.1-2
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20220813 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
>  debian/rules binary
> dh binary --builddirectory=_build --buildsystem=golang --with=golang
>dh_update_autotools_config -O--builddirectory=_build -O--buildsystem=golang
>dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang
>dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang
>dh_auto_build -O--builddirectory=_build -O--buildsystem=golang
>   cd _build && go install -trimpath -v -p 8 github.com/powerman/check
> internal/goarch
> internal/goos
> internal/race
> internal/unsafeheader
> internal/goexperiment
> runtime/internal/syscall
> runtime/internal/atomic
> internal/cpu
> sync/atomic
> unicode/utf8
> internal/abi
> unicode
> runtime/internal/math
> runtime/internal/sys
> encoding
> math/bits
> internal/itoa
> unicode/utf16
> golang.org/x/sys/internal/unsafeheader
> internal/bytealg
> math
> runtime
> internal/reflectlite
> sync
> internal/testlog
> math/rand
> internal/sysinfo
> sort
> errors
> io
> strconv
> internal/oserror
> path
> syscall
> bytes
> strings
> reflect
> bufio
> github.com/smartystreets/goconvey/convey/gotest
> regexp/syntax
> internal/syscall/unix
> internal/syscall/execenv
> time
> regexp
> context
> io/fs
> internal/poll
> os
> internal/fmtsort
> encoding/binary
> encoding/base64
> golang.org/x/sys/unix
> fmt
> path/filepath
> encoding/hex
> flag
> github.com/pkg/errors
> github.com/pmezard/go-difflib/difflib
> runtime/debug
> runtime/trace
> encoding/json
> github.com/davecgh/go-spew/spew
> testing
> github.com/smartystreets/goconvey/convey/reporting
> github.com/powerman/check
>dh_auto_test -O--builddirectory=_build -O--buildsystem=golang
>   cd _build && go test -vet=off -v -p 8 github.com/powerman/check
> === RUN   TestDump
> --- PASS: TestDump (0.00s)
> === RUN   TestFormat
> --- PASS: TestFormat (0.00s)
> === RUN   TestCaller
> --- PASS: TestCaller (0.00s)
> === RUN   TestTODO
> --- PASS: TestTODO (0.00s)
> === RUN   TestMust
> --- PASS: TestMust (0.00s)
> === RUN   TestCheckerShould
> --- PASS: TestCheckerShould (0.00s)
> === RUN   TestCheckerNilTrue
> --- PASS: TestCheckerNilTrue (0.00s)
> === RUN   TestCheckerEqual
> --- PASS: TestCheckerEqual (0.00s)
> === RUN   TestCheckerBytesEqual
> --- PASS: TestCheckerBytesEqual (0.00s)
> === RUN   TestCheckerMatch
> --- PASS: TestCheckerMatch (0.01s)
> === RUN   TestCheckerContains
> --- PASS: TestCheckerContains (0.00s)
> === RUN   TestCheckerHasKey
> --- PASS: TestCheckerHasKey (0.00s)
> === RUN   TestCheckerZero
> --- PASS: TestCheckerZero (0.00s)
> === RUN   TestCheckerLen
> check_test.go:965: 
> Checker:  Panic
> 
> check_test.go:965: 
> Checker:  Len
> Expected: (int) 0
> Actual:   (int) 1
> 
> 
> check_test.go:965: 
> Checker:  Panic
> 
> --- FAIL: TestCheckerLen (0.00s)
> === RUN   TestCheckerOrdered
> === RUN   TestCheckerOrdered/Less
> === PAUSE TestCheckerOrdered/Less
> === RUN   TestCheckerOrdered/Greater
> === PAUSE TestCheckerOrdered/Greater
> === RUN   TestCheckerOrdered/Between
> === PAUSE TestCheckerOrdered/Between
> === CONT  TestCheckerOrdered/Less
> === CONT  TestCheckerOrdered/Between
> === CONT  TestCheckerOrdered/Greater
> --- PASS: TestCheckerOrdered (0.00s)
> --- PASS: TestCheckerOrdered/Greater (0.00s)
> --- PASS: TestCheckerOrdered/Between (0.00s)
> --- PASS: TestCheckerOrdered/Less (0.00s)
> === RUN   TestCheckerApprox
> === RUN   TestCheckerApprox/Delta
> === PAUSE TestCheckerApprox/Delta
> === RUN   TestCheckerApprox/SMAPE
> === PAUSE TestCheckerApprox/SMAPE
> === CONT  TestCheckerApprox/Delta
> === CONT  TestCheckerApprox/SMAPE
> --- PASS: TestCheckerApprox (0.00s)
> --- PASS: TestCheckerApprox/Delta (0.00s)
> --- PASS: TestCheckerApprox/SMAPE 

Bug#1028713: Comment

[Andreas Tille]

Hi,

I've put the test suite line below (and others) into some autopkgtest
and for the moment forced the build time test to pass[1] to get some
package to test.  I've built this and installed salmon as well as
salmon-dbgsym and was running the same test as Dominik via:

cp -a /usr/share/doc/salmon/examples/* .
gdb --args salmon index -t transcripts.fasta -i sample_salmon_quasi_index
(gdb) run
Starting program: /usr/bin/salmon index -t transcripts.fasta -i 
sample_salmon_quasi_index
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
index ["sample_salmon_quasi_index"] did not previously exist  . . . creating it
[2023-02-22 15:10:42.244] [jLog] [warning] The salmon index is being built 
without any decoy sequences.  It is recommended that decoy sequence (either 
computed auxiliary decoy sequence oor the genome of the organism) be provided 
during indexing. Further details can be found at 
https://salmon.readthedocs.io/en/latest/salmon.html#preparing-transcriptome-indices-mapping-bsased-mode.
[2023-02-22 15:10:42.244] [jLog] [info] building index
out : sample_salmon_quasi_index
[2023-02-22 15:10:42.244] [puff::index::jointLog] [info] Running fixFasta
[New Thread 0x757ff6c0 (LWP 2115402)]

[Step 1 of 4] : counting k-mers
[Thread 0x757ff6c0 (LWP 2115402) exited]

[2023-02-22 15:10:42.248] [puff::index::jointLog] [info] Replaced 0 non-ATCG 
nucleotides
[2023-02-22 15:10:42.248] [puff::index::jointLog] [info] Clipped poly-A tails 
from 0 transcripts
wrote 15 cleaned references

Thread 1 "salmon" received signal SIGSEGV, Segmentation fault.
rapidjson::PrettyWriter, 
rapidjson::UTF8, rapidjson::UTF8, rapidjson::CrtAllocator, 
2u>::StartObject (this=0x7fff8168) at 
/usr/include/rapidjson/prettywriter.h:113
113 new (Base::level_stack_.template Push()) 
typename Base::Level(false);
(gdb) bt 20
#0  rapidjson::PrettyWriter, 
rapidjson::UTF8, rapidjson::UTF8, rapidjson::CrtAllocator, 
2u>::StartObject (this=0x7fff8168)
at /usr/include/rapidjson/prettywriter.h:113
#1  cereal::JSONOutputArchive::writeName (this=0x7fff8030) at 
/usr/include/cereal/archives/json.hpp:347
#2  0x55b04428 in cereal::prologue (ar=...) at 
./external/pufferfish/include/cereal/archives/json.hpp:891
#3  cereal::OutputArchive::process 
(head=@0x7fff7d55: false, this=0x7fff8030) at 
./external/pufferfish/include/cereal/cereal.hpp:416
#4  cereal::OutputArchive::operator() 
(this=) at ./external/pufferfish/include/cereal/cereal.hpp:311
#5  cereal::save (t=..., ar=...) at 
./external/pufferfish/include/cereal/archives/json.hpp:944
#6  cereal::OutputArchive::processImpl, 
(cereal::traits::detail::sfinae)0> (t=..., this=)
at ./external/pufferfish/include/cereal/cereal.hpp:505
#7  cereal::OutputArchive::process > (head=..., this=) at 
./external/pufferfish/include/cereal/cereal.hpp:417
#8  cereal::OutputArchive::operator() > (this=0x7fff8030) at 
./external/pufferfish/include/cereal/cereal.hpp:311
#9  fixFasta (parser=0x76076800, decoyNames=..., keepDuplicates=false, 
k=31, sepStr=" \t", expect_transcriptome=true, noclip_polya=false, iomutex=..., 
log=std::shared_ptr (use count 4, weak count 0) = {...}, 
outFile="sample_salmon_quasi_index/ref_k31_fixed.fa", 
refIdExtensions=std::vector of length 15, capacity 15 = {...}, 
shortRefs=std::vector of length 0, capacity 0) at 
./external/pufferfish/src/FixFasta.cpp:456  o
#10 0x55b08195 in fixFastaMain (args=std::vector of length 7, capacity 
8 = {...}, refIdExtension=std::vector of length 15, capacity 15 = {...},
  s
shortRefs=std::vector of length 0, capacity 0, 
log=std::shared_ptr (use count 4, weak count 0) = {...}, 
hasFeatures=hasFeatures@entry=false)
at ./external/pufferfish/src/FixFasta.cpp:686
#11 0x55a8a510 in pufferfishIndex (indexOpts=...) at 
./external/pufferfish/src/PufferfishIndexer.cpp:432
#12 0x5566399e in SalmonIndex::buildPuffIndex_ (idxOpt=..., 
indexDir=..., this=0x7603e280) at ./include/SalmonIndex.hpp:111
#13 SalmonIndex::build (idxOpt=..., indexDir=..., this=0x7603e280) at 
./include/SalmonIndex.hpp:76
#14 salmonIndex (argc=, argv=) at 
./src/BuildSalmonIndex.cpp:247
#15 0x555fe9a0 in std::function 
>&)>::operator()(int, char const**, std::unique_ptr >&) const 
(__args#2=std::unique_ptr = {...}, __args#1=, 
__args#0=, this=0x7604e1a8)
at /usr/include/c++/12/bits/std_function.h:591
#16 main (argc=, argv=0x7fffde98) at ./src/Salmon.cpp:267


The traceback with the latest Pufferfish is different before

   ./include/SalmonIndex.hpp:111

Interestingly the old pufferfish (used by Dominik) triggers failures in
spdlog while the updated pufferfish above triggers the problem in
rapidjson.


I now tried to check the original upstream tarball, have built it via

> cmake -DCONDA_BUILD=1 -DFETCHED_RAPMAP=1 -DBZIP2_LIBRARIES=-lbz2 
> 

Bug#1029261: marked as done (dm-writeboost-dkms: module fails to build for Linux 6.1: error: ‘struct dm_io_request’ has no member named ‘bi_op’)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 15:19:35 +
with message-id 
and subject line Bug#1029261: fixed in dm-writeboost 2.2.16-0.1
has caused the Debian Bug report #1029261,
regarding dm-writeboost-dkms: module fails to build for Linux 6.1: error: 
‘struct dm_io_request’ has no member named ‘bi_op’
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1029261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029261
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dm-writeboost-dkms
Version: 2.2.15-1
Severity: serious

Hi,

https://salsa.debian.org/debian/dm-writeboost/-/jobs/3824126

E: dm-writeboost/2.2.15 failed to build for 6.1.0-2-amd64
== /var/lib/dkms/dm-writeboost/2.2.15/build/make.log ==
DKMS make.log for dm-writeboost-2.2.15 for kernel 6.1.0-2-amd64 (x86_64)
Fri Jan 20 11:23:17 UTC 2023
make -C /lib/modules/6.1.0-2-amd64/build 
M=/var/lib/dkms/dm-writeboost/2.2.15/build modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-2-amd64'
make -f /usr/src/linux-headers-6.1.0-2-common/scripts/Makefile.build 
obj=/var/lib/dkms/dm-writeboost/2.2.15/build need-builtin=1 need-modorder=1
  printf '%s
'   dm-writeboost-target.o dm-writeboost-metadata.o dm-writeboost-daemon.o | 
awk '!x[$0]++ { print("/var/lib/dkms/dm-writeboost/2.2.15/build/"$0) }' > 
/var/lib/dkms/dm-writeboost/2.2.15/build/dm-writeboost.mod
   gcc-12 
-Wp,-MMD,/var/lib/dkms/dm-writeboost/2.2.15/build/.dm-writeboost-target.o.d 
-nostdinc -I/usr/src/linux-headers-6.1.0-2-common/arch/x86/include 
-I./arch/x86/include/generated -I/usr/src/linux-headers-6.1.0-2-common/include 
-I./include -I/usr/src/linux-headers-6.1.0-2-common/arch/x86/include/uapi 
-I./arch/x86/include/generated/uapi 
-I/usr/src/linux-headers-6.1.0-2-common/include/uapi -I./include/generated/uapi 
-include /usr/src/linux-headers-6.1.0-2-common/include/linux/compiler-version.h 
-include /usr/src/linux-headers-6.1.0-2-common/include/linux/kconfig.h -include 
/usr/src/linux-headers-6.1.0-2-common/include/linux/compiler_types.h 
-D__KERNEL__ -fmacro-prefix-map=/usr/src/linux-headers-6.1.0-2-common/= -Wall 
-Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing 
-fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration 
-Werror=implicit-int -Werror=return-type -Wno-format-security -std=gnu11 
-mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=none -m64 
-falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 
-mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone 
-mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables 
-mindirect-branch=thunk-extern -mindirect-branch-register 
-mindirect-branch-cs-prefix -mfunction-return=thunk-extern -fno-jump-tables 
-mharden-sls=all -fno-delete-null-pointer-checks -Wno-frame-address 
-Wno-format-truncation -Wno-format-overflow -Wno-address-of-packed-member -O2 
-fno-allow-store-data-races -Wframe-larger-than=2048 -fstack-protector-strong 
-Wno-main -Wno-unused-but-set-variable -Wno-unused-const-variable 
-Wno-dangling-pointer -ftrivial-auto-var-init=zero -fno-stack-clash-protection 
-pg -mrecord-mcount -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement 
-Wvla -Wno-pointer-sign -Wcast-function-type -Wno-stringop-truncation 
-Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -Wno-array-bounds 
-Wno-alloc-size-larger-than -Wimplicit-fallthrough=5 -fno-strict-overflow 
-fno-stack-check -fconserve-stack -Werror=date-time 
-Werror=incompatible-pointer-types -Werror=designated-init 
-Wno-packed-not-aligned -g  -DMODULE  
-DKBUILD_BASENAME='"dm_writeboost_target"' -DKBUILD_MODNAME='"dm_writeboost"' 
-D__KBUILD_MODNAME=kmod_dm_writeboost -c -o 
/var/lib/dkms/dm-writeboost/2.2.15/build/dm-writeboost-target.o 
/var/lib/dkms/dm-writeboost/2.2.15/build/dm-writeboost-target.c   ; 
./tools/objtool/objtool --hacks=jump_label --hacks=noinstr --orc --retpoline 
--rethunk --sls --static-call --uaccess   --module 
/var/lib/dkms/dm-writeboost/2.2.15/build/dm-writeboost-target.o
   gcc-12 
-Wp,-MMD,/var/lib/dkms/dm-writeboost/2.2.15/build/.dm-writeboost-metadata.o.d 
-nostdinc -I/usr/src/linux-headers-6.1.0-2-common/arch/x86/include 
-I./arch/x86/include/generated -I/usr/src/linux-headers-6.1.0-2-common/include 
-I./include -I/usr/src/linux-headers-6.1.0-2-common/arch/x86/include/uapi 
-I./arch/x86/include/generated/uapi 
-I/usr/src/linux-headers-6.1.0-2-common/include/uapi -I./include/generated/uapi 
-include /usr/src/linux-headers-6.1.0-2-common/include/linux/compiler-version.h 
-include 

Bug#1027870: marked as done (dm-writeboost: please switch to B-D: dh-sequence-dkms (or dh-dkms))

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 15:19:35 +
with message-id 
and subject line Bug#1027870: fixed in dm-writeboost 2.2.16-0.1
has caused the Debian Bug report #1027870,
regarding dm-writeboost: please switch to B-D: dh-sequence-dkms (or dh-dkms)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1027870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027870
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dm-writeboost
Version: 2.2.15-1
Severity: important

Hi,

please switch the Build-Depends of your package from `dkms` to `dh-dkms`
or (preferrably) `dh-sequence-dkms`.
With the latter you can also drop the `--with dkms` argument to `dh`.

Please consider adding
  Testsuite: autopkgtest-pkg-dkms
to the source stanza in debian/control s.t. the module gets build-tested
against any new kernel version in the archive and breakage is noticed
quickly.

If you have questions or need help for disabling the module build on
unsupported architectures/configurations (that may be exposed when
enabling the autopkgtest), don't hesitate to contact me.


Thanks

Andreas
--- End Message ---
--- Begin Message ---
Source: dm-writeboost
Source-Version: 2.2.16-0.1
Done: Andreas Beckmann 

We believe that the bug you reported is fixed in the latest version of
dm-writeboost, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1027...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated dm-writeboost package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 17 Feb 2023 15:13:34 +0100
Source: dm-writeboost
Architecture: source
Version: 2.2.16-0.1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov 
Changed-By: Andreas Beckmann 
Closes: 1027870 1029261
Changes:
 dm-writeboost (2.2.16-0.1) unstable; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
   * New upstream release [February 2023]. (Closes: #1029261)
   * Switch to dh-sequence-dkms. (Closes: #1027870)
   * Declare Testsuite: autopkgtest-pkg-dkms.
   * Do not use deprecated dkms feature REMAKE_INITRD.
   * Update watch file.
 .
   [ Dmitry Smirnov ]
   * updated copyright years
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Repository-Browse.
   * Update standards version to 4.6.2, no changes needed.
Checksums-Sha1:
 39c5a38885d3aad5f67cb6c18570074497483657 2048 dm-writeboost_2.2.16-0.1.dsc
 9187cbbea01e39d305c0a57b73b5047a23040cad 39527 dm-writeboost_2.2.16.orig.tar.gz
 caae047004e226f3a160084098524b35b61873a1 4220 
dm-writeboost_2.2.16-0.1.debian.tar.xz
 86dba7622e40521941e0859ba657cda23712a148 5557 
dm-writeboost_2.2.16-0.1_source.buildinfo
Checksums-Sha256:
 5afa75ab86312ef8a2e537c406cc31c0b1b7c2ba2f9650230702999f2572f4be 2048 
dm-writeboost_2.2.16-0.1.dsc
 f806ca9a46a79b19c8807e4e3247f6f571fede5d84a30e4b7959473923e495c4 39527 
dm-writeboost_2.2.16.orig.tar.gz
 f032bc0c6ef9f3471a32b76b0e2f7bc506d7bd64add41478eb99d9f0490d9d01 4220 
dm-writeboost_2.2.16-0.1.debian.tar.xz
 91eb7b3c13941700398a07b71b8248b7f681b89a420dc032c113943d1e5a3c33 5557 
dm-writeboost_2.2.16-0.1_source.buildinfo
Files:
 dbb1d00896557765c7e74ac987221d93 2048 kernel optional 
dm-writeboost_2.2.16-0.1.dsc
 897aa56b4146587ec35e47160d5f6f26 39527 kernel optional 
dm-writeboost_2.2.16.orig.tar.gz
 6ee4076196249ffabd92e78c063867d1 4220 kernel optional 
dm-writeboost_2.2.16-0.1.debian.tar.xz
 ea099aead53d1ad8c7afff8c0d8538a1 5557 kernel optional 
dm-writeboost_2.2.16-0.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmPvjPoQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNwQD/sFMumf2wBnQR8MmFh7bgr6O+iIVTJv3vrP
clco3jHnk/leVTJ6eqTSWvLCDKbZHU4KWybFiM3STekMtC7fVDDhhr3IiOUuK2nh
S/DyY8oJanO7pQQU49RfTXvl6cMsuvYoTUG1OyocadlVjJ2/Pe6cxGE+vv5cjSrV
8S56s8V3qPtw9ZQtj3D6fG8LiPyFVcdCKIrIaKK7tsA4T7k0ghhY6ASN+AV1vNbs
GR+GMaYEKeHicnBWEqMUDjDJ3YbUml6lGPntQ0Z++VzY6zdmiMciu2d4+R8SKrPH
hzFvuO5DQ1a5u1nv9TR9d7RXQbuF17sLCTqIykC5+meKC6VOQb2uTMeLG1iTisNq
NOzGS6ERzYljDhVsybcLb7oZihjyncUrBId6PV9n0U9tNvEk6+rSiBFl3LXaSj79
Lhq4hInrqjJQjHwYFIhf8z9nS6GtKmy0uDSInza/ykMlkvmW+rplsGp7vX/wmood

Bug#1031368: CVE-2023-0662

[Salvatore Bonaccorso]

Hi,

[no need to ask on multiple channels please]

On Wed, Feb 22, 2023 at 08:48:00AM +, Daniel Ruf wrote:
> According to the CPE and CVE description, only PHP 8 is affected by 
> CVE-2023-0662, correct?
> 
> https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv
> 
> But https://security-tracker.debian.org/tracker/CVE-2023-0662 says, that also 
> PHP 7.4 is vulnerable.
> Can you confirm or deny, that versions before PHP 8.0 are vulnerable / 
> affected by this specific CVE?
> [https://opengraph.githubassets.com/d24af7af12472e0f81d37ac06d175244ffc6bd1397f783c25fbb4a32a8f5d745/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv]
> DoS vulnerability when parsing multipart request 
> body
> ### Summary The request body parsing in PHP allows any unauthenticated 
> attacker to consume a large amount of CPU time and trigger excessive logging. 
> ### Details The multipart body parser...
> github.com

You have to inspect the code to confirm or deny. Upstream PHP does not
support anymore older versions, so they will not mention likely if
earlier versions are affected as well.

Hope this helps,

Regards,
Salvatore

Bug#1028728: marked as done (deap: FTBFS: AssertionError: CMA algorithm did not converged properly.)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 14:37:46 +
with message-id 
and subject line Bug#1028728: fixed in deap 1.3.1-4
has caused the Debian Bug report #1028728,
regarding deap: FTBFS: AssertionError: CMA algorithm did not converged properly.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1028728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: deap
Version: 1.3.1-3
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230113 ftbfs-bookworm

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> make[2]: Entering directory '/<>/doc'
> PYTHONPATH=/<>/../ sphinx-build -b html -d _build/doctrees   . 
> _build/html   
> Running Sphinx v5.3.0
> Matplotlib created a temporary config/cache directory at 
> /tmp/matplotlib-8zp2ay5m because the default path 
> (/sbuild-nonexistent/.config/matplotlib) is not a writable directory; it is 
> highly recommended to set the MPLCONFIGDIR environment variable to a writable 
> directory, in particular to speed up the import of Matplotlib and to better 
> support multiprocessing.
> making output directory... done
> WARNING: favicon file 'deap_orange_icon_32.ico' does not exist
> loading intersphinx inventory from http://docs.python.org/objects.inv...
> loading intersphinx inventory from 
> http://docs.scipy.org/doc/numpy/objects.inv...
> WARNING: failed to reach any of the inventories with the following issues:
> intersphinx inventory 'http://docs.scipy.org/doc/numpy/objects.inv' not 
> fetchable due to : 
> HTTPConnectionPool(host='127.0.0.1', port=9): Max retries exceeded with url: 
> http://docs.scipy.org/doc/numpy/objects.inv (Caused by ProxyError('Cannot 
> connect to proxy.', NewConnectionError(' object at 0x7f0e663ebfd0>: Failed to establish a new connection: [Errno 111] 
> Connection refused')))
> WARNING: failed to reach any of the inventories with the following issues:
> intersphinx inventory 'http://docs.python.org/objects.inv' not fetchable due 
> to : 
> HTTPConnectionPool(host='127.0.0.1', port=9): Max retries exceeded with url: 
> http://docs.python.org/objects.inv (Caused by ProxyError('Cannot connect to 
> proxy.', NewConnectionError(' 0x7f0e66394d10>: Failed to establish a new connection: [Errno 111] Connection 
> refused')))
> WARNING: extlinks: Sphinx-6.0 will require a caption string to contain 
> exactly one '%s' and all other '%' need to be escaped as '%%'.
> building [mo]: targets for 0 po files that are out of date
> building [html]: targets for 43 source files that are out of date
> updating environment: [new config] 43 added, 0 changed, 0 removed
> reading sources... [  2%] about
> reading sources... [  4%] api/algo
> reading sources... [  6%] api/base
> reading sources... [  9%] api/benchmarks
> reading sources... [ 11%] api/creator
> reading sources... [ 13%] api/gp
> reading sources... [ 16%] api/index
> reading sources... [ 18%] api/tools
> reading sources... [ 20%] contributing
> reading sources... [ 23%] examples/bipop_cmaes
> reading sources... [ 25%] examples/cmaes
> reading sources... [ 27%] examples/cmaes_plotting
> reading sources... [ 30%] examples/coev_coop
> reading sources... [ 32%] examples/eda
> reading sources... [ 34%] examples/es_fctmin
> reading sources... [ 37%] examples/es_onefifth
> reading sources... [ 39%] examples/ga_knapsack
> reading sources... [ 41%] examples/ga_onemax
> reading sources... [ 44%] examples/ga_onemax_numpy
> reading sources... [ 46%] examples/ga_onemax_short
> reading sources... [ 48%] examples/gp_ant
> reading sources... [ 51%] examples/gp_multiplexer
> reading sources... [ 53%] examples/gp_parity
> reading sources... [ 55%] examples/gp_spambase
> reading sources... [ 58%] examples/gp_symbreg
> reading sources... [ 60%] examples/index
> reading sources... [ 62%] examples/nsga3
> reading sources... [ 65%] examples/pso_basic
> reading sources... [ 67%] examples/pso_multiswarm
> reading sources... [ 69%] index
> reading sources... [ 72%] installation
> reading sources... [ 74%] overview
> reading sources... [ 76%] porting
> reading sources... [ 79%] releases
> reading sources... [ 81%] tutorials/advanced/benchmarking
> reading sources... [ 83%] tutorials/advanced/checkpoint
> reading sources... [ 86%] tutorials/advanced/constraints
> reading sources... [ 88%] tutorials/advanced/gp
> reading sources... [ 90%] tutorials/advanced/numpy
> reading sources... [ 93%] tutorials/basic/part1
> reading sources... [ 

Bug#1029668: confirmed

[Hans-Christoph Steiner]

I'm having the same problem on bookworm, for me, I'm using the default eog 
viewer.  There is a new upstream version of libheif available (v1.15.1), there 
is still time to upload that to bookworm.  I'm a DD and I could do an NMU if 
that is helpful

Bug#1031759: Thank you for contacting us.

[Apple Support]

Thank you for contacting us.
 

We’ve received your support request and will get back to you in one to two 
business days. Your case number is 3001473176.

For additional information on development-related topics, visit:
https://developer.apple.com/support/

Best regards, 

Apple Developer Program Support


Copyright (c) 2023 Apple Inc. All rights reserved.

Contact Us
https://developer.apple.com/contact/

Developer
https://developer.apple.com/

My Apple ID
https://appleid.apple.com

Privacy Policy
https://www.apple.com/privacy/

Processed: bug 1031744 is forwarded to https://github.com/fangfufu/httpdirfs/issues/113

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 1031744 https://github.com/fangfufu/httpdirfs/issues/113
Bug #1031744 [httpdirfs] httpdirfs: usage of ubsan might introduce 
vulnerabilities
Set Bug forwarded-to-address to 
'https://github.com/fangfufu/httpdirfs/issues/113'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031744: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031744
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: python3-dateutil: python_dateutil get_zonefile_instance functionality is broken (no zoneinfo found)

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 internal 'getzoneinfofile_stream' method emits a warning message
Bug #1003044 [python3-dateutil] python3-dateutil: python_dateutil 
get_zonefile_instance functionality is broken (no zoneinfo found)
Changed Bug title to 'internal 'getzoneinfofile_stream' method emits a warning 
message' from 'python3-dateutil: python_dateutil get_zonefile_instance 
functionality is broken (no zoneinfo found)'.
> forwarded -1 https://github.com/dateutil/dateutil/issues/903
Bug #1003044 [python3-dateutil] internal 'getzoneinfofile_stream' method emits 
a warning message
Set Bug forwarded-to-address to 
'https://github.com/dateutil/dateutil/issues/903'.
> tags -1 moreinfo
Bug #1003044 [python3-dateutil] internal 'getzoneinfofile_stream' method emits 
a warning message
Ignoring request to alter tags of bug #1003044 to the same tags previously set

-- 
1003044: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003044
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1003044: python3-dateutil: python_dateutil get_zonefile_instance functionality is broken (no zoneinfo found)

[James Addison]

Package: python3-dateutil
Followup-For: Bug #1003044
X-Debbugs-Cc: michael.pfu...@sartorius.com
Control: retitle -1 internal 'getzoneinfofile_stream' method emits a warning 
message
Control: forwarded -1 https://github.com/dateutil/dateutil/issues/903
Control: tags -1 moreinfo

On Tue, 21 Feb 2023 22:27:53 +0100, Felix wrote:
> I'm inclined to just ship the bundled timezone database with the package:

That may not be an option for us (at least without more work to find and
package the sources of the relevant zoneinfo database): tz data content was
removed from src:python-dateutil (the source of this package) to resolve
previous bug #665894, relating to dfsg-compatibility.

If the licensing status of the database in the upstream source has become
dfsg-compatible, then my mistake and perhaps we can go ahead and bundle it.
But that is not clear to me at the moment.

On Sun, 29 Jan 2023 15:41:10 +0100, Felix wrote:
>> How exactly does this break matplotlib?

On Tue, 21 Feb 2023 14:46:01 -0500, morph wrote:
> it produces output on stderr, which many tools consider it an error
> and fails build.

Michael or morph: can you provide a link or supporting details to justify the
severity of this bug (currently: grave[1])?

[1] - https://www.debian.org/Bugs/Developer#severities

Bug#1031759: marked as done (autopkg tests fail with python3.11)

[Debian Bug Tracking System]

Your message dated Wed, 22 Feb 2023 11:36:28 +
with message-id 
and subject line Bug#1031759: fixed in spyder 5.4.2+ds-4
has caused the Debian Bug report #1031759,
regarding autopkg tests fail with python3.11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1031759: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031759
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: src:spyder
Version: 5.4.2+ds-2
Severity: serious
Tags: sid bullseye

the autopkg tests fail with python3.11:

[...]
autopkgtest [03:30:32]: test pytest-mainwindow: [---
Testing with python3.11:
error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.

If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.

If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.

See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation 
or OS distribution provider. You can override this, at the risk of breaking your 
Python installation or OS, by passing --break-system-packages.

hint: See PEP 668 for the detailed specification.
autopkgtest [03:30:32]: test pytest-mainwindow: ---]
autopkgtest [03:30:32]: test pytest-mainwindow:  - - - - - - - - - - results - - 
- - - - - - - -

pytest-mainwindowFLAKY non-zero exit status 1
autopkgtest [03:30:32]: test pytest-ipythonconsole: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up autopkgtest-satdep (0) ...
(Reading database ... 66303 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest [03:30:35]: test pytest-ipythonconsole: [---
Testing with python3.11:
error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.

If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.

If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.

See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation 
or OS distribution provider. You can override this, at the risk of breaking your 
Python installation or OS, by passing --break-system-packages.

hint: See PEP 668 for the detailed specification.
autopkgtest [03:30:36]: test pytest-ipythonconsole: ---]
autopkgtest [03:30:36]: test pytest-ipythonconsole:  - - - - - - - - - - results 
- - - - - - - - - -

pytest-ipythonconsole FLAKY non-zero exit status 1
autopkgtest [03:30:36]:  summary
pytest-rest  FAIL non-zero exit status 1
pytest-mainwindowFLAKY non-zero exit status 1
pytest-ipythonconsole FLAKY non-zero exit status 1
--- End Message ---
--- Begin Message ---
Source: spyder
Source-Version: 5.4.2+ds-4
Done: Julian Gilbey 

We believe that the bug you reported is fixed in the latest version of
spyder, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1031...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Gilbey  (supplier of updated spyder package)

(This 

Processed: tagging 1008654, tagging 983719, tagging 1031762, fixed 1028515 in 3.5.2-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1008654 - bullseye
Bug #1008654 {Done: Andreas Beckmann } [nvidia-modprobe] 
nvidia-modprobe version in bullseye-backports behind the stable update version
Removed tag(s) bullseye.
> tags 983719 + sid bookworm
Bug #983719 [esptool] Package is severely outdated
Added tag(s) sid and bookworm.
> tags 1031762 + buster
Bug #1031762 [python3-cryptography] Dies with "Object is not writable."
Added tag(s) buster.
> fixed 1028515 3.5.2-1
Bug #1028515 {Done: Dimitri John Ledkov } 
[src:accel-config] accel-config: please make the build reproducible
Marked as fixed in versions accel-config/3.5.2-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1008654: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008654
1028515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028515
1031762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031762
983719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983719
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031765: ganeti-testsuite: autopkgtest failure with procps 2:4.0.3-1

[Adrian Bunk]

Package: ganeti-testsuite
Version: 3.0.2-2
Severity: serious
X-Debbugs-Cc: Craig Small 
Control: affects -1 src:ganeti src:procps

https://ci.debian.net/data/autopkgtest/testing/amd64/g/ganeti/31550017/log.gz

...
==
ERROR: testRequestUnusedUid (__main__.TestUidPool.testRequestUnusedUid)
--
Traceback (most recent call last):
  File "/usr/share/ganeti/testsuite/test/py/ganeti.uidpool_unittest.py", line 
111, in testRequestUnusedUid
uid = uidpool.RequestUnusedUid(set([-1]))
  ^^^
  File "/usr/share/ganeti/default/ganeti/uidpool.py", line 327, in 
RequestUnusedUid
if _IsUidUsed(uid):
   ^^^
  File "/usr/share/ganeti/default/ganeti/uidpool.py", line 208, in _IsUidUsed
raise errors.CommandError("Running pgrep failed. exit code: %s"
ganeti.errors.CommandError: Running pgrep failed. exit code: 2

--
Ran 4 tests in 0.014s

FAILED (errors=1)
...
autopkgtest [06:34:00]:  summary
unittestsFAIL non-zero exit status 1
vcluster-qa  PASS



# Check with a single, known unused user-id
#
# We use "-1" here, which is not a valid user-id, so it's
# guaranteed that it's unused.
uid = uidpool.RequestUnusedUid(set([-1]))
self.assertEqualValues(uid.GetUid(), -1)


"pgrep -u -1" is now rejected by procps.

Processed: ganeti-testsuite: autopkgtest failure with procps 2:4.0.3-1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:ganeti src:procps
Bug #1031765 [ganeti-testsuite] ganeti-testsuite: autopkgtest failure with 
procps 2:4.0.3-1
Added indication that 1031765 affects src:ganeti and src:procps

-- 
1031765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031765
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: severity of 1031415 is normal

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1031415 normal
Bug #1031415 [fai] e2fsprogs: generates filesystems that grub-install doesn't 
recognize
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1031415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1031368: CVE-2023-0662

[Daniel Ruf]

According to the CPE and CVE description, only PHP 8 is affected by 
CVE-2023-0662, correct?

https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv

But https://security-tracker.debian.org/tracker/CVE-2023-0662 says, that also 
PHP 7.4 is vulnerable.
Can you confirm or deny, that versions before PHP 8.0 are vulnerable / affected 
by this specific CVE?
[https://opengraph.githubassets.com/d24af7af12472e0f81d37ac06d175244ffc6bd1397f783c25fbb4a32a8f5d745/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv]
DoS vulnerability when parsing multipart request 
body
### Summary The request body parsing in PHP allows any unauthenticated attacker 
to consume a large amount of CPU time and trigger excessive logging. ### 
Details The multipart body parser...
github.com

Processed (with 1 error): python3-motor bug severity change

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 1031763 grave
Bug #1031763 [python3-motor] python3-motor asyncio broken with python3.11
Severity set to 'grave' from 'important'
> The information contained in this electronic mail is confidential information 
> intended only for the use of the individual(s) or entity(s) named. If the 
> reader of the message is not the addressee (or authorized to receive for the 
> addressee), you are hereby notified that any dissemination, distribution or 
> copying of this communication is strictly prohibited. If you have received 
> this communication in error, please immediately notify the sender by reply 
> e-mail and/or by telephone and destroy the original message.
Unknown command or malformed arguments to command.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1031763: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031763
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1016597: Pinking this bug to give binoculars the opportunity to reach testing before autoremoval

[Adrian Bunk]

cu
Adrian

Bug#1031762: Dies with "Object is not writable."

[Klaus Ethgen]

Package: python3-cryptography
Version: 2.6.1-3+deb10u3
Severity: grave

After updating python3-cryptography from 2.6.1-3+deb10u2 to
2.6.1-3+deb10u3, I get the following error from ansible:
Unexpected failure during module execution.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", 
line 106, in run
item_results = self._run_loop(items)
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", 
line 343, in _run_loop
res = self._execute(variables=task_vars)
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", 
line 612, in _execute
result = self._handler.run(task_vars=variables)
  File "/etc/ansible/plugins/mitogen/ansible_mitogen/mixins.py", line 121, 
in run
return super(ActionModuleMixin, self).run(tmp, task_vars)
  File 
"/usr/lib/python3/dist-packages/ansible/plugins/action/include_vars.py", line 
131, in run
self._load_files(self.source_file)
  File 
"/usr/lib/python3/dist-packages/ansible/plugins/action/include_vars.py", line 
236, in _load_files
b_data, show_content = self._loader._get_file_contents(filename)
  File "/usr/lib/python3/dist-packages/ansible/parsing/dataloader.py", line 
170, in _get_file_contents
return self._decrypt_if_vault_data(data, b_file_name)
  File "/usr/lib/python3/dist-packages/ansible/parsing/dataloader.py", line 
140, in _decrypt_if_vault_data
b_data = self._vault.decrypt(b_vault_data, filename=b_file_name)
  File "/usr/lib/python3/dist-packages/ansible/parsing/vault/__init__.py", 
line 661, in decrypt
plaintext, vault_id, vault_secret = 
self.decrypt_and_get_vault_id(vaulttext, filename=filename)
  File "/usr/lib/python3/dist-packages/ansible/parsing/vault/__init__.py", 
line 739, in decrypt_and_get_vault_id
b_plaintext = this_cipher.decrypt(b_vaulttext, vault_secret)
  File "/usr/lib/python3/dist-packages/ansible/parsing/vault/__init__.py", 
line 1361, in decrypt
b_plaintext = cls._decrypt_cryptography(b_ciphertext, b_crypted_hmac, 
b_key1, b_key2, b_iv)
  File "/usr/lib/python3/dist-packages/ansible/parsing/vault/__init__.py", 
line 1295, in _decrypt_cryptography
decryptor.update(b_ciphertext) + decryptor.finalize()
  File 
"/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/ciphers/base.py",
 line 149, in update
return self._ctx.update(data)
  File 
"/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py",
 line 124, in update
n = self.update_into(data, buf)
  File 
"/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py",
 line 140, in update_into
self._backend._ffi.from_buffer(data, require_writable=True), len(data)
BufferError: Object is not writable.

This renders the package unusable.
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature

Processed: More info needed on the RC bug you opened

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 1030658 +moreinfo
Bug #1030658 [zeal] fail to retrieve docset info: TLS initialization failed 
(caused by unresolved OpenSSL symbols)
Added tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1030658: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030658
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1030658: More info needed on the RC bug you opened

[Martin Quinson]

tag 1030658 +moreinfo
thanks

Hello Damyan,

sorry for not noticing this bug before, I thought I was subscribed to the
package.

It looks like a missing dependency to me. Could you please give me the output
of `ldd /usr/bin/zeal` ?

I tried to dig a bit to understand what's going wrong, but the runtime
dependencies of the package are auto-generated as they should, and the
resulting binary package seem to have the correct dependencies.

Could you also please try to install libssl3 manually to see whether it helps?

Thanks for reporting,
Mt



signature.asc
Description: This is a digitally signed message part