Bug#1033170: libitext-rups-java: Does not work at all

[Jorge Moraleda]

Hello Tony,

I propose that we either reduce the severity, ignore the bug for the
> bookworm release cycle, or remove only the libitext-rups-java binary
> package from bookworm.
>
Thank you. I believe the appropriate action is #3 (remove libitext-rups-java
binary
package from bookworm) because it is useless as it stands.

 Two other comments for the record
(1) An apt list libitext*
reveals
libitext-java/testing,unstable,testing,now 2.1.7-13 all
[installed,automatic]
libitext-rtf-java/testing,unstable,testing 2.1.7-13 all
libitext-rups-java/testing,unstable,testing 2.1.7-13 all
libitext1-java/testing,unstable,testing 1.4-7 all
libitext5-java/testing,unstable,testing 5.5.13.3-2 all

I am not familiar with libitext, so I don't know if we really need to
maintain multiple versions of it in the repo. From the comments on the
ubuntu bug report. It appears that versions 1 and 2 are hopelessly updated,
but I do see that there are indeep packages that depend on the older
versions.


(2) If there is a maintainer for libitext-rups-java I would suggest they
upgrade to use at least libitext5-java and then reupload to
experimental. (Version
5 is not so old, but upstream is already at 7).

On Sun, Mar 19, 2023 at 8:50 PM tony mancill  wrote:

> On Sat, Mar 18, 2023 at 05:42:12PM -0400, Jorge Moraleda wrote:
> > Package: libitext-rups-java
> > Version: 2.1.7-13
> > Severity: grave
> > Justification: renders package unusable
> > X-Debbugs-Cc: jorge.moral...@gmail.com
> >
> > Dear Maintainer,
> >
> > The package does not work at all. Based on the following Ubuntu bug
> report it
> > appears the version packaged is too old to work:
> > https://bugs.launchpad.net/ubuntu/+source/libitext-java/+bug/802021
>
> Hi Jorge,
>
> Thanks for filing the bug.  You don't describe the desired behavior, but
> when I run "java -jar /usr/share/java/itext-rups.jar" I don't get a GUI
> for PDF manipulation, so there is definitely something broken there.
>
> By filing a severity grave [0] bug against this binary package you have
> created a release-critical bug that also affects libitext-java [1],
> which has almost 3 installs [2] and impacts multiple reverse
> dependencies.  And we're in the midst of the freeze for the bookwork
> release [3].
>
> I propose that we either reduce the severity, ignore the bug for the
> bookworm release cycle, or remove only the libitext-rups-java binary
> package from bookworm.
>
> Thank you,
> tony
>
> [0] https://www.debian.org/Bugs/Developer#severities
> [1] https://tracker.debian.org/pkg/libitext-java
> [2] https://qa.debian.org/popcon.php?package=libitext-java
> [3] https://release.debian.org/bookworm/freeze_policy.html
>

Bug#1033170: libitext-rups-java: Does not work at all

[tony mancill]

On Sat, Mar 18, 2023 at 05:42:12PM -0400, Jorge Moraleda wrote:
> Package: libitext-rups-java
> Version: 2.1.7-13
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: jorge.moral...@gmail.com
> 
> Dear Maintainer,
> 
> The package does not work at all. Based on the following Ubuntu bug report it
> appears the version packaged is too old to work:
> https://bugs.launchpad.net/ubuntu/+source/libitext-java/+bug/802021

Hi Jorge,

Thanks for filing the bug.  You don't describe the desired behavior, but
when I run "java -jar /usr/share/java/itext-rups.jar" I don't get a GUI
for PDF manipulation, so there is definitely something broken there.

By filing a severity grave [0] bug against this binary package you have
created a release-critical bug that also affects libitext-java [1],
which has almost 3 installs [2] and impacts multiple reverse
dependencies.  And we're in the midst of the freeze for the bookwork
release [3].

I propose that we either reduce the severity, ignore the bug for the
bookworm release cycle, or remove only the libitext-rups-java binary
package from bookworm.

Thank you,
tony

[0] https://www.debian.org/Bugs/Developer#severities
[1] https://tracker.debian.org/pkg/libitext-java
[2] https://qa.debian.org/popcon.php?package=libitext-java
[3] https://release.debian.org/bookworm/freeze_policy.html


signature.asc
Description: PGP signature

Bug#971783: marked as pending in mate-media

[Maxime G.]

Hi.

Issue reproduced today on Debian Bookworm testing, the 
mate-volume-control-status-icon crash randomly.
mate-volume-control-status-icon --version
mate-volume-control-status-icon 1.26.0

Backtrace with gdb:

$ gdb mate-volume-control-status-icon 
GNU gdb (Debian 13.1-2) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mate-volume-control-status-icon...
(No debugging symbols found in mate-volume-control-status-icon)
(gdb) r
Starting program: /usr/bin/mate-volume-control-status-icon 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7597f6c0 (LWP 26963)]
[New Thread 0x7517e6c0 (LWP 26964)]
[New Thread 0x7fffe6c0 (LWP 26965)]
[Thread 0x7fffe6c0 (LWP 26965) exited]
[New Thread 0x7fffe6c0 (LWP 26966)]
[New Thread 0x7fffef7fe6c0 (LWP 26967)]
[Thread 0x7fffe6c0 (LWP 26966) exited]
[Thread 0x7fffef7fe6c0 (LWP 26967) exited]
[New Thread 0x7fffef7fe6c0 (LWP 26968)]
[New Thread 0x7fffe6c0 (LWP 26969)]
[Thread 0x7fffef7fe6c0 (LWP 26968) exited]
[Thread 0x7fffe6c0 (LWP 26969) exited]
[Detaching after fork from child process 26970]
[New Thread 0x7fffe6c0 (LWP 26972)]
[New Thread 0x7fffef7fe6c0 (LWP 26973)]
[Thread 0x7fffef7fe6c0 (LWP 26973) exited]
[Thread 0x7fffe6c0 (LWP 26972) exited]
[New Thread 0x7fffe6c0 (LWP 29620)]
[New Thread 0x7fffef7fe6c0 (LWP 29621)]
[Thread 0x7fffe6c0 (LWP 29620) exited]
[Thread 0x7fffef7fe6c0 (LWP 29621) exited]
[New Thread 0x7fffef7fe6c0 (LWP 29622)]
[New Thread 0x7fffe6c0 (LWP 29623)]
[Thread 0x7fffef7fe6c0 (LWP 29622) exited]
[Thread 0x7fffe6c0 (LWP 29623) exited]
[New Thread 0x7fffe6c0 (LWP 29624)]
[New Thread 0x7fffef7fe6c0 (LWP 29625)]
[Thread 0x7fffe6c0 (LWP 29624) exited]
[Thread 0x7fffef7fe6c0 (LWP 29625) exited]
[New Thread 0x7fffef7fe6c0 (LWP 29626)]
[New Thread 0x7fffe6c0 (LWP 29627)]
[Thread 0x7fffef7fe6c0 (LWP 29626) exited]
[Thread 0x7fffe6c0 (LWP 29627) exited]
[New Thread 0x7fffe6c0 (LWP 34349)]

(mate-volume-control-status-icon:26960): Gtk-WARNING **: 18:58:02.738: Calling 
gtk_widget_realize() on a widget that isn't inside a toplevel window is not 
going to work very well. Widgets must be inside a toplevel container before 
realizing them.

(mate-volume-control-status-icon:26960): GLib-GObject-CRITICAL **: 
18:58:02.738: g_object_ref: assertion 'G_IS_OBJECT (object)' failed

(mate-volume-control-status-icon:26960): Gdk-CRITICAL **: 18:58:02.738: 
gdk_window_get_scale_factor: assertion 'GDK_IS_WINDOW (window)' failed
**
Gtk:ERROR:../../../gtk/gtkwidget.c:5875:gtk_widget_get_frame_clock: assertion 
failed: (window != NULL)
Bail out! Gtk:ERROR:../../../gtk/gtkwidget.c:5875:gtk_widget_get_frame_clock: 
assertion failed: (window != NULL)

Thread 1 "mate-volume-con" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=, signo=signo@entry=6, 
no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
44  ./nptl/pthread_kill.c: Aucun fichier ou dossier de ce type.
(gdb) 
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) n
Program not restarted.
(gdb) bt
#0  __pthread_kill_implementation (threadid=, 
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1  0x7702ad2f in __pthread_kill_internal (signo=6, threadid=) at ./nptl/pthread_kill.c:78
#2  0x76fdbef2 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/posix/raise.c:26
#3  0x76fc6472 in __GI_abort () at ./stdlib/abort.c:79
#4  0x7719eec8 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x771fee1a in g_assertion_message_expr () at 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x77969d56 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#7  0x77978a6f in gtk_widget_realize () at 
/lib/x86_64-linux-gnu/libgtk-3.so.0
#8  0x77978c68 in gtk_widget_map () at 
/lib/x86_64-linux-gnu/libgtk-3.so.0
#9  0x776ccf80 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#10 0x7771ee5f in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#11 0x772cf4e0 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x772e8bbf in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x772e8dbf in g_signal_emit () at 

Bug#1033210: cairomm FTBFS with nocheck profile: missing boost test

[Helmut Grohne]

Source: cairomm
Version: 1.14.4-2
Severity: serious
Tags: ftbfs trixie sid

cairomm fails to build from source when built with the nocheck build
profile, because the Boost Test dependency is annotated , but
actually required. Such build failures are considered release critical
in trixie and later. This is not an rc bug in bookworm and earlier.

Helmut

Bug#1033039: marked as done (kde-config-flatpak: settings page "flatpak | permissions" is not populated)

[Debian Bug Tracking System]

Your message dated Sun, 19 Mar 2023 20:34:24 +
with message-id 
and subject line Bug#1033039: fixed in flatpak-kcm 5.27.2-2
has caused the Debian Bug report #1033039,
regarding kde-config-flatpak: settings page "flatpak | permissions" is not 
populated
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033039
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kde-config-flatpak
Version: 5.27.2-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: logisti...@yahoo.com

Dear Maintainer,

after installing kde-config-flatpak the flatpak settings page is shown in KDE
system settings and all installed flatpak apps are listed correctly. But when I
click on any application, the "permissions" area of the window is not
populated. There remains a line in the permissions' section saying "select an
application from the list to view its permissions here".

I do not see any missing package dependencies that might cause this issue.
Setting to "grave" since this renders the package unusable.


-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages kde-config-flatpak depends on:
ii  libc6   2.36-8
ii  libflatpak0 1.14.3-1
ii  libglib2.0-02.74.6-1
ii  libkf5configcore5   5.103.0-1
ii  libkf5coreaddons5   5.103.0-1
ii  libkf5i18n5 5.103.0-1
ii  libkf5quickaddons5  5.103.0-1
ii  libqt5core5a5.15.8+dfsg-3
ii  libqt5qml5  5.15.8+dfsg-3
ii  libstdc++6  12.2.0-14
ii  systemsettings  4:5.27.2-1

kde-config-flatpak recommends no packages.

kde-config-flatpak suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flatpak-kcm
Source-Version: 5.27.2-2
Done: Patrick Franz 

We believe that the bug you reported is fixed in the latest version of
flatpak-kcm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Franz  (supplier of updated flatpak-kcm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Mar 2023 21:15:52 +0100
Source: flatpak-kcm
Architecture: source
Version: 5.27.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Patrick Franz 
Closes: 1033039
Changes:
 flatpak-kcm (5.27.2-2) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Backport commit to populate list of permissions for applications
 (Closes: #1033039).
   * Add myself as uploader.
Checksums-Sha1:
 e2f739caac0b57026c86ed217e75b90bcedb50bf 2643 flatpak-kcm_5.27.2-2.dsc
 066137bc3a22211687d9f1a2c737af727fd0212d 11008 
flatpak-kcm_5.27.2-2.debian.tar.xz
 5688e2e652a3e26108f5f39c89943be8254188e0 11939 
flatpak-kcm_5.27.2-2_source.buildinfo
Checksums-Sha256:
 2882d2f981384078448b84f2781bc59186edf914575d3a926d339171c5026e21 2643 
flatpak-kcm_5.27.2-2.dsc
 cbd20e68494f1e8419ad2248ecfecaa8d1a257a3045d5591beb5b46edfcec8dd 11008 
flatpak-kcm_5.27.2-2.debian.tar.xz
 d58f1facd8c85d62a8dc087cf9b5636b7b40a468f7e6ee65b6061b5e05bf115d 11939 
flatpak-kcm_5.27.2-2_source.buildinfo
Files:
 908f80b15b5b72c3a133ff13bf53881c 2643 kde optional flatpak-kcm_5.27.2-2.dsc
 d2bde8673dc74b107926e11734bdcc07 11008 kde optional 
flatpak-kcm_5.27.2-2.debian.tar.xz
 f1a43b28f87f2ca377b63a671e1e95ce 11939 kde optional 
flatpak-kcm_5.27.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEYodBXDR68cxZHu3Knp96YDB3/lYFAmQXbeMACgkQnp96YDB3
/laejRAAvE0hNqJ4t+0nN7mYvfwga3cGQQv2bDnDRa8RY/JLT8D8VP5d1Jcum1H9

Bug#1033167: usrmerge: messes with /etc/shells

[Helmut Grohne]

Hi Marco,

On Sun, Mar 19, 2023 at 03:01:20AM +0100, Marco d'Itri wrote:
> It is expected that /etc/shells can be edited by system administrators, 
> I have been doing that forever in my career as a professional system 
> administrator and until now I was not even aware of these programs from 
> debianutils.

That applies to configuration files in general, right? However,
configuration files have an owner from a packaging point of view.

> Hence my reasoning that having convert-etc-shells modify the file would 
> not be harmful, and so far I am not aware of any practical problem that 
> this has ever caused.

If convert-etc-shells were some administrative tool not to be run by
maintainer scripts, that would actually be correct.

> I also see that you wrote update-shells in 2021, but convert-etc-shells 
> was added to usrmerge in 2016.

update-shells is an attempt at fixing long-standing bugs in add-shell
and remove-shell. Prior to update-shells, those were the canonical tools
to modify /etc/shells by packages and except for usrmerge, everyone else
used those interfaces. Of course, those interfaces are not up to the
task posed by usrmerge, so using them wasn't really an option. However,
cooperating with debianutils would have been.

> Right. But both update-shells and usr-is-merged are new to bookworm, and 
> I remember that having the /usr/ paths in /etc/shells is not usually 
> needed, so this explains why nobody has reported actual problems so far.

Yeah, it popped up as a reproducibility issue now.

> (Also, would you mind moving /var/lib/shells.state to /var/lib/misc/?)

Thank you for suggesting this. I agree that that choice of path is
better. When opening that can of worms, I would like to figure out
whether there are even better places.

update-shells is meant to be run by maintainer scripts only. If an
administrator were to run it without changes to shells.d, the expected
behaviour is noop. Thus, I am wondering whether something below /usr
would be a better choice wrt. hermetic /usr. I think the major question
here is what should happen if /etc/shells is deleted. If it should be
populated with shells by update-shells, then its state file also needs
to be deleted. This would be a reason for the location in /var, which
would likekly be discarded together with /etc. If however, we see
update-shells purely as a packaging tool, then something below /usr
could be better (in a similar vein as we consider moving the dpkg
database to /usr). Would you be able to help with finding an answer to
this question?

Then I wonder what severity that change in location should bear. Is it
something we want to do during freeze? Is it worth the effort or more
like a time travel fix? In any case, I think this is a separate issue.
Would you clone it if you care deeply enough?

I also noticed one other flaw in my proposal: Running convert-etc-shells
as part of update-shells would cause /usr variants of shells to be
re-added after having been removed by administrators. So the
convert-etc-shells should be a one time conversion action instead and
only happen on the first run of update-shells after a /usr-merge. I
think this can be achieved by adding a flag-value to shells.state.

I've prepared an update for debianutils and tested it in the following
cases:
 * Installation on a pre-merged chroot -> /usr/bin/sh is added to
   /etc/shells.
 * Installation on a chroot merged by usrmerge -> no difference
 * Installation on an unmerged system. Manual merge without
   convert-etc-shells. Manual update-shells. -> Looks the same as after
   convert-etc-shells.

Does anyone see any bugs?

Helmut
diff --minimal -Nru debianutils-5.7/debian/changelog 
debianutils-5.7/debian/changelog
--- debianutils-5.7/debian/changelog2022-11-02 17:31:14.0 +0100
+++ debianutils-5.7/debian/changelog2023-03-19 15:00:09.0 +0100
@@ -1,3 +1,10 @@
+debianutils (5.7-0.5) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Absorb usrmerge's convert-etc-shells into update-shells.
+
+ -- Helmut Grohne   Sun, 19 Mar 2023 15:00:09 +0100
+
 debianutils (5.7-0.4) unstable; urgency=medium
 
   * Non-maintainer upload
diff --minimal -Nru debianutils-5.7/debian/patches/absorb-convert-etc-shells 
debianutils-5.7/debian/patches/absorb-convert-etc-shells
--- debianutils-5.7/debian/patches/absorb-convert-etc-shells1970-01-01 
01:00:00.0 +0100
+++ debianutils-5.7/debian/patches/absorb-convert-etc-shells2023-03-19 
15:00:09.0 +0100
@@ -0,0 +1,112 @@
+Absorb the script convert-etc-shells from usrmerge to obtain reproducible
+behaviour. usrmerge will stop running convert-etc-shells and instead trigger
+the shells update in debianutils.
+
+--- a/update-shells
 b/update-shells
+@@ -1,11 +1,15 @@
+ #!/bin/sh
+ # SPDX-License-Identifier: GPL-2.0-or-later
+ # Copyright 2021 Helmut Grohne 
+-
++#
+ # A "hashset" is a shell variable containing a sequence of elements separated
+ # and surrounded by hash (#) characters. None 

Bug#1032915: marked as done (guile-gnutls: missing Breaks+Replaces: gnutls-doc (<< 3.7.11))

[Debian Bug Tracking System]

Your message dated Sun, 19 Mar 2023 17:49:14 +
with message-id 
and subject line Bug#1032915: fixed in guile-gnutls 3.7.11-2
has caused the Debian Bug report #1032915,
regarding guile-gnutls: missing Breaks+Replaces: gnutls-doc (<< 3.7.11)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1032915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: guile-gnutls
Version: 3.7.11-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.
This error may also be triggered by having a predecessor package from
'sid' installed while installing the package from 'experimental'.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#overwriting-files-and-replacing-packages-replaces

>From the attached log (scroll to the bottom...):

  Preparing to unpack .../guile-gnutls_3.7.11-1_amd64.deb ...
  Unpacking guile-gnutls (3.7.11-1) ...
  dpkg: error processing archive 
/var/cache/apt/archives/guile-gnutls_3.7.11-1_amd64.deb (--unpack):
   trying to overwrite '/usr/share/info/gnutls-guile.info.gz', which is also in 
package gnutls-doc 3.7.9-1
  Errors were encountered while processing:
   /var/cache/apt/archives/guile-gnutls_3.7.11-1_amd64.deb

The existing B+R: gnutls-doc (<< 3.7.9-0) are no longer sufficient since
sid got a newer src:gnutls28 upstream release that still builds bin:guile-gnutls
The (<< 3.7.11) is a guess and may need to be bumped in case sid gets
another new src:gnutls28 upstream release.

cheers,

Andreas
--- End Message ---
--- Begin Message ---
Source: guile-gnutls
Source-Version: 3.7.11-2
Done: Andreas Metzler 

We believe that the bug you reported is fixed in the latest version of
guile-gnutls, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1032...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler  (supplier of updated guile-gnutls package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Mar 2023 18:28:10 +0100
Source: guile-gnutls
Architecture: source
Version: 3.7.11-2
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuTLS Maintainers 
Changed-By: Andreas Metzler 
Closes: 1032915
Changes:
 guile-gnutls (3.7.11-2) experimental; urgency=medium
 .
   * Bump Breaks/replaces. Closes: #1032915
Checksums-Sha1: 
 0c1ad784e49e65d08bcffc028b524ea4d4f23c1f 2299 guile-gnutls_3.7.11-2.dsc
 c990778879c3a687e55c21156f2bdbbcf76e92f3 4804 
guile-gnutls_3.7.11-2.debian.tar.xz
Checksums-Sha256: 
 d16090bfc4006c9e0db46b56edad5946e2056500337d04b09d33bf4b7d2ea9f3 2299 
guile-gnutls_3.7.11-2.dsc
 73315b6cb5e631fac06b0d18d49427fe0dfd134cd660d4c902f38d9711dedba3 4804 
guile-gnutls_3.7.11-2.debian.tar.xz
Files: 
 c8c12aaae61ca8411dfd66317b5ffc70 2299 libs optional guile-gnutls_3.7.11-2.dsc
 f3b4cf676efb7e21d6a453aba641bf1b 4804 libs optional 
guile-gnutls_3.7.11-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmQXR7IACgkQpU8BhUOC
FIRuvw/7Bv3WGufA/3uqMFxAvZSbYYZ4EJCMlp2CBZNR9VRUvFx8ogM5ir/BvOo5
BX5wFA3lIvSFrGldPwY4H9xkzz+qHlrZjdf3ekI5/zS9ICqj/JDwERqN1fs57DrZ
Akcszatv1sLqPy/A7p/YiijEW9HrVlZnjXHKhM5xudABM4nT6VRQnw6rA+3avCdl
JyiXSAKj/3OjnndjEQPuHmnntBbtZMvfJY+HSL7dUpZ/eLJHpaJXeBqUjd0jB+Zy
2ymVAoyHj99DIVMWY6sqM+i7O51xnoKOx0PJKwQ6ugPxvOSRpxDIkAqUWpG8vRaz
Hpmtsv5wTd+nMM6e5Mw2NxuKjMvxGoM8uzwRVS/M1RpEtiTMuchn8w4IIzshwlZ6
nZ9B5jJYw337bGbL1umpTMo86MmQnXsAPVysjeCqOoB/5jTU04SbwYSIrvWnDDCQ
GdEzT8ctlLV1DaWWhkigQfxec4owct6aUEb2FqFe++ko4hEMyFdhV73U9aaYghFb
I3BoSD8Ru5yyKOXdTDh9uMMIejVUreATezvkSZ31LX2cbV6QqjhDIlff4bANntLb
yloBFMB9Q8vOzXjF19wJfeV6TzMlKAOXE4TUt685y8wyIVbhoY1XDRxBAsAaYasZ
PBknrcGAaRGvNhweqxyCYnjB4Rmxg1u2gjVIn/leAcKtl9On8vY=
=D8HD
-END PGP SIGNATURE End Message ---

Bug#1032104: linux: ppc64el iouring corrupted read

[Salvatore Bonaccorso]

Hi,

On Sat, Mar 18, 2023 at 11:19:29PM -0700, Otto Kekäläinen wrote:
> Any updates on this one?
> 
> I am still seeing the main.index_merge_innodb failure in
> https://buildd.debian.org/status/fetch.php?pkg=mariadb=ppc64el=1%3A10.11.2-2%7Eexp1=1678728871=0
> and rebuild 
> https://buildd.debian.org/status/fetch.php?pkg=mariadb=ppc64el=1%3A10.11.2-2%7Eexp1=1679174850=0.
> 
> Logs show: Kernel: Linux 5.10.0-21-powerpc64le #1 SMP Debian
> 5.10.162-1 (2023-01-21) ppc64el (ppc64le)

Remember that with the 5.10.162 upstream version the io_uring code was
rebased to the 5.15-stable one. So it is likely, and it maches the
verison ranges, that the regression was introduced with this
particular changes. Ideally someone with access to the given
architecture, can verify that the issue is gone with the current
5.10.175 upstream (where there were several followup fixes, in
particular e.g. a similar one for s390x), and if not, reports the
problem to upstream.

Paul Gevers asked if the issues are gone as well with 6.1.12-1
(or later 6.1.y series versions, which will land in bookworm). That
would be valuable information to know as well to exclude we do not
have the issue as well in bookworm.

Regards,
Salvatore

Bug#1030595: dkms autoinstall fails if headers are not available but a module could be built

[Andreas Beckmann]

On 18/03/2023 18.02, Paul Gevers wrote:
I'm trying to understand this bug and what it means for the bookworm 
release. How bad do you judge this issue to be? Is there any solution in 
sight?


I haven't fully understood what's going on there either, but finally 
I've now a fix for an (at least) related issue sent upstream (#1031561, 
BUILD_EXCLUSIVE option errors out on non-matching kernels).


Now I need to check again the related bugs to see which are covered by 
this fix and which need more fixing.


Shouldn't any foobar-dkms (or dkms helpers) depend on linux-headers? Or 
doesn't that work the way linux-headers-* are setup?


There are Recommends in dkms, thats the best we can get. As that needs 
to be a list of alternatives, it's impossible to get "right" for 
everyone. At least dkms tries to suggest the correct package (but 
unfortunately not the corresponding metapackage) if the headers are missing.



Andreas

Bug#1029851: marked as done (ruby-globalid: CVE-2023-22799)

[Debian Bug Tracking System]

Your message dated Sun, 19 Mar 2023 13:04:06 +
with message-id 
and subject line Bug#1029851: fixed in ruby-globalid 0.6.0-2
has caused the Debian Bug report #1029851,
regarding ruby-globalid: CVE-2023-22799
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1029851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-globalid
Version: 0.6.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for ruby-globalid.

CVE-2023-22799[0]:
| Possible ReDoS based DoS vulnerability in GlobalID

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-22799
https://www.cve.org/CVERecord?id=CVE-2023-22799
[1] 
https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
[2] 
https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-globalid
Source-Version: 0.6.0-2
Done: Pirate Praveen 

We believe that the bug you reported is fixed in the latest version of
ruby-globalid, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1029...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pirate Praveen  (supplier of updated ruby-globalid package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Mar 2023 17:58:06 +0530
Source: ruby-globalid
Architecture: source
Version: 0.6.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 

Changed-By: Pirate Praveen 
Closes: 1029851
Changes:
 ruby-globalid (0.6.0-2) unstable; urgency=medium
 .
   * Team Upload
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster (oldstable):
 + Build-Depends: Drop versioned constraint on ruby-activesupport.
 .
   [ Pirate Praveen ]
   * Fix CVE-2023-22799 (Closes: #1029851)
   * Bump Standards-Version to 4.6.2 (no changes needed)
Checksums-Sha1:
 8eb86fc8a4386852f4d92efcea030d834ab83098 2063 ruby-globalid_0.6.0-2.dsc
 7e65e9f4644ceb54afcd880a9feab5abe6cf1a68 4204 
ruby-globalid_0.6.0-2.debian.tar.xz
 d364985a1c84b2d23b167dc9536c957ef8df3f22 10544 
ruby-globalid_0.6.0-2_amd64.buildinfo
Checksums-Sha256:
 92552095517eabdd5c0723cd6b8f25138f7bad13c53b2d0e5aa1e2920649e559 2063 
ruby-globalid_0.6.0-2.dsc
 5cf7912fac429ccdcb8fd60e1d6ce7a7247865d2cd9f35966076fca456185000 4204 
ruby-globalid_0.6.0-2.debian.tar.xz
 0f4ac6b0a1400719da5d27e6c728b8b0e93943fef1c771e697d423c31494fa3b 10544 
ruby-globalid_0.6.0-2_amd64.buildinfo
Files:
 3c6d71fe19b6a31ab95ef3b06bf55a02 2063 ruby optional ruby-globalid_0.6.0-2.dsc
 c094bf4b6a3d7d10d51b4ade6e135259 4204 ruby optional 
ruby-globalid_0.6.0-2.debian.tar.xz
 325c41520f3bb49d782b54592f6354e9 10544 ruby optional 
ruby-globalid_0.6.0-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE0whj4mAg5UP0cZqDj1PgGTspS3UFAmQXAqcACgkQj1PgGTsp
S3UxnhAAsEZNp7quBs/AelFyMM7efTX/nII0Zei7ldndB6Aze4Ep8J7iSNcjp66d
Pkb/LaI1Dy6eVKGVcwrH2aY+IfmtwKwBJBMyfpnYo8zGibxzIrVqWkcLh8WbQyl+
SVseBAcpzmETW5HSWnTFXyVolYkxFZ8V+HxVPVPNheXCSCPlQDBU7Gvs698w2hwB
RXGUcYg88bl1hzdDxhqqsFR6fGzrCfEuPhGAkkvXHV7J7/hrMg2YbkFPP5NAGFhd
RVqwPkB6BH6RzRuWb4/Tz41EqcCqmvjXlRncCV/TNPCFAptTvp0jNUeO7pb3deIQ
kAwWiL9NIYX/Kb9p2ej3Nus9OzhwnJLtMi/BFzcyoIbVEHpR1mpMDXlYiNmZeot4
J16OO8mkG/y91no/L34NSwxn1wAP4V7YkL8GbDcp4gBbue43NAas74JyvczIEksn
I4KD5nBsPWIn89gYW5qfyljNxnsGWsZhRQWrxtblVyzpEMuSRPabZYNmq+4HHJVo
JfdBigpPYWdia+1v8pTWSfHD1+5fBtPhvfnzW1Ulo/eFaGRjHQUaakAweTsPFoPz
gxN8OHIhCnja280ejoTZC10d7V85FIJ9t4qUXS8OoXCtZgzZO0i+UXCivuAQRxKk
9mRgpbPXyFun1F9/3OOAXW3Q6u29/uPaNDK4DI7YmHLRI8ludY8=
=v9bj
-END PGP SIGNATURE End Message ---

Processed: Bug#1029851 marked as pending in ruby-globalid

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1029851 [src:ruby-globalid] ruby-globalid: CVE-2023-22799
Ignoring request to alter tags of bug #1029851 to the same tags previously set

-- 
1029851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1029851: marked as pending in ruby-globalid

[Praveen Arimbrathodiyil]

Control: tag -1 pending

Hello,

Bug #1029851 in ruby-globalid reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/ruby-globalid/-/commit/c3eff264772d745dbce5bab8ca88112ab2107699


Fix CVE-2023-22799 (Closes: #1029851)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1029851

Processed: Bug#1029851 marked as pending in ruby-globalid

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1029851 [src:ruby-globalid] ruby-globalid: CVE-2023-22799
Added tag(s) pending.

-- 
1029851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029851
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1029851: marked as pending in ruby-globalid

[Praveen Arimbrathodiyil]

Control: tag -1 pending

Hello,

Bug #1029851 in ruby-globalid reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/ruby-globalid/-/commit/c3eff264772d745dbce5bab8ca88112ab2107699


Fix CVE-2023-22799 (Closes: #1029851)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1029851

Processed: Re: psi-plus segfaults

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #1032655 [psi-plus] psi-plus segfaults
Severity set to 'important' from 'grave'
> tag -1 moreinfo
Bug #1032655 [psi-plus] psi-plus segfaults
Added tag(s) moreinfo.

-- 
1032655: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032655
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1032655: psi-plus segfaults

[Martin]

Control: severity -1 important
Control: tag -1 moreinfo

As Stefan, I get warnings, but no crash on Debian 12 bookworm.

Bug#1032104: linux: ppc64el iouring corrupted read

[Otto Kekäläinen]

Any updates on this one?

I am still seeing the main.index_merge_innodb failure in
https://buildd.debian.org/status/fetch.php?pkg=mariadb=ppc64el=1%3A10.11.2-2%7Eexp1=1678728871=0
and rebuild 
https://buildd.debian.org/status/fetch.php?pkg=mariadb=ppc64el=1%3A10.11.2-2%7Eexp1=1679174850=0.

Logs show: Kernel: Linux 5.10.0-21-powerpc64le #1 SMP Debian
5.10.162-1 (2023-01-21) ppc64el (ppc64le)