Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello Étienne, > py7zr was ready for upload to Debian. py7zr 0.21 is now split-out all architecture-dependent binary module to external python modules. And py7zr target architecture is changed to "all". I think we send RM request to Debian release team to drop old architecture-dependent packages. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello Étienne, py7zr was ready for upload to Debian. Please examine salsa repository and upload to Debian if it looks well. https://salsa.debian.org/python-team/packages/py7zr -- YOKOTA Hiroshi
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, > In case you might become Debian Maintainer we could grant you > upload permissions for the packages you are maintaining. Thank you. I want upload permissions to maintain this package. -- YOKOTA Hiroshi
Bug#1068314: python-inflate64_1.0.0+ds-1_amd64.changes REJECTED
Hello, > please also mention Ma Lin in your debian/copyright. I was updated Debian salsa repository to fix the issue. https://salsa.debian.org/python-team/packages/python-inflate64 Please upload it as Debian package by Debian Python Team because I don't have upload rights. -- YOKOTA Hiroshi
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, Debian pychm was updated. I can't upload the new package because I don't have upload rights. Please upload the new package by someone in debian-python who has upload rights. -- YOKOTA Hiroshi
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
> I am not in a position to assess that for you. You're the maintainer, you > need to be able to vouch for your proposed upload. Upstream dose not have VCS and not provide fix patch, and just releases new version 7-Zip 23.01 as fix. So, I can't guarantee the bug was fixed except new upstream version 23.01. I think we need some Debian Developer provide BPO package 7zip 23.01 to fix this issue. Because I am a Debian Maintainer, I can't provide such BPO package. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, > When writing this I'm wondering whether it might be better to remove > this in Files-Excluded. On one hand this saves us from mentioning the > copyright on the other hand we could be really sure that it is not used. > What do you think - should I override the previous upload without that > code copy? I did not wanted to be too invasive with your packaging > but I would have done so in my packages. Thanks for your suggestion. I was dropped embedded library code from brotlicffi and pyzstd, and push them to salsa.debian.org repository. I was also fix some copyright issues. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, I think these packages are now ready for upload to NEW queue. Please examine them. https://salsa.debian.org/python-team/packages/python-brotlicffi https://salsa.debian.org/python-team/packages/python-inflate64 https://salsa.debian.org/python-team/packages/python-pyppmd https://salsa.debian.org/python-team/packages/python-pyzstd -- YOKOTA Hiroshi
Bug#1065221: Packaging multivolumefile?
Hi Andreas, Thanks a lot for your detailed document. I will try to fixup other packages. PS: If py7zr is done, I will also try package pychm to use for Debian Calibre package. Please sponsor me for pychm package if you have time. > O: pychm -- Python binding for CHMLIB - Python 3 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065222 -- YOKOTA Hiroshi
Bug#1068317: ITP: python-pyzstd -- Facebook's Zstandard (or zstd as short name) algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyzstd Version : 0.15.10 Upstream Contact: Rogdham * URL : https://github.com/Rogdham/pyzstd * License : BSD-3-Clause Programming Lang: Python Description : Facebook's Zstandard (or zstd as short name) algorithm for Python Pyzstd module provides classes and functions for compressing and decompressing data, using Facebook's Zstandard (or zstd as short name) algorithm. The API style is similar to Python's bz2/lzma/zlib modules. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068315: ITP: python-pyppmd -- PPM(Prediction by partial matching) compression algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyppmd Version : 1.1.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pyppmd * License : LGPL-2.1+ Programming Lang: Python Description : PPM(Prediction by partial matching) compression algorithm for Python pyppmd module provides classes and functions for compressing and decompressing text data, using PPM(Prediction by partial matching) compression algorithm which has several variations of implementations. PPMd is the implementation by Dmitry Shkarin. PyPPMD use Igor Pavlov's range coder introduced in 7-zip. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068314: ITP: python-inflate64 -- Enhanced Deflate compression algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-inflate64 Version : 1.0.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/inflate64 * License : LGPL-2.1+ Programming Lang: Python Description : Enhanced Deflate compression algorithm for Python The inflate64 is a python package to provide Deflater and Inflater class to compress and decompress with Enhanced Deflate compression algorithm. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068313: ITP: python-brotlicffi -- Python CFFI bindings for the reference Brotli encoder/decoder
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-brotlicffi Version : 1.1.0.0 Upstream Contact: Seth Michael Larson * URL : https://github.com/python-hyper/brotlicffi * License : MIT Programming Lang: Python Description : Python CFFI bindings for the reference Brotli encoder/decoder This library contains Python CFFI bindings for the reference Brotli encoder/decoder. This allows Python software to use the Brotli compression algorithm directly from Python code. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068309: ITP: python-bcj -- BCJ(Branch-Call-Jump) filter for python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-bcj Version : 1.0.2 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pybcj * License : LGPL-2.1-or-later Programming Lang: Python Description : BCJ(Branch-Call-Jump) filter for python In data compression, BCJ, short for Branch-Call-Jump, refers to a technique that improves the compression of machine code of executable binaries by replacing relative branch addresses with absolute ones. This allows a LZMA compressor to identify duplicate targets and archive higher compression rate. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068305: ITP: python-multivolumefile -- multiple files-wrapping library for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-multivolumefile Version : 0.2.3 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/multivolume * License : LGPL-2.1+ Programming Lang: Python Description : multiple files-wrapping library for Python MultiVolumefile is a Python library to provide file-object wrapping multiple files as virtually like as a single file. It inherits io.RawIOBase class and supports some of its standard methods. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, I want to maintain pychm because it's required by Debian Calibre package. -- YOKOTA
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, I'm interested in py7zr because it is required by Calibre. New py7zr requires some other modules that not packaged by Debian yet. I make those modules into Debian packages. https://salsa.debian.org/yokota/python-multivolumefile https://salsa.debian.org/yokota/python-bcj https://salsa.debian.org/yokota/python-brotlicffi https://salsa.debian.org/yokota/python-inflate64 https://salsa.debian.org/yokota/python-pyppmd https://salsa.debian.org/yokota/python-pyzstd And here is my py7zr repository. https://salsa.debian.org/yokota/py7zr I am a Debian Maintainer, so I want mentor to upload these packages. -- YOKOTA Hiroshi
Bug#1067715: closed by yokota (Re: Bug#1067715: calibre: doesn't install DeACSM plugin)
Hello, > Please, don't close bugs just because they are fixed upstream, the > fixed-upstream exists exactly for this. I think it's external plugin's bug and not Calibre's bug. But I will keep this bug open as you requested. If you think the bug is fixed, let me know. Or close this bug by yourself. Best regards, -- YOKOTA
Bug#1067715: calibre: doesn't install DeACSM plugin
Hello, José. > oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto This bug was already fixed on DeACSM upstream development code. Try it from DeACSM plugin forum. https://www.mobileread.com/forums/showpost.php?p=4157570=2 https://www.mobileread.com/forums/showthread.php?t=341975 FYI: DeACSM plugin was renamed to ACSMInput plugin. Use "calibre-customize --add-plugin FILE_PATH" to install plugins from local path. https://manual.calibre-ebook.com/generated/en/calibre-customize.html -- YOKOTA
Bug#1067715: calibre: doesn't install DeACSM plugin
Hello, José. I'm not maintain external plugins. So I can't fix plugin codes. But this bug might fix when you installs Debian python3-oscrypto/1.3.0-1+deb12u1 package. https://tracker.debian.org/pkg/oscrypto DeACSM plugin seems to load properly on my Debian Calibre 7.7.0. Here is my technical analysis about this issue. 1. This line shows Python oscrypto code fails to detect OpenSSL version. > raise LibraryNotFoundError('Error detecting the version of libcrypto') > oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto DeACSM plugin includes Python oscrypto module, and use it when required. 2. Current upstream oscrypto release code has some bugs about OpenSSL version detection. OpenSSL has MAJOR.MINOR.PATCHLEVEL version scheme and each section has 1 or more digits. But oscrypto code can only accepts 1 digit for each section. And it fails to detect version numbers. Current Debian OpenSSL version in Debian stable is 3.0.11, and it has 2 degits in PATCHLEVEL. 3. This bug was fixed in oscrypto upstream development codes, but not in release codes. https://github.com/wbond/oscrypto/pull/76 4. This bug was also fixed in Debian bug 1055598. And released as python3-oscrypto/1.3.0-1+deb12u1. Use Debian oscrypto module instead of included oscrypto module might fix the bug. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055598 5. If it went wrong, fix manually oscrypto code in plugin code. The oscrypto code is Zip-ed as oscrypto.zip See previous GitHub pull request for fix. https://github.com/wbond/oscrypto/pull/76 -- YOKOTA
Bug#1065494: libgtk-3-0t64: 64-bit time_t transition breaks gtk+3.0 immodule cache
Package: libgtk-3-0t64 Version: 3.24.41-1.1 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com, vor...@debian.org, debian-de...@lists.debian.org Usertags: time-t Dear Maintainer, libgtk-3-0 package generates cache file /usr/lib/${arch}/gtk-3.0/3.0.0/immodules.cache when installing, and removes this cache file when removing the package. This behavior is good in most cases, but not so good in 64-bit time_t transition. Because this behavior accidentally drops the cache file If the cache file is missing, gtk3 immodules will not works. Reinstall libgtk-3-0t64 package will rebuild the cache file, and immodules works again. libglib2.0-0t64 package had same bug, but fixed. Please checkout there fix. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065022 https://salsa.debian.org/gnome- team/glib/-/commit/55e33e4eb3165e66d9bf0f6598a6a59c9cedda4c -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.7.7-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgtk-3-0t64 depends on: ii adwaita-icon-theme 46~beta-4 ii hicolor-icon-theme 0.17-2 ii libatk-bridge2.0-0t64 2.51.90-2 ii libatk1.0-0t64 2.51.90-2 ii libc6 2.37-15.1 ii libcairo-gobject2 1.18.0-1+b1 ii libcairo2 1.18.0-1+b1 ii libcloudproviders0 0.3.5-1 ii libcolord2 1.4.7-1 ii libcups2t642.4.7-1.2+b1 ii libepoxy0 1.5.10-1+b2 ii libfontconfig1 2.15.0-1 ii libfribidi01.0.13-3+b1 ii libgdk-pixbuf-2.0-02.42.10+dfsg-3+b1 ii libglib2.0-0t642.78.4-3 ii libgtk-3-common3.24.41-1.1 ii libharfbuzz0b 8.3.0-2 ii libpango-1.0-0 1.52.0+ds-1 ii libpangocairo-1.0-01.52.0+ds-1 ii libpangoft2-1.0-0 1.52.0+ds-1 ii libwayland-client0 1.22.0-2.1+b1 ii libwayland-cursor0 1.22.0-2.1+b1 ii libwayland-egl11.22.0-2.1+b1 ii libx11-6 2:1.8.7-1 ii libxcomposite1 1:0.4.5-1 ii libxcursor11:1.2.1-1 ii libxdamage11:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxi6 2:1.8.1-1 ii libxinerama1 2:1.1.4-3 ii libxkbcommon0 1.6.0-1 ii libxrandr2 2:1.5.2-2+b1 ii shared-mime-info 2.4-1 Versions of packages libgtk-3-0t64 recommends: ii libgtk-3-bin 3.24.41-1.1 ii librsvg2-common 2.54.7+dfsg-2 Versions of packages libgtk-3-0t64 suggests: ii gvfs 1.53.90-3 Versions of packages libgtk-3-0t64 is related to: pn appmenu-gtk3-module pn fcitx-frontend-gtk3 pn gcin-gtk3-immodule pn gtk-vector-screenshot pn gtk3-engines-xfce pn gtk3-im-libthai pn hime-gtk3-immodule ii ibus-gtk3 1.5.29-1 pn imhangul-gtk3 ii libcanberra-gtk3-module 0.30-12 pn libcaribou-gtk3-module pn libgtk3-nocsd0 pn maliit-inputcontext-gtk3 pn packagekit-gtk3-module pn scim-gtk-immodule pn topmenu-gtk3 pn uim-gtk3 pn uim-gtk3-immodule -- no debconf information
Bug#1065493: libgtk2.0-0t64: 64-bit time_t transition breaks gtk+2.0 immodule cache
Package: libgtk2.0-0t64 Version: 2.24.33-3.1 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com, vor...@debian.org, debian-de...@lists.debian.org Dear Maintainer, libgtk2.0-0 package generates cache file /usr/lib/${arch}/gtk-2.0/2.10.0/immodules.cache when installing, and removes this cache file when removing the package. This behavior is good in most cases, but not so good in 64-bit time_t transition. Because this behavior accidentally drops the cache file If the cache file is missing, gtk2 immodules will not works. Reinstall libgtk2.0-0t64 package will rebuild the cache file, and immodules works again. libglib2.0-0t64 package had same bug, but fixed. Please checkout there fix. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065022 https://salsa.debian.org/gnome- team/glib/-/commit/55e33e4eb3165e66d9bf0f6598a6a59c9cedda4c -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.7.7-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgtk2.0-0t64 depends on: ii adwaita-icon-theme 46~beta-4 ii gnome-icon-theme 3.12.0-5 ii hicolor-icon-theme 0.17-2 ii libatk1.0-0t64 2.51.90-2 ii libc62.37-15.1 ii libcairo21.18.0-1+b1 ii libcups2t64 2.4.7-1.2+b1 ii libfontconfig1 2.15.0-1 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-3+b1 ii libglib2.0-0t64 2.78.4-3 ii libgtk2.0-common 2.24.33-3.1 ii libpango-1.0-0 1.52.0+ds-1 ii libpangocairo-1.0-0 1.52.0+ds-1 ii libpangoft2-1.0-01.52.0+ds-1 ii libx11-6 2:1.8.7-1 ii libxcomposite1 1:0.4.5-1 ii libxcursor1 1:1.2.1-1 ii libxdamage1 1:1.1.6-1 ii libxext6 2:1.3.4-1+b1 ii libxfixes3 1:6.0.0-2 ii libxi6 2:1.8.1-1 ii libxinerama1 2:1.1.4-3 ii libxrandr2 2:1.5.2-2+b1 ii libxrender1 1:0.9.10-1.1 ii shared-mime-info 2.4-1 Versions of packages libgtk2.0-0t64 recommends: ii libgail-common 2.24.33-3.1 ii libgtk2.0-bin2.24.33-3.1 ii librsvg2-common 2.54.7+dfsg-2 Versions of packages libgtk2.0-0t64 suggests: ii gvfs 1.53.90-3 -- no debconf information
Bug#1063014: unrar-nonfree: NMU diff for 64-bit time_t transition
Dear Steve, > Please find the patch for this NMU attached. The patch was pushed to experimental branch. https://github.com/debian-calibre/unrar-nonfree/tree/experimental -- YOKOTA
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
> + * HTML Input: Dont add resources that exist outside the folder hierarchy > s/Dont/Don't/ > > Please go ahead. Thank you. I was uploaded new package with your fix. -- YOKOTA Hiroshi
Bug#1061485: 7zip: The 7zip-standalone package isn't standalone
Hello, > currently, the 7zip-standalone package has a hard dependency on the > full-featured 7zip package, rendering it quite useless as a "light" > standalone package. This hard dependency is because 7zz requires SFX stub module (/usr/lib/7zip/7zCon.sfx) for SFX archive creation. I will re-consider this issue because SFX is not required in most usage. -- YOKOTA Hiroshi
Bug#1060755: calibre: Cant execute calibre. Error: cannot import name QNetworkProxyFactory from qt.core
Hello, Gabriel Sorry, I can't reproduce this error on my Sid (unstable) machine even I installs Krita. > opening from terminal gives the following log error: Failed to import PyQt module: PyQt6.QtNetwork with error: /lib/x86_64-linux-gnu/libQt6Network.so.6: undefined symbol: _Z12qt_safe_pollP6pollfdmPK8timespec, version Qt_6 It seems PyQt6 fails to load libQt6Network.so.6 because it fails to find "_Z12qt_safe_pollP6pollfdmPK8timespec" symbol. Symbol "_Z12qt_safe_pollP6pollfdmPK8timespec" (version Qt_6) is defined in /lib/x86_64-linux-gnu/libQt6Core.so.6 , so something is wrong in libQt6Core.so.6 . And libQt6Core.so.6 is in "libqt6core6" package. Please try to re-install those libraries to recover this error. You can re-install "libqt6core6" and "libqt6network6" packages with this command. > sudo apt reinstall libqt6core6 libqt6network6 -- YOKOTA
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com, secur...@debian.org Control: affects -1 + src:calibre [ Reason ] Fix CVE-2023-46303. https://security-tracker.debian.org/tracker/CVE-2023-46303 [ Impact ] CVE-2023-46303 is unfixed. [ Tests ] Build time test was passed. [ Risks ] This fix is already applied for Debian 11 backports calibre/5.44.0+dfsg-1~bpo11+2. https://github.com/debian-calibre/calibre/pull/10 [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add upstream fix: https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b [ Other info ] Debian security tracker: https://security-tracker.debian.org/tracker/CVE-2023-46303 Upstream fix: https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b Fix for Debian 11 backports: https://github.com/debian-calibre/calibre/pull/10 diff -Nru calibre-6.13.0+repack/debian/changelog calibre-6.13.0+repack/debian/changelog --- calibre-6.13.0+repack/debian/changelog 2023-10-14 11:48:44.0 +0900 +++ calibre-6.13.0+repack/debian/changelog 2024-01-12 20:16:45.0 +0900 @@ -1,3 +1,11 @@ +calibre (6.13.0+repack-2+deb12u3) bookworm; urgency=medium + + * HTML Input: Dont add resources that exist outside the folder hierarchy +rooted at the parent folder of the input HTML file by default (Fix for +CVE-2023-46303) + + -- YOKOTA Hiroshi Fri, 12 Jan 2024 20:16:45 +0900 + calibre (6.13.0+repack-2+deb12u2) bookworm; urgency=medium * fix crash in Get Books when regenerating UIC files (Closes: #1053899) diff -Nru calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch --- calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch 1970-01-01 09:00:00.0 +0900 +++ calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch 2024-01-12 19:24:57.0 +0900 @@ -0,0 +1,55 @@ +From: Kovid Goyal +Date: Sun, 28 May 2023 14:03:15 +0530 +Subject: HTML Input: Dont add resources that exist outside the folder + hierarchy rooted at the parent folder of the input HTML file by default + +Origin: backport, https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b.patch +Forwarded: not-needed +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-46303 + +Fix for CVE-2023-46303 +--- + src/calibre/ebooks/conversion/plugins/html_input.py | 16 + 1 file changed, 16 insertions(+) + +diff --git a/src/calibre/ebooks/conversion/plugins/html_input.py b/src/calibre/ebooks/conversion/plugins/html_input.py +index ca5b729..eb26b5c 100644 +--- a/src/calibre/ebooks/conversion/plugins/html_input.py b/src/calibre/ebooks/conversion/plugins/html_input.py +@@ -64,6 +64,16 @@ class HTMLInput(InputFormatPlugin): + ) + ), + ++OptionRecommendation(name='allow_local_files_outside_root', ++recommended_value=False, level=OptionRecommendation.LOW, ++help=_('Normally, resources linked to by the HTML file or its children will only be allowed' ++ ' if they are in a sub-folder of the original HTML file. This option allows including' ++ ' local files from any location on your computer. This can be a security risk if you' ++ ' are converting untrusted HTML and expecting to distribute the result of the conversion.' ++) ++), ++ ++ + } + + def convert(self, stream, opts, file_ext, log, +@@ -76,6 +86,7 @@ class HTMLInput(InputFormatPlugin): + if hasattr(stream, 'name'): + basedir = os.path.dirname(stream.name) + fname = os.path.basename(stream.name) ++self.root_dir_of_input = os.path.abspath(basedir) + os.sep + + if file_ext != 'opf': + if opts.dont_package: +@@ -250,6 +261,11 @@ class HTMLInput(InputFormatPlugin): + frag = l.fragment + if not link: + return None, None ++link = os.path.abspath(os.path.realpath(link)) ++if not link.startswith(self.root_dir_of_input): ++if not self.opts.allow_local_files_outside_root: ++self.log.warn('Not adding {} as it is outside the document root: {}'.format(link, self.root_dir_of_input)) ++return None, None + return link, frag + + def resource_adder(self, link_, base=None): diff -Nru calibre-6.13.0+repack/debian/patches/series calibre-6.13.0+repack
Bug#1058096: Test suite issues with new version of python3-antlr4
Hello python3-antlr4 maintainer, Build fix was pushed as merge request. https://salsa.debian.org/python-team/packages/python3-antlr4/-/merge_requests/1 Please examine this merge request. -- YOKOTA Hiroshi
Bug#1058792: Acknowledgement (python3-ironic-lib: Zeroconf API was changed since Zeroconf-0.129.0)
Hello python-ironic-lib maintainer, I was pushed merge request at: https://salsa.debian.org/openstack-team/libs/python-ironic-lib/-/merge_requests/2 -- YOKOTA Hiroshi
Bug#1058792: python3-ironic-lib: Zeroconf API was changed since Zeroconf-0.129.0
Package: python3-ironic-lib Version: 5.5.0-2 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com Dear Maintainer, python3-zeroconf API was changed since zeroconf-0.129.0 and it breaks python3-ironic-lib build time unit test. From Zeroconf Changelog: https://github.com/python-zeroconf/python-zeroconf/blob/master/CHANGELOG.md ## v0.129.0 (2023-12-13) ### Feature * Add decoded_properties method to ServiceInfo ([#1332](https://github.com/python-zeroconf/python-zeroconf/issues/1332)) ([`9b595a1`](https://github.com/python-zeroconf/python- zeroconf/commit/9b595a1dcacf109c699953219d70fe36296c7318)) * Ensure ServiceInfo.properties always returns bytes ([#1333](https://github.com/python-zeroconf/python-zeroconf/issues/1333)) ([`d29553a`](https://github.com/python-zeroconf/python- zeroconf/commit/d29553ab7de6b7af70769ddb804fe2aaf492f320)) ### Technically breaking change * `ServiceInfo.properties` always returns a dictionary with type `dict[bytes, bytes | None]` instead of a mix `str` and `bytes`. It was only possible to get a mixed dictionary if it was manually passed in when `ServiceInfo` was constructed. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-ironic-lib depends on: ii python3 3.11.6-1 ii python3-bcrypt3.2.2-1 ii python3-oslo.concurrency 5.2.0-2 ii python3-oslo.config 1:9.2.0-2 ii python3-oslo.i18n 6.1.0-2 ii python3-oslo.utils6.2.1-2 ii python3-pbr 5.11.1-5 ii python3-tenacity 8.2.1-1 ii python3-webob 1:1.8.6-3 ii python3-zeroconf 0.129.0-1 python3-ironic-lib recommends no packages. python3-ironic-lib suggests no packages. -- no debconf information
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
> Please go ahead. Thank you. Fix was uploaded to FTP server. -- YOKOTA Hiroshi
Bug#1055100: calibre: Installation in Bookworm stable is not possible. Paketdaten sind beschädigt.
Hello Martin, > Entpacken von calibre (6.13.0+repack-2+deb12u1) ... > dpkg-deb (Unterprozess): Dekomprimieren des Archivs > »/var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb« > (Größe=28871284), Element »data.tar«: lzma-Fehler: komprimierte Daten sind > beschädigt > dpkg-deb: Fehler: »«-Unterprozess gab den Fehlerwert 2 zurück > dpkg: Fehler beim Bearbeiten des Archivs > /var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb (--unpack): > »dpkg-deb --fsys-tarfile«-Unterprozess gab den Fehlerwert 2 zurück > Fehler traten auf beim Bearbeiten von: > /var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > Element »data.tar«: lzma-Fehler: komprimierte Daten sind beschädigt >> Element "data.tar": lzma-Error: compressed Data is corrupted It seems your download package file is broken. This is not calibre's fault. Remove broken package file in /var/cache/apt/archives/ and re-install calibre from package manger, or download pacakge file manually from Debian server at https://packages.debian.org/bookworm/calibre and install proper package file. > Versions of packages calibre depends on: > pn calibre-bin You also needs "calibre-bin" pacakge to use calibre. Install calibre-bin package from package manger. Or, you can download it manually from Debian server at https://packages.debian.org/bookworm/calibre-bin -- YOKOTA
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello Jonathan, > The diff you attached is unreviewable: > 979 files changed, 40347 insertions(+), 25060 deletions(-) > Please prepare targetted fixes for the security issues. Upstream dose not release fix patch, but they releases new version (23.01) source code. I was try to extract fix patch from diff file of 22.01..23.01 source code. Trivial autopkgtest was passed, but I don't know that this debdiff really fixes CVE-2023-31102 and CVE-2023-40481. Please examine attached debdiff. diff stat: changelog |8 patches/0009-CVE-2023-40481-fix.patch | 253 ++ patches/0010-CVE-2023-31102-fix.patch | 856 ++ patches/series|2 4 files changed, 1119 insertions(+) -- YOKOTA Hiroshi 7zip_22.01+dfsg-8+deb12u1.debdiff Description: Binary data
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
> It looks like you forgot the debdiff. Oops, sorry. Here is debdeff. -- YOKOTA Hiroshi calibre_6.13.0+repack-2+deb12u2.debdiff Description: Binary data
Bug#1053899: "Get books" not working: TypeError: ResultsView.__init__()
Hello Nicolas, > In current version of Calibre in Bookworm, the "Get books" menu doesn't > work, and give this error when accessing it: Thank you, fix was pushed at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053908 -- YOKOTA Hiroshi
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com Control: affects -1 + src:calibre [ Reason ] Fix Debian bug 1053899 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053899 [ Impact ] "Get books" window not working [ Tests ] Build time test passed. Trivial manual test passed. [ Risks ] Tests are done on Debian unstable, not Debian bookworm. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch "fix crash in Get Books when regenerating UIC files". [ Other info ] Upstream fix: https://github.com/kovidgoyal/calibre/commit/f4fe3f254d3de0dd51722b3b5e08112ae82ebf51
Bug#1050562: bookworm-pu: package unrar-nonfree/1:6.2.6-1+deb12u1
Hello, > Please go ahead. Thank you. I was uploaded new package unrar-nonfree 6.2.6-1+deb12u1 . -- YOKOTA Hiroshi
Bug#1051254: 7zip: [Merge Request] Add development and library package: lib7zip-dev and lib7zip0
Hello, > It's confirmed to work with my package: android-platform-tools > which currently includes a copy of lzma. Your patch breaks existing 7z command. Check formats-7z and benchmark-7z-simple test in autopkgtest result. https://salsa.debian.org/debian/7zip/-/jobs/4656760 In fact, /usr/lib/7zip/7z.so is not a shared library, but big fat plugin for 7z command. So, don't replace 7z.so with lib7zip.so.0 . 7z.so includes some C++ interface for plugin system that not needed for liblzma.so.0 in android-platform-tools. If you really want to 7-Zip LZMA library, try Debian lzma-dev package. But lzma-dev package is quite obsolete because of xz-utils package. https://tracker.debian.org/pkg/lzma /usr/lib/{arch}/android/liblzma.so.0 is exists because the android-platform-tools document says org.apache.commons.compress.archivers.sevenz class requires this native library. https://salsa.debian.org/android-tools-team/android-platform-tools/-/blob/debian/34.0.4-1/development/sdk/sdk_files_NOTICE.txt#L14611 > The files in the package org.apache.commons.compress.archivers.sevenz > were derived from the LZMA SDK, version 9.20 (C/ and CPP/7zip/), > which has been placed in the public domain: > "LZMA SDK is placed in the public domain." (http://www.7-zip.org/sdk.html) But current org.apache.commons.compress.archivers.sevenz class in Debian libcommons-compress-java package uses org.tukaani.xz class in Debian libxz-java package to handle LZMA. So, I think the document is obsolete, and there is no need to install liblzma.so.0 or other native libraries. Try libcommons-compress-java package to list 7z files. 1. Install libxz-java package that not automatically installed. 2. Type in from console: "java -jar /usr/share/java/commons-compress.jar foo.7z" -- YOKOTA Hiroshi
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello, > What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there > some > kind of public upstream VCS or can you ask upstream about it? CVE site is not disclose info about this issue yet, but Zero Day Initiative already disclose this issue. > CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ > CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ In Zero Day Initiative report, they shows the fixes about these issues. > ADDITIONAL DETAILS 7-Zip has issued an update to correct this vulnerability. > More details can be found at: > https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ Updated 7-Zip 23.00beta is released in this sourceforge link. I want to upload 7-Zip 23.01 to Debian because 23.01 is non-beta version. -- YOKOTA Hiroshi
Bug#1050562: bookworm-pu: package unrar-nonfree/1:6.2.6-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: unrar-nonf...@packages.debian.org, t...@security.debian.org, yokota.h...@gmail.com Control: affects -1 + src:unrar-nonfree [ Reason ] To fix CVE-2023-40477. CVE-2023-40477 was fixed in unrar-nonfree 6.2.9-1 that already released for trixie/sid. [ Impact ] If not fixed, it allows remote attackers to execute arbitrary code. [ Tests ] There are no test case for CVE-2023-40477. Debian autopkgtest for normal operation was passed. [ Risks ] There are no test case for CVE-2023-40477. I can't confirm the bug was fixed. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Apply upstream fix in UnRAR 6.2.9 to unrar-nonfree 6.2.6-1 that in bookworm. Debdiff canbe examine from online: https://github.com/debian-calibre/unrar- nonfree/compare/debian/1%256.2.6-1...debian/1%256.2.6-1+deb12u1 [ Other info ] * RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ * WinRAR 6.23 final released https://www.win- rar.com/singlenewsview.html?=0_ttnews%5Btt_news%5D=232=c5bf79590657e32554c6683296a8e8aa diff -Nru unrar-nonfree-6.2.6/debian/changelog unrar-nonfree-6.2.6/debian/changelog --- unrar-nonfree-6.2.6/debian/changelog2023-02-23 12:31:56.0 +0900 +++ unrar-nonfree-6.2.6/debian/changelog2023-08-26 16:27:26.0 +0900 @@ -1,3 +1,9 @@ +unrar-nonfree (1:6.2.6-1+deb12u1) bookworm; urgency=medium + + * Fix CVE-2023-40477 + + -- YOKOTA Hiroshi Sat, 26 Aug 2023 16:27:26 +0900 + unrar-nonfree (1:6.2.6-1) unstable; urgency=medium * New upstream version 6.2.6 diff -Nru unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch --- unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch 1970-01-01 09:00:00.0 +0900 +++ unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch 2023-08-26 16:27:26.0 +0900 @@ -0,0 +1,106 @@ +From: YOKOTA Hiroshi +Date: Fri, 21 Jul 2023 00:33:42 +0900 +Subject: CVE-2023-40477 + +--- + getbits.cpp | 8 + pathfn.cpp | 2 +- + recvol3.cpp | 11 +-- + secpassword.cpp | 8 + 4 files changed, 18 insertions(+), 11 deletions(-) + +diff --git a/getbits.cpp b/getbits.cpp +index 8805f27..5d5ad2b 100644 +--- a/getbits.cpp b/getbits.cpp +@@ -5,11 +5,11 @@ BitInput::BitInput(bool AllocBuffer) + ExternalBuffer=false; + if (AllocBuffer) + { +-// getbits*() attempt to read data from InAddr, ... InAddr+3 positions. +-// So let's allocate 3 additional bytes for situation, when we need to ++// getbits*() attempt to read data from InAddr, ... InAddr+4 positions. ++// So let's allocate 4 additional bytes for situation, when we need to + // read only 1 byte from the last position of buffer and avoid a crash +-// from access to next 3 bytes, which contents we do not need. +-size_t BufSize=MAX_SIZE+3; ++// from access to next 4 bytes, which contents we do not need. ++size_t BufSize=MAX_SIZE+4; + InBuf=new byte[BufSize]; + + // Ensure that we get predictable results when accessing bytes in area +diff --git a/pathfn.cpp b/pathfn.cpp +index 49d16a8..7a54354 100644 +--- a/pathfn.cpp b/pathfn.cpp +@@ -746,7 +746,7 @@ static void GenArcName(wchar *ArcName,size_t MaxSize,const wchar *GenerateMask,u + // Here we ensure that we have enough 'N' characters to fit all digits + // of archive number. We'll replace them by actual number later + // in this function. +- if (NCount255) ++if (P[0]<=0 || P[1]<=0 || P[2]<=0 || P[1]+P[2]>255 || P[0]+P[2]-1>255) + continue; + if (RecVolNumber!=0 && RecVolNumber!=P[1] || FileNumber!=0 && FileNumber!=P[2]) + { +@@ -238,7 +238,14 @@ bool RecVolumes3::Restore(CommandData *Cmd,const wchar *Name,bool Silent) + wcsncpyz(PrevName,CurName,ASIZE(PrevName)); + File *NewFile=new File; + NewFile->TOpen(CurName); +-SrcFile[FileNumber+P[0]-1]=NewFile; ++ ++// This check is redundant taking into account P[I]>255 and P[0]+P[2]-1>255 ++// checks above. Still we keep it here for better clarity and security. ++int SrcPos=FileNumber+P[0]-1; ++if (SrcPos<0 || SrcPos>=ASIZE(SrcFile)) ++ continue; ++SrcFile[SrcPos]=NewFile; ++ + FoundRecVolumes++; + + if (RecFileSize==0) +diff --git a/secpassword.cpp b/secpassword.cpp +index 42ed47d..08da549 100644 +--- a/secpassword.cpp b/secpassword.cpp +@@ -70,7 +70,7 @@ void SecPassword::Clean() + { + PasswordSet=false; + if (Password.size()>0) +-cleandata([0],Password.si
Bug#1050118: 7zip-standalone/experimental: undeclared file conflict with 7zip/bookworm+trixie+unstable
Hello, Helmut > 7zip-standalone and 7zip both ship /usr/bin/7zip, but they do not > declare any Conflicts, Replaces or diversions to alleviate that > situation. As a consequence, an unpack error may result when attempting > to install both. > > Given the changelog entry saying "split", I think you meant to move > files between packages. In this case, please ensure that you set both > Breaks and Replaces. 7zip and 7zip-standalone dose not provides /usr/bin/7zip. They provides: 7zip: 7z, 7za, 7zr, p7zip 7zip-standalone: 7zz And 7zip-standalone requires "7zip (= ${binary:Version})" and 7zip breaks/conflicts/replaces "p7zip (<= 16.02+dfsg-8)". I think it works at least on my machine. Current package control file is here: https://salsa.debian.org/debian/7zip/-/blob/debian/23.01+dfsg-4_exp1/debian/control -- YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Hello Markus, > I wanted to prepare a fix for CVE-2022-48579 in Bullseye and release it via a > bullsye point update. Do you want to take care of the upload instead? Thank you. So, please upload bullseye fix via point update by you. My current Git status is here. https://github.com/debian-calibre/unrar-nonfree/tree/bullseye-update Close this bug report when the bug was fixed. -- YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Hello Salvatore, > FWIW, does not warrant a DSA, but can be fixed via upcoming point > release. Thank you. I will try to do that. -- YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Package: unrar Version: 1:6.0.3-1+deb11u1 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com, a...@debian.org, t...@security.debian.org CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10 by Debian LTS team ( DLA-3535-1 ). The fix patch for Debian 10 can be apply for Debian 11. Fix patch for CVE-2022-48579 Debian 10: https://github.com/debian-calibre/unrar- nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272 Debian 11: https://github.com/debian-calibre/unrar- nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid. -- YOKOTA Hiroshi
Bug#1043042: calibre: New warning when running `calibredb catalog'
Hello gregor and python-apsw maintainer, > Since yesterday, `calibredb catalog' outputs a warning. > > I'm running the following command in a script from a daily cronjob: > > % calibredb catalog /home/gregoa/tmp/calibre.bib --entry-type=mixed > --add-files-path=False > --fields="authors,title,pubdate,id,library_name,publisher,#fullseries" > > and on the last run I -- for the first time -- got the following warning: > > Missing sys.apsw_fault_inject_control > > Exit code 0, and the resulting .bib file is ok; just the warning is > slightly annoying (as in: unnecessary mail from cron). This error comes from python3-apsw (3.42.0.1-1) package. This error can be reproducible that just load "apsw" package. ``` $ python3 Python 3.11.4 (main, Jun 7 2023, 10:13:09) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import apsw Missing sys.apsw_fault_inject_control >>> ``` This error message comes from src/apsw.c:APSW_FaultInjectControl() in python-apsw source code. Check out python-apsw source code in this line: https://sources.debian.org/src/python-apsw/3.42.0.1-1/src/apsw.c/#L2067 -- YOKOTA Hiroshi
Bug#1042452: Please move big 7zz binary from 7zip package to separate package, for example 7zip-noplugins or split like p7zip
Hello Mantas, > My suggestion is to move the big 7zz binary from 7zip package to > separate package, for example 7zip-noplugins, then most regular users > will use 7zip package and 7zip-noplugins package is only for these, > who want "special" 7zz binary. Currently, 7-Zip upstream only provides 7zz for Linux pre-compiled distribution archives. I think 7z/7za/7zr are might works for you, but not guaranteed by 7-Zip upstream. This is the point that 7zip package includes 7zz binary. -- YOKOTA
Bug#1041854: bookworm-pu: package calibre/6.13.0+repack-2+deb12u1
> Please go ahead. Thank you, I uploaded the fixed package. -- YOKOTA Hiroshi
Bug#1041779: "ERROR: Unhandled exception" when opening Settings > Saving Books to disk
Hello, Fix has been send to release manager. Checkout Debian bug 1041854 and wait for next stable-update. [bookworm-pu: package calibre/6.13.0+repack-2+deb12u1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041854 -- YOKOTA
Bug#1041854: bookworm-pu: package calibre/6.13.0+repack-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com Control: affects -1 + src:calibre [ Reason ] To fix Debian bug 1041779 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041779 [ Impact ] Preferences dialog won't work [ Tests ] Manually reproduces this bug, and confirm to fixed the bug with this patch. [ Risks ] The fix is trivial. This bug is already fixed in calibre/6.15.1-4 (Debian bug 1034089). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Fixes Python syntax mismatch. [ Other info ] The patch is taken from Debian unstable code. https://github.com/debian- calibre/calibre/blob/debian/6.15.1-4/debian/patches/0027-TypeError-on-opening- Preferences-Closes-1034089.patch See also Debian bug 1034089. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089 Attached debdiff can be examine from online. https://github.com/debian- calibre/calibre/compare/debian/6.13.0+repack-2...debian/6.13.0+repack-2+deb12u1 diff --git a/debian/changelog b/debian/changelog index e484562458..f758dc7971 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +calibre (6.13.0+repack-2+deb12u1) bookworm; urgency=medium + + * "ERROR: Unhandled exception" when opening Settings > Saving Books to disk (Closes: #1041779) + * Rediff patches. +Add reproduced error messages + + -- YOKOTA Hiroshi Mon, 24 Jul 2023 20:35:33 +0900 + calibre (6.13.0+repack-2) unstable; urgency=medium * Update lintian overrides diff --git a/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch b/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch new file mode 100644 index 00..b942c4aff5 --- /dev/null +++ b/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch @@ -0,0 +1,57 @@ +From: YOKOTA Hiroshi +Date: Sun, 9 Apr 2023 14:50:50 +0900 +Subject: "ERROR: Unhandled exception" when opening Settings > Saving Books to + disk (Closes: #1041779) + +Forwarded: not-needed + +Click "Preferences->Import/Export->Sending Books to disk" to +reproduce the error. + +This is mostly same case of Debian bug 1034089 and 1032095. + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032095 + + +calibre, version 6.13.0 +ERROR: Unhandled exception: TypeError:SaveTemplate.__init__() got an unexpected keyword argument 'parent' + +calibre 6.13 embedded-python: False +Linux-6.3.0-2-amd64-x86_64-with-glibc2.37 Linux ('64bit', 'ELF') +('Linux', '6.3.0-2-amd64', '#1 SMP PREEMPT_DYNAMIC Debian 6.3.11-1 (2023-07-01)') +Python 3.11.4 +Interface language: None +Traceback (most recent call last): + File "/usr/lib/calibre/calibre/gui2/preferences/main.py", line 308, in show_plugin +self.showing_widget = plugin.create_widget(self.scroll_area) + ^^ + File "/usr/lib/calibre/calibre/customize/__init__.py", line 675, in create_widget +return widget(parent) + ^^ + File "/usr/lib/calibre/calibre/gui2/preferences/__init__.py", line 267, in __init__ +self.setupUi(self) + File "/usr/lib/calibre/calibre/gui2/preferences/saving_ui.py", line 46, in setupUi +self.save_template = SaveTemplate(parent=Form) + ^ +TypeError: SaveTemplate.__init__() got an unexpected keyword argument 'parent' + +(the Preferences dialog does not open) +--- + src/calibre/gui2/preferences/save_template.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/calibre/gui2/preferences/save_template.py b/src/calibre/gui2/preferences/save_template.py +index 82cf951..47d4510 100644 +--- a/src/calibre/gui2/preferences/save_template.py b/src/calibre/gui2/preferences/save_template.py +@@ -18,8 +18,8 @@ class SaveTemplate(QWidget, Ui_Form): + + changed_signal = pyqtSignal() + +-def __init__(self, *args): +-QWidget.__init__(self, *args) ++def __init__(self, parent=None): ++QWidget.__init__(self, parent) + Ui_Form.__init__(self) + self.setupUi(self) + self.orig_help_text = self.help_label.text() diff --git a/debian/patches/series b/debian/patches/series index 651a3ce7be..ba0e98e8d3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -26,3 +26,4 @@ 0026-Don-t-download-translation-files-from-GitHub.patch 0027-Use-text-file-instead-of-BZip2-compressed-file.patch 0028-TypeError-HistoryLineEdit.__init__-got-an-unexpected.patch +0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch
Bug#1041779: "ERROR: Unhandled exception" when opening Settings > Saving Books to disk
Hello, > Calibre settings are currently broken on my system. Opening "Saving Books to > disk", "Sending Books to device" in the preferences fails with the following > error : "TypeError:SaveTemplate._init_() got an unexpected keyword argument > 'parent'" > Additionally, other menus like "Behavior" are broken, with checkboxes and > empty drop-downs in random places (https://i.imgur.com/v4odGA5.png for > example). I think this bug is same bug that fixed in Debian unstable but not in Debian stable. See also Debian bug #1034089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089 If you have package build environment, you can try patch: https://github.com/debian-calibre/calibre/blob/debian/6.15.1-4/debian/patches/0027-TypeError-on-opening-Preferences-Closes-1034089.patch -- YOKOTA
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, I was added new marge request at salsa: https://salsa.debian.org/debian/p7zip/-/merge_requests/5 This fix adds alternative selection to p7zip to allow co-installable with 7zip. -- YOKOTA
Bug#1040754: chromium: Enable GTK4 backend to use IME for Wayland window
Package: chromium Version: 114.0.5735.198-1 Severity: wishlist X-Debbugs-Cc: yokota.h...@gmail.com Dear Chromium Maintainer, Current Debian Chromium enables GTK3 backend only, but I want GTK4 backend to use IMEs for Wayland window. See upstream issue tracker for technical details: https://bugs.chromium.org/p/chromium/issues/detail?id=1422087 -- YOKOTA
Bug#1036938: libpodofo: libpodofo 0.10.0 was released
Hello, libpodofo maintainer I add merge request to update libpodofo 0.10.1. https://salsa.debian.org/debian/libpodofo/-/merge_requests/3 Please check this merge request. Thanks, -- YOKOTA Hiroshi
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, > Now that the 7zip package is feature-compatible with p7zip please move this > forward > and convert the p7zip packages to transitional packages. I was uploaded experimental 7zip package (22.01+dfsg-10~exp1) to replace p7zip. This package also adds alternative selection to allow other 7-Zip implementation like p7zip or forked p7zip. Updated codes are also available from salsa. https://salsa.debian.org/debian/7zip/-/tree/experimental -- YOKOTA
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, I'm maintaining 7zip package. > The 7zip is available for bookworm. > > Features that its Debian configuration is currently lacking but that are > available: > * Creating SFX archives (missing 7zCon.sfx) > * rar module in non-free SFX is supported since 7zip 22.01+dfsg-9. rar module provided by another package and currently in ITP at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036990 I need a mentor/sponsor to upload this package. rar module is currently availale at: https://salsa.debian.org/yokota/7zip-rar Build yourself to try it. -- YOKOTA Hiroshi
Bug#1036990: ITP: 7zip-rar -- non-free RAR module for 7zip
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: 7zip-rar Version : 22.01 Upstream Contact: Igor Pavlov * URL : https://www.7-zip.org/ * License : unRAR License Programming Lang: C, C++ Description : non-free RAR module for 7zip This package provides a module for 7zip to make 7z able to extract RAR files. I was already maintain 7zip package, so I can also maintain this package. Current status of 7zip-rar packaging project is here: https://salsa.debian.org/yokota/7zip-rar
Bug#1036938: Debian Bug Tracking System
Package: libpodofo0.9.8 Version: 0.9.8+dfsg-3+b1 Severity: wishlist X-Debbugs-Cc: yokota.h...@gmail.com Dear Maintainer, "libpodofo" project was moved to GitHub https://github.com/podofo/podofo . And released 0.10.0 from there. Please package them. "calibre" package now needs libpodofo 0.10 API since Calibre 6.18. PS: libpodofo 0.10 API is changed from 0.9 API. So you might need some package transition request. -- YOKOTA Hiroshi
Bug#879989: calibre registers as application/pdf handler, overrides better ones
Hello, Alexandre. > Just to confirm that this "bug" remains in the current version and > state that IMHO the mimetypes associated to calibre is "too > greedy". For instance it doesn't make sense to me open a .docx file > sent by e-mail in ebook-edit or ebook-viewer instead of libreofffice. System default application choice may vary on your applications installation order, or some other reasons. For example, .docx uses LibreOffice even I installs Calibre on my machine. You can choose your favorite applications as default application from GNOME file manager application: "Files" or other file managers. The help file of this application describes how to change default application choice (See blow). Don't forget to set "Always use for this file type" switch to keep your choice. > Change the default application > You can change the default application that is used to open files of a given > type. This will allow you > to open your preferred application when you double-click to open a file. For > example, you might want > your favorite music player to open when you double-click an MP3 file. > > 1. Select a file of the type whose default application you want to change. > For example, to change > which application is used to open MP3 files, select a .mp3 file. > 2. Right-click the file and select "Open with...". > 3. Open "Open File" window. > 4. Select the application you want and click "Always use for this file type". > 5. Click "Open" button to open the file with selected application. > 6. Next time, selected application will uses as default application. > > This changes the default application not just for the selected file, but for > all files with the same type. -- YOKOTA
Bug#1032091: py7zr: CVE-2022-44900
Hello, py7zr maintainer. I was pushed some commits for Debain salsa repository to fix CVE-2022-44900 . https://salsa.debian.org/python-team/packages/py7zr/-/merge_requests/2 -- YOKOTA
Bug#1032095: calibre 6.11.0: TypeError: HistoryLineEdit.__init__() got an unexpected keyword argument 'parent'
Hello, David. > TypeError: HistoryLineEdit.__init__() got an unexpected keyword argument > 'parent' This error also happen on current Sid package 6.13.0+repack-1 . > I have see that there is a new version in Sid, but I don't have > understand if that one will go into the next stable. The fix was pushed to Git repository. https://github.com/debian-calibre/calibre/blob/master/debian/patches/0028-TypeError-HistoryLineEdit.__init__-got-an-unexpected.patch I will release new Sid package soon. -- YOKOTA
Bug#1028059: calibre-bin version 6.10.0+dfsg-5 uses unknown compression for control.tar.zst, cannot be installed
Hello, > Tried to install 6.10.0+dfsg-5 and got the error below: > calibre-bin_6.10.0+dfsg-5_amd64.deb' uses unknown compression for member > 'control.tar.zst', giving up > > Forced to cancel upgrade, leaving a number of packages that cannot be > upgraded as they need the qt6 packages but I need a working calibre. Sorry, there is some problem in Qt6 transitions. This probrem will fix in 5 days. Currently, calibre is works well on "sid" distributions. "control.tar.zst" is used in Ubuntu package. Use Debian package for your machine. There are some options to fix: 1. Hold current "testing" distribution packages. New calibre package for "testing" distribution will be available in 5 days. 2. Install manually "sid" distribution package from Debian web site. You must downloads and installs 2 packages. (binary package page) https://packages.debian.org/sid/calibre https://packages.debian.org/sid/calibre-bin (package distribution server) https://ftp.debian.org/debian/pool/main/c/calibre/ Install package files by super user. dpkg -i calibre_6.10.0+dfsg-5_all.deb calibre-bin_6.10.0+dfsg-5_amd64.deb If you don't know what to do, choose option 1 and wait 5 days or less. -- YOKOTA
Bug#1027607: calibre: FTBFS: unsatisfiable build-dependency: qt6-base-abi (= 6.3.1) (versioned dep on a virtual pkg?)
Hi, > Source: calibre > Version: 6.10.0+dfsg-3 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20230101 ftbfs-bookworm > > The following packages have unmet dependencies: > > python3-pyqt6 : Depends: qt6-base-abi (= 6.3.1) > > E: Unable to correct problems, you have held broken packages. > > apt-get failed. This error comes from python3-pyqt6 is not build with Qt 6.4.2 yet. Please wait Qt 6.4.2 transition on python3-pyqt6. https://release.debian.org/transitions/html/qt6baseabi-6.4.2.html -- YOKOTA
Bug#1019996: lxml: FTBFS: ModuleNotFoundError: No module named 'lxml'
Hello, lxml maintainer. This bug comes from obsolete module usage in "python3-defaults" package. Please examine my merge request at: https://salsa.debian.org/cpython-team/python3-defaults/-/merge_requests/12 -- YOKOTA Hiroshi
Bug#1021175: calibre - content server only listen on IPv4
Hello, Bastian. > The embedded only listens on 0.0.0.0, aka AF_INET, aka IPv4. This makes > the content server quite unusable in the current internet, where IPv4 > connectivity gets sparingly, either by CG-NAT used by the provider or by > IPv6-only environments. You can change listening address from preferences window. Change listening address from "Preferences"->"Sharing"->"Sharing over the net"->"Advanced"->"The interface on which to listen for connections:". The default value is "0.0.0.0", but you can change to "::" for IPv6. And use "127.0.0.1" or "::1" to limit access from localhost. Here is document text for this option: > The default is to listen on all available IPv4 interfaces. You can change > this to, for example, "127.0.0.1" to only listen for connections from the > local machine, or to "::" to listen to all incoming IPv6 and IPv4 connections. -- YOKOTA
Bug#1019136: cmake injects randomly named dummy function to output binary and it breaks reproducible build
Package: cmake Version: 3.24.1-1 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com Dear Maintainer, Current CMake (3.24.1) injects randomly named dummy function to output binary. Output binary works well, but this issue breaks reproducible build. Injected code can be examine from here: https://salsa.debian.org/cmake-team/cmake/-/blob/debian/3.24.1-1/Source/cmQtAutoMocUic.cxx#L2177 ```c++ // Placeholder content cmCryptoHash hash(cmCryptoHash::AlgoSHA256); const std::string hashedPath = hash.HashString(compAbs); const std::string functionName = "cmake_automoc_silence_linker_warning" + hashedPath; content += "// No files found that require moc or the moc files are " "included\n" "void " + functionName + "() {}\n"; ``` Randomly named dummy function was generated from absolute path name and SHA256. Absolute path name might be vary in each development machines because source code will be placed in each developer's own path. So, this feature generates non-deterministic output, and breaks reproducible build. Here is issue about this feature in upstream: https://gitlab.kitware.com/cmake/cmake/-/issues/23551 And merge request: https://gitlab.kitware.com/cmake/cmake/-/merge_requests/7558 This bug will break Debian "calibre" package from reproducible build. https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/calibre.html I want to make Debian "calibre" package to reproducible. -- YOKOTA Hiroshi
Bug#1018067: calibre: Remove unsuppoted architecture package from unstable distribution, and enable testing migration
Hi, Thanks for your quick reply. > > Please remove Calibre 5.44.0+dfsg-1 mips64el/mips package from unstable > > distribution, and enable testing migration. > It's an arch:all package, so not a blocker. Calibre has architecture-dependent package "calibre-bin". I want to remove "calibre-bin" mips64el/mipsel package. https://packages.debian.org/unstable/calibre-bin -- YOKOTA Hiroshi
Bug#1018067: calibre: Remove unsuppoted architecture package from unstable distribution, and enable testing migration
Package: release.debian.org Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com Old Calibre mips64el/mipsel package prevents testing migration from Calibre v5 to v6. Calibre v6 dose not support mips64el/mipsel architecture anymore. Because Calibre now uses Qt6, and Qt6 drops mips64el/mipsel support. Please remove Calibre 5.44.0+dfsg-1 mips64el/mips package from unstable distribution, and enable testing migration. See also Calibre package page: https://tracker.debian.org/pkg/calibre -- YOKOTA Hiroshi
Bug#1012987: libpodofo: ftbfs with GCC-12
Hi Nicholas > It looks like the a "Source" or "Forwarded" DEP3 header with a link to > Pino's pull request is missing. > https://dep-team.pages.debian.net/deps/dep3 I was updated my salsa merge request. https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 -- YOKOTA Hiroshi
Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1
Hello, > Please go ahead; sorry for the delay. Thanks, I was uploaded to buster. -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello, > I rewrite my patch to enable all string test. New patch was already uploaded to salsa. https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello Mattia, > At the very least, I'd prefer fedora's patch better since it disable > specific tests and not the whole file the failing test lives in… > But I really don't like either. I rewrite my patch to enable all string test. -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello Debian libpodofo maintainer, I maintain Debian Calibre which uses libpodofo. I make FTBFS fix to Debian libpodofo at: https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 Please examine this merge request. -- YOKOTA
Bug#1015259: calibre: preferences link no longer available
Tags: moreinfo Hello, > I was looking for that arrow to expose the preferencesw link but the > arrow was missing. Sorry about that as it was the real problem for me. Calibre supports color palette settings (Light/Dark) from Calibre v6. If your icon theme is not suitable for color palette, icons seems missing from your eyes. You can change color palette or icon theme from preferences window. Color palette and icon theme can be change from "Look & Feel" in preferences window. If somethings still wrong about this issue, send screen shots. -- YOKOTA
Bug#1015259: calibre: preferences link no longer available
Hello Gary, > Wanted to edit Calibre preferences and attempted to find link fo them. No > such > link exists any more. Right most command buttons are not display when Calibre window is too smalll. Enlarge Calibre window to display more icons on command tool bar. Use shortcut key "Ctrl+p" to show preferences window. Use "Toolbars & menus" configuration item on preferences window to arrange command icons order on tool bars. Use "Look & feel" configuretion item to change command icon size. -- YOKOTA
Bug#1012886: 7zip: ftbfs with GCC-12
Hello, ftbfs fix was uploaded to Debian sid as 7zip/21.07+dfsg-5 . -- YOKOTA
Bug#1012820: calibre fails on converting to PDF
Hello, > 2. If I run as a non-root user I get: > > Authorization required, but no authorization protocol specified > qt.qpa.xcb: could not connect to display :0.0 > qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though > it > was found. > This application failed to start because no Qt platform plugin could be > initialized. Reinstalling the application may fix this problem. > > Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, > offscreen, > vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, > xcb. > qt.qpa.xcb: could not connect to display :0.0 This line shows that you are not connected to X11. PDF render uses Qt library, and Qt requires some GUI environment like X11. Check X11 environment and works other X11 client programs on your machine. You must setup X11 and connect X server properly even if you don't want to use GUI. Install X11 environment and related Qt libraries, and run from GUI environment. -- YOKOTA
Bug#1012457: calibre: segfault on startup for different locales
Tags: confirmed It also reproduce with other non-UTF-8 locales. 1. Edit "/etc/locale.gen" and setup non-UTF-8 locale 2. Use non-UTF-8 locale for Calibre $ LANG=ja_JP.EUC-JP calibre $ LANG=en_US.ISO-8859-15 calibre 3. Segmentation fault > If LC_CTYPE=ro_RO then calibre segfaults on startup > If LC_CTYPE is unset (or LC_ALL=C) then calibre starts and works normally. > Locale: LANG=en_GB.UTF-8, LC_CTYPE=ro_RO (charmap=ISO-8859-2), > LANGUAGE=en_GB:en Current Linux system recommends UTF-8 based locale. "ro_RO" uses legacy encoding "ISO-8859-2" and it's not recommended for modern Linux systems. Use UTF-8 based ro_RO locale "ro_RO.UTF-8" to avoids this bug. 1. Edit "/etc/locale.gen" and adds "ro_RO.UTF-8" locale support. Use "dpkg-reconfigure locales" command for easy setup. It also drops legacy locale support. # dpkg-reconfigure locales 2. Use "ro_RO.UTF-8" for Calibre $ LC_CTYPE=ro_RO.UTF-8 calibre $ LANG=ro_RO.UTF-8 calibre 3. Works well. > The offcial calibre version 5.43.0 does not segfault on the same machine. > This is a debian specific issue. Official calibre uses embedded Python, and not uses system Python. Embedded Python uses limited locale support, and this avoids locale problems. -- YOKOTA Hiroshi
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
> > Fix CVE-2022-30333 and its corresponding RC bug. ... > Please go ahead. Thanks. I was uploaded unrar-nonfree/1:6.0.3-1+deb11u1 to bullseye. -- YOKOTA Hiroshi
Bug#948108: closed by yokota (Re: unrar corrupts filenames given as arguments)
Tags: -wontfix > Why would unrar even try to do such a thing for an archive filename on > the command line? It would make sense if this had anything to do with the > filenames stored in the archive, but that's not the case. Because unrar is originally made for Windows. Windows command line programs uses GetCommandline() function and use wide char (wchar_t) strings to get command line options. Unix unrar code uses thin wrapper around startup routines for Windows unrar code to work with multi byte (char) strings. Because Unix uses multi byte strings to get command line options. > The proof for this is that basically every other command has no trouble > with this. If unsure, try to look at how programs such as "cat", "zip" or > "unzip" work, none of which have trouble with this. Unix tools like "cat" and others uses multi byte strings to get command line options. Because "cat" is made for Unix, and no need to convert command line option strings. Anyway, this issue is once forwarded to upstream, but upstream does not want to fix. I have no more ideas about this issue, because I am not an expert of RAR archiver programs. But you can ask your request to upstream by yourself. If upstream releases new version of unrar, I will make new unrar package. -- YOKOTA
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.h...@gmail.com [ Reason ] Fix CVE-2022-30333 and its corresponding RC bug. [ Impact ] CVE-2022-30333 is directory traversal vulnerability. It write to files during an extract operation on outside of extraction directory. [ Tests ] Compiled executable file passes current autopkgtest in Debian sid. [ Risks ] Test case of CVE-2022-30333 is not available. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch to fix CVE-2022-30333. This patch was taken from diff file between unrar 6.1.6 and 6.1.7. [ Other info ] Upstream developer uses both application version and source version. Upstream says this security vulnerability is fixed in application version 6.12. Application version 6.12's corresponding source version is 6.1.7. CVE-2022-30333 was fixed in source version 6.1.7. -- YOKOTA Hiroshi unrar-nonfree-bullseye-update-1:6.0.3-1+deb11u1.debdiff Description: Binary data
Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.h...@gmail.com [ Impact ] CVE-2022-30333 is directory traversal vulnerability. It write to files during an extract operation on outside of extraction directory. [ Tests ] Compiled executable file passes current autopkgtest in Debian sid. [ Risks ] Test case of CVE-2022-30333 is not available. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch to fix CVE-2022-30333. This patch was taken from diff file between unrar 6.1.6 and 6.1.7. [ Other info ] Upstream developer uses both application version and source version. Upstream says this security vulnerability is fixed in application version 6.12. Application version 6.12's corresponding source version is 6.1.7. CVE-2022-30333 was fixed in source version 6.1.7. -- YOKOTA Hiroshi unrar-nonfree-buster-update-1:5.6.6-1+deb10u1.debdiff Description: Binary data
Bug#999900: epubcheck: java.lang.StackOverflowError
Control: tags 00 + patch Add tags
Bug#999900: epubcheck: java.lang.StackOverflowError
tags 00 + patch Hello, > This problem was described in epubcheck troubleshooting document. > https://github.com/w3c/epubcheck/wiki/Running#javalangstackoverflowerror I make salsa merge request to fix this issue at: https://salsa.debian.org/java-team/epubcheck/-/merge_requests/3 -- YOKOTA
Bug#1006730: (no subject)
Hi, > I understand your reluctance to diverge from the original 7-Zip code > which could make the maintanence harder in the future. So maybe I ask > upstream for this feature? Yes, you can ask to upstream about your request. If your request is accepted to upstream code, I will make new 7-Zip package with this feature. -- YOKOTA
Bug#1001111: 7zip: use 7-zip's assembler code
Tags: - wontfix > Hi, thank you for having looked into this. I believe that asmc can be > compiled from source with GCC, as mentioned in upstream's issue tracker > [1]. > > The current state of asmc + Linux support is not really mature and is > considered experimental, but it is a thing that the upstream author > wants to support. It will take time, but it will eventually be possible > to build asmc without many issues. > > As this is something that could change in the future, I believe that > marking this as wontfix is not the best solution. Thanks for your replay. But it needs some more time to resolve this issue. -- YOKOTA
Bug#999900: epubcheck: java.lang.StackOverflowError
Hello, epubcheck maintainers. This problem was described in epubcheck troubleshooting document. https://github.com/w3c/epubcheck/wiki/Running#javalangstackoverflowerror Just add 1024kb or more stack to fix this error. > java -Xss1024k -jar epubcheck.jar moby-dick.epub -- YOKOTA
Bug#1003171: calibre: Calibre version used in debian stable does not start
Control: notfound -1 5.12.0+dfsg-1+deb11u1
Bug#990541: cve was addressed upstream
> For stretch, you would have to provide a patch based on the 5.6.6 change. Do you know how to upload to stretch-update? I found how to upload to bullseye/buster by "reportbug" package, but not stretch. Or it's too late to upload to stretch? -- YOKOTA Hiroshi
Bug#990541: cve was addressed upstream
Hi, > stretch is vulnerable (test case; misleading min. version in CVE description) > and bullseye is > vulnerable according to the CVE description. Do we needs unurar-nonfree 6.0.4 for stretch/bullseye? I can make stretch/bullseye-update package for next point release. -- YOKOTA Hiroshi
Bug#990541: cve was addressed upstream
Hi, > Can you give more information here? Where was it fixed? I make autopkgtest `debian/tests/CVE-2018-25018.sh` and pass this test. You can check this test code from "unrar-nonfree" source package or: https://sources.debian.org/src/unrar-nonfree/1:6.1.2-1/debian/tests/CVE-2018-25018.sh/ And test results are held on CI log: https://ci.debian.net/packages/u/unrar-nonfree/ Please reopen this bug if you want. -- YOKOTA Hiroshi
Bug#1001111: 7zip: use 7-zip's assembler code
Hi, Andrea > Hi, could you consider building the 7zip package using its provided assembler > code? As stated in upstream's readme.txt, "if you compile the version with > Assembeler code, you will get faster 7-Zip binary". x86 assembler code wants "asmc" to build that not in Debian packages. So there is some more issues to resolve. -- YOKOTA
Bug#999769: bullseye-pu: package calibre/5.12.0+dfsg-1
> Thanks; please go ahead. I was uploaded new version. -- YOKOTA Hiroshi
Bug#999769: bullseye-pu: package calibre/5.12.0+dfsg-1
> If it is, then unstable needs to be fixed first. If not, then please > add an appropriate fixed version to that bug, so that the situation is > clearer. Thanks, I add fixed version info to bug #998744 . -- YOKOTA Hiroshi
Bug#997894: Simple dependency omission
Thanks, Matthias. I was upload new calibre 5.32.0+dfsg-2 package with your fix. -- YOKOTA Hiroshi
Bug#999769: bullseye-pu: package calibre/5.12.0+dfsg-1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.h...@gmail.com [ Reason ] Fix bug #998744 (calibre: Python byte-compile error when installing calibre). [ Impact ] Installation fails as describes in bug #998744 . [ Tests ] Source code has many unit tests to check high and low level functionality. [ Risks ] Change is very trivial. See "debian/patches/0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch" . Not well tested on "bullseye/stable" machine because I use "sid/unstable" machine. Trivial checks on my "sid/unstable" machine was OK. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] * Avoid to use embedded assignment syntax (Closes: #998744) [ Other info ] This fix is already applied on upstream. This error was also reported at: https://bugs.launchpad.net/calibre/+bug/1942463 Fixes are: https://github.com/kovidgoyal/calibre/commit/884839a691e800e56e185e10019a66b12feea640 and https://github.com/kovidgoyal/calibre/commit/ed32130ca4cbbf235f5560e7c53f78c01eab1106 diff -Nru calibre-5.12.0+dfsg/debian/changelog calibre-5.12.0+dfsg/debian/changelog --- calibre-5.12.0+dfsg/debian/changelog 2021-02-26 22:39:59.0 +0900 +++ calibre-5.12.0+dfsg/debian/changelog 2021-11-16 08:37:45.0 +0900 @@ -1,3 +1,9 @@ +calibre (5.12.0+dfsg-1+deb11u1) bullseye; urgency=medium + + * Avoid to use embedded assignment syntax (Closes: #998744) + + -- YOKOTA Hiroshi Tue, 16 Nov 2021 08:37:45 +0900 + calibre (5.12.0+dfsg-1) unstable; urgency=medium * New upstream version 5.12.0+dfsg diff -Nru calibre-5.12.0+dfsg/debian/patches/0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch calibre-5.12.0+dfsg/debian/patches/0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch --- calibre-5.12.0+dfsg/debian/patches/0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch 1970-01-01 09:00:00.0 +0900 +++ calibre-5.12.0+dfsg/debian/patches/0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch 2021-11-16 08:37:45.00000 +0900 @@ -0,0 +1,31 @@ +From: YOKOTA Hiroshi +Date: Tue, 9 Nov 2021 23:56:51 +0900 +Subject: Avoid to use embedded assignment syntax (Closes: #998744) + +Forwarded: not-needed + +This error was also reported at: + https://bugs.launchpad.net/calibre/+bug/1942463 + +Fixes are: + https://github.com/kovidgoyal/calibre/commit/884839a691e800e56e185e10019a66b12feea640 +and + https://github.com/kovidgoyal/calibre/commit/ed32130ca4cbbf235f5560e7c53f78c01eab1106 +--- + src/calibre/utils/formatter.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/calibre/utils/formatter.py b/src/calibre/utils/formatter.py +index 83f2a00..18d1afd 100644 +--- a/src/calibre/utils/formatter.py b/src/calibre/utils/formatter.py +@@ -656,7 +656,8 @@ class _Interpreter(object): + + def do_node_first_non_empty(self, prog): + for expr in prog.expression_list: +-if v := self.expr(expr): ++v = self.expr(expr) ++if v: + return v + return '' + diff -Nru calibre-5.12.0+dfsg/debian/patches/series calibre-5.12.0+dfsg/debian/patches/series --- calibre-5.12.0+dfsg/debian/patches/series 2021-02-26 22:39:10.0 +0900 +++ calibre-5.12.0+dfsg/debian/patches/series 2021-11-16 08:37:45.0 +0900 @@ -8,3 +8,4 @@ 0008-Don-t-change-book-file-unless-user-s-consent-Closes-.patch 0009-dont-use-python-crypto.patch 0010-Restore-chardet-module-support.patch +0011-Avoid-to-use-embedded-assignment-syntax-Closes-99874.patch
Bug#998744: calibre: Python byte-compile error when installing calibre
Hello Sajith, > This is the relevant part from `apt install calibre`: > > > Setting up calibre (5.12.0+dfsg-1) ... > Failed to byte-compile /usr/lib/calibre/calibre/utils/formatter.py: File > "/usr/lib/calibre/calibre/utils/formatter.py", line 659 > if v := self.expr(expr): > ^ > SyntaxError: invalid syntax > This error comes from obsolete python syntax. This error was also reported at: https://bugs.launchpad.net/calibre/+bug/1942463 Fixes are: https://github.com/kovidgoyal/calibre/commit/884839a691e800e56e185e10019a66b12feea640 and https://github.com/kovidgoyal/calibre/commit/ed32130ca4cbbf235f5560e7c53f78c01eab1106 We must fix soon. -- YOKOTA
Bug#988689: ITP: 7zip -- 7-Zip file archiver
Hello, Dylan. Thanks for invite me to your 7zip project on salsa. My changes are held on "experimental" branch. Please marge it. Or, give me write permission to "master" branch. Because "master" branch is protected and can only writable by project maintainer. Check https://salsa.debian.org/help/user/project/protected_branches.md for this issue. I am a Debian Maintainer, so I can't upload packages without Debian Developper's grant. If you give me grant, check https://wiki.debian.org/DebianMaintainer . -- YOKOTA Hiroshi
Bug#988689: ITP: 7zip -- 7-Zip file archiver
Hello, Dylan. > I started to work on 7zip [1] before realizing you already started a > package of it. > Are you still working on it? Should we combine our efforts to finish > the package? Thanks for pickup my code. Please publish 7zip package. Yes, I still working on 7zip code to add some other feature, but you can finish the package. -- YOKOTA
Bug#988689: ITP: 7zip -- 7-Zip file archiver
Hi all, > > 7-Zip is a file archiver with a high compression ratio. > is this different from > https://tracker.debian.org/pkg/p7zip "p7zip" is a forked project from "7-Zip" project. My "7zip" package is come from original "7-Zip" project. Both code is something different from each other. > It looks like we already have the 7-Zip unrar code split on its own > source package in non-free (p7zip-rar). "p7zip" provides "7z" command, and "7z" has plugin module functionality to load unRAR code. "7zip" provides "7zz" command, and "7zz" is a stand-alone style binary that doesn't have plugin module functionality. I just drop unRAR code to keep DFSG. See my salsa Git repository. https://salsa.debian.org/yokota/7zip -- YOKOTA Hiroshi
Bug#988689: ITP: 7zip -- 7-Zip file archiver
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: 7zip Version : 21.02 Upstream Author : Igor Pavlov * URL : https://www.7-zip.org/ * License : LGPL with "unRAR license restriction" ( https://www.7-zip.org/license.txt ) Programming Lang: C, C++, Asm Description : 7-Zip file archiver 7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip * High compression ratio in 7z format with LZMA and LZMA2 compression * Supported formats: * Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM * Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RAR, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z. * For ZIP and GZIP formats, 7-Zip provides a compression ratio that is 2-10 % better than the ratio provided by PKZip and WinZip * Strong AES-256 encryption in 7z and ZIP formats * Powerful command line version note: "p7zip-full" package provides full-featured, but older 7-Zip archiver. This "7zip" package provides stand-alone style archiver only, but newer 7-Zip archiver. "7zip" package is in "non-free" section because "unRAR" code is not compatible with DFSG. Current packaging state is held on https://salsa.debian.org/yokota/7zip .