Bug#824011: warzone2100: FTBFS in testing (maybe missing Build-Conflicts)

[Markus Koschany]

Control: severity -1 normal

On Wed, 11 May 2016 11:34:14 +0200 (CEST) Santiago Vila
 wrote:
> Package: warzone2100
> Version: 3.1.1-3
> Severity: serious
> 
> Dear maintainer:
> 
> This package fails to build from source in stretch:
> 
> -
>  debian/rules build
> dh build --parallel --with autoreconf
>dh_testdir
>dh_update_autotools_config
>debian/rules override_dh_autoreconf
> make[1]: Entering directory '/<>'
> dh_autoreconf ./autogen.sh
> + checking for automake >= 1.12 ... found 1.15, ok.
> Sorry, automake 1.12+ is not supported yet, please use 1.11.

[...]

Hi,

I have just rebuilt warzone2100 in a clean sid cowbuilder chroot.
Everything went fine. Currently automake 1.11 is automatically installed
but this might change in the future so we should keep an eye on this
issue. I don't consider this to be release critical at the moment as
long as warzone2100 can be built from source in a default chroot
environment but I leave the rest to pabs, if he should feel differently
about that.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#823812: netbeans: non-free files

[Markus Koschany]

Hi,

Am 09.05.2016 um 12:11 schrieb Dmitry Smirnov:
> Source: netbeans
> Version: 8.1+dfsg2-3
> Severity: serious
> Usertags: dfsg
> 
> Files:
> cnd/javahelp/org/netbeans/modules/cnd/help/legal_notice.htm
> 
> javacard.project/javahelp/org/netbeans/modules/javacard/project/docs/help/docinfo.html
> 
> Contain fairly restrictive license:
> 
> 
> Except as expressly permitted in your
> license agreement or allowed by law, you may not use, copy, reproduce,
> translate, broadcast, modify, license, transmit, distribute, exhibit,
> perform, publish, or display any part, in any form, or by any means.
> Reverse engineering, disassembly, or decompilation of this software, unless
> required by law for interoperability, is prohibited.

It sounds scary but the first part of the sentence is important:

"Except as expressly permitted in your license agreement..."

The license agreement is GPL-2+-with-classpath-exception or CDDL-1

> 
> Those terms seems to apply to other files in respective directories.
> 
> File:
> 
> java.sourceui/test/unit/src/org/netbeans/api/java/source/ui/FileChooser.html
> 
> is explicitly licensed under those terms.

FileChooser.html does not contain a specific license grant. There are
more files under ui but those contain the standard license headers,
GPL-2+-with-classpath-exception or CDDL-1

> 
> 
> 
> File:
> 
> javascript2.extjs/test/unit/data/testfiles/completion/applyMethod/ClassManager.js
> 
> contains the following:
> 
> 
> Licensees holding valid commercial licenses may use this file in accordance 
> with the Commercial
> Software License Agreement provided with the Software or, alternatively, in 
> accordance with the
> terms contained in a written agreement between you and Sencha.
> 
> 
> However no other license is mentioned.

That's true and I wished upstream would be more careful about this.
However this file is part of the ExtJS framework from Sencha and is also
licensed under the GPL-3. I will update debian/copyright accordingly.



> 
> 
> 
> Files:
> j2ee.dd/src/org/netbeans/modules/j2ee/dd/impl/resources/web-app_2_3.dtd
> 
> j2ee.ddloaders/src/org/netbeans/modules/j2ee/ddloaders/catalog/resources/web-app_2_3.dtd
> 
> j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/static-verification_1_4.dtd
> 
> j2ee.weblogic9/src/org/netbeans/modules/j2ee/weblogic9/resources/ejb-jar_2_1.xsd
> 
> j2ee.weblogic9/src/org/netbeans/modules/j2ee/weblogic9/resources/j2ee_1_4.xsd
> 
> j2ee.weblogic9/src/org/netbeans/modules/j2ee/weblogic9/resources/j2ee_web_services_client_1_1.xsd
> 
> j2ee.weblogic9/src/org/netbeans/modules/j2ee/weblogic9/resources/jsp_2_0.xsd
> 
> j2ee.weblogic9/src/org/netbeans/modules/j2ee/weblogic9/resources/web-app_2_4.xsd
> schema2beans/test/unit/data/TestApplication1_4.xsd
> schema2beans/test/unit/data/TestFinalWebApp.xsd
> schema2beans/test/unit/data/TestWebApp.xsd
> schema2beans/test/unit/data/TestWebAppDelegator.xsd
> schema2beans/test/unit/data/TestWebAppDelegatorBaseBean.xsd
> schema2beans/test/unit/data/final_j2ee_1_4.xsd
> schema2beans/test/unit/data/final_jsp_2_0.xsd
> schema2beans/test/unit/data/j2ee_1_4.xsd
> schema2beans/test/unit/data/j2ee_web_services_client_1_1.xsd
> schema2beans/test/unit/data/jsp_2_0.xsd
> web.core/src/org/netbeans/modules/web/taglib/resources/j2ee_1_4.xsd
> 
> web.core/src/org/netbeans/modules/web/taglib/resources/j2ee_web_services_client_1_1.xsd
> 
> web.core/src/org/netbeans/modules/web/taglib/resources/web-jsptaglibrary_2_0.xsd
> 
> 
>  This document and the technology which it describes are
>  distributed under licenses restricting their use, copying,
>  distribution, and decompilation. No part of this document
>  may be reproduced in any form by any means without prior
>  written authorization of Sun and its licensors, if any.
> 

Sun Microsystems was bought by Oracle a few years ago. The schema
resources / specifications are licensed under the standard license now. See

http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html

and download some of the files to verify this statement.


> 
> Same terms are also present in the following files, under
> "CDDL or GPL-2 and exception-GPL-Classpath" header:
> 
> Files:
> web.jsf/src/org/netbeans/modules/web/jsf/resources/javaee_5.xsd
> 
> web.jsf/src/org/netbeans/modules/web/jsf/resources/javaee_web_services_client_1_2.xsd
> web.jsf/src/org/netbeans/modules/web/jsf/resources/web-facesconfig_1_2.xsd
> web.jsf/src/org/netbeans/modules/web/jsf/resources/web-facesconfig_2_0.xsd
> 
> 

See above

> 
> File:
> php.editor/test/unit/data/testfiles/parser/performance/performance.php
> 
> is from "SMF 1.1" which is non-free according to
> 
> http://www.simplemachines.org/about/opensource.php
> 
> 
>  The license used for SMF 1.0 and SMF 1.1 is more restrictive than OSI
>  approved licenses. That 

Bug#823813: netbeans: non-DFSG .xsd files (no modification?)

[Markus Koschany]

Am 09.05.2016 um 12:11 schrieb Dmitry Smirnov:
> Source: netbeans
> Version: 8.1+dfsg2-3
> Severity: serious
> Usertags: dfsg
> 
> Files:
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/wsrm-policy-200502.xsd
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/WS-Trust.xsd
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/metadata-exchange.xsd
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/optimizedmimeserialization-policy.xsd
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/ws-policy-10.xsd
> 
> websvc.wsitmodelext/src/org/netbeans/modules/websvc/wsitmodelext/catalog/resources/wsat.xsd
> 
> are licensed under terms allowing only distribution (i.e. "copy and display")
> while explicitly prohibiting everything else:
> 
>"No other rights are granted by implication, estoppel or otherwise."
> 
> I'm particularly concerned about modification rights that appears to be 
> prohibited.
> 
> Please investigate.

Hi,

these are W3C specifications like
https://en.wikipedia.org/wiki/WS-Policy and
https://www.w3.org/TR/ws-metadata-exchange/. Nowadays they are either
licensed under the W3C document license
https://www.w3.org/Consortium/Legal/2015/doc-license or W3C software
license
https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document. The
latter is dfsg-free but the former does not allow modifications of W3C
documents except under the following conditions:

"No right to create modifications or derivatives of W3C documents is
granted pursuant to this license, except as follows: To facilitate
implementation of the technical specifications set forth in this
document, anyone may prepare and distribute derivative works and
portions of this document in software, in supporting materials
accompanying software, and in documentation of software, PROVIDED that
all such works include the notice below. HOWEVER, the publication of
derivative works of this document for use as a technical specification
is expressly prohibited.

In addition, "Code Components" —Web IDL in sections clearly marked as
Web IDL; and W3C-defined markup (HTML, CSS, etc.) and computer
programming language code clearly marked as code examples— are licensed
under the W3C Software License."

I think most people will agree that it makes no sense to modify a
specification because it would be extremely confusing and harmful for
the internet if there was more than one HTML 5 spec for example.

However I don't intend to argue about this matter because the websvc
module is not used by us. I will just remove it from the tarball.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#823297: libbotan: security update breaks monotone

[Markus Koschany]

merge 823297 823300
thanks

On Tue, 03 May 2016 09:32:34 +0200 Tim Weippert  wrote:
> Package: libbotan-1.10-0
> Version: 1.10.8-2+deb8u1
> Severity: grave
> File: libbotan
> Justification: renders package unusable
> 
> Dear Maintainer,
> 
> it seems that the recent security update breaks monotone:
> 
> mtn: Symbol `_ZTVN5Botan17DataSource_MemoryE' has different size in shared 
> object, consider re-linking
> mtn: updating along branch 'net.dn42.registry'
> mtn: fatal signal: Segmentation fault
> this is almost certainly a bug in monotone.
> please send this error message, the output of 'mtn version --full',
> and a description of what you were doing to 
> 
> do not send a core dump, but if you have one, 
> please preserve it in case we ask you for information from it.
> Segmentation fault
> 
> Maybe the bug should also be sent to monotone for rebuilding?

Hello,

I can't reproduce the segmentation fault on my system. Could you share
some information about your setup? What exactly did you do before the
segfault happened? Did you restart the monotone-server after the
upgrade? Can you confirm that a rebuild fixes the issue?

I haven't seen other issues with the security update of libbotan1.10 so
far but if monotone needs a rebuild, this bug should be reassigned to
monotone.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#818072: warzone2100: FTBFS in stretch (new flex)

[Markus Koschany]

Am 01.05.2016 um 18:24 schrieb Graham Inggs:
> Control: tags -1 patch
> 
> Hi Maintainer
> 
> Please see attached patch which fixes the FTBFS with recent versions of flex.
> 
> Regards
> Graham

Hi Graham,

that was really bad timing. I had uploaded a new revision with a fix one
hour before you sent your e-mail. Nevertheless thanks for the patch!

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#823106: fretsonfire: Depends on fonts-mgopen which has been requested to be removed

[Markus Koschany]

Am 30.04.2016 um 22:11 schrieb Andreas Beckmann:
> Source: fretsonfire
> Version: 1.3.110.dfsg2-2
> Severity: serious
> Control: block 819026 with -1
> 
> Hi,
> 
> fretsonfire depends on the fonts-mgopen font which has been requested to
> eb removed. (#819026). Please switch to a different font.

Hi,

providing patches or filing bug reports before requesting package
removals are always appreciated. Thanks for your consideration next time.

Markus




signature.asc
Description: OpenPGP digital signature

Bug#822115: xarchiver: X server crashes when cancelling file extraction

[Markus Koschany]

Am 21.04.2016 um 16:19 schrieb g66...@tfwno.gf:
[...]
> Apologies, I didn't realize there was significant difference between
> running Xarchiver and extracting, versus using the Extract Here/To
> option in Thunar. But apparently the latter pops up a progress box and
> that's the one that crashes, whereas the former indicates progress in
> the main window, and it's safe to cancel that.
> 
> So it's probably a bug in thunar-archive-plugin, maybe, I'm worried
> about how it crashes the desktop.

Thanks for your clarification. I still don't know what kind of archive
and compression you tried to extract but this might be irrelevant now
that I know the crash is related to the thunar-archive-plugin.

After doing some research this seems to be a well known issue and a long
standing bug in Xarchiver:

https://sourceforge.net/p/xarchiver/bugs/27/
https://bugs.archlinux.org/task/27547

It seems someone forked Xarchiver at github.com:

https://github.com/ib/xarchiver

Maybe this issue is fixed already. I'm not sure about the severity but
it is definitely something I would like to see fixed rather sooner than
later, so I will keep the RC severity. This is also most likely the same
bug as https://bugs.debian.org/802019.

Thanks for reporting

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#822115: xarchiver: X server crashes when cancelling file extraction

[Markus Koschany]

Am 21.04.2016 um 13:07 schrieb mai:
> Package: xarchiver
> Version: 1:0.5.4-1
> Severity: grave
> Justification: causes non-serious data loss
> 
> Dear Maintainer,
> 
> Pretty much as per the description: If I select an archive and "extract here"
> then attempt to cancel the extraction, the desktop crashes and drops me back
> to text console.
> 
> I'm not actually sure where to direct this report, the problem likely lies
> elsewhere and Xarchiver is just the trigger. My system is Debian Jessie amd64
> and I am running Xfce through startx. .xsession-errors follows:

[...]

Hello,

do you mean by "extract here" that you use Thunar or another file
manager to extract the archive by right-clicking on it? What happens if
you try to extract the same archive within Xarchiver? What kind of
archive is that? Is this crash reproducible and can you describe the
steps to reproduce it?

Thanks

Markus




signature.asc
Description: OpenPGP digital signature

Bug#822091: libxmlbeans-java: Embeds classes without source

[Markus Koschany]

Package: libxmlbeans-java
Version: 2.6.0-4
Severity: serious


While I was working on #820839, I discovered that the source package
ships external jar and zip files in external/.

I tried to repack the tarball but then the package failed to build
from source. Apparently the build system requires the piccolo classes
and it also embeds them in the resulting xmlbeans.jar.

This is bad on many levels and needs fixing.

Markus


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libxmlbeans-java depends on:
ii  libxml-commons-resolver1.1-java  1.2-7

libxmlbeans-java recommends no packages.

libxmlbeans-java suggests no packages.

-- no debconf information

Bug#821065: ant: javadoc: error - The -encoding option may be specified no more than once

[Markus Koschany]

Package: ant
Version: 1.9.7-1
Severity: serious


Hi,

I just discovered a regression in Ant 1.9.7-1 when I did a source-only
upload of MediathekView.

https://buildd.debian.org/status/fetch.php?pkg=mediathekview=all=11-1=1460695907

The new version isn't even available on my mirrors here, so everything
built fine locally. I suspect that

https://anonscm.debian.org/cgit/pkg-java/ant.git/commit/?id=e442db75a6efb47a42846a56863f6acc5f71e5ac

introduced this issue but I wanted to file this tracking bug
and to hear what other people thing about the best way forward.

Regards,

Markus

Bug#801377: Bug#787953: ITP: insubstantial -- Swing libraries (flamingo/substance/trident)

[Markus Koschany]

Hello José Robson and eriberto,

I saw that bgfinancas has been orphaned for some time now but there is
also a new upstream release on mentors.debian.net [1] that would
probably fix http://bugs.debian.org/801377.

Now I wonder whether José Robson still intends to maintain the package
or if we can ignore the new upstream release on mentors and ask for the
removal of bgfinancas? It has been already removed from Testing and it
is one of two packages that block the removal of libasm2-java and substance.

Regards,

Markus


[1] http://mentors.debian.net/package/bgfinancas



signature.asc
Description: OpenPGP digital signature

Bug#814167: lwjgl: (Build-)Depends on OpenJDK 7

[Markus Koschany]

Am 03.04.2016 um 20:31 schrieb Mattia Rizzolo:
> On Sat, Mar 12, 2016 at 01:48:27PM -0500, Michael Gilbert wrote:
>> On Wed, Mar 9, 2016 at 10:20 AM, Markus Koschany wrote:
>>> https://github.com/JetBrains/kotlin
>>>
>>> This one seems to be the blocker because kotlin build-depends on
>>> components of IntelliJ IDEA and all in all that's a lot of stuff for a
>>> mere library.
>>
>> This is the huge dependency stack that I was referring to.
>>
>>> But perhaps I am missing something and it is much simpler...
>>
>> Possibly, I only did a quick look at it a while ago, so I don't know
>> if it's the only approach.
> 
> Any progress on this?
> There are very few rdeps of openjdk-7 left (and today I'm poking them).

I will try if I can package the latest version of the 2.x series
instead. Perhaps this might fix this bug as well. I don't know when I
will get to it though.

There are only very few packages left that build-depend or depend on
OpenJDK 7. I fixed two of them last week with an NMU and QA upload but
the rest are either candidates for removal or they can be fixed later.
In my opinion we should just remove OpenJDK 7, no need to wait for fixes.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814177: closed by Markus Koschany <a...@debian.org> (Re: jalview: (Build-)Depends on OpenJDK 7)

[Markus Koschany]

Am 03.04.2016 um 19:36 schrieb Mattia Rizzolo:
> control: reopen -1
> control: tag -1 + patch pending
> 
> On Tue, Mar 08, 2016 at 08:29:19PM +0000, Markus Koschany <a...@debian.org> 
> wrote:
>> On Mon, 08 Feb 2016 20:27:41 + Matthias Klose <d...@debian.org> wrote:
>>> Package: src:jalview
>>> Version: 2.7.dfsg-4
>>> Severity: serious
>>> User: debian-j...@lists.debian.org
>>> Usertags: openjdk-8-transition
>>>
>>> The package build-depends or depends one an openjdk-7-* package,
>>> which is scheduled for removal for stretch.  Please do not depend
>>> on a specific openjdk version, but on one of the default-java,
>>> default-java-headless or default-jdk packages instead.
>>>
>>> default-java defaulting to openjdk-8 on most architectures is now
>>> available in unstable.
>>
>> Hi,
>>
>> jalview neither depends or build-depends on openjdk-7-* packages. It
>> builds fine with OpenJDK 8. I am going to close this bug as invalid now.
> 
> Please be bothered to double check.
> 
> jalview has a Depends (a binary relationship) on openjdk-7-jdk.
> For this, a rebuild is enough to have it pick the right dep.
> 
> I uploaded a thing to DELEYED/7, please tell me if I should deley
> longer.

Hi,

thanks for spotting the runtime dependency on openjdk-7-jre. It is
somewhat strange that it exists though.

However please cancel the upload because the removal of the alternative
java6-runtime dependency is not correct. It is still provided by OpenJDK
8 and the non-free Oracle packages and it also simplifies backports. I
will take care of the upload afterwards.

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#807698: srtp: CVE-2015-6360

[Markus Koschany]

Am 01.04.2016 um 18:52 schrieb Salvatore Bonaccorso:
[...]
> Okay, please go ahead with your upload to security-master. Since the
> version for jessie-security is new to dak on security-master please
> remember to build with -sa to include the original source tarball.
> 
> Thanks for your work on this update.
> 

Uploaded.

Thanks,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#807698: CVE-2015-6360: Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length

[Markus Koschany]

Control: severity -1 important

On Fri, 11 Dec 2015 18:22:55 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
<a...@sigxcpu.org> wrote:
> Source: srtp
> Version: 1.4.5~20130609~dfsg-1.1
> Severity: grave
> Tags: security
> 
> Hi,
> from what I figured out it seems the 1.4 series is also affected by
> CVE-2015-6360. While there is no aead mode srtp_unprotect needs the
> patch nevertheless. See:
> 
> https://security-tracker.debian.org/tracker/CVE-2015-6360
> 
> for a list of patches.
> Cheers,
>  -- Guido


Hello Guido, hello Security Team,

I have investigated bug #807698, alias CVE-2015-6360, and I agree with
Guido that at least Wheezy is partially affected. I'm attaching my
proposed patch for this issue. AEAD mode is not available in those
versions, so there is only one hunk that can be applied to the
srtp_unprotect function in srtp/srtp.c.

However I don't think Jessie/Stretch/Sid are affected as well. Looking
at srtp/srtp.c again the AEAD mode is still not present and none of the
upstream commits from [1] can be applied for the srtp_protect and
srtp_unprotect functions. Thus I'm going to downgrade the severity to
important for now. I would appreciate another look and confirmation though.

Regards,

Markus


[1]
https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
From: Markus Koschany <a...@debian.org>
Date: Wed, 30 Mar 2016 18:51:04 +0200
Subject: CVE-2015-6360

---
 srtp/srtp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/srtp/srtp.c b/srtp/srtp.c
index 3301858..a0dd047 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -1076,6 +1076,8 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
   srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
   enc_start += (ntohs(xtn_hdr->length) + 1);
 }  
+if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
+return err_status_parse_err;
 enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
 			   - ((enc_start - (uint32_t *)hdr) << 2));
   } else {


signature.asc
Description: OpenPGP digital signature

Bug#819259: Don't include in stretch

[Markus Koschany]

Am 25.03.2016 um 18:07 schrieb Moritz Muehlenhoff:
> Source: tomcat7
> Severity: serious
> 
> stretch should only provide one version of Tomcat.
> 

Hi,

I think we can do something similar to Tomcat 6 in Jessie. We just build
libservlet3.0-java, that can't be affected by security vulnerabilities,
and drop all other packages.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#819191: apktool: unusable due to deserialization errors

[Markus Koschany]

Package: apktool
Version: 2.0.2+dfsg-1
Severity: grave


Apktool is currently almost unusable because it was necessary to
replace the non-free class LEDataInputStream.java with a free
alternative. This alternative was not a drop-in-replacement and caused
runtime errors.

I intend to fix this issue soon by using another implementation which was
submitted to upstream's issue tracker at

https://github.com/iBotPeaches/Apktool/pull/1201


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages apktool depends on:
ii  aapt1:6.0.1+r16-1
ii  libantlr3-runtime-java  3.5.2-4
ii  libcommons-cli-java 1.3.1-3
ii  libcommons-io-java  2.4-2
ii  libcommons-lang3-java   3.4-1
ii  libguava-java   19.0-1
ii  libjsr305-java  0.1~+svn49-9
ii  libstringtemplate-java  3.2.1-2
ii  libxmlunit-java 1.6-1
ii  libxpp3-java1.1.4c-2
ii  libyaml-snake-java  1.12-2

apktool recommends no packages.

apktool suggests no packages.

-- no debconf information

Bug#814165: jcc: diff for NMU version 2.21-1.1

[Markus Koschany]

Dear maintainer,

I've prepared an NMU for jcc (versioned as 2.21-1.1) and
uploaded it to unstable. Please find attached the debdiff.

Regards,

Markus
diff -Nru jcc-2.21/debian/changelog jcc-2.21/debian/changelog
--- jcc-2.21/debian/changelog	2015-09-21 00:31:09.0 +0200
+++ jcc-2.21/debian/changelog	2016-03-21 20:02:27.0 +0100
@@ -1,3 +1,19 @@
+jcc (2.21-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * d/rules: Fix build on ppc64el by changing JAVAARCH variable to ppc64le.
+Thanks to Fernando Seiti Furusato for the report and patch.
+(Closes: #799713)
+  * Build-depend on default-jdk instead of openjdk-7-jdk.
+Depend on default-jdk | java7-sdk for jcc binary package.
+Thanks to Matthias Klose for the report. (Closes: #814165)
+  * d/rules: Use default-java instead of a specific JDK version.
+  * d/control: Use https and cgit.
+  * Ensure that the package can be built twice in a row by removing
+JCC.egg-info/SOURCES.txt in dh_auto_clean override too.
+
+ -- Markus Koschany <a...@debian.org>  Mon, 21 Mar 2016 19:53:15 +0100
+
 jcc (2.21-1) unstable; urgency=low
 
   [ Fernando Seiti Furusato ]
diff -Nru jcc-2.21/debian/control jcc-2.21/debian/control
--- jcc-2.21/debian/control	2014-09-21 21:48:55.0 +0200
+++ jcc-2.21/debian/control	2016-03-21 20:02:27.0 +0100
@@ -3,16 +3,16 @@
 Priority: extra
 Maintainer: Ludovico Cavedon <cave...@debian.org>
 Build-Depends: debhelper (>= 9), python-setuptools (>= 0.6a9),
-  openjdk-7-jdk, python-all-dev
+  default-jdk, python-all-dev
 Standards-Version: 3.9.6
 Homepage: http://lucene.apache.org/pylucene/jcc/
-Vcs-Git: git://anonscm.debian.org/collab-maint/jcc.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/jcc.git
+Vcs-Git: https://anonscm.debian.org/git/collab-maint/jcc.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/jcc.git
 X-Python-Version: >= 2.3
 
 Package: jcc
 Architecture: any
-Depends: openjdk-7-jdk, ${shlibs:Depends}, ${python:Depends},
+Depends: default-jdk | java7-sdk, ${shlibs:Depends}, ${python:Depends},
  ${misc:Depends}
 Breaks: ${python:Breaks}
 Description: code generator producing a Python extension from Java classes
diff -Nru jcc-2.21/debian/rules jcc-2.21/debian/rules
--- jcc-2.21/debian/rules	2014-09-21 21:27:42.0 +0200
+++ jcc-2.21/debian/rules	2016-03-21 20:02:27.0 +0100
@@ -18,16 +18,16 @@
 endif
 
 ifeq ($(DEB_HOST_ARCH_CPU),ppc64el)
-  JAVAARCH :=ppc64
+  JAVAARCH :=ppc64le
 endif
 
-JAVA_LIB_PATH := /usr/lib/jvm/java-7-openjdk-$(DEB_HOST_ARCH)/jre/lib/$(JAVAARCH)
+JAVA_LIB_PATH := /usr/lib/jvm/default-java/jre/lib/$(JAVAARCH)
 
 export JCC_ARGSEP=;
 export JCC_LFLAGS := -L$(JAVA_LIB_PATH);-ljava;-L$(JAVA_LIB_PATH)/server;-ljvm;-Wl,-rpath=$(JAVA_LIB_PATH):$(JAVA_LIB_PATH)/server
 
 export JCC_CFLAGS := -fdollars-in-identifiers
-export JCC_JDK := /usr/lib/jvm/java-7-openjdk-$(DEB_HOST_ARCH)
+export JCC_JDK := /usr/lib/jvm/default-java
 
 # For shared mode we need patch http://bugs.python.org/setuptools/issue43 for setuptools to be applied
 export NO_SHARED=1
@@ -43,3 +43,4 @@
 	dh_auto_clean
 	rm -rf build/*
 	rm -f jcc/config.py
+	$(RM) JCC.egg-info/SOURCES.txt

Bug#818148: bullet: Out of memory errors do not make the build to stop

[Markus Koschany]

Control: severity -1 wishlist

Am 15.03.2016 um 16:01 schrieb Santiago Vila:
> severity 818148 serious
> thanks
> 
> Per Policy 4.6, "Error trapping in makefiles", I'm setting the
> severity to what it should be.
> 
> Policy 4.6 says:
> 
>   Every time you put more than one shell command (this includes using
>   a loop) in a makefile command you must make sure that errors are
>   trapped.
> 
> Note that it says "must", so the serious severity is completely appropriate.
> 
> Feel free to keep the "unreproducible" tag if you like, but this
> is a serious bug according to Debian policy.
> 
> Lack of memory is not the problem, it's just the way we discovered
> that this package does not trap for errors during the build.
> 
> The errors may be produced by any other reason other than lack of
> memory, but the fact that the makefiles do not trap errors remains the
> same.

I suggest that you calm down a little. It is obvious that you disagree
with my assessment but that does not justify your aggressiveness and
your actions.

For the record: As the main uploader of this package I strongly disagree
with your bug severity. The package is not affected and the
documentation is complete, all images are present as expected. Just
because the images are not generated with graphviz on a low memory
system does not make this a release critical issue. The build system
clearly told you that your memory is insufficient and that you should
rerun graphviz. If you ignore those error messages and my advice, then I
am unable to help you.

Please avoid changing the bug severity again but feel free to forward
this issue to Debian's Technical Committee after having slept over it.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#818148: bullet: Out of memory errors do not make the build to stop

[Markus Koschany]

Am 15.03.2016 um 15:50 schrieb Santiago Vila:
> On Tue, Mar 15, 2016 at 03:37:17PM +0100, Markus Koschany wrote:
>> Control: severity -1 wishlist
>> Control: tags -1 - moreinfo + unreproducible
> 
> Excuse me, how is this unreproducible at all?

It is neither reproducible on Debian's build servers nor on my system.

> 
> I've told you the way to reproduce it: Try on a machine with only 400 MB
> of RAM.
> 
> Your unwillingness to try the build with only 400 MB of RAM
> (i.e. "I don't want to reproduce it") does not make this problem
> unreproducible at all.

I have told you how you can fix this issue for your system.
Unfortunately you are the one who is unwilling to take this advice.

>> I am going to downgrade the severity to wishlist because I think this is
>> an improvement suggestion but not an important bug for Debian as long as
>> Bullet builds fine on Debian's build servers and also on my own system.
> 
> This is not wishlist. This is Debian policy. When something fails,
> we take the exit status and act accordingly.
> 
> Please read my previous email where I tell you how the generated
> package is completely different than what it should be.

This is not a RC bug because it does not affect the actual package in
Debian. It cannot be grave because it does not make the documentation
package unusable. It is also not serious because it does not violate the
Debian Policy in any way and I do not consider this issue release
critical either.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#816108: pinball: diff for NMU version 0.3.1-13.3

[Markus Koschany]

Control: tags -1 patch pending

Dear maintainer,

I've prepared an NMU for pinball (versioned as 0.3.1-13.3) and
uploaded it to unstable. I am attaching the debdiff to this bug report.

Regards,

Markus
diff -Nru pinball-0.3.1/debian/changelog pinball-0.3.1/debian/changelog
--- pinball-0.3.1/debian/changelog	2014-08-23 14:16:55.0 +0200
+++ pinball-0.3.1/debian/changelog	2016-03-13 23:36:15.0 +0100
@@ -1,3 +1,14 @@
+pinball (0.3.1-13.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove depcomp in dh_auto_configure override and prevent the FTBFS.
+Thanks to Tobias Frost for the report. (Closes: #816108)
+  * Use dh_fixperms override for arch-only and fix building with
+dpkg-buildflag -A.
+Thanks to Santiago Vila for the report. (Closes: #806093)
+
+ -- Markus Koschany <a...@debian.org>  Sun, 13 Mar 2016 23:34:47 +0100
+
 pinball (0.3.1-13.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru pinball-0.3.1/debian/rules pinball-0.3.1/debian/rules
--- pinball-0.3.1/debian/rules	2014-08-23 14:16:55.0 +0200
+++ pinball-0.3.1/debian/rules	2016-03-13 23:36:15.0 +0100
@@ -18,6 +18,7 @@
 
 .PHONY: override_dh_auto_configure
 override_dh_auto_configure:
+	$(RM) depcomp
 	libtoolize --install --copy
 	aclocal
 	autoheader
@@ -36,7 +37,7 @@
 	dh_install
 
 .PHONY: override_dh_fixperms
-override_dh_fixperms:
+override_dh_fixperms-arch:
 	dh_fixperms
 	chown root:games debian/pinball/usr/games/pinball
 	chmod 2755 debian/pinball/usr/games/pinball

Bug#808636: Bug#809733: activemq: FTBFS: package org.apache.kahadb.index does not exist

[Markus Koschany]

Am 09.03.2016 um 21:22 schrieb Emmanuel Bourg:
> Le 09/03/2016 18:06, Markus Koschany a écrit :
> 
>> but they apparently stopped tagging new releases some time ago.
> 
> I think they migrated the source repository from Subversion to Git, the
> GitHub mirror has the latest release tags:
> 
> https://github.com/apache/activemq/releases

Thanks. That makes a lot of sense. I think I'll use the github releases
then.

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#793492: Bug#814176: azureus: (Build-)Depends on OpenJDK 7

[Markus Koschany]

Am 09.03.2016 um 20:53 schrieb Stephen Nelson:
> 
> On Wed, Mar 9, 2016 at 4:03 PM Markus Koschany <a...@debian.org
> <mailto:a...@debian.org>> wrote:
> 
> 
> This issue is fixed in Git but Stephen Nelson wanted to ask upstream for
> some license clarifications. Unfortunately we haven't heard back  from
> him since August 2015.
> 
> https://lists.debian.org/debian-java/2015/08/msg00029.html
> 
> 
> Hi Markus
> 
> I did contact upstream [1] but they never replied. I'm not a user of the
> software but was trying to keep it in Debian.
> 
> [1] http://forum.vuze.com/Thread-Incompatible-licence-issue

Hi Stephen,

thanks for the link. I would also like to keep Azureus in Debian but I'm
also not a user. We need someone who updates Azureus from time to time
and we need a clarification from upstream. If they are not interested in
making a simple statement about licenses, it's probably not worth the
effort to continue packaging Azureus.

*Just my opinion. Volunteers are always welcome*

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#808636: activemq: FTBFS: package org.apache.kahadb.index does not exist

[Markus Koschany]

Control: owner -1 !

On Mon, 21 Dec 2015 16:11:39 + "Chris West (Faux)"
 wrote:
> Source: activemq
> Version: 5.6.0+dfsg1-5
> Severity: serious
> Justification: fails to build from source
> Tags: sid stretch
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> The package fails to build:

[...]

I intend to package the latest upstream release of activemq. That would
also resolve #809733 and #800977. It seems the latest release is 5.13.2
and can be downloaded from

https://archive.apache.org/dist/activemq/5.13.2/

Debian's watch file points to

https://svn.apache.org/repos/asf/activemq/tags/

but they apparently stopped tagging new releases some time ago.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#793492: azureus: (Build-)Depends on OpenJDK 7

[Markus Koschany]

Control: tags -1 confirmed

On Mon, 08 Feb 2016 20:27:40 + Matthias Klose  wrote:
> Package: src:azureus
> Version: 4.3.0.6-5
> Severity: serious
> User: debian-j...@lists.debian.org
> Usertags: openjdk-8-transition
> 
> The package build-depends or depends one an openjdk-7-* package,
> which is scheduled for removal for stretch.  Please do not depend
> on a specific openjdk version, but on one of the default-java,
> default-java-headless or default-jdk packages instead.
> 
> default-java defaulting to openjdk-8 on most architectures is now
> available in unstable.
> 

This issue is fixed in Git but Stephen Nelson wanted to ask upstream for
some license clarifications. Unfortunately we haven't heard back  from
him since August 2015.

https://lists.debian.org/debian-java/2015/08/msg00029.html

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814679: velocity: Package rebuilt from source is missing most of its dependencies

[Markus Koschany]

Control: tags -1 moreinfo
Control: severity -1 normal

On Sun, 14 Feb 2016 08:40:11 -0800 Daniel Schepler 
wrote:
> On Sun, Feb 14, 2016 at 1:04 AM, Emmanuel Bourg  wrote:
> > Which packages did you see failing to build? Their build dependencies
> > should be updated if they accidentally relied on the dependencies pulled
> > by velocity through maven-debian-helper.
> 
> So far, I think antlr3, cglib, joptsimple look like their local
> failures are due to missing ant.  I'll try to file individual bugs
> against those packages.

Hello,

since we seem to agree that velocity's package dependencies are correct,
I am going to downgrade the severity now with the intention to close
this bug report completely when the remaining issues are resolved. It
appears that antlr3, cglib and joptsimple can be compiled from source.
Could you file separate bug reports for these packages and provide more
information why they FTBFS for you?

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814167: lwjgl: (Build-)Depends on OpenJDK 7

[Markus Koschany]

On Wed, 9 Mar 2016 14:31:19 +0100 Markus Koschany <a...@debian.org> wrote:
[...]
> I had a quick look at lwjgl3. It seems the API has been declared stable
> and lwjgl2 will be retired in favor of lwjgl3. I will try to package
> version 3. There are no reverse-dependencies for lwjgl, so the risk of
> breaking something is for once quite small.
> 

https://github.com/LWJGL/lwjgl3/

For building lwgl3 we would need jcommander, which is in Debian, and
kotlin, a programming language and compiler.

https://github.com/JetBrains/kotlin

This one seems to be the blocker because kotlin build-depends on
components of IntelliJ IDEA and all in all that's a lot of stuff for a
mere library. But perhaps I am missing something and it is much simpler...

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814167: lwjgl: (Build-)Depends on OpenJDK 7

[Markus Koschany]

On Tue, 8 Mar 2016 21:36:31 -0500 Michael Gilbert 
wrote:
> > I have switched the build-dependency to default-jdk and changed
> > JAVA_HOME in debian/rules accordingly. However the package FTBFS with
> > OpenJDK 8. I guess packaging the latest upstream release would be the
> > best option.
> 
> 2.9.3 is supposed to support building without ant.  I looked at it a
> while ago, and it isn't quite that simple.
> 
> lwjgl3 is also available, but it has a huge dependency stack with
> almost none of it in Debian yet.
> 
> I have less interest in lwjgl now than I used to, and I may not be
> able to find the time to work on it.
> 
> Best wishes,
> Mike

I had a quick look at lwjgl3. It seems the API has been declared stable
and lwjgl2 will be retired in favor of lwjgl3. I will try to package
version 3. There are no reverse-dependencies for lwjgl, so the risk of
breaking something is for once quite small.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814167: lwjgl: (Build-)Depends on OpenJDK 7

[Markus Koschany]

Control: tags -1 confirmed

On Mon, 08 Feb 2016 20:27:30 + Matthias Klose  wrote:
> Package: src:lwjgl
> Version: 2.7.1+dfsg-5
> Severity: serious
> User: debian-j...@lists.debian.org
> Usertags: openjdk-8-transition
> 
> The package build-depends or depends one an openjdk-7-* package,
> which is scheduled for removal for stretch.  Please do not depend
> on a specific openjdk version, but on one of the default-java,
> default-java-headless or default-jdk packages instead.
> 
> default-java defaulting to openjdk-8 on most architectures is now
> available in unstable.

I have switched the build-dependency to default-jdk and changed
JAVA_HOME in debian/rules accordingly. However the package FTBFS with
OpenJDK 8. I guess packaging the latest upstream release would be the
best option.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#812096: smc: FTBFS: configure: error: Package requirements (CEGUI-OPENGL >= 0.7.2) were not met:

[Markus Koschany]

On Wed, 20 Jan 2016 15:09:18 +0100 Chris Lamb <la...@debian.org> wrote:
> Source: smc
> Version: 1.9+git20121121-1.2
> Severity: serious
> Justification: fails to build from source
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> smc fails to build from source in unstable/amd64:

I had a go at this bug. SMC has to be ported to CEGUI 0.8.4. I replaced
obsolete includes but there is obviously more work to do. I am attaching
my preliminary work for now but I think it would be best to package the
latest upstream release of SMC instead.

Regards,

Markus
From: Markus Koschany <a...@debian.org>
Date: Tue, 8 Mar 2016 15:25:53 +0100
Subject: cegui 0.8.4

---
 configure.ac   |  4 ++--
 src/audio/random_sound.cpp |  2 +-
 src/core/campaign_manager.h|  4 ++--
 src/core/editor.h  |  4 ++--
 src/core/game_core.h   |  2 +-
 src/core/property_helper.h |  2 +-
 src/enemies/bosses/turtle_boss.cpp |  2 +-
 src/enemies/eato.cpp   |  2 +-
 src/enemies/flyon.cpp  |  2 +-
 src/enemies/furball.cpp|  2 +-
 src/enemies/gee.cpp|  2 +-
 src/enemies/krush.cpp  |  2 +-
 src/enemies/rokko.cpp  |  2 +-
 src/enemies/spika.cpp  |  2 +-
 src/enemies/spikeball.cpp  |  2 +-
 src/enemies/static.cpp |  2 +-
 src/enemies/thromp.cpp |  2 +-
 src/enemies/turtle.cpp |  2 +-
 src/gui/menu.cpp   |  2 +-
 src/level/level.h  |  4 ++--
 src/level/level_background.h   |  2 +-
 src/objects/bonusbox.cpp   |  2 +-
 src/objects/box.cpp|  2 +-
 src/objects/level_entry.cpp|  2 +-
 src/objects/level_exit.cpp |  2 +-
 src/objects/sprite.h   |  2 +-
 src/objects/star.cpp   |  2 +-
 src/overworld/overworld.cpp|  2 +-
 src/overworld/overworld.h  |  4 ++--
 src/overworld/world_layer.h|  4 ++--
 src/overworld/world_manager.h  |  4 ++--
 src/user/preferences.h |  4 ++--
 src/user/savegame.h|  4 ++--
 src/video/animation.cpp|  2 +-
 src/video/color.h  |  2 +-
 src/video/img_manager.cpp  |  4 ++--
 src/video/video.cpp| 22 +++---
 src/video/video.h  |  4 ++--
 38 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/configure.ac b/configure.ac
index bd0b059..7f41436 100644
--- a/configure.ac
+++ b/configure.ac
@@ -72,14 +72,14 @@ AC_CHECK_LIB([SDL_ttf], [TTF_Init], ,
 	[AC_MSG_ERROR([SDL_ttf library not found])])
 
 # Check for the CEGUI library
-PKG_CHECK_MODULES([CEGUI_OPENGL], [CEGUI-OPENGL >= 0.7.2])
+PKG_CHECK_MODULES([CEGUI_OPENGL], [CEGUI-0-OPENGL >= 0.7.2])
 CPPFLAGS="$CPPFLAGS $CEGUI_OPENGL_CFLAGS"
 LIBS="$LIBS $CEGUI_OPENGL_LIBS"
 # CEGUI 0.7.5 does not install CEGUI-NULL.pc
 #PKG_CHECK_MODULES([CEGUI_NULL], [CEGUI-NULL >= 0.7.2])
 #CPPFLAGS="$CPPFLAGS $CEGUI_NULL_CFLAGS"
 #LIBS="$LIBS $CEGUI_NULL_LIBS"
-AC_CHECK_LIB([CEGUINullRenderer], [main], ,
+AC_CHECK_LIB([CEGUINullRenderer-0], [main], ,
 	[AC_MSG_ERROR([CEGUINullRenderer library not found - try building CEGUI with --enable-null-renderer])])
 
 # Check for the gettext library
diff --git a/src/audio/random_sound.cpp b/src/audio/random_sound.cpp
index 01be27d..e2225f7 100644
--- a/src/audio/random_sound.cpp
+++ b/src/audio/random_sound.cpp
@@ -22,7 +22,7 @@
 #include "../core/math/utilities.h"
 #include "../core/i18n.h"
 // CEGUI
-#include "CEGUIXMLAttributes.h"
+#include 
 #include "CEGUIWindowManager.h"
 #include "elements/CEGUIEditbox.h"
 #include "elements/CEGUICheckbox.h"
diff --git a/src/core/campaign_manager.h b/src/core/campaign_manager.h
index cb2ce4b..02c3e7e 100644
--- a/src/core/campaign_manager.h
+++ b/src/core/campaign_manager.h
@@ -20,8 +20,8 @@
 #include "../core/global_game.h"
 #include "../core/obj_manager.h"
 // CEGUI
-#include "CEGUIXMLHandler.h"
-#include "CEGUIXMLAttributes.h"
+#include 
+#include 
 
 namespace SMC
 {
diff --git a/src/core/editor.h b/src/core/editor.h
index 1cfbed5..01ed439 100644
--- a/src/core/editor.h
+++ b/src/core/editor.h
@@ -21,8 +21,8 @@
 #include "../gui/hud.h"
 #include "../video/img_settings.h"
 // CEGUI
-#include "CEGUIXMLHandler.h"
-#include "CEGUIXMLAttributes.h"
+#include 
+#include 
 #include "elements/CEGUIListbox.h"
 #include "elements/CEGUIListboxTextItem.h"
 #include "CEGUIImageset.h"
diff --git a/src/core/game_core.h b/src/core/game_core.h
index f28f942..a0194c7 100644
--- a/src/core/game_core.h
+++ b/src/core/game_core.h
@@ 

Bug#803286: mtpaint: diff for NMU version 3.40-2.2

[Markus Koschany]

Control: tags 803286 + pending

Dear maintainer,

I've prepared an NMU for mtpaint (versioned as 3.40-2.2) and
uploaded it to unstable. I am attaching the debdiff to this bug
report.

Regards,

Markus
diff -Nru mtpaint-3.40/debian/changelog mtpaint-3.40/debian/changelog
--- mtpaint-3.40/debian/changelog	2015-12-16 06:10:31.0 +0100
+++ mtpaint-3.40/debian/changelog	2016-03-07 14:02:46.0 +0100
@@ -1,3 +1,15 @@
+mtpaint (3.40-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove unnecessary build-dependency on libgif4. (Closes: #803286)
+  * Refresh giflib5.diff because it did not apply cleanly.
+  * Remove quilt from Build-Depends because source format 3.0 uses quilt by
+default.
+  * Fix Lintian warning dep5-copyright-license-name-not-unique. In fact all
+files are licensed under GPL-3+ now.
+
+ -- Markus Koschany <a...@debian.org>  Mon, 07 Mar 2016 13:46:16 +0100
+
 mtpaint (3.40-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mtpaint-3.40/debian/control mtpaint-3.40/debian/control
--- mtpaint-3.40/debian/control	2014-07-20 13:25:14.0 +0200
+++ mtpaint-3.40/debian/control	2016-03-07 14:02:46.0 +0100
@@ -5,14 +5,12 @@
 Build-Depends: debhelper (>= 7.0.50~),
libpng-dev,
zlib1g-dev,
-   libgif4,
libjpeg-dev,
libtiff-dev,
gettext,
pkg-config,
libgtk2.0-dev,
-   libgif-dev,
-   quilt
+   libgif-dev
 Standards-Version: 3.9.5
 Homepage: http://mtpaint.sourceforge.net/
 
diff -Nru mtpaint-3.40/debian/copyright mtpaint-3.40/debian/copyright
--- mtpaint-3.40/debian/copyright	2012-01-03 15:23:20.0 +0100
+++ mtpaint-3.40/debian/copyright	2016-03-07 14:02:46.0 +0100
@@ -6,24 +6,7 @@
 Files: *
 Copyright: 2004-2007, Mark Tyler <markty...@users.sourceforge.net>
   Dmitry Groshev <wjag...@users.sourceforge.net>
-License: GPL-3
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- .
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
- .
- You should have received a copy of the GNU General Public
- License along with this package; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor,
- Boston, MA  02110-1301 USA
- .
- On Debian systems, the full text of the GNU General Public
- License version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+License: GPL-3+
 
 Files: po/*.po
 Copyright: 2005, Myrk Tyler <markty...@users.sourceforge.net>
@@ -32,38 +15,21 @@
2006, Simek <gosi...@gmail.com>
2006, Tutku Dalmaz <tutkudal...@gmail.com>
2006, Wei-Lun Chao <chaowei...@pcmail.com.tw>
-	   2007, Norihiro YONEDA <a...@avis.ne.jp>
-	   2008, Sergei Irupin <biblel...@gmail.com>
-	   2007, Jozef Riha <jose1...@gmail.com>
-	   2008, Cecc <puppyli...@sohu.com>
-License: GPL-2
- This program is free software; you can redistribute it
- and/or modify it under the terms of the GNU General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later
- version.
- .
- This program is distributed in the hope that it will be
- useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE.  See the GNU General Public License for more
- details.
- .
- You should have received a copy of the GNU General Public
- License along with this package; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor,
- Boston, MA  02110-1301 USA
- .
- On Debian systems, the full text of the GNU General Public
- License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.
+   2007, Norihiro YONEDA <a...@avis.ne.jp>
+   2008, Sergei Irupin <biblel...@gmail.com>
+   2007, Jozef Riha <jose1...@gmail.com>
+   2008, Cecc <puppyli...@sohu.com>
+License: GPL-3+
 
 Files: debian/*
 Copyright: 2011, Muammar El Khatib <muam...@debian.org>
-License: GPL-3
+License: GPL-3+
+
+License: GPL-3+
  This program is free software; you can redistribute it
  and/or modify it under the terms of the GNU General Public
  License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later
+ version 3 of the License, or (at your option) any later
  version.
  .
  This program is distributed in the hope that it 

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

[Markus Koschany]

Am 04.03.2016 um 14:40 schrieb tony mancill:
[...]
>> Hi tony,
>>
>> I can upload a new revision of bsh with this change later. I'm just wondering
>> why we need to use java.io.ObjectStreamException and
>> java.io.NotSerializableException explicitly because these classes are already
>> imported in bsh's XThis.java.
>>
>> import java.io.*;
>>
>> Anyway it doesn't change the intention of the patch and should be safe.
> 
> Hi Markus,
> 
> I ask myself that same question, and intend to look it up.  Perhaps
> because it's a nested inner class of XThis?
> 
> But one of the clues was that the original code specified the full class
> name for java.io.Serializable and not just Serializable.
> 
> I agree that it shouldn't affect the intention of patch and should be
> safe, but it is a bit puzzling.

I have just uploaded bsh with this change.

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

[Markus Koschany]

On Thu, 03. Mar 22:30 tony mancill <tmanc...@debian.org> wrote:
> On 03/03/2016 12:49 PM, Markus Koschany wrote:
> > Am 03.03.2016 um 05:03 schrieb tony mancill:
> >> Control: -1 tag  + confirmed
> >> Control: -1 owner tmanc...@debian.org
> >>
> >> On 02/29/2016 11:05 PM, Chris Lamb wrote:
> >>> Source: jedit
> >>> Version: 5.3.0+dfsg-1
> >>> Severity: serious
> >>> Justification: fails to build from source
> >>
> >>>   [javac] 
> >>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
> >>>  error: cannot find symbol
> >>>   [javac] throw new NotSerializableException();
> >>
> >> Thanks for the bug report.  Looks like we have a bit of porting for the
> >> latest bsh upload.
> >>
> >
> > Sorry for the inconvenience. If there is more involved than importing
> > the missing class, please let me know and I try to fix it.
>
> Hi Markus,
>
> No inconvenience at all. The issue seems to be with the upstream patch
> for CVE-2016-2510, which drops the java.io.Serializable interface from
> the InvocationHandler, but then references the ObjectStreamException and
> NotSerializableException classes that package.
>
> I was able to get things working for jedit by applying the following
> patch (also attached), building a new bsh-src package locally, and using
> that for the jedit build.
>
> > diff -Nru bsh-2.0b4/debian/patches/CVE-2016-2510.patch 
> > bsh-2.0b4/debian/patches/CVE-2016-2510.patch
> > --- bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-02 
> > 20:24:07.0 -0800
> > +++ bsh-2.0b4/debian/patches/CVE-2016-2510.patch2016-03-03 
> > 22:10:57.0 -0800
> > @@ -35,8 +35,8 @@
> >  -  class Handler implements InvocationHandler, java.io.Serializable
> >  +  class Handler implements InvocationHandler
> > {
> > -+  private Object readResolve() throws ObjectStreamException {
> > -+  throw new NotSerializableException();
> > ++  private Object readResolve() throws 
> > java.io.ObjectStreamException {
> > ++  throw new java.io.NotSerializableException();
> >  +  }
> >  +
>
> So, if you're okay with the patch, could you apply it and upload an
> updated bsh?  Or do you mind if I do?

Hi tony,

I can upload a new revision of bsh with this change later. I'm just wondering
why we need to use java.io.ObjectStreamException and
java.io.NotSerializableException explicitly because these classes are already
imported in bsh's XThis.java.

import java.io.*;

Anyway it doesn't change the intention of the patch and should be safe.

Cheers,

Markus



signature.asc
Description: Digital signature

Bug#816357: jedit: FTBFS: XThis.java:128: error: cannot find symbol [..] NotSerializableException

[Markus Koschany]

Am 03.03.2016 um 05:03 schrieb tony mancill:
> Control: -1 tag  + confirmed
> Control: -1 owner tmanc...@debian.org
> 
> On 02/29/2016 11:05 PM, Chris Lamb wrote:
>> Source: jedit
>> Version: 5.3.0+dfsg-1
>> Severity: serious
>> Justification: fails to build from source
> 
>>   [javac] 
>> /home/lamby/temp/cdt.20160301065925.cu0iTWjXkj/jedit-5.3.0+dfsg/org/gjt/sp/jedit/bsh/XThis.java:128:
>>  error: cannot find symbol
>>   [javac]throw new NotSerializableException();
> 
> Thanks for the bug report.  Looks like we have a bit of porting for the
> latest bsh upload.
> 

Sorry for the inconvenience. If there is more involved than importing
the missing class, please let me know and I try to fix it.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#808860: netbeans: Periodic freezing with GTK+ look-and-feel

[Markus Koschany]

Hello,

Am 24.02.2016 um 23:01 schrieb Samuel Thibault:
> Hello,
> 
> Markus Koschany, on Wed 24 Feb 2016 20:53:37 +0100, wrote:
>> I am also in favor of reverting the change that enabled the atk bridge
>> by default.
> 
> I'm in favor of fixing bugs instead of working around them.
> 
> I have been waiting for upstream's opinion on my proposed fix, but I
> guess at some point I'll just upload it to Debian, I can do it now if
> people feel it's about time.

I am also in favor of fixing bugs but we should also take the severity
of this issue and the priorities into account. I would definitely like
to see this issue fixed by having non-freezing GTK themed Java
applications and supporting the ATK bridge. But it is apparent that this
change was a regression and badly affects a lot of people.


> In the meantime, could people try the packages I have uploaded to
> 
> deb http://people.debian.org/~sthibault/tmp ./
> 
> to make sure that this fixes the issue?
> 
> Samuel


Since you are still waiting for upstream's opinion and the packages are
not tested yet, I suggest the following steps.

1. Revert this change as soon as possible
2. Ask on debian-java, or people who reported this issue to test the
   packages. I would suggest to write down what exactly should be
   installed and tested.
3. Wait for upstream's opinion / ping them again.
4. Upload when everything is well tested.

Regards,

Markus







signature.asc
Description: OpenPGP digital signature

Bug#813143: netbeans: Periodic freezing with GTK+ look-and-feel

[Markus Koschany]

Control: reassign 808860 openjdk-7-jre-headless
Control: forcemerge 813143 808860
Control: affects 808860 netbeans

I am also in favor of reverting the change that enabled the atk bridge
by default. Bug #808860 is clearly a symptom of this change and all
users using Netbeans with GTK look theme are negatively affected
and the application becomes unusable.


Commenting out:

# assistive_technologies=org.GNOME.Accessibility.AtkWrapper

in /etc/java-7-openjdk/accessibility.properties

solved this issue.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#815073: netbeans: FTBFS with ClassNotFoundException svnclientadapter

[Markus Koschany]

Package: netbeans
Version: 8.1+dfsg1-1
Severity: serious

Netbeans currently FTBFS in Sid with cannot access SVNClientInterface

There also two runtime errors with the slf4j.dummy module and jgit
which are probably not related.


/build/netbeans-8.1+dfsg2/libs.svnClientAdapter.svnkit/build/classes
[nb-javac] Compiling 1 source file to
/build/netbeans-8.1+dfsg2/libs.svnClientAdapter.svnkit/build/classes
[repeat] warning: [options] bootstrap class path not set in
conjunction with -source 1.6 [repeat]
/build/netbeans-8.1+dfsg2/libs.svnClientAdapter.svnkit/src/org/netbeans/libs/svnclientadapter/svnkit/SvnKitClientAdapterFactory.java:88:
error: cannot access SVNClientInterface [repeat]
SVNClientImpl.setRuntimeCredentialsStorage(null); [repeat]
^ [repeat]   class file for
org.tigris.subversion.javahl.SVNClientInterface not found [repeat]
/build/netbeans-8.1+dfsg2/libs.svnClientAdapter.svnkit/src/org/netbeans/libs/svnclientadapter/svnkit/SvnKitClientAdapterFactory.java:89:
error: cannot access ISVNClient [repeat]
org.tmatesoft.svn.core.javahl17.SVNClientImpl.setRuntimeCredentialsStorage(null);
[repeat] ^ [repeat]   class file for
org.apache.subversion.javahl.ISVNClient not found [repeat] 2 errors
[nbmerge] Failed to build target: all-libs.svnClientAdapter.svnkit



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages netbeans depends on:
ii  libnb-apisupport3-java 8.1+dfsg2-1
ii  libnb-ide14-java   8.1+dfsg2-1
ii  libnb-java5-java   8.1+dfsg2-1
ii  libnb-platform18-java  8.1+dfsg1-2
ii  openjdk-8-jdk [java8-sdk]  8u72-b05-6

netbeans recommends no packages.

netbeans suggests no packages.

-- no debconf information

Bug#814876: lombok.patcher

[Markus Koschany]

Am 17.02.2016 um 09:59 schrieb Hans-Christoph Steiner:
> 
> I remember getting odd errors like this while working with lombok-ast,
> my solution in the end was to try disabling chunks of lombok*, which
> obviously didn't work.

Yeah.

> Have you tried emailing upstream?  I did manage to get one or two
> responses from them.  This is a very specialized beast.

I think I have "fixed" it now but I can't explain how. Apparently the
old unpacked version of src:lombok works with src:lombok-patcher but the
new one doesn't. It took a while for me to realize that. Even if I
rename the old tarball into 1.16.1+ds2 it will also fail to build...
Perhaps it has something to do with the lombok.version string that is
injected into the build system but I'm not really sure about this. The
journey to find a solution for this bug sometimes reminded me of
Sherlock Holmes:

"When you have eliminated the impossible, whatever remains, however
improbable, must be the truth."




signature.asc
Description: OpenPGP digital signature

Bug#814876: builds for me

[Markus Koschany]

Am 17.02.2016 um 12:34 schrieb Hans-Christoph Steiner:
[...]
> I think that was the case with my sid chroot too: it was a little out of
> date.  The build fails with cowbuilder for me too.  Very odd.  But your
> original binary did already make it into Debian:
> 
> https://packages.debian.org/sid/liblombok-patcher-java
> 
> So you could try uploading lombok-ast today to get it into Ubuntu LTS.
> Then we can circle back around with bug reports and updates.  I'm happy
> to handle the Ubuntu side of that.

I think it works now. After I used my old backup of lombok, I can no
longer reproduce this issue. I will take care of the lombok-patcher, and
lombok-ast upload which was also affected by the same bug. You don't
need to upload lombok-patcher.

Markus




signature.asc
Description: OpenPGP digital signature

Bug#814876: builds for me

[Markus Koschany]

Am 17.02.2016 um 10:19 schrieb Hans-Christoph Steiner:
> 
> I just tried to build lombok-patcher on my sid chroot, and it built
> fine.  This whole lombok group of packages has a bunch of circular deps,
> could it be that liblombok-java was out of date on your machine?  I
> think that lombok-patcher and/or maybe ivyplusplus need to have
> versioned Build-Depends to prevent this kind of thing.
> 

I built in a clean cowbuilder chroot environment before I uploaded the
package. The difference back then was that I used a slightly older
version of lombok and ivyplusplus in my local reprepro repository to
build lombok-patcher. I have been trying for hours now to find the
difference between those versions. I still can't build lombok-patcher
again with the current version of lombok in Sid. If it builts fine on
your machine, great. Please go ahead and upload this version.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#814892: lombok fails to build from source

[Markus Koschany]

Control: reassign -1 src:ivyplusplus



signature.asc
Description: OpenPGP digital signature

Bug#813877: alienblaster content is used non-dfsg and legal problematic content.

[Markus Koschany]

Control: tags -1 moreinfo

On Sat, 6 Feb 2016 17:51:58 +0900 Kouta Ikematsu
 wrote:
> Package: alienblaster-data
> Severity: serious
> 
> Hello.
> 
> alienblaster content (not code) is used "Red Cross flag".
> This is "Health item" image. (Restore Player's Health)
> 
> "Red Cross flag" is non-free, because this image is not freely use. (Violate 
> DFSG)
> I think that this is misuse, It is violate of law.
> 
> https://www.icrc.org/applic/ihl/ihl-nat.nsf/a24d1cf3344e99934125673e00508142/57a872a8776b3fc9c12572d700386930/$FILE/The%20Geneva%20Distinctive%20Emblems%20Protection%20Act%20of%202006.pdf
> 
> http://law.e-gov.go.jp/htmldata/S22/S22HO159.html
> 
> Thanks.
> 
> Reference:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1305233

Hello,

please clarify what image exactly is violating the law. I have looked
through all bmp files in alienblaster's images directory but couldn't
find the exact same image. There is one image with a red cross but this
one is not copyrightable. It is far too common and generic. Please also
note that there is a difference between trademark and copyright but
currently I don't see a violation of either of them.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#813419: eclipse-egit: FTBFS: generateScript: Some inter-plug-in dependencies have not been satisfied.

[Markus Koschany]

Am 01.02.2016 um 22:37 schrieb Emmanuel Bourg:
> Thank you for the report Chris. I guess this issue was caused by the
> libslf4j-java/1.7.14-1 update where I replaced the custom OSGi metadata
> with the one used upstream. This changed the Bundle-SymbolicName from
> org.slf4j to slf4j.api but I fail to see how to modify eclipse-egit to
> use the new name. Any help from an Eclipse expert would be welcome.

I intend to work on upgrading Eclipse to the latest upstream release,
most likely starting at the beginning of March. I hope we can replace
the current version before the next release. I guess we shouldn't invest
too much time in fixing those kind of issues as long as we haven't
packaged a newer upstream release yet.

Markus




signature.asc
Description: OpenPGP digital signature

Bug#809920: radicale: CVE-2015-8748 CVE-2015-8747

[Markus Koschany]

Am 30.01.2016 um 15:08 schrieb Yves-Alexis Perez:
> On jeu., 2016-01-28 at 17:58 +0100, Markus Koschany wrote:
>> I have prepared security updates for radicale in Wheezy and Jessie. This
>> is Debian bug #809920 [1]. I have tested both patches and they were
>> reviewed by upstream. The debdiffs are attached to this e-mail.
> 
> Thanks. Can you remove the “by the security team” from the changelog entries,
> and upload them to security-master? Remember to build with -sa because those
> are the first security updates so they need the orig uploaded with them.

I have removed "by the security team" and uploaded both packages to
security-master.

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#809920: radicale: CVE-2015-8748 CVE-2015-8747

[Markus Koschany]

Hi,

I have prepared security updates for radicale in Wheezy and Jessie. This
is Debian bug #809920 [1]. I have tested both patches and they were
reviewed by upstream. The debdiffs are attached to this e-mail.

Regards,

Markus


[1] https://bugs.debian.org/809920
diff -Nru radicale-0.9/debian/changelog radicale-0.9/debian/changelog
--- radicale-0.9/debian/changelog   2014-08-25 02:45:58.0 +0200
+++ radicale-0.9/debian/changelog   2016-01-28 17:50:28.0 +0100
@@ -1,3 +1,13 @@
+radicale (0.9-1+deb8u1) jessie-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2015-8748 and CVE-2015-8747:
+Fix insecure path handling by sanitizing system paths and always
+making them absolute. Fix multifilesystem backend allowed access
+to arbitrary files on all platforms. (Closes: #809920)
+
+ -- Markus Koschany <a...@debian.org>  Thu, 28 Jan 2016 01:02:54 +0100
+
 radicale (0.9-1) unstable; urgency=medium
 
   [ upstream ]
diff -Nru radicale-0.9/debian/patches/CVE-2015-8748-and-CVE-2015-8747.patch 
radicale-0.9/debian/patches/CVE-2015-8748-and-CVE-2015-8747.patch
--- radicale-0.9/debian/patches/CVE-2015-8748-and-CVE-2015-8747.patch   
1970-01-01 01:00:00.0 +0100
+++ radicale-0.9/debian/patches/CVE-2015-8748-and-CVE-2015-8747.patch   
2016-01-28 17:50:28.0 +0100
@@ -0,0 +1,415 @@
+From: Markus Koschany <a...@debian.org>
+Date: Thu, 28 Jan 2016 01:00:41 +0100
+Subject: CVE-2015-8748 and CVE-2015-8747
+
+Fix insecure path handling by sanitizing system paths and always
+making them absolute. Fix multifilesystem backend allowed access
+to arbitrary files on all platforms.
+
+The patch was kindly reviewed by upstream.
+
+Origin: https://github.com/Kozea/Radicale/pull/343/commits
+Debian-Bug: https://bugs.debian.org/809920
+---
+ radicale/__init__.py| 26 ++--
+ radicale/ical.py| 11 ++---
+ radicale/pathutils.py   | 84 +
+ radicale/storage/filesystem.py  | 41 +++---
+ radicale/storage/multifilesystem.py | 47 ++---
+ 5 files changed, 160 insertions(+), 49 deletions(-)
+ create mode 100644 radicale/pathutils.py
+
+diff --git a/radicale/__init__.py b/radicale/__init__.py
+index 2824efd..694a447 100644
+--- a/radicale/__init__.py
 b/radicale/__init__.py
+@@ -32,7 +32,6 @@ import os
+ import sys
+ import pprint
+ import base64
+-import posixpath
+ import socket
+ import ssl
+ import wsgiref.simple_server
+@@ -47,7 +46,7 @@ except ImportError:
+ from urlparse import urlparse
+ # pylint: enable=F0401,E0611
+ 
+-from . import auth, config, ical, log, rights, storage, xmlutils
++from . import auth, config, ical, log, pathutils, rights, storage, xmlutils
+ 
+ 
+ VERSION = "0.9"
+@@ -174,12 +173,9 @@ class Application(object):
+ 
+ @staticmethod
+ def sanitize_uri(uri):
+-"""Unquote and remove /../ to prevent access to other data."""
++"""Unquote and make absolute to prevent access to other data."""
+ uri = unquote(uri)
+-trailing_slash = "/" if uri.endswith("/") else ""
+-uri = posixpath.normpath(uri)
+-trailing_slash = "" if uri == "/" else trailing_slash
+-return uri + trailing_slash
++return pathutils.sanitize_path(uri)
+ 
+ def collect_allowed_items(self, items, user):
+ """Get items from request that user is allowed to access."""
+@@ -248,18 +244,21 @@ class Application(object):
+ 
+ base_prefix = config.get("server", "base_prefix")
+ if environ["PATH_INFO"].startswith(base_prefix):
+-# Sanitize request URI
+-environ["PATH_INFO"] = self.sanitize_uri(
+-"/%s" % environ["PATH_INFO"][len(base_prefix):])
+-log.LOGGER.debug("Sanitized path: %s", environ["PATH_INFO"])
++environ["PATH_INFO"] = environ["PATH_INFO"][len(base_prefix):]
+ elif config.get("server", "can_skip_base_prefix"):
+ log.LOGGER.debug(
+-"Skipped already sanitized path: %s", environ["PATH_INFO"])
++"Prefix already stripped from path: %s", environ["PATH_INFO"])
+ else:
+ # Request path not starting with base_prefix, not allowed
+ log.LOGGER.debug(
+ "Path not starting with prefix: %s", environ["PATH_INFO"])
+-environ["PATH_INFO"] = None
++status, headers, _ = NOT_ALLOWED
++start_response(status, list(headers.items()))
++return []
++
++# Sanitize request URI
++environ["PATH_INFO"] 

Bug#812695: pygame-sdl2: FTBFS: format not a string literal and no format arguments

[Markus Koschany]

Control: severity -1 normal

Am 27.01.2016 um 11:13 schrieb Gianfranco Costamagna:
> control: reopen -1
> control: tags -1 patch
> 
> Hi, please revert the change, and sorry for breaking the API in the
> libsdl2 2.0.4 upload
> 
> the correct fix comes from upstream, and it is included in the
> following three commits
> https://github.com/renpy/pygame_sdl2/commit/10b13b65173207d274ffa9570ec7
> 7a1aed6bc7e8
> https://github.com/renpy/pygame_sdl2/commit/5605247b8b2c704238508a13bfc3
> 3b3e62dba852
> https://github.com/renpy/pygame_sdl2/commit/c50dd46eb332c572349b02241014
> 911d5f23004c
> 
> or to sum them in a single patch file
> 
> --- pygame-sdl2-6.99.8.orig/src/pygame_sdl2/error.pyx
> +++ pygame-sdl2-6.99.8/src/pygame_sdl2/error.pyx
> @@ -36,4 +36,4 @@ def get_error():
> 
>  def set_error(message):
>  message = bytes(message)
> -SDL_SetError(message)
> +SDL_SetError("%s", message)
> --- pygame-sdl2-6.99.8.orig/src/pygame_sdl2/rwobject.pyx
> +++ pygame-sdl2-6.99.8/src/pygame_sdl2/rwobject.pyx
> @@ -53,7 +53,7 @@ cdef set_error(e):
>  cdef char *msg
>  e = str(e)
>  msg =  e
> -SDL_SetError(e)
> +SDL_SetError("%s", msg)
> 
>  cdef Sint64 python_size(SDL_RWops *context) with gil:
>  f =  context.hidden.unknown.data1
> 
> 
> sorry again for the break of your package!
> 

Thanks for the patch. I will apply it with the next upload.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#812695: pygame-sdl2: FTBFS: format not a string literal and no format arguments

[Markus Koschany]

Control: tags -1 confirmed pending

Am 25.01.2016 um 23:51 schrieb Aaron M. Ucko:
> Source: pygame-sdl2
> Version: 6.99.8-1
> Severity: serious
> Justification: fails to build from source
> 
> Builds of pygame-sdl2 with modern hardening flags have been failing:
> 
> gen/pygame_sdl2.error.c: In function 
> ‘__pyx_pf_11pygame_sdl2_5error_2set_error’:
> gen/pygame_sdl2.error.c:1072:3: error: format not a string literal and no 
> format arguments [-Werror=format-security]
>SDL_SetError(__pyx_t_3);
>^
> cc1: some warnings being treated as errors
> error: command 'aarch64-linux-gnu-gcc' failed with exit status 1
> 
> Could you please take a look?  I presume you'll want to arrange for this
> call to wind up as
> 
>SDL_SetError("%s", __pyx_t_3);
> 
> Thanks!


Thanks for the report. I believe this is some sort of regression in SDL2
2.0.4. Four days ago pygame-sdl2 built fine with SDL2 2.0.2.
pygame_sdl2.error.c is auto-generated at build-time and the error
message,(__pyx_t_3) is controlled by SDL_GetError(), so there is not
much I can do here. I will disable this specific -format hardening check
for now and re-enable it as soon as this issue is resolved in
src:libsdl2 and related packages.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#812621: libsdl2-ttf: FTBFS - format not a string literal and no format arguments

[Markus Koschany]

On Mon, 25 Jan 2016 16:34:31 + Michael Tautschnig  wrote:
> Package: libsdl2-ttf
> Version: 2.0.12+dfsg1-2
> Severity: serious
> Usertags: goto-cc
> 
> During a rebuild of all Debian packages in a clean sid chroot (using 
> cowbuilder
> and pbuilder) the build failed with the following error.
> 
> [...]
> make[1]: Entering directory 
> '/srv/jenkins-slave/workspace/sid-goto-cc-libsdl2-ttf/libsdl2-ttf-2.0.12+dfsg1'
> /bin/bash ./libtool  --tag=CC   --mode=compile gcc -DPACKAGE_NAME=\"\" 
> -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" 
> -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DSTDC_HEADERS=1 
> -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 
> -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 
> -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" 
> -DPACKAGE=\"SDL2_ttf\" -DVERSION=\"2.0.12\" -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 
> -I.   -Wdate-time  -g -O0 -fstack-protector-strong -Wformat 
> -Werror=format-security -pipe -Wall -I/usr/include/freetype2 -D_REENTRANT 
> -I/usr/include/SDL2  -DHAVE_OPENGL -c -o SDL_ttf.lo SDL_ttf.c
> libtool: compile:  gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" 
> -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" 
> -DPACKAGE_URL=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 
> -DLT_OBJDIR=\".libs/\" -DPACKAGE=\"SDL2_ttf\" -DVERSION=\"2.0.12\" 
> -DHAVE_ALLOCA_H=1 -DHAVE_ALLOCA=1 -I. -Wdate-time -g -O0 
> -fstack-protector-strong -Wformat -Werror=format-security -pipe -Wall 
> -I/usr/include/freetype2 -D_REENTRANT -I/usr/include/SDL2 -DHAVE_OPENGL -c 
> SDL_ttf.c  -fPIC -DPIC -o .libs/SDL_ttf.o
> SDL_ttf.c: In function 'TTF_SetFTError':
> SDL_ttf.c:331:5: error: format not a string literal and no format arguments 
> [-Werror=format-security]
>  TTF_SetError(msg);

[...]

FYI, pygame-sdl2 is also affected and I believe it is related to the
last upload of SDL2 2.0.4.

https://bugs.debian.org/812695

It definitely worked four days ago when I built pygame-sdl2.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#811341: ufoai-server: fails to remove: update-rc.d: error: cannot find a LSB script for ufoai-server

[Markus Koschany]

Control: tags -1 moreinfo

Am 18.01.2016 um 04:05 schrieb Andreas Beckmann:
> Package: ufoai-server
> Version: 2.5-1
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package fails to remove.
> 
>>From the attached log (scroll to the bottom...):
> 
>   Removing ufoai-server (2.5-1) ...
>   update-rc.d: error: cannot find a LSB script for ufoai-server
>   dpkg: error processing package ufoai-server (--remove):
>subprocess installed post-removal script returned error exit status 1


Hi,

I tried to reproduce this error but on my system the installation and
removal of ufoai-server works as expected. Could you elaborate on your
system configuration? I assume you ran piuparts on a non-systemd system?
Do I have to provide an init script even if ufoai-server fails to build
from source on architectures that don't support systemd?

Regards,

Markus






signature.asc
Description: OpenPGP digital signature

Bug#810642: Segmentation fault

[Markus Koschany]

Control: tags -1 unreproducible moreinfo
Control: severity -1 normal

On Sun, 10 Jan 2016 21:37:33 +0100 Zlatan Todoric  wrote:
> Package: renpy
> Version: 6.17.6-1.1
> Severity: grave
> 
> Hello,
> 
> simple terminal output:
> 
> zlatan@berserker:~$ renpy
> Fatal Python error: (pygame parachute) Segmentation Fault
> Aborted
> zlatan@berserker:~$
> 
> Happens right after I launch it. Same happens also with renpy-demo (do
> you need separate bug report?).
> 
> Cheers,
> 
> zlatan

Hi,

thanks for the report. I have uploaded a new revision of renpy that will
be available in Sid in a few hours. I couldn't reproduce the segfault
though. The issue might be related to the ongoing auto-fonts-android
transition. I had to adjust an obsolete symlink to a font file which is
now in fonts-roboto-hinted. That caused an error on my system. Please
try the new revision again. It works for me but if you can still
reproduce this error, then please report back.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#787361: I find other CC-BY-NC-SA licensed content.

[Markus Koschany]

Control: reopen -1

On Sun, 10 Jan 2016 21:17:51 +0900 Kouta Ikematsu
 wrote:
> This bug is not resolved.
> I find other CC-BY-NC-SA licensed content. 
> 
> File list:
> 
> "demos/svg/xhtml/dat/face-sad.svg"
> 
> This is non-free.
> Thanks.
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=1295165
> 

Hello,

we can probably replace face-sad.svg with the Tango icon again or we
should just remove it.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#809619: apache-log4j2: FTBFS: web/Log4jServletContainerInitializer.java:[21,20] error: cannot find symbol: DispatcherType

[Markus Koschany]

Control: owner -1 !

On Fri, 01 Jan 2016 23:03:33 + Chris Lamb  wrote:
> Source: apache-log4j2
> Version: 2.4-1
> Severity: serious
> Justification: fails to build from source
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> apache-log4j2 fails to build from source in unstable/amd64:
> 

I'll take care of this.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#809369: mu-cade: ODE INTERNAL ERROR 1: assertion "bNormalizationResult" failed in _dNormalize4

[Markus Koschany]

On Tue, 29 Dec 2015 23:02:20 +0100 Markus Koschany <a...@debian.org> wrote:
> Package: mu-cade
> Version: 0.11.dfsg1-8+b2
> Severity: grave
> 
> I have just noticed that mu-cade in testing and unstable is unusable
> because it crashes on startup with
> 
> ODE INTERNAL ERROR 1: assertion "bNormalizationResult" failed in 
> _dNormalize4() [odemath.h:42]
> [1]1120 abort (core dumped)  mu-cade
> 
> I assume the bug surfaced because of the transition to libode4.

Hello Peter,

I saw your changes for mu-cade and kiki-the-nano-bot. Are they ready to
upload?

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#809369: mu-cade: ODE INTERNAL ERROR 1: assertion "bNormalizationResult" failed in _dNormalize4

[Markus Koschany]

Package: mu-cade
Version: 0.11.dfsg1-8+b2
Severity: grave

I have just noticed that mu-cade in testing and unstable is unusable
because it crashes on startup with

ODE INTERNAL ERROR 1: assertion "bNormalizationResult" failed in _dNormalize4() 
[odemath.h:42]
[1]1120 abort (core dumped)  mu-cade

I assume the bug surfaced because of the transition to libode4.

Markus

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mu-cade depends on:
ii  libbulletml0v50.0.6-6.1
ii  libc6 2.21-4
ii  libgcc1   1:5.3.1-4
ii  libgl1-mesa-glx [libgl1]  11.0.8-1
ii  libglu1-mesa [libglu1]9.0.0-2.1
ii  libode4   2:0.13.1+git20150309-2
ii  libsdl-mixer1.2   1.2.12-11+b1
ii  libsdl1.2debian   1.2.15-12
ii  mu-cade-data  0.11.dfsg1-8

mu-cade recommends no packages.

mu-cade suggests no packages.

-- no debconf information

Bug#808691: jboss-xnio: FTBFS: duplicate class: org.xnio._private.Messages_$logger

[Markus Koschany]

On Mon, 21 Dec 2015 22:30:06 +0100 Emmanuel Bourg <ebo...@apache.org> wrote:
> Le 21/12/2015 21:59, Markus Koschany a écrit :
> 
> > At the moment I don't see a way to fix this in jboss-xnio
> > or undertow though.
> 
> We can workaround this issue by reverting to the compiler plugin 2.5.
> Build depending on libmaven-compiler-plugin-2.5-java and adding the
> following to the pom works for jboss-xnio:
> 
> 
> 
> 
> org.apache.maven.plugins
> maven-compiler-plugin
> 2.5.1
> 
> 
> 
> 

I tried the same workaround for undertow but I haven't had any luck so
far. I added the same snippet to all pom.xml files but the package still
FTBFS. I have pushed the changes to Git master. Any hint is welcome.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#808619: jboss-xnio: FTBFS: duplicate class: org.xnio._private.Messages_$logger

[Markus Koschany]

I think jboss-xnio and undertow are only affected by this issue and
presumably maven-compiler-plugin is to blame here.

I have found this upstream bug report

https://issues.apache.org/jira/browse/MCOMPILER-235

which seems related. I can work around the FTBFS by disabling the
annotation processing and passing -proc:none as an argument to the
compiler plugin. However this isn't really a proper fix because those
generated classes are then not part of the final jar file and this may
cause several other issues.

The upstream bug report claims that maven-compiler-plugin 3.1 works or
explicitly setting useIncrementalCompilation to false. Not sure if this
might help us. At the moment I don't see a way to fix this in jboss-xnio
or undertow though.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#808619: jboss-xnio: FTBFS: duplicate class: org.xnio._private.Messages_$logger

[Markus Koschany]

If I set compiler.source and compiler.target to 1.8 in maven.properties,
I get this:

[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-compiler-plugin:3.2:compile
(default-compile) on project xnio-api: Compilation failure
[ERROR]
/build/jboss-xnio-3.3.3/api/src/main/java/org/xnio/Option.java:[430,37]
incompatible types: java.lang.Object cannot be converted to T



signature.asc
Description: OpenPGP digital signature

Bug#808619: jboss-xnio: FTBFS: duplicate class: org.xnio._private.Messages_$logger

[Markus Koschany]

On Mon, 21 Dec 2015 15:00:26 + Chris Lamb  wrote:
> Source: jboss-xnio
> Version: 3.3.2-1
> Severity: serious
> Justification: fails to build from source
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> jboss-xnio fails to build from source in unstable/amd64:

I have imported the latest upstream release, 3.3.3., and now I get a
completely different error message.


[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-compiler-plugin:3.2:compile
(default-compile) on project xnio-nio: Compilation failure
[ERROR]
/build/jboss-xnio-3.3.3/nio-impl/src/main/java/org/xnio/nio/NioXnioWorker.java:[170,34]
cannot find symbol
[ERROR] symbol:   method floorMod(int,int)
[ERROR] location: class java.lang.Math

Apparently the new release requires Java 8 now. But when I switch to
openjdk-8-jdk the compiler throws another exception:

java.lang.IllegalStateException: endPosTable already set



[INFO] Compiling 213 source files to
/build/jboss-xnio-3.3.3/api/target/classes
An exception has occurred in the compiler (1.8.0_72-internal). Please
file a bug against the Java compiler via the Java bug reporting page
(http://bugreport.java.com) after checking the Bug Database
(http://bugs.java.com) for duplicates. Include your program and the
following diagnostic in your report. Thank you.
java.lang.IllegalStateException: endPosTable already set
at
com.sun.tools.javac.util.DiagnosticSource.setEndPosTable(DiagnosticSource.java:136)
at com.sun.tools.javac.util.Log.setEndPosTable(Log.java:350)
at com.sun.tools.javac.main.JavaCompiler.parse(JavaCompiler.java:667)
at 
com.sun.tools.javac.main.JavaCompiler.parseFiles(JavaCompiler.java:950)
at
com.sun.tools.javac.processing.JavacProcessingEnvironment$Round.(JavacProcessingEnvironment.java:892)
at
com.sun.tools.javac.processing.JavacProcessingEnvironment$Round.next(JavacProcessingEnvironment.java:921)
at
com.sun.tools.javac.processing.JavacProcessingEnvironment.doProcessing(JavacProcessingEnvironment.java:1187)
at
com.sun.tools.javac.main.JavaCompiler.processAnnotations(JavaCompiler.java:1170)
at com.sun.taools.javac.main.JavaCompiler.compile(JavaCompiler.java:856)
at com.sun.tools.javac.main.Main.compile(Main.java:523)
at com.sun.tools.javac.api.JavacTaskImpl.doCall(JavacTaskImpl.java:129)
at com.sun.tools.javac.api.JavacTaskImpl.call(JavacTaskImpl.java:138)
at
org.codehaus.plexus.compiler.javac.JavaxToolsCompiler.compileInProcess(JavaxToolsCompiler.java:125)
at
org.codehaus.plexus.compiler.javac.JavacCompiler.performCompile(JavacCompiler.java:169)
at
org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute(AbstractCompilerMojo.java:823)
at
org.apache.maven.plugin.compiler.CompilerMojo.execute(CompilerMojo.java:129)
at
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at
org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:188)
at org.debian.maven.Wrapper.main(Wrapper.java:89)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:330)
at
org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:238)
at
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at

Bug#793911: groovy should not release with stretch

[Markus Koschany]

Am 11.12.2015 um 22:49 schrieb Miguel Landaeta:
> Hi Markus,
> 
> On Fri, Dec 11, 2015 at 09:23:42PM +0100, Markus Koschany wrote:
>>
>> we can always consider to fix red5 with a NMU. We just should raise the
>> severity accordingly before we do that.
> 
> Sure, that's a valid option. An NMU to DELAYED/7 or something is OK
> with me.

I suggest to raise the severity of red5 to serious as soon as we have
fixed libspring-java and it remains the only package left. Then we
should give the maintainer at least ten days to fix the issue (according
to the NMU guide lines) and after that it is fire at will.

>> I hope I can lend you a hand with an update of libspring-java after I
>> have packaged the latest netbeans release. Perhaps you can write a short
>> TODO list and push it to the libspring-java repo, which upstream should
>> be packaged, if we have to package new dependencies and where you need
>> help.
> 
> OK, unfortunately I don't have too much time lately but I think I can
> review latest Spring upstream releases to document if/which new
> dependencies are needed and push that to the repo.

No problem. I just read Emmanuel's comment. If you need some help with
the packaging, just ping me. Like I said I intend to work on Netbeans,
maven-repo-helper (#805228) and Eclipse in the near future but there is
hopefully always some time to package a new dependency. :E

Markus



signature.asc
Description: OpenPGP digital signature

Bug#793911: groovy should not release with stretch

[Markus Koschany]

Am 11.12.2015 um 21:16 schrieb Miguel Landaeta:
[...]
>> red5 -> must be updated to a newer version
> 
> Emmanuel sent a patch for this. Please see #805627.
> 
>> If you want to update either libspring-java or red5, that would be a big
>> help.
> 
> To package libspring-java new upstream releases is a task that would
> be very appreciated although is not easy but with the recent progress
> in Maven and Gradle helpers (thanks to Emmanuel again!) maybe this is
> something more feasible nowadays.
> 
> Regarding red5, I'm not quite sure how much is used in Debian
> nowadays. Maybe we should contact Damien to check if he agrees to
> transfer its maintenance to pkg-java. I'm ccing him just in case.

Hi,

we can always consider to fix red5 with a NMU. We just should raise the
severity accordingly before we do that.

I hope I can lend you a hand with an update of libspring-java after I
have packaged the latest netbeans release. Perhaps you can write a short
TODO list and push it to the libspring-java repo, which upstream should
be packaged, if we have to package new dependencies and where you need
help.

Cheers,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#802671: fixed in bouncycastle 1.44+dfsg-2+deb6u1

[Markus Koschany]

I have pushed the wheezy and jessie security branches for bouncycastle.
The wheezy changes are identical to squeeze since both use the same
upstream version.

Jessie was a bit more complicated because I had to rebase patch 1 and 2.
In version 1.49 DSTU4145PointEncoder.java exists and there was also one
createPoint() call which I had to replace with validatePoint. I am able
to build the tests but the junit ant task is never executed. It would be
great if someone could take a look at the error message. Apparently
ant-junit.jar cannot be found. I have tried to symlink the jar file into
the build directory but without success.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#807391: libcommons-openpgp-java: FTBFS: BouncyCastleOpenPgpStreamingSignatureVerifier.java:92: error: cannot find symbol [..] sig.initVerify( key, "BC" );

[Markus Koschany]

Am 09.12.2015 um 05:32 schrieb tony mancill:
> On 12/08/2015 04:14 AM, Chris Lamb wrote:
>> Source: libcommons-openpgp-java
>> Version: 0+svn533492-5
>> Severity: serious
>> Justification: fails to build from source
>> User: reproducible-bui...@lists.alioth.debian.org
>> Usertags: ftbfs
>> X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
> 
> I can't find any reverse dependencies for this package.  Any objections
> to requesting its removal?

It seems I missed this build failure during my bouncycastle tests. Last
updaet was in 2013 and in my opinion a crypto library should be better
maintained than that, especially if it depends on such a fragile library
like bouncycastle. No objections from me.

Markus




signature.asc
Description: OpenPGP digital signature

Bug#807504: androidsdk-ddms: java.lang.RuntimeException: Failed to load /images/heap.png

[Markus Koschany]

Control: severity -1 grave
Control: tags -1 confirmed

On Wed, 09 Dec 2015 21:11:12 +0200 Oleksandr Gavenko
 wrote:
> Package: androidsdk-ddms
> Version: 22.2+git20130830~92d25d6-2
> Severity: critical
> 
>   $ ddms
>   09:07:18 E/ddms: shutting down due to uncaught exception
>   09:07:18 E/ddms: Failed to load /images/heap.png
>   java.lang.RuntimeException: Failed to load /images/heap.png
>   at com.android.ddmuilib.ImageLoader.loadImage(ImageLoader.java:147)
>   at com.android.ddmuilib.ImageLoader.loadImage(ImageLoader.java:174)
>   at 
> com.android.ddms.UIThread.createDevicePanelToolBar(UIThread.java:1082)
>   at com.android.ddms.UIThread.createLeftPanel(UIThread.java:1429)
>   at com.android.ddms.UIThread.createTopPanel(UIThread.java:1200)
>   at com.android.ddms.UIThread.createWidgets(UIThread.java:1002)
>   at com.android.ddms.UIThread.runUI(UIThread.java:535)
>   at com.android.ddms.Main.main(Main.java:117)
> 
> With 22.2+git20130830~92d25d6-1 from ``stable`` there are no such problem!

Thanks for the report. Will be fixed soon. Some paths changed with the
last revision and some of them were not adjusted accordingly.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#802356: Any news about this bug?

[Markus Koschany]

Am 05.12.2015 um 18:12 schrieb Andreas Tille:
> Hi,
> 
> I just noticed that the reverse depends of this package are removed from
> testing.  As you know I tried to help in resolving this bug but I was
> running out of ideas and contacting upstream was also not helpful.
> 
> Any news about this?
> 

Hi Andreas,

I am currently working on getting a newer version of bouncycastle into
unstable. This will fix all outstanding bugs in this package. Some
upgrading of reverse-dependencies is also needed. As soon as this is
done, I will take a look at svnclient.

Regards,

Markus







signature.asc
Description: OpenPGP digital signature

Bug#802671: Tentative patches for version 1.44

[Markus Koschany]

On Thu, 26 Nov 2015 13:58:14 +0100 Raphael Hertzog 
wrote:
> On Fri, 20 Nov 2015, Raphael Hertzog wrote:
> > On Fri, 23 Oct 2015, Raphael Hertzog wrote:
> > > I have asked an upstream developer (Peter Dettman) to review it.
> > 
> > He reviewed them and came up with further suggestions. So there's a third
> > patch (attached) to apply on top of the two patches that I already
> > submitted. I sent him the third patch for review too.
> 
> Tha patch is also OK according to Peter. However he asked me to not
> yet release the update as further improvements in public key/point
> validation are being made.
> 
> I'll the bug in the loop when I have more details, in the next few days in
> theory.

Hello Raphael,

thanks for your work on this bug. We intend to upload version 1.51 of
bouncycastle to unstable this weekend since we were able to upgrade all
reverse-dependencies except one so far. Are there any new information
regarding the patches for Jessie? Shall we still wait with an upload or
is it safe to use the three existing patches?

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#793911: groovy should not release with stretch

[Markus Koschany]

On Thu, 1 Oct 2015 23:38:11 +0800 =?UTF-8?B?5q635ZWf6IGw?=
 wrote:
> On Tue, 28 Jul 2015 22:38:40 +0200 Moritz Muehlenhoff  wrote:
> > Package: groovy
> > Severity: serious
> >
> > A separate source package groovy2 was uploaded, so reverse dependencies
> > need to be migrated to that one and groovy removed.
> >
> > Cheers,
> > Moritz
> >
> >
> 
> Hi Moritz and all pkg-java members,
> 
> I am wondering if it is better to upgrade groovy to the latest version
> (2.4.5 as of now) and drop groovy2, and migrate all build-rdeps of old
> Groovy 1.x to using a separate groovy-1.8 or groovy-1.9 package if
> necessary. In the end that we get rid of groovy and remain a groovy2
> package seems odd. Anyway BND, Maven are under the similar transition.
> Since GSoC I have been maintaining Gradle in Debian so I am happy and
> willing to do the transition.

Hi Kai-Chung,

I think upgrading src:groovy to version 2.x is a good idea. Though it is
more important that we upgrade all reverse dependencies of groovy 1.x to
to groovy 2.x first, so that we can drop one source package before the
Stretch release.

These are the current reverse dependencies in unstable:

freemind -> will be removed from Debian soon because we have a very
similar package already (freeplane)

libspring-java -> must be updated to a newer version

jenkins -> unmaintainable, can be ignored

red5 -> must be updated to a newer version

If you want to update either libspring-java or red5, that would be a big
help.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#806537: extremetuxracer: fails to upgrade from 'sid' - trying to overwrite /usr/share/icons/hicolor/scalable/apps/etracericon.svg

[Markus Koschany]

Control: severity -1 important

Am 28.11.2015 um 16:54 schrieb Andreas Beckmann:
> Package: extremetuxracer
> Version: 0.6.0-2
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package fails to upgrade from
> 'sid' to 'experimental'.
> It installed fine in 'sid', then the upgrade to 'experimental' fails
> because it tries to overwrite other packages files without declaring a
> Breaks+Replaces relation.

Hi,

thanks for the report but this is not release critical because we won't
release the 0.6.0 series with Stretch.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#806418: mediathekview: Spawns VLC-process with fills up hard disc space 100% without being told to do so

[Markus Koschany]

Control: severity -1 normal

Am 27.11.2015 um 11:10 schrieb Helge Kreutzmann:
> Package: mediathekview
> Version: 7.1-1
> Severity: grave
> 
> Dear Maintainer,
> 
> I use mediathekview a lot, althought not on this system (which is
> actually only a VM). I never experienced this problem before, but now
> repeatedly which makes mediathekview and the entire system unusuable.
> I will check on my main system next week.

I can reproduce the issue and I have opened a forum thread at

http://zdfmediathk.sourceforge.net/forum/viewtopic.php?f=1=1754

Apparently the URL to your film is not 100% correct and when passed to
VLC it triggers the described behaviour. The URLs will be fixed within
24 hours when the film list is updated upstream. See also this thread in
German:

http://zdfmediathk.sourceforge.net/forum/viewtopic.php?f=1=1751

You should also be aware of that MediathekView just passes parameters to
external programs, which are defined in your user settings. VLC is one
of those helper programs and not part of MediathekView. You can replace
VLC by any other program which is capable of recording network streams.
You can change your settings in Datei->Einstellungen->Set bearbeiten.
There are two sets for recording and playing films. The default settings
work mostly out-of-the-box but there may be corner cases where you have
to tweak those settings for your needs.

I will close this issue as soon as the film list was corrected upstream.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#804840: stormbaancoureur: diff for NMU version 2.1.6-1.1

[Markus Koschany]

Am 22.11.2015 um 18:45 schrieb Andreas Bombe:
> Control: tags 804840 + patch
> Control: tags 804840 + pending
> 
> Dear maintainer^Wgames team,
> 
> I've prepared an NMU for stormbaancoureur (versioned as 2.1.6-1.1) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.

Hello Andreas,

thank you for the RC fix. Please feel free to upload without delay.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#805499: libnanoxml2-java: FTBFS with bnd 2.1.0

[Markus Koschany]

Package: libnanoxml2-java
Version: 2.2.3.dfsg-4
Severity: serious
Tags: patch

Dear maintainer,

libnanoxml2-java FTBFS with bnd 2.1.0. Please find attached a patch
that fixes this issue.

Regards,

Markus
diff -u libnanoxml2-java-2.2.3.dfsg/debian/rules libnanoxml2-java-2.2.3.dfsg/debian/rules
--- libnanoxml2-java-2.2.3.dfsg/debian/rules
+++ libnanoxml2-java-2.2.3.dfsg/debian/rules
@@ -28,7 +28,7 @@
 LITE := nanoxml-lite.jar
 SAX := nanoxml-sax.jar
 
-#Architecture 
+#Architecture
 build: build-stamp
 
 build-stamp:
@@ -37,9 +37,12 @@
 	CLASSPATH=${NANOXML} jh_build -o'${JFLAGS}' -N ${SAX} Sources/SAX/
 	jh_manifest -c /usr/share/java/${NANOXML} ${SAX}
 
-	bnd wrap *.jar
-	rm *.jar
-	prename 's/bar/jar/' *.bar
+	bnd wrap --output $(NANOXML).tmp $(NANOXML)
+	bnd wrap --output $(LITE).tmp $(LITE)
+	bnd wrap --output $(SAX).tmp $(SAX)
+	mv $(NANOXML).tmp $(NANOXML)
+	mv $(LITE).tmp $(LITE)
+	mv $(SAX).tmp $(SAX)
 
 	${JAVA_HOME}/bin/javadoc -author -link /usr/share/doc/default-jdk-doc/api -quiet \
 	-sourcepath Sources/Java/:Sources/Lite/:Sources/SAX/ -source 1.4 \
@@ -61,12 +64,12 @@
 	rm -rf Test/*/*.class
 	rm -rf debian/orig.tmp || echo "No failed source fetch"
 
-	dh_clean 
+	dh_clean
 
 install:
 	dh_testdir
 	dh_testroot
-	dh_clean -k -i 
+	dh_clean -k -i
 
 	jh_installlibs -i
 	jh_installjavadoc -plibnanoxml2-java-doc
@@ -78,10 +81,10 @@
 binary-common:
 	dh_testdir
 	dh_testroot
-	dh_installchangelogs 
+	dh_installchangelogs
 	dh_installdocs
 	dh_link
-	dh_compress 
+	dh_compress
 	dh_fixperms
 	dh_installdeb
 	dh_gencontrol
diff -u libnanoxml2-java-2.2.3.dfsg/debian/changelog libnanoxml2-java-2.2.3.dfsg/debian/changelog
--- libnanoxml2-java-2.2.3.dfsg/debian/changelog
+++ libnanoxml2-java-2.2.3.dfsg/debian/changelog
@@ -1,3 +1,12 @@
+libnanoxml2-java (2.2.3.dfsg-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Transition to bnd 2.1.0.
+  * Do not depend on a Java runtime because the Java Policy does not require
+this anymore.
+
+ -- Markus Koschany <a...@debian.org>  Wed, 18 Nov 2015 21:05:35 +0100
+
 libnanoxml2-java (2.2.3.dfsg-4) unstable; urgency=low
 
   * Removed no longer needed work around for 567899 (Closes: #573697)
diff -u libnanoxml2-java-2.2.3.dfsg/debian/control libnanoxml2-java-2.2.3.dfsg/debian/control
--- libnanoxml2-java-2.2.3.dfsg/debian/control
+++ libnanoxml2-java-2.2.3.dfsg/debian/control
@@ -5,7 +5,7 @@
 Build-Depends: debhelper (>= 5)
 Build-Depends-Indep: default-jdk-doc,
  default-jdk,
- bnd,
+ bnd (>= 2.1.0),
  perl,
  javahelper
 Standards-Version: 3.8.4.0
@@ -13,7 +13,7 @@
 
 Package: libnanoxml2-java
 Architecture: all
-Depends: default-jre-headless | java2-runtime-headless, ${misc:Depends}
+Depends: ${misc:Depends}
 Suggests: libnanoxml2-java-doc
 Description: small XML parser for Java
  NanoXML is a (actually more than one) small XML parser for Java. It

Bug#805409: scala: FTBFS without network connexion

[Markus Koschany]

Control: severity -1 normal

Am 17.11.2015 um 22:11 schrieb Martin Quinson:
> Package: scala
> Version: 2.11.7
> Severity: serious
> Justification: FTBFS
> 
> Hello,
> 
> it seems that the patch to stop maven from downloading some stuff from the
> internet is not effective because the package still fails to build from source
> when I unplug the net.
> 
> The very bad news is that from what I understand from the logs, it tries to
> download scala itself to build scala:

Hi Martin,

I believe this is only a temporary issue because the last build of scala
did FTBFS on the buildd. I have made another upload but it has to be approved
by the ftp-masters.

The build system prevents scala from downloading anything from the internet.
There are also two patches that point the build system to Debian's local 
repository:
/usr/share/maven-repo.

Please try the latest version again as soon as it has passed the NEW queue.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#805412: dnsjava: ships embedded bnd.jar file without corresponding sources

[Markus Koschany]

Source: dnsjava
Version: 2.1.7-0.1
Severity: serious

Dear maintainer,

while I was working on the bnd 1.5 to 2.1 transition, I discovered
that dnsjava ships an embedded bnd.jar file with the source package
but without providing the sources for it.

This is a DFSG violation. Please either remove the jar file from the
sources or provide the corresponding sources for it.

Regards,

Markus



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Bug#793586: FTBFS: POM 'org.codehaus.modello:modello-maven-plugin' not found in repository

[Markus Koschany]

Control: tags -1 patch

On Sat, 25 Jul 2015 10:23:57 + "Chris West \(Faux\)"
 wrote:
> Source: maven-javadoc-plugin
> Version: 2.9.1-2
> Severity: serious
> Tags: sid stretch
> Justification: fails to build from source
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs

We need to change this line in maven.rules:

org.codehaus.modello modello-maven-plugin maven-plugin s/.*/1.1/

to

org.codehaus.modello modello-maven-plugin maven-plugin s/.*/1.8.3/

Is there a special reason for depending on an exact version?

By the way, this line in maven.rules is superfluous:

commons-httpclient commons-httpclient jar s/3\..*/3.x/

Markus




signature.asc
Description: OpenPGP digital signature

Bug#779482: severity of 779482 is grave

[Markus Koschany]

Control: forwarded -1 https://jogamp.org/bugzilla/show_bug.cgi?id=1246

On Tue, 06 Oct 2015 23:53:17 +0200 Gilles Filippini  wrote:
> For the record, I've pinged upstream and proposed a patch for ppc64el.
> The good news is they seem responsive [1].
> 
> [1] 
> 
> Unfortunately I couldn't test the usability of my patch yet, because I
> didn't succeed with remote X display on ppc64el porterboxes :/
> 

Thank you for contacting upstream and offering a patch. If your patch
gets accepted, we can resolve this issue by packaging the next upstream
release. Should this not happen for whatever reasons, we can still
remove ppc64el from the list of supported architectures.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#801114: jakarta-jmeter: FTBFS in sid with cannot find symbol error

[Markus Koschany]

Package: src:jakarta-jmeter
Version: 2.11-3
Severity: serious

I just wanted to investigate the libcommons-net1-java dependency but
the package FTBFS in sid.

 [javac]
 
/build/jakarta-jmeter-2.11/src/components/org/apache/jmeter/assertions/SMIMEAssertion.java:150:
 error: cannot find symbol
 [javac] CertStore certs =
 s.getCertificatesAndCRLs("Collection", "BC"); // $NON-NLS-1$  //

Full build log is attached.

Markus


jakarta-jmeter_2.11-3_amd64.build.gz
Description: application/gzip

Bug#779482: severity of 779482 is grave

[Markus Koschany]

Am 05.10.2015 um 12:07 schrieb Emmanuel Bourg:
> On Sun, 04 Oct 2015 17:10:40 +0200 Gilles Filippini  wrote:
> 
>> Setting back severity to grave because ppc64el is an official
>> architecture since novembre 2014 and there is no point in providing
>> gluegen2 for ppc64el if it is unusable.
> 
> On the other hand, the affected architectures have a combined popcon of
> 0.3%. I don't think it's fair to push the severity to serious and risk a
> removal that would affect all the other architectures.

I think we should determine if upstream supports ppc64el. If not, it is
reasonable to remove ppc64el and other affected ports from the
Architecture field.

Regards,

Markus






signature.asc
Description: OpenPGP digital signature

Bug#779482: severity of 779482 is grave

[Markus Koschany]

Am 05.10.2015 um 12:48 schrieb Emmanuel Bourg:
> Le 05/10/2015 12:18, Markus Koschany a écrit :
> 
>> I think we should determine if upstream supports ppc64el. If not, it is
>> reasonable to remove ppc64el and other affected ports from the
>> Architecture field.
> 
> I don't know, for some packages we do not exclude the unsupported
> architectures explicitly so the builders can attempt the build and
> identify the portability issue. For example with openjfx, I initially
> restricted the build to i386/amd64 but I was later asked to remove the
> limitation (#765397).


I think it's ok to initially build with arch:any as long as there is
sufficient support from upstream. However if it turns out that some
arch-dependent packages are unusable and upstream does not intend to fix
this, we should not claim that we can. I think restricting the build to
supported architectures is sensible then.

Like I said I don't know if those architectures are supported now. Back
in April Tony wrote that upstream has started to work on architecture
support.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779482#21

Perhaps something has changed in the latest version?

Markus



signature.asc
Description: OpenPGP digital signature

Bug#799810: eclipse: upgrade to 3.8.1-8 broke Eclipse

[Markus Koschany]

Control: tags -1 moreinfo
Control: severity -1 important

Am 22.09.2015 um 23:36 schrieb Leszek Koltunski:
> Package: eclipse
> Version: 3.8.1-7
> Severity: grave
> Justification: renders package unusable
> 
> Upgrade from 3.8.1-7 to 3.8.1-8 broke Eclipse for me. Now, when starting, I 
> get
> a popup saying 'Error detected - details in log file ***'. The log file ends
> with
> 
> java.lang.RuntimeException: Application "org.eclipse.ui.ide.workbench" could
> not be found in the registry.
> 
> I just manually downgraded the following packages
> 
> eclipse
> eclipse-platform
> eclipse-platform-data
> eclipse-rcp
> eclipse-jdt
> eclipse-pde
> libequinox-osgi-java
> 
> back to version 3.8.1-7 and reinstalled libicu4j-4.4-java (which somehow got
> deleted by previous apt-get update & apt-get upgrade & apt-get autoremove
> session) and Eclipse is working again.

Hello,

3.8.1-8 migrated to testing almost two weeks ago and we haven't seen
other reports about this error yet. On my system the latest version
works as expected.

What happens if you start with a clean workspace? Please backup your
existing workspace and the hidden .eclipse directory in your home
directory before doing that, upgrade to 3.8.1-8 again and report back if
this solves your issue.

Do you have any external plugins installed that are not part of any
Debian package?

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#798699: java.lang.ClassCastException: java.io.File cannot be cast to java.lang.Class

[Markus Koschany]

Am 19.09.2015 um 10:04 schrieb Vincent Fourmond:
>   Dear Markus,
> 
>   Thanks for looking at the problem and finding the fix. I had somehow
> missed the initial report.
> 
>   I was planning on packaging the latest release.

Hi Vincent,

Great! Packaging the new release should be straightforward. The patch
will then need a few adjustments but the principal idea should still work.

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#672391: libsigc++-1.2: Remove this disuse version of libsigc++

[Markus Koschany]

Good news. Upstream switched to libsigc++2.0. The new version in their
Mercurial repository compiles successfully and I am just waiting for the
new release.

Markus



signature.asc
Description: OpenPGP digital signature

Bug#798877: apache-directory-server: FTBFS in sid

[Markus Koschany]

Source: apache-directory-server
Version: 2.0.0~M15-1
Severity: serious

Hi,

apache-directory-server FTBFS in sid in a clean cowbuilder environment but built
successfully in the past.

Full build log is attached, here is the relevant part.

[ERROR] COMPILATION ERROR :
[INFO] -
[ERROR]
/tmp/buildd/apache-directory-server-2.0.0~M15/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java:[56,7]
error: KerberosProtocolHandler is not abstract and does not override
abstract method inputClosed(IoSession) in IoHandler
[ERROR]
/tmp/buildd/apache-directory-server-2.0.0~M15/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/changepwd/protocol/ChangePasswordProtocolHandler.java:[56,7]
error: ChangePasswordProtocolHandler is not abstract and does not
override abstract method inputClosed(IoSession) in IoHandler
[INFO] 2 errors


Markus


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect


apache-directory-server_2.0.0~M15-1_amd64.build.gz
Description: application/gzip

Bug#795851: openjfx: FTBFS with Gradle 2.5

[Markus Koschany]

Am 10.09.2015 um 23:17 schrieb Miguel Landaeta:
> Hi Markus,
> 
> On Thu, Sep 10, 2015 at 08:24:52PM +0200, Markus Koschany wrote:
>> *ping*
> 
> (ahem, reappearing after my vacations)

Welcome back and don't forget to sign my key. :-)

Cheers,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#798699: java.lang.ClassCastException: java.io.File cannot be cast to java.lang.Class

[Markus Koschany]

Control: severity -1 grave
Control: tags -1 stretch sid

On Fri, 11 Sep 2015 21:04:01 +0200 Emmanuel Fleury  wrote:
> Package: freecol
> Version: 0.10.7+dfsg-3
> Severity: important
> 
> Just running the software leads to the following Java exception:
> 
> $> freecol
> Disabling IPV6 network stack to work around bug #560056 on openjdk
> If you experience problems with connecting to remote servers,
> you can put it back by running Freecol this way:
>   freecol --enable-ipv6
> Exception in thread "main" java.lang.ClassCastException: java.io.File
> cannot be cast to java.lang.Class
>   at org.apache.commons.cli.OptionBuilder.withType(OptionBuilder.java:298)
>   at net.sf.freecol.FreeCol.handleArgs(FreeCol.java:338)
>   at net.sf.freecol.FreeCol.main(FreeCol.java:150)
> ^C
> 
> The process still hang afterward, I need to press Ctrl-C to stop it.

Thanks for the report. This makes the package basically unusable.
Raising the severity accordingly. Jessie is not affected.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#798699: java.lang.ClassCastException: java.io.File cannot be cast to java.lang.Class

[Markus Koschany]

Control: tags -1 patch

Please find attached a patch that fixes the issue. The recent update of
libcommons-cli-java to version 1.3.1 introduced some changes in
OptionsBuilder.java which caused this FreeCol runtime error. In general
Freecol should move away from OptionsBuilder because this class is
deprecated. I changed the type from File to Class, and so far the game
works again.

Markus
diff -Nru freecol-0.10.7+dfsg/debian/changelog 
freecol-0.10.7+dfsg/debian/changelog
--- freecol-0.10.7+dfsg/debian/changelog2014-12-01 21:31:35.0 
+0100
+++ freecol-0.10.7+dfsg/debian/changelog2015-09-12 00:58:29.0 
+0200
@@ -1,3 +1,12 @@
+freecol (0.10.7+dfsg-4) unstable; urgency=medium
+
+  * Team upload.
+  * Add commons-cli-1.3.patch and fix java.lang.ClassCastException due to
+deprecated and different methods in libcommons-cli-java version 1.3.1.
+Thanks to Emmanuel Fleury for the report. (Closes: #798699)
+
+ -- Markus Koschany <a...@gambaru.de>  Sat, 12 Sep 2015 00:54:21 +0200
+
 freecol (0.10.7+dfsg-3) unstable; urgency=medium
 
   * Disable intro video to avoid hanging at startup (closes: #771700)
diff -Nru freecol-0.10.7+dfsg/debian/patches/commons-cli-1.3.patch 
freecol-0.10.7+dfsg/debian/patches/commons-cli-1.3.patch
--- freecol-0.10.7+dfsg/debian/patches/commons-cli-1.3.patch1970-01-01 
01:00:00.0 +0100
+++ freecol-0.10.7+dfsg/debian/patches/commons-cli-1.3.patch2015-09-12 
00:58:29.0 +0200
@@ -0,0 +1,29 @@
+From: Markus Koschany <a...@gambaru.de>
+Date: Sat, 12 Sep 2015 00:53:37 +0200
+Subject: commons cli 1.3
+
+---
+ src/net/sf/freecol/FreeCol.java | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/net/sf/freecol/FreeCol.java b/src/net/sf/freecol/FreeCol.java
+index 3cdf52e..a973298 100644
+--- a/src/net/sf/freecol/FreeCol.java
 b/src/net/sf/freecol/FreeCol.java
+@@ -299,6 +299,7 @@ public final class FreeCol {
+ private static void handleArgs(String[] args) {
+ // create the command line parser
+ CommandLineParser parser = new PosixParser();
++final Class dummy = null;
+ 
+ /**
+  * Ugly hack: try to determine language first, so that usage,
+@@ -338,7 +339,7 @@ public final class FreeCol {
+ options.addOption(OptionBuilder.withLongOpt("home-directory")
+   
.withDescription(Messages.message("cli.home-directory"))
+   .withArgName(Messages.message("cli.arg.directory"))
+-  .withType(new File("dummy"))
++  .withType(dummy)
+   .hasArg()
+   .create());
+ options.addOption(OptionBuilder.withLongOpt("log-console")
diff -Nru freecol-0.10.7+dfsg/debian/patches/series 
freecol-0.10.7+dfsg/debian/patches/series
--- freecol-0.10.7+dfsg/debian/patches/series   2013-08-25 13:14:05.0 
+0200
+++ freecol-0.10.7+dfsg/debian/patches/series   2015-09-12 00:58:29.0 
+0200
@@ -1,2 +1,3 @@
 10-fix-jar-path.diff
 40-manpage.diff
+commons-cli-1.3.patch


signature.asc
Description: OpenPGP digital signature

Bug#795851: openjfx: FTBFS with Gradle 2.5

[Markus Koschany]

On Sat, 22 Aug 2015 00:19:43 +0200 Markus Koschany <a...@gambaru.de> wrote:
> I have pushed two commits. The first one implements the minimum
> requirements to compile openjfx with gradle 2.5. Unfortunately I haven't
> found a way to compile with WEBKIT yet. When I set COMPILE_WEBKIT =
> false in debian/gradle.properties, building from source works again.
> 
> The question is: Can we temporarily disable the WEBKIT feature and build
> without it for a while until upstream catches up with gradle? (They
> already have a patch for 2.x but that doesn't seem to work with WEBKIT)
> 

*ping*

Shall I proceed with this temporary solution? The only r-dep of openjfx
is netbeans which does not use openjfx at runtime so far. Someone
interested in sponsoring this?

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#795851: openjfx: FTBFS with Gradle 2.5

[Markus Koschany]

Am 11.09.2015 um 00:24 schrieb Emmanuel Bourg:
> Le 10/09/2015 20:24, Markus Koschany a écrit :
> 
>> Shall I proceed with this temporary solution? The only r-dep of openjfx
>> is netbeans which does not use openjfx at runtime so far.
> 
> The web view based on WebKit is an important feature of JavaFX, it would
> be sad to disable it. I tried upgrading openjfx to the version 8u60 but
> I got another build failure :( Leave me some time to investigate this
> further.

:( Too bad upgrading doesn't work. However I wouldn't worry too much
about this WebKit feature as long as there is only one
reverse-dependency and plenty of time until the next stable release.
Just disabling it for the time being would give us more breathing space
and would also prevent the removal of netbeans and openjfx from testing.

Markus




signature.asc
Description: OpenPGP digital signature

Bug#797282: spring ftbfs in unstable

[Markus Koschany]

clone 797282 -1
reassign -1 src:gcc-5
retitle -1 gcc-5: Linking failure without -latomic
severity -1 normal
forwarded -1 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65913
thanks

On Sat, 29 Aug 2015 12:52:04 +0200 Markus Koschany <a...@gambaru.de> wrote:
[...]
> The patch is still pending but I wonder if a bug report should be filed
> against GCC-5 because we are dealing with a regression here. What is
> your stance on this?


For now I am going to implement a workaround for spring by removing the
affected test case, so that spring can be built from source again and
won't block any ongoing transitions.

However I believe that this is a regression in GCC 5.2 as described at

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65913

and should be fixed.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#797282: spring ftbfs in unstable

[Markus Koschany]

Am 29.08.2015 um 10:59 schrieb Matthias Klose:
 Package: src:spring
 Version: 100.0+dfsg-1
 Severity: serious
 Tags: sid stretch
 
 spring ftbfs in unstable,

[...]


 /usr/include/c++/5/bits/atomic_base.h:355: error: undefined reference to
 '__atomic_is_lock_free'
 collect2: error: ld returned 1 exit status
 test/CMakeFiles/test_ThreadPool.dir/build.make:443: recipe for target
 'test/test_ThreadPool' failed
 make[5]: *** [test/test_ThreadPool] Error 1

Hi,

apparently one test case fails due to a recent change in GCC 5 which
requires to link against -latomic because

test/engine/System/testThreadPool.cpp

uses

std::atomicint cnt(0);
BOOST_CHECK(cnt.is_lock_free());


However there is an open GCC bug for this issue too. Judging from the
bug log they intend to revert this change in GCC 5.3 or later.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65913

Quote:
Does that mean for all the future versions (5.2, 6.0, etc.) -latomic
flag is necessary if atomicT::is_lock_free() is used in my program?

From my reading of the comments, the patch and current svn sources, the
answer is no.

The patch is still pending but I wonder if a bug report should be filed
against GCC-5 because we are dealing with a regression here. What is
your stance on this?

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#793630: groovy 1.8.6 and libcommons-cli-java 1.3.1 FTBFS

[Markus Koschany]

On Wed, 29 Jul 2015 10:49:12 -0300 Miguel Landaeta nomad...@debian.org
wrote:
 On Wed, Jul 29, 2015 at 10:00:16AM +0100, Russel Winder wrote:
  Emmanuel, Miguel,
 
 Hi Russel,
 
  
  Apache Groovy 1.x series is no longer maintained. All effort is now on
  the Apache Groovy 2.4.x and 2.5-SNAPSHOT versions. If Debian is to
  remove Commons CLI 1.2 then I suggest removing the groovy package since
  the groovy2 package is in place already, and is the right version for
  Debian to go with.
 
 That's right. We are no longer maintaining Groovy 1.x although we have
 several packages depending on it and our latest Debian stable release
 still includes groovy 1.x.
 
 I stumbled upon this bug due to my attempt to fix CVE-2015-3253 in
 unstable for groovy 1.8.6 (the published fix is relevant for all
 groovy versions since 1.7.0).
 
 I expect to remove groovy eventually but in the meantime we are
 applying only security bug fixes. We are working on groovy2 now.

Hi all,

I suggest to ask the release team for an exception and to provide the
security fix via testing-proposed-updates. The CVE-fix appears to be
straightforward and could be uploaded afterwards to stable-proposed-updates.

We shouldn't invest too much time in groovy 1.x anymore. I think the
time is better spent on trying to switch all r-deps from groovy 1.x to
2.x as soon as possible and getting rid of this package.

Regards,

Markus






signature.asc
Description: OpenPGP digital signature

Bug#796531: Please switch to the default compiler on mips/mipsel

[Markus Koschany]

Control: tags -1 confirmed pending

On Sat, 22 Aug 2015 14:06:58 +0200 Moritz Muehlenhoff j...@debian.org
wrote:
 Package: berusky2
 Severity: serious
 
 gcc-4.8 will not be included in stretch (765380), but berusky2
 uses it on mips and mipsel.
 
 Please switch to the standard GCC, if the mips porters don't
 get the toolchain fixed, I'd recommend to simply remove mipsen
 support, it's just a game after all.

Hi!

Games are important too. :)

Fortunately we have a fix for that in our Git repository already. I will
upload a new revision soon.

Cheers,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#796531: Please switch to the default compiler on mips/mipsel

[Markus Koschany]

On Sat, 22 Aug 2015 14:06:58 +0200 Moritz Muehlenhoff j...@debian.org
wrote:
 Package: berusky2
 Severity: serious
 
 gcc-4.8 will not be included in stretch (765380), but berusky2
 uses it on mips and mipsel.
 
 Please switch to the standard GCC, if the mips porters don't
 get the toolchain fixed, I'd recommend to simply remove mipsen
 support, it's just a game after all.

Hi!

Games are important too. :)

Fortunately we have a fix for that in our Git repository already. I will
upload a new revision soon.

Cheers,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#789108: FTBFS: Graphics.hs:91: No instance for (TwoDimensionalTextureTarget (Maybe a0))

[Markus Koschany]

Control: tags -1 patch

Hi,

please find attached a debdiff for raincat with the necessary changes to
fix this bug. I have also cleaned up the package a little but there are
still two Lintian warnings left. Not sure yet how to fix them properly.

Regards,

Markus
diff -Nru raincat-1.1.1.2/debian/changelog raincat-1.1.1.2/debian/changelog
--- raincat-1.1.1.2/debian/changelog2013-06-22 13:23:04.0 +0200
+++ raincat-1.1.1.2/debian/changelog2015-08-22 14:30:44.0 +0200
@@ -1,3 +1,21 @@
+raincat (1.1.1.2-2) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Markus Koschany ]
+  * Add opengl-2.9.patch and fix FTBFS with newer versions of OpenGL.
+(Closes: #789108)
+  * Declare compliance with Debian Policy 3.9.6.
+  * raincat.desktop: Add keywords and GenericName and Comment in German.
+  * Fix debian/copyright syntax to silence Lintian warnings.
+  * debian/control: Remove superfluous shlibs:Depends substvar from
+raincat-dbg.
+
+  [ Evgeni Golov ]
+  * Correct Vcs-* URLs to point to anonscm.debian.org
+
+ -- Markus Koschany a...@gambaru.de  Sat, 22 Aug 2015 14:14:04 +0200
+
 raincat (1.1.1.2-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru raincat-1.1.1.2/debian/control raincat-1.1.1.2/debian/control
--- raincat-1.1.1.2/debian/control  2013-06-22 13:23:04.0 +0200
+++ raincat-1.1.1.2/debian/control  2015-08-22 14:30:44.0 +0200
@@ -9,10 +9,10 @@
  libghc-mtl-dev, libghc-extensible-exceptions-dev,
  libghc-glut-dev, libghc-opengl-dev, libghc-random-dev, libghc-sdl-dev,
  libghc-sdl-image-dev, libghc-sdl-mixer-dev
-Standards-Version: 3.9.4
+Standards-Version: 3.9.6
 Homepage: http://raincat.bysusanlin.com/
-Vcs-Svn: svn://svn.debian.org/svn/pkg-games/packages/trunk/raincat/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-games/packages/trunk/raincat/
+Vcs-Svn: svn://anonscm.debian.org/pkg-games/packages/trunk/raincat/
+Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-games/packages/trunk/raincat/
 
 Package: raincat
 Architecture: any
@@ -38,7 +38,7 @@
 Section: debug
 Priority: extra
 Architecture: any
-Depends: raincat (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: raincat (= ${binary:Version}), ${misc:Depends}
 Description: 2D puzzle game featuring a fuzzy little cat - debug
  Raincat is a 2d puzzle game similar to the Incredible Machine and Lemmings
  series. Your goal is simple: guide the cat safe and dry to the end of each
diff -Nru raincat-1.1.1.2/debian/copyright raincat-1.1.1.2/debian/copyright
--- raincat-1.1.1.2/debian/copyright2013-06-22 13:23:04.0 +0200
+++ raincat-1.1.1.2/debian/copyright2015-08-22 14:30:44.0 +0200
@@ -2,18 +2,18 @@
 Upstream-Name: Raincat
 Upstream-Contact: Garrick Chin gc...@cmu.edu
 Source: 
http://hackage.haskell.org/packages/archive/Raincat/1.1.1.2/Raincat-1.1.1.2.tar.gz
-Comment: 
+Comment:
  Old source was 
http://www.contrib.andrew.cmu.edu/~gchin/downloads/Raincat.tar.gz
-Debianized-By: Miriam Ruiz little_m...@yahoo.es
-Debianized-Date: Sat, 30 Jan 2010 19:15:17 +0100
+ Debianized-By: Miriam Ruiz little_m...@yahoo.es
+ Debianized-Date: Sat, 30 Jan 2010 19:15:17 +0100
 
 Files: *
 Copyright: Copyright (c) 2010, Garrick Chin
-License: BSD
+License: BSD-3-clause
 
 Files: data/*
 Copyright: Copyright (c) 2010, Garrick Chin
-License: CC-by-sa-3.0
+License: CC-BY-SA-3.0
 Comment:
  The Raincat program graphics and music are distributed under the
  Creative Commons Version Attribution-Share Alike 3.0 license
@@ -21,10 +21,9 @@
 
 Files: debian/*
 Copyright: Copyright (C) 2010, Miriam Ruiz little_m...@yahoo.es
-License: BSD
- The Debian packaging is licensed under the same license as the program.
+License: BSD-3-clause
 
-License: BSD
+License: BSD-3-clause
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are
  met:
@@ -50,7 +49,7 @@
  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-License: CC-by-sa-3.0
+License: CC-BY-SA-3.0
  THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE
  COMMONS PUBLIC LICENSE (CCPL OR LICENSE). THE WORK IS PROTECTED BY
  COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS
diff -Nru raincat-1.1.1.2/debian/patches/opengl-2.9.patch 
raincat-1.1.1.2/debian/patches/opengl-2.9.patch
--- raincat-1.1.1.2/debian/patches/opengl-2.9.patch 1970-01-01 
01:00:00.0 +0100
+++ raincat-1.1.1.2/debian/patches/opengl-2.9.patch 2015-08-22 
14:30:44.0 +0200
@@ -0,0 +1,39 @@
+From: Markus Koschany a...@gambaru.de
+Date: Sat, 22 Aug 2015 13:59:06 +0200
+Subject: opengl 2.9
+
+Taken from
+https://github.com/styx/Raincat/commit/307c24681421b316add18f7c1dfa85c123f836c0
+
+Fixes FTBFS with newer version of OpenGL.
+
+Bug: https://bugs.debian.org/789108
+Forwarded: no
+---
+ src/Nxt/Graphics.hs | 9 -
+ 1 file changed

Bug#795851: openjfx: FTBFS with Gradle 2.5

[Markus Koschany]

I have pushed two commits. The first one implements the minimum
requirements to compile openjfx with gradle 2.5. Unfortunately I haven't
found a way to compile with WEBKIT yet. When I set COMPILE_WEBKIT =
false in debian/gradle.properties, building from source works again.

The question is: Can we temporarily disable the WEBKIT feature and build
without it for a while until upstream catches up with gradle? (They
already have a patch for 2.x but that doesn't seem to work with WEBKIT)

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#672391: libsigc++-1.2: Remove this disuse version of libsigc++

[Markus Koschany]

On Fri, 7 Aug 2015 09:14:47 +0200 Michael Biebl bi...@debian.org wrote:
[...]
  There are only 2 packages in the whole archive depending on it (versus 150+
  for 2.0) : asc and freqtweak. These packages are themselves quite dusty.
 
 I'll bump the severity of those two packages as well for the same reason.

Hi,

I have talked to ASC upstream about this issue. The community around ASC
is still active but there is currently nobody who could completely
replace libsigc++-1.2 with libsigc++-2.0. Of course they would
appreciate a patch. However they are also willing to include
libsigc++-1.2 in their source tree.

I think in this case this is acceptable because libsigc++-1.2 is a well
tested library which has not seen any major security bugs or other
serious flaws during the past nine years. It also works very well with
ASC which is an old but stable and even more important enjoyable game.

I have also considered to maintain libsigc++-1.2 but since I have no
particular interest outside the scope of ASC for this library, it is
better to remove it from Debian. freqtweak looks unmaintained upstream
and in Debian, so I would agree with a removal as well.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#778059: performous: ftbfs with GCC-5

[Markus Koschany]

For now I can't verify the issue because of conflicting dependencies.

The following packages have unmet dependencies:
 libsigc++-2.0-0v5 : Conflicts: libsigc++-2.0-0c2a but 2.4.1-1 is installed.
Unable to resolve dependencies!  Giving up...





signature.asc
Description: OpenPGP digital signature

Bug#792992: gazebo: FTBFS with Bullet 2.83.5

[Markus Koschany]

Am 21.07.2015 um 17:38 schrieb Andreas Cadhalpun:
 Control: tags -1 fixed-upstream patch
 
 Hi,
 
 On 20.07.2015 13:45, Markus Koschany wrote:
 gazebo fails to build from source with the latest version of Bullet,
 2.83.5. Please update your package.
 
 This is fixed upstream [1][2]. Attached is a patch for the debian package.

Great. Thanks.

 
 I am sorry for the short notice of this bug report because I became
 only recently aware of gazebo being a new reverse dependency of
 Bullet. The upload to unstable happened in May but the package passed
 the NEW queue only yesterday.
 
 Preparing library transitions in experimental avoids such problems.

Yup, but since Gazebo has never been in testing, this issue simply fell
through the cracks and shouldn't cause any delay for the transition at all.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#792914: Package: xarchiver

[Markus Koschany]

Control: severity -1 important
Control: tags -1 moreinfo

On Sun, 19. Jul 21:51 Richard Jasmin frazzledj...@gmail.com wrote:
 Package: xarchiver
 Version: 1:0.5.4-1
 Severity: Grave

 Xarchiver has a SERIOUS data LOSS issue.One can attempt to zip up some
 home folders from /home.The problem when doing so is that data gets
 corrupted on add. This does not happen when using zip from the
 commandline.When attempting to unzip these archives, unzip complains
 that there is invalid compressed data to inflate and skips over the bad
 crc marked files.This has resulted in about less than 25GB of a 300GB
 archive to be recovered on restore.I have lost my backup set due to
 this.

Hello,

Xarchiver is merely a frontend for various compression formats and not
much has changed in regard to zip compression since squeeze. Please try
to describe how it is possible to reproduce your issue by attaching a
simple test case to this bug report.

Thanks

Markus


signature.asc
Description: Digital signature

Bug#792992: gazebo: FTBFS with Bullet 2.83.5

[Markus Koschany]

Source: gazebo
Version: 5.0.1+dfsg-2
Severity: serious

Dear maintainer,

gazebo fails to build from source with the latest version of Bullet,
2.83.5. Please update your package.

I am sorry for the short notice of this bug report because I became
only recently aware of gazebo being a new reverse dependency of
Bullet. The upload to unstable happened in May but the package passed
the NEW queue only yesterday.

Please find attached the full build log with all build failures.

Regards,

Markus


gazebo_5.0.1+dfsg-2_amd64.build.gz
Description: application/gzip

Bug#792788: jruby: FTBFS Cannot find parent dependency org.jruby:jruby-artifacts:pom:1.7.21

[Markus Koschany]

Source: jruby
Version: 1.7.21-1
Severity: serious

Hi,

jruby FTBFS in a clean sid cowbuilder environment.

debian/rules override_dh_auto_configure
make[1]: Entering directory '/tmp/buildd/jruby-1.7.21'
/usr/share/maven-debian-helper/copy-repo.sh
/tmp/buildd/jruby-1.7.21/debian
mh_patchpoms -pjruby --debian-build --keep-pom-version \
 --maven-repo=/tmp/buildd/jruby-1.7.21/debian/maven-repo
 --build-no-docs
 [ERROR] Cannot find parent dependency
 org.jruby:jruby-artifacts:pom:1.7.21, use --no-parent option to
 resolve this issue or install the parent POM in the Maven
 repository
 [ERROR] Cannot find parent dependency
 org.jruby:jruby-ext:pom:1.7.21, use --no-parent option to resolve
 this issue or install the parent POM in the Maven repository
 [ERROR] Cannot find parent dependency
 org.jruby:jruby-artifacts:pom:1.7.21, use --no-parent option to
 resolve this issue or install the parent POM in the Maven
 repository

Markus



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#791984: dicomscope: must depend on libdicomscope-jni

[Markus Koschany]

Am 10.07.2015 um 09:09 schrieb Andreas Tille:
 Hi Markus,
 
 thanks for the bug report including patch.  It seems you missed some
 upload in between that has dealt with the upgrade issue - so the
 Breaks is included (I'm not sure about the Replaces since the
 library does not actually replace dicomscope).
 
 I commited the following patch to SVN to enable you a review before
 I'll upload.  Please let me know what you think about it.

Hi Andreas,

sorry, I missed your last upload. I think the patch looks good but I
would readd the Replaces to libdicomscope-jni. I usually follow the
advice to add both, Breaks and Replaces, while doing a package transition.

https://wiki.debian.org/PackageTransition

dicomscope would be case #8

Replaces just means that package B, libdicomscope-jni, replaces some
files in package A but not the whole package. More info here:

https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

Regards,

Markus



signature.asc
Description: OpenPGP digital signature