Processed: Re: Bug#984679: unblock elfutils/0.183-2

[Debian Bug Tracking System]

Processing control commands:

> retitle -1 pre-approval: unblock elfutils/0.183-2
Bug #984679 [release.debian.org] unblock elfutils/0.183-2
Changed Bug title to 'pre-approval: unblock elfutils/0.183-2' from 'unblock 
elfutils/0.183-2'.

-- 
984679: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984679
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#984679: unblock elfutils/0.183-2

[Sergio Durigan Junior]

Control: retitle -1 pre-approval: unblock elfutils/0.183-2

On Saturday, March 06 2021, I wrote:

> Hi,
>
> Please unblock elfutils/0.183-2.
>
> I have just uploaded this version to address
> , which is
> about enabling the use of https://debuginfod.debian.net by default if
> the user chooses to do so when presented with a new debconf question.
>
> This is not an upload of a new upstream version, but it adds a new
> binary package (libdebuginfod-common) which holds the debconf
> template for the new question.  The package is currently in NEW.
>
> In all fairness, I am not entirely sure whether this requires an unblock
> bug, but I decided to be safe and file one.

Here's the debdiff.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/

diff -Nru elfutils-0.183/debian/changelog elfutils-0.183/debian/changelog
--- elfutils-0.183/debian/changelog	2021-02-08 03:56:24.0 -0500
+++ elfutils-0.183/debian/changelog	2021-02-28 21:07:16.0 -0500
@@ -1,3 +1,33 @@
+elfutils (0.183-2) unstable; urgency=medium
+
+  * d/control:
+- B-D on lsb-release.
+- B-D on po-debconf.
+- Create new libdebuginfod-common package.
+- Add myself to Uploaders.
+  * d/rules:
+- Use https://debuginfod.debian.net as our default service.
+  Also, revamp the code responsible for determining libdebuginfod
+  configuration flags.
+- Invoke dh_installdebconf.
+  * d/libdebuginfod-common.templates: Create a debconf template.
+Also, create d/po/POTFILES.in and d/po/templates.pot.
+This template is for the question of whether the user accepts GDB or
+another debuginfo consumer program to connect to Debian's debuginfod
+server.
+  * d/libdebuginfod-common.config: Ask if the user accepts to use Debian's
+debuginfod.
+  * d/libdebuginfod-common.postinst: Act upon the user's answer to the
+debconf question.
+If the user has accepted to use Debian's debuginfod, then the script
+confirms the value of the DEBUGINFOD_URLS environment variable present
+in the shell excerpts under /etc/profile.d.  Otherwise, the script
+will set the variable to an empty value, disabling the remote
+connection to the debuginfod server. (Closes: #983434)
+  * d/libdebuginfod-common.install: Install the profile.d snippets.
+
+ -- Sergio Durigan Junior   Sun, 28 Feb 2021 21:07:16 -0500
+
 elfutils (0.183-1) unstable; urgency=medium
 
   * New upstream release. Changes compared to the snapshot:
diff -Nru elfutils-0.183/debian/control elfutils-0.183/debian/control
--- elfutils-0.183/debian/control	2021-02-08 03:56:24.0 -0500
+++ elfutils-0.183/debian/control	2021-02-28 21:07:16.0 -0500
@@ -2,11 +2,12 @@
 Priority: optional
 Maintainer: Debian Elfutils Maintainers 
 Uploaders: Kurt Roeckx ,
-  Matthias Klose 
+  Matthias Klose ,
+  Sergio Durigan Junior ,
 Build-Depends: debhelper (>= 11),
-  autoconf, automake,
+  autoconf, automake, lsb-release,
   bzip2, zlib1g-dev, zlib1g-dev:native, libbz2-dev, liblzma-dev,
-  m4, gettext,
+  m4, gettext, po-debconf,
   gawk, dpkg-dev (>= 1.16.1~),
   gcc-multilib [any-amd64 sparc64] ,
   libc6-dbg [powerpc powerpcspe ppc64 ppc64el armel armhf arm64 sparc64 riscv64],
@@ -113,7 +114,8 @@
 Architecture: any
 Multi-Arch: same
 Depends: ${shlibs:Depends}, ${misc:Depends},
-  libelf1 (= ${binary:Version}), libdw1 (= ${binary:Version})
+  libelf1 (= ${binary:Version}), libdw1 (= ${binary:Version}),
+  libdebuginfod-common (= ${source:Version})
 Pre-Depends: ${misc:Pre-Depends}
 Description: library to interact with debuginfod (development files)
  The libdebuginfo1 package provides a library with an interface to interact
@@ -142,3 +144,15 @@
  Server, client tool and library to index and fetch ELF/DWARF files
  addressed by build-id through HTTP.
 
+Package: libdebuginfod-common
+Build-Profiles: 
+Section: devel
+Architecture: all
+Multi-Arch: foreign
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Pre-Depends: ${misc:Pre-Depends}, debconf
+Description: library to interact with debuginfod (common files)
+ The libdebuginfo1 package provides a library with an interface to interact
+ with debuginfod.
+ .
+ This package contains the common files for libdebuginfod.
diff -Nru elfutils-0.183/debian/libdebuginfod-common.config elfutils-0.183/debian/libdebuginfod-common.config
--- elfutils-0.183/debian/libdebuginfod-common.config	1969-12-31 19:00:00.0 -0500
+++ elfutils-0.183/debian/libdebuginfod-common.config	2021-02-28 21:07:16.0 -0500
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+db_version 2.0
+db_capb
+
+# Ask whether the user is OK with using Debian's debuginfod.  We just
+# bother with the question if there is actually a debuginfod profile.d
+# script available.
+if [ -f /etc/profile.d/debuginfod.sh ]; then
+if grep -qFx "ID=debian" /etc/os-release; 

Bug#984679: unblock elfutils/0.183-2

[Sergio Durigan Junior]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Hi,

Please unblock elfutils/0.183-2.

I have just uploaded this version to address
, which is
about enabling the use of https://debuginfod.debian.net by default if
the user chooses to do so when presented with a new debconf question.

This is not an upload of a new upstream version, but it adds a new
binary package (libdebuginfod-common) which holds the debconf
template for the new question.  The package is currently in NEW.

In all fairness, I am not entirely sure whether this requires an unblock
bug, but I decided to be safe and file one.

Thanks in advance,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/


signature.asc
Description: PGP signature

Bug#984635: unblock: tqdm/4.57.0-2

[Sandro Tosi]

> > i'm open to suggestions on how to address it, but i would prefer to
> > avoid frankenstein monsters of x.y.zreallym.n.o or giant patches
> > against an old version of tqdm that could be addressed by a new
> > upstream release.
>
> Me too, but tqdm is a key package

apologies, i did not realized tqdm reached the "key package" status,
otherwise it'd have been more careful with the recent uploads :(

> and we really want to avoid
> unnecessary changes at much as possible at this stage. How much smaller
> is the diff between 4.51.0-1 and 4.56.2-1 compared to the current diff?

i let salsa do the diff, as i believe it's a bit easier to navigate
than pure debdiff (at least for upstream changes):

https://salsa.debian.org/python-team/packages/tqdm/-/compare/upstream%2F4.55.1...upstream%2F4.56.2

and this is the upstream diff between 4.56.2 and the latest upstream
release in unstable, 4.57.0:

https://salsa.debian.org/python-team/packages/tqdm/-/compare/upstream%2F4.56.2...upstream%2F4.57.0

which i believe is relatively tiny and mostly contains minor changes

> And what's in the additional delta?

sorry, delta between what specifically? 4.56.2-1 and 4.57.0-2?
https://salsa.debian.org/python-team/packages/tqdm/-/compare/debian%2F4.56.2-1...debian%2F4.57.0-2
the changes in the packaging files are just what's required by the
upstream code changes.

Let me know if some of these answer are not clear or satisfactory

Regards,
-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Bug#984617: marked as done (unblock: lowmem/1.49)

[Debian Bug Tracking System]

Your message dated Sat, 6 Mar 2021 22:12:58 +0100
with message-id <772a51a5-68df-56ce-04c1-352215767...@debian.org>
and subject line Re: Bug#984617: unblock: lowmem/1.49
has caused the Debian Bug report #984617,
regarding unblock: lowmem/1.49
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
984617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

I have uploaded a new version of lowmem, see the attached patch.

[ Reason ]
This updates the memory levels at which the d-i enables low-memory
optimizations.

[ Impact ]
If this isn't getting updated, starting the d-i on an amd64 machine with
an amount of memory between 550MB and 780MB, with default parameters,
will try to install without any low-memory optimization, but that will
fail with OOM errors.

[ Tests ]
I tested the d-i image in each modified case.

[ Risks ]
The code change is trivial: it only changes the numerical level.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock lowmem/1.49

Thanks!
Samuel
diff -Nru lowmem-1.48/debian/changelog lowmem-1.49/debian/changelog
--- lowmem-1.48/debian/changelog2020-12-15 18:15:38.0 +0100
+++ lowmem-1.49/debian/changelog2021-03-03 02:21:13.0 +0100
@@ -1,3 +1,9 @@
+lowmem (1.49) unstable; urgency=medium
+
+  * debian-installer-startup.d/S15lowmem: Update minimum memory sizes.
+
+ -- Samuel Thibault   Wed, 03 Mar 2021 02:21:13 +0100
+
 lowmem (1.48) unstable; urgency=medium
 
   * Team upload
diff -Nru lowmem-1.48/debian-installer-startup.d/S15lowmem 
lowmem-1.49/debian-installer-startup.d/S15lowmem
--- lowmem-1.48/debian-installer-startup.d/S15lowmem2019-06-02 
14:21:18.0 +0200
+++ lowmem-1.49/debian-installer-startup.d/S15lowmem2021-03-03 
02:15:44.0 +0100
@@ -25,9 +25,9 @@
min=39
;;
amd64)
-   level1=483 # MT=494300, qemu: -m 550
-   level2=273 # MT=279260, qemu: -m 300
-   min=145# MT=148188, qemu: -m 170
+   level1=737 # MT=754108, qemu: -m 780
+   level2=424 # MT=433340, qemu: -m 460
+   min=316# MT=322748, qemu: -m 350
;;
arm|armel|armhf)
# Update needed
@@ -42,9 +42,9 @@
min=18
;;
i386)
-   level1=386 # MT=394604, qemu: -m 400
-   level2=237 # MT=242628, qemu: -m 250
-   min=109# MT=110956, qemu: -m 120
+   level1=466 # MT=478056, qemu: -m 485
+   level2=348 # MT=356312, qemu: -m 365
+   min=269# MT=275220, qemu: -m 285
;;
mips)
# Update needed
@@ -89,9 +89,9 @@
min=30# MT=30040, qemu: -m 90
;;
hurd-i386)
-   level1=499 # qemu: -m 500
-   level2=409 # qemu: -m 410
-   min=389# qemu: -m 390
+   level1=600 # MT=614208, qemu: -m 600
+   level2=480 # MT=491328, qemu: -m 480
+   min=475# MT=486208, qemu: -m 475
;;
*)
level1=64
diff -Nru lowmem-1.48/README lowmem-1.49/README
--- lowmem-1.48/README  2019-10-13 20:07:57.0 +0200
+++ lowmem-1.49/README  2021-03-03 02:06:22.0 +0100
@@ -131,13 +131,16 @@
 devices).
 
 In both cases, you need to set min to absolute minimum amount of memory needed
-for an install, booting with lowmem=2, partitioning by hand, etc.
+for an install, booting with lowmem=2, loading only the nic-modules udeb,
+partitioning by hand, etc.
 
 Ideally, constraints should be tested for both netboot and businesscard images
 (businesscard CD will use slightly more memory before partitioning that netinst
 because of mirror selection).
 
-NB: the minimum value should be update in the manual in build/arch-options
+NB: the minimum value should be updated in the manual in build/arch-options
+
+NB: the minimum value should be updated in 
debian-installer/build/boot/x86/f2.txt
 
 NB: the minimum memory required to run the graphical 

Bug#984671: unblock: dbconfig-common/2.0.19

[Paul Gevers]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package dbconfig-common

[ Reason ]
Changes in dbconfig-common made during the bullseye release cycle
introduced a regression handling database names containing hyphens,
which made dbconfig-common fail in postinst when creating a database
user for a database containing a hyphen.

Escape the database name again to reestablish old behaviour.

[ Impact ]
Users that install packages that use dbconfig-common to handle the
database processing can see installation failures if databases are
involved that contain a hyphen.

[ Tests ]
dbconfig-common comes with an extensive test suite that's also run as
autopkgtest. I ran it manually and it passes, after I updated the
references to accommodate for the change.

[ Risks ]
The risk is small as the exact same quoting is present in buster too.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
https://salsa.debian.org/debian/dbconfig-common/-/merge_requests/6

unblock dbconfig-common/2.0.19

Paul
diff -Nru dbconfig-common-2.0.18/debian/changelog 
dbconfig-common-2.0.19/debian/changelog
--- dbconfig-common-2.0.18/debian/changelog 2021-01-29 21:34:31.0 
+0100
+++ dbconfig-common-2.0.19/debian/changelog 2021-03-06 20:56:28.0 
+0100
@@ -1,3 +1,10 @@
+dbconfig-common (2.0.19) unstable; urgency=medium
+
+  [ Simon Hollenbach ]
+  * Fix mysql grant for db names containing hyphens
+
+ -- Paul Gevers   Sat, 06 Mar 2021 20:56:28 +0100
+
 dbconfig-common (2.0.18) unstable; urgency=medium
 
   [ Chris Halls ]
diff -Nru dbconfig-common-2.0.18/internal/mysql 
dbconfig-common-2.0.19/internal/mysql
--- dbconfig-common-2.0.18/internal/mysql   2021-01-29 21:34:31.0 
+0100
+++ dbconfig-common-2.0.19/internal/mysql   2021-03-06 20:56:28.0 
+0100
@@ -326,7 +326,7 @@
 fi
 cat << EOF >> "$l_sqlfile"
 ALTER USER '$dbc_dbuser'@'$dbc_dballow' IDENTIFIED BY '$(dbc_mysql_escape_str 
"$dbc_dbpass")';
-GRANT ALL PRIVILEGES ON $dbc_dbname.* TO '$dbc_dbuser'@'$dbc_dballow';
+GRANT ALL PRIVILEGES ON \`$dbc_dbname\`.* TO '$dbc_dbuser'@'$dbc_dballow';
 FLUSH PRIVILEGES;
 EOF
 l_dbname=$dbc_dbname
diff -Nru dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.nohost.sql.txt 
dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.nohost.sql.txt
--- dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.nohost.sql.txt
2021-01-29 21:34:31.0 +0100
+++ dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.nohost.sql.txt
2021-03-06 20:56:28.0 +0100
@@ -1,4 +1,4 @@
 CREATE USER IF NOT EXISTS 'testdbuser'@'localhost';
 ALTER USER 'testdbuser'@'localhost' IDENTIFIED BY 'testdbpass';
-GRANT ALL PRIVILEGES ON testdbname.* TO 'testdbuser'@'localhost';
+GRANT ALL PRIVILEGES ON `testdbname`.* TO 'testdbuser'@'localhost';
 FLUSH PRIVILEGES;
diff -Nru dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.remote.sql.txt 
dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.remote.sql.txt
--- dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.remote.sql.txt
2021-01-29 21:34:31.0 +0100
+++ dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.remote.sql.txt
2021-03-06 20:56:28.0 +0100
@@ -1,4 +1,4 @@
 CREATE USER IF NOT EXISTS 'testdbuser'@'host2';
 ALTER USER 'testdbuser'@'host2' IDENTIFIED BY 'testdbpass';
-GRANT ALL PRIVILEGES ON testdbname.* TO 'testdbuser'@'host2';
+GRANT ALL PRIVILEGES ON `testdbname`.* TO 'testdbuser'@'host2';
 FLUSH PRIVILEGES;


OpenPGP_signature
Description: OpenPGP digital signature

Bug#984617: unblock: lowmem/1.49

[Cyril Brulebois]

Hi,

Paul Gevers  (2021-03-06):
> As this relates to d-i, I've explicitly put kibi in CC to give his ACK.

Yes, that's fine; thanks.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#984605: marked as done (unblock: debian-edu-config/2.11.51)

[Debian Bug Tracking System]

Your message dated Sat, 6 Mar 2021 21:46:35 +0100
with message-id <81548a07-16cf-8d97-478f-17b71fa8f...@debian.org>
and subject line Re: Bug#984605: unblock: debian-edu-config/2.11.51
has caused the Debian Bug report #984605,
regarding unblock: debian-edu-config/2.11.51
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
984605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984605
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
x-debbugs-cc: debian-...@lists.debian.org

Hi,

please unblock package debian-edu-config, the debdiff is small and self 
explaining
and fixes an important bug:

$ debdiff debian-edu-config_2.11.50.dsc debian-edu-config_2.11.51.dsc
diff -Nru debian-edu-config-2.11.50/cf3/cf.dhcpserver 
debian-edu-config-2.11.51/cf3/cf.dhcpserver
--- debian-edu-config-2.11.50/cf3/cf.dhcpserver 2021-01-31 18:38:48.0 
+0100
+++ debian-edu-config-2.11.51/cf3/cf.dhcpserver 2021-03-05 18:52:59.0 
+0100
@@ -32,6 +32,8 @@
 
 "/usr/bin/systemctl enable isc-dhcp-server.service"
   contain => in_shell;
+"/usr/bin/touch /var/lib/dhcp/dhcpd.leases"
+  contain => in_shell;
 "/usr/bin/systemctl restart isc-dhcp-server.service"
   contain => in_shell;
 }
diff -Nru debian-edu-config-2.11.50/debian/changelog 
debian-edu-config-2.11.51/debian/changelog
--- debian-edu-config-2.11.50/debian/changelog  2021-02-16 15:39:04.0 
+0100
+++ debian-edu-config-2.11.51/debian/changelog  2021-03-05 19:58:03.0 
+0100
@@ -1,3 +1,11 @@
+debian-edu-config (2.11.51) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * cf3/cf.dhcpserver: Make sure the dhcpd.leases file exists. Closes: #984596.
+(Without a leases file, isc-dhcp-server remains in starting stage forever.)
+
+ -- Holger Levsen   Fri, 05 Mar 2021 19:58:03 +0100
+

unblock debian-edu-config/2.11.51

Thanks for all your work on bullseye!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes... (Greta Thunberg)


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi Holger,

On 05-03-2021 20:03, Holger Levsen wrote:
> unblock debian-edu-config/2.11.51

unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Processed: Re: Bug#984617: unblock: lowmem/1.49

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed d-i
Bug #984617 [release.debian.org] unblock: lowmem/1.49
Added tag(s) d-i and confirmed.

-- 
984617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984617
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#984617: unblock: lowmem/1.49

[Paul Gevers]

Control: tags -1 confirmed d-i

Hi Samuel,

On 05-03-2021 22:45, Samuel Thibault wrote:
> unblock lowmem/1.49

As this relates to d-i, I've explicitly put kibi in CC to give his ACK.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#984635: unblock: tqdm/4.57.0-2

[Paul Gevers]

Hi Sandro,

On 06-03-2021 19:50, Sandro Tosi wrote:
> to properly fix 980680 tqdm/4.56.2-1 is required, which is a newer
> upstream release than bullseye anyway (since it has 4.51.0-1).
> 
> i'm open to suggestions on how to address it, but i would prefer to
> avoid frankenstein monsters of x.y.zreallym.n.o or giant patches
> against an old version of tqdm that could be addressed by a new
> upstream release.

Me too, but tqdm is a key package and we really want to avoid
unnecessary changes at much as possible at this stage. How much smaller
is the diff between 4.51.0-1 and 4.56.2-1 compared to the current diff?
And what's in the additional delta?

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#984648: marked as done (unblock: packages with unversioned python dependencies)

[Debian Bug Tracking System]

Your message dated Sat, 6 Mar 2021 19:51:49 +0100
with message-id 
and subject line Re: Bug#984648: unblock: packages with unversioned python 
dependencies
has caused the Debian Bug report #984648,
regarding unblock: packages with unversioned python dependencies
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
984648: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984648
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org

we don't want to ship packages in bullseye still referencing the unversioned
python packages in build dependencies, dependencies and recommendations.

Graham Inggs and I were looking for those, and identified at least yasm and
zziplib, fixed in

  yasm/1.3.0-2.1
  zziplib/0.13.62-3.3

The tracker
https://release.debian.org/transitions/html/unversioned-python-rm.html

shows some more packages as affected, but these all seem to be false positives:
  dipy
  nipype
  ola
  pycairo
  pygame-sdl2
  spyne
  voluptuous
--- End Message ---
--- Begin Message ---
Hi Matthias,

On 06-03-2021 13:23, Matthias Klose wrote:
>   yasm/1.3.0-2.1
>   zziplib/0.13.62-3.3

unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#984635: unblock: tqdm/4.57.0-2

[Sandro Tosi]

> What matters here is the delta between testing and unstable:
>  88 files changed, 2803 insertions(+), 1897 deletions(-)

that's right: the 4.56.2-1 upload fixed 980680 while this unblock
request is for 4.57.0-2 which fixes #983007, but you're right i didnt
diff testing..unstable

> Please review your own request taking into account all uploads since the
> package currently in testing. I would prefer a revert of the upstream
> version and just a fix for the FTBFS (#980680) in bullseye, is fixing
> that an option without the new upstream release?

to properly fix 980680 tqdm/4.56.2-1 is required, which is a newer
upstream release than bullseye anyway (since it has 4.51.0-1).

i'm open to suggestions on how to address it, but i would prefer to
avoid frankenstein monsters of x.y.zreallym.n.o or giant patches
against an old version of tqdm that could be addressed by a new
upstream release.

Regards,
-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Processed: Re: Bug#984635: unblock: tqdm/4.57.0-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #984635 [release.debian.org] unblock: tqdm/4.57.0-2
Added tag(s) moreinfo.

-- 
984635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984635
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#984635: unblock: tqdm/4.57.0-2

[Paul Gevers]

Control: tags -1 moreinfo

Hi Sandro,

On 06-03-2021 05:42, Sandro Tosi wrote:
> the last upload of tqdm fixes a RC bug

Thanks.

> [ Risks ]
> trivial fix

What matters here is the delta between testing and unstable:
 88 files changed, 2803 insertions(+), 1897 deletions(-)

That's not "trivial fix".

> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing

Please review your own request taking into account all uploads since the
package currently in testing. I would prefer a revert of the upstream
version and just a fix for the FTBFS (#980680) in bullseye, is fixing
that an option without the new upstream release?

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#984651: unblock: freedict/2021.01.05-3

[Sebastian Humenda]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freedict

The previous version ran the build in parallel and consumed vast amounts of
memory. The fix is simplistic: just build sequentially. I therefore would like
to request to unblock the package, since it will not affect the stability of
the upcoming release. It was blocked by #982730.

Debdiff:

```
gpgv: Signature made Tue Feb 16 22:48:52 2021 CET
gpgv:using RSA key A8574EA4228468D0463BEB0C731F86C6AC61798D
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on 
/tmp/freedict_2021.01.05-2.dsc
gpgv: Signature made Sat Mar  6 14:05:06 2021 CET
gpgv:using RSA key 0DD2BC30C6C7326B3FFACD24DBF124790B30ECA5
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on 
/mnt/sdb6/streicher/quellen/debian/freedict/freedict_2021.01.05-3.dsc
diff -Nru freedict-2021.01.05/debian/changelog 
freedict-2021.01.05/debian/changelog
--- freedict-2021.01.05/debian/changelog2021-02-16 22:45:56.0 
+0100
+++ freedict-2021.01.05/debian/changelog2021-03-03 18:26:24.0 
+0100
@@ -1,3 +1,9 @@
+freedict (2021.01.05-3) unstable; urgency=medium
+
+  * properly disable parallel builds (Closes: #982730)
+
+ -- Sebastian Humenda   Wed, 03 Mar 2021 18:26:24 +0100
+
 freedict (2021.01.05-2) unstable; urgency=medium

   * rules: Decrease --max-parallel to 1 (Closes: #982730)
diff -Nru freedict-2021.01.05/debian/control freedict-2021.01.05/debian/control
--- freedict-2021.01.05/debian/control  2021-02-16 22:45:03.0 +0100
+++ freedict-2021.01.05/debian/control  2021-03-03 18:26:24.0 +0100
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Sebastian Humenda 
 Build-Depends: debhelper-compat (= 13), freedict-tools (>= 0.5.0)
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
 Rules-Requires-Root: no
 Homepage: https://freedict.org/
 Vcs-Browser: https://salsa.debian.org/freedict-team/dictionaries
diff -Nru freedict-2021.01.05/debian/control.HEAD 
freedict-2021.01.05/debian/control.HEAD
--- freedict-2021.01.05/debian/control.HEAD 2021-02-16 22:45:03.0 
+0100
+++ freedict-2021.01.05/debian/control.HEAD 2021-03-03 18:26:24.0 
+0100
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Sebastian Humenda 
 Build-Depends: debhelper-compat (= 13), freedict-tools (>= 0.5.0)
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
 Rules-Requires-Root: no
 Homepage: https://freedict.org/
 Vcs-Browser: https://salsa.debian.org/freedict-team/dictionaries
diff -Nru freedict-2021.01.05/debian/rules freedict-2021.01.05/debian/rules
--- freedict-2021.01.05/debian/rules2021-02-16 22:45:46.0 +0100
+++ freedict-2021.01.05/debian/rules2021-03-03 15:14:00.0 +0100
@@ -11,10 +11,10 @@
 BUILD_MODE ?= normal

 # pass parallelisation through from debhelper
-ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-NUMJOBS = $(patsubst parallel=%,%,$(filter 
parallel=%,$(DEB_BUILD_OPTIONS)))
-MAKEFLAGS += -j$(NUMJOBS)
-endif
+#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+#NUMJOBS = $(patsubst parallel=%,%,$(filter 
parallel=%,$(DEB_BUILD_OPTIONS)))
+#MAKEFLAGS += -j$(NUMJOBS)
+#endif

 %:
dh $@ --max-parallel=1
```

Note that due to hardware failure, I cannot access my private key at the
moment, but that shouldn't make the debdiff less useful.


unblock freedict/2021.01.05-3

-- System Information:
Debian Release: 10.8
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: i386 (i686)

Kernel: Linux 4.19.0-14-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#984487: nmu: libzstd1 rdeps relying on 1.3.8

[Stephen Kitt]

On Fri, 5 Mar 2021 10:34:06 +0100, Sebastian Ramacher 
wrote:
> On 2021-03-04 07:06:05, Stephen Kitt wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: binnmu
> > 
> > Dear release team,
> > 
> > libzstd1 used to provide an over-enthusiastic symbols file, which has
> > resulted in dependencies which are too relaxed. The library API isn’t
> > determined by its exported symbols, unfortunately, but by one of its
> > headers. See https://bugs.debian.org/969597 and
> > https://github.com/facebook/zstd/pull/2501 for details.
> > 
> > As a result, a (small) number of packages have picked up a dependency
> > on “libzstd1 (>= 1.3.8)” when it should be “(>= 1.4.0)” — they were
> > built with one of the 1.4 packages, but the symbols file declared some
> > of the 1.4 functions as available in 1.3.8 (which they were,
> > technically, but with a different API in some cases).  
> 
> Please explain. If they were available with a different API prior to
> 1.4, that sounds like an ABI break to me. In that case, the binNMUs
> would just hide the problem.

They weren’t intended to be available as part of the library API. libzstd
distinguishes two sets of functions: one intended for use by programs linked
with the dynamic library, another intended for use by programs linked
statically. Programs built in Debian abide by this rule and don’t use any
symbols they shouldn’t.

Unfortunately, the way the library is built means that “static-only” symbols
are still exported by the dynamic library (even though no dynamically-linked
program uses them). The symbols file appears to have been generated
mechanically, and as a result it includes symbols starting from the point
where they appeared in the library, and not when they officially became part
of the library’s API. The result is that programs built against libzstd 1.4.0
or later, using symbols added in 1.4.0, end up with a dependency on libzstd
1.3.8 or later, even though libzstd 1.3.8 doesn’t support the API they use.

The point of the binNMUs is to fix the latter, by ensuring that packages
depending on libzstd 1.4.0 or later really get an appropriate version of
libzstd. Without this, users can end up with broken packages if they only
partially upgrade their system.

I’m working on a longer-term fix with upstream, see
https://github.com/facebook/zstd/pull/2501 for details. I’ve already
substantially reduced the number of exported symbols (which were never part
of the external API and aren’t used by external users) in 1.4.9 upstream.

Arguably this is a soname breakage, but the case can also be made that it
isn’t: libzstd1 *is* backwards-compatible with all programs built against
older versions, even though some of its exported symbols changed their API
(they weren’t used in the incompatible versions). The invalid dependency
declaration is a consequence of Debian packaging only, IMO. The shlibs file
in the current package in unstable follows upstream’s instructions.

Regards,

Stephen


pgp1jnyQOuQJ6.pgp
Description: OpenPGP digital signature

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: linux_4.19.177-1_mips64el-buildd.changes
  ACCEPT

Bug#984645: unblock: refpolicy/2:2.20210203-4

[Russell Coker]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package refpolicy

[ Reason ]
This new version has lots of changes that will make the experience more
pleasant for users.  It specifically allows some of the recent features
in systemd, chromium/chrome, and KDE.  It allows gpg with pinentry to be
run from user_t (the confined user).  It allows some extra access that
mailman3 requires.  It also allows newaliases to run with Postfix.

[ Impact ]
If this isn't in Bullseye then the SE Linux experience for users will be
a little more annoying.  Things won't work out of the box as expected
without it and local customisations to resolve the issues won't be of as
high quality as the ones I developed.  Also without this version there
will be audit messages that will be confusing and annoying.

[ Tests ]
For the programs subject to the policy in question, they were run
repeatedly with the new policy, VMs running them were rebooted, and the
results were inspected to see if they operated correctly and didn't give
unwanted audit messages.

[ Risks ]
Most changes are granting new access, not access that is unexpected given
the context, and not access that is likely to be part of a vulnerability
chain.  These have low possibility of causing any problem.

The change for the newaliases command is more complex, but being unable
to run newaliases is a serious issue so it's worth doing.  The worst
case might be some domain being unable to send mail from a script.  But
in all the test cases it worked.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing


unblock refpolicy/2:2.20210203-4

diff -Nru refpolicy-2.20210203/debian/changelog 
refpolicy-2.20210203/debian/changelog
--- refpolicy-2.20210203/debian/changelog   2021-02-23 16:57:40.0 
+1100
+++ refpolicy-2.20210203/debian/changelog   2021-03-05 21:11:58.0 
+1100
@@ -1,3 +1,35 @@
+refpolicy (2:2.20210203-4) unstable; urgency=medium
+
+  * Allow ntpd_t to get the status of generic systemd units
+  * Allow kernel_t self:perf_event cpu.
+  * Allow chromium to watch network manager runtime dirs (for resolv.conf)
+Allow chromium to run naclhelper with nnp_transition
+Allow chromium to watch root dirs
+Allow chromium to read/write unix sockets from the calling domain
+  * Make Postgresql use postgresql_tmpfs_t for tmpfs files and make 
+mon_local_test_t and systemd_logind_t not have getattr access to tmpfs
+files audited.
+  * Allow systemd_user_runtime_dir_t to unlink device nodes of type
+user_tmp_t, they probably should not exist, so it's in the hacks patch.
+  * Allow the acngtool to read random and urandom devices and search fs sysctls
+  * Add wm_write_xdg_data tunable to allow user_wm_t etc to write xdg data.
+  * Allow chromium to watch gnome_xdg_config_t dirs
+  * Label pinentry programs as gpg_agent_exec_t and allow gpg_agent_t to exec
+them
+  * Create new admin_mail_t domain so that newaliases can work with Postfix
+  * Added a transition rule so that vipw/vigr gives the right context for
+/etc/passwd and /etc/group
+  * Allow acngtool_t to read /proc/sys/kernel/random/uuid
+  * Allow unconfined domains lockdown confidentiality and integrity access
+  * Allow netutils_t netlink_generic_socket access for tcpdump
+  * Allow smbcontrol to create a sock_file in a samba run dir
+  * Allow mailman_queue_t to bind to all unreserved TCP ports
+  * Allow systemd_coredump_t to mmap all executables and to have cap_userns
+sys_ptrace access. dontaudit systemd_coredump_t capability net_admin
+  * Allow mailman_queue_t to connect to port 443
+
+ -- Russell Coker   Fri, 05 Mar 2021 21:11:58 +1100
+
 refpolicy (2:2.20210203-3) unstable; urgency=medium
 
   * Add policy for blkmapd which is part of nfs service (included in upstream)
diff -Nru refpolicy-2.20210203/debian/patches/0002-strict 
refpolicy-2.20210203/debian/patches/0002-strict
--- refpolicy-2.20210203/debian/patches/0002-strict 2021-02-17 
13:40:42.0 +1100
+++ refpolicy-2.20210203/debian/patches/0002-strict 2021-02-25 
11:47:38.0 +1100
@@ -245,3 +245,15 @@
  
  tunable_policy(`pulseaudio_execmem',`
allow pulseaudio_t self:process execmem;
+Index: refpolicy-2.20210203/policy/modules/services/ntp.te
+===
+--- refpolicy-2.20210203.orig/policy/modules/services/ntp.te
 refpolicy-2.20210203/policy/modules/services/ntp.te
+@@ -130,6 +130,7 @@ term_use_ptmx(ntpd_t)
+ auth_use_nsswitch(ntpd_t)
+ 
+ init_exec_script_files(ntpd_t)
++init_get_generic_units_status(ntpd_t)
+ 
+ logging_send_syslog_msg(ntpd_t)
+ 
diff -Nru refpolicy-2.20210203/debian/patches/0025-systemd 
refpolicy-2.20210203/debian/patches/0025-systemd
--- refpolicy-2.20210203/debian/patches/0025-systemd2021-02-17 

Bug#984642: unblock: policycoreutils/3.1-3

[Russell Coker]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package policycoreutils

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
This version fixes bug #983447 which is grave and risks kicking the package
out of Bullseye.  It also closes bug #922448 and avoids trying to relabel
non-persistent filesystems on reboot.

[ Impact ]
All SE Linux packages get removed from Debian I guess, catastrophic for all
SE Linux users in Debian.

[ Tests ]
Manual test is to create an empty file /.autorelabel and reboot the system
and verify that it causes a relabel, then create a file /.autorelabel with
the contents "-F" and verify that it works.

[ Risks ]
The changed code is pretty simple, and in day to day usage it isn't even
used.  It's only used for corner cases of an initial installation.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)

unblock policycoreutils/3.1-3

Here is the debdiff:

diff -Nru policycoreutils-3.1/debian/changelog 
policycoreutils-3.1/debian/changelog
--- policycoreutils-3.1/debian/changelog2021-02-11 02:46:48.0 
+1100
+++ policycoreutils-3.1/debian/changelog2021-03-05 20:45:24.0 
+1100
@@ -1,3 +1,16 @@
+policycoreutils (3.1-3) unstable; urgency=medium
+
+  * Remove needless quotes around $FORCE variable in
+/lib/systemd/selinux-autorelabel to avoid shell error on empty file
+Closes: #983447
+  * Add check for noautorelabel command line option to prevent relabeling
+Closes: #922448
+  * Make fixfiles avoid trying to relabel tmpfs and other non-permanent
+filesystems
+Closes: #984567
+
+ -- Russell Coker   Fri, 05 Mar 2021 20:45:24 +1100
+
 policycoreutils (3.1-2) unstable; urgency=medium
 
   [ Laurent Bigonville ]
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel 
policycoreutils-3.1/debian/local/selinux-autorelabel
--- policycoreutils-3.1/debian/local/selinux-autorelabel2021-02-11 
02:46:48.0 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel2021-03-05 
20:32:47.0 +1100
@@ -29,7 +29,7 @@
 
FORCE=$(cat /.autorelabel)
[ -x "/sbin/quotaoff" ] && /sbin/quotaoff -aug
-   /sbin/fixfiles "$FORCE" restore
+   /sbin/fixfiles $FORCE restore
 fi
 rm -f  /.autorelabel
 [ -x /usr/lib/dracut/dracut-initramfs-restore ] && 
/usr/lib/dracut/dracut-initramfs-restore
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh 
policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
--- policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh   
2021-02-11 02:46:48.0 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh   
2021-03-05 20:05:29.0 +1100
@@ -21,6 +21,9 @@
 }
 
 if selinuxenabled; then
+if grep -sqE "\bnoautorelabel\b" /proc/cmdline; then
+exit 0
+fi
 if test -f /.autorelabel; then
 set_target
 elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
diff -Nru policycoreutils-3.1/debian/patches/fixfiles-remove-extras 
policycoreutils-3.1/debian/patches/fixfiles-remove-extras
--- policycoreutils-3.1/debian/patches/fixfiles-remove-extras   1970-01-01 
10:00:00.0 +1000
+++ policycoreutils-3.1/debian/patches/fixfiles-remove-extras   2021-03-05 
20:37:08.0 +1100
@@ -0,0 +1,13 @@
+Index: policycoreutils-3.1/scripts/fixfiles
+===
+--- policycoreutils-3.1.orig/scripts/fixfiles
 policycoreutils-3.1/scripts/fixfiles
+@@ -45,7 +45,7 @@ FS="`cat /proc/self/mounts | sort | uniq
+ for i in $FS; do
+   if [ `useseclabel` -ge 0 ]
+   then
+-  grep " $i " /proc/self/mounts | awk '{print $4}' | egrep 
--silent '(^|,)seclabel(,|$)' && echo $i
++  grep " $i " /proc/self/mounts | egrep -v "(tmpfs)|( 
/sys)|(^devpts)|(^hugetlbfs)|(^mqueue)" | awk '{print $4}' | egrep --silent 
'(^|,)seclabel(,|$)' && echo $i
+   else
+   grep " $i " /proc/self/mounts | grep -v "context=" | egrep 
--silent '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i
+   fi
diff -Nru policycoreutils-3.1/debian/patches/series 
policycoreutils-3.1/debian/patches/series
--- policycoreutils-3.1/debian/patches/series   2021-02-11 02:46:48.0 
+1100
+++ policycoreutils-3.1/debian/patches/series   2021-03-05 20:33:22.0 
+1100
@@ -1 +1,2 @@
 fixfiles-correctly-restore-context-of-mountpoints.patch
+fixfiles-remove-extras

Bug#984648: unblock: packages with unversioned python dependencies

[Matthias Klose]

Package: release.debian.org

we don't want to ship packages in bullseye still referencing the unversioned
python packages in build dependencies, dependencies and recommendations.

Graham Inggs and I were looking for those, and identified at least yasm and
zziplib, fixed in

  yasm/1.3.0-2.1
  zziplib/0.13.62-3.3

The tracker
https://release.debian.org/transitions/html/unversioned-python-rm.html

shows some more packages as affected, but these all seem to be false positives:
  dipy
  nipype
  ola
  pycairo
  pygame-sdl2
  spyne
  voluptuous

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: linux_4.19.177-1_mips-buildd.changes
  ACCEPT