Bug#622947: per-maintainer insights into migrations and transitions

[Paul Wise]

On Thu, 2023-11-30 at 14:14 +0100, Paul Gevers wrote:

> The tracker has been doing this for years now.

distro-tracker doesn't have per-maintainer pages
at all and neither does the QA excuses page AFAICT.

The DDPO kind of does, but doesn't list transitions etc.

The DMD kind of does too, but also no transitions etc.

So I suggest reopening this request.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems

[Paul Wise]

On Sat, 2023-09-09 at 11:42 +0200, Bastian Blank wrote:

> The first one is the one with included size limitations, because those
> load the kernel from a pre-defined flash partition, whose size can't be
> easily changed by the user.  This one is now overflowing for the second
> to last documented one in the kernel package config.

Seems like this would be solvable by writing a bootloader to the flash
partition that would be able to load Linux from a normal filesystem?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1040001: transition: r-base

[Paul Wise]

On Sat, 2023-07-01 at 14:29 +0200, Andreas Tille wrote:

> I've filed Bug#1040038 with the patch for r-graphics-api and updated
> branch r-api-graphic branch of dh-r[1] to match the suggested patch
> immediately once uploaded.

I've sent a suggestion to bug #1040038 for not hard-coding the API
number and extracting it from the header instead. Dirk also posted
an R-native version of what I suggested to the bug too.

The dh-r r-api-graphic branch also hard-codes the list of packages that
should get the graphics API dependency but that list will need manual
maintenance as packages add/drop use of R_GE_checkVersionOrDie.

The objdump tool can export the list of dynamically imported symbols,
that can be searched for use of R_GE_checkVersionOrDie and then if it
is, assume that it is called with R_GE_version and add the dependency.

   $ objdump -T debian/*/usr/lib/R/site-library/*/libs/*.so | grep 
R_GE_checkVersionOrDie
     DF *UND*     Base    
R_GE_checkVersionOrDie

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Inquiry about Debian Rootfs Construction

[Paul Wise]

On Thu, 2023-03-30 at 08:41 +0200, Paul Gevers wrote:

> That is not the responsibility of this team. I'm also not sure what you 
> mean with rootfs, but I think you mean how to bootstrap Debian. We have 
> several tools in Debian that do that. I *think* debootstrap [1] is the 
> one used for the Debian installer, but things like mmdebstrap [2] exist.

PS: there is this wiki page listing all the ways to build packages
and systems, including rootfs and rootfs-like constructions:

https://wiki.debian.org/SystemBuildTools

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1034326: unblock: evolution/3.46.4-2 - fix message scrolling regression due to WebKitGTK changes

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: evolut...@packages.debian.org, Jeremy Bicha 
Control: affects -1 + src:evolution

Please unblock package evolution

[ Reason ]
Due to a change in WebKitGTK, pressing the space key often (but not
always) doesn't scroll through the message preview, making it much
harder to skim through email quickly.

https://gitlab.gnome.org/GNOME/evolution/-/issues/2302
https://lists.osuosl.org/pipermail/evolution-users/2023-March/166704.html

Since evolution upstream no longer supports 3.46.x, I asked the GNOME
team to cherry-pick the patch and Jeremy Bicha did that, also added
translation update patches and asked me to file this unblock request.

[ Impact ]
Reading email involves more use of the mouse for the evolution users,
since scrolling with keyboard no longer works reliably.

This could have an impact on users with keyboard preferences or users
who aren't able to use a mouse easily or at all.

[ Tests ]
I manually tested that the updated package fixes the issue and tested
the message previewing more generally for both HTML and plain text
emails and noticed no regressions or strange behaviour.

[ Risks ]
The patch is small and direct from upstream. The evolution MUA is part
of the default GNOME desktop, so a better user experience is important.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I have filtered out the translation update patches in the debdiff,
because otherwise the debdiff is very large:

debdiff evolution_3.46.4-1.dsc evolution_3.46.4-2.dsc > 
evolution_3.46.4-1_3.46.4-2.debdiff
filterdiff -x '*/debian/patches/*-translation*.patch' < 
evolution_3.46.4-1_3.46.4-2.debdiff > 
evolution_3.46.4-1_3.46.4-2.filtered.debdiff

[ Unblock ]
unblock evolution/3.46.4-2

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru evolution-3.46.4/debian/changelog evolution-3.46.4/debian/changelog
--- evolution-3.46.4/debian/changelog	2023-02-10 20:12:00.0 +0800
+++ evolution-3.46.4/debian/changelog	2023-04-12 22:28:02.0 +0800
@@ -1,3 +1,10 @@
+evolution (3.46.4-2) unstable; urgency=medium
+
+  * Cherry-pick patch from GNOME 44 to fix spacebar to scroll preview messages
+  * Cherry-pick translation updates from gnome-43 branch
+
+ -- Jeremy Bicha   Wed, 12 Apr 2023 10:28:02 -0400
+
 evolution (3.46.4-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru evolution-3.46.4/debian/patches/I-2302-Mail-Space-bar-no-longer-scrolls-preview-messages.patch evolution-3.46.4/debian/patches/I-2302-Mail-Space-bar-no-longer-scrolls-preview-messages.patch
--- evolution-3.46.4/debian/patches/I-2302-Mail-Space-bar-no-longer-scrolls-preview-messages.patch	1970-01-01 08:00:00.0 +0800
+++ evolution-3.46.4/debian/patches/I-2302-Mail-Space-bar-no-longer-scrolls-preview-messages.patch	2023-04-12 22:28:02.0 +0800
@@ -0,0 +1,51 @@
+From: Milan Crha 
+Date: Mon, 27 Mar 2023 13:54:02 +0200
+Subject: I#2302 - Mail: Space bar no longer scrolls preview messages
+
+This started with WebKitGTK 2.40.0.
+
+Closes https://gitlab.gnome.org/GNOME/evolution/-/issues/2302
+
+(cherry picked from commit c3db2b69133baba1264386c1dd38e277338140d5)
+---
+ data/webkit/e-web-view.js | 13 ++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/data/webkit/e-web-view.js b/data/webkit/e-web-view.js
+index ab9ca5a..78f7dc3 100644
+--- a/data/webkit/e-web-view.js
 b/data/webkit/e-web-view.js
+@@ -805,6 +805,9 @@ Evo.MailDisplayUpdateIFramesHeight = function()
+ 
+ 	if (scrolly != -1 && document.defaultView.scrollY != scrolly)
+ 		document.defaultView.scrollTo(0, scrolly);
++
++	Evo.mailDisplayResizeContentToPreviewWidth();
++	Evo.mailDisplayUpdateMagicSpacebarState();
+ }
+ 
+ if (this instanceof Window && this.document) {
+@@ -956,7 +959,9 @@ Evo.mailDisplayResizeContentToPreviewWidth = function()
+ 	width -= 20; /* 10 + 10 margins of body */
+ 
+ 	traversar.set_iframe_and_body_width(document, width, width, 0);
+-	window.webkit.messageHandlers.scheduleIFramesHeightUpdate.postMessage(0);
++
++	if (document.documentElement.clientWidth - 20 > width)
++		window.webkit.messageHandlers.scheduleIFramesHeightUpdate.postMessage(0);
+ }
+ 
+ Evo.mailDisplayUpdateMagicSpacebarState = function()
+@@ -1284,8 +1289,10 @@ Evo.MailDisplayBindDOM = function(iframe_id, markCitationColor)
+ 	Evo.mailDisplayResizeContentToPreviewWidth();
+ 	Evo.mailDisplayUpdateMagicSpacebarState();
+ 
+-	document.defaultView.onresize = Evo.mailDisplayResized;
+-	document.defaultView.onscroll = Evo.mailDisplayUpdateMagicSpacebarState;
++	if (document.body) {
++		document.body.onresize = Evo.mailDisplayResized;
++		document.body.onscroll = Evo.mailDisplayUpdateMagicSpacebarState;
++	}
+ }
+ 
+ Evo.MailDisplayShowAttachment = function(element_id, show)
diff -Nru 

Re: Debian 11.6 release date

[Paul Wise]

On Mon, 2022-11-14 at 00:05 +0800, meida...@foxmail.com wrote:

> I don't know much about Debian's messaging channels. It's been 2
> months since Debian 11.5 was released, and I was wondering if there
> are any plans to release Debian 11.6 in the next few days?

The Debian Release Team website documents the next point release date:

   https://release.debian.org/#release-dates

   Next point releases
   
    * stable (11.6) Not yet planned; maybe mid-late November 2022

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: EXPKEYSIG CBF8D6FD518E17E1 Jessie Stable Release Key

[Paul Wise]

On Sat, 2022-11-12 at 14:10 +0300, Tanzeela Javid wrote:

> I am getting this error and I cannot understand how to resolve this
> 
> EXPKEYSIG CBF8D6FD518E17E1 Jessie Stable Release Key
> 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1

Please contact our support channels for help using Debian:

https://www.debian.org/support

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1018098: bullseye-pu: package foxtrotgps/1.2.2+bzr331-1~deb11u1

[Paul Wise]

On Thu, 2022-08-25 at 19:21 +0300, Adrian Bunk wrote:

> Paul, please ACK/NAK whether you as maintainer consider this appropriate.

Looks good to me, thanks.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1009845: nmu: bind-dyndb-ldap_11.9-5+b2

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: bind-dyndb-l...@packages.debian.org, bi...@packages.debian.org

The bind9-dyndb-ldap binary package built from the bind-dyndb-ldap
source package has a strict dependency on bind9, so it needs a rebuild
after every update to bind9. That hasn't happened for the recent bind9
update that fixes several security issues, which means those security
fixes have been blocked from entering bookworm for 32 days.

   $ apt-cache show bind9-dyndb-ldap | grep -Eo 'Depends[^,]*|Version.*'
   Version: 11.9-5+b1
   Depends: bind9-libs (= 1:9.18.0-2)

nmu bind-dyndb-ldap_11.9-5+b2 . ANY . unstable . -m "Rebuild against bind9 
1:9.18.1-1"

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1006704: nmu: memlockd_1.3-2: rebuild to fix missing binary issue (Closes: #1000229)

[Paul Wise]

Control: close -1

On Sat, 2022-03-05 at 18:13 +0100, Sebastian Ramacher wrote:

> How did that happen? I'd prefer that memlockd is fixed so that this
> cannot happen again.

Looks like it builds correctly with debuild -b but not -B due to the
install target in debian/rules not getting used for arch-only builds,
so this binNMU will not actually fix the issue.

The install target can easily be replaced by dh_* so I'll report that
to bug #1000229 and submit an NMU to fix the issue. 

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1006704: nmu: memlockd_1.3-2: rebuild to fix missing binary issue (Closes: #1000229)

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

The current memlockd .deb does not contain /usr/sbin/memlockd, but
simply rebuilding the package fixes the issue. This was reported in 
#1000229 and confirmed by me using debuild and pbuilder. Please rebuild
the package using a binNMU in order to fix the issue and close the bug.

nmu memlockd_1.3-2 . ANY . unstable . -m "rebuild to fix missing binary issue 
(Closes: #1000229)"

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: discover is marked for autoremoval from testing

[Paul Wise]

On Tue, 2022-01-11 at 19:37 +0100, Paul Gevers wrote:

> So, I guess the text could be updated to reflect this? I *guess* the 
> reason that the e-mail was sent was because the bug was closed with the 
> upload. That resets the autoremoval timer (until the issue is fixed *in 
> testing*). The script doesn't have enough information to determine if
> the package will migrate successfully, so like with any autoremoval date 
> change it will inform the relevant parties.

I have noticed this confusion happens a lot and generates a lot of
discussion on this list and elsewhere, which is suboptimal. It might be
less confusing for everyone if autoremovals that probably aren't going
to happen were just hidden from maintainers. If the autoremoval date is
after the scheduled migration date and there is nothing blocking the
migration except for the wait time, then there should be no need to
mail the maintainer about it nor show the autoremoval on the DPT page.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: chromium: Update to version 94.0.4606.61 (security-fixes)

[Paul Wise]

On Fri, 2021-12-17 at 11:28 +0100, Moritz Mühlenhoff wrote:

> Could anyone who's using Chromium on Debian please create a page on
> wiki.debian.org which lists the alternative options to use a current
> Chromium (Flatpak, ungoogled Chromium from elsewhere, snap, whatever
> else there is)?

The existing Chromium page is probably the place to add that:

https://wiki.debian.org/Chromium

The new info should link to the existing page about ungoogled Chromium:

https://wiki.debian.org/ungoogled-chromium

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#995636: OpenSSL 3.0 - Apache 2.0 vs GPL 2 (Re: Bug#995636: transition: openssl)

[Paul Wise]

On Wed, Oct 6, 2021 at 11:30 AM Luca Boccassi wrote:
> On Tue, 2021-10-05 at 21:04 +0200, Sebastian Andrzej Siewior wrote:
> > Additionally OpenSSL is considered system library, see
> >   https://bugs.debian.org/951780
> >   https://bugs.debian.org/972181
>
> Even if that interpretation holds, and it's not a universal
> interpretation (eg: lawyers from Canonical strongly disagree as far as
> I know), again that applies to first-party binaries only as far as I
> understand. It's not as clear-cut with libraries used by third parties.

As I understand it, it is meant only for binaries distributed by
parties other than the one distributing the system containing the
"system library". So third-party app distributors are fine to ignore
the incompatibility between a GPL app and a proprietary libc, but the
OS vendor can't include GPL apps linked to that proprietary libc
within their system.

https://lists.debian.org/debian-devel/2020/10/msg00168.html

> The core issue as always is uncertainty: any time there are doubts and
> conflicting interpretations, we all lose, especially our users, and
> especially those that are then forced to have awkward conversations
> with their corporate lawyers. Which is why it's really unfortunate that
> , in order to fix compatibility issues with the GPL, among all the
> permissive licenses available out there, the OpenSSL project picked the
> _one_ that has serious compatibility questions with the GPL :-(

I believe OpenSSL 3's choice of the Apache 2 license only improves
compatibility, it doesn't reduce it. GPLv3 is supposedly compatible
with Apache 2, so GPLv3 and GPLv2+ programs are newly compatible with
OpenSSL 3. Most existing GPLv2-only programs that use OpenSSL will
have the exception anyway.

--
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#994584: nmu: ricochet-im_1.1.4-3+b5

[Paul Wise]

On Sat, 18 Sep 2021 13:58:56 +0800 Paul Wise wrote:

> nmu ricochet-im_1.1.4-3+b5 . ANY . unstable . -m "Rebuild for the GCC 10 
> transition (Closes #992668)"

This appears to have been completed.

> nmu ricochet-im_1.1.4-3+b5 . ANY . bullseye . -m "Rebuild for the GCC 10 
> transition (Closes #992668)"

This doesn't appear to have been scheduled yet.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#994585: nmu: ricochet-im_1.1.4-3+b5

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

The transition from GCC 9 to 10 seems to have changed the size of the
C++ type Type, which breaks a runtime check of this size. I have tested
that rebuilding ricochet-im fixes the runtime error, which is this:

/usr/include/c++/9/bits/move.h:194:7: runtime error: load of value 279, which 
is not a valid value for type 'Type'

These are the binNMUs that need to be scheduled:

nmu ricochet-im_1.1.4-3+b5 . ALL . bullseye . -m "Rebuild for GCC 10 C++ 
transition (Closes: #992668)"
nmu ricochet-im_1.1.4-3+b5 . ALL . unstable . -m "Rebuild for GCC 10 C++ 
transition (Closes: #992668)"

armel/armhf are on +b2, others on +b4, seems fine to use +b5 for all.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#994584: nmu: ricochet-im_1.1.4-3+b5

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Control: affects -1 + ricochet-im
X-Debbugs-CC: ricochet...@packages.debian.org

Please rebuild ricochet-im in bullseye and unstable, the transition
from GCC 9 to 10 seems to have changed the size of the C++ type Type
which is breaking a runtime check of the size, the runtime error is:

/usr/include/c++/9/bits/move.h:194:7: runtime error: load of value 279, which 
is not a valid value for type 'Type'

I confirmed that rebuilding ricochet-im is enough to fix the error.

The binNMUs that need scheduling are:

nmu ricochet-im_1.1.4-3+b5 . ANY . bullseye . -m "Rebuild for the GCC 10 
transition (Closes #992668)"
nmu ricochet-im_1.1.4-3+b5 . ANY . unstable . -m "Rebuild for the GCC 10 
transition (Closes #992668)"

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#994221: reportbug: for release.debian.org rm bugs, ask for suite and redirect to ftp.debian.org for unstable/experimental

[Paul Wise]

Package: reportbug
Severity: wishlist
Control: affects -1 + release.debian.org
X-Debbugs-CC: release.debian@packages.debian.org

Removals from unstable regularly end up being filed against the
release.debian.org psuedo-package (#994195 is the latest example).

It would be useful to have those redirected to the right psuedo-package
ftp.debian.org. For release.debian.org rm requests, please ask for
which suite the removal is for (as is done for ftp.debian.org removals)
and if it is for unstable/experimental then redirect the request to the
ftp.debian.org psuedo-package (as is done in the other direction for
ftp.debian.org removals for the testing suite).

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#991480: unblock: calamares-settings-debian/11.0.5

[Paul Wise]

On Sun, Jul 25, 2021 at 12:24 PM Jonathan Carter wrote:

> It has been found today that when the sources.list were updated for the
> updated sources.list URI in bullseye, that the original bug for this contained
> an incorrect suggestion for the sources.list entry that is now present in the
> sources.list generated by calamares-settings-debian. This patch corrects that.

FTR: the original bug report (#969930 AFAICT) correctly suggested
bullseye-security, so the wrong sources.list entry wasn't caused by
the original bug.

> +  * New upstream release
> +(Closes: #991474)

I would suggest this instead:

> +  * New upstream release
> +Corrects the apt sources for security updates (Closes: #991474)

--
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#990825: [pre-approval] unblock: golang-1.15/1.15.9-6

[Paul Wise]

On Wed, 2021-07-14 at 20:16 +0800, Shengjing Zhu wrote:

> That feels over-engineering/energy-wasting.

Another option would be to search the source code, and these findings
would need to be confirmed using grep, but looking at codesearch:

   
https://codesearch.debian.net/search?q=%5C.generateClientKeyExchange=0

   golang-github-marten-seemann-qtls
   golang-github-marten-seemann-qtls-go1-15
   golang-github-cloudflare-cfssl
   golang-refraction-networking-utls
   heartbleeder

As well as anything that transitively build-depends on any of these.

That said, I don't think rebuilding those packages will fix the issue,
since they have embedded code copies of key_agreement.go and possibly
use those copies instead of the code from the std library. There are
also a number of other copies of key_agreement.go as well as copies of
handshake_client.go, which calls the vulnerable code.

   $ apt-file search -I dsc key_agreement.go
   android-platform-external-boringssl: /src/ssl/test/runner/key_agreement.go
   chromium: /third_party/boringssl/src/ssl/test/runner/key_agreement.go
   gcc-avr: /gcc/libgo/go/crypto/tls/key_agreement.go
   gcc-riscv64-unknown-elf: /libgo/go/crypto/tls/key_agreement.go
   golang-1.15: /src/crypto/tls/key_agreement.go
   golang-1.16: /src/crypto/tls/key_agreement.go
   golang-github-cloudflare-cfssl: /scan/vendor/crypto/tls/key_agreement.go
   golang-github-marten-seemann-qtls: /key_agreement.go
   golang-github-marten-seemann-qtls-go1-15: /key_agreement.go
   golang-refraction-networking-utls: /key_agreement.go
   heartbleeder: /tls/key_agreement.go
   llvm-toolchain-9: 
/llgo/third_party/gofrontend/libgo/go/crypto/tls/key_agreement.go
   mono: /external/boringssl/ssl/test/runner/key_agreement.go
   
   $ apt-file search -I dsc handshake_client.go
   android-platform-external-boringssl: /src/ssl/test/runner/handshake_client.go
   chromium: /third_party/boringssl/src/ssl/test/runner/handshake_client.go
   gcc-avr: /gcc/libgo/go/crypto/tls/handshake_client.go
   gcc-riscv64-unknown-elf: /libgo/go/crypto/tls/handshake_client.go
   golang-1.15: /src/crypto/tls/handshake_client.go
   golang-1.16: /src/crypto/tls/handshake_client.go
   golang-github-cloudflare-cfssl: /scan/vendor/crypto/tls/handshake_client.go
   golang-github-marten-seemann-qtls: /handshake_client.go
   golang-github-marten-seemann-qtls-go1-15: /handshake_client.go
   golang-refraction-networking-utls: /handshake_client.go
   heartbleeder: /tls/handshake_client.go
   llvm-toolchain-9: 
/llgo/third_party/gofrontend/libgo/go/crypto/tls/handshake_client.go
   mono: /external/boringssl/ssl/test/runner/handshake_client.go

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#990825: [pre-approval] unblock: golang-1.15/1.15.9-6

[Paul Wise]

On Tue, Jul 13, 2021 at 6:12 AM Shengjing Zhu wrote:

> Sadly the std library are statically embedded in all packages built by Go 
> compiler.
> So if there's security issue in std library, bunch of packages need to be 
> rebuild.
>
> It may be possible to disassemble all Go binaries to see how many std 
> libraries
> are embedded, but currently we don't have such tool to go through all 
> unpacked binary
> packages.

An alternative more brute-force approach might be to rebuild all
packages locally twice, once without the patched std library and once
with the patched std library, then use diffoscope to compare the
binaries and if there are any changes then request a binNMU for the
package. Packages that don't use the crypto library should not have it
linked in and should see no changes after rebuilding with the patch.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#991094: unblock: foxtrotgps/1.2.2+bzr330-1: imagemagick FTBFS, gpsd API usage fix

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package foxtrotgps

This fixes the fallout from imagemagick disabling EPS output (#987504)
and something that was missed when porting to recent gpsd APIs.

[ Reason ]
The foxtrotgps documentation build by default converted .png files to
EPS files for inclusion in the DVI and PS formatted documentation but
the Debian package doesn't contain DVI/PS formatted documentation.
Since imagemagick now blocks conversion to EPS, the upstream fix simply
disables building EPS files unless building DVI/PS documentation.

The gpsd developers deprecated using the GPS fix status in favour of
using the GPS fix mode for detecting when a GPS position is available.
The patch simply adds support for detecting 2D/3D fix modes.

The GPS patch is minimal, fixes an important bug and both patches are
already upstream, so I elected to package the latest upstream commit.

[ Impact ]
The package will FTBFS and will not be able to show the current GPS fix
location with the current gpsd version.

[ Tests ]
I tested the build fix and the gpsd patch submitter tested the gpsd fix.

[ Risks ]
This is a leaf package and the changes are small, the risks are low.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Thanks for all your work on the bullseye release.

unblock foxtrotgps/1.2.2+bzr330-1

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru foxtrotgps-1.2.2+bzr328/changelog/ChangeLog foxtrotgps-1.2.2+bzr330/changelog/ChangeLog
--- foxtrotgps-1.2.2+bzr328/changelog/ChangeLog	2021-01-31 16:18:24.0 +0800
+++ foxtrotgps-1.2.2+bzr330/changelog/ChangeLog	2021-07-14 07:44:15.0 +0800
@@ -1,4 +1,37 @@
 
+revno: 330
+committer: Paul Wise 
+branch nick: bzr
+timestamp: Mon 2021-04-26 12:33:42 +0800
+message:
+  Only create the EPS formatted images for the DVI/PS formatted
+  documentation
+
+  The EPS files are not needed for other documentation formats,
+  some distributions are now disabling EPS support in ImageMagick
+  and the DVI/PS documentation formats are rarely used.
+modified:
+  doc/Makefile.am
+
+revno: 329
+author: diego roversi 
+committer: Paul Wise 
+branch nick: bzr
+timestamp: Sun 2021-03-07 14:05:44 +0800
+message:
+  Also accept 2D/3D fix modes as indicator of a valid GPS fix
+
+  The libgps developers recommend to use the fix mode rather than
+  the status,
+  which many GNSS receivers do not supply or have incompatible
+  implementations.
+
+  Fixes: https://bugs.launchpad.net/bugs/1917998
+  See-also:
+  https://gitlab.com/gpsd/gpsd/-/commit/c3b0fb6394964ca57cecfa0a65d6b3cde2dd1f6f
+modified:
+  src/gps_functions.c
+
 revno: 328
 author: Maciej S. Szmigiero
 committer: Paul Wise 
diff -Nru foxtrotgps-1.2.2+bzr328/debian/changelog foxtrotgps-1.2.2+bzr330/debian/changelog
--- foxtrotgps-1.2.2+bzr328/debian/changelog	2021-01-31 16:47:52.0 +0800
+++ foxtrotgps-1.2.2+bzr330/debian/changelog	2021-07-14 07:58:30.0 +0800
@@ -1,3 +1,11 @@
+foxtrotgps (1.2.2+bzr330-1) unstable; urgency=medium
+
+  * New upstream snapshot.
+- Fixes FTBFS with new imagemagick (Closes: #991056)
+- Fixes use of deprecated gpsd API (see LP#1917998)
+
+ -- Paul Wise   Wed, 14 Jul 2021 07:58:30 +0800
+
 foxtrotgps (1.2.2+bzr328-1) unstable; urgency=medium
 
   [ Paul Wise ]
diff -Nru foxtrotgps-1.2.2+bzr328/doc/Makefile.am foxtrotgps-1.2.2+bzr330/doc/Makefile.am
--- foxtrotgps-1.2.2+bzr328/doc/Makefile.am	2021-01-09 08:39:19.17100 +0800
+++ foxtrotgps-1.2.2+bzr330/doc/Makefile.am	2021-04-26 12:33:42.0 +0800
@@ -6,7 +6,8 @@
 
 info_TEXINFOS = foxtrotgps.texi
 
-foxtrotgps_TEXINFOS = $(images) $(images_eps)
+foxtrotgps_TEXINFOS = $(images)
+DVIS = $(images_eps) foxtrotgps.dvi
 
 images = \
 	foxtrotgps-logo.png \
diff -Nru foxtrotgps-1.2.2+bzr328/src/gps_functions.c foxtrotgps-1.2.2+bzr330/src/gps_functions.c
--- foxtrotgps-1.2.2+bzr328/src/gps_functions.c	2021-01-09 08:39:19.17100 +0800
+++ foxtrotgps-1.2.2+bzr330/src/gps_functions.c	2021-04-26 12:33:42.0 +0800
@@ -763,7 +763,7 @@
 			gpsdata->fix.time = (time_t) 0;
 		}
 #if GPSD_API_MAJOR_VERSION >= 10
-		gpsdata->valid = (libgps_gpsdata.fix.status != STATUS_NO_FIX);
+		gpsdata->valid = (libgps_gpsdata.fix.status != STATUS_NO_FIX || libgps_gpsdata.fix.mode >= MODE_2D);
 #else
 		gpsdata->valid = (libgps_gpsdata.status != STATUS_NO_FIX);
 #endif


signature.asc
Description: This is a digitally signed message part

Bug#990171: unblock: apparmor-profiles-extra/1.34

[Paul Wise]

Control: close -1

On Tue, Jun 22, 2021 at 8:39 AM Holger Levsen wrote:
> On Tue, Jun 22, 2021 at 09:57:02AM +0800, Paul Wise wrote:
> > [ Reason ]
> > The autoremoval will be before the fix for RC bug #989193 migrates.
>
> (I dont think so, but that's beside my point here.)

It would have been if I hadn't pinged the bug to delay the
autoremoval, it was initially suggested on IRC that an unblock was the
right way to do this, but later clarified that pinging the bug was the
right approach.

> I'm wondering whether apparmor-profiles-extra should be a key package, after
> all apparmor is installed by default these days...

apparmor-profiles-extra isn't installed by default, but maybe it should be.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#990171: unblock: apparmor-profiles-extra/1.34

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-CC: apparmor-profiles-ex...@packages.debian.org

Please unblock package apparmor-profiles-extra

[ Reason ]
The autoremoval will be before the fix for RC bug #989193 migrates.

[ Impact ]
The package will not be available in the bullseye release and so
various apps will not have AppArmor security restrictions.

[ Tests ]
The autopkgtests pass for this package migration.

[ Risks ]
The change is a one character addition of the link permission for a
situation where it being missing breaks another package. 
This is a leaf package. No alternatives available.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None.

unblock apparmor-profiles-extra/1.34

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru apparmor-profiles-extra-1.33/debian/changelog apparmor-profiles-extra-1.34/debian/changelog
--- apparmor-profiles-extra-1.33/debian/changelog	2021-04-02 19:40:29.0 +0800
+++ apparmor-profiles-extra-1.34/debian/changelog	2021-06-09 14:23:10.0 +0800
@@ -1,3 +1,10 @@
+apparmor-profiles-extra (1.34) unstable; urgency=medium
+
+  * apt-cacher-ng: allow link operations on the contents of the cache directory
+(Closes: #989193). Thanks to Eduard Bloch  for the patch.
+
+ -- intrigeri   Wed, 09 Jun 2021 06:23:10 +
+
 apparmor-profiles-extra (1.33) unstable; urgency=medium
 
   * autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
diff -Nru apparmor-profiles-extra-1.33/debian/README.Debian apparmor-profiles-extra-1.34/debian/README.Debian
--- apparmor-profiles-extra-1.33/debian/README.Debian	2021-04-02 19:40:29.0 +0800
+++ apparmor-profiles-extra-1.34/debian/README.Debian	2021-06-09 14:23:10.0 +0800
@@ -2,7 +2,7 @@
 =
 
 - apt-cacher-ng: taken from the apparmor-profiles repository
-  at MR !50.
+  at MR !51.
 - GStreamer abstraction: taken from the apparmor-profiles repository
   at MR !49.
 - irssi: taken from the apparmor-profiles repository
@@ -20,4 +20,4 @@
 
 https://gitlab.com/apparmor/apparmor-profiles
 
- -- intrigeri , Fri,  2 Apr 2021 11:19:19 +0200
+ -- intrigeri , Wed,  9 Jun 2021 08:21:51 +0200
diff -Nru apparmor-profiles-extra-1.33/profiles/usr.sbin.apt-cacher-ng apparmor-profiles-extra-1.34/profiles/usr.sbin.apt-cacher-ng
--- apparmor-profiles-extra-1.33/profiles/usr.sbin.apt-cacher-ng	2021-04-02 19:40:29.0 +0800
+++ apparmor-profiles-extra-1.34/profiles/usr.sbin.apt-cacher-ng	2021-06-09 14:23:10.0 +0800
@@ -18,7 +18,7 @@
   /var/lib/apt-cacher-ng/** r,
   /{,var/}run/apt-cacher-ng/* rw,
   @{APT_CACHER_NG_CACHE_DIR}/ r,
-  @{APT_CACHER_NG_CACHE_DIR}/** rw,
+  @{APT_CACHER_NG_CACHE_DIR}/** rwl,
   /var/log/apt-cacher-ng/ r,
   /var/log/apt-cacher-ng/* rw,
   /{,var/}run/systemd/notify w,


signature.asc
Description: This is a digitally signed message part

Bug#989643: unblock: formiko/1.3.0

[Paul Wise]

Control: tags -1 - moreinfo

On Wed, Jun 9, 2021 at 5:21 PM Sebastian Ramacher wrote:

> This appears to be a pre-approval request. Please remove the moreinfo
> tag once the new version is available in unstable.

Sponsored the package.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: REPOSITÓRIO DEBIAN 10 BUSTER

[Paul Wise]

On Tue, Mar 16, 2021 at 8:06 PM Luís Fernando Russo Alves wrote:

> Venho através desse caminho para suporte do Debian10 Buster ...

Please contact support for help using Debian.

[Tradução automática] Entre em contato com o suporte para obter ajuda
usando o Debian:

https://www.debian.org/support.pt
https://lists.debian.org/debian-user-portuguese/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
https://bonedaddy.net/pabs3/

Bug#981096: buster-pu: package file/1:5.35-4+deb10u1

[Paul Wise]

On Tue, Jan 26, 2021 at 9:21 AM Christoph Biedl wrote:

> Problem: The old limit turned out to be too strict, and instead of
> avoiding DoS this broke legitimate use of that feature. Also, Paul
> Wise (Cc:'ed), asked me repeatedly to backport this to buster, I
> trust he has good reason to to so.

The reason is that we hit the limit at $work and so have been manually
maintaining a rebuild with the patch for a while, which breaks things
briefly after security updates in oldstable/stable, so having the
patch in Debian would be helpful. We are using the Perl bindings so we
couldn't use the command-line option to override the limit and the
Perl bindings didn't have support for overriding the limit. We got
file upstream to increase the default limit, got Christoph to backport
the limit to bullseye and got the Perl bindings upstream to add
support for overriding the limit.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#980520: britney: excuses: reduce verbosity of autopkgtest results

[Paul Wise]

On Wed, 2021-01-20 at 19:26 +0100, Paul Gevers wrote:

> Passing packages that are still shown are those where an update
> happened since the successful run, so they are more or less
> "pending". I realize that probably nobody realizes this.

It is very non-obvious from the output, I'd suggest putting Pending
instead of Pass for the packages in that scenario.

> I think we had other ideas on how to improve readability but IIRC,
> those had to wait until jessie became EOL, as our ideas weren't
> compatible with grep-excuses in jessie. This now happened so we could
> pick that up.

Good to hear, is there a bug about those ideas?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#980520: britney: excuses: reduce verbosity of autopkgtest results

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: britney

The excuses page is often very verbose because of the autopkgtest
results, especially for packages with lots of reverse dependencies.

For packages where all the results are Pass, those packages could be
left out of the excuses altogether, since they don't prevent migration,
or perhaps grep-excuses should gain an option to hide them instead?

For packages where all the results are the same for every arch, the
excuses could collapse all of those packages into one line.

  • autopkgtest Regression for foo bar baz
  • autopkgtest Ignored failure for foo bar baz
  • autopkgtest Pass for foo bar baz

For packages with multiple arches you could group arches by the status
rather than printing the status for each architecture, since the
architecture names are shorter than the status texts.

  • autopkgtest for foo/1.2-3: Regression: amd64 arm64 armhf, Ignored failure: 
ppc64el: Ignored failure, Pass: i386

The combination of these ideas would result in less verbose excuses.

Here is an example of a long version of the excuses:

   $ grep-excuses -w pytest
   Excuse for pytest
   
 • Migration status for pytest (4.6.11-1 to 6.0.2-2): BLOCKED: 
Rejected/violates migration policy/introduces a regression
 • Issues preventing migration:
 • autopkgtest for dask.distributed/2.10.0+ds.1-3: amd64: Ignored failure, 
arm64: Ignored failure, armhf: Ignored failure, i386: Ignored failure, ppc64el: 
Ignored failure
 • autopkgtest for docopt/0.6.2-2.2: amd64: Regression ♻ (reference ♻), 
arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻), ppc64el
   : Regression ♻ (reference ♻)
 • autopkgtest for git-big-picture/0.10.1-1: armhf: Pass, i386: Pass, 
ppc64el: Pass
 • autopkgtest for html5lib/1.1-2: amd64: Regression ♻ (reference ♻), 
arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻), ppc64el:
   Regression ♻ (reference ♻)
 • autopkgtest for ipykernel/5.4.2-1: ppc64el: Pass
 • autopkgtest for jupyter-client/6.1.6-1: ppc64el: Pass
 • autopkgtest for jupyter-notebook/6.1.6-2: armhf: Pass, i386: Pass, 
ppc64el: Pass
 • autopkgtest for nbformat/5.0.8-1: armhf: Pass, i386: Pass, ppc64el: Pass
 • autopkgtest for pytest-doctestplus/0.7.0-2: armhf: Pass, i386: Pass, 
ppc64el: Pass
 • autopkgtest for pytest-mpi/0.4-2: amd64: Regression ♻ (reference ♻), 
arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻), ppc64el
   : Regression ♻ (reference ♻)
 • autopkgtest for python-dugong/3.7.4+dfsg-2: amd64: Regression ♻ 
(reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ 
(reference ♻), i386: Regression ♻ (reference ♻
   ), ppc64el: Regression ♻ (reference ♻)
 • autopkgtest for python-llfuse/1.3.6+dfsg-2: amd64: Regression ♻ 
(reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ 
(reference ♻), i386: Regression ♻ (reference ♻
   ), ppc64el: Regression ♻ (reference ♻)
 • autopkgtest for python-mechanicalsoup/0.10.0-3: armhf: Regression ♻ 
(reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ 
(reference ♻)
 • autopkgtest for python-pymeasure/0.5-1: amd64: Regression ♻ (reference 
♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻),
   ppc64el: Regression ♻ (reference ♻)
 • autopkgtest for reprotest/0.7.15: amd64: Pass, arm64: Ignored failure, 
armhf: Ignored failure, i386: Ignored failure, ppc64el: Pass
 • autopkgtest for sphinx-argparse/0.2.2-3: amd64: Regression ♻ (reference 
♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻),
   ppc64el: Regression ♻ (reference ♻)
 • autopkgtest for sqlparse/0.3.1-1: amd64: Regression ♻ (reference ♻), 
arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: 
Regression ♻ (reference ♻), ppc64el
   : Regression ♻ (reference ♻)
 • autopkgtest for statsmodels/0.12.1-1: amd64: Pass, armhf: Pass, i386: 
Pass, ppc64el: Pass
 • autopkgtest for sunpy/2.0.5-1: armhf: Pass, i386: Pass, ppc64el: Pass
 • autopkgtest for xonsh/0.9.24+dfsg-2: armhf: Regression ♻ (reference ♻), 
i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻)
 • Implicit dependency: pytest python-pytest-asyncio
 • Additional info:
 • Updating pytest fixes old bugs: #978289
 • Piuparts tested OK - https://piuparts.debian.org/sid/source/p/pytest.html
 • 17 days old (needed 5 days)
 • Depends: pytest python-pytest-asyncio

   Excuses generated Wed Jan 20 04:11:43 2021

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Release status of i386 for Bullseye and long term support for 3 years?

[Paul Wise]

On Tue, Jan 5, 2021 at 10:24 PM Lou Poppler wrote:

> I would like to help.
...
> Please suggest any debian lists or IRC channels or webpages I should look at,
> or other steps to make myself useful.  Thanks.

The general page for how to help Debian is here:

https://www.debian.org/intro/help

More specifically, you could:

Join the #debian-cd, #debian-boot, #debian-buildd, #debian-ftp,
#debian-ports (introduce yourself here at minimum), #debian-release
and #debian-toolchain IRC channels (and maybe #debian-devel). There
isn't really a mailing list for i386, so maybe use debian-devel or
debian-amd64.

Help test the installer:

https://wiki.debian.org/Teams/DebianCD/ReleaseTesting

Install and enable popularity-contest on your i386 machines and submit
to the Linux hardware database. Encourage other i386 users to do the
same.

https://popcon.debian.org/
https://wiki.debian.org/Hardware/Database
https://linux-hardware.org/

Create install wiki pages for the hardware you own:

https://wiki.debian.org/InstallingDebianOn

Help maintain the installer and documentation:

https://wiki.debian.org/DebianInstaller
https://www.debian.org/releases/stable/i386/

Create a new i386 page in the Ports area on the wiki based on the template:

https://wiki.debian.org/Ports
https://wiki.debian.org/PortTemplate

Maintain the other documentation about the i386 port:

https://www.debian.org/ports/i386/
https://wiki.debian.org/i386

Create a scheme to tag i386-specific bugs (maybe user debian-devel,
usertag i386) and maintain the installer usertags for debian-boot and
the port usertags. Work on fixing the bugs tagged i386.

https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=debian-b...@lists.debian.org=i386
https://wiki.debian.org/Teams/Debbugs/ArchitectureTags

Work on increasing the amount of software that builds and works on i386:

https://udd.debian.org/cgi-bin/ftbfs.cgi?arch=i386
https://buildd.debian.org/status/architecture.php?a=i386
https://tests.reproducible-builds.org/debian/testing/index_suite_i386_stats.html
https://ci.debian.net/status/

Follow #debian and #debian-next and help out any i386 users asking
questions (although there aren't (m)any in practice).

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Release status of i386 for Bullseye and long term support for 3 years?

[Paul Wise]

On Mon, Dec 14, 2020 at 11:36 PM Adrian Bunk wrote:

> A bigger worry for i386 would be the availability of microcode updates

This is also a big problem for amd64, since only the newest
generations of Intel processors get BIOS/UEFI and or microcode
updates, so lots of amd64 users (including myself) do not have
microcode updates.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#974982: transition: krb5

[Paul Wise]

On Sat, 21 Nov 2020 01:51:27 + Paul Wise wrote:
> We are using libapache2-mod-auth-kerb at my workplace, I've raised an
> issue about taking over modauthkerb upstream or just switching to
> another module 

We have decided to switch to the gssapi module.

I would recommend that libapache2-mod-auth-kerb gets orphaned and the
maintainer reported to the MIA folks.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#974982: transition: krb5

[Paul Wise]

On Fri, Nov 20, 2020 at 7:45 PM Sam Hartman wrote:

> I note that libapache2-mod-auth-kerb seems to  be QA maintained
> effectively in Debian.
> I haven't looked at upstream to see if they have a fix.

Upstream is basically unmaintained, despite still having users.

We are using libapache2-mod-auth-kerb at my workplace, I've raised an
issue about taking over modauthkerb upstream or just switching to
another module but I suspect that modauthkerb should just get removed
from Debian in favour of mod_auth_gssapi, which is supposed to be a
replacement.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#958887: buster-pu: package purple-discord/0.9.2019.02.07.git.e5d9627-1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

A change to the Discord service causes crashes in purple-discord. There
is a workaround for this issue in unstable that I would like to have in Debian 
buster. I have uploaded the package to Debian buster just now and I attach the 
debdiff for review.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru purple-discord-0.9.2019.02.07.git.e5d9627/debian/changelog purple-discord-0.9.2019.02.07.git.e5d9627/debian/changelog
--- purple-discord-0.9.2019.02.07.git.e5d9627/debian/changelog	2019-02-09 10:54:10.0 +0800
+++ purple-discord-0.9.2019.02.07.git.e5d9627/debian/changelog	2020-04-26 17:47:55.0 +0800
@@ -1,3 +1,9 @@
+purple-discord (0.9.2019.02.07.git.e5d9627-1+deb10u1) buster; urgency=medium
+
+  * Backport workaround for crashes in ssl_nss_read (Closes: #955635)
+
+ -- Paul Wise   Sun, 26 Apr 2020 17:47:55 +0800
+
 purple-discord (0.9.2019.02.07.git.e5d9627-1) unstable; urgency=medium
 
   * New upstream snapshot
diff -Nru purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/series purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/series
--- purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/series	1970-01-01 08:00:00.0 +0800
+++ purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/series	2020-04-26 17:47:55.0 +0800
@@ -0,0 +1 @@
+workaround-ssl_nss_read-crashes.patch
diff -Nru purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/workaround-ssl_nss_read-crashes.patch purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/workaround-ssl_nss_read-crashes.patch
--- purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/workaround-ssl_nss_read-crashes.patch	1970-01-01 08:00:00.0 +0800
+++ purple-discord-0.9.2019.02.07.git.e5d9627/debian/patches/workaround-ssl_nss_read-crashes.patch	2020-04-26 17:47:55.0 +0800
@@ -0,0 +1,18 @@
+Description: Wrap all purple_ssl_read's to prevent segfaults elsewhere
+Origin: https://github.com/EionRobb/purple-discord/compare/4e71974...db7dc79.diff
+Bug: https://github.com/EionRobb/purple-discord/issues/288
+Bug-Debian: https://bugs.debian.org/955635
+Author: Eion Robb 
+Applied-Upstream: yes
+--- a/libdiscord.c
 b/libdiscord.c
+@@ -50,6 +50,9 @@
+ 
+ #include "markdown.h"
+ 
++// Prevent segfault in libpurple ssl plugins
++#define purple_ssl_read(a, b, c)  ((a) && (a)->private_data ? purple_ssl_read((a), (b), (c)) : 0)
++
+ #define DISCORD_PLUGIN_ID "prpl-eionrobb-discord"
+ #ifndef DISCORD_PLUGIN_VERSION
+ #define DISCORD_PLUGIN_VERSION "0.1"


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Sun, 2020-03-29 at 08:45 +0200, Paul Gevers wrote:

> But wouldn't that be harder to find for tracker and other consumers?

There is a symlink testing -> bullseye so this works:

https://release.debian.org/testing/freeze-and-release-dates.yaml

I'm not sure when it gets updated but I assume during the release.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Sat, 2020-03-28 at 22:21 +0100, Paul Gevers wrote:

> I have stripped some more from template in the other bug;

Looks good, but the quiet_period URL points at a buster mail.

> the first version should appear soon at
> https://release.debian.org/freeze-and-release-dates.yaml

I would suggest putting it at a per-release URL:

https://release.debian.org/bullseye/freeze-and-release-dates.yaml

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Thu, 2020-03-26 at 21:32 +0100, Paul Gevers wrote:

> maybe all the tracker needs is the freeze date and the release date.

I guess that would probably do it yeah.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Fri, 2020-03-13 at 22:56 +0100, Paul Gevers wrote:

> I assume you have read the current freeze_policy [1]. As you have seen,
> we have introduced a new phase, where the automatic migration depends on
> the package. I'm not sure how easy it is to cover that information into
> a this template. Do you have suggestions?

Since the release team are going to be able to tell which packages are
at which stage of the freeze, you could export the information
(migrations: manual or x days) alongside the excuses for each package
and the tracker could list that information in human readable form.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Thu, 2020-02-06 at 13:32 +0100, Paul Gevers wrote:

> That is mostly because they have not been settled 100% yet.

Sorry, I meant for the buster release, which is done now. There is
still data for the last wheezy point release but nothing for the freeze
for buster or bullsye; I thought the freeze was initially meant to be
set at 2 years after the release.

> Let me try to come back to this bug when we have communicated the dates
> and provide a prototype so we can see if it works.

Great, no rush. There isn't much activity on tracker.d.o features anyway.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#930534: Bug#930521: release.debian.org: provide machine-readable information about the freeze period for each release

[Paul Wise]

On Thu, 2020-02-06 at 12:02 +0100, Paul Gevers wrote:

> We already have a maintained agenda for the team [1]. Would it make
> sense to use that somehow?

That doesn't appear to have enough info right now, it contains only the
unblock deadline and not the other freeze data.

> I fear that having an additional place (next to the freeze_policy
> document [2]) to store this is likely to get out of sync.

Perhaps make either the .ics or jmw's proposed YAML[1] the canonical
location for the dates and them build freeze_policy.html from it?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930521#17

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#948468: (unplanned) transition: gpsd

[Paul Wise]

On Thu, Jan 9, 2020 at 8:45 AM Paul Gevers wrote:

> Did I just failed to spot it, or is there no bug against gpsd filed
> about this?

The bugs are filed against reverse dependencies (navit/foxtrotgps for eg).

PS: there are two complementary tools that could be used to detect ABI breakage:

https://github.com/lvc/pkg-abidiff
https://sourceware.org/libabigail/manual/abipkgdiff.html

A thread that includes a comparison of the tool:

https://lists.debian.org/msgid-search/192731475679...@web2g.yandex.ru

--
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#946570: stretch-pu: package libpst/0.6.59-1+deb9u1

[Paul Wise]

On Mon, 2019-12-30 at 21:18 +, Adam D. Barratt wrote:

> Please go ahead.

Signed and uploaded.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#946570: stretch-pu: package libpst/0.6.59-1+deb9u1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

The version of libpst in stretch does not use AC_USE_SYSTEM_EXTENSIONS,
which means that _GNU_SOURCE is not defined before including unistd.h,
which means that get_current_dir_name is not defined and so gcc
presumes it returns an integer, which means that the returned pointer
gets truncated on some architectures and later when the pointer gets freed a 
program using libpst could crash.

This issue is warned about by gcc:

https://buildd.debian.org/status/fetch.php?pkg=libpst=amd64=0.6.59-1%2Bb1=1487989748=0

libpst.c: In function 'pst_getcwd':
libpst.c:295:11: warning: implicit declaration of function 
'get_current_dir_name' [-Wimplicit-function-declaration]
 cwd = get_current_dir_name();
   ^~~~
libpst.c:295:9: warning: assignment makes pointer from integer without a cast 
[-Wint-conversion]
 cwd = get_current_dir_name();
 ^

The build logs indicate that it was fixed in the version in buster:

https://buildd.debian.org/status/fetch.php?pkg=libpst=amd64=0.6.71-0.1=1521798059=0

The package is RFA and this bug is affecting us at work, so I took the
liberty of committing to the Debian git repo and submitting this pu.

https://salsa.debian.org/debian/libpst/commit/a141fb154e97660e16455689a00d1781858215f3

I have attached the debdiff for this fix.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru libpst-0.6.59/debian/changelog libpst-0.6.59/debian/changelog
--- libpst-0.6.59/debian/changelog	2013-05-19 08:50:03.0 +0800
+++ libpst-0.6.59/debian/changelog	2019-12-11 09:59:25.0 +0800
@@ -1,3 +1,9 @@
+libpst (0.6.59-1+deb9u1) stretch; urgency=medium
+
+  * Fix detection of get_current_dir_name and return truncation
+
+ -- Paul Wise   Wed, 11 Dec 2019 09:59:25 +0800
+
 libpst (0.6.59-1) unstable; urgency=low
 
   * [ec26e2d0] Imported Upstream version 0.6.59
diff -Nru libpst-0.6.59/debian/patches/07-use-system-extensions.patch libpst-0.6.59/debian/patches/07-use-system-extensions.patch
--- libpst-0.6.59/debian/patches/07-use-system-extensions.patch	1970-01-01 08:00:00.0 +0800
+++ libpst-0.6.59/debian/patches/07-use-system-extensions.patch	2019-12-11 09:59:25.0 +0800
@@ -0,0 +1,17 @@
+Description: use AC_USE_SYSTEM_EXTENSIONS to define _GNU_SOURCE
+ so get_current_dir_name is detected correctly and
+ its return value is not truncated, breaking free calls.
+Origin: upstream
+From: http://hg.five-ten-sg.com/libpst/
+Last-Update: 2019-12-11
+Applied-Upstream: changeset: 328:c507af52515a
+--- a/configure.in
 b/configure.in
+@@ -4,6 +4,7 @@
+ AC_CONFIG_HEADER([config.h])
+ AM_INIT_AUTOMAKE
+ AC_CANONICAL_HOST
++AC_USE_SYSTEM_EXTENSIONS
+ 
+ #
+ #  1. Remember that version-info is current:revision:age, and age <= current.
diff -Nru libpst-0.6.59/debian/patches/series libpst-0.6.59/debian/patches/series
--- libpst-0.6.59/debian/patches/series	2013-02-21 01:04:13.0 +0800
+++ libpst-0.6.59/debian/patches/series	2019-12-11 09:59:25.0 +0800
@@ -1 +1,2 @@
 06-ld-no-add-needed.patch
+07-use-system-extensions.patch


signature.asc
Description: This is a digitally signed message part

Re: Should qpdf depend on gnutls?

[Paul Wise]

On Sun, Nov 10, 2019 at 8:11 AM Jay Berkenbilt wrote:

> I am the upstream author and the debian maintainer of qpdf.

Disclaimer: I'm not part of either of the teams you CCed.

> Do you have an opinion about which way I should go?

I would drop the native crypto code from qpdf. If the native crypto
code has any advantages over the equivalent code in GnuTLS/OpenSSL or
other crypto libraries, then contribute those improvements to the
relevant projects so that everyone can benefit from them.

I would suggest enhancing the qpdf UI to notify the user when a PDF
file being viewed is encrypted insecurely.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#943594: buster-pu: package libapache-mod-auth-kerb/5.4-2.4~deb10u1

[Paul Wise]

On Fri, 2019-11-08 at 22:06 +, Adam D. Barratt wrote:

> Please go ahead.

Signed and uploaded the source package.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#943594: buster-pu: package libapache-mod-auth-kerb/5.4-2.4~deb10u1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

This brings the fix for a use after free crash to buster.
Since there were no other changes between buster and bullseye,
I elected to just add a "backport to buster" changelog.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -u libapache-mod-auth-kerb-5.4/debian/changelog libapache-mod-auth-kerb-5.4/debian/changelog
--- libapache-mod-auth-kerb-5.4/debian/changelog
+++ libapache-mod-auth-kerb-5.4/debian/changelog
@@ -1,3 +1,16 @@
+libapache-mod-auth-kerb (5.4-2.4~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster
+
+ -- Paul Wise   Sun, 27 Oct 2019 13:58:04 +0800
+
+libapache-mod-auth-kerb (5.4-2.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from upstream issue tracker to fix crash (Closes: #934043)
+
+ -- Paul Wise   Mon, 21 Oct 2019 11:15:20 +0800
+
 libapache-mod-auth-kerb (5.4-2.3) unstable; urgency=medium
 
   * Don't apply the delegation patch, it can break gssapi auth. (Closes:
diff -u libapache-mod-auth-kerb-5.4/debian/patches/series libapache-mod-auth-kerb-5.4/debian/patches/series
--- libapache-mod-auth-kerb-5.4/debian/patches/series
+++ libapache-mod-auth-kerb-5.4/debian/patches/series
@@ -10,0 +11 @@
+mod_auth_kerb-krb5_kt_close.patch
only in patch2:
unchanged:
--- libapache-mod-auth-kerb-5.4.orig/debian/patches/mod_auth_kerb-krb5_kt_close.patch
+++ libapache-mod-auth-kerb-5.4/debian/patches/mod_auth_kerb-krb5_kt_close.patch
@@ -0,0 +1,20 @@
+Description: fix use after free in authenticate_user_krb5pwd()
+Origin: https://sourceforge.net/p/modauthkerb/bugs/61/attachment/mod_auth_kerb-krb5_kt_close.patch
+Bug: https://sourceforge.net/p/modauthkerb/bugs/61/
+Bug-Debian: https://bugs.debian.org/934043
+Author: Johan Ymerson (https://sourceforge.net/u/ymerson/)
+diff -ruN mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c mod_auth_kerb-5.4/src/mod_auth_kerb.c
+--- mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c	2018-12-12 16:59:43.762013269 +0100
 mod_auth_kerb-5.4/src/mod_auth_kerb.c	2018-12-12 16:59:59.151945123 +0100
+@@ -799,11 +799,9 @@
+ 	"failed to verify krb5 credentials: %s",
+ 		  krb5_get_err_text(context, ret));
+  krb5_kt_end_seq_get(context, keytab, );
+- krb5_kt_close(context, keytab);
+  goto end;
+}
+krb5_kt_end_seq_get(context, keytab, );
+-   krb5_kt_close(context, keytab);
+  }
+  else {
+if ((ret = verify_krb5_init_creds(r, context, , server, keytab))) {


signature.asc
Description: This is a digitally signed message part

Re: claws-mail blocked by previous version excuse

[Paul Wise]

On Wed, Oct 23, 2019 at 3:35 PM Ricardo Mones wrote:

> There's a public roadmap for this?

Not AFAIK, please contact the GNOME team about it.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Re: claws-mail blocked by previous version excuse

[Paul Wise]

On Wed, 2019-10-23 at 11:39 +0900, Hideki Yamane wrote:

>  Is there any link for it? It seems that it affects sylpheed package
>  and I want to ask it to the upstream maintainer.

Not yet, I suggest talking to the GNOME team about it.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: claws-mail blocked by previous version excuse

[Paul Wise]

On Wed, Oct 23, 2019 at 7:03 AM Ricardo Mones wrote:

> The claws-mail package appears blocked from migrating to testing because
> of #885266 which removed 3.17.3-2 from it, but is already fixed in 3.17.4-2,
> in sid since 8 days ago…

It seems to be because claws-mail-python-plugin 3.17.3-1 is still in
sid, so the old source package is still kept around so britney still
thinks the RC bug applies to sid.

https://release.debian.org/britney/excuses.yaml

> Any pointers on how fix this?

I think you will need to ask the ftp-masters to remove the
claws-mail-python-plugin cruft from unstable.

BTW, ISTR there is a plan to remove GTK 2 from Debian at some point,
so it would be a good idea to talk to upstream about switching to GTK
3.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: requesting debian stretch 9.10.0 release

[Paul Wise]

On Mon, Sep 2, 2019 at 2:48 AM Ilari Jääskeläinen wrote:

> best wishes for debian stretch, I hope the best possible patience and 
> discipline accomplishing the future.

According to the release team's website the stretch 9.10 release is
scheduled for 2019-09-07 (this weekend). If there is anything from
stretch 9.10 that you would like to use now, you can add proposed
updates to your sources.list, run `apt update` and then install it.

https://release.debian.org/#point-releases
https://lists.debian.org/1564603727.3399.13.ca...@adam-barratt.org.uk
https://wiki.debian.org/StableProposedUpdates
https://release.debian.org/proposed-updates/stable.html

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: reflecting on the buster release cycle and RFF

[Paul Wise]

On Mon, Jul 22, 2019 at 2:44 AM Paul Gevers wrote:

> So, now you've seen how I have perceived the freeze, do you have
> anything to add? We're looking for concrete notes and observations that
> we can use when we think about how to improve the bullseye release.

During the buster freeze period, postgrey was removed from testing and
thus should have missed the buster release. It appears that the
release team made an exception and allowed postgrey back into testing
despite the freeze policy that "packages not in testing can not
migrate to testing". I think it would be useful to document under
which circumstances packages can get exceptions to be allowed back
into testing even though they have been removed during the freeze
period.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Bug#930521: tracker.d.o: during freezes dont complain about packages only in experimental

[Paul Wise]

Control: clone -1 -2
Control: reassign -2 release.debian.org
Control: retitle -2 release.debian.org: provide machine-readable
information about the freeze period for each release
Control: block -1 by -2

Hi Release Team,

In order to implement the request below (hide some suggestions from
tracker.d.o during the freeze (and possibly other things)), we need a
machine-readable information source about the current stage of the
freeze and what that means for new upstream releases. I suggest that
this come in the form of a YAML/JSON file in the testing directory
containing start dates for each stage of the freeze and an end date
once that is known. Each stage could be accompanied by some sort of
metadata about the freeze policy, so that the tracker could also give
advice on what to upload and what not to upload.

https://release.debian.org/testing/freeze.yaml

On Fri, Jun 14, 2019 at 9:15 PM Holger Levsen wrote:

> package: tracker.debian.org
> severity: wishlist
> x-debbugs-cc: debian...@lists.debian.org
>
> On Thu, Jun 06, 2019 at 09:19:14PM +0800, Paul Wise wrote:
> > On Thu, Jun 6, 2019 at 6:20 PM Holger Levsen wrote:
> [tracker.d.o tells me that]
> > > - new upstream version only available in experimental (yes, because
> > >   buster is frozen)
> >
> > I think it is appropriate to file a bug asking that this be disabled
> > when the freeze is on. As far as I can tell there is no
> > machine-readable indicator that buster is frozen, but there used to be
> > one for stretch in the release team's calendar file. So this would
> > require the release team to create a machine-readable way for the
> > tracker to know if testing is currently frozen.
> >
> > https://release.debian.org/release-calendar.ics
>
> filing a bug for this as suggested.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#929255: stretch-pu: package corekeeper/1.7~deb9u1

[Paul Wise]

On Mon, 2019-06-03 at 15:12 +0100, Adam D. Barratt wrote:

> Please go ahead.

Uploaded.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#929255: stretch-pu: package corekeeper/1.7~deb9u1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

I'd like to backport the security fixes and hardening in corekeeper
from buster to stretch.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

diff -Nru corekeeper-1.6/debian/changelog corekeeper-1.7~deb9u1/debian/changelog
--- corekeeper-1.6/debian/changelog	2015-11-12 00:44:29.0 +0800
+++ corekeeper-1.7~deb9u1/debian/changelog	2019-05-20 11:55:22.0 +0800
@@ -1,3 +1,22 @@
+corekeeper (1.7~deb9u1) stretch; urgency=medium
+
+  * Backport security hardening fixes to stretch
+
+ -- Paul Wise   Mon, 20 May 2019 11:55:22 +0800
+
+corekeeper (1.7) unstable; urgency=medium
+
+  * Do not use a world-writable /var/crash with the dumper script
+and fix the permissions on upgrade as dpkg doesn't do that.
+(Closes: #924397) (See-also: #515211)
+  * Handle older versions of the Linux kernel in a safer way
+(Closes: #924398)
+  * Harden ownership determination and core file names
+  * Do not truncate core names for executables with spaces
+  * Update VCS URLs from alioth to salsa
+
+ -- Paul Wise   Sat, 04 May 2019 14:53:44 +0800
+
 corekeeper (1.6) unstable; urgency=medium
 
   * Prevent installation with other core dump handlers:
diff -Nru corekeeper-1.6/debian/control corekeeper-1.7~deb9u1/debian/control
--- corekeeper-1.6/debian/control	2015-11-11 22:19:31.0 +0800
+++ corekeeper-1.7~deb9u1/debian/control	2019-05-04 14:55:31.0 +0800
@@ -5,8 +5,8 @@
 Build-Depends:
  debhelper (>= 9)
 Standards-Version: 3.9.6
-Vcs-Git: git://anonscm.debian.org/collab-maint/corekeeper.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/corekeeper.git
+Vcs-Git: https://salsa.debian.org/debian/corekeeper.git
+Vcs-Browser: https://salsa.debian.org/debian/corekeeper
 
 Package: corekeeper
 Architecture: kfreebsd-any linux-any
diff -Nru corekeeper-1.6/debian/copyright corekeeper-1.7~deb9u1/debian/copyright
--- corekeeper-1.6/debian/copyright	2013-11-22 10:23:37.0 +0800
+++ corekeeper-1.7~deb9u1/debian/copyright	2019-05-04 14:55:31.0 +0800
@@ -1,7 +1,7 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: corekeeper
 Upstream-Contact: Paul Wise 
-Source: git://anonscm.debian.org/collab-maint/corekeeper.git
+Source: https://salsa.debian.org/debian/corekeeper.git
 Comment: original package by Ben Pfaff has been rewritten
 
 Files: *
diff -Nru corekeeper-1.6/debian/corekeeper.lintian-overrides corekeeper-1.7~deb9u1/debian/corekeeper.lintian-overrides
--- corekeeper-1.6/debian/corekeeper.lintian-overrides	2013-11-22 10:23:42.0 +0800
+++ corekeeper-1.7~deb9u1/debian/corekeeper.lintian-overrides	2019-05-04 13:57:59.0 +0800
@@ -1,6 +1,6 @@
 # /var/crash is intentionally world-writable to allow for
 # centralized core dumps.
-non-standard-dir-perm
+[kfreebsd-any]: non-standard-dir-perm
 
 # The postrm script checks if systemd is running before
 # using the systemctl command
diff -Nru corekeeper-1.6/debian/corekeeper.postinst.linux corekeeper-1.7~deb9u1/debian/corekeeper.postinst.linux
--- corekeeper-1.6/debian/corekeeper.postinst.linux	2013-04-25 14:49:30.0 +0800
+++ corekeeper-1.7~deb9u1/debian/corekeeper.postinst.linux	2019-05-04 14:55:31.0 +0800
@@ -4,4 +4,11 @@
 # Activate the sysctl settings
 [ $1 != configure ] || sysctl --quiet --load="/etc/sysctl.d/corekeeper.conf"
 
+# Set /var/crash to not be world writable
+# to prevent crashes being able to write arbitrary files
+[ "$1" = configure ] &&
+dpkg --compare-versions "$2" le-nl 1.6 &&
+! dpkg-statoverride --list /var/crash &&
+chmod 0755 /var/crash
+
 #DEBHELPER#
diff -Nru corekeeper-1.6/debian/dump corekeeper-1.7~deb9u1/debian/dump
--- corekeeper-1.6/debian/dump	2013-04-25 16:01:53.0 +0800
+++ corekeeper-1.7~deb9u1/debian/dump	2019-05-04 14:47:56.0 +0800
@@ -19,7 +19,9 @@
 # because Linux does not create directories when dumping core files
 # and it is apparently painful to do that from within Linux.
 #
-# Thanks for the security audit go to Kees Cook !
+# Thanks for the security audits go to:
+# Jakub Wilk 
+# Kees Cook 
 
 set -e
 
@@ -28,34 +30,77 @@
 	exit 1
 fi
 
-# Check how many arguments the kernel sent us.
-if [ $# -eq 2 ] ; then
-	# Awww, old kernel that does not support %d
-	# Cannot set the core file owner safely, use root
-	# See v3.6-6800-g12a2b4b in linux.git for more info
-	uid="$1"
-	core="$2"
-	owner="0"
-elif [ $# -eq 3 ] ; then
-	# Yay! A kernel that does support %d
-	uid="$2"
-	core="$3"
-	owner="$2"
-	# Set the core file owner safely
-	if [ $1 -eq 2 ] ; then
-		owner="0"
-	fi
-else
-	# Something is majorly broken.
-	echo "This script should be run with three arguments and a core file on stdin" 1>&2
-	exit 1
-fi
+case "$1" in
+	(--*)
+		# 

Bug#928418: unblock: preapproval: corekeeper/1.7

[Paul Wise]

Control: tags -1 - moreinfo

On Sat, 2019-05-11 at 16:36 +0200, Paul Gevers wrote:

> Please go ahead and upload to unstable and remove the moreinfo tag
> when it's build.

Uploaded and built by the buildds.

> For reference, if you're confident that an upload meets the freeze
> policy, i.e. it only fixes release critical bugs (or important bugs
> for optional packages), feel free to upload without a pre-approval.
> Most of the time it's easier to review when the package is available
> and it saves a round-trip. That said, if unsure feel free to ask for
> pre-approval.

Ack, in this case I wasn't sure all of the changes were acceptable.

Once the package has reached buster I'd like to do a stable-pu upload.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Re: Bug#928026: security support for golang packages in Buster

[Paul Wise]

On Wed, May 8, 2019 at 2:45 PM Paul Gevers wrote:

> With respect to binNMU'ing, static linking is not a problem, only
> arch:all is. Most haskell (4 vs 1048) and ocaml (21 vs 233) aren't
> arch:all. haskell and ocaml have a framework in place to at least know
> the status in unstable/testing. See e.g. the "permanent trackers" at
> https://release.debian.org/transitions/ I don't know yet what this means
> for security support. Neither do I know what it means for rust.

I think there is something that the release/security teams might be
missing here:

The Go/Rust arch:all packages (the golang-*-dev ones) contain only
source code (ideally things would support build-deps on foo:src, the
current Go/Rust binary packages are a workaround for that being
missing), so they do not need to be changed after a security upload.
Only the packages containing statically linked Go/Rust code need to be
binNMUed and those ones should be arch:any since they contain
architecture-specific binaries. In addition the arch:all packages do
not have Built-Using, only the statically linked ones do.

So the workflow seems to be quite manageable, modulo the
security-master binNMU issue: fix the security issue where it
originated, then binNMU anything that has Built-Using on any version
less than the fixed version.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#928418: unblock: preapproval: corekeeper/1.7

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I would like to fix some issues in corekeeper reported by Jakub Wilk.

unblock corekeeper/1.7

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

diff -Nru corekeeper-1.6/debian/changelog corekeeper-1.7/debian/changelog
--- corekeeper-1.6/debian/changelog	2015-11-12 00:44:29.0 +0800
+++ corekeeper-1.7/debian/changelog	2019-05-04 14:53:44.0 +0800
@@ -1,3 +1,16 @@
+corekeeper (1.7) unstable; urgency=medium
+
+  * Do not use a world-writable /var/crash with the dumper script
+and fix the permissions on upgrade as dpkg doesn't do that.
+(Closes: #924397) (See-also: #515211)
+  * Handle older versions of the Linux kernel in a safer way
+(Closes: #924398)
+  * Harden ownership determination and core file names
+  * Do not truncate core names for executables with spaces
+  * Update VCS URLs from alioth to salsa
+
+ -- Paul Wise   Sat, 04 May 2019 14:53:44 +0800
+
 corekeeper (1.6) unstable; urgency=medium
 
   * Prevent installation with other core dump handlers:
diff -Nru corekeeper-1.6/debian/control corekeeper-1.7/debian/control
--- corekeeper-1.6/debian/control	2015-11-11 22:19:31.0 +0800
+++ corekeeper-1.7/debian/control	2019-05-04 14:53:44.0 +0800
@@ -5,8 +5,8 @@
 Build-Depends:
  debhelper (>= 9)
 Standards-Version: 3.9.6
-Vcs-Git: git://anonscm.debian.org/collab-maint/corekeeper.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/corekeeper.git
+Vcs-Git: https://salsa.debian.org/debian/corekeeper.git
+Vcs-Browser: https://salsa.debian.org/debian/corekeeper
 
 Package: corekeeper
 Architecture: kfreebsd-any linux-any
diff -Nru corekeeper-1.6/debian/copyright corekeeper-1.7/debian/copyright
--- corekeeper-1.6/debian/copyright	2013-11-22 10:23:37.0 +0800
+++ corekeeper-1.7/debian/copyright	2019-05-04 14:53:44.0 +0800
@@ -1,7 +1,7 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: corekeeper
 Upstream-Contact: Paul Wise 
-Source: git://anonscm.debian.org/collab-maint/corekeeper.git
+Source: https://salsa.debian.org/debian/corekeeper.git
 Comment: original package by Ben Pfaff has been rewritten
 
 Files: *
diff -Nru corekeeper-1.6/debian/corekeeper.lintian-overrides corekeeper-1.7/debian/corekeeper.lintian-overrides
--- corekeeper-1.6/debian/corekeeper.lintian-overrides	2013-11-22 10:23:42.0 +0800
+++ corekeeper-1.7/debian/corekeeper.lintian-overrides	2019-05-04 13:57:59.0 +0800
@@ -1,6 +1,6 @@
 # /var/crash is intentionally world-writable to allow for
 # centralized core dumps.
-non-standard-dir-perm
+[kfreebsd-any]: non-standard-dir-perm
 
 # The postrm script checks if systemd is running before
 # using the systemctl command
diff -Nru corekeeper-1.6/debian/corekeeper.postinst.linux corekeeper-1.7/debian/corekeeper.postinst.linux
--- corekeeper-1.6/debian/corekeeper.postinst.linux	2013-04-25 14:49:30.0 +0800
+++ corekeeper-1.7/debian/corekeeper.postinst.linux	2019-05-04 14:53:44.0 +0800
@@ -4,4 +4,11 @@
 # Activate the sysctl settings
 [ $1 != configure ] || sysctl --quiet --load="/etc/sysctl.d/corekeeper.conf"
 
+# Set /var/crash to not be world writable
+# to prevent crashes being able to write arbitrary files
+[ "$1" = configure ] &&
+dpkg --compare-versions "$2" le-nl 1.6 &&
+! dpkg-statoverride --list /var/crash &&
+chmod 0755 /var/crash
+
 #DEBHELPER#
diff -Nru corekeeper-1.6/debian/dump corekeeper-1.7/debian/dump
--- corekeeper-1.6/debian/dump	2013-04-25 16:01:53.0 +0800
+++ corekeeper-1.7/debian/dump	2019-05-04 14:47:56.0 +0800
@@ -19,7 +19,9 @@
 # because Linux does not create directories when dumping core files
 # and it is apparently painful to do that from within Linux.
 #
-# Thanks for the security audit go to Kees Cook !
+# Thanks for the security audits go to:
+# Jakub Wilk 
+# Kees Cook 
 
 set -e
 
@@ -28,34 +30,77 @@
 	exit 1
 fi
 
-# Check how many arguments the kernel sent us.
-if [ $# -eq 2 ] ; then
-	# Awww, old kernel that does not support %d
-	# Cannot set the core file owner safely, use root
-	# See v3.6-6800-g12a2b4b in linux.git for more info
-	uid="$1"
-	core="$2"
-	owner="0"
-elif [ $# -eq 3 ] ; then
-	# Yay! A kernel that does support %d
-	uid="$2"
-	core="$3"
-	owner="$2"
-	# Set the core file owner safely
-	if [ $1 -eq 2 ] ; then
-		owner="0"
-	fi
-else
-	# Something is majorly broken.
-	echo "This script should be run with three arguments and a core file on stdin" 1>&2
-	exit 1
-fi
+case "$1" in
+	(--*)
+		# Option based command-line
+		while [ $# -gt 0 ] ; do
+			case "$1" in
+(--dumpable)
+	# Old Linux kernels do not support %d
+	# use the safest dumpable option there
+	case "$2" in
+		(--*) dumpable=2; shift;;

Bug#922110: RM: libwww-topica-perl/0.6-5 -- service lists.topica.com is gone

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Please remove libwww-topica-perl from stable, the service
lists.topica.com is no longer available for the last year and
it does not look like it will be returning.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



signature.asc
Description: This is a digitally signed message part

Bug#913768: transition: glibc

[Paul Wise]

On Thu, Nov 29, 2018 at 2:21 PM Aurelien Jarno wrote:

> Thanks, I have just uploaded it.

I've just noticed that the glibc update has caused a regression in the
nocache package (details in #916415).

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Libreoffice 大版本更新

[Paul Wise]

On Mon, Dec 10, 2018 at 1:00 AM 救贖靈魂 wrote:

> 您好，請問 Libreoffice 什麼時候會更新到 v6 版？謝謝！

[自动翻译]请联系Debian用户支持渠道寻求帮助：
Please contact Debian user support channels for help:

https://www.debian.org/support

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Arch qualification for buster: call for DSA, Security, toolchain concerns

[Paul Wise]

On Sat, Jun 30, 2018 at 7:44 AM, Manuel A. Fernandez Montecelo wrote:

> People from DSA have also attempted to fix them in other ways over the
> last few months (thanks for that too!), but the solutions have been
> rejected. I am not aware of the full details (only part of them), but
> I assume that it's done for sound reasons.  One good reason for this
> is that they don't want to duplicate code or list of architectures.

The details here is that aurel32 wrote a git branch to add
architecture configurability in dak and hard-code a list of
"arches-in-sid-dpkg" in such a configuration file. ftp-master
understandably didn't want to have to manually copy the tables from
dpkg to dak whenever they changed. I briefly looked at using an
auto-byhand script to automate this, but didn't yet get around to
working on implementing anything.

https://salsa.debian.org/aurel32/dak/tree/dpkg-tables

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#899085: release.debian.org: excuses terminology: replace "Valid Candidate" with "Trying to migrate"?

[Paul Wise]

On Mon, 2018-05-21 at 07:53 +, Niels Thykier wrote:

> Based on your comments, I have made a branch on salsa:
> 
> https://salsa.debian.org/release-team/britney2/tree/bug-899085-excuse-messages

Looks good to me.

> The patches are also attached (assuming it is easier for you to review
> them by email).

Yep.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#899085: release.debian.org: excuses terminology: replace "Valid Candidate" with "Trying to migrate"?

[Paul Wise]

On Mon, May 21, 2018 at 2:46 PM, Niels Thykier wrote:

> When I wrote the messages, I wanted to quickly high light the three
> basic states ("OK", "WAITING" or "BLOCKED"/rejected).  The first two
> states implies that the contributor does not need to do anything at the
> moment, where as the latter implies that the some human intervention is
> needed.

The messages for the WAITING states already start with Waiting.

The messages for the OK states indicate what is going to happen.

So, I'd say the states aren't needed in those messages but if you
prefer to keep them, that is fine too.

The messages for the BLOCKED states probably do need the state though.

I don't think you need the "please see below" style messages since
excuses are usually always presented all at once?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#899085: release.debian.org: excuses terminology: replace "Valid Candidate" with "Trying to migrate"?

[Paul Wise]

On Mon, May 21, 2018 at 1:53 PM, Niels Thykier wrote:

> """
> Migration status: OK: Will attempt migration (Any information below is
> purely informational)
> """

I'd remove the "OK:" from that unless there is a reason for it?

> So changing the wording to the proposed will simply make it redundant
> with the first line.  Perhaps we should simply remove that line now?

That seems reasonable to me.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#899085: release.debian.org: excuses terminology: replace "Valid Candidate" with "Trying to migrate"?

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: britney

In #898329, pochu had to clarify the meaning of "Valid Candidate":

   Just to clarify things: being a valid candidate means britney will
   try to migrate that package to testing. That can still fail (and
   fails in this case) because the package is not installable on i386
   (which is a requirement).

This comes up a lot in various places, I wonder if replacing "Valid
Candidate" with "Trying to migrate" or similar in the excuses output
would help clarify the situation for people. "Not Considered" could be replaced 
with "Not trying to migrate yet" for a smaller clarification.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#895887: jessie-pu: package libipc-run-perl/0.92-1+deb8u1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

libipc-run-perl 0.92-1 has a memory leak that causes some code at $work
to use all of the RAM on the machine. We would like to fix it in jessie
using the patch accepted upstream and released into sid and buster.
We have tested the patches internally and they resolve our issue.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru libipc-run-perl-0.92/debian/changelog libipc-run-perl-0.92/debian/changelog
--- libipc-run-perl-0.92/debian/changelog	2012-09-01 01:21:38.0 +0800
+++ libipc-run-perl-0.92/debian/changelog	2018-04-17 16:16:38.0 +0800
@@ -1,3 +1,9 @@
+libipc-run-perl (0.92-1+deb8u1) jessie; urgency=medium
+
+  * Backport upstream patch to fix memory leak
+
+ -- Paul Wise <p...@debian.org>  Tue, 17 Apr 2018 16:16:38 +0800
+
 libipc-run-perl (0.92-1) unstable; urgency=low
 
   [ gregor herrmann ]
diff -Nru libipc-run-perl-0.92/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch libipc-run-perl-0.92/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch
--- libipc-run-perl-0.92/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch	1970-01-01 08:00:00.0 +0800
+++ libipc-run-perl-0.92/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch	2018-04-17 16:16:38.0 +0800
@@ -0,0 +1,31 @@
+From 5cd3a5b21bd00dbb2e54e58fec6b0349bf457bb0 Mon Sep 17 00:00:00 2001
+From: Konrad Bucheli <k...@open.ch>
+Date: Tue, 27 Mar 2018 11:22:58 +0200
+Subject: [PATCH] Another Bugfix for memory leak [rt.cpan.org #57990] #86
+Origin: https://github.com/kbucheli/IPC-Run/commit/d706e65d0e5dab055d9b6c8d070330fdc7b1a883
+Bug: https://github.com/toddr/IPC-Run/issues/86
+
+---
+ lib/IPC/Run.pm | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/IPC/Run.pm b/lib/IPC/Run.pm
+index 2436bc5..61cdb5f 100644
+--- a/lib/IPC/Run.pm
 b/lib/IPC/Run.pm
+@@ -1135,6 +1135,12 @@ sub DESTROY {
+my IPC::Run $self = shift;
+POSIX::close $self->{DEBUG_FD} if defined $self->{DEBUG_FD};
+$self->{DEBUG_FD} = undef;
++
++   for my $kid ( @{$self->{KIDS}} ) {
++   for my $op ( @{$kid->{OPS}} ) {
++   delete $op->{FILTERS};
++   }
++   }
+ }
+ 
+ ##
+-- 
+2.17.0
+
diff -Nru libipc-run-perl-0.92/debian/patches/series libipc-run-perl-0.92/debian/patches/series
--- libipc-run-perl-0.92/debian/patches/series	2012-09-01 01:21:38.0 +0800
+++ libipc-run-perl-0.92/debian/patches/series	2018-04-17 16:08:26.0 +0800
@@ -1 +1,2 @@
 hashbang.patch
+0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch


signature.asc
Description: This is a digitally signed message part

Bug#895888: stretch-pu: package libipc-run-perl/0.94-1+deb9u1

[Paul Wise]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

libipc-run-perl 0.94-1 has a memory leak that causes some code at $work
to use all of the RAM on the machine. We would like to fix it in jessie
using the patch accepted upstream and released into sid and buster.
We have tested the patches internally and they resolve our issue.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru libipc-run-perl-0.94/debian/changelog libipc-run-perl-0.94/debian/changelog
--- libipc-run-perl-0.94/debian/changelog	2015-05-10 23:05:50.0 +0800
+++ libipc-run-perl-0.94/debian/changelog	2018-04-17 16:24:46.0 +0800
@@ -1,3 +1,9 @@
+libipc-run-perl (0.94-1+deb9u1) stretch; urgency=medium
+
+  * Backport upstream patch to fix memory leak
+
+ -- Paul Wise <p...@debian.org>  Tue, 17 Apr 2018 16:24:46 +0800
+
 libipc-run-perl (0.94-1) unstable; urgency=low
 
   [ Salvatore Bonaccorso ]
diff -Nru libipc-run-perl-0.94/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch libipc-run-perl-0.94/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch
--- libipc-run-perl-0.94/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch	1970-01-01 08:00:00.0 +0800
+++ libipc-run-perl-0.94/debian/patches/0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch	2018-04-17 16:24:10.0 +0800
@@ -0,0 +1,31 @@
+From 5cd3a5b21bd00dbb2e54e58fec6b0349bf457bb0 Mon Sep 17 00:00:00 2001
+From: Konrad Bucheli <k...@open.ch>
+Date: Tue, 27 Mar 2018 11:22:58 +0200
+Subject: [PATCH] Another Bugfix for memory leak [rt.cpan.org #57990] #86
+Origin: https://github.com/kbucheli/IPC-Run/commit/d706e65d0e5dab055d9b6c8d070330fdc7b1a883
+Bug: https://github.com/toddr/IPC-Run/issues/86
+
+---
+ lib/IPC/Run.pm | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/IPC/Run.pm b/lib/IPC/Run.pm
+index 2436bc5..61cdb5f 100644
+--- a/lib/IPC/Run.pm
 b/lib/IPC/Run.pm
+@@ -1135,6 +1135,12 @@ sub DESTROY {
+my IPC::Run $self = shift;
+POSIX::close $self->{DEBUG_FD} if defined $self->{DEBUG_FD};
+$self->{DEBUG_FD} = undef;
++
++   for my $kid ( @{$self->{KIDS}} ) {
++   for my $op ( @{$kid->{OPS}} ) {
++   delete $op->{FILTERS};
++   }
++   }
+ }
+ 
+ ##
+-- 
+2.17.0
+
diff -Nru libipc-run-perl-0.94/debian/patches/series libipc-run-perl-0.94/debian/patches/series
--- libipc-run-perl-0.94/debian/patches/series	2015-05-10 23:05:50.0 +0800
+++ libipc-run-perl-0.94/debian/patches/series	2018-04-17 16:24:20.0 +0800
@@ -1 +1,2 @@
 hashbang.patch
+0001-Another-Bugfix-for-memory-leak-rt.cpan.org-57990-86.patch


signature.asc
Description: This is a digitally signed message part

Re: Flash drive problems

[Paul Wise]

On Thu, Mar 29, 2018 at 4:54 AM, John wrote:

> After upgrading I cannot transfer files reliably to my computer

Please ask on Debian support channels for help determining which
package is at fault and gathering the required debug information. Once
you have done that you can report a bug against the relevant package.

https://www.debian.org/support
https://www.debian.org/Bugs/Reporting

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#886509: britney: drop duplicate 'has new bugs' excuses item

[Paul Wise]

Package: release.debian.org
Severity: wishlist
User: release.debian@packages.debian.org
Usertags: britney

Please apply this patch to drop the duplicate 'has new bugs' excuses
item. The 'Updating foo introduces new bugs:' item includes bug numbers
so the 'has new bugs' item is less useful than it.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
From ceca85e82f047e7763ea1102ccdbf6da548e9932 Mon Sep 17 00:00:00 2001
From: Paul Wise <p...@debian.org>
Date: Sat, 6 Jan 2018 11:28:21 +0800
Subject: [PATCH] Drop duplicate 'has new bugs' excuses item

The other item includes bug numbers so this one is less useful.
---
 britney2/policies/policy.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/britney2/policies/policy.py b/britney2/policies/policy.py
index e588351..adcc938 100644
--- a/britney2/policies/policy.py
+++ b/britney2/policies/policy.py
@@ -476,9 +476,6 @@ class RCBugPolicy(BasePolicy):
 old_bugs = rcbugs_info['unique-target-bugs']
 excuse.setbugs(old_bugs, new_bugs)
 if new_bugs:
-excuse.addhtml("%s https://bugs.debian.org/cgi-bin/pkgreport.cgi?; \
-   "src=%s=critical=grave=serious\" " \
-   "target=\"_blank\">has new bugs!" % (source_name, quote(source_name)))
 excuse.addhtml("Updating %s introduces new bugs: %s" % (source_name, ", ".join(
 ["https://bugs.debian.org/%s\;>#%s" % (quote(a), a) for a in new_bugs])))
 
-- 
2.15.1



signature.asc
Description: This is a digitally signed message part

Re: Bug#885172: transition: libsodium

[Paul Wise]

On Tue, Dec 26, 2017 at 7:15 PM, Moritz Mühlenhoff wrote:

> Is that a temporary measure or permanently due to the state of
> the port?

https://lists.debian.org/debian-bsd/2017/12/msg8.html

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#882051: nmu: debhelper 10.10.7 dbgsym regression fix: rebuild xdg-desktop-portal_0.8-3, xdg-desktop-portal-gtk_0.7-3

[Paul Wise]

On Sun, Nov 19, 2017 at 11:10 PM, Julien Cristau wrote:

> Above syntax is wrong, you're missing a . between package and
> architectures, and version should be source version.  Also if any of
> those packages build multi-arch: same binaries, this would break them.
> Overall it doesn't sound like anything's actually broken, so I'd err on
> the side of not doing anything, and they'll get new dbgsyms on the next
> source upload.

Sorry about the syntax issue.

Adrian Bunk confirmed on IRC the multi-arch issue is not applicable here.

This bug is preventing me from upgrading xdg-desktop-portal and
xdg-desktop-portal-gtk on my laptop, so it would be nice if they could
be binNMUed in maybe a month for the packages that have not yet had
updates.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#882051: nmu: debhelper 10.10.7 dbgsym regression fix: rebuild xdg-desktop-portal_0.8-3, xdg-desktop-portal-gtk_0.7-3

[Paul Wise]

Control: retitle -1 debhelper 10.10.7 dbgsym regression fix rebuilds

On Sat, 2017-11-18 at 14:17 +0800, Paul Wise wrote:

> There are probably several packages affected but I am not aware of
> any easy mechanism to determine which packages were built against
> debhelper 10.10.6

It was pointed out on IRC that buildinfo files can be used for this.
Unfortunately our tools don't make it easy to query that info, but I
came up with this list of packages that look like they need binNMUs:

nmu bbmail_0.9.3-2+b1 mips64el . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu bfs_1.1.4-2 arm64 kfreebsd-i386 powerpc ppc64el . unstable . -m "Rebuild to 
include dbgsym packages after debhelper 10.10.7 fix"
nmu danmaq_0.2.3-1 mips64el . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"
nmu gobgp_1.25-1 amd64 . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"
nmu konversation_1.7.3-1 mips64el . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu nullmailer_1:2.1-1 amd64 arm64 i386 kfreebsd-amd64 mips powerpc ppc64el 
s390x . unstable . -m "Rebuild to include dbgsym packages after debhelper 
10.10.7 fix"
nmu ofono_1.21-1 mips64el . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"
nmu png2html_1.1-7 mips64el . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"
nmu pump_0.8.24-7.1 mips64el . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu qtscrob_0.11+git-4 mips64el . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu qwo_0.5-3 mips64el . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"
nmu rosegarden_1:17.04-2 mipsel . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu seqan2_2.3.2.000platform-issues6-9cf5a69+dfsg-1 amd64 arm64 i386 powerpc 
s390x . unstable . -m "Rebuild to include dbgsym packages after debhelper 
10.10.7 fix"
nmu webdruid_0.5.4-15 mips64el . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu xdg-desktop-portal_0.8-3 amd64 arm64 i386 mips mips64el powerpc ppc64el 
s390x . unstable . -m "Rebuild to include dbgsym packages after debhelper 
10.10.7 fix"
nmu xdg-desktop-portal-gtk_0.7-3 amd64 arm64 i386 mips mips64el powerpc ppc64el 
s390x . unstable . -m "Rebuild to include dbgsym packages after debhelper 
10.10.7 fix"
nmu xfce4-settings_4.13.1-1 powerpc . unstable . -m "Rebuild to include dbgsym 
packages after debhelper 10.10.7 fix"
nmu zomg_0.8-3 mips64el . unstable . -m "Rebuild to include dbgsym packages 
after debhelper 10.10.7 fix"

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#882051: nmu: debhelper 10.10.7 dbgsym regression fix: rebuild xdg-desktop-portal_0.8-3, xdg-desktop-portal-gtk_0.7-3

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

debhelper 10.10.7 fixed a regression in debhelper 10.10.6 that
prevented dbgsym packages from being generated. There are probably
several packages affected but I am not aware of any easy mechanism to
determine which packages were built against debhelper 10.10.6 so I've
just included a binNMU request for the two packages I'm aware of that
were definitely affected by this.

debhelper (10.10.7) unstable; urgency=medium

  * dh_strip: Fix a regression that caused debug symbols for
executables to be discarded instead of included into
debug packages.

nmu xdg-desktop-portal_0.8-3 . amd64 arm64 i386 mips64el mips powerpc ppc64el 
s390x . unstable . -m "Rebuild to include dbgsym packages after debhelper 
10.10.7 fix"
nmu xdg-desktop-portal-gtk_0.7-3 . amd64 arm64 i386 mips64el mips powerpc 
ppc64el s390x . unstable . -m "Rebuild to include dbgsym packages after 
debhelper 10.10.7 fix"

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#866389: transition: perl 5.26

[Paul Wise]

On Thu, Jul 20, 2017 at 5:04 AM, gregor herrmann wrote:

> #867213: syslog-ng-incubator: one rdep (syslog-ng). No reaction on
>  the bug report, unrelated build failure; I guess syslog-ng*
>  can be removed from testing if noone fixes the problem in
>  time.

I'd like to point out that DSA relies on syslog-ng on debian.org
hosts, so it would be appreciated if the issues could be fixed or
worked around rather than removing syslog-ng from buster. Of course
buster is not in use on any debian.org hosts yet.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#867461: should ca-certificates certdata.txt synchronize across all suites?

[Paul Wise]

On Fri, Jul 7, 2017 at 2:01 AM, Antoine Beaupré wrote:

> For what it's worth, my opinion is that we should attempt to synchronize
> certdata.txt (and blacklist.txt, for that matter) across all suites (but
> not other changes to the packaging). This would remove another decision
> point in our infrastructure and ensure harmonious X509 processing across
> suites.

I would like to see that happen too.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#862379: RM: check-all-the-things/2017.01.15.1

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm

Please remove check-all-the-things from stretch.
It isn't suitable for stable at this time.
I've filed bug #862378 to keep it out.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#861725: unblock: nagstamon/2.0.1-4

[Paul Wise]

On Wed, 2017-05-03 at 12:24 +0200, Moritz Schlarb wrote:

> - This has been the behavior of the Nagstamon package since forever
> (which is not a valid argumentation point - I know, but it's still a fact)

There are two serious bugs here:

1) that certificates are not verified at least using CAs and or TOFU

2) that this fact was deliberately hidden from users

> What do you think?

I think we should enable the warnings in all suites.

Once verification is available, backport the patch to all suites.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#861328: unblock: check-all-the-things/2017.01.15.1

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock check-all-the-things 2017.01.15.1,
it fixes a security issue when running perlcritic.

unblock check-all-the-things/2017.01.15.1

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru check-all-the-things-2017.01.15/data/perl check-all-the-things-2017.01.15.1/data/perl
--- check-all-the-things-2017.01.15/data/perl	2017-01-15 10:37:30.0 +0800
+++ check-all-the-things-2017.01.15.1/data/perl	2017-04-27 20:32:49.0 +0800
@@ -17,7 +17,7 @@
 flags = perl-bug-588017 fixme fixme-silent
 apt = libperl-critic-perl
 comment = May create/overwrite a perltidy.ERR file in the current dir (#834213)
-command = perlcritic -1 . 2>&1 | grep -vF 'No perl files were found.'
+command = perlcritic --noprofile -1 . 2>&1 | grep -vF 'No perl files were found.'
 
 [perllib]
 command = grep -rw PERLLIB .
diff -Nru check-all-the-things-2017.01.15/debian/changelog check-all-the-things-2017.01.15.1/debian/changelog
--- check-all-the-things-2017.01.15/debian/changelog	2017-01-15 10:37:30.0 +0800
+++ check-all-the-things-2017.01.15.1/debian/changelog	2017-04-27 20:34:00.0 +0800
@@ -1,3 +1,11 @@
+check-all-the-things (2017.01.15.1) unstable; urgency=high
+
+  * New release.
+- The "Check Shiny Things More Securely" release
+- Fix perlcritic to not execute code from the current dir
+
+ -- Paul Wise <p...@debian.org>  Thu, 27 Apr 2017 20:34:00 +0800
+
 check-all-the-things (2017.01.15) unstable; urgency=high
 
   * New release.


signature.asc
Description: This is a digitally signed message part

Bug#851678: jessie-pu: package openchange/1:2.2-6+deb8u1

[Paul Wise]

On Mon, 2017-04-24 at 22:12 +0100, Adam D. Barratt wrote:

> That sounds okay, although I wonder if it's worth mentioning the unusual
> version progression in the changelog.

I've rebuilt the package including this additional changelog entry:

  * Use version -6+ instead of -5+ because samba-libs conflicts with
openchangeproxy (<< 1:2.2-6), making openchangeproxy -5+ uninstallable.

The result has been uploaded and is on its way to pu-new.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#857711: unblock: needrestart-session/0.3-4.1

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please update the unblock for package needrestart-session to 0.3-4.1,
it fixes being able to find processes that need to be restarted and
fixes a crash when double-clicking on apps to highlight their windows.

The first one makes this package actually work and the second one
fixes a feature that is advertised directly in the user interface
so is likely to cause complaints from users when it causes crashes.

unblock needrestart-session/0.3-4.1

The maintainer requested that I do this upload/unblock on his behalf.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru needrestart-session-0.3/debian/changelog needrestart-session-0.3/debian/changelog
--- needrestart-session-0.3/debian/changelog	2017-03-10 23:18:08.0 +0800
+++ needrestart-session-0.3/debian/changelog	2017-03-14 15:37:11.0 +0800
@@ -1,3 +1,11 @@
+needrestart-session (0.3-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix path to needrestart, now shows same results (Closes: #787291)
+  * Don't fork before system(), fixes crash on double-click (Closes: #857703)
+
+ -- Paul Wise <p...@debian.org>  Tue, 14 Mar 2017 15:37:11 +0800
+
 needrestart-session (0.3-4) unstable; urgency=high
 
   * Add dependency on adduser and add/delete new system user needrestart-dbus.
diff -Nru needrestart-session-0.3/debian/patches/fix-crash.patch needrestart-session-0.3/debian/patches/fix-crash.patch
--- needrestart-session-0.3/debian/patches/fix-crash.patch	1970-01-01 08:00:00.0 +0800
+++ needrestart-session-0.3/debian/patches/fix-crash.patch	2017-03-14 15:35:06.0 +0800
@@ -0,0 +1,16 @@
+Description: fix crash when double-clicking on items in the list
+Author: Paul Wise <p...@debian.org>
+Bug-Debian: https://bugs.debian.org/857703
+Forwarded: no
+Last-Update: 2017-03-14
+--- a/needrestart-x11
 b/needrestart-x11
+@@ -272,8 +272,6 @@
+ sub OnAppsDClick {
+ my ($frame, $event) = @_;
+ 
+-my $pid = fork();
+-
+ system(qw(wmctrl -i -a), $plist[$event->GetIndex]->{winid}) if(exists($plist[$event->GetIndex]->{winid}));
+ }
+ 
diff -Nru needrestart-session-0.3/debian/patches/fix-path.patch needrestart-session-0.3/debian/patches/fix-path.patch
--- needrestart-session-0.3/debian/patches/fix-path.patch	1970-01-01 08:00:00.0 +0800
+++ needrestart-session-0.3/debian/patches/fix-path.patch	2017-03-14 15:35:39.0 +0800
@@ -0,0 +1,16 @@
+Description: fix failure to find processes to restart
+Author: Paul Wise <p...@debian.org>
+Bug-Debian: https://bugs.debian.org/787291
+Forwarded: no
+Last-Update: 2017-03-14
+--- a/needrestart-x11
 b/needrestart-x11
+@@ -132,7 +132,7 @@
+ 
+ # get user processes required to be restarted
+ my %fnames;
+-my $fh = nr_fork_pipe(0, qw(needrestart -b));
++my $fh = nr_fork_pipe(0, qw(/usr/sbin/needrestart -b));
+ $frProgress->SetTitle(q(Scanning processes...)) if(defined($frProgress));
+ while(<$fh>) {
+ 	chomp;
diff -Nru needrestart-session-0.3/debian/patches/series needrestart-session-0.3/debian/patches/series
--- needrestart-session-0.3/debian/patches/series	1970-01-01 08:00:00.0 +0800
+++ needrestart-session-0.3/debian/patches/series	2017-03-14 15:32:14.0 +0800
@@ -0,0 +1,2 @@
+fix-crash.patch
+fix-path.patch


signature.asc
Description: This is a digitally signed message part

Bug#857431: unblock: needrestart-session/0.3-4

[Paul Wise]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package needrestart-session, it creates the user needed
to run the dbus service which is needed for this package to work.

unblock needrestart-session/0.3-4

The maintainer requested that I file this unblock on his behalf.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru needrestart-session-0.3/debian/changelog needrestart-session-0.3/debian/changelog
--- needrestart-session-0.3/debian/changelog	2016-12-23 16:05:51.0 +0800
+++ needrestart-session-0.3/debian/changelog	2017-03-10 23:18:08.0 +0800
@@ -1,3 +1,10 @@
+needrestart-session (0.3-4) unstable; urgency=high
+
+  * Add dependency on adduser and add/delete new system user needrestart-dbus.
+Closes: #855788, #857077
+
+ -- Patrick Matthäi   Fri, 10 Mar 2017 16:18:08 +0100
+
 needrestart-session (0.3-3) unstable; urgency=medium
 
   * Bump Standards-Version to 3.9.8 (no changes required).
diff -Nru needrestart-session-0.3/debian/control needrestart-session-0.3/debian/control
--- needrestart-session-0.3/debian/control	2016-12-23 16:05:51.0 +0800
+++ needrestart-session-0.3/debian/control	2017-03-10 23:18:08.0 +0800
@@ -11,6 +11,7 @@
 Depends: ${perl:Depends},
  ${misc:Depends},
  needrestart (>= 2.0),
+ adduser,
  libnet-dbus-perl,
  libproc-processtable-perl,
  libwx-perl,
diff -Nru needrestart-session-0.3/debian/needrestart-session.postinst needrestart-session-0.3/debian/needrestart-session.postinst
--- needrestart-session-0.3/debian/needrestart-session.postinst	1970-01-01 08:00:00.0 +0800
+++ needrestart-session-0.3/debian/needrestart-session.postinst	2017-03-10 23:18:08.0 +0800
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+configure)
+adduser --system --no-create-home --home /nonexistent --quiet needrestart-dbus || true
+;;
+abort-upgrade|abort-remove|abort-deconfigure)
+;;
+*)
+echo "postinst called with unknown argument \`$1'" >&2
+exit 1
+;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff -Nru needrestart-session-0.3/debian/needrestart-session.postrm needrestart-session-0.3/debian/needrestart-session.postrm
--- needrestart-session-0.3/debian/needrestart-session.postrm	1970-01-01 08:00:00.0 +0800
+++ needrestart-session-0.3/debian/needrestart-session.postrm	2017-03-10 23:18:08.0 +0800
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+purge)
+if getent passwd|grep -q ^needrestart-dbus: ; then
+userdel needrestart-dbus 2>&1 > /dev/null || true
+fi
+;;
+upgrade|remove|failed-upgrade|abort-install|abort-upgrade|disappear)
+;;
+*)
+echo "postrm called with unknown argument \`$1'" >&2
+exit 1
+esac
+
+#DEBHELPER#
+
+exit 0


signature.asc
Description: This is a digitally signed message part

Bug#851678: openchangeproxy: uninstallable in jessie, broken by samba

[Paul Wise]

Control: tags 838671 + patch

On Tue, 17 Jan 2017 14:58:22 +0100 Andreas Beckmann wrote:

> openchange also FTBFS in stable:

FYI, I've a patch from upstream, waiting on release team approval:

https://bugs.debian.org/851678

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: [debian-www] Please add mips64el to stretch and add pages for buster

[Paul Wise]

On Mon, Feb 6, 2017 at 5:45 AM, Niels Thykier wrote:

> Here are two updated patches.

Committed.

Removed some trailing whitespace and moved your name to Patch-by.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#851678: jessie-pu: package openchange/1:2.2-5+deb8u1

[Paul Wise]

Control: retitle -1 jessie-pu: package openchange/1:2.2-6+deb8u1

On Sat, 2017-01-21 at 10:13 +0100, Andreas Beckmann wrote:

> But openchangeproxy will still not be installable in jessie since
> samba-libs has
> 
> Conflicts: openchangeproxy (<< 1:2.2-6)

I forgot about that. Since 1:2.2-6 was once in Debian, it would be
probably best to use 1:2.2-6~deb8u1 but that doesn't match what samba
used in the Breaks, so it will have to be 1:2.2-6+deb8u1, which should
be fine since 1:2.2-7 was the latest version in Debian stretch.
I'll change the version number and upload once I have an ack.

http://snapshot.debian.org/package/openchange/

> Lowering this to (<< 1:2.2-5+deb8u1) would require another samba upload
> to jessie (or piggybacking it on the next security upload).

I think that isn't a useful use of samba maintainer/buildd time :)

> Since noone has complained about this uninstallability so far in a
> production environment, maybe the package is not in wide use ... and
> dropping it might be another option.

Ack, though the version change I mention above should be fine though.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#851678: RM: openchange -- RoQA; incompatible with updated samba

[Paul Wise]

Control: retitle -1 jessie-pu: package openchange/1:2.2-5+deb8u1
Control: release.debian@packages.debian.org
Control: usertags -1 - rm + pu

On Wed, 18 Jan 2017 07:21:49 +0800 Paul Wise wrote:

> This looks like the API issue in openchangeproxy mentioned in the
> samba changelog from the build log messages you posted.
> 
> This is the openchange bug and patch for this specific FTBFS:
> 
> https://github.com/openchange/openchange/issues/249
> https://github.com/openchange/openchange/commit/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch

I've tested that this fixes the FTBFS in openchange.

I'm unable to test that openchangeproxy still works but the patch looks
like a fairly straight forward update to the newer samba APIs.

The rest of the binary packages still work fine in my tests. 

I've attached a patch for a pu to the openchange package in jessie.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
diff -Nru openchange-2.2/debian/changelog openchange-2.2/debian/changelog
--- openchange-2.2/debian/changelog	2014-09-22 07:00:28.0 +0800
+++ openchange-2.2/debian/changelog	2017-01-21 15:23:28.0 +0800
@@ -1,3 +1,9 @@
+openchange (1:2.2-5+deb8u1) jessie; urgency=medium
+
+  * Include upstream patch to fix FTBFS with samba 4.2
+
+ -- Paul Wise <p...@debian.org>  Sat, 21 Jan 2017 15:23:28 +0800
+
 openchange (1:2.2-5) unstable; urgency=medium
 
   * Disable mysql tests. Closes: #761559
diff -Nru openchange-2.2/debian/patches/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch openchange-2.2/debian/patches/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch
--- openchange-2.2/debian/patches/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch	1970-01-01 08:00:00.0 +0800
+++ openchange-2.2/debian/patches/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch	2017-01-21 15:20:31.0 +0800
@@ -0,0 +1,45 @@
+From 73a49af50bf0a496cfe62f49e60a662f1d04d685 Mon Sep 17 00:00:00 2001
+From: Julien Kerihuel <j.kerih...@openchange.org>
+Date: Thu, 20 Mar 2014 02:19:53 +0100
+Subject: [PATCH] Fix compilation with samba release > 4.1.4 - use new API
+ functions introduced to access opaque assoc_group_id
+
+---
+ mapiproxy/dcesrv_mapiproxy.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/mapiproxy/dcesrv_mapiproxy.c b/mapiproxy/dcesrv_mapiproxy.c
+index b4d39e7..33a69a6 100644
+--- a/mapiproxy/dcesrv_mapiproxy.c
 b/mapiproxy/dcesrv_mapiproxy.c
+@@ -132,10 +132,10 @@ static NTSTATUS mapiproxy_op_connect(struct dcesrv_call_state *dce_call,
+ 		
+ 		switch (dce_call->pkt.ptype) {
+ 		case DCERPC_PKT_BIND:
+-			b->assoc_group_id = dce_call->pkt.u.bind.assoc_group_id;
++			status = dcerpc_binding_set_assoc_group_id(b, dce_call->pkt.u.bind.assoc_group_id);
+ 			break;
+ 		case DCERPC_PKT_ALTER:
+-			b->assoc_group_id = dce_call->pkt.u.alter.assoc_group_id;
++			status = dcerpc_binding_set_assoc_group_id(b, dce_call->pkt.u.alter.assoc_group_id);
+ 			break;
+ 		default:
+ 			break;
+@@ -152,7 +152,7 @@ static NTSTATUS mapiproxy_op_connect(struct dcesrv_call_state *dce_call,
+ 		if (!NT_STATUS_IS_OK(status)) {
+ 			return status;
+ 		}
+-		dce_call->context->assoc_group->id = private->c_pipe->assoc_group_id;
++		dce_call->context->assoc_group->id = dcerpc_binding_get_assoc_group_id(private->c_pipe->binding);
+ 		
+ 	} else {
+ 		status = dcerpc_pipe_connect(dce_call->context,
+@@ -167,7 +167,7 @@ static NTSTATUS mapiproxy_op_connect(struct dcesrv_call_state *dce_call,
+ 		if (!NT_STATUS_IS_OK(status)) {
+ 			return status;
+ 		}
+-		dce_call->context->assoc_group->id = private->c_pipe->assoc_group_id;
++		dce_call->context->assoc_group->id = dcerpc_binding_get_assoc_group_id(private->c_pipe->binding);
+ 	}
+ 
+ 	private->connected = true;
diff -Nru openchange-2.2/debian/patches/series openchange-2.2/debian/patches/series
--- openchange-2.2/debian/patches/series	2014-09-22 07:00:17.0 +0800
+++ openchange-2.2/debian/patches/series	2017-01-21 15:23:28.0 +0800
@@ -1 +1,2 @@
 01_disable_mysql_tests
+73a49af50bf0a496cfe62f49e60a662f1d04d685.patch


signature.asc
Description: This is a digitally signed message part

Bug#851678: RM: openchange -- RoQA; incompatible with updated samba

[Paul Wise]

On Tue, Jan 17, 2017 at 10:26 PM, Andreas Beckmann wrote:

> I'm not perfectly convinced about this RM request, but something should
> happen with openchange in stable:

At $work we rely on openchange but not openchangeproxy. We know it was
removed from stretch and later but were assuming we could use it on
jessie, once we have migrated from wheezy. The wheezy to jessie
migration is blocked by some regression bugs in jessie Linux CIFS
support that we are in the process of debugging. Once we have fixed
that, we would like to start migrating systems to jessie. Post-jessie
we don't yet have a strategy but are looking into options.

> * openchangeproxy (1:2.2-5) is uninstallable in stable (#838671)
>   samba-libs has a Breaks: openchangeproxy (<< 1:2.2-6) that stems from
>   the first samba 4.2 upload to jessie-security:

I guess this could be fixed by a new upload that either drops
openchangeproxy or fixes the API/ABI usage.

> * openchange FTBFS in stable (I just mentioned this in #838671)
>   (the version in stable was most likely built against samba 2:4.1.13+dfsg-4)

This looks like the API issue in openchangeproxy mentioned in the
samba changelog from the build log messages you posted.

This is the openchange bug and patch for this specific FTBFS:

https://github.com/openchange/openchange/issues/249
https://github.com/openchange/openchange/commit/73a49af50bf0a496cfe62f49e60a662f1d04d685.patch

> * openchange was removed from unstable due to incompatibility with
>   newer samba versions

Unfortunately the openchange project is dead upstream so it won't be
coming back.

> * downside: openchange builds a lot more packages than just openchangeproxy
>   these are all still installable in stable (according to piuparts)

At $work we rely on openchangeclient and several of the -dev packages.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#851453: age-days: check-all-the-things/2017.01.15

[Paul Wise]

gelog
--- check-all-the-things-2016.12.25/debian/changelog	2016-12-25 08:02:09.0 +0800
+++ check-all-the-things-2017.01.15/debian/changelog	2017-01-15 10:37:30.0 +0800
@@ -1,3 +1,19 @@
+check-all-the-things (2017.01.15) unstable; urgency=high
+
+  * New release.
+- The "Check Things Securely Not Portably" release
+- Reset terminal modes after commands to avoid colour spew
+- Improve compatibility with Python 3.6
+- Update python checks to not work on other distros
+  because the `python -m` command is insecure
+- Update checkers removed from Debian - allow to run if installed
+- Update lrzip-test/zstd-test - add MIME types
+- Add lz4-test - check lz4 compressed files
+- Add path-max - check for non-portable path size macros
+- TODO items for deep-text-correcter sblint decopy
+
+ -- Paul Wise <p...@debian.org>  Sun, 15 Jan 2017 10:37:30 +0800
+
 check-all-the-things (2016.12.25) unstable; urgency=medium
 
   * New release.
diff -Nru check-all-the-things-2016.12.25/doc/TODO check-all-the-things-2017.01.15/doc/TODO
--- check-all-the-things-2016.12.25/doc/TODO	2016-12-25 07:43:10.0 +0800
+++ check-all-the-things-2017.01.15/doc/TODO	2017-01-15 10:37:30.0 +0800
@@ -26,6 +26,7 @@
 http://www.flycheck.org/en/latest/languages.html
 https://atomlinter.github.io/
 https://github.com/coala-analyzer/coala-bears/tree/master/bears
+https://github.com/coala/bear-docs
 https://github.com/alecthomas/gometalinter
 
 A mechanisms for filtering output is needed.
@@ -47,4 +48,9 @@
 
 Add the ability to suggest command-lines for installing missing tools
 
+Check if any tests contain dangerous commands:
+
+python -m
+python -c
+
 .. vim:ts=3 sw=3 et ft=rst


signature.asc
Description: This is a digitally signed message part

Re: typo in 8.3 release announce (News/2016/20160123)

[Paul Wise]

On Thu, Dec 29, 2016 at 9:36 PM, victory wrote:

> correction libraw   ... fix memory objects are not intialized properly
>  in*i*tialized

Fixed in CVS.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Release impact of introducing a new archive section?

[Paul Wise]

On Mon, Dec 12, 2016 at 5:22 AM, Josh Triplett wrote:

> If we can get every package to handle this entirely at runtime, then
> ideally I'd suggest archive metadata downloaded by apt.  That would have
> the advantage of automatically handling new sections, including for
> third-party archives.  Packaging it doesn't have that advantage, though
> it also seems logistically simpler.

A file in the archive with support code in apt would be much better,
especially since it could include translations too.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#836942: transition: glew

[Paul Wise]

On Thu, Sep 15, 2016 at 11:43 AM, Paul Wise wrote:

> Please introduce a copy of the old glew so that packages
> using GLEW MX can build and run on Debian stretch.

Since you declined I've now uploaded a glewmx source package to NEW.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#836942: transition: glew

[Paul Wise]

On Wed, Sep 7, 2016 at 8:15 PM, Matteo F. Vescovi wrote:

>  * quesoglc (0.7.2-5) -> FTBFS [G]

I'm disappointed that upstream completely removed GLEW MX support and
you did not notice that quesoglc and other packages use GLEW MX and
cannot build and work without it. Please introduce a copy of the old
glew so that packages using GLEW MX can build and run on Debian
stretch.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#836342: UDD/testing_autoremovals_gatherer.pl: Version in autoremoval notice may not be version actually checked

[Paul Wise]

Control: reassign -1 qa.debian.org
Control: retitle -1 UDD/testing_autoremovals_gatherer.pl: Version in 
autoremoval notice may not be version actually checked

On Fri, 2016-09-02 at 08:16 +0100, Rebecca N. Palmer wrote:

> That script looks like it gets version and bug information in one fetch 
> from UDD 
> (https://anonscm.debian.org/git/mirror/release-tools.git/tree/mailer/mail_autoremovals.pl#101),
>  
> which I took to mean the problem was in what generated that information, 
> but I don't know Perl.

Looks like you are right. Sorry for second-guessing you and not investigating :(

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Bug#836342: UDD/testing_autoremovals_gatherer.pl: Version in autoremoval notice may not be version actually checked

[Paul Wise]

Control: reassign -1 release.debian.org
Control: retitle -1 Version in autoremoval notice may not be version
actually checked

As you can see in the headers of the mail, the autoremoval warnings
are sent by the release team not the QA infrastructure.

On Fri, Sep 2, 2016 at 5:33 AM, Rebecca N. Palmer
 wrote:

> Package: qa.debian.org
> Severity: minor
> User: qa.debian@packages.debian.org
> Usertags: udd
>
> When a package has recently migrated, one may receive an autoremoval warning
> that lists the new version of the package, but a problem only the old
> version had.
>
> Example (1.1.2-4 had the problem, 1.1.2-5 doesn't, and is no longer listed
> for autoremoval):
>
>  Forwarded Message 
> Subject: [Pkg-opencl-devel] beignet 1.1.2-5 MIGRATED to testing
> Date: Tue, 23 Aug 2016 16:39:10 +
> From: Debian testing watch 
> To: beig...@packages.debian.org
>
> FYI: The status of the beignet source package
> in Debian's testing distribution has changed.
>
>   Previous version: 1.1.2-4
>   Current version:  1.1.2-5
>
> ---
>
>  Forwarded Message 
> Subject: [Pkg-opencl-devel] beignet is marked for autoremoval from testing
> Date: Wed, 24 Aug 2016 04:39:03 +
> From: Debian testing autoremoval watch 
> To: beig...@packages.debian.org
>
> beignet 1.1.2-5 is marked for autoremoval from testing on 2016-09-04
>
> It (build-)depends on packages with these RC bugs:
> 818380: clang-3.7: __builtin_return_address() segfaults on s390x

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: gpg can't check signature for some source packages

[Paul Wise]

On Fri, Aug 26, 2016 at 9:49 AM,  taro110 wrote:

> Hi, I am building some packages by myself
> and facing gpg verification error. e.g.,

Please ask your question on the mentors list instead:

https://lists.debian.org/debian-mentors/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Transition news: GCC 6 enabled by default

[Paul Wise]

On Sun, Aug 7, 2016 at 9:18 PM, Dirk Eddelbuettel wrote:

> Let me know if I should take this to debian-devel or some other list.

I'm not part of the release team, but I expect you probably should
read the documentation and then file a bug report, the release team
often emphasises bug reports over mailing list posts.

https://wiki.debian.org/Teams/ReleaseTeam/Transitions

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

[release-tools] [PATCH] testing.pl is gone, update links to it to qa.d.o/excuses.php

[Paul Wise]

---
 queue-viewer/overview.xslt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queue-viewer/overview.xslt b/queue-viewer/overview.xslt
index 0ec63f0..d79127c 100644
--- a/queue-viewer/overview.xslt
+++ b/queue-viewer/overview.xslt
@@ -201,7 +201,7 @@
   
 verproblems
 
-  /migration/testing.pl?package=
+  https://qa.debian.org/excuses.php?package=
 
 
   
-- 
2.8.1

Re: [Stretch] Status for architecture qualification

[Paul Wise]

On Wed, 2016-06-15 at 01:37 +0300, Dimitri John Ledkov wrote:

> At the openmainframeproject EU meetup, it was indicated that SUSE
> joined with indication that Open Build Service might be able to use
> resources hosted by Marist.
> 
> I wonder if it makes sense to reach out, and see if there are
> resources available to use as porter boxes & build boxes. That way
> Debian might be able to get such donated resource available on ongoing
> basis and hopefully with some hw support.

Marist already support Debian with an s390x buildd:

ldapsearch -LLL -x -h db.debian.org -b ou=hosts,dc=debian,dc=org  
"(sponsor=*marist*)"
https://db.debian.org/machines.cgi?host=zani

Our other sponsors for s390 are www.iic.kit.edu and www.zivit.de:

ldapsearch -LLL -x -h db.debian.org -b ou=hosts,dc=debian,dc=org  
"(architecture=s390*)" sponsor

-- 

bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#827275: release.debian.org: hint pixbros back into testing

[Paul Wise]

Package: release.debian.org
Severity: wishlist

pixbros was removed from testing due to an RC bug. I have fixed the RC
bug but it is not migrating back into testing because it is an arch all
package that depends on an 32-bit-only package (fenix) that has never
been available on amd64 but britney seems to want it on amd64:

11 days old (needed 10 days)
pixbros/amd64 unsatisfiable Depends: fenix
pixbros/amd64 unsatisfiable Depends: fenix-plugins-system
Not considered

-- 

bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: [Reproducible-builds] [Reproducible] On making Stretch self-contained IRT to reproducibility

[Paul Wise]

On Wed, Mar 9, 2016 at 5:24 PM, Holger Levsen wrote:

> I dont think doing thousands of sourceful uploads is realistic nor useful

Now that we have source-only uploads, it should be fairly easy to do
on a fast network. Just a for loop around apt-get source, dch, debuild
-S, debsign, dupload.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: glibc hardening patch

[Paul Wise]

On Wed, Mar 2, 2016 at 3:34 AM,  bancfc wrote:

> Hi. After the recent glibc debacle I came across a patch to harden this
> important library against common attack vectors. Please think about
> reviewing and adding in Debian. The author warned there may be some package
> breakage but nothing too serious:

It might be worth adding a lintian test for the cwd-relative RPATH
issue. I expect $ORIGIN-relative RPATHs are usually intentional
though.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise