Bug#1068326: bookworm-pu: package mksh/59c-28+deb12u1

[Thorsten Glaser]

Jonathan Wiltshire dixit:

>Please go ahead.

Thanks. Do you need a blurb for the point release notes
or something?

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1068326: bookworm-pu: package mksh/59c-28+deb12u1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: m...@packages.debian.org, t...@mirbsd.de
Control: affects -1 + src:mksh
User: release.debian@packages.debian.org
Usertags: pu

I would like to ask for pre-approval to uploading a
proposed stable update for mksh.

[ Reason ]
There was a discussion on d-devel that ended in suggesting that
the /etc/shells file should have both aliased paths for shells,
not just the canonical paths, since users could have $SHELL set
to either, and some software checks that $SHELL is in shells(5)
for security reasons. This change landed in sid and is included
here. I’ve also fixed the path wildcards for musl on ARM EABI.

I’ve also taken liberty to cherry-pick a few upstream bugfixes
and their relevant tests and to include two tiny FAQ updates
regarding POSIX compliance and future compatibility/directions.

[ Impact ]
Users of mksh can run into problems with privilege elevation
tools if they are on a usrmerge’d system if this is not applied,
and shell scripts can fail or even segfault.

[ Tests ]
The backported fixes have tests covering them, which all pass
when I build this in a nōn-usrmerged bookworm cowbuilder chroot
(mirroring the buildd setup). I tested the maintainer script
changes by installing the resulting .deb in a copy of both the
nōn-usrmerged bookworm chroot and a usrmerged sid chroot.

[ Risks ]
The patches are small and easy to review and have been in use
in sid for a while, except the three-line postinst change, which
I manually tested (and inspected both dash and bash to ensure
that test -ef does the right thing), so the risk is low.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
(see Reason above)

[ Other info ]
I’ve split the fixes into easier to review individual patches
for this upload, as git is “patches-applied” here, but I also
verified the resulting trees are identical.

While the test if the system is merged could possibly be
removed, I decided to leave it in as it’s easier to backport
this way. (When merging later, either the next upgrade or
dpkg-reconfigure of mksh fixes up /etc/shells next, or the
usrmerge utility does so.)
diff -Nru mksh-59c/debian/changelog mksh-59c/debian/changelog
--- mksh-59c/debian/changelog   2023-04-28 23:34:20.0 +0200
+++ mksh-59c/debian/changelog   2024-04-03 14:19:25.0 +0200
@@ -1,3 +1,15 @@
+mksh (59c-28+deb12u1) bookworm; urgency=low
+
+  * d/p/typeset-p-fix.diff, d/p/dot-args-fix.diff,
+d/p/crash-nest-bashism.diff: cherry-pick upstream bugfixes
+  * d/p/metadata-update.diff: cherry-pick relevant documentation
+changes and adjust user-visible version to indicate the
+above fixes were applied
+  * fix paths missing wildcards in lintian overrides, postinst, prerm
+  * cherry-pick usrmerge /etc/shells change (Closes: #1063905)
+
+ -- Thorsten Glaser   Wed, 03 Apr 2024 14:19:25 +0200
+
 mksh (59c-28) unstable; urgency=medium
 
   * Revert 59c-27 changes as mksh is, surprisingly, still a key
diff -Nru mksh-59c/debian/mksh.lintian-overrides 
mksh-59c/debian/mksh.lintian-overrides
--- mksh-59c/debian/mksh.lintian-overrides  2023-04-28 23:00:04.0 
+0200
+++ mksh-59c/debian/mksh.lintian-overrides  2024-04-03 13:25:50.0 
+0200
@@ -17,8 +17,8 @@
 # correct placement
 mksh: executable-in-usr-lib [usr/lib/diet/bin/mksh]
 mksh: executable-in-usr-lib [usr/lib/klibc/bin/mksh]
-mksh: executable-in-usr-lib [usr/lib/*-linux-musl/bin/mksh]
+mksh: executable-in-usr-lib [usr/lib/*-linux-musl*/bin/mksh]
 
 # these are to clean old add-shell(8) damage, not actually dereferenced
-mksh: bin-sbin-mismatch usr/bin/mksh -> bin/mksh [postinst]
-mksh: bin-sbin-mismatch usr/bin/mksh -> bin/mksh [prerm]
+mksh: bin-sbin-mismatch usr/bin/mksh* -> bin/mksh* [postinst]
+mksh: bin-sbin-mismatch usr/bin/mksh* -> bin/mksh* [prerm]
diff -Nru mksh-59c/debian/mksh.postinst mksh-59c/debian/mksh.postinst
--- mksh-59c/debian/mksh.postinst   2023-04-28 23:00:04.0 +0200
+++ mksh-59c/debian/mksh.postinst   2024-04-03 13:27:52.0 +0200
@@ -151,14 +151,18 @@
test -e /usr/bin/ksh || test -h /usr/bin/ksh || \
ln -s /bin/ksh /usr/bin/ksh
 
+   # determine usrmerge status
+   um=+
+   test /usr/bin/mksh -ef /bin/mksh || um=-
+
# add us to /etc/shells and clean up old add-shell-caused damage
# shellcheck disable=SC2046
mogrifyshells + /bin/mksh /bin/mksh-static \
-   - /usr/bin/mksh /usr/bin/mksh-static \
-   $(for x in \
+   $um /usr/bin/mksh /usr/bin/mksh-static \
+   - $(for x in \
/usr/lib/klibc/bin \
/usr/lib/diet/bin \
-   /usr/lib/*-linux-musl/bin \
+   /usr/lib/*-linux-musl*/bin \
; do echo "$x/mksh" 

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

Wookey dixit:

>And it worked beatifully. Thanks.

Nice!

>I'll try doing openjdk-20 next.

You’ll want 21 as 20 has not got the t64 treatment.

gl hf,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

Hi Wookey,

>OK, got those. but that's just binaries. It was the source changes I
>was looking for (or did I misunderstand and you didn't actually make
>any of those?),

Yes, I did not make any source changes. These were the last binaries
from before the t64 transition (I downloaded the .deb files unchanged)
with just control.tar.xz/control changed to allow installation given
the relevant libraries were already rebuilt for t64.

> but actually having an openjdk binaries is very useful
>too to satisfy the self-dependency without more faff.

Yes, that was their purpose.

>I'm no java expert so if anything breaks or it gets more complicated
>than 'get the right build-deps in (with care for t64-libs) somehow' I
>will indeed be asking questions :-)

Right. I’m no expert either, though :/

>> What was the actual problem with uploading the images you built? Just
>> not having any corresponding source? Or something more complicated?
>
>Answering my own question: There have been a couple of new openjdk-17
>uploads (latest is: 17_17.0.11~7ea-1) so Thorsten's bootstrap build
>(17.0.10+7-1) is out of date.

Yes, exactly: dak lacked the 17.0.10+7.orig.tar.* because sid already
moved to 17.0.11~7ea.orig.tar.*

>So I now have all the pieces (on armhf, not checked armel yet but
>hopefully it matches)

Depends, but 'apt install /tmp/*.deb' will tell you ;-)

>The build failed:
>
>An exception has occurred in the compiler (17.0.10). Please file a bug against 
>the Java compiler via the Java bug reporting page (https://bugreport.java.com) 
>after checking the Bug Database (https://bugs.java.com) for duplicates. 
>Include your program, the following diagnostic, and the parameters passed to 
>the Java compiler in your report. Thank you.
>java.io.UncheckedIOException: java.nio.file.FileSystemException: .: Value too 
>large for defined data type
>
>Don't worry about this. It's a an issue to do with building for 32 bit
>inside qemu on a 64-bit machine. I'll stop doing that and use real
>hardware :-/

Ouch. I was just wondering which filesystem you used, but yes,
there’s that known combined qemu/kernel/libc issue which cbmuser
is also constantly running into. I think switching to… sgixfs I
think? also makes it work, but I’m not sure.

https://sourceware.org/bugzilla/show_bug.cgi?id=23960#c73
sgixfs and btrfs, yeah, ext4 is problematic. But apparently,
LFS should fix this but Java is again special in that it’s
still problematic there.

Were you using qemu-user? qemu-system has its own kernel and
“should” be fine, modulo the usual qemu issues. Real hardware
is better (for many architectures even necessary).

Good luck,
//mirabilos
-- 
 exceptions: a truly awful implementation of quite a nice idea.
 just about the worst way you could do something like that, afaic.
 it's like anti-design.   that too… may I quote you on that?
 sure, tho i doubt anyone will listen ;)

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

On Wed, 27 Mar 2024, Wookey wrote:

>I looked at this last week, but got stuck because openjdk-17's
>build-deps included graphviz

Build-Depends-Indep: graphviz, pandoc

You don’t need that. Use dpkg-checkbuilddeps -B, or manual
inspection of the .dsc (packages.d.o does show the difference
between adep and idep but not the profiles, unfortunately,
and these can be key in ordering decisions).

>another blocked chain with ghostscript,cups and libgtk2 conflicting
>about their t64 status.

You do need the t64 versions of all that, and the latest openjdk-17
fixed the issue with libcups2 (Ubuntu initially forgot to move that
to t64 while Debian did that early, and openjdk-?? followed the
former).

> apt : Depends: libgnutls30 (>= 3.8.1) but it is not going to be installed

You should get that rebuilt, yes.
On the other hand, if everything else is falling into place, it’s
not a problem for apt to uninstall itself just in that one build
chroot ☻

> libasound2t64 : Breaks: libasound2 (< 1.2.11-1) but 1.2.10-3 is to be 
> installed
> libcups2t64 : Breaks: libcups2 (< 2.4.7-1.2) but 2.4.7-1+b1 is to be installed
> libnettle8t64 : Breaks: libnettle8 (< 3.9.1-2.2) but 3.9.1-2 is to be 
> installed

These are fine.

> libcups2 : Depends: libgnutls30 (>= 3.8.1) but it is not going to be installed

Force that away; nothing from this is actually used during the
openjdk build in a way sufficient to impact the build.

>But dose now says there is a solution, unlike last week.

Oh, dose… right… here I was checking all of them manually ^^
(which did give me a better impression of where to break the
cycles and what to upload earlier).

>> openjdk-21 is in a similar situation, build-depending on itself, while
>> openjdk-22 and openjdk-23 build-depend on -21 and -22 respectively.

>I presume the same, but don't actually know how old a java you can use
>to bootstrap each newer java. Is it always just one version?

AIUI it’s always just one version; I know it was so until 17,
but I don’t think this has loosened (I asked in IRC, but got
no answer until I went to sleep).

>> Presumably once we have a single OpenJDK version that is installable,
>> it would be possible to step through 18,19,20,21 building each version
>> with the previous one.

You’d have to patch them to both address the t64 issues and
make it imply nocheck (or quinn-diff doesn’t pick it up as
installable).

It’s best to get at least 17 and 21 (which AIUI is the one
we’ll want for trixie?) built this way. I think, unless
users complain, we can these days go without 8 and probably
even without 11.

(You’d be surprised at the amount of users wanting 8, so
I now provide those in a private repo of mine, but so far
amd64/i386-only has sufficed for those. For the purposes
for which 8 is still in sid, dropping armel and armhf will
_most likely_ also suffice; ELTS still wants them, but
rebuilt in jessie and stretch chroots so there is no re‐
bootstrapping to be done.)

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

On Tue, 26 Mar 2024, Jeffrey Walton wrote:

>Nothing beats a native compile in your basement.

Yes, definitely.

>> Do they run stock Debian armhf?
>
>So the CubieTruck is embarrassingly down level:

Oofff…

>The Wandboard is doing better:

Right, close enough anyway.

>I don't mind shipping to Europe if you don't mind paying the VAT. I
>think you will be the fourth or fifth Debian maintainer I've sent
>hardware to.

So sending from outside the eurozone, that can get tricky fast
(depending on the value, they also want import duties on top),
I think that might just be overkill for a oneshot helping out.
Let’s see if I can get an account on a project box first, or
work with someone who has. (I’m not intending to add going into
ARM development on top of what I already try to balance… right
now, I’m mostly helping m68k through t64, so Adrian does not
burn out, he’s also got sh4 and powerpc to do, and the whole
rest of d-ports with the mini-dak trouble of keeping old binary
packages around.)

But I do thank you for that offer.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

Hi Jeffrey,

I’m answering back from the $dayjob address because Googlemail
cannot communicate with normal mailservers.

>I can send you two dev boards, if you want them. The first is
>Wandboard Dual (Cortex-A9, ARMv7 with NEON), and the second is
>CubieTruck 5 (Cortex-A7, ARMv7 with NEON and VFPv4). Both work, but I
>don't use them much anymore. I've mostly moved on to Aarch64.

That is certainly an option, if you don’t want them any more and want
to ship them to .de, although it’ll likely take longer than just getting
access on a suitable project machine. RAM is tight on them, but with
swap the compiling should work. Both seem to have serial console, good.

Do they run stock Debian armhf?

Thanks,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1036884: transition: time64_t - openjdk-17 needs re-bootstrap on armel,armhf

[Thorsten Glaser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384

Hi,

>In the -ports world, hppa doesn't have Java anyway, while m68k, powerpc
>and sh4 seem to have had a re-bootstrap at some point; so I think it's
>only the release architectures armel and armhf that have a problem here.

I hacked that, and I tried to do armel and armhf as well but
dak stopped me, whereas mini-dak was not as strict.

I did the observation that doko changed their source packages
to have the binaries Recommend instead of Depend on the libraries
in question. (Unfortunately neither before the transition started
nor coordinated with the openjdk-8 maintainer (me).)

I downloaded the latest binary packages of openjdk-{8,11,17,21},
changed all references to the libraries in question to refer to
their t64 counterparts, bumped the version number, repacked the
.deb files and updated the .changes files as if to do a binNMU.
After uploading, I used wanna-build to set the priority high so
they get rebuilt before someone considers using them.

mini-dak accepted these, but dak requires that the archive has
the corresponding source available, and since new versions (the
part before the Debian hyphen-minus) had already been uploaded,
it did not have them at hand any more either.

The rebuild process succeeded, as openjdk building itself does
indeed not use the libraries in question (or at least those
parts of their interface that are time_t-relevant).

I don’t have access to a fast armel machine (only an RPi 1) and
to no armhf machine, so I’m not in the situation of throwing the
.debs from above into a chroot to rebuild the current sources.
I *was* considering writing to whereever the t64 transition was
coordinated for ARM, we’re using #debian-ports on OFTC for the
d-ports architectures and I couldn’t find out where to write to
for arm{el,hf}, so this mail of yours comes at a good time ;-)

The options for the armel/armhf porters are to either get the
.debs from me, install them in a chroot, and then the other B-D,
and rebuild the packages, or to use dpkg --force-depends to
install the dependencies (which makes it hard to use apt to
install the other ones unless you also edit /var/lib/dpkg/status
by hand first, something I was already used to from my reviving
m68k back in 2012–2015) into the chroot then rebuild there.

I will gladly help if it’s made possible for me to help. This
cannot be done on a porterbox because it’s still impossible to
either install arbitrary .debs into a chroot there or to obtain
root in the chroot to be able to force installation in the absence
of some Depends.

So if you have a fast armhf box or two, ideally with chroots
already made for sid, which you don’t mind temporarily giving
me root on, I’m in, otherwise I’ll answer questions from these
doing that work if needed.

I *think* 8/11/17/21 are the only versions we need to handle.

This does save us from having to rebootstrap this.

bye,
//mirabilos
- -- 
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (MirBSD)
Comment: ☃ ЦΤℱ—８　☕☂☄

iQIcBAEBCQAGBQJmA0vXAAoJEHa1NLLpkAfg0ZQQAI7P7qoVfADQrrsuNHAShvTB
lRvuK1br7bHRmqUx89dDwjOG1k0Xji3X3OURZldlhPCk99SJxQP3DLoCX5cmCzIA
IDyq+GoxREjJ/uyb4b6/qTAgSh7ZdRqxEfbVLsukL1i+wRs6dNw2Wg64i/R538jE
+yncg7zMyrWSA+3815i7BRfdMZBEk9E1qgW3hlnhueVfgANuyBLzzJchSstjunqE
0OcIukVQ30HaWaALmAfGcl7lcfM0sUFXL+EVpA8aBsVWNzZHtMIPnmI+yx8X4NOo
BOkfcYbPI928VZ/91meibSb9FXk8ShnO+zv+gU6dX74RlVoqOIeg6UQ/r2Cy+Up9
ssnksqTWTSkw1/n9bRNNiU8/O4kI5xV6FCUk2CaOsk+diQfXpoga50TR6DRM52tp
mjtBetkI1qK9vA0Y1VS+KoPp/FDYwFBKXiU3Jax9L7koaT5wGCurILqNTbDGVe19
2nmnphBUeIFniPByiItSEv7jH9GgxZyrwRvonYYpDXNeXFa0ymTNzKzrIG2ZqMrz
LcELgtIb6OD+WDYajUMOlTRBj2N9rFodruKyMcdUfc4so3OoFnS3cOdBvWBk/NdX
sFRgES39Ak5xgA3f4hP2ba03KZOFH2iIT3M8ZtZhH7eOIdhErKIUG0t6hxpWFdiV
ntE5WUlefRxovhbTOXKa
=KoS1
-END PGP SIGNATURE-

Re: openjdk-8 vs. nvidia-openjdk-8-jre

[Thorsten Glaser]

Moritz Muehlenhoff dixit:

>No, we have enough OpenJDK releases to look after already.

OK, it was just a thought.

Thanks,
//mirabilos
-- 
[00:02]  gecko: benutzt du emacs ?
[00:03]  nö  [00:03]  nur n normalen mac
[00:04]  argl   [00:04]  ne den editor
-- Vutral und gecko2 in #deutsch (NB: Editor? Betriebssystem.)

openjdk-8 vs. nvidia-openjdk-8-jre

[Thorsten Glaser]

Hi,

TIL about the existence of nvidia-openjdk-8-jre.

Would it not be better to drop that and remove the bug deliberately
blocking openjdk-8 from entering testing/stable? We only added it so
there does not have to be formal security support for more than one
release.

And I’ve been building openjdk-8 for buster/bullseye/bookworm for a
while already, privately (for i386 and amd64), anyway, as people are
still using it, and *buntu also ships it and updates it in all LTS
releases. Freexian ELTS is also supporting it in jessie and stretch,
for the architectures these support.

The other side would be nvidia-openjdk-8-jre is in non-free and only
available for two architectures, so less people would install it, and
it’s JRE-only, AFAICT. If worry about people installing openjdk-8 is
a factor, I can understand the split, but from a technical PoV I don’t
see the duplication as a good solution.

Options are probably: keep things as is, drop nvidia-openjdk-8-jre in
favour of openjdk-8 in trixie/sid, or drop it everywhere and build
openjdk-8 for {,{,old}old}stable as well. I don’t mind any, I just
wondered and wanted to provide an impulse to think about this.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1039047: bookworm-pu: package cvs/2:1.12.13+real-28+deb12u1

[Thorsten Glaser]

Jonathan Wiltshire dixit:

>Please go ahead.

Thanks, uploaded.

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#1039047: bookworm-pu: package cvs/2:1.12.13+real-28+deb12u1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: c...@packages.debian.org, t...@mirbsd.de
Control: affects -1 + src:cvs

Pre-approval with debdiff.

[ Reason ]
CVS was always compiled with --with-rsh=ssh but the configure
script ignored that and used rsh because it could not find an
ssh binary in the PATH at compile time. This used to be not a
problem because ssh was aliased to rsh but in bookworm it no
longer is.

[ Impact ]
Users are unable to cvs update or cvs commit or anything else
unless they manually export CVS_RSH=ssh or change their access
method from :ext: to :extssh: (which is a relatively new thing
and may not be universally known, e.g. to frontends).

If this is rejected, I’d suggest the $CVS_RSH workaround be
added to the release notes, if they can be changed at this
point in time.

[ Tests ]
The change switches the cpp macro RSH_DFLT, which is used in
only two places to set the default rsh. I have tested this as
part of the larger changes in tonight’s sid upload, and code
inspection shows this has no effect on unrelated code.

[ Risks ]
See above, this is a no-risk change.

[ Checklist ]
  [✓] *all* changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in (old)stable
  [✓] the issue is verified as fixed in unstable

[ Changes ]
Pass the full path to ssh(1) to configure so it’s actually used.
diff -u cvs-1.12.13+real/debian/changelog cvs-1.12.13+real/debian/changelog
--- cvs-1.12.13+real/debian/changelog
+++ cvs-1.12.13+real/debian/changelog
@@ -1,3 +1,9 @@
+cvs (2:1.12.13+real-28+deb12u1) bookworm; urgency=high
+
+  * configure-time hardcode full path for ssh(1) (Closes: #1038926)
+
+ -- Thorsten Glaser   Sat, 24 Jun 2023 19:48:48 +0200
+
 cvs (2:1.12.13+real-28) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -u cvs-1.12.13+real/debian/rules cvs-1.12.13+real/debian/rules
--- cvs-1.12.13+real/debian/rules
+++ cvs-1.12.13+real/debian/rules
@@ -66,7 +66,7 @@
--without-krb4 \
--with-gssapi \
--with-external-zlib \
-   --with-rsh=ssh \
+   --with-rsh=/usr/bin/ssh \
--with-editor=/usr/bin/editor \
--with-tmpdir=/var/tmp \
--with-umask=002 \

Bug#1036175: unblock: mksh/59c-28

[Thorsten Glaser]

   substitution and fix the other place it was not reentrant
+  as well (by moving function-static storage to stack/heap);
+  crash discovered by Riccardo Felici, USI Lugano
+  * Revert RCS ID changes, but assign individual version datestamp
+
+ -- Thorsten Glaser   Fri, 28 Apr 2023 23:34:20 +0200
+
 mksh (59c-26) unstable; urgency=medium
 
   * Fixup more update-shells breakage also found by piuparts
diff -pruN mksh-59c-26/mbsdint.h mksh-59c-28/mbsdint.h
--- mksh-59c-26/mbsdint.h   2023-05-16 19:13:21.0 +0200
+++ mksh-59c-28/mbsdint.h   2023-05-16 19:13:32.0 +0200
@@ -675,7 +675,7 @@ mbiCTAS(mbsdint_h) {
 #define mbiK_sr(ut,n,vl,vr,vz) mbiK_SR(ut, mbiTYPE_UBITS(ut), n, vl, vr, vz)
 #define mbiMK_sr(ut,FM,n,l,r,z)mbiMM(ut, (FM), mbiK_SR(ut, 
mbiMASK_BITS(FM), \
n, mbiMM(ut, (FM), (l)), (r), (z)))
-#define mbiK_SR(ut,b,n,l,r,vz) mbiK_RS(ut, b, n, l, mbiUI(r) & (b - 1U), (vz))
+#define mbiK_SR(ut,b,n,l,r,vz) mbiK_RS(ut, b, n, l, mbiUI(r) % mbiUI(b), (vz))
 #define mbiK_RS(ut,b,n,v,cl,zx)mbiOT(ut, cl, n(ut, v, cl, b - (cl), 
zx), v)
 #define mbiK_shl(ut,ax,cl,CL,z)mbiOshl(ut, ax, cl)
 #define mbiK_shr(ut,ax,cl,CL,z)mbiOshr(ut, ax, cl)
diff -pruN mksh-59c-26/sh.h mksh-59c-28/sh.h
--- mksh-59c-26/sh.h2023-05-16 19:13:21.0 +0200
+++ mksh-59c-28/sh.h2023-05-16 19:13:32.0 +0200
@@ -235,7 +235,7 @@
 #define __SCCSID(x)__IDSTRING(sccsid,x)
 #endif
 
-#define MKSH_VERSION "R59 2023/01/31"
+#define MKSH_VERSION "R59 2023/04/28"
 
 /* shell types */
 typedef unsigned char kby; /* byte */
@@ -2150,6 +2150,7 @@ struct ioword {
 #define IOBASH BIT(10) /* &> etc. */
 #define IOHERESTR  BIT(11) /* <<< (here string) */
 #define IONDELIM   BIT(12) /* null delimiter (<<) */
+#define IOSYNIONEXTBIT(13) /* already fully configured */
 
 /* execute/exchild flags */
 #define XEXEC  BIT(0)  /* execute without forking */
diff -pruN mksh-59c-26/shf.c mksh-59c-28/shf.c
--- mksh-59c-26/shf.c   2023-05-16 19:13:21.0 +0200
+++ mksh-59c-28/shf.c   2023-05-16 19:13:32.0 +0200
@@ -837,20 +837,15 @@ shf_smprintf(const char *fmt, ...)
 char *
 kslfmt(ksl number, kui flags, char *numbuf)
 {
+   /* easy for positive number */
+   if (number >= 0)
+   return (kulfmt((kul)number, flags, numbuf));
+   /* negative signed quantity */
if (!IS(flags, FM_TYPE, FL_SGN)) {
-   /* uh-oh, unsigned? what? be bitwise faithful here */
-   union {
-   /*XXX hopefully not UB… */
-   ksl s;
-   kul u;
-   } v;
-
-   v.s = number;
-   return (kulfmt(v.u, flags, numbuf));
+   /* uh-oh, output a signed quantity unsignedly */
+   return (kulfmt(KSL2UL(number), flags, numbuf));
}
-   if (number < 0)
-   flags |= FL_NEG;
-   return (kulfmt(KSL2NEGUL(number), flags, numbuf));
+   return (kulfmt(KSL2NEGUL(number), flags | FL_NEG, numbuf));
 }
 
 /* pre-initio() */
@@ -892,13 +887,13 @@ kulfmt(kul number, kui flags, char *numb
number /= 10UL;
} while (number);
 
-   if (!IS(flags, FM_TYPE, FL_DEC)) {
+   if (IS(flags, FM_TYPE, FL_SGN)) {
if (HAS(flags, FL_NEG))
*--cp = '-';
else if (HAS(flags, FL_PLUS))
*--cp = '+';
else if (HAS(flags, FL_BLANK))
-   *--cp = '-';
+   *--cp = ' ';
}
break;
}
diff -pruN mksh-59c-26/syn.c mksh-59c-28/syn.c
--- mksh-59c-26/syn.c   2023-05-16 19:13:21.0 +0200
+++ mksh-59c-28/syn.c   2023-05-16 19:13:32.0 +0200
@@ -191,19 +191,16 @@ static struct ioword *
 synio(int cf)
 {
struct ioword *iop;
-   static struct ioword *nextiop;
Wahr ishere;
 
-   if (nextiop != NULL) {
-   iop = nextiop;
-   nextiop = NULL;
-   return (iop);
-   }
-
if (tpeek(cf) != REDIR)
return (NULL);
ACCEPT;
iop = yylval.iop;
+   if (iop->ioflag & IOSYNIONEXT) {
+   iop->ioflag &= ~IOSYNIONEXT;
+   return (iop);
+   }
ishere = (iop->ioflag & IOTYPE) == IOHERE;
if (iop->ioflag & IOHERESTR) {
musthave(LWORD, 0);
@@ -228,17 +225,21 @@ synio(int cf)
if (iop->ioflag & IOBASH) {
char *cp;
 
-   nextiop = alloc(sizeof(*iop), ATEMP);
-   nextiop->ioname = cp = alloc(3, ATEMP);
+   iop->ioflag &= ~IOBASH;
+
+   cp = alloc(sizeof(struct io

Bug#1032993: release.debian.org: key packages: mksh should not be a key package

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: t...@mirbsd.de

I already mentioned this as an aside in #986431 but here’s it
as a separate bugreport.

mksh is only a key package because shunit2 build-depends on it.
(Would be nice if the key package status is shown in tracker or so…
I was surprised by its presence in the list.)

However, shunit2 only uses it at build time to run its tests
against and its testsuite runner only fails if the last shell,
which is zsh, fails.

Bug#1006452: RM: minify-maven-plugin/1.7.4-1.1 -- RoM: old and not useful

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@mirbsd.de

Please consider removing minify-maven-plugin from both buster and bullseye:

minify-maven-plugin is currently only in Debian to satisfy a Build-Depends
of guacamole-client on libminify-maven-plugin-java (its binary package).

However, guacamole-client is in bad shape and has last worked in stretch;
newer guacamole-client versions will require minify-maven-plugin 2.0.1
anyway, so this version is not necessary to carry around.

I’ve also filed an RC bug against the package to keep it out of bookworm
unless both updated and guacamole-client attempts to make the release.

Bug#1006450: RM: angular-maven-plugin/0.3.4-3

[Thorsten Glaser]

Thorsten Glaser dixit:

>As explained in #111 it’s only an r-bd for an old version of

Oops, sent too early… #1006449 this should be.

bye,
//mirabilos
-- 
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...

Bug#1006450: RM: angular-maven-plugin/0.3.4-3

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@mirbsd.de

Please remove angular-maven-plugin/0.3.4-3 from both buster and bullseye.
As explained in #111 it’s only an r-bd for an old version of
guacamole-client, and the latter is present only in stretch anyway,
so this plugin isn’t useful in Debian. It is bound to the unsupported
major version 1 of AngularJS.

Bug#1006447: RM: evenement/3.0.1-2.1, php-cocur-slugify/4.0.0-2, php-defuse-php-encryption/2.2.1-1.1, php-dflydev-fig-cookies/2.0.0-1.1, php-embed/3.3.9-1.1, php-fabiang-sasl/1.0.1-1, php-markdown/1.8

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@mirbsd.de

Hi,

these are otherwise unused r-deps for movim, which did not make the
release. They were also just removed from unstable, since the movim
packaging project was abandoned (I asked the other team maintainers
and there’s no interest in continuing it), cf. #1006401

These packages were usable in buster but not usable in or updated
for bullseye, so I suggest also removing them from bullseye, or at
least clearly marked as unsupported. (I orphaned those that *are*
used and informed the respective sole r-dependency remaining.)

Bug#1006417: buster-pu: package php-illuminate-database/5.7.27-1+deb10u1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@mirbsd.de

[ Reason ]
These are two security-related backports by the new maintainer
of these binary packages for bullseye and up. I’ve been asked
to do this via the upcoming point release by the security team.

[ Impact ]
Two pending security fixes of SQL injection type not applied.

[ Tests ]
The new maintainer, who backported these fixes, has tested them
with upstream’s testsuite and provided tests for the issues
themselves.

[ Risks ]
These are backports of the patches for later versions, so
the risk is low, I guess. I’m not sufficiently familiar with
the codebase to judge myself, but they look plausible at a
quick glance.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Apply two patches prepared by the new maintainer and change
the Maintainer field to them.
diff -Nru php-illuminate-database-5.7.27/debian/changelog 
php-illuminate-database-5.7.27/debian/changelog
--- php-illuminate-database-5.7.27/debian/changelog 2019-02-22 
20:06:21.0 +0100
+++ php-illuminate-database-5.7.27/debian/changelog 2022-02-25 
00:53:26.0 +0100
@@ -1,3 +1,15 @@
+php-illuminate-database (5.7.27-1+deb10u1) buster; urgency=medium
+
+  [ Robin Gustafsson ]
+  * Security fix: Query Binding Exploitation (Closes: #980899)
+Fixes CVE-2021-21263
+  * Security fix: SQL injection with Microsoft SQL Server (Closes: #987848)
+
+  [ Thorsten Glaser ]
+  * Update Maintainer, upload to oldstable as security fixpack
+
+ -- Thorsten Glaser   Fri, 25 Feb 2022 00:53:26 +0100
+
 php-illuminate-database (5.7.27-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru php-illuminate-database-5.7.27/debian/control 
php-illuminate-database-5.7.27/debian/control
--- php-illuminate-database-5.7.27/debian/control   2019-02-22 
20:06:21.0 +0100
+++ php-illuminate-database-5.7.27/debian/control   2022-02-25 
00:53:26.0 +0100
@@ -1,7 +1,7 @@
 Source: php-illuminate-database
 Section: php
 Priority: optional
-Maintainer: Teckids Debian Task Force 
+Maintainer: Robin Gustafsson 
 Uploaders: Thorsten Glaser , Dominik George 

 Build-Depends: debhelper (>= 11~), pkg-php-tools (>= 1.7~)
 Standards-Version: 4.3.0
diff -Nru 
php-illuminate-database-5.7.27/debian/patches/0001-6.x-Limit-expected-bindings-35865.patch
 
php-illuminate-database-5.7.27/debian/patches/0001-6.x-Limit-expected-bindings-35865.patch
--- 
php-illuminate-database-5.7.27/debian/patches/0001-6.x-Limit-expected-bindings-35865.patch
  1970-01-01 01:00:00.0 +0100
+++ 
php-illuminate-database-5.7.27/debian/patches/0001-6.x-Limit-expected-bindings-35865.patch
  2022-02-25 00:51:21.0 +0100
@@ -0,0 +1,96 @@
+From: Taylor Otwell 
+Date: Wed, 13 Jan 2021 07:35:45 -0600
+Subject: [6.x] Limit expected bindings (#35865)
+
+* limit expected bindings
+
+* limit more bindings
+
+Origin: 
https://github.com/laravel/framework/commit/d0954f4574f315f0c2e9e65e92cc74b80eadcac1
+---
+ Query/Builder.php | 18 ++
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+--- a/Query/Builder.php
 b/Query/Builder.php
+@@ -654,7 +654,7 @@ class Builder
+ );
+ 
+ if (! $value instanceof Expression) {
+-$this->addBinding($value, 'where');
++$this->addBinding(is_array($value) ? head($value) : $value, 
'where');
+ }
+ 
+ return $this;
+@@ -1051,7 +1051,7 @@ class Builder
+ 
+ $this->wheres[] = compact('type', 'column', 'values', 'boolean', 
'not');
+ 
+-$this->addBinding($this->cleanBindings($values), 'where');
++$this->addBinding(array_slice($this->cleanBindings($values), 0, 2), 
'where');
+ 
+ return $this;
+ }
+@@ -1119,6 +1119,8 @@ class Builder
+ $value, $operator, func_num_args() === 2
+ );
+ 
++$value = is_array($value) ? head($value) : $value;
++
+ if ($value instanceof DateTimeInterface) {
+ $value = $value->format('Y-m-d');
+ }
+@@ -1158,6 +1160,8 @@ class Builder
+ $value, $operator, func_num_args() === 2
+ );
+ 
++$value = is_array($value) ? head($value) : $value;
++
+ if ($value instanceof DateTimeInterface) {
+ $value = $value->format('H:i:s');
+ }
+@@ -1197,6 +1201,8 @@ class Builder
+ $value, $operator, func_num_args() === 2
+ );
+ 
++$value = is_array($value) ? head($value) : $value;
++
+ if ($value instanceof DateTimeInterface) {
+ $value = $value->format('d');
+ }
+@@ -1236,6 +1242,8 @@ class Builder
+ $value, $operator, func_num_args() === 2
+ );
+ 
++$value = is_a

Re: #975016 - OpenJDK 17 support state for Bullseye

[Thorsten Glaser]

Hi Holger,

> and filed against src:debian-security-support, as openjdk-17 seems to be
> supported and src:debian-security-support's purpose is to documented what's

no, 11 is supported, 17 is just for users to run third-party
stuff on (IIUC).

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg


/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against  Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!

Bug#990973: unblock: mksh/59c-9

[Thorsten Glaser]

ded, there is no public archive any more, unfortunately
   (note: several freemail providers have issues with the list;
   use GMane (NNTP or web interface) to post in those cases)
 
diff -pruN mksh-59c-8/debian/changelog mksh-59c-9/debian/changelog
--- mksh-59c-8/debian/changelog 2021-05-31 02:42:55.0 +0200
+++ mksh-59c-9/debian/changelog 2021-07-10 22:08:30.0 +0200
@@ -1,3 +1,21 @@
+mksh (59c-9) unstable; urgency=medium
+
+  * Cherry-pick bugfixes from CVS HEAD:
+- stop referring to dead IRC network
+- check lower bounds of input line array when backspacing
+- protect against hi-bit7 (stty) EOF character
+- show error message and exit nōn-zero on stdout write failure
+  for builtin calls (Closes: #990265) + display correct errno
+- show error message in echo/print builtin on output write failure
+  (it exits 1 already in that case)
+- ensure macro calls don’t have side effects in arguments
+- properly flush stderr and unwind for direct builtin calls
+      (“ln -s /bin/mksh echo; ./echo …”)
+- fix truncation behaviour for internal snprintf equivalent
+  * Update upstream contact info accordingly
+
+ -- Thorsten Glaser   Sat, 10 Jul 2021 22:08:30 +0200
+
 mksh (59c-8) unstable; urgency=medium
 
   * Fix a -Wpointer-sign in escaping code

‣ Update upstream contact info accordingly

diff -pruN mksh-59c-8/debian/upstream/metadata 
mksh-59c-9/debian/upstream/metadata
--- mksh-59c-8/debian/upstream/metadata 2021-05-31 02:40:08.0 +0200
+++ mksh-59c-9/debian/upstream/metadata 2021-07-10 21:36:32.0 +0200
@@ -4,7 +4,7 @@
   "Bug-Submit": "mailto:miros-m...@mirbsd.org;,
   "Changelog": "http://www.mirbsd.org/mksh.htm#clog;,
   "Cite-As": "The MirBSD Korn Shell (http://www.mirbsd.org/mksh.htm\;>mksh)",
-  "Contact": "irc://irc.freenode.net/!%2Fbin%2Fmksh",
+  "Contact": "irc://irc.oftc.net/!%2Fbin%2Fmksh",
   "Documentation": "http://www.mirbsd.org/MirOS/dist/mir/mksh/mksh.pdf;,
   "Donation": "http://www.mirbsd.org/danke.htm;,
   "FAQ": "http://www.mirbsd.org/mksh-faq.htm;,

‣ Hunk 1, 2: check lower bounds of input line array when backspacing
‣ Hunk 3: protect against hi-bit7 (stty) EOF character

diff -pruN mksh-59c-8/edit.c mksh-59c-9/edit.c
--- mksh-59c-8/edit.c   2021-07-12 16:13:08.0 +0200
+++ mksh-59c-9/edit.c   2021-07-12 16:12:43.0 +0200
@@ -1677,7 +1677,7 @@ static char *
 x_bs0(char *cp, char *lower_bound)
 {
if (UTFMODE)
-   while ((!lower_bound || (cp > lower_bound)) &&
+   while ((cp > lower_bound) &&
((rtt2asc(*cp) & 0xC0) == 0x80))
--cp;
return (cp);
@@ -1688,7 +1688,7 @@ x_bs3(char **p)
 {
int i;
 
-   *p = x_bs0((*p) - 1, NULL);
+   *p = x_bs0((*p) - 1, xbuf);
i = x_size2(*p, NULL);
while (i--)
x_e_putc2('\b');
@@ -1843,10 +1843,11 @@ x_newline(int c MKSH_A_UNUSED)
 static int
 x_end_of_text(int c MKSH_A_UNUSED)
 {
-   unsigned char tmp[1], *cp = tmp;
+   unsigned char tmp[2], *cp = tmp;
 
*tmp = isedchar(edchars.eof) ? (unsigned char)edchars.eof :
(unsigned char)CTRL_D;
+   tmp[1] = '\0';
x_zotc3((char **));
x_putc('\r');
x_putc('\n');

‣ show error message and exit nōn-zero on stdout write failure
  for builtin calls (Closes: #990265)

diff -pruN mksh-59c-8/exec.c mksh-59c-9/exec.c
--- mksh-59c-8/exec.c   2021-07-12 16:13:08.0 +0200
+++ mksh-59c-9/exec.c   2021-07-12 16:12:43.0 +0200
@@ -1397,7 +1397,11 @@ call_builtin(struct tbl *tp, const char
shl_stdout_ok = true;
ksh_getopt_reset(_opt, GF_ERROR);
rv = (*tp->val.f)(wp);
-   shf_flush(shl_stdout);
+   if (shf_flush(shl_stdout) < 0) {
+   bi_errorf(Tf_sD_s, Twrite, cstrerror(errno));
+   if (rv == 0)
+   rv = 1;
+   }
shl_stdout_ok = false;
builtin_argv0 = NULL;
builtin_spec = false;

‣ Hunk 1: show error message in echo/print builtin on output write failure
‣ Hunk 2: ensure macro calls don’t have side effects in arguments

diff -pruN mksh-59c-8/funcs.c mksh-59c-9/funcs.c
--- mksh-59c-8/funcs.c  2021-07-12 16:13:08.0 +0200
+++ mksh-59c-9/funcs.c  2021-07-12 16:12:43.0 +0200
@@ -554,6 +554,7 @@ c_print(const char **wp)
po.copipe = block_pipe();
continue;
}
+   bi_errorf(Tf_sD_s, Twrite, cstrerror(errno));
c = 1;
break;
}
@@ -1134,7 +1135,8 @@ c_kill(const char **wp)
n = 1;

Bug#990973: unblock: mksh/59c-9

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de, Vincent Lefèvre 

Please unblock package mksh

[ Reason ]
This update is comprised of:
• documentation update from upstream CVS HEAD, mostly related
  to the death of a certain IRC network (one FAQ entry related
  to changes that are already in 59c-8 also got in)
• some more reliability checks (although I’m afraid the full
  C1 control character escaping changes won’t make bullseye,
  they’re still under development and rather invasive, so I
  only picked the small independent fixes):
  – check lower bounds of input line array when backspacing
  – protect against hi-bit7 (stty) EOF character
  – ensure macro calls don’t have side effects in arguments
• properly flush stderr and unwind for direct builtin calls
  (“ln -s /bin/mksh echo; ./echo …”) so they behave the same
  as if called from within the shell (“/bin/mksh -c 'echo …'”)
• fix truncation behaviour for internal snprintf equivalent
  (a sequence of putc+puts+putc could, before, drop the puts
  but allow the putc to succeed); this becomes important with
  the next change
• show error message and exit nōn-zero on stdout write failure
  for builtin calls (Closes: #990265)
  ‣ there was quite a discussion around what parts are actually
buggy-as-in-not-POSIX on the Austin Group (POSIX) mailing
list, as there was no consensus between shell implementors,
packagers and users; this implements (for all known cases)
what the official response requires
• display correct errno when doing so (before, one codepath
  could lose errno as it did another libc call in between)
• show error message in echo/print builtin on output write failure
  (basically the same as the generic one except echo/print don’t
  write buffered to stdout, they write to any fd, and already
  exited 1 on write error but didn’t issue a diagnostic message
  in that case which the POSIX people seem to prefer)

[ Impact ]
The references to the dead IRC network stay in. Scenarios in
which output is redirected to files on a full filesystem can’t
be handled by shell scripts. Direct builtin calls can lose
stderr messages. (The other fixes are for bugs I’ve not seen
in production but aren’t untrue either.)

[ Tests ]
The stdout/error change has new tests in the regression test
suite and has also been tested by the requestor and the concept
was ACK’d on the Austin Group mailing list.
All changes have been tested in MirBSD for a while (including
rebuilding the full OS with them in play) and not triggered any
problems. The changes (except documentation where I cp’d for
some files) are all individual cherry-picks of the relevant
commits, individually reviewed. I also tested the truncation
one by temporarily adding debugging code during development,
and all error handling-related ones also on Debian with /dev/full
(which doesn’t exist on MirBSD).

[ Risks ]
As mentioned in the last unblock, mksh is effectively not key.
These changes only affect specific things (the ones under “some
more reliability checks” only the interactive line editor, for
example) and thus are rather localised, mistakes easily spotted.
Therefore I believe these are low risk (I specifically didn’t
cherry-pick a few fixes that are of higher risk because of their
interwovenness and intrusivity level; users will have to wait
for the next release for these). I expect this to be the last
upload before the release.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach diff against the package in testing

[ Other info ]
I’ve again attached a diff of the unpacked package instead of
a debdiff because I use single-debian-patch and develop in VCS.
I’ve commented the diff, so it’s easier to map the hunks to the
changes listed.

unblock mksh/59c-9

Bug#990968: unblock: apache2/2.4.48-3.1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package apache2

[ Reason ]
Fixes #990580 which is a regression caused by the changes from #979813.

[ Impact ]
Sysadmins will get hundreds of eMails each night, become angry and
storm Debian HQ with torches and putforks and… erm well insert your
favourite upraising scenatio.

[ Tests ]
The updated package fixes the issue for me, and the cause was
identified by kilobyte, so it’s seen two eyepairs at least.

[ Risks ]
Trivial fix to a logrotate script.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock apache2/2.4.48-3.1
diff -Nru apache2-2.4.48/debian/apache2.logrotate 
apache2-2.4.48/debian/apache2.logrotate
--- apache2-2.4.48/debian/apache2.logrotate 2021-06-20 13:55:24.0 
+0200
+++ apache2-2.4.48/debian/apache2.logrotate 2021-07-10 23:31:24.0 
+0200
@@ -14,7 +14,7 @@
 endscript
 postrotate
if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
-   invoke-rc.d apache2 reload
+   invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
fi
 endscript
 }
diff -Nru apache2-2.4.48/debian/changelog apache2-2.4.48/debian/changelog
--- apache2-2.4.48/debian/changelog 2021-06-20 16:39:33.0 +0200
+++ apache2-2.4.48/debian/changelog 2021-07-10 23:31:28.0 +0200
@@ -1,3 +1,11 @@
+apache2 (2.4.48-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Direct init script reload output from logrotate to syslog, to
+avoid mail-spamming the local admin (Closes: #990580)
+
+ -- Thorsten Glaser   Sat, 10 Jul 2021 23:31:28 +0200
+
 apache2 (2.4.48-3) unstable; urgency=medium
 
   * Fix debian/changelog

Bug#990580: apache2: [regression] daily cron mails from logrotate: Reloading Apache httpd web server: apache2.

[Thorsten Glaser]

Package: apache2
Version: 2.4.48-3
Severity: important
X-Debbugs-Cc: t...@mirbsd.de, debian-release@lists.debian.org

Having just upgraded machines from 2.4.46-4 to 2.4.48-3
I now get daily¹ cron mails:

| From: Anacron 
| Message-ID: <20210702075325.946f340...@ci-busyapps.lan.tarent.de>
| To: r...@ci-busyapps.lan.tarent.de
| Date: Fri,  2 Jul 2021 07:53:25 + (UTC)
| Subject: Anacron job 'cron.daily' on ci-busyapps.lan.tarent.de
| 
| /etc/cron.daily/logrotate:
| Reloading Apache httpd web server: apache2.

This is a regression that’s going to severely annoy admins and
ought to be fixed, including for bullseye.

① I know they are daily because I have been getting them on another
  system for some time already but didn’t know if it was that system
  or something in the package; as multiple other systems are now
  affected identically, I know it’s a bug in the package.

-- Package-specific info:

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages apache2 depends on:
ii  apache2-bin  2.4.48-3
ii  apache2-data 2.4.48-3
ii  apache2-utils2.4.48-3
ii  dpkg 1.20.9
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  lynx [www-browser]   2.9.0dev.6-2

Versions of packages apache2-bin depends on:
ii  libapr11.7.0-6
ii  libaprutil11.6.1-5
ii  libaprutil1-dbd-pgsql  1.6.1-5
ii  libaprutil1-ldap   1.6.1-5
ii  libbrotli1 1.0.9-2+b2
ii  libc6  2.31-12
ii  libcrypt1  1:4.4.18-4
ii  libcurl4   7.74.0-1.3
ii  libjansson42.13.1-1.1
ii  libldap-2.4-2  2.4.57+dfsg-3
ii  liblua5.3-05.3.3-1.1+b1
ii  libnghttp2-14  1.43.0-1
ii  libpcre3   2:8.39-13
ii  libssl1.1  1.1.1k-1
ii  libxml22.9.10+dfsg-6.7
ii  perl   5.32.1-4
ii  zlib1g 1:1.2.11.dfsg-2

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  lynx [www-browser]   2.9.0dev.6-2

Versions of packages apache2 is related to:
ii  apache2  2.4.48-3
ii  apache2-bin  2.4.48-3

-- Configuration Files:
/etc/apache2/mods-available/ssl.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
/etc/apache2/sites-available/default-ssl.conf changed [not included]

-- no debconf information

Bug#989780: unblock: musescore2/2.3.2+dfsg4-15 and musescore3/3.2.3+dfsg2-11

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package musescore2 and musescore3

[ Reason ]
In #985129 a soundfont-dependent crash was reported. Upon further
debugging and inspection of the code as well as discussion with
upstream, multiple failures in the handling of soundfonts was found
which I fixed, adapting the code to honour the SoundFont specification
in the ways I found possible. Some of the issues had been known, but
not fixed yet. (Mostly the mismatch between end and end-1.)

Further discussion with the developers of FluidSynth, an old version
of which the MuseScore built-in synthesiser “fluid” is based on, and
with the developer of MuseScore’s principal soundfont resulted in
further refining the handling of bad {,loop}{start,end} values, as
to better match Fluid’s playback capabilities as well as real-existing
soundfonts.

There were also places where unsigned integers need to be used as
soundfonts can be up to 4 GiB in size. (One place uses size_t instead,
this is a backport of an upstream change; size_t is neither less nor
more correct here.)

This is a patch that applies to both source packages identically
(with very slight changes in the context of some lines only).

[ Impact ]
Rare arbitrary unreproducible crashes, and incorrect playback of some
real-existing but not spec-compliant soundfonts.

[ Tests ]
I’ve tested the patched versions myself for a bit and had developers
of both upstream and FluidSynth look at it. An upstream developer was
also testing it but had mixed feedback because of a bug he himself had
accidentally introduced in his tree, but other than that the feedback
was good.

[ Risks ]
The diff looks complex but in actuality simplifies the code in question
and makes it more easy to read (modulo upstream’s weird indentation
style). The code is duplicated, because SF3 soundfonts handle the checks
at a different point in the application lifecycle than SF2 ones due to
compression coming into play, but I ensured it’s a text editor block copy,
indent level increase, and the addition of p-> everywhere *only*.

These are leaf packages.

The PR has not yet been merged upstream, but I consider it low risk for
Debian nevertheless.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock musescore2/2.3.2+dfsg4-15
unblock musescore3/3.2.3+dfsg2-11
diff -Nru musescore2-2.3.2+dfsg4/debian/changelog 
musescore2-2.3.2+dfsg4/debian/changelog
--- musescore2-2.3.2+dfsg4/debian/changelog 2021-03-05 17:57:30.0 
+0100
+++ musescore2-2.3.2+dfsg4/debian/changelog 2021-06-05 18:04:54.0 
+0200
@@ -1,3 +1,9 @@
+musescore2 (2.3.2+dfsg4-15) unstable; urgency=medium
+
+  * Fix soundfont-related crashes or audible artefacts (Closes: #985129)
+
+ -- Thorsten Glaser   Sat, 05 Jun 2021 18:04:54 +0200
+
 musescore2 (2.3.2+dfsg4-14) unstable; urgency=medium
 
   * Fix possible error cause in m-common.prerm (Closes: #984592)
diff -Nru 
musescore2-2.3.2+dfsg4/debian/patches/experiments/valid-soundfont.diff 
musescore2-2.3.2+dfsg4/debian/patches/experiments/valid-soundfont.diff
--- musescore2-2.3.2+dfsg4/debian/patches/experiments/valid-soundfont.diff  
1970-01-01 01:00:00.0 +0100
+++ musescore2-2.3.2+dfsg4/debian/patches/experiments/valid-soundfont.diff  
2021-06-05 18:04:54.0 +0200
@@ -0,0 +1,430 @@
+Description: Fix multiple possible causes of crashes or audible artefacts
+ - Track sample name so we can issue proper warning messages, show filename
+ - On read errors, issue an error message and mark sample as invalid
+ - Mark sample as invalid if Ogg Vorbis decompression (SF3) fails
+ - Do all sanity checks on {,loop}{start,end} with SF2 semantics for end;
+   only switch end to point to the last sample afterwards in only one place
+ - Adapt sanity checks and corrections to current FluidSynth, which matches
+   real-existing soundfonts better
+ - Add sanity check provided by the SoundFont spec as extra diagnostic
+ - Do not crash if there is no data[]
+ - Issue diagnostics if disabling a sample
+ - Swap two members to improve structure packing/alignment while there
+ - Use unsigned integers for SoundFont element sizes properly
+Author: mirabilos 
+Bug: https://musescore.org/en/node/89216 (and probably others)
+Bug-Debian: https://bugs.debian.org/985129
+Forwarded: https://github.com/musescore/MuseScore/pull/7728
+
+--- a/fluid/sfont.cpp
 b/fluid/sfont.cpp
+@@ -589,6 +589,7 @@ Sample::Sample(SFont* s)
+   data= 0;
+   amplitude_that_reaches_noise_floor_is_valid = false;
+   amplitude_that_reaches_noise_floor = 0.0;
++  name[0] = 0;
+   }
+ 
+ //-
+@@ -625,11 +626,12 @@ void Sample::load()
+ #ifdef SOUNDFONT3
+ char* p = 

Bug#989779: unblock: polyphone/2.2.0.20210109+dfsg1-2

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package polyphone

[ Reason ]
The current release contains a regression where large soundfont
sample offsets are not correctly encoded.

[ Impact ]
Silently produces bad output for large sample offsets. This kind
of corruption is hard to manually test for.

[ Tests ]
The submitter of the patch tested the package, although not the
precise binary but a recompilation from the same sources in my PPA.

[ Risks ]
Low, leaf package, merely reverts part of an upstream commit.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock polyphone/2.2.0.20210109+dfsg1-2
diff -Nru polyphone-2.2.0.20210109+dfsg1/debian/changelog 
polyphone-2.2.0.20210109+dfsg1/debian/changelog
--- polyphone-2.2.0.20210109+dfsg1/debian/changelog 2021-01-19 
23:14:12.0 +0100
+++ polyphone-2.2.0.20210109+dfsg1/debian/changelog 2021-06-06 
15:22:08.0 +0200
@@ -1,3 +1,9 @@
+polyphone (2.2.0.20210109+dfsg1-2) unstable; urgency=medium
+
+  * Add patch to fix large soundfonts/samples’ offsets
+
+ -- Thorsten Glaser   Sun, 06 Jun 2021 15:22:08 +0200
+
 polyphone (2.2.0.20210109+dfsg1-1) unstable; urgency=medium
 
   * Improve compiler flags handling, via MuseScore packaging
diff -Nru polyphone-2.2.0.20210109+dfsg1/debian/patches/142.patch 
polyphone-2.2.0.20210109+dfsg1/debian/patches/142.patch
--- polyphone-2.2.0.20210109+dfsg1/debian/patches/142.patch 1970-01-01 
01:00:00.0 +0100
+++ polyphone-2.2.0.20210109+dfsg1/debian/patches/142.patch 2021-06-06 
15:21:55.0 +0200
@@ -0,0 +1,24 @@
+Description: allow offset values greater than 16-bit signed integer
+ A fix for issue #141, which was broken by commit
+ f80fc38b406ad094a1d3d2563da5d8124818e2e3. This fix reverts to the
+ use of qRound when storing offset values for sample and loop start/end.
+From: "S. Christian Collins" 
+Origin: https://github.com/davy7125/polyphone/pull/142
+Bug: https://github.com/davy7125/polyphone/issues/141
+
+--- a/sources/core/types/attribute.cpp
 b/sources/core/types/attribute.cpp
+@@ -181,11 +181,11 @@ AttributeValue Attribute::fromRealValue(
+ break;
+ case champ_startloopAddrsCoarseOffset: case 
champ_endloopAddrsCoarseOffset:
+ case champ_startAddrsCoarseOffset: case champ_endAddrsCoarseOffset:
+-storedValue.shValue = Utils::round16(realValue) / 32768;
++storedValue.shValue = static_cast(qRound(realValue) / 32768);
+ break;
+ case champ_startloopAddrsOffset: case champ_startAddrsOffset:
+ case champ_endloopAddrsOffset: case champ_endAddrsOffset:
+-storedValue.shValue = static_cast(Utils::round16(realValue) % 
32768);
++storedValue.shValue = static_cast(qRound(realValue) % 32768);
+ break;
+ case champ_keyRange: case champ_velRange:
+ storedValue.rValue.byHi = static_cast(0.001 * realValue);
diff -Nru polyphone-2.2.0.20210109+dfsg1/debian/patches/series 
polyphone-2.2.0.20210109+dfsg1/debian/patches/series
--- polyphone-2.2.0.20210109+dfsg1/debian/patches/series2021-01-19 
23:12:32.0 +0100
+++ polyphone-2.2.0.20210109+dfsg1/debian/patches/series2021-06-06 
15:16:36.0 +0200
@@ -2,3 +2,4 @@
 branding.diff
 fix-build.diff
 reproducible.diff
+142.patch

Bug#989532: unblock: mc/3:4.8.26-1.1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de, only...@debian.org, y...@shurup.com, 
ti...@debian.org, deb...@denis-briand.fr

Please unblock package mc

[ Reason ]
This fixes #987446 which basically made any file that isn’t called
.zip but is a PKZIP container (including both things that are ZIP-like
archives, like *.jar, and those which aren’t, like office documents)
unusable with mc.

[ Impact ]
Quite a regression and limiting use.

[ Tests ]
I’ve manually tested this. It’s a backport of an upstream fix,
so I guess they also tested it, and it’ll be part of the next
upstream release.

[ Risks ]
This changes a conffile only, in a somewhat-leaf (only pulled
in by tasks-like packages) package. If anything should need to
be fixed up later, it can if necessary be done by the end user
changing the file in /etc.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock mc/3:4.8.26-1.1
diff -Nru mc-4.8.26/debian/changelog mc-4.8.26/debian/changelog
--- mc-4.8.26/debian/changelog  2021-02-01 02:44:43.0 +0100
+++ mc-4.8.26/debian/changelog  2021-06-01 15:26:23.0 +0200
@@ -1,3 +1,10 @@
+mc (3:4.8.26-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix PKZIP archive handling, patch backported from upstream
+
+ -- Thorsten Glaser   Tue, 01 Jun 2021 15:26:23 +0200
+
 mc (3:4.8.26-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru mc-4.8.26/debian/patches/fix-987446.patch 
mc-4.8.26/debian/patches/fix-987446.patch
--- mc-4.8.26/debian/patches/fix-987446.patch   1970-01-01 01:00:00.0 
+0100
+++ mc-4.8.26/debian/patches/fix-987446.patch   2021-06-01 15:24:55.0 
+0200
@@ -0,0 +1,263 @@
+Origin: upstream, commit:fa2cbd2a2c7e38ee56d1756eac5899b57f7f4262
+From: Andrew Borodin 
+Description: Ticket #4180: reorgzanize mc.ext.
+ $ file -L image.zip
+ image.zip: Zip archive data, at least v2.0 to extract
+ $ file -L -z image.zip
+ image.zip: JPEG image data, JFIF standard 1.01, resolution (DPI),
+ density 96x96, segment length 16, baseline, precision 8, 1024x768,
+ frames 3 (Zip archive data, at least v2.0 to extract)
+ .
+ Since in mc.ext
+ .
+ type/^JPEG
+ .
+ is evaluated before
+ .
+ type/\(Zip archive
+ .
+ mc assume image.zip is a image not an archive.
+ .
+ To solve this, since we use "file -z", match file name at first
+ (regex/ and shell/), then type/.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987446
+
+--- a/misc/mc.ext.in
 b/misc/mc.ext.in
+@@ -107,6 +107,7 @@
+ ### Changes ###
+ #
+ # Reorganization: 2012-03-07 Slava Zanko 
++# 2021-03-28 Andrew Borodin 
+ 
+ 
+ ### GIT Repo ###
+@@ -117,6 +118,7 @@ regex/^\[git\]
+ 
+ 
+ ### Archives ###
++# Since we use "file -z", we should use regex/ and shell/ at first, then 
type/.
+ 
+ # .tgz, .tpz, .tar.gz, .tar.z, .tar.Z, .ipk, .gem
+ regex/\.t([gp]?z|ar\.g?[zZ])$|\.ipk$|\.gem$
+@@ -171,16 +173,6 @@ shell/i/.tar
+   Open=%cd %p/utar://
+   View=%view{ascii} @EXTHELPERSDIR@/archive.sh view tar
+ 
+-# lha
+-type/^LHa\ .*archive
+-  Open=%cd %p/ulha://
+-  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view lha
+-
+-# PAK
+-type/^PAK\ .*archive
+-  Open=%cd %p/unar://
+-  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view pak
+-
+ # arj
+ regex/i/\.a(rj|[0-9][0-9])$
+   Open=%cd %p/uarj://
+@@ -300,7 +292,6 @@ shell/i/.iso
+   Open=%cd %p/iso9660://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view iso9660
+ 
+-
+ regex/\.(diff|patch)$
+   Open=%cd %p/patchfs://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view cat
+@@ -316,6 +307,102 @@ shell/i/.lib
+   Open=%cd %p/ulib://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view lib
+ 
++# ace
++shell/i/.ace
++  Open=%cd %p/uace://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view ace
++  Extract=unace x %f
++
++# arc
++shell/i/.arc
++  Open=%cd %p/uarc://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view arc
++  Extract=arc x %f '*'
++  Extract (with flags)=I=%{Enter any Arc flags:}; if test -n "$I"; then 
arc x $I %f; fi
++
++# zip
++shell/i/.zip
++  Open=%cd %p/uzip://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
++
++# zoo
++shell/i/.zoo
++  Open=%cd %p/uzoo://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zoo
++
++# lz4
++regex/\.lz4$
++  Open=@EXTHELPERSDIR@/archive.sh view lz4 %var{PAGER:more}
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view lz4
++
++# WIM
++shell/i/\.wim
++  Open=%cd %p/uwim://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view wim
++
++# gzip
++type/\(gzip compressed
++  Open=@EXTHELPERSDIR@/archive.sh view gz %var{PAGER:more}
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view gz
++
++# b

Bug#989509: buster-pu: package klibc/2.0.6-1+deb10u1

[Thorsten Glaser]

Ben Hutchings dixit:

>Thorsten Glaser tested the s390x fix in unstable.  It has not (yet)
>been manually tested in this version.

Unfortunately we don’t have a baseline, as the only test I had that
triggered this doesn’t trigger in buster (probably because only a
newer GCC scheduled things to use these registers in the first place).

bye,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#989314: unblock: mksh/59c-8

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de
Control: block -1 by 989279

Please unblock package mksh

[ Reason ]
This upload addresses the following issues:
• Work around #988027 in klibc (which is a POSIX violation but
  apparently deliberate by upstream) by using {set,long}jmp
  instead of sig{set,long}jmp when not saving/restoring signals
  (cherry-pick from upstream)
• Rebuild against klibc with #943425 ({set,long}jmp on s390x use
  wrong registers) fixed
• Cherry-pick another two upstream memory leak fixes
• Backport just enough (for Debian) of upstream patch fixing the
  way control characters are escaped when showing variable contents
  (for reentrancy or when deliberately escaping with ${varname@Q});
  specifically, escape C1 control characters dependent on whether
  utf8-mode is on (UTF8-encoded) or off (bytewise), catching some
  situations in which they were not escaped properly, make the
  escaped output match the UTF-8 mode better, and add a shell option
  “asis” to allow \x80‥\x9F unescaped outside(!) of UTF-8 mode only
  for when the user uses a codepage that has them as printable, not
  control, characters

(There’s also a one-line d-ports-only change of no relevance to
the release architectures.)

[ Impact ]
• Potential (but minor; except on s390x, the testsuite didn’t catch
  anything) misbehaviour of the klibc-built binaries; outdated
  Built-Using for klibc once 2.0.8-6.1 migrates
• Minor memory leaks
• Attempting to display a variable escaped (“typeset -p varname”,
  “set | grep ^varname”) may send control sequences to the terminal,
  including sequences that cause xterm to, for example, dump the
  current terminal contents to files

[ Tests ]
The testsuite is very throughout (it did catch the s390x/klibc issue
and switched the mksh-static and lksh binary to musl for that); it
also proves the klibc change works. I’ve manually verified the escaping-
related changes. I’ve not verified the memory leaks separately, but
the codepaths are like this that, if they were wrong (e.g. use-after-
free), the testsuite (especially on MirBSD with malloc hardening)
would’ve caught it crashing.

I’ve run a number of scripts comparing output with the previous and
the binaries from this upload installed.

[ Risks ]
As I wrote in earlier unblock requests (#987975, #986431) mksh is
effectively leaf in Debian, and changes like these are low risk.

I’ve reduced the upstream commits related to escaping to include
only the necessary parts to make reviewing easier. This carries
some, but very low, risk. The tests would have caught mistakes
during that (incidentally, they did, when I removed a hunk which
I at first thought not necessary).


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I’m attaching a diff of the unpacked trees instead of debdiff(1)
output again because I use single-debian-patch here and that’d
be a nightmare to review. I’ve commented in the diff which hunks
match which issue.

I’m also attaching a “diff -w” of the file misc.c to make review
easier; a huge part of the escaping code lost one level of indent.

I’ll be uploading another escaping-related fix revision, similar
issues (C0/C1 control characters and DEL) but in the command line
editor and tab completion code, but I have yet to find the time
to actually fix these issues first and think that including what
we’ve already got in sid into testing right now is a good thing.


unblock mksh/59c-8
diff -pruN mksh_59c-6/debian/changelog mksh_59c-8/debian/changelog
--- mksh_59c-6/debian/changelog	2021-05-03 03:26:28.0 +0200
+++ mksh_59c-8/debian/changelog	2021-05-31 02:42:55.0 +0200
@@ -1,3 +1,26 @@
+mksh (59c-8) unstable; urgency=medium
+
+  * Fix a -Wpointer-sign in escaping code
+  * Shrink escape diff (algorithm unchanged) for easier review
+
+ -- Thorsten Glaser   Mon, 31 May 2021 02:42:55 +0200
+
+mksh (59c-7) unstable; urgency=medium
+
+  * Do not use sigsetjmp(…, 0) with klibc (cf. #988027)
+  * Cherry-pick upstream memory leak fixes
+  * Apply just enough upstream changes to address more escaping
+issues: for ${var@Q} and “typeset -p”, take UTF-8 mode (on/off)
+into account; don’t issue \u escapes outside of UTF-8 mode,
+don’t escape nōn-ASCII printable, that is, nōn-control characters;
+always escape C0 controls and DEL; escape C1 controls by default,
+but add an option “asis” to disable that (e.g. for DOS codepages)
+in nōn-UTF8 mode — note this will need fixing for tab completion,
+command line editing (in a subsequent upload)…
+  * Work around hppa buildd issue (same as m68k, sh4)
+
+ -- Thorsten Glaser   Sun, 30 May 2021 23:57:59 +0200
+
 mksh (59c-6) unstable; urgency=medium
 
   * Clear “taint” on most actions mutating a variable

Bug#989279: unblock: klibc/2.0.8-6.1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package klibc

[ Reason ]
The NMU contains a fix for #943425 (save/restore correct set of
registers across *{set,long}jmp) which is RC on s390x, which is
a release architecture.

[ Impact ]
klibc-built binaries on s390x can malfunction.

[ Tests ]
The mksh testsuite catches this. Today’s mksh upload’s buildd log
on s390x shows that the fix works. An S/390 expert provided the
correct set of registers to save/restore. I’ve compared it to the
glibc implementation afterwards, and it matches, so I believe it
to be correct.

[ Risks ]
klibc is rather critical; it’s part of booting and installing (so
this also needs an udeb unblock). The patch affects s390x only,
as far as I can tell, but I believe it necessary there.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
This will need an udeb unblock; what do I need to do for this?

unblock klibc/2.0.8-6.1
diff -Nru klibc-2.0.8/debian/changelog klibc-2.0.8/debian/changelog
--- klibc-2.0.8/debian/changelog2021-04-30 03:05:23.0 +0200
+++ klibc-2.0.8/debian/changelog2021-05-27 00:12:10.0 +0200
@@ -1,3 +1,11 @@
+klibc (2.0.8-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * {set,long}jmp [s390x]: save/restore the correct FPU registers
+(f8‥f15 not f1/f3/f5/f7) (Closes: #943425)
+
+ -- Thorsten Glaser   Thu, 27 May 2021 00:12:10 +0200
+
 klibc (2.0.8-6) unstable; urgency=medium
 
   * Upload to unstable
diff -Nru 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
--- 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
  1970-01-01 01:00:00.0 +0100
+++ 
klibc-2.0.8/debian/patches/0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch
  2021-05-27 00:11:57.0 +0200
@@ -0,0 +1,57 @@
+Description: {set,long}jmp [s390x]: save/restore the correct registers
+ The s390x ABI actually has FPU registers f8‥f15, not f1/f3/f5/f7,
+ to be saved. (Closes: Debian #943425)
+Author: mirabilos 
+Forwarded: https://lists.zytor.com/archives/klibc/2021-May/004620.html
+
+--- a/usr/include/arch/s390/klibc/archsetjmp.h
 b/usr/include/arch/s390/klibc/archsetjmp.h
+@@ -16,7 +16,7 @@ struct __jmp_buf {
+ 
+ struct __jmp_buf {
+   uint64_t __gregs[10]; /* general registers r6-r15 */
+-  uint64_t __fpregs[4]; /* fp registers f1, f3, f5, f7 */
++  uint64_t __fpregs[8]; /* fp registers f8-f15 */
+ };
+ 
+ #endif /* __s390x__ */
+--- a/usr/klibc/arch/s390/setjmp.S
 b/usr/klibc/arch/s390/setjmp.S
+@@ -38,10 +38,14 @@ longjmp:
+ 
+ setjmp:
+   stmg%r6,%r15,0(%r2) # save all general registers
+-  std %f1,80(%r2) # save fp registers f4 and f6
+-  std %f3,88(%r2)
+-  std %f5,96(%r2)
+-  std %f7,104(%r2)
++  std %f8,80(%r2) # save fp registers f8 to f15
++  std %f9,88(%r2)
++  std %f10,96(%r2)
++  std %f11,104(%r2)
++  std %f12,112(%r2)
++  std %f13,120(%r2)
++  std %f14,128(%r2)
++  std %f15,136(%r2)
+   lghi%r2,0   # return 0
+   br  %r14
+ 
+@@ -54,10 +58,14 @@ setjmp:
+ longjmp:
+   lgr %r1,%r2 # jmp_buf
+   lgr %r2,%r3 # return value
+-  ld  %f7,104(%r1)# restore all saved registers
+-  ld  %f5,96(%r1)
+-  ld  %f3,88(%r1)
+-  ld  %f1,80(%r1)
++  ld  %f15,136(%r1)   # restore all saved registers
++  ld  %f14,128(%r1)
++  ld  %f13,120(%r1)
++  ld  %f12,112(%r1)
++  ld  %f11,104(%r1)
++  ld  %f10,96(%r1)
++  ld  %f9,88(%r1)
++  ld  %f8,80(%r1)
+   lmg %r6,%r15,0(%r1)
+   br  %r14# return to restored address
+ 
diff -Nru klibc-2.0.8/debian/patches/series klibc-2.0.8/debian/patches/series
--- klibc-2.0.8/debian/patches/series   2021-04-30 02:38:31.0 +0200
+++ klibc-2.0.8/debian/patches/series   2021-05-27 00:09:21.0 +0200
@@ -10,3 +10,4 @@
 0037-klibc-calloc-Fail-if-multiplication-overflows.patch
 0039-klibc-cpio-Fix-possible-integer-overflow-on-32-bit-s.patch
 0040-klibc-cpio-Fix-possible-crash-on-64-bit-systems.patch
+0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch

Bug#987975: unblock: mksh/59c-6

[Thorsten Glaser]

 backslashes that are safe (extra
  backslashes in those cases can’t hurt anyway, eg. = is already
  almost needlessly escaped)
- the memory leaks are low-risk as “obvious”
- same for the lexer change

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
(let it simmer in sid for a few days first)

unblock mksh/59c-6
diff -Nru mksh-59c/debian/changelog mksh-59c/debian/changelog
--- mksh-59c/debian/changelog   2021-03-13 19:09:48.0 +0100
+++ mksh-59c/debian/changelog   2021-05-03 03:26:28.0 +0200
@@ -1,3 +1,28 @@
+mksh (59c-6) unstable; urgency=medium
+
+  * Clear “taint” on most actions mutating a variable
+
+ -- Thorsten Glaser   Mon, 03 May 2021 03:26:28 +0200
+
+mksh (59c-5) unstable; urgency=medium
+
+  * Apply targeted fixes, intended for bullseye:
+- [tg] Plug some memory leaks
+- [tg] Harden conversion of imported variables to integer, like
+  Perl “taint”: imported variables will now lose the value when
+  converting to integer but they are not purely numeric
+  (CVE-2019-14868 was a similar issue in AT ksh); honour
+  -o posix for leading-zero as octal, though (but continue not
+  when importing array indicēs)
+- [tg] Fix lexer token state corruption when reading new input;
+  makes evaluate-region editing command actually useful
+- [tg] Fix proper escaping/quoting and tab completion for tilde,
+  curly braces and \x02, either escaped or not
+Note: patches are reduced to minimum change for bullseye
+  * Rebuild for outdated Built-Using
+
+ -- Thorsten Glaser   Sun, 02 May 2021 23:52:52 +0200
+
 mksh (59c-4) unstable; urgency=low
 
   * Update to upstream CVS HEAD
diff -pruN mksh_59c-4/check.t mksh_59c-6/check.t
--- mksh_59c-4/check.t  2021-05-03 00:29:50.0 +0200
+++ mksh_59c-6/check.t  2021-05-03 03:57:57.0 +0200
@@ -31,7 +31,7 @@
 # (2013/12/02 20:39:44) 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date
 
 expected-stdout:
-   KSH R59 2021/03/13
+   KSH R59 2021/05/03
 description:
Check base version of full shell
 stdin:
@@ -13230,6 +13230,41 @@ expected-stdout:
2=\x7Cfoo-e \x4B
3=\x7Cfoo-e \x4B
 ---
+name: env-intvars
+description:
+   Check that importing integers fails except for numbers
+stdin:
+   unset foo bar
+   print 1 $foo , $(typeset -p bar) .
+   print 2 $(foo=123 "$__progname" -c 'integer foo; print -- $foo' 2>&1) , 
\
+   $(env 'bar[123]=baz' "$__progname" -c 'typeset -p bar') .
+   print 3 $(foo='abc[$(echo >&2 fowled)0]' "$__progname" -c 'integer foo; 
print -- $foo' 2>&1) , \
+   $(env 'bar[$(echo >&2 fowled)0]=baz' "$__progname" -c 'typeset -p 
bar') .
+   print 4 $(foo=0123 "$__progname" +o posix -c 'integer foo; print -- 
$foo' 2>&1) , \
+   $(env 'bar[0123]=baz' "$__progname" +o posix -c 'typeset -p bar') .
+   # ksh93 does not do this:
+   print 5 $(foo=0123 "$__progname" -o posix -c 'integer foo; print -- 
$foo' 2>&1) .
+   # at import time FPOSIX is not yet set
+   print 6 $(foo=0x123 "$__progname" -c 'integer foo; print -- $foo' 2>&1) 
, \
+   $(env 'bar[0x123]=baz' "$__progname" -c 'typeset -p bar') .
+   print 7 $(foo=12#123 "$__progname" -c 'integer foo; print -- $foo' 
2>&1) , \
+   $(env 'bar[12#123]=baz' "$__progname" -c 'typeset -p bar') .
+   print 8 $(foo=1+1 "$__progname" -c 'integer foo; print -- $foo' 2>&1) , 
\
+   $(env 'bar[1+1]=baz' "$__progname" -c 'typeset -p bar') .
+   print 9 $(a=1 b=2 c=a "$__progname" -c 'typeset -p c; c=b; typeset -p 
c; integer c; typeset -p c') .
+   print 0 $(a=1 b=2 c=a "$__progname" -c 'typeset -p c;  typeset -p 
c; integer c; typeset -p c') .
+expected-stdout:
+   1 , .
+   2 123 , set -A bar typeset -x bar[123]=baz .
+   3 0 , .
+   4 123 , set -A bar typeset -x bar[123]=baz .
+   5 8#123 .
+   6 16#123 , .
+   7 12#123 , .
+   8 0 , .
+   9 typeset -x c=a typeset -x c=b typeset -i -x c=2 .
+   0 typeset -x c=a typeset -x c=a typeset -i -x c=0 .
+---
 name: utilities-getopts-1
 description:
getopts sets OPTIND correctly for unparsed option
diff -pruN mksh_59c-4/edit.c mksh_59c-6/edit.c
--- mksh_59c-4/edit.c   2021-05-03 00:29:50.0 +0200
+++ mksh_59c-6/edit.c   2021-05-03 03:57:57.0 +0200
@@ -74,6 +74,7 @@ static struct {
 #define XCF_COMMAND_FILE (XCF_COMMAND | XCF_FILE)
 #define XCF_IS_COMMAND BIT(3)  /* return flag: is command */
 #define XCF_IS_NOSPACE BIT(4)  /* return flag: do not append a space */
+#define XCF_IS_HOMEDIR BIT(5)  /* return flag: tilde needs slash */
 
 static cha

Re: Tentative summary of the AMD/ATI/NVidia issue

[Thorsten Glaser]

Cyril Brulebois dixit:

>Lucas Nussbaum  (2021-04-24):

>> C) Do nothing and document this in the release notes
>
>As said above, I strongly recommend against this.

Right… what about, add another Plan C…

C) When X won’t work, fail gracefully, show a console login

… and dump the above to Plan D?

(Perhaps doing this is a good idea in general, for when a
similar issue pops up in the future?)

bye,
//mirabilos
-- 
22:59⎜ glaub ich termkit is kompliziert | glabe nicht das man
damit schneller arbeitet | reizüberflutung │ wie windows │ alles evil
zuviel bilder │ wie ein spiel | 23:00⎜ die meisten raffen auch
nicht mehr von windows | 23:01⎜ bilderbücher sind ja auch nich
wirklich verbreitet als erwachsenen literatur   ‣ who needs GUIs thus?

Re: Bug#985634: git (1:2.31.0-1): no longer runs addons from /usr/lib/git-core breaking lots of 3rdpty stuff

[Thorsten Glaser]

Hi again,

>I imagine *many* other third-party addons do the same. Please
>make git search the old location after the new one (preferred)
>or revert this change at least until past the bullseye release
>(not preferred, as libexec is actually correct).

ping?

Bug#987167: unblock: jamulus/3.6.2+dfsg1-3

[Thorsten Glaser]

l servers are operated by the Jamulus project; there is
+a central server for each genre, which is how public servers are
+categorised into genres.
+.Sh SEE ALSO
+.Xr qjackctl 1
+.Bl -tag -width Ds
+.It Pa https://jamulus.io/wiki/Software\-Manual
+online handbook
+.It Pa https://jamulus.io/wiki/Choosing\-a\-Server\-Type
+more details on the individual server types
+.It Pa https://jamulus.io/wiki/Running\-a\-Server
+documentation on server configuration
+.It Pa https://jamulus.io/wiki/Central\-Servers
+current list of central servers operated by the Jamulus project,
+controlling the
+.Dq genre
+.It Pa https://jamulus.io/wiki/Tips\-Tricks\-More
+verbose
+.Fl \-ctrlmidich
+documentation and other more or less useful information
+.El
+.Sh AUTHORS
+.An -nosplit
+.An mirabilos Aq t...@debian.org
+wrote this manual page for the Debian project,
+but it may be used elsewhere as well.
+.Sh BUGS
+This manual page was derived from the source code and summarises
+some of the information from the website, but it could be more helpful.
+.Pp
+Some of the networking code seems to assume Legacy IP
+.Pq IPv4 .
diff -Nru jamulus-3.6.2+dfsg1/debian/changelog 
jamulus-3.6.2+dfsg1/debian/changelog
--- jamulus-3.6.2+dfsg1/debian/changelog2021-01-26 00:03:00.0 
+0100
+++ jamulus-3.6.2+dfsg1/debian/changelog2021-04-11 16:04:40.0 
+0200
@@ -1,3 +1,21 @@
+jamulus (3.6.2+dfsg1-3) unstable; urgency=low
+
+  * Update GitHub URLs
+- the repository moved to a{n, new} organisation
+- GitHub’s tags and releases pages changed tarball links
+  * Mark diff as applied upstream
+  * Run jdupes on the installed documentation as lintian demands
+  * Ship a manpage (Debian-specific for now)
+  * Merge updated list of central (genre) servers offered by upstream
+  * Also apply upstream fix for memory leaks
+  * Add patch to correctly escape messages received from clients
+  * Backport code around --serverpublicip to support running servers
+behind IPv4 NAT; also a prerequisite of the following patch
+  * Privacy fix: cease sending a packet to Cloudflare to determine
+the (nōn-NAT) external interface / IP address
+
+ -- Thorsten Glaser   Sun, 11 Apr 2021 16:04:40 +0200
+
 jamulus (3.6.2+dfsg1-2) unstable; urgency=low
 
   * Upload to unstable
diff -Nru jamulus-3.6.2+dfsg1/debian/control jamulus-3.6.2+dfsg1/debian/control
--- jamulus-3.6.2+dfsg1/debian/control  2020-12-29 20:28:29.0 +0100
+++ jamulus-3.6.2+dfsg1/debian/control  2021-04-11 15:44:40.0 +0200
@@ -4,6 +4,7 @@
 Maintainer: Thorsten Glaser 
 Homepage: https://jamulus.io/
 Build-Depends: debhelper-compat (= 13),
+  jdupes,
   libjack-jackd2-dev,
   qtbase5-dev,
   qtdeclarative5-dev,
diff -Nru jamulus-3.6.2+dfsg1/debian/copyright 
jamulus-3.6.2+dfsg1/debian/copyright
--- jamulus-3.6.2+dfsg1/debian/copyright2020-12-29 21:57:20.0 
+0100
+++ jamulus-3.6.2+dfsg1/debian/copyright2021-04-11 15:44:40.0 
+0200
@@ -1,7 +1,7 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: Jamulus
 Upstream-Contact: https://sourceforge.net/p/llcon/discussion/
-Source: https://github.com/corrados/jamulus
+Source: https://github.com/jamulussoftware/jamulus
 # Removed embedded convenience code copies and binaries
  Removed embedded binaries (libs blocked by #686777)
 Copyright: 2004–2020 Volker Fischer and others
diff -Nru jamulus-3.6.2+dfsg1/debian/jamulus.lintian-overrides 
jamulus-3.6.2+dfsg1/debian/jamulus.lintian-overrides
--- jamulus-3.6.2+dfsg1/debian/jamulus.lintian-overrides2020-12-29 
20:28:29.0 +0100
+++ jamulus-3.6.2+dfsg1/debian/jamulus.lintian-overrides2021-04-11 
15:44:40.0 +0200
@@ -1,15 +1,2 @@
-# I promise to write one for the second upload
-# (the first upload goes to experimental and
-# has to pass ftpmaster NEW; the second one
-# will promote it to unstable) documenting the
-# then-current state of command line options,
-# as they can change…
-jamulus: no-manual-page usr/bin/Jamulus
-
 # false positive; I checked all invocations of gcc and g++ in the build log
 jamulus: hardening-no-fortify-functions usr/bin/Jamulus
-
-# for now, ignore them; it’s 4 small files, and the next (upstream) version
-# will most likely not ship them at all; otherwise I’ll tackle it in the
-# (second) upload (like above)
-jamulus: duplicate-files usr/share/doc/jamulus/homepage/*
diff -Nru jamulus-3.6.2+dfsg1/debian/jamulus.manpages 
jamulus-3.6.2+dfsg1/debian/jamulus.manpages
--- jamulus-3.6.2+dfsg1/debian/jamulus.manpages 1970-01-01 01:00:00.0 
+0100
+++ jamulus-3.6.2+dfsg1/debian/jamulus.manpages 2021-04-11 15:57:31.0 
+0200
@@ -0,0 +1 @@
+debian/Jamulus.1
diff -Nru jamulus-3.6.2+dfsg1/debian/patches/1073.diff 
jamulus-3.6.2+dfsg1/debian/patches/1073.diff
--- jamulus-3.6.2+dfsg1/debian/patches/1073.diff1970-01-01 
01:00:00.0 +0100
+++ jamulus-3.6.2+dfsg1/debian/patches/1073.diff  

Bug#986431: unblock: mksh/59c-4

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package mksh

[ Reason ]
This change was made under the impression that it would migrate
thanks to autopkgtests… I was taken by surprise that mksh is a
key package. I debugged that and found that debhelper B-D on
shunit2 which B-D on mksh, which causes it to be a key package.

Now shunit2 only B-D on mksh because it uses mksh at build time
to run its tests, but shunit2’s build only fails if the last
(shell, test) tuple fails, which is zsh.

The change (asides from updating the documentation, especially
wrt. future compatibility guarantees) brings mksh closer to the
other shells in that it implements a form of POSIX locale trak‐
king to enable/disable UTF-8 mode (instead of mostly defaulting
to C). Furthermore, a few Emacs input editing mode commands are
extended to be able to operate on bigwords (like in Vi mode),
not only words.

[ Impact ]
The user who requested the Emacs mode extension will be sad and
have to wait for another release (unless I backport mksh, which
I may do or may not do later).
The shell will behave more closely to the previous releases’ mksh
and less like a future mksh and most other shells wrt. handling
the POSIX locale.
I would consider that unfortunate.

[ Tests ]
mksh has an extensive regression test suite which exercises a good
portion of the code (and the compiler, toolchain and libc/kernel).
The testsuite was updated to match the expectations of locale trak‐
king as implemented (minor) and the changes were reviewed. I’ve run
the shell, even as /bin/sh (supported but only as manual step in
Debian), for more than three weeks now, extensively using it, and
found no problems. I’ve verified the interactive mode change as well.

[ Risks ]
As stated above, the risk is minimal, considering what shunit2 does
and when it was changed last, incidentally. mksh is used as direct
dependency by not many packages, and while it’s installed on 2454
systems, few would install it as /bin/sh, and those people know what
they’re doing. A standard Debian installation will not have mksh
even installed.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [↓] attach debdiff against the package in testing

I’ve changed the debdiff to change the diff-to-a-patch into a diff
between the patched files (the packaging uses single-debian-patch
as I normally work on a fully patched tree with git and every new
upstream release will have the Debian-local changes go down to 0)
to make it more readable. The last time I did that it was accepted.

[ Other info ]
In a clean bullseye chroot, the autopkgtests pass.

unblock mksh/59c-4
diff -Nru mksh-59c/debian/changelog mksh-59c/debian/changelog
--- mksh-59c/debian/changelog   2021-02-07 02:57:12.0 +0100
+++ mksh-59c/debian/changelog   2021-03-13 19:09:48.0 +0100
@@ -1,3 +1,27 @@
+mksh (59c-4) unstable; urgency=low
+
+  * Update to upstream CVS HEAD
+- [tg] Make "C" the implementation-specified default locale for
+  early-locale-tracking (note full locale tracking will have to
+  use whatever the underlying OS’ is, if no setlocale(3) it’ll
+  be just "C" again) and document possibly removing turning on
+  POSIX mode disabling and presence of a BOM enabling UTF-8 mode
+  with full locale tracking
+- [tg] Document OPTU-16 (U+EF80‥U+EFFF) mapping for raw octets will not
+  be present once mksh will have switched to full 21-bit UCS / UTF-8
+- [tg] Add several bigword-based editing commands to Emacs mode
+- [tg] Improve documentation wrt. $ENV
+  * Bring locale tracking code somewhat closer to what will eventually be
+in upstream code (once I manage to do the related changes around MirBSD
+base and its scripts, which needs some more time and tuits):
+- drop BOM enabling UTF-8 mode code
+- no longer deactivate UTF-8 mode on entering POSIX mode
+  (rationale: the POSIX locale parameters will be the only deciding
+  factor; even if, nominally, only the POSIX locale is compliant)
+  * Apply locale tracking to nōn-interactive shells as well
+
+ -- Thorsten Glaser   Sat, 13 Mar 2021 19:09:48 +0100
+
 mksh (59c-3) unstable; urgency=medium
 
   * Update to upstream CVS HEAD
diff --git mksh_59c-3/check.t mksh_59c-4/check.t
index e8f96af..7c601fb 100644
--- mksh_59c-3/check.t
+++ mksh_59c-4/check.t
@@ -31,7 +31,7 @@
 # (2013/12/02 20:39:44) 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date
 
 expected-stdout:
-   KSH R59 2021/02/07
+   KSH R59 2021/03/13
 description:
Check base version of full shell
 stdin:
@@ -8890,7 +8890,7 @@ expected-stderr-pattern:
 ---
 name: utf8opt-1
 description:
-   Check that the utf8-mode flag is not set at non-interactive startup
+   Check that the utf8-mode flag *is* set at non-interactive star

Bug#982669: buster-pu: package portaudio19/19.6.0-1

[Thorsten Glaser]

Adam D. Barratt dixit:

>Please go ahead.

Thanks, I’ve done so.

bye,
//mirabilos

Bug#985229: unblock: musescore2/2.3.2+dfsg4-14, musescore3/3.2.3+dfsg2-10, musescore-general-soundfont/0.2-3, timgm6mb-soundfont/1.3-5

[Thorsten Glaser]

Dixi quod…

>[ Other info ]
>I have another set of uploads for musescore2 and musescore3 fixing
>crash bugs coming up (not uploading them today, I want upstream to
>have a go at reviewing the change first). How should this be handled?
>Should I first wait until the current set of packages is unblocked
>and has migrated to testing? Otherwise, if I upload now musescore2
>would get AUTORM’d which is suboptimal. Waiting so long will however
>delay availability of the fix even to sid users.

On second thought, this fix (involving crashes caused by soundfonts)
needs to go some rounds through affected parties (MuseScore upstream,
soundfont author, even input from FluidSynth upstream) so I’d prefer
for all four to be unblocked as-is with the #984592 fix only and will
handle the other fix once it’s there and tested.

Thanks,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
 -- Henry Nelson, March 1999

Bug#985229: unblock: musescore2/2.3.2+dfsg4-14, musescore3/3.2.3+dfsg2-10, musescore-general-soundfont/0.2-3, timgm6mb-soundfont/1.3-5

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de

Please unblock package musescore2, musescore3,
 musescore-general-soundfont and timgm6mb-soundfont
(all packages related to #984592)

[ Reason ]
In rare conditions, “rmdir --ignore-fail-on-non-empty” as used in
the prerm of some packages can fail because dpkg already removed
one of the directories in question; this was found as #984592 by
piuparts. To ensure uninstalling without errors, we mkdir -p the
directories first (other errors will still cause aborting).

[ Impact ]
#984592 is considered an RC bug, so it would lead to removing a
package from the release, which is very suboptimal. In very rare
cases, not fixing this may cause package uninstallation to fail.

[ Tests ]
None; the code is trivial.

[ Risks ]
No risk, this is trivial.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I have another set of uploads for musescore2 and musescore3 fixing
crash bugs coming up (not uploading them today, I want upstream to
have a go at reviewing the change first). How should this be handled?
Should I first wait until the current set of packages is unblocked
and has migrated to testing? Otherwise, if I upload now musescore2
would get AUTORM’d which is suboptimal. Waiting so long will however
delay availability of the fix even to sid users.

unblock musescore2/2.3.2+dfsg4-14
unblock musescore3/3.2.3+dfsg2-10
unblock musescore-general-soundfont/0.2-3
unblock timgm6mb-soundfont/1.3-5
diff -Nru musescore-general-soundfont-0.2/debian/changelog 
musescore-general-soundfont-0.2/debian/changelog
--- musescore-general-soundfont-0.2/debian/changelog2020-07-12 
17:02:25.0 +0200
+++ musescore-general-soundfont-0.2/debian/changelog2021-03-12 
20:58:58.0 +0100
@@ -1,3 +1,12 @@
+musescore-general-soundfont (0.2-3) unstable; urgency=medium
+
+  * Bump Policy (no relevant changes)
+  * Avoid rare error in prerm (Closes: #984592)
+  * Update from maintainer script template
+  * Do latest lintian tag rename churn
+
+ -- Thorsten Glaser   Fri, 12 Mar 2021 20:58:58 +0100
+
 musescore-general-soundfont (0.2-2) unstable; urgency=high
 
   * Merge musescore-general-soundfont-small (0.2-2) changes
diff -Nru musescore-general-soundfont-0.2/debian/control 
musescore-general-soundfont-0.2/debian/control
--- musescore-general-soundfont-0.2/debian/control  2020-05-28 
23:19:04.0 +0200
+++ musescore-general-soundfont-0.2/debian/control  2021-03-12 
20:34:13.0 +0100
@@ -5,7 +5,7 @@
 Homepage: https://musescore.org/en/node/269869
 Build-Depends: debhelper-compat (= 13),
  python3-minimal, sf3convert
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
 Rules-Requires-Root: no
 VCS-git: https://evolvis.org/anonscm/git/alioth/soundfonts.git -b 
musescore-general-soundfont
 VCS-Browser: 
https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=alioth/soundfonts.git;a=shortlog;h=refs/heads/musescore-general-soundfont
diff -Nru 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.postinst
 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.postinst
--- 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.postinst
2020-05-28 23:00:17.0 +0200
+++ 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.postinst
2021-03-12 20:45:47.0 +0100
@@ -21,9 +21,12 @@
 #
 # * postinst "triggered" "${triggers[*]}"
 # For trigger-only calls, i.e. if "configure" is not called.
+#
+# * new-postinst "reconfigure" [$most_recently_configured_version](?)
+# Treat this as just like "configure" for a future extension by debconf.
 
 case $1 in
-configure)
+(configure|reconfigure)
# need the directories existing before update-alternatives
mkdir -p /usr/share/sounds/sf2 /usr/share/sounds/sf3
# see #929185 for the history behind this
@@ -39,13 +42,13 @@
/usr/share/sounds/sf2/MuseScore_General_Full.sf2 55
;;
 
-abort-upgrade|abort-remove|abort-deconfigure)
+(abort-upgrade|abort-remove|abort-deconfigure)
;;
 
-triggered)
+(triggered)
;;
 
-*)
+(*)
echo >&2 "E: postinst called with unknown subcommand '$1'"
exit 1
;;
diff -Nru 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.prerm
 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.prerm
--- 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.prerm
   2020-05-28 23:00:17.0 +0200
+++ 
musescore-general-soundfont-0.2/debian/musescore-general-soundfont-lossless.prerm
   2021-03-12 20:46:28.0 +0100
@@ -19,7 +19,7 @@
 # other constraints the sam

Bug#982669: buster-pu: package portaudio19/19.6.0-1

[Thorsten Glaser]

Dixi quod…

>built. Without the crash fix backporting polyphone makes
>no sense

I must correct myself here: polyphone is usable without
it *if* the user manually starts jackd first. (It will
still crash upon terminating, but that’s after saving
all data. I’m documenting this.)

>[ Tests ]
>No automated tests but without it applied, polyphone
>crashes after a bit, maybe a minute or two, of using.

I’m uploading the backport so this can be tested more
easily. To test, start Polyphone, open a soundfont and
click around a bit (maybe try to play back one of the
samples). Soundfonts in Debian are installed under
/usr/share/sounds/sf2/ and timgm6mb-soundfont is the
smallest package with one to test with.

bye,
//mirabilos
-- 
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...

Bug#982669: buster-pu: package portaudio19/19.6.0-1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@mirbsd.de

I would like to upload the contents of portaudio19 19.6.0-1.1
to buster.

[ Reason ]
The current library makes applications crash. Please see
Debian #944509 for the bugreport, but this is also seen
e.g. when testing a polyphone backport which I’ve just
built. Without the crash fix backporting polyphone makes
no sense, and since it is a rather important fix entering
via stable-updates seems sensible (instead of via bpo).

[ Impact ]
Applications using portaudio randomly crash.

[ Tests ]
No automated tests but without it applied, polyphone
crashes after a bit, maybe a minute or two, of using.

[ Risks ]
The patch is rather small and “obvious enough”, so I
consider this zero risk. It has been tested in unstable
and testing for 7 months now.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Apply a patch from the upstream mailing list to fix the crash.

[ Other info ]
The resulting package is, except for the changelog difference
and being recompiled in buster, identical to the one in
bullseye/sid.
diff -Nru portaudio19-19.6.0/debian/changelog 
portaudio19-19.6.0/debian/changelog
--- portaudio19-19.6.0/debian/changelog 2016-12-25 22:08:34.0 +0100
+++ portaudio19-19.6.0/debian/changelog 2021-02-13 07:42:27.0 +0100
@@ -1,3 +1,9 @@
+portaudio19 (19.6.0-1+deb10u1) buster; urgency=medium
+
+  * Apply crash fix patch (Closes: #944509)
+
+ -- Thorsten Glaser   Sat, 13 Feb 2021 07:42:27 +0100
+
 portaudio19 (19.6.0-1) unstable; urgency=medium
 
   * New upstream release v190600_20161030
diff -Nru portaudio19-19.6.0/debian/patches/944509-crash.patch 
portaudio19-19.6.0/debian/patches/944509-crash.patch
--- portaudio19-19.6.0/debian/patches/944509-crash.patch1970-01-01 
01:00:00.0 +0100
+++ portaudio19-19.6.0/debian/patches/944509-crash.patch2020-07-30 
16:26:55.0 +0200
@@ -0,0 +1,59 @@
+Description: handle EPIPE from alsa_snd_pcm_poll_descriptors
+ was: pa_linux_alsa.c:3636 Assertion failed
+Origin: https://lists.columbia.edu/pipermail/portaudio/2019-July/001888.html
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944509
+Forwarded: not-needed
+Justification: taken from upstream dev mailing list post
+Author: Sam Mason 
+Reviewed-by: Norbert Preining 
+Applied-Upstream: no
+
+--- a/src/hostapi/alsa/pa_linux_alsa.c
 b/src/hostapi/alsa/pa_linux_alsa.c
+@@ -3633,12 +3633,18 @@ error:
+ 
+ /** Fill in pollfd objects.
+  */
+-static PaError PaAlsaStreamComponent_BeginPolling( PaAlsaStreamComponent* 
self, struct pollfd* pfds )
++static PaError PaAlsaStreamComponent_BeginPolling( PaAlsaStreamComponent* 
self, struct pollfd* pfds, int *xrunOccurred )
+ {
+ PaError result = paNoError;
+ int ret = alsa_snd_pcm_poll_descriptors( self->pcm, pfds, self->nfds );
+-(void)ret;  /* Prevent unused variable warning if asserts are turned off 
*/
+-assert( ret == self->nfds );
++if( -EPIPE == ret )
++{
++  *xrunOccurred = 1;
++}
++else
++{
++  assert( ret == self->nfds );
++}
+ 
+ self->ready = 0;
+ 
+@@ -3799,17 +3805,22 @@ static PaError PaAlsaStream_WaitForFrame
+ if( pollCapture )
+ {
+ capturePfds = self->pfds;
+-PA_ENSURE( PaAlsaStreamComponent_BeginPolling( >capture, 
capturePfds ) );
++PA_ENSURE( PaAlsaStreamComponent_BeginPolling( >capture, 
capturePfds,  ) );
+ totalFds += self->capture.nfds;
+ }
+ if( pollPlayback )
+ {
+ /* self->pfds is in effect an array of fds; if necessary, index 
past the capture fds */
+ playbackPfds = self->pfds + (pollCapture ? self->capture.nfds : 
0);
+-PA_ENSURE( PaAlsaStreamComponent_BeginPolling( >playback, 
playbackPfds ) );
++PA_ENSURE( PaAlsaStreamComponent_BeginPolling( >playback, 
playbackPfds,  ) );
+ totalFds += self->playback.nfds;
+ }
+ 
++if ( xrun )
++{
++  break;
++}
++
+ #ifdef PTHREAD_CANCELED
+ if( self->callbackMode )
+ {
diff -Nru portaudio19-19.6.0/debian/patches/series 
portaudio19-19.6.0/debian/patches/series
--- portaudio19-19.6.0/debian/patches/series2016-12-25 21:37:53.0 
+0100
+++ portaudio19-19.6.0/debian/patches/series2021-02-13 07:42:08.0 
+0100
@@ -1 +1,2 @@
 audacity-portmixer.patch
+944509-crash.patch

Re: OpenJDK 17 for bullseye-backports

[Thorsten Glaser]

On Sat, 6 Feb 2021, Emmanuel Bourg wrote:

> If openjdk-17 can't be shipped in bullseyes even with prominent warnings
> that it's unsupported

Users will probably ignore that and use it anyway. It would have been
good if it could be included and kept up to date, but that’s doubling
of efforts, not worth the hassle, plus it would mean people would ex‐
pect Java packages shipped with bullseye to work with 17, which isn’t
the case (plus shipping only one makes it easier/clearer).

>, then this sounds like a good idea.

FWIW there is some discussion around this near
https://lists.debian.org/debian-java/2020/11/threads.html#00025
and we sincerely hope that a one-time copying of the binary packages
from sid to bullseye-backports, followed by either binNMUing or a
regular upload, can be done.

The situation is currently like this:

$ rmadison openjdk-1{1,2,3,4,5,6,7,8}
openjdk-11 | 11.0.4+11-1~bpo9+1   | stretch-backports | source
openjdk-11 | 11.0.4+11-1~deb10u1  | stable| source
openjdk-11 | 11.0.4+11-1  | unstable  | source
openjdk-11 | 11.0.6+10-1~bpo9+1   | stretch-backports | source
openjdk-11 | 11.0.9.1+1-1~deb10u2 | stable| source
openjdk-11 | 11.0.10+9-1  | testing   | source
openjdk-11 | 11.0.10+9-1  | unstable  | source
openjdk-15 | 15.0.2+7-1   | unstable  | source
openjdk-16 | 16~34-1  | testing   | source
openjdk-16 | 16~35-1  | buildd-unstable   | source
openjdk-16 | 16~35-1  | unstable  | source
openjdk-17 | 17~7-1   | testing   | source
openjdk-17 | 17~8-1   | buildd-unstable   | source
openjdk-17 | 17~8-1   | unstable  | source

The idea here is to drop all but openjdk-11 from testing (→ bullseye)
while waiting for the official release of 17 in sid and backporting
that one it has migrated to testing/bookworm.

Adrian’s suggestion to use bpo version numbers in sid for this…

>>Slightly less bending of the rules and only marginally more effort would
>>be to build ~bpo11+1 binaries for all bullseye release architectures
>>in unstable before the release of bullseye.

… sounds interesting, this keeps users’ expectations for backports
and is easily fixed in sid by uploading, once the copying is done.
(And, if needed, doing a ~bpo11+1b1 or ~bpo11+2 in backports.)

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

Mit unserem Consulting bieten wir Unternehmen maßgeschneiderte Angebote in
Form von Beratung, Trainings sowie Workshops in den Bereichen
Softwaretechnologie, IT Strategie und Architektur, Innovation und Umsetzung
sowie Agile Organisation.

Besuchen Sie uns auf https://www.tarent.de/consulting .
Wir freuen uns auf Ihren Kontakt.

*

Bug#976811: transition: php8.0

[Thorsten Glaser]

block 976811 by 980567
thanks

On Sat, 12 Dec 2020, Ondřej Surý wrote:

> And let me restate that it’s not my intent to make anyone’s life hell and
> I am willing to help with any package (as usual). I am just trying to do
> the most sane thing to do security and maintainer wise.

You probably should have communicated this with maintainers of PHP
packages. I was taken completely by surprise (via #980567) that
PHP 8 is even available in Debian now, and back when I asked you
to provide a release candidate via experimental, so that we could
test software with it before the release, some months ago, you
denied that, so colour me surprised to get a bugreport from it now.

As things are, I won’t upgrade php-react-promise now. If I find
the time I may backport the two commits mentioned to fix the one
issue reported, but… it’s already tight. (Upgrading is completely
out of the picture, as this involves multiple packages, and there
is a dependency chain reaching as far as composer. By the way, if
the composer maintainers with to take over the reactphp packages,
that could be arranged.)

I also had to actively search for this, wondering which PHP version
we’d be having with bullseye then… and this was not obvious to find.

bye,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

Bug#975874: buster-pu: package openjdk-11/11.0.9.1+1-1~deb10u1

[Thorsten Glaser]

On Thu, 3 Dec 2020, tony mancill wrote:

> Given that the JVM bug can affect any application seems to tilt the
> scale towards proceeding with the JDK update, so the release of an
> upgrade path for Jenkins is a relief.

How about versioning it differently? Make it 11.0.9-2 for a while?
Convince upstream to re-release it as 11.0.10 and stop using so
many periods in a version number (IMHO one is enough and two is
already questionable)?

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

Mit unserem Consulting bieten wir Unternehmen maßgeschneiderte Angebote in
Form von Beratung, Trainings sowie Workshops in den Bereichen
Softwaretechnologie, IT Strategie und Architektur, Innovation und Umsetzung
sowie Agile Organisation.

Besuchen Sie uns auf https://www.tarent.de/consulting .
Wir freuen uns auf Ihren Kontakt.

*

Re: Bug#975016: OpenJDK 15 support state for Bullseye

[Thorsten Glaser]

On Wed, 18 Nov 2020, Matthias Klose wrote:
> On 11/18/20 8:03 PM, Adrian Bunk wrote:
> > New OpenJDK versions tend to cause both buildtime and runtime breakages
> > in reverse dependencies, some of them hard to resolve and requiring
> > updates to new upstream versions which in turn require new dependencies
> > that might not even be in Debian.
>
> New upstream versions likely do that, that's not an attribute of OpenJDK.

Which is why new upstream versions _generally_ don’t end up in stable.

> What's your point?

I think the point is about packages with the JDK in Build-Depends.

The JDK has two use cases, one is people using it as JRE or JDK to
independently develop software, the other is using it in B-D to build
Debian packages (usually via default-jdk-headless).

Making 17 available as the latter is certainly a no-go. Maybe that
was what Adrian’s point was.

I think your point is about making it available as the former, and
so that people can test their things with it already, and to allow
backporting packages that actually do need it. I think that is a
good thing but perhaps bullseye-backports is indeed the better place
for it (especially if the copying of binary packages into the suite
to bootstrap is possible).

I think nobody wants to switch default-jdk to 17 or even not ship
11 at all any more or stop supporting it during bullseye’s lifetime.
Maybe that also was too implicit?

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*

Mit unserem Consulting bieten wir Unternehmen maßgeschneiderte Angebote in
Form von Beratung, Trainings sowie Workshops in den Bereichen
Softwaretechnologie, IT Strategie und Architektur, Innovation und Umsetzung
sowie Agile Organisation.

Besuchen Sie uns auf https://www.tarent.de/consulting .
Wir freuen uns auf Ihren Kontakt.

*

Bug#968503: nmu: mutter, muffin on 32-bit architectures (and gtk+3.0 on m68k)

[Thorsten Glaser]

Simon McVittie dixit:

>To -ports people (cc'd): for the -ports architectures, mutter and
>muffin should be rebuilt as above on all the 32-bit ports, with the
>same dep-wait. Additionally, some differences in build order mean that
>gtk+3.0 needs a rebuild on m68k (but not on release architectures or
>other 32-bit ports).

I’ll schedule this for x32 and m68k (don’t have rights for the others).

Thanks,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
 -- Henry Nelson, March 1999

Bug#953735: nmu: unscd_0.53-1+b2

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu unscd_0.53-1+b2 . ANY . unstable . -m "Rebuild against glibc 2.30"

As usual with new glibc major versions, please binNMU unscd quickly,
not having it prevents the installation of the new libc.

An extra versioned B-D, so that architectures where glibc 2.30 FTBFS
(ia64, kfreebsd-amd64, kfreebsd-i386, sparc64) wait with the binNMU
until it’s fixed, would be appreciated.

-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#951769: buster-pu: package sssd/1.16.3-3.1

[Thorsten Glaser]

Hi Adam,

>+sssd (1.16.3-3.2) buster; urgency=medium
>
>1.16.3-3.1+deb10u1 would be more conventional, please.

Yes, indeed (although there has been precedence for this,
considering the version numbers are only so they don’t
confluct with later uploads in $distro+1). I admit I had
not consciously done that, though.

>With that note, please go ahead.

OK, will do that later once my “meeting marathon” at
$dayjob finished. Do you prefer the binaries I built
earlier and which Nik is testing, or should I rebuild
with changed version?

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#951769: buster-pu: package sssd/1.16.3-3.1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hi,

we’d like to fix #946847 in buster (which is where we found it in
production and tested a fix locally, which was later discovered to
be identical to a recent upstream fix) because it’s a denial of
service kind of bug (bad network causes sssd to hang causes no
logins and lots of other stuff not working on the machine).

I’ve built a proposed update for stable in stable, and Dominik will
test the precise build on a stable machine. I uploaded the same fix
to unstable, and the next upstream releases will also contain it.

I’m attaching the debdiff.

Please advice how to proceed.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), 
(100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
diff -u sssd-1.16.3/debian/changelog sssd-1.16.3/debian/changelog
--- sssd-1.16.3/debian/changelog
+++ sssd-1.16.3/debian/changelog
@@ -1,3 +1,11 @@
+sssd (1.16.3-3.2) buster; urgency=medium
+
+  * Non-maintainer upload with maintainer permission.
+  * Fix sssd_be busy-looping when LDAP connection flickers.
+(Closes: #946847)
+
+ -- Thorsten Glaser   Fri, 21 Feb 2020 14:31:19 +0100
+
 sssd (1.16.3-3.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -u sssd-1.16.3/debian/patches/series sssd-1.16.3/debian/patches/series
--- sssd-1.16.3/debian/patches/series
+++ sssd-1.16.3/debian/patches/series
@@ -3,0 +4 @@
+fix-946847.diff
only in patch2:
unchanged:
--- sssd-1.16.3.orig/debian/patches/fix-946847.diff
+++ sssd-1.16.3/debian/patches/fix-946847.diff
@@ -0,0 +1,36 @@
+Description: fix busy loop caused by watchdog SIGTERM not processed
+Origin: https://pagure.io/SSSD/sssd/c/2c13d8b
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946847
+Bug: https://pagure.io/SSSD/sssd/issue/4132
+Bug: https://pagure.io/SSSD/sssd/issue/4089
+Forwarded: not-needed
+Author: Alexey Tikhonov
+Reviewed-by: Sumit Bose 
+Reviewed-by: mirabilos 
+Applied-Upstream: 2.2.4, commit:2c13d8b
+Applied-Upstream: 1.16.5, commit:0c62066
+
+--- a/src/util/util_watchdog.c
 b/src/util/util_watchdog.c
+@@ -54,9 +54,8 @@ static void watchdog_detect_timeshift(vo
+ if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) {
+ if (getpid() == getpgrp()) {
+ kill(-getpgrp(), SIGTERM);
+-} else {
+-_exit(1);
+ }
++_exit(1);
+ }
+ }
+ }
+@@ -75,9 +74,8 @@ static void watchdog_handler(int sig)
+ if (__sync_add_and_fetch(_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) {
+ if (getpid() == getpgrp()) {
+ kill(-getpgrp(), SIGTERM);
+-} else {
+-_exit(1);
+ }
++_exit(1);
+ }
+ }
+ 

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?

[Thorsten Glaser]

Adam D. Barratt dixit:

>Please go ahead; sorry for the delay.

Done, thanks!

bye,
//mirabilos
-- 
> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7~deb10u1

[Thorsten Glaser]

Hi again, sorry for bothering, but…

… in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931040#10
it was indicated this should go into the first point release,
and https://lists.debian.org/debian-devel-announce/2019/07/msg2.html
indicates that that will be done in little more than a weel, so…

>On Wed, 2019-07-03 at 06:43 +0100, Adam D. Barratt wrote:
>
>> and target would indeed be "buster". Please attach a debdiff of the
>> proposed upload to this report (but do not upload it at this stage).
>
>Is it OK to upload now?

TIA,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7~deb10u1

[Thorsten Glaser]

On Wed, 2019-07-03 at 06:43 +0100, Adam D. Barratt wrote:

> and target would indeed be "buster". Please attach a debdiff of the
> proposed upload to this report (but do not upload it at this stage).

Is it OK to upload now?

Thanks,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?

[Thorsten Glaser]

retitle 931358 buster-pu (pre-approval): musescore/2.3.2+dfsg2-7~deb10u1
thanks

Hi again,

now, with sensible amounts of coffee input, the debdiff as
prepared in git and of an actual .dsc/.changes ready for
uploading, attached.

Thanks,
//mirabilos
-- 
15:41⎜ Somebody write a testsuite for helloworld :-)diff -Nru musescore-2.3.2+dfsg2/debian/changelog 
musescore-2.3.2+dfsg2/debian/changelog
--- musescore-2.3.2+dfsg2/debian/changelog  2019-04-19 21:02:11.0 
+0200
+++ musescore-2.3.2+dfsg2/debian/changelog  2019-07-03 14:22:57.0 
+0200
@@ -1,3 +1,15 @@
+musescore (2.3.2+dfsg2-7~deb10u1) buster; urgency=high
+
+  * Rebuild 2.3.2+dfsg2-7 for buster-updates (cf. #931040)
+
+ -- Thorsten Glaser   Wed, 03 Jul 2019 14:22:57 +0200
+
+musescore (2.3.2+dfsg2-7) unstable; urgency=high
+
+  * Disable webkit functionality (Closes: #931021)
+
+ -- Thorsten Glaser   Mon, 24 Jun 2019 18:07:46 +0200
+
 musescore (2.3.2+dfsg2-6) unstable; urgency=medium
 
   * Workaround for DEP 5 syntax in a complex case
diff -Nru musescore-2.3.2+dfsg2/debian/control 
musescore-2.3.2+dfsg2/debian/control
--- musescore-2.3.2+dfsg2/debian/control2019-04-18 15:56:57.0 
+0200
+++ musescore-2.3.2+dfsg2/debian/control2019-07-03 14:22:23.0 
+0200
@@ -28,7 +28,6 @@
libpulse-dev,
libqt5opengl5-dev,
libqt5svg5-dev,
-   libqt5webkit5-dev,
libqt5xmlpatterns5-dev,
libsndfile1-dev (>= 1.0.25),
portaudio19-dev,
diff -Nru musescore-2.3.2+dfsg2/debian/rules musescore-2.3.2+dfsg2/debian/rules
--- musescore-2.3.2+dfsg2/debian/rules  2019-04-18 14:35:38.0 +0200
+++ musescore-2.3.2+dfsg2/debian/rules  2019-07-03 14:22:23.0 +0200
@@ -37,6 +37,9 @@
 CMAKE_DEFS+=   -DBUILD_PORTMIDI=OFF
 endif
 
+# disable phoning home
+CMAKE_DEFS+=   -DBUILD_WEBKIT=OFF
+
 override_dh_auto_configure:
dh_auto_configure -- ${CMAKE_DEFS}
 

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?

[Thorsten Glaser]

Hi,

>> It would need to be a new upload, indeed. The version seems sensible,
>> and target would indeed be "buster". Please attach a debdiff of the
>> proposed upload to this report (but do not upload it at this stage).

thanks, will do.

>Actually, as Salvatore pointed out on IRC, that should be -7~deb10u1,
>to follow the usual convention. I should not try and be useful pre-
>coffee...

Oh, indeed... same about coffee here ;) and I'm doing lots of
backports and few stable updates.

bye,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
 -- Henry Nelson, March 1999

Bug#931358: release.debian.org: buster-pu (pre-approval): musescore/2.3.2+dfsg2-7? -7~deb10+1?

[Thorsten Glaser]

Package: release.debian.org
Severity: normal

In #931040 I was indicated to postpone the fix for #931021 to
past the initial buster release, so it can get some more testing
in unstable in the meantime. (That being said I hope to get
MuseScore 3.x into unstable as opposed to experimental rather
quickly as well… which incidentally had the web part disabled
already, since 3.x uses a library not portable to all arches…)

I’d like to get the same change I posted to #931040 (which is
rather tiny) into buster, somehow; I assume I’d have to upload
with “buster” in the first line of the changelog; versioning
is the question (I would suggest 2.3.2+dfsg2-7~deb10+1) if you
cannot simply migrate the -7 package from sid to buster-p-u.

Please indicate how we can go forward (but take your time to
cut the release first, it’ll rock). Thanks in advance!

-- System Information:
Debian Release: 10.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#931040: unblock: musescore/2.3.2+dfsg2-7

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package musescore

I’ve found out, from Sunday’s dev chat discussion, that MuseScore
connects to upstream’s webserver on startup (#931021), and we
generally don’t like applications to phone home without explicit
permission.

I’ve tested this with systrace and verified both the fix and the
affected versions. Please unblock if you agree this is RC.

(including a git diff, but I confirmed it’s identical to debdiff)

--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+musescore (2.3.2+dfsg2-7) unstable; urgency=high
+
+  * Disable webkit functionality (Closes: #931021)
+
+ -- Thorsten Glaser   Mon, 24 Jun 2019 18:07:46 +0200
+
 musescore (2.3.2+dfsg2-6) unstable; urgency=medium
 
   * Workaround for DEP 5 syntax in a complex case
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,6 @@ Build-Depends: cmake,
libpulse-dev,
libqt5opengl5-dev,
libqt5svg5-dev,
-   libqt5webkit5-dev,
libqt5xmlpatterns5-dev,
libsndfile1-dev (>= 1.0.25),
portaudio19-dev,
--- a/debian/rules
+++ b/debian/rules
@@ -37,6 +37,9 @@ ifneq (linux,${DEB_HOST_ARCH_OS})
 CMAKE_DEFS+=   -DBUILD_PORTMIDI=OFF
 endif
 
+# disable phoning home
+CMAKE_DEFS+=   -DBUILD_WEBKIT=OFF
+
 override_dh_auto_configure:
dh_auto_configure -- ${CMAKE_DEFS}
 


unblock musescore/2.3.2+dfsg2-7

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#928185: Bug#926009: openjdk-11 breaks libreoffice autopkgtests

[Thorsten Glaser]

On Tue, 2 Apr 2019, Rene Engelhard wrote:

> We as distros can patch it for LibreOffice, but this change breaks 
> LibreOffice out there unless
> patched, and I doubt they will (or will be happy) to add extra stanzas for 
> "Debian", "Ubuntu" or
> whatever else.
> 
> I really believe this should be reverted.

Yes, this is really weird, and…

> > On Mon, 1 Apr 2019, Matthias Klose wrote:

> > > > IMHO correctly so, some of the changes are so far away from the
> > > > freeze policy..
> > > 
> > > pointy comments won't help, because you will see these changes at least 
> > > in the
> > > first buster security update, so maybe some backports for libreoffice are

… I fail to see how this qualifies for a security update.

Perhaps you’ll wish to revert this change when building for
anything older than bullseye/sid. Sometimes, lies need to
be introduced when backporting (for either stable-security
or bpo) to keep the stability guarantee.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**

Bug#927296: unblock: musescore/2.3.2+dfsg2-5

[Thorsten Glaser]

> I’ve also found another wrong copyright year, while reviewing the

I found some more. For ease of review, the complete diff follows,
and I’ll upload (the -6) when I get the ACK. The diff, while still
trivial, is now a bit longer because it adds the CC-BY 3.0 legal
code, the need for which was apparently discovered in the experimental
branch only, but also applies to master:

diff --git a/debian/changelog b/debian/changelog
index 457793dd..69f1fb82 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,27 @@
+musescore (2.3.2+dfsg2-6) UNRELEASED; urgency=medium
+
+  * Workaround for DEP 5 syntax in a complex case
+  * Fix share/plugins/notenames.qml and general copyright years
+  * Correct copyright info for the demos
+
+ -- Thorsten Glaser   Thu, 18 Apr 2019 14:01:18 +0200
+
+musescore (2.3.2+dfsg2-5) unstable; urgency=medium
+
+  * debian/patches/experiments/new-manpage.diff:
+- mark as applied upstream
+- synchronise with the actually applied patch: fixes a wrong
+  document save directory (missing XDG_DOCUMENTS_DIR)
+  * debian/copyright: incorporate fixes from Debian ftptrainees:
+- aeolus/global.h: also © Hans Fugal
+- effects/freeverb/freeverb.{cpp,h} is a bit more complicated:
+  they were originally PD “Written by Jezar at Dreampoint”,
+  but modified by Werner who, as EU citizen, cannot relinquish
+  copyright, so they are, effectively, published under the same
+  terms as the rest of MuseScore (GPLv2); document that
+
+ -- Thorsten Glaser   Tue, 16 Apr 2019 15:34:28 +0200
+
 musescore (2.3.2+dfsg2-4) unstable; urgency=low
 
   * Mark some patches as applied upstream
diff --git a/debian/copyright b/debian/copyright
index 776215b5..da1e90d9 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -2,7 +2,7 @@ Format: 
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: MuseScore
 Upstream-Contact: https://musescore.org/
 Source: https://github.com/musescore/MuseScore/
-Copyright: 2018, Werner Schweer and others
+Copyright: 2002-2018, Werner Schweer and others
 License: GPL-2 with Font exception (MuseScore)
 Files-Excluded: *.pdf
 share/sound
@@ -52,7 +52,6 @@ Files: aeolus/addsynth.cpp
aeolus/division.cpp
aeolus/division.h
aeolus/exp2ap.cpp
-   aeolus/global.h
aeolus/messages.h
aeolus/model.cpp
aeolus/model.h
@@ -69,6 +68,11 @@ Files: aeolus/addsynth.cpp
 Copyright: 2003-2010, Fons Adriaensen 
 License: GPL-2+
 
+Files: aeolus/global.h
+Copyright: 2003-2010, Fons Adriaensen 
+   2008, Hans Fugal 
+License: GPL-2+
+
 Files: awl/fastlog.h
 Copyright: Laurent de Soras 
 License: WTFPL-2
@@ -90,6 +94,24 @@ Files: build/travis/job_macos/extract-qt-installer
 Copyright: QT-CI Project <https://github.com/benlau/qtci>
 License: Apache-2.0
 
+Files: demos/All_Dudes.mscz
+   demos/Triumph.mscz
+Copyright: 2011, Outside Shore Music
+License: GPL-2
+
+Files: demos/Reunion.mscz
+Copyright: 2012, Marc Sabatella
+License: CC-BY-3.0
+
+Files: effects/freeverb/freeverb.cpp
+   effects/freeverb/freeverb.h
+Copyright: 2009, Werner Schweer
+License: Freeverb-PD and GPL-2 with Font exception (MuseScore)
+
+License: Freeverb-PD
+ Written by Jezar at Dreampoint, June 2000
+ “This code is public domain” (well, it originally was)
+
 Files: fluid/chan.cpp
fluid/conv.cpp
fluid/conv.h
@@ -310,7 +332,7 @@ License: GPL-2
 
 Files: share/plugins/notenames.qml
 Copyright:  2012, Werner Schweer
-   2013-2014, Joachim Schmitz
+   2013-2017, Joachim Schmitz
 2014, Jörn Eichler
 License: GPL-2
 
@@ -880,6 +902,324 @@ License: WTFPL-2
  .
   0. You just DO WHAT THE FUCK YOU WANT TO.
 
+License: CC-BY-3.0
+ Attribution 3.0 Unported
+ .
+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+ LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN
+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
+ REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR
+ DAMAGES RESULTING FROM ITS USE.
+ .
+ License
+ .
+ THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE
+ COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY
+ COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS
+ AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
+ .
+ BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE
+ TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY
+ BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS
+ CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND
+ CONDITIONS.
+ .
+ 1. Definitions
+ .
+  a. "Adaptation" means a work based upon the Work, or upon the Work and
+ other pre-existing works, such as a translatio

Bug#927296: unblock: musescore/2.3.2+dfsg2-5

[Thorsten Glaser]

On Wed, 17 Apr 2019, Thorsten Glaser wrote:

> it should sit in sid for a bit longer, that’s no problem either.

Oops, I apparently fsck’d up (but why this didn’t show up in lintian
for -5 but does show up for the upload in the experimental branch I’m
currently doing, I’ll never know) in DEP 5 syntax.

I’ve also found another wrong copyright year, while reviewing the
git diff between upstream versions for the newest 3.1beta version
(also for experimental) and found it is also wrong in buster/sid, so:


diff --git a/debian/changelog b/debian/changelog
index d8e0e9d8..028febb2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+musescore (2.3.2+dfsg2-6) UNRELEASED; urgency=medium
+
+  * Workaround for DEP 5 syntax in a complex case
+  * Fix share/plugins/notenames.qml copyright years
+
+ -- Thorsten Glaser   Wed, 17 Apr 2019 23:30:09 +0200
+
 musescore (2.3.2+dfsg2-5) unstable; urgency=medium
 
   * debian/patches/experiments/new-manpage.diff:
diff --git a/debian/copyright b/debian/copyright
index c6f793d6..9103af9f 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -97,7 +97,9 @@ License: Apache-2.0
 Files: effects/freeverb/freeverb.cpp
effects/freeverb/freeverb.h
 Copyright: 2009, Werner Schweer
-License: Public Domain (Freeverb) and GPL-2 with Font exception (MuseScore)
+License: Freeverb-PD and GPL-2 with Font exception (MuseScore)
+
+License: Freeverb-PD
  Written by Jezar at Dreampoint, June 2000
  “This code is public domain” (well, it originally was)
 
@@ -321,7 +323,7 @@ License: GPL-2
 
 Files: share/plugins/notenames.qml
 Copyright:  2012, Werner Schweer
-   2013-2014, Joachim Schmitz
+   2013-2017, Joachim Schmitz
 2014, Jörn Eichler
 License: GPL-2
 


If you are agreeable to unblocking this, I’ll upload -6 quickly.

Thanks,
//mirabilos
-- 
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...

Bug#927296: unblock: musescore/2.3.2+dfsg2-5

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package musescore

This upload addresses two issues which, while minor, I would
appreciate having fixed before stable:

* The recent ftpmaster re-review in experimental found missing
  authorship attributions in d/copyright which (inherited from
  the previous maintainers) affect the version in testing/sid,
  which I fixed there.

* The patch debian/patches/experiments/new-manpage.diff was
  since accepted upstream, although upstream review has found
  a mistake (XDG_DOCUMENTS_DIR was missing from the path in
  which the user-generated documents are stored, potentially
  misleading users, which is why I ask for inclusion); the
  change also records the merging in the DEP 3 headers and
  makes it otherwise identical to the version that was actually
  merged upstream (copyright year/date changed to encompass
  2019 as well; the “cd” to the directory in the script, which
  is not called during the build (only for developers) and so
  does not change anything) for consistence.

I have “sat” on these changes for a while though, until it became
clear that my current git hosting platform is not affected by the
dreaded “Article 13” and so I do not have to change VCS-* _again_
(otherwise I’d have included this here, too). I hope that’s okay.

This was uploaded yesterday, and I’ve tested it (on x32), but if
it should sit in sid for a bit longer, that’s no problem either.
Extra benefit: the packages are now rebuilt against latest Qt,
which had uploads recently. (Should not change anything, though.)

The full debdiff is really trivial and follows:


diff -Nru musescore-2.3.2+dfsg2/debian/changelog 
musescore-2.3.2+dfsg2/debian/changelog
--- musescore-2.3.2+dfsg2/debian/changelog  2019-02-27 17:11:13.0 
+0100
+++ musescore-2.3.2+dfsg2/debian/changelog  2019-04-16 15:34:28.0 
+0200
@@ -1,3 +1,19 @@
+musescore (2.3.2+dfsg2-5) unstable; urgency=medium
+
+  * debian/patches/experiments/new-manpage.diff:
+- mark as applied upstream
+- synchronise with the actually applied patch: fixes a wrong
+  document save directory (missing XDG_DOCUMENTS_DIR)
+  * debian/copyright: incorporate fixes from Debian ftptrainees:
+- aeolus/global.h: also © Hans Fugal
+- effects/freeverb/freeverb.{cpp,h} is a bit more complicated:
+  they were originally PD “Written by Jezar at Dreampoint”,
+  but modified by Werner who, as EU citizen, cannot relinquish
+  copyright, so they are, effectively, published under the same
+  terms as the rest of MuseScore (GPLv2); document that
+
+ -- Thorsten Glaser   Tue, 16 Apr 2019 15:34:28 +0200
+
 musescore (2.3.2+dfsg2-4) unstable; urgency=low
 
   * Mark some patches as applied upstream
diff -Nru musescore-2.3.2+dfsg2/debian/copyright 
musescore-2.3.2+dfsg2/debian/copyright
--- musescore-2.3.2+dfsg2/debian/copyright  2019-02-27 17:11:13.0 
+0100
+++ musescore-2.3.2+dfsg2/debian/copyright  2019-04-16 15:33:48.0 
+0200
@@ -52,7 +52,6 @@
aeolus/division.cpp
aeolus/division.h
aeolus/exp2ap.cpp
-   aeolus/global.h
aeolus/messages.h
aeolus/model.cpp
aeolus/model.h
@@ -69,6 +68,11 @@
 Copyright: 2003-2010, Fons Adriaensen 
 License: GPL-2+
 
+Files: aeolus/global.h
+Copyright: 2003-2010, Fons Adriaensen 
+   2008, Hans Fugal 
+License: GPL-2+
+
 Files: awl/fastlog.h
 Copyright: Laurent de Soras 
 License: WTFPL-2
@@ -90,6 +94,13 @@
 Copyright: QT-CI Project <https://github.com/benlau/qtci>
 License: Apache-2.0
 
+Files: effects/freeverb/freeverb.cpp
+   effects/freeverb/freeverb.h
+Copyright: 2009, Werner Schweer
+License: Public Domain (Freeverb) and GPL-2 with Font exception (MuseScore)
+ Written by Jezar at Dreampoint, June 2000
+ “This code is public domain” (well, it originally was)
+
 Files: fluid/chan.cpp
fluid/conv.cpp
fluid/conv.h
diff -Nru musescore-2.3.2+dfsg2/debian/patches/experiments/new-manpage.diff 
musescore-2.3.2+dfsg2/debian/patches/experiments/new-manpage.diff
--- musescore-2.3.2+dfsg2/debian/patches/experiments/new-manpage.diff   
2019-02-27 17:11:13.0 +0100
+++ musescore-2.3.2+dfsg2/debian/patches/experiments/new-manpage.diff   
2019-04-16 15:20:21.0 +0200
@@ -3,10 +3,11 @@
 Author: mirabilos 
 Bug: https://musescore.org/en/node/277903
 Forwarded: https://github.com/musescore/MuseScore/pull/4265
+Applied-Upstream: master, commit:e292cfb527
 
 --- a/build/Linux+BSD/mscore.1.in
 +++ b/build/Linux+BSD/mscore.1.in
-@@ -1,244 +1,505 @@
+@@ -1,244 +1,510 @@
 -.\"  Hey, EMACS: -*- nroff -*-
 -.\" To preview the page formatting without installing use "man -l mscore.1"
 -.\" First parameter, NAME, should be all caps
@@ -95,11 +96,11 @@
 -@MAN_PORTABLE@.TP
 -@MAN_PORTABLE@.B man, manual, manpage
 +.\" New manual page for Muse

Re: Fixing Linux getrandom() in stable

[Thorsten Glaser]

Theodore Y. Ts'o dixit:

>that problems helps most of our users, and we shouldn't let the
>perfect be the enemy of the good.

Agreed. Start small, then enhance one bootloader at a time.
Or boot protocol, I assume.

>Also note that the bootloader has depend on userspace to refresh the
>seed entropy, both in early boot (in case the syscrashes), and at
>shutdown (so the entropy captured while the system is running can be

Definitely!

>saved as seed entropy).  And this is trickier in Linux because the
>bootloader lives in a different source tree, and is maintained by
>different people from the systemd and/or initscripts people, and for

Yes, unfortunately.

>that matter the bootloader doesn't know which distribution it is

But in this case, the distribution can tell the bootloader the
path to the file to load.

>the *BSD's has its advantages.  And this is where perhaps Debian as a
>distribution can solve this problem by coordinating action across
>multiple Debian packages.)

Of course.

>The *point* is that we can't really make a turn-key solution which
>will work for everyone.  For as much we have the desire for a
>"Universal OS", something that works for all hardware, all users, and
>all workloads, is probably just not attainable here.

As Debian, we can try to come close, but, as you said, don’t let
the perfect be the enemy of the good. Perhaps there are multiple
somethings that, together (or having the local admin choose) can
help more people than one simple solution, even if the latter may
help a majority. (I’m a fan of minorities, in case you couldn’t
tell. I run an x32 system, after all, and helped out m68k a bit…)

>(It never was a complete solution, BTW; even before the patches to
>address CVE-2018-1108, there were already hardware systems where you
>couldn't count on the RNG being initialized in time and getrandom(2)

Another question is what it means that the RNG is initialised.
It all depends on what in the end boils down to guesswork,
although I tip my hat because that RNG code of yours, both the
Linux and the BSD version, are pretty impressive.

But the point here is that, even if the RNG thinks it’s fully
initialised, it may not be “good” yet, depending on circumstances.
(Again, it should not stop us from trying.)

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.   -- Andreas Bogk über boehm-gc in d.a.s.r

Re: Fixing Linux getrandom() in stable

[Thorsten Glaser]

Adrian Bunk dixit:

>As an example, what happens if I debootstrap and deploy the resulting
>filesytem to a large number of identical embedded systems without
>entropy sources?

Just get into a habit of not doing so, for example by modifying the
image during each writing process.

Having the bootloader inject entropy into the kernel would of course
help (something OpenBSD actually did, which I’d dreamt of only until).
Reuse is only problematic then if the system actually booted, i.e. an
early userspace thing reading and immediately writing to a file will
stave off the remaining issues.

>As far as I can see, any solution above would either give me boot hangs
>or might result in nasty security issues due to the same (known) entropy
>being fed to /dev/random on many machines.
>
>Similar problems for cases like live CDs and installers.

And CPUs, and architectures, without usable boot entropy.

For the “CD image” case, though, adding stuff like the MAC addresses
of the onboard NICs and the current time would at least shuffle the
existing (albeit known) entropy around enough for it to begin to differ.

A web service for getting random bits sounds like an idea, until you
get to the privacy implications of that (as well as reliability). But
if it’s inhouse, it’s doable.

>I wonder whether the current issue is just the tip of the iceberg,
>and usage of /dev/urandom is a gazillion CVEs waiting to be reported.

Did you see the fallback code for Linux in OpenBSD’s code for libbsd?
It’s… like trying to find randomly-looking things on an 1990s Unix.

This is best fixed in the kernel and earlier, plus an extra read/write
in early userspace. Of course, embedding some entropy into the kernel
image itself will make the reproducible-builds people entirely unhappy…
(this one *is* implemented in MirBSD, complete with a tool to update
it).

>Due to the gdm bugs mentioned above we know that there are real-life
>situations where gdm currently uses "random" data that might be
>predictable.

The question is which uses actually need entropy estimated good enough?

>>b. Tolerate a longer wait for getrandom() to return
>
>I suspect there might be no guaranteed upper bound for the waiting time.

On a discless system with no hardware sources (possibly no network)
and no keyboard interaction? Infinite.

Of course, if early userspace could reliably update a file, then the
file’s content could be estimated as good enough and be credited to
the RNG, at least for non-identical/readonly-/shared-media systems.

>never block but might return predictable data in some cases.

“What level of predictability?”

>It would then be up to the application to decide whether predictable
>data is acceptable, and what to do in entropy-starved situations.

I guess most application authors have no answer for you here.

It’s also no solution for the arc4random API… seems like a cultural
clash (BSD expectations vs. what Linux can actually deliver).

bye,
//mirabilos
-- 
  “Having a smoking section in a restaurant is like having
  a peeing section in a swimming pool.”
-- Edward Burr

Bug#860022: Bug#859935: Bug#860022: unblock: bsd-mailx/8.1.2-0.20160123cvs-3.1 (pre-approval)

[Thorsten Glaser]

On Fri, 14 Apr 2017, Robert Luberda wrote:

> The patch looks OK. The addition of -D_GNU_SOURCE flag causes warnings
> during compilation of files that already #define _GNU_SOURCE, but this
> is easy to fix by using #define in main.c.

Hm ok… as long as the definition is before *any* inclusion.
But since you seem to have thrown away asprintf() calls,
it’s no longer needed either.

bye,
//mirabilos
-- 
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

Bug#860025: unblock: bsdmainutils/9.0.12+nmu1 (pre-approval)

[Thorsten Glaser]

retitle 860025 unblock: bsdmainutils/9.0.12+nmu1
tags 860025 - moreinfo
thanks

Niels Thykier dixit:

>Please go ahead and remove the moreinfo tag once the NMU has reached
>unstable + have been built on all relevant architectures.

According to https://buildd.debian.org/status/package.php?p=bsdmainutils
it’s now Installed everywhere except hurd-i386 (Built) and powerpcspe
(Needs-Build), which I believe qualifies ;-)

Thanks!

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”  ‣‣‣ Please, http://deb.li/mysql and MariaDB, finally die!

Bug#860022: unblock: bsd-mailx/8.1.2-0.20160123cvs-3.1 (pre-approval)

[Thorsten Glaser]

On Wed, 12 Apr 2017, Niels Thykier wrote:

> If the maintainer agrees with you on it, I am happy to accept that patch
> for stretch.

OK, thanks.

> Mind you, I am also open to reviewing his proposal of
> adding those headers even with -a (letting -a override the
> auto-generated ones when there is a conflict).

OK.

Robert, Niels, what do you think about the attached patch?

Thanks,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#860025: unblock: bsdmainutils/9.0.12+nmu1 (pre-approval)

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I would like to request another pre-approval for a one-line fix
to bsdmainutils to fix a bad patch. The Debian bug is #859933.

In jessie (and on BSD), calling 'calendar' would output:

root@evolvis:~ # calendar
Apr 10  Commodore Matthew Calbraith Perry born, 1794
Apr 10  William Booth born, 1829, founder of the Salvation Army
[…]

On stretch/sid, it looks thus:

tglase@tglase:~ $ calendar
Apr 10  Commodore Matthew Calbraith Perry born, 1794

Apr 10  William Booth born, 1829, founder of the Salvation Army

[…]

The patch is trivial:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=859933;filename=bsdmainutils_9.0.12%2Bnmu0teckids1.debdiff;msg=5
(of course as 9.0.12+nmu1)

-- System Information:
Debian Release: 9.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#860022: unblock: bsd-mailx/8.1.2-0.20160123cvs-3.1 (pre-approval)

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

I would like to request a pre-approval before uploading a fixed
package. The bug in question is #859935 (bsd-mailx sends 8bit
messages without MIME headers).

I consider this release-critical as it’s a regression for the
“mailx” command/interface: in jessie, one could just use U-A to
select heirloom-mailx for mailx, which handled this correctly.

I wish to ask for inclusion of this to stretch because bsd-mailx
is now the only “mailx” provider, and this is relatively easy to
fix.

The patch is here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=859935;filename=bsd-mailx_8.1.2-0.20160123cvs-3.0teckids1.debdiff;msg=5
(would of course be uploaded as -3.1)

The impact of the patch is:

If the user does not specify any additional header (with the ‘-a’
option), then and only then does it add MIME-Version, Content-Type
(text/plain; charset=) and
Content-Transfer-Encoding (8bit) headers. Otherwise, nothing is
changed compared to before the patch.

-- System Information:
Debian Release: 9.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Bug#859014: unblock: cvs/2:1.12.13+real-22

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package cvs

This package addresses the bug #858769 which was reported
as potentially security-relevant. Debdiff:

diff -u cvs-1.12.13+real/configure.in cvs-1.12.13+real/configure.in
--- cvs-1.12.13+real/configure.in
+++ cvs-1.12.13+real/configure.in
@@ -17,7 +17,7 @@
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.])
 
-AC_INIT([Concurrent Versions System (CVS)],[1.12.13-MirDebian-21],
+AC_INIT([Concurrent Versions System (CVS)],[1.12.13-MirDebian-22],
[bug-...@nongnu.org],[cvs])
 AC_CONFIG_SRCDIR(src/cvs.h)
 AC_CONFIG_AUX_DIR(build-aux)
diff -u cvs-1.12.13+real/debian/NEWS cvs-1.12.13+real/debian/NEWS
--- cvs-1.12.13+real/debian/NEWS
+++ cvs-1.12.13+real/debian/NEWS
@@ -1,3 +1,34 @@
+cvs (2:1.12.13+real-22) unstable; urgency=low
+
+  Newly created repositories (from “cvs init”) now rely on
+  CVSUMASK for the permissions of the “history” and “val-tags”
+  files instead of creating them as world-writable.
+
+  Newly created repositories contain a LogHistory configuration
+  setting to only record write operations in the “history” file.
+
+  If you are used to the previous behaviour, you can restore it
+  by altering (or removing, in which case the (commented-out)
+  default of logging everything will be used) the LogHistory
+  configuration setting and changing the permissions on the
+  “history” and “val-tags” files so that every user can write
+  into them.
+
+  If you did not deliberately open your repository to all users
+  on your system, you might wish to change all existing repos
+  to this behaviour. To do this, check out the CVSROOT module,
+  edit the “config” file adding “LogHistory=TMAR”, check that
+  change in, release the CVSROOT module, and chmod the “history”
+  and “val-tags” files to either 0664 (if all users in the same
+  group should be able to commit) or 0644 (if only you wish to
+  commit), possibly 0660 or 0600 is non-committers should also
+  be denied reading.
+
+  Contact me (mirabilos) in #cvs on irc.freenode.net if you have
+  any questions about this change or require further support.
+
+ -- Thorsten Glaser <t...@mirbsd.de>  Tue, 28 Mar 2017 19:54:01 +0200
+
 cvs (2:1.12.13+real-7) unstable; urgency=high
 
   rcs2log no longer lives in the PATH, the contributed script
diff -u cvs-1.12.13+real/debian/changelog cvs-1.12.13+real/debian/changelog
--- cvs-1.12.13+real/debian/changelog
+++ cvs-1.12.13+real/debian/changelog
@@ -1,3 +1,14 @@
+cvs (2:1.12.13+real-22) unstable; urgency=low
+
+  * cvs init: Change default history logging configuration
+to only log write operations by adding “LogHistory=TMAR”
+  * Testsuite: Alter to cope with this explicit option
+  * cvs init: Rely on CVSUMASK for history and val-tags files
+in newly created repositories (Closes: #858769)
+  * Add a NEWS.Debian entry verbosely documenting this change
+
+ -- Thorsten Glaser <t...@mirbsd.de>  Tue, 28 Mar 2017 20:01:39 +0200
+
 cvs (2:1.12.13+real-21) unstable; urgency=medium
 
   [ Sylvain Beucler ]
diff -u cvs-1.12.13+real/debian/copyright cvs-1.12.13+real/debian/copyright
--- cvs-1.12.13+real/debian/copyright
+++ cvs-1.12.13+real/debian/copyright
@@ -61,7 +61,7 @@
 
 Parts and the packaging are covered by the following GPL-compatible licence:
 
-# Copyright © 2005, 2008, 2011
+# Copyright © 2005, 2008, 2011, 2017
 #  mirabilos <m...@mirbsd.org>
 #
 # Provided that these terms and disclaimer and all copyright notices
diff -u cvs-1.12.13+real/doc/cvs.texinfo cvs-1.12.13+real/doc/cvs.texinfo
--- cvs-1.12.13+real/doc/cvs.texinfo
+++ cvs-1.12.13+real/doc/cvs.texinfo
@@ -1989,6 +1989,18 @@
 @code{cvs init} will enable history logging; if you
 don't want that, remove the history file after running
 @code{cvs init}.  @xref{history file}.
+Since MirBSD CVS 1.12.13-MirOS-0AB7.8, MirPorts-19 or
+Debian cvs 2:1.12.13+real-22, only write operations
+will be logged by default; to change this, make the
+history file world-writable (but beware of the associated
+security risk) and remove the stock @samp{LogHistory}
+line in the @file{CVSROOT/config} file (@pxref{config})
+to use the (commented-out) default or put your own there.
+Note that these versions also create the @file{val-tags}
+file writable (@pxref{CVSUMASK}), not world-writable like
+prior versions, so users who wish to commit must, with a
+default @code{CVSUMASK} of 002, be in the same group as
+the repository.
 
 @node Backing up
 @section Backing up a repository
@@ -14901,7 +14913,9 @@
 Default of @samp{TOEFWUPCGMAR} (or simply @samp{all}) will log
 all transactions.  Any subset of the default is
 legal.  (For example, to only log transactions that modify the
-@file{*,v} files, use @samp{LogHistory=TMAR}.)  To disable history logging
+@file{*,v} files, use @samp{LogHistory=TMAR} which is nowadays
+set by @code{cvs init} by default.)
+

Re: binNMUs: please exercise some care

[Thorsten Glaser]

Philipp Kern dixit:

>> Maybe wb could do a “dak ls” and whatever the equivalent for dpo mini-dak is.
>
>Unfortunately it is not being run on the same host as dak either.

Hm, rmadison then. What does packages.d.o/sid/binpkgname use? (On the
other hand, that’s often quite behind…)

bye,
//mirabilos
-- 
 exceptions: a truly awful implementation of quite a nice idea.
 just about the worst way you could do something like that, afaic.
 it's like anti-design.   that too… may I quote you on that?
 sure, tho i doubt anyone will listen ;)

Re: binNMUs: please exercise some care

[Thorsten Glaser]

On Fri, 23 Oct 2015, Emilio Pozuelo Monfort wrote:

> >> Ah, cool – so we have only to patch this tool to automatically
> >> use the highest number per batch on all affected architectures
> >> (or even to use the highest number if all architectures would
> >> be touched, but that’s probably an unreasonable amount of code
> >> change).
> > 
> > Sorry, aren't you saying the same thing in both cases? If not, can you 
> > rephrase
> > or expand that?

> This won't help when we have to schedule a binNMU on one or two architectures
> and not all of them.

That’s why I made the distinction. The change to the tool can be done
by taking the highest version number across the _listed_ or _all_
architectures. (The listed ones is probably better.)


On Fri, 23 Oct 2015, Adam D. Barratt wrote:

> Well, except you only really want to do it for libraries that are ma:same, as
> that's the only case where it actually matters and otherwise you're
> pointlessly losing versions.

Right, but it’s not as if losing versions would have any bad impact.

> It's also not quite that simple, even working things out by hand - see #599128
> for example.

Hm, I’m still under the impression that the +bN suffix to the Debian
version of the package in the archive is the authoritative source for
what binNMU version a package currently has, as that’s taking porter
uploads into account which is a requirement. If the current code
doesn’t do that I consider it a bug which must be fixed (at the same
time, or before doing this change), which makes it more tricky, yes.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Re: binNMUs: please exercise some care

[Thorsten Glaser]

On Fri, 23 Oct 2015, Emilio Pozuelo Monfort wrote:

> I can go back to scheduling binNMUs for release architectures only, or for ANY
> -x32. But I don't have the time to look at every architecture and determine
> which one needs a binNMU and which one has already done it. Anyway if your

OK. In this case, scheduling them is probably better.

> buildds are fast enough that they already rebuilt things, then maybe 
> rebuilding
> them again is not such a big deal...

This is probably true for x32, yes, but I was concerned about
M-A libraries not being coinstallable. For example, the harfbuzz
library currently has one +b more than all others, making trouble
for my desktop system (x32+i386 M-A). In that case, it wasn’t even
because the rebuild was done twice, but, because another rebuild
before the current (shared) one was necessary.

How about, scheduling them all at once, but using the same version
number across arches when doing it (i.e. the largest)?

> That wasn't me. But I'll try to spread the word about --extra-depends, as I
> agree it's useful to avoid this. I didn't use it much in the past when I just

Okay, thanks a lot! Also, thanks for the response.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Re: binNMUs: please exercise some care

[Thorsten Glaser]

On Fri, 23 Oct 2015, Adam D. Barratt wrote:

> and testing), so the only way to be certain what binNMU number to use is to
> check manually. In practice what actually happens is that people forget about

Maybe wb could do a “dak ls” and whatever the equivalent for dpo mini-dak is.

I’ll have a look at the code, maybe on this weekend.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Re: binNMUs: please exercise some care

[Thorsten Glaser]

On Fri, 23 Oct 2015, Adam D. Barratt wrote:

> wanna-build does, yes, but at least the Release Team tend to use the "wb"
> wrapper tool which automatically works out the next free number on each
> architecture.

Ah, cool – so we have only to patch this tool to automatically
use the highest number per batch on all affected architectures
(or even to use the highest number if all architectures would
be touched, but that’s probably an unreasonable amount of code
change).

Where’s the source code to that tool?

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Re: binNMUs: please exercise some care

[Thorsten Glaser]

On Fri, 23 Oct 2015, Emilio Pozuelo Monfort wrote:

> I didn't say once per arch. I said once per package, which is worse. I 
> normally
> schedule binNMUs for several dozens packages. Multiply that by several

But you need to look the number up anyway? The wanna-build
--binNMU parameter gets the number to use as argument.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#779997: unblock: (pre-approval) mksh/50d-4

[Thorsten Glaser]

retitle 779997 unblock: mksh/50d-5
tags 779997 - moreinfo
thanks

Axel Beckert dixit:

I've just made a pbuilder build whose debdiff only differs from the
debdiff posted here as follows, i.e. only in dates and version numbers:

Thanks, this looks as expected.

bye,
//mirabilos
-- 
igli exceptions: a truly awful implementation of quite a nice idea.
igli just about the worst way you could do something like that, afaic.
igli it's like anti-design.  mirabilos that too… may I quote you on that?
igli sure, tho i doubt anyone will listen ;)


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1503151929540.26...@herc.mirbsd.org

Bug#779997: unblock: (pre-approval) mksh/50d-4

[Thorsten Glaser]

Niels Thykier dixit:

I see the upload has happened, but the diff seems to be very unlike the
one you included in the bug.  A diffstat of what I see is:
[…]
I.e. a patch is being dropped and no other changes.  Your original
debdiff suggested there ought to be changes to said patch instead.

Indeed. Huh. This seems to be a mistake on the sponsor’s side,
as this most certainly does not match what I asked them to pull
from collab-maint/mksh.git and upload. I’ll retry; sorry.

bye,
//mirabilos
-- 
[16:04:33] bkix: veni vidi violini
[16:04:45] bkix: ich kam, sah und vergeigte...


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1503131422020.6...@herc.mirbsd.org

Bug#779997: unblock: (pre-approval) mksh/50d-4

[Thorsten Glaser]

tags 779997 - moreinfo
thanks

Niels Thykier dixit:

Ack, seems reasonable.  Please have it uploaded to unstable and remove
the moreinfo tag once it is accepted.

ok, done

bye,
//mirabilos
-- 
This space for rent.


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1503122135430.25...@herc.mirbsd.org

Bug#779997: unblock: (pre-approval) mksh/50d-4

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mksh

With upstream hat, I found and fixed a security-relevant
(privacy related) bug in mksh and would kindly like to
request its inclusion into jessie.

The bug is: when HISTFILE has been set to a filename,
persistent history writing (logging of commands) is
enabled. Running “unset HISTFILE” is a no-op, instead
of, like with the other shells, disabling file logging
again. (Running “HISTFILE=” sort-of works, as it tries
to call open(2) with an empty string as argument, fails
and then leaves logging disabled.)

The fix is a straight backport of the upstream fix, in
two portions: the histrap.c part makes a NULL and empty
string argument ① do the same, and ② disable history
without relying on “open(, …)” to fail; the var.c
part calls the routine in the “unset” case. The other
patches (check.t and sh.h) adjust the shell version to
note that this is a vendor-patched version; it’s something
I (as upstream) request (though not absolutely require)
from distributions to do when they deviate from upstream
sources.

The full debdiff is attached. I plan to upload using a
sponsor (I have several at hand) if I get the approval,
but have no problem against an RT or Security Team member
uploading the package instead either. The package builds
cleanly in jessie and sid (i386 cowbuilder), passes its
testsuite and is lintian-clean.

The package is kept in collab-maint/mksh.git using the
“single-debian-patch” style packaging, which means that
debian/patches/debian-changes accumulates those patches.
Feel free to inspect the git repository for the actual
commit to the upstream sources instead. The package builds
without any non-standard helpers (e.g. gbp), by just invoking
dpkg-buildpackage after placing the .orig.tar.gz into
the parent directory.

unblock mksh/50d-4

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
diff -Nru mksh-50d/debian/changelog mksh-50d/debian/changelog
--- mksh-50d/debian/changelog	2014-10-23 11:20:27.0 +0200
+++ mksh-50d/debian/changelog	2015-03-07 22:17:11.0 +0100
@@ -1,3 +1,12 @@
+mksh (50d-4) unstable; urgency=medium
+
+  * QA upload.
+  * Backport upstream fix:
+- [tg] SECURITY: make unset HISTFILE actually work
+  * Adjust shell version accordingly
+
+ -- Thorsten Glaser t...@mirbsd.de  Sat, 07 Mar 2015 22:16:53 +0100
+
 mksh (50d-3) unstable; urgency=high
 
   * QA upload.
diff -Nru mksh-50d/debian/patches/debian-changes mksh-50d/debian/patches/debian-changes
--- mksh-50d/debian/patches/debian-changes	2014-10-23 11:24:49.0 +0200
+++ mksh-50d/debian/patches/debian-changes	2015-03-07 22:19:12.0 +0100
@@ -18,7 +18,7 @@
  
  expected-stdout:
 -	@(#)MIRBSD KSH R50 2014/10/07
-+	@(#)MIRBSD KSH R50 2014/10/19
++	@(#)MIRBSD KSH R50 2014/10/19 Debian-4
  description:
  	Check version of shell.
  stdin:
@@ -27,7 +27,7 @@
  ---
  expected-stdout:
 -	@(#)LEGACY KSH R50 2014/10/07
-+	@(#)LEGACY KSH R50 2014/10/19
++	@(#)LEGACY KSH R50 2014/10/19 Debian-4
  description:
  	Check version of legacy shell.
  stdin:
@@ -531,6 +531,39 @@
  	/* set $# and $* */
  	if (setargs) {
  		wp += argi - 1;
+--- mksh-50d.orig/histrap.c
 mksh-50d/histrap.c
+@@ -563,7 +563,7 @@ sethistfile(const char *name)
+ 		return;
+ 
+ 	/* if the name is the same as the name we have */
+-	if (hname  strcmp(hname, name) == 0)
++	if (hname  name  !strcmp(hname, name))
+ 		return;
+ 
+ 	/*
+@@ -581,7 +581,8 @@ sethistfile(const char *name)
+ 		hist_source-line = 0;
+ 	}
+ 
+-	hist_init(hist_source);
++	if (name)
++		hist_init(hist_source);
+ }
+ #endif
+ 
+@@ -713,8 +714,10 @@ hist_init(Source *s)
+ 	hist_source = s;
+ 
+ #if HAVE_PERSISTENT_HISTORY
+-	if ((hname = str_val(global(HISTFILE))) == NULL)
++	if (((hname = str_val(global(HISTFILE))) == NULL) || !*hname) {
++		hname = NULL;
+ 		return;
++	}
+ 	strdupx(hname, hname, APERM);
+ 	hs = hist_init_first;
+ 
 --- mksh-50d.orig/main.c
 +++ mksh-50d/main.c
 @@ -34,7 +34,7 @@
@@ -561,7 +594,7 @@
 +__RCSID($MirOS: src/bin/mksh/sh.h,v 1.701 2014/10/19 21:53:08 tg Exp $);
  #endif
 -#define MKSH_VERSION R50 2014/10/07
-+#define MKSH_VERSION R50 2014/10/19
++#define MKSH_VERSION R50 2014/10/19 Debian-4
  
  /* arithmetic types: C implementation */
  #if !HAVE_CAN_INTTYPES
@@ -585,3 +618,17 @@
  
  #define X_EXTRA	20	/* this many extra bytes in X string */
  
+--- mksh-50d.orig/var.c
 mksh-50d/var.c
+@@ -1351,6 +1351,11 @@ unsetspec(struct tbl *vp)
+ 	 */
+ 
+ 	switch (special(vp-name)) {
++#if HAVE_PERSISTENT_HISTORY
++	case V_HISTFILE:
++		sethistfile(NULL);
++		return;
++#endif
+ 	case V_IFS:
+ 		setctypes(TC_IFSWS, C_IFS);
+ 		ifs0 = ' ';

Re: Potential issues for most ports (Was: Re: Bits from the Release Team (Jessie freeze info))

[Thorsten Glaser]

Niels Thykier dixit:

Then there are more concrete things like ruby's test suite seg. faulting
on ia64 (#593141), ld seg. faulting with --as-needed on ia64

And only statically linked klibc-compiled executables work on IA64,
not dynamically linked ones. I’ve looked into it, but Itanic is so
massively foreign I didn’t manage to find out anything except that
the problem appears to happen before main.

Until we have a clear definition of actively maintained ports, I would
recommend porters to err on the side of being verbose over being silent.

I’ve held off on the m68k side because I think the role call was only
for architectures in the main archive, right?

[1] Nothing official yet, but gcc-4.6 (and earlier) /might/ not be
acceptable as a default for Jessie.

Didn't Doko say he’d want 4.8? We (on the m68k side) are putting
effort into that one, since 4.7 appears to only be used by eglibc
right now. And 4.6 for GNAT, but gnat-4.8 is new, and the ICE may
be fixed as there’s active upstream on the GCC/m68k side.

bye,
//mirabilos
-- 
diogenese Beware of ritual lest you forget the meaning behind it.
igli yeah but it means if you really care about something, don't
ritualise it, or you will lose it. don't fetishise it, don't
obsess. or you'll forget why you love it in the first place.


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1311031444380.31...@herc.mirbsd.org

Re: Issue in Bad regexp for ruby1.8-removal transition

[Thorsten Glaser]

On Mon, 2 Sep 2013, Jérémy Bobbio wrote:

 On the page described the transition to get rid of Ruby 1.8 [1],

How is this supposed to work, anyway?

• I don’t see either a bts entry or an explanation linked anywhere.

• ruby1.9.1 Build-Depends ruby1.8

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”  ‣‣‣ Please, http://deb.li/mysql and MariaDB, finally die!


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.10.1309051613280.12...@tglase.lan.tarent.de

Bug#708146: nmu: unscd_0.48-2

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu unscd_0.48-2 . ALL . -m Rebuild against eglibc major version 2.17

Hi,

for FusionForge I’m using unscd instead of nscd, which makes much
less trouble. It needs to be binNMU’d against every new eglibc
major version.

I’ve just done so with the version in sid locally and tested that
it still works, to avoid repeating the problem from:
https://bugs.launchpad.net/ubuntu/+source/unscd/+bug/958305

Right now, unscd is uninstallable, and a dist-upgrade would remove
FusionForge from the system, which is kinda not what I want ;-) as
I’m currently preparing it to work with PHP 5.5 (looks like actually
no change needed).

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130513142100.15643.35280.report...@tglase.lan.tarent.de

Re: tiff 4.x (libtiff5) transition

[Thorsten Glaser]

Jay Berkenbilt qjb at debian.org writes:

 hoping Jessie will ship with only one version of the tiff library:
[…]
 I'd obviously like to get on this as soon as possible, but I understand

Agreed, but tiff depends on jpeg, and there are people who want to switch
jpeg to “jpeg-turbo” (still being unclear whether it implements all jpeg
functions or just these deemed “needed”) or, if not, jpeg might want a
soname bump too. So it might make sense to wait for completion of that,
or do them in one go (no idea what’s easier for Debian).

You might want to talk to the jpeg maintainer for this.

Just an outsider 2¢,
//mirabilos


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/loom.20130507t134844-...@post.gmane.org

Bug#705535: unblock: mediawiki/1:1.19.5-1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mediawiki

Please consider allowing the new security bugfix release of
mediawiki’s long-term support branch into wheezy. The upload
to sid also contains a documentation and a code change both
related to correcting the installation/setup process.

The Debian changes, except patch-context-linenumber changes,
are as follows:

--- debian/changelog(revision 430)
+++ debian/changelog(working copy)
@@ -1,3 +1,21 @@
+mediawiki (1:1.19.5-1) unstable; urgency=high
+
+  [ Platonides ]
+  * Update config URL in README.Debian (Closes: #703804)
+
+  [ Thorsten Glaser ]
+  * Re-add LocalSettings creation snippet for support of the
+mediawiki-extensions Debian packaging (Closes: #703852)
+  * New upstream security-only release:
+- (bug 47251) SECURITY: Disable external entities in Import
+- (bug 46859) SECURITY: Disable external entities in XMLReader
+- (bug 46084) SECURITY: Sanitize $limitReport before outputting
+- (bug 43594) Fix notices displayed on PHP 5.4
+- (bug 40585) Don't drop 'step=any' in HTML input fields.
+  * Refresh patches against new upstream code
+
+ -- Thorsten Glaser t...@mirbsd.de  Tue, 16 Apr 2013 11:04:05 +0200
+
 mediawiki (1:1.19.4-1) unstable; urgency=high
 
   * Urgency high for security fix
--- debian/patches/debian_specific_config.patch (revision 0)
+++ debian/patches/debian_specific_config.patch (revision 434)
@@ -0,0 +1,18 @@
+$Id$
+
+Support mediawiki-extensions Debian packaging (see #703852).
+
+--- a/includes/installer/LocalSettingsGenerator.php
 b/includes/installer/LocalSettingsGenerator.php
+@@ -333,6 +333,11 @@ if ( !defined( 'MEDIAWIKI' ) ) {
+ # Path to the GNU diff3 utility. Used for conflict resolution.
+ \$wgDiff3 = \{$this-values['wgDiff3']}\;
+ 
++# debian-specific include:
++if (is_file(\/etc/mediawiki-extensions/extensions.php\)) {
++  include(\/etc/mediawiki-extensions/extensions.php\);
++}
++
+ # Query string length limit for ResourceLoader. You should only set this if
+ # your web server has a query string length limit (then set it to that limit),
+ # or if you have suhosin.get.max_value_length set in php.ini (then set it to

--- debian/patches/series   (revision 430)
+++ debian/patches/series   (working copy)
@@ -6,3 +6,4 @@
 bz29635.patch
 bz40889.patch
 bz39635.patch
+debian_specific_config.patch
--- debian/README.Debian(revision 430)
+++ debian/README.Debian(working copy)
@@ -14,14 +14,14 @@
 
 Configuration:
The configuration uses an easy web-based system ; just go to this URL :
-   http://www.myserver.org/mediawiki/config/index.php
+   http://www.myserver.org/mediawiki/mw-config/index.php
(replace by your own servername)
  You may of course configure your webserver to serve this URL. A 
default
  configuration can be found in /etc/mediawiki/. Apache and cherokee 
users
  may have linked this in their configuration automatically if they 
asked
  the installer to do so.
Then just copy the generated config to the real system location :
-   mv /var/lib/mediawiki/config/LocalSettings.php \
+   mv /var/lib/mediawiki/mw-config/LocalSettings.php \
 /etc/mediawiki
You should change file permissions for LocalSettings.php as required to
prevent other users on the server from reading passwords and

The upstream changes are as follows:

--- mediawiki-1.19.4/RELEASE-NOTES-1.19 2013-03-04 19:11:51.0 +0100
+++ mediawiki-1.19.5/RELEASE-NOTES-1.19 2013-04-15 18:23:52.0 +0200
@@ -3,6 +3,17 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.5 ==
+
+This is a security and maintenance release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.4 ===
+* (bug 47251) SECURITY: Disable external entities in Import
+* (bug 46859) SECURITY: Disable external entities in XMLReader
+* (bug 46084) SECURITY: Sanitize $limitReport before outputting
+* (bug 43594) Fix notices displayed on PHP 5.4
+* (bug 40585) Don't drop 'step=any' in HTML input fields.
+
 == MediaWiki 1.19.4 ==
 
 This is a maintenance release of the MediaWiki 1.19 branch
--- mediawiki-1.19.4/includes/DefaultSettings.php   2013-03-04 
19:11:51.0 +0100
+++ mediawiki-1.19.5/includes/DefaultSettings.php   2013-04-15 
18:23:52.0 +0200
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.4';
+$wgVersion = '1.19.5';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';
--- mediawiki-1.19.4/includes/GlobalFunctions.php   2013-03-04 
19:11:51.0 +0100
+++ mediawiki-1.19.5/includes/GlobalFunctions.php   2013-04-15 
18:23

Bug#702348: unblock: mksh/40.9.20120630-7

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mksh

unblock mksh/40.9.20120630-7

(Thanks to Lisandro for his posting on Planet Debian!)

Dear Release Team,

please unblock mksh (40.9.20120630-7) for wheezy.
The debdiff between the two source packages (40.9.20120630-4 currently
in testing and 40.9.20120630-7 currently in sid) follows, except the
diff between the debian/patches/debian-changes file was replaced by an
interdiff between them for better legibility (see #689193 for the
reason), and I removed changes to the RCS IDs, i.e. lines only changing
the “$MirOS$” strings, and changes to the copyright years, to get it
more legible. Then, I sorted changes logically and let each block be
followed by the explanation for the change.

Please just ask back if you need any clarification. I am aware that
a Unix shell is complex code; I tried to select only patches to back‐
port for this that I really think the wheezy release will benefit from.

The upload will not change the shell language or behaviour, except
that $? in/after eval is now correct and that the ERR and EXIT traps
are run at all, once only, and in the correct order, and that set -e
aborts correctly when a function returned nonzero; all of these are
regressions against versions of mksh several years old and had been
introduced by earlier bugfixes, so the interface does not change.

--- mksh-40.9.20120630/debian/changelog 2012-10-13 14:57:14.0 +
+++ mksh-40.9.20120630/debian/changelog 2013-02-15 19:01:25.0 +
@@ -1,3 +1,34 @@
+mksh (40.9.20120630-7) unstable; urgency=low
+
+  * The “customer service” upload
+  * Correct the fix for LP#1104543 (Closes: #700526)
+  * Fix uninitialised memory access (Closes: #700604)
+
+ -- Thorsten Glaser t...@mirbsd.de  Fri, 15 Feb 2013 19:00:40 +
+
+mksh (40.9.20120630-6) unstable; urgency=low
+
+  * Revert the fix for LP#1104543 as it causes Debian #700526
+(not closing as it’s not a proper fix)
+
+ -- Thorsten Glaser t...@mirbsd.de  Fri, 15 Feb 2013 17:44:20 +
+
+mksh (40.9.20120630-5) unstable; urgency=low
+
+  * Bump versioned B-D on libklibc-dev [armhf] to known-fixed
+  * Fix input command line editing display redrawing issue
+  * Backport fixes to the regression testsuite and some new tests
+  * Add bugfixes for error handling related issues:
+- behaviour of $? in eval (RedHat BZ#865121)
+- running the EXIT and ERR traps (Closes: #696823)
+- set -e vs. use of /|| in a function (LP#1104543)
+  * Add appropriate regression tests for these fixes
+  * Update the mailing list address in lksh.1 manpage
+  * In /etc/skel/.mkshrc handle /etc/debian_chroot like bashrc does
+  * Update copyright year
+
+ -- Thorsten Glaser t...@mirbsd.de  Mon, 11 Feb 2013 14:14:37 +0100
+
 mksh (40.9.20120630-4) unstable; urgency=low
 
   * The “Cookie” upload

This is the changelog, with reference to the bug numbers of the bugs
fixed by the changes below also. The change in -6 just reverted one of
the changes in -5 and was immediately followed up by the correct fix
in -7 once I had it working.

--- mksh-40.9.20120630/debian/.mkshrc   2011-11-26 00:04:53.0 +
+++ mksh-40.9.20120630/debian/.mkshrc   2013-02-11 13:18:28.0 +
@@ -19,6 +19,8 @@
 else
p=$'\001'
 fi
+[[ -z ${debian_chroot:-}  -r /etc/debian_chroot ]]  \
+debian_chroot=$(/etc/debian_chroot)
 PS1=$p$'\r${debian_chroot:+'$p$'\e[0;1m'$p'($debian_chroot)'$p$'\e[0m'$p'}'$PS1
 unset p
 

This change aligns the standard mkshrc file with what bash’s initiali‐
sation files do wrt. behaviour in chroots (dchroot/schroot, cowbuilder
--login).

--- mksh-40.9.20120630/debian/control   2012-09-30 14:50:32.0 +
+++ mksh-40.9.20120630/debian/control   2012-10-06 13:05:08.0 +
@@ -19,7 +19,8 @@
 Build-Depends: bsdmainutils, ed,
 # # try klibc on any architectures it has ever been built; this aids people
 # # trying to debug klibc itself (hppa, powerpcspe, sh4)
-  libklibc-dev [alpha amd64 armel armhf hppa i386 ia64 m68k mips mipsel 
powerpc powerpcspe ppc64 s390 s390x sh4 sparc sparc64],
+  libklibc-dev (= 2.0.1-2~) [armhf],
+  libklibc-dev [alpha amd64 armel hppa i386 ia64 m68k mips mipsel powerpc 
powerpcspe ppc64 s390 s390x sh4 sparc sparc64],
 # # same for dietlibc; the hppa one is optional for now
   dietlibc-dev (= 0.33~cvs20120325-4~) [armhf],
   dietlibc-dev (= 0.33~cvs2008-5~) [hppa] | dietlibc-doc [hppa],

This change merely introduces a versioning to the klibc dependency
for armhf as it got usable only late in the release process. I’ve
had this in for a while already, even said so on the mailing list,
but I think it went unseen in the flood of messages.

Omitted change for debian/copyright: only the year 2013 was added.

--- mksh-40.9.20120630/debian/lksh.12012-07-20 23:34:00.0 +
+++ mksh-40.9.20120630/debian/lksh.12013-02-11 13:18:30.0 +
@@ -258,7 +258,7 @@
 Talk

Re: [Pkg-mediawiki-devel] Bug#700595: mediawiki: Upstream bug: Bug 39635 - PostgreSQL LOCK IN SHARE MODE option is a syntax error

[Thorsten Glaser]

On Wed, 27 Feb 2013, Adam D. Barratt wrote:

 As a side note, the changelog didn't really need:
 
 +  * Note: these changes were part of this upload, even though
 +they were not detailed in this changelog entry when uploading:
 
 which will look a little odd to those perusing the changelog in future rather
 than diffing it, I suspect. Ah well.

Hm, do you have a better wording for changelog entries
that were supposed to accompany the changes of a past
upload but had been forgotten?

I thought adding them “after the fact” to the older
version but marking them specially would be somewhat
clearer than adding them to the newer version, since
the changes themselves slipped in with the older one.

But then, I’m not an English native speaker…

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1302281024570.23...@tglase.lan.tarent.de

Re: [Pkg-mediawiki-devel] Bug#700595: mediawiki: Upstream bug: Bug 39635 - PostgreSQL LOCK IN SHARE MODE option is a syntax error

[Thorsten Glaser]

On Thu, 28 Feb 2013, Adam D. Barratt wrote:

 I'd just have included them in the older changelog stanza as is and noted in
 the current version that I'd added them; there's no particular need to know in
 future versions that they were added after the fact. ymmv.

OK, thanks, will do that next time.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1302281412130.23...@tglase.lan.tarent.de

Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

[Thorsten Glaser]

Andres Salomon dixit:

Hm.  Rather than simply remove it, can we actually provide an upgrade
path to rsyslog?  I'd be happy to NMU a version of ksyslogd that
does this in unstable (for consideration in wheezy), as long as rsyslog
is truly a drop-in replacement.

No, I veto that, I’m happily using sysklogd in sid.
Do *not* break that.

It seems that new squeeze installs default to using rsyslog.  However,

Lenny started with that beast, actually.

bye,
//mirabilos
-- 
„nein: BerliOS und Sourceforge sind Plattformen für Projekte, github ist
eine Plattform für Einzelkämpfer“
-- dieses Zitat ist ein Beweis dafür, daß auch ein blindes Huhn
   mal ein Korn findet, bzw. – in diesem Fall – Recht haben kann


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1301211352001.10...@herc.mirbsd.org

Bug#696999: [a...@adam-barratt.org.uk: Re: Bug#696999: unblock: mediawiki-extensions/2.11]

[Thorsten Glaser]

Jonathan Wiltshire dixit:

Any idea what the comment in

++  array('a', /* does not work */ 'img')));

is about?

The MediaWiki HTML sanitiser accepts an array of tags to also
accept in the output. I’ve tried whitelisting 'a' and 'img',
but the latter does not currently work. I hope this will be
addressed in a future version of MediaWiki (actually, I could
probably cook up a patch), and right now, its presence there
is a nop.

bye,
//mirabilos
-- 
I want one of these. They cost 720 € though… good they don’t have the HD hole,
which indicates 3½″ floppies with double capacity… still. A tad too much, atm.
‣ http://www.floppytable.com/floppytable-images-1.html


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1212301632050.18...@herc.mirbsd.org

Bug#695904: mea culpa (was Re: [Pkg-mediawiki-devel] Bug#695904: Bug#695904: unblock: mediawiki/1:1.19.3-1 (fwd))

[Thorsten Glaser]

On Sat, 15 Dec 2012, Adam D. Barratt wrote:

 The first patch was *not* in the 1.19.2 package:

Indeed, I totally fucked up this one. Apparently, there was a
“wheezy” branch in svn which I was supposed to use but did not.

The changes that sled in were:
• the “| php5-mysqlnd” dependency (#689758)
• bz29635.patch (fixes cases where database upgrades fail)
  ‣ https://bugzilla.wikimedia.org/show_bug.cgi?id=29635
• two hunks of fix_invalid_xhtml.patch (ensures 2 out of 3
  places that need the change have all img/ tags always have
  an alt=… attribute; the third one was not yet committed:
  https://bugzilla.wikimedia.org/show_bug.cgi?id=40889 has
  a link to an upstream commit for that)

Apparently, because the latter was WIP/incomplete, I had
not added debian/changelog entries, which led to my later
oversight. I should have used svn log.

If there is demand, I will upload a -2 reverting all of
these changes, although I consider the bz29635.patch
important enough for inclusion for PostgreSQL users.
If that is requested, please say so. (Apparently, the -1
upload made it into testing in the meantime.)

I learned from this to never assume debian/changelog is
up to date in a “trunk” and will try to not repeat this
mistake. Sorry.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1212171047240.15...@tglase.lan.tarent.de

Re: Question on proposed integration of MediaWiki 1.19.3 in wheezy

[Thorsten Glaser]

On Wed, 12 Dec 2012, Niels Thykier wrote:

 On 2012-12-12 10:58, Dominik George wrote:
  Dear release managers,
  
  today, I chose to fix RC bug #694998. It is a security issue with 

To be exact, I asked Dominik whether he can have a look at it
and review it (and ask the Release Team) because I currently
lack time to do that in-depth and he’s eager to help RC bug fixing…

  MediaWiki 1.19.2 currently in testing, and there are two ways of fixing 
  this issue. The easiest would be to get the new upstream version 1.19.3 
  into testing.

From the pkg-mw side this would of course be preferred because
it would make later fixes easier, and the MW upstream sort of
agreed to support 1.19 longer for us, when we in turn keep MW
in good shape in Debian ;-)

  I created the new package and a debdiff [2]. This diff is 
  quite large because the update also incorporates tons of translation 
  updates.

I suggested to use diff -wup and exclude the translations;
I’ve already done that for 1.19.2.

 If 1.19.3 is just the security fix + translations, I'd be willing to
 allow the translations as well.

OK, thanks. Let’s hope it’ll be just fixes.

Thanks Dominik for having a look.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1212121130150.2...@tglase.lan.tarent.de

Re: Question on proposed integration of MediaWiki 1.19.3 in wheezy

[Thorsten Glaser]

On Wed, 12 Dec 2012, Niels Thykier wrote:

 The filtered diff looks reasonable, feel free to upload 1.19.3-0.1 to
 unstable.  Please file an unblock bug for it after it has been in
 unstable for some time.

Thanks Niels.

Dominik, please commit the changes needed, version as 1:1.19.3-1
and mark as “* Team upload”, then Jonathan or I can build and
upload it, now that you’re in the Alioth team.

I’ll even squeeze in some testing in a fusionforge setting ;-)

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1212121347000.2...@tglase.lan.tarent.de

seeking pre-upload approval for mksh 40.9.20120630-5 targetting wheezy

[Thorsten Glaser]

Hi,

I would like to put the following patch, which took me 3¼ hours to
find, into mksh in wheezy. It reverts a flag which I mistakenly
converted to bool back to int, as it’s used as a counter. The effect
is that, when you have non-ASCII characters on the command line and
then insert something in the middle, sometimes, the entire display
or parts of it is trashed.

--- edit.c  3 Sep 2012 19:29:14 -   1.8
+++ edit.c  26 Nov 2012 22:40:58 -
@@ -900,7 +900,7 @@ static bool x_adj_ok;
  * we use x_adj_done so that functions can tell
  * whether x_adjust() has been called while they are active.
  */
-static bool x_adj_done;
+static int x_adj_done;
 
 static int x_col;
 static int x_displen;
@@ -1166,7 +1166,7 @@ x_init_prompt(void)
if (x_col = xx_cols)
x_col %= xx_cols;
x_displen = xx_cols - 2 - x_col;
-   x_adj_done = false;
+   x_adj_done = 0;
 
pprompt(prompt, 0);
if (x_displen  1) {
@@ -1339,7 +1339,7 @@ static int
 x_ins(const char *s)
 {
char *cp = xcp;
-   bool adj = x_adj_done;
+   int adj = x_adj_done;
 
if (x_do_ins(s, strlen(s))  0)
return (-1);
@@ -1616,7 +1616,7 @@ x_size2(char *cp, char **dcp)
 static void
 x_zots(char *str)
 {
-   bool adj = x_adj_done;
+   int adj = x_adj_done;
 
x_lastcp();
while (*str  str  xlp  adj == x_adj_done)
@@ -2847,7 +2847,7 @@ static void
 x_adjust(void)
 {
/* flag the fact that we were called. */
-   x_adj_done = true;
+   x_adj_done++;
/*
 * we had a problem if the prompt length  xx_cols / 2
 */
@@ -2969,7 +2969,7 @@ x_e_putc3(const char **cp)
 static void
 x_e_puts(const char *s)
 {
-   bool adj = x_adj_done;
+   int adj = x_adj_done;
 
while (*s  adj == x_adj_done)
x_e_putc3(s);


This reverts everything dealing with x_adj_done to the state
it was in mksh 40.5.

I’ve got another diff queued for wheezy, bumping the versioned
B-D for klibc on armhf to the first version known to actually
work there, but I think this is trivial:

--- debian/control  30 Sep 2012 14:50:07 -  1.82
+++ debian/control  6 Oct 2012 13:04:43 -   1.83
@@ -19,7 +19,8 @@ Homepage: http://mirbsd.de/mksh
 Build-Depends: bsdmainutils, ed,
 # # try klibc on any architectures it has ever been built; this aids people
 # # trying to debug klibc itself (hppa, powerpcspe, sh4)
-  libklibc-dev [alpha amd64 armel armhf hppa i386 ia64 m68k mips mipsel 
powerpc powerpcspe ppc64 s390 s390x sh4 sparc sparc64],
+  libklibc-dev (= 2.0.1-2~) [armhf],
+  libklibc-dev [alpha amd64 armel hppa i386 ia64 m68k mips mipsel powerpc 
powerpcspe ppc64 s390 s390x sh4 sparc sparc64],
 # # same for dietlibc; the hppa one is optional for now
   dietlibc-dev (= 0.33~cvs20120325-4~) [armhf],
   dietlibc-dev (= 0.33~cvs2008-5~) [hppa] | dietlibc-doc [hppa],

Thanks in advance,
//mirabilos
-- 
Darwinism never[…]applied to wizardkind. There's a more than fair amount of[…]
stupidity in its gene-pool[…]never eradicated[…]magic evens the odds that way.
It's[…]harder to die for us than[…]muggles[…]wonder if, as technology[…]better
[…]same will[…]happen there too. Dursleys' continued existence indicates so.


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1211262241200.23...@herc.mirbsd.org

Bug#689153: ping mksh-related release items

[Thorsten Glaser]

Hi,

I’d like to do a ping for mksh unblocking and the release notes
entry, just so they don’t accidentally forgotten.

In case someone already has these on their radar, please sorry
for the noise.

bye,
//mirabilos
-- 
FWIW, I'm quite impressed with mksh interactively. I thought it was much
*much* more bare bones. But it turns out it beats the living hell out of
ksh93 in that respect. I'd even consider it for my daily use if I hadn't
wasted half my life on my zsh setup. :-) -- Frank Terbeck in #!/bin/mksh


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1211251719020.30...@herc.mirbsd.org

Re: [Pkg-mediawiki-devel] Candidates for removal from testing (2012-11-14)

[Thorsten Glaser]

On Wed, 14 Nov 2012, Niels Thykier wrote:

  * The package had at least one RC bug without activity for the past
14 days.

 Jonathan Wiltshire j...@debian.org
mediawiki-math (U)
 
 Mediawiki Maintenance Team pkg-mediawiki-de...@lists.alioth.debian.org
mediawiki-math

Hey Jonathan,

will you take care of this? Otherwise I’ll have to
see that I take some time for it…

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1211150925530.5...@tglase.lan.tarent.de

Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

[Thorsten Glaser]

Michael Biebl dixit:

A better approach imho would be to simply remove sysklogd from the
archive.

Please no!

//mirabilos (still ill)
-- 
Natureshadow Dann mach ich git annex copy --to shore und fertig ist das
Natureshadow das ist ja viel cooler als ownCloud ...
mirabilos sag ich doch
Natureshadow ja wieso stimmt das denn immer was du sagst ...


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1210131304320.4...@herc.mirbsd.org

Bug#689153: unblock: mksh/40.9.20120630-4

[Thorsten Glaser]

retitle 689153 unblock: mksh/40.9.20120630-4
thanks

Hi,

sorry for the trouble, but please wait for the -4 upload,
as recent changes in gcc will let mksh ftbfs, and doko
said he'll want to propose these versions for wheezy; I've
made the same hotfix in Ubuntu already.

bye,
//mirabilos
-- 
Natureshadow Dann mach ich git annex copy --to shore und fertig ist das
Natureshadow das ist ja viel cooler als ownCloud ...
mirabilos sag ich doch
Natureshadow ja wieso stimmt das denn immer was du sagst ...


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/pine.bsm.4.64l.1210121407250.17...@herc.mirbsd.org

Bug#689157: unblock: mediawiki-extensions/2.9, mediawiki/1:1.19.2-2

[Thorsten Glaser]

Dear Release Team,

please extend the courtesy to unblock the MediaWiki packages
to today’s uploads: mediawiki-extensions/2.9, mediawiki/1:1.19.2-2

The reason behind this is the removal of the FCKeditor extension
which works only up to and including MediaWiki 1.17 and has been
deprecated by the Wikimedia Foundation in favour of another, not
yet packaged, extension (see #689375 for the full details). We
would like to have this, now non-working, extension removed from
src:mediawiki-extensions and broken by mediawiki, in wheezy too,
and have added appropriate NEWS entries.

Furthermore, there’s a small fix for the Collection extension
regarding downloading the generated PDFs from the PDF Export
link and for Wikibooks in PDF format, which was broken depending
on the version or configuration of the render server (affecting
one of two possible codepaths). This basically inlines a bit of
code from two “convenience wrapper” functions in order to access
the HTTP Response headers.

The debdiffs (attached) are relatively short (I have represented
file removals as comment in the top instead of including their
full diff):

mediawiki:
- add NEWS entry, break any version of mediawiki-extensions-fckeditor
- adjust debian/watch file for DDPO vs. uscan behaviour difference:
  patch (dversionmangle) away the epoch, which DDPO doesn’t like,
  as done for src:cvs

mediawiki-extensions:
- remove all files related to the FCKeditor extension
- add NEWS entry
- remove debian/{control{,.in},copyright,patches/series,rules}
  entries related to the FCKeditor extension
- debian/patches/fix_collection.patch: add fix for downloading
  generated PDFs
- remove svn-revisions entries related to the FCKeditor extension

Thanks in advance,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Manckedeleted:
- mediawiki-extensions-2.8/debian/mediawiki-extensions-fckeditor.links
- mediawiki-extensions-2.8/debian/patches/fix_fckeditor.patch
- mediawiki-extensions-2.8/dist/mediawiki-extensions-fckeditor/

--- mediawiki-extensions-2.8/debian/NEWS1970-01-01 01:00:00.0 
+0100
+++ mediawiki-extensions-2.9/debian/NEWS2012-10-02 14:09:51.0 
+0200
@@ -0,0 +1,11 @@
+mediawiki-extensions (2.9) unstable; urgency=low
+
+  The mediawiki-extensions-fckeditor package has been
+  deprecated by the Wikimedia foundation and is thus
+  no longer included in the packaging, so if your wikis
+  have been using this extension, please remove it from
+  their configuration to avoid breakage. This can be
+  done using sudo mwdisext FCKeditor.php if installed
+  from Debian packaging.
+
+ -- Thorsten Glaser t...@mirbsd.de  Tue, 02 Oct 2012 14:09:42 +0200
--- mediawiki-extensions-2.8/debian/changelog   2012-09-20 13:45:26.0 
+0200
+++ mediawiki-extensions-2.9/debian/changelog   2012-10-02 14:09:51.0 
+0200
@@ -1,3 +1,10 @@
+mediawiki-extensions (2.9) unstable; urgency=low
+
+  * Collection: fix downloading generated PDFs from the render server
+  * FCKeditor: remove, no longer works with MW 1.19 (Closes: #689375)
+
+ -- Thorsten Glaser t...@mirbsd.de  Tue, 02 Oct 2012 14:09:42 +0200
+
 mediawiki-extensions (2.8) unstable; urgency=low
 
   * Remove dependency of mw-ext-collection on various ECMAscript
--- mediawiki-extensions-2.8/debian/control 2012-09-20 13:45:26.0 
+0200
+++ mediawiki-extensions-2.9/debian/control 2012-10-02 12:13:31.0 
+0200
@@ -91,17 +91,6 @@
  This extension is set for the Debian mediawiki
  package, but it may also be used separately.
 
-Package: mediawiki-extensions-fckeditor
-Architecture: all
-Depends: ${misc:Depends}, mediawiki-extensions-base,
- fckeditor
-Description: Extensions for MediaWiki -- FCKeditor extension
- This package provides the mediawiki extensions for
- FCKeditor wysiwyg editor.
- .
- This extension is set for the Debian mediawiki
- package, but it may also be used separately.
-
 Package: mediawiki-extensions-collection
 Architecture: all
 Depends: ${misc:Depends}, mediawiki-extensions-base, php5-curl
@@ -130,7 +119,6 @@
  mediawiki-extensions-ldapauth,
  mediawiki-extensions-openid,
  mediawiki-extensions-confirmedit,
- mediawiki-extensions-fckeditor,
  mediawiki-extensions-collection,
  mediawiki-extensions-graphviz,
  ${misc:Depends}
--- mediawiki-extensions-2.8/debian/control.in  2012-09-20 13:45:26.0 
+0200
+++ mediawiki-extensions-2.9/debian/control.in  2012-10-02 12:13:31.0 
+0200
@@ -91,17 +91,6 @@
  This extension is set for the Debian mediawiki
  package, but it may also be used separately.
 
-Package: mediawiki-extensions-fckeditor
-Architecture: all
-Depends: ${misc:Depends}, mediawiki-extensions-base,
- fckeditor
-Description: Extensions for MediaWiki -- FCKeditor extension
- This package provides the mediawiki extensions for
- FCKeditor wysiwyg editor

Bug#689354: nmu: mksh_40.9.20120630-3

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu mksh_40.9.20120630-3 . armhf . -m Rebuild against fixed klibc

maximilian attems dixit:

On Sun, 30 Sep 2012, Thorsten Glaser wrote:
[…]
 and without busybox, and rebuilding mksh on armhf with
 it would also show success (in fact, once you uploaded,
 I’ll ask for a binNMU of mksh on armhf anyway).

klibc built fine on all archs, go ahead!! :D

Sure, thanks. I guess I’ll file the request now, but it might
be best to wait a day or two, until all armhf buildds are sure
to have the new libklibc-dev package available.

Therefore, please binNMU src:mksh on armhf, so mksh-static gets
built against the new klibc package after fixing its RC bug.

Thanks!

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
m68k

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20121001211350.9375.66864.report...@zigo.mirbsd.org

Bug#689153: unblock: mksh/40.9.20120630-3

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mksh

The upload 40.9.20120630-3 was specifically made to target wheezy;
the changes have been tested for a while now, and the diff, split
by the kind of change done, follows.

The package fixes two problems, first, the following script did not
work (regression against mksh 39) and now works again:

echo $(
echo \{
tr u x -'EOF'
price is u denar
EOF
echo }
)

This is LP#1030581.

The part of the debdiff pertaining to that is one half of the diff
to debian/patches/debian-changes (as I do that kind of stuff in CVS)
and follows here as diff against the patched source instead, for
easier review; changes to CVS keywords and the version number reported
have also been omitted:

--- mksh-40.9.20120630-2/tree.c 2012-06-28 22:18:27.0 +0200
+++ mksh-40.9.20120630-3/tree.c 2012-09-29 17:00:22.0 +0200
@@ -53,6 +53,25 @@ ptree(struct op *t, int indent, struct s
return;
switch (t-type) {
case TCOM:
+   prevent_semicolon = false;
+   /*
+* special-case 'var=EOF' (rough; see
+* exec.c:execute() for full code)
+*/
+   if (
+   /* we have zero arguments, i.e. no programme to run */
+   t-args[0] == NULL 
+   /* we have exactly one variable assignment */
+   t-vars[0] != NULL  t-vars[1] == NULL 
+   /* we have exactly one I/O redirection */
+   t-ioact != NULL  t-ioact[0] != NULL 
+   t-ioact[1] == NULL 
+   /* of type here document (or here string) */
+   (t-ioact[0]-flag  IOTYPE) == IOHERE) {
+   fptreef(shf, indent, %S, t-vars[0]);
+   break;
+   }
+
if (t-vars) {
w = (const char **)t-vars;
while (*w)
@@ -65,7 +84,6 @@ ptree(struct op *t, int indent, struct s
fptreef(shf, indent, %S , *w++);
} else
shf_puts(#no-args# , shf);
-   prevent_semicolon = false;
break;
case TEXEC:
t = t-left;
@@ -216,8 +234,10 @@ ptree(struct op *t, int indent, struct s
 * often leads to an extra blank line, but it's not
 * worth worrying about)
 */
-   if (need_nl)
+   if (need_nl) {
shf_putc('\n', shf);
+   prevent_semicolon = true;
+   }
}
 }
 
@@ -258,8 +278,8 @@ pioact(struct shf *shf, int indent, stru
/* name/delim are NULL when printing syntax errors */
if (type == IOHERE) {
if (iop-delim)
-   fptreef(shf, indent, %S , iop-delim);
-   else
+   wdvarput(shf, iop-delim, 0, WDS_TPUTS);
+   if (iop-flag  IOHERESTR)
shf_putc(' ', shf);
} else if (iop-name)
fptreef(shf, indent, (iop-flag  IONAMEXP) ? %s  : %S ,

This part also touches the testsuite (most of it remove a space
at the end of the line):

--- mksh-40.9.20120630-2/check.t2012-09-29 17:00:14.0 +0200
+++ mksh-40.9.20120630-3/check.t2012-09-29 17:00:22.0 +0200
@@ -2268,7 +2268,13 @@ stdin:
=c $x \x40=
EOF
}
-   typeset -f foo
+   fnd=$(typeset -f foo)
+   print -r -- $fnd
+   function foo {
+   echo blub
+   }
+   foo
+   eval $fnd
foo
# rather nonsensical, but…
vd==d $x \x40=
@@ -2278,11 +2284,12 @@ stdin:
print -r -- | va={$va} vb={$vb} vc={$vc} vd={$vd} ve={$ve} vf={$vf} |
 expected-stdout:
function foo {
-   vc= -EOF 
+   vc=-EOF
=c $x \x40=
EOF

} 
+   blub
| va={=a u \x40=
} vb={=b $x \x40=
} vc={=c u \x40=
@@ -2310,20 +2317,27 @@ stdin:
=d $x \x40=

}
-   typeset -f foo
+   fnd=$(typeset -f foo)
+   print -r -- $fnd
+   function foo {
+   echo blub
+   }
+   foo
+   eval $fnd
foo
print -r -- | va={$va} vb={$vb} vc={$vc} vd={$vd} |
 expected-stdout:
function foo {
-   vc= - 
+   vc=-
=c $x \x40=


-   vd= - 
+   vd=-
=d $x \x40=


} 
+   blub
| va={=a u \x40=
} vb={=b $x \x40=
} vc={=c u \x40=
@@ -8837,7 +8851,7 @@ expected-stdout:
EOFN
}
inline_IOWRITE_IOCLOB_IOHERE_noIOSKIP() {
-   cat |bar EOFN 
+   cat 

Bug#689156: unblock: mediawiki/1:1.19.2-1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mediawiki

This upload follows on both the threads for better MW 1.19 support
http://article.gmane.org/gmane.linux.debian.devel.release/56559
and the multiple security issues (Debian #686330) part:
http://thread.gmane.org/gmane.linux.debian.devel.secure-testing.general/5325

The changes can be split into multiple parts. The security issues
were fixed by the new upstream version, which I’ll detail below.
First are the changes inside debian/ which I’ll show as diffs
between the _patched_ sources again (like with mksh) because
diffs between 3.0 (quilt) diffs are harder to read, except:

The file debian/patches/texvc_location.patch was removed, but it
was already not used in 1.19.1-1. The following patches were added
and have been attached to this message and removed from the diff:
fix_invalid_xhtml.patch, fix_warnings.patch

First, the packaging changes: add myself to Uploaders; do not
replace the jquery-tablesorter shipped with MW by the one in
Debian again because the MW one is a different/patched codebase
(fixes #687519); update Breaks wrt. the isochronal uploads of
src:fusionforge and src:mediawiki-exensions (for which I’ll also
file an unblock request); and Jonathan had added two Recommends.
I added a few “chmod +x” to quieten lintian and removed a COPYING
file from the .deb file after verifying its contents were already
in debian/copyright (which they were).

--- mediawiki-1.19.2-0/debian/changelog 2012-06-18 17:17:26.0 +0200
+++ mediawiki-1.19.2-1/debian/changelog 2012-09-20 13:45:26.0 +0200
@@ -1,3 +1,26 @@
+mediawiki (1:1.19.2-1) unstable; urgency=low
+
+  [ Thorsten Glaser ]
+  * New upstream: security fixes for CVE-2012-4377, CVE-2012-4378,
+CVE-2012-4379, CVE-2012-4380, CVE-2012-4381, CVE-2012-4382
+(Closes: #686330)
+  * Prevent table/table without any tr / inside, globally
+  * Fix more cases of not checking $wgHtml5
+  * MW’s ID (XML) sanitiser is there for a reason, use it!
+  * Prevent ul/ul without any li / inside in MonoBook
+  * Fix invalid XHTML caused by code not honouring $wgHtml5
+  * Quell some PHP warnings from sloppy code
+  * Do the wfSuppressWarnings patch used with FusionForge right
+  * Add myself to Uploaders and quieten lintian a bit
+  * Do not replace patched jquery-tablesorter with unpatched one;
+unbreaks sortable tables (Closes: #687519)
+  * Update versioned Breaks against fusionforge and mw-extensions
+
+  [ Jonathan Wiltshire ]
+  * Add Recommends on mediawiki-extensions-base and php-wikidiff2
+
+ -- Thorsten Glaser t...@mirbsd.de  Thu, 20 Sep 2012 13:40:12 +0200
+
 mediawiki (1:1.19.1-1) unstable; urgency=low
 
   * New upstream bug fix release
--- mediawiki-1.19.2-0/debian/control   2012-06-18 16:31:31.0 +0200
+++ mediawiki-1.19.2-1/debian/control   2012-09-20 13:45:26.0 +0200
@@ -2,7 +2,7 @@ Source: mediawiki
 Section: web
 Priority: optional
 Maintainer: Mediawiki Maintenance Team 
pkg-mediawiki-de...@lists.alioth.debian.org
-Uploaders: Romain Beauxis to...@rastageeks.org, Jonathan Wiltshire 
j...@debian.org
+Uploaders: Romain Beauxis to...@rastageeks.org, Jonathan Wiltshire 
j...@debian.org, Thorsten Glaser t...@mirbsd.de
 Build-Depends: debhelper (= 9),
  dh-buildinfo,
  ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
@@ -13,10 +13,19 @@ Vcs-Browser: http://svn.debian.org/views
 
 Package: mediawiki
 Architecture: all
-Depends: apache2 | httpd, php5, php5-mysql | php5-pgsql | php5-sqlite, 
mime-support, libjs-jquery, libjs-jquery-tipsy, libjs-jquery-cookie, 
libjs-jquery-form, libjs-jquery-tablesorter, ${misc:Depends} 
-Recommends: mysql-server | postgresql-contrib, php5-cli, python
+Depends: apache2 | httpd, php5, php5-mysql | php5-pgsql | php5-sqlite, 
mime-support, libjs-jquery, libjs-jquery-tipsy, libjs-jquery-cookie, 
libjs-jquery-form, ${misc:Depends}
+Recommends: mysql-server | postgresql-contrib, php5-cli, python, 
php-wikidiff2,  mediawiki-extensions-base
 Suggests: imagemagick | php5-gd, mediawiki-math, memcached, clamav
-Breaks: fusionforge-plugin-mediawiki ( 5.2~rc1-4~)
+Breaks: fusionforge-plugin-mediawiki ( 5.2~rc1+1~),
+ mediawiki-extensions-base ( 2.8~),
+ mediawiki-extensions-geshi ( 2.8~),
+ mediawiki-extensions-ldapauth ( 2.8~),
+ mediawiki-extensions-openid ( 2.8~),
+ mediawiki-extensions-confirmedit ( 2.8~),
+ mediawiki-extensions-fckeditor ( 2.8~),
+ mediawiki-extensions-collection ( 2.8~),
+ mediawiki-extensions-graphviz ( 2.8~),
+ mediawiki-extensions ( 2.8~)
 Description: website engine for collaborative work
  MediaWiki is a wiki engine (a program for creating a collaboratively
  edited website). It is designed to handle heavy websites containing
--- mediawiki-1.19.2-0/debian/rules 2012-06-18 16:51:36.0 +0200
+++ mediawiki-1.19.2-1/debian/rules 2012-09-20 13:45:26.0 +0200
@@ -6,9 +6,14 @@ DEB_UPSTREAM_VERSION ?= $(shell

Bug#689157: unblock: mediawiki-extensions/2.8

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mediawiki-extensions

This unblock request also comes as a follow-up to the thread at
http://article.gmane.org/gmane.linux.debian.devel.release/56559
as discusses earlier.

As for diffs: mediawiki-extensions/2.7 was the first version to
properly work with MediaWiki 1.19, 2.6 and below were for 1.15,
and, despite some trickery leading to 2.6+wheezy1, are not at
all suitable for it (I said in #686190 that it was just the be‐
ginning, and #687641 being filed proved me right).

Furthermore, mediawiki-extensions/2.7 was waiting for migration
to testing for more than 60 (sixty) days already, depending in‐
directly on nodejs due to ECMAscript compression and one of the
affected libraries being a dependency¹, and the JS packagers as
well as I were under the impression, all the time, that we could
have this fixed for wheezy, until being told, IMO much too late,
that this would not be accepted. So I respectfully ask that the
Release Team consider mediawiki-extensions/2.7 already accepted
and just not transitioned due to misinformation.

① As it turns out, that dependency was not even needed in the
  end; the 2.8 upload removes it. But I was left in good faith
  that 2.7 would transition as-is, and we could fix all follow-
  up problems later.

Therefore I consider the upgrade to MW-Extensions 2.8 critical
to the release (as otherwise, peoples’ wikis will either not
work at all and/or show weird error messages, or, if the media‐
wiki/1:1.19.2-1 upload is accepted, their extensions will find
themselves deinstalled, which will make them unhappy, and pos‐
sibly also break their installations).

As for the fixes happening between 2.7 and 2.8, they occurred
during preparing the integration of FusionForge and MW 1.19 in
a semi-production environment. The RSS_Reader extension was
fully broken, PageCSS produced spurious text in wiki pages,
and Collection and InputBox produced invalid XHTML. The diff,
again with quilt patches applied instead of showing a diff
between unidiffs, follows:

--- mediawiki-extensions-2.7/debian/changelog   2012-06-29 17:55:21.0 
+0200
+++ mediawiki-extensions-2.8/debian/changelog   2012-09-20 13:45:26.0 
+0200
@@ -1,3 +1,15 @@
+mediawiki-extensions (2.8) unstable; urgency=low
+
+  * Remove dependency of mw-ext-collection on various ECMAscript
+libraries that apparently are available from MW core already
+(as log message for r87847 suggests); enables testing transition
+  * Fix paths in RSS_Reader extension
+  * Quell those UNIQ‥QINU texts by fixing PageCSS to honour the API
+  * Fix content-less ul element in Collection extension
+  * Fix invalid XHTML in InputBox extension
+
+ -- Thorsten Glaser t...@mirbsd.de  Thu, 20 Sep 2012 13:40:12 +0200
+
 mediawiki-extensions (2.7) unstable; urgency=low
 
   * Target MediaWiki 1.19
--- mediawiki-extensions-2.7/debian/control 2012-06-29 17:55:21.0 
+0200
+++ mediawiki-extensions-2.8/debian/control 2012-09-20 13:45:26.0 
+0200
@@ -104,8 +104,7 @@ Description: Extensions for MediaWiki --
 
 Package: mediawiki-extensions-collection
 Architecture: all
-Depends: ${misc:Depends}, mediawiki-extensions-base,
- libjs-jquery, libjs-jquery-ui, libjs-json, php5-curl
+Depends: ${misc:Depends}, mediawiki-extensions-base, php5-curl
 Description: Extensions for MediaWiki -- Collection extension
  This package provides the mediawiki extensions for
  creating books using collections of pages.
--- mediawiki-extensions-2.7/debian/control.in  2012-06-29 17:50:22.0 
+0200
+++ mediawiki-extensions-2.8/debian/control.in  2012-09-20 13:45:26.0 
+0200
@@ -104,8 +104,7 @@ Description: Extensions for MediaWiki --
 
 Package: mediawiki-extensions-collection
 Architecture: all
-Depends: ${misc:Depends}, mediawiki-extensions-base,
- libjs-jquery, libjs-jquery-ui, libjs-json, php5-curl
+Depends: ${misc:Depends}, mediawiki-extensions-base, php5-curl
 Description: Extensions for MediaWiki -- Collection extension
  This package provides the mediawiki extensions for
  creating books using collections of pages.
--- mediawiki-extensions-2.7/debian/mediawiki-extensions-collection.links   
2012-06-29 16:16:17.0 +0200
+++ mediawiki-extensions-2.8/debian/mediawiki-extensions-collection.links   
2012-09-20 13:45:26.0 +0200
@@ -1,5 +1,2 @@
 usr/share/mediawiki-extensions/collection 
var/lib/mediawiki/extensions/Collection
 usr/share/mediawiki-extensions/collection/Collection.php 
etc/mediawiki-extensions/extensions-available/Collection.php
-usr/share/javascript/jquery-ui/jquery-ui.js 
usr/share/mediawiki-extensions/collection/collection/jquery.ui.js
-usr/share/javascript/jquery/jquery.js 
usr/share/mediawiki-extensions/collection/collection/jquery.js
-usr/share/javascript/json/json2.min.js 
usr/share/mediawiki-extensions/collection/collection/json2.js
--- 
mediawiki-extensions-2.7