Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: django-background-tasks
Version : 1.1.11
Upstream Author : John Montgomery and contributors
* URL : https://github.com/arteria/django-background-tasks
* License : BS
Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: django-hvad
Version :
Upstream Author : Kristian Oellegaard
* URL :
https://anonscm.debian.org/cgit/python-modules/packages/django-hvad.git
* License : 1.8.0
Progra
Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: django-js-reverse
Version : 0.7.3
Upstream Author : Bernhard Janetzki
* URL : https://github.com/ierror/django-js-reverse
* License : MIT/EXPAT
Programming La
Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: django-tinymce
Version : 2.6.0
Upstream Author : Joost Cassee / Aljosa Mohorovic
* URL : https://github.com/aljosa/django-tinymce
* License : MIT
Programming La
Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: django-sass-processor
Version : 0.5.4
Upstream Author : Jacob Rief
* URL : https://github.com/jrief/django-sass-processor
* License : EXPAT
Programming Lang: Python
Package: lists.debian.org
Severity: wishlist
Name: debian-android-tools
Category: Developers
Post Policy: open
Web Archive: yes
Rationale:
The Debian Android Tools Team has been using a list on Alioth for years.
Alioth is going away, and its mailing list server will not be replaced.
We would l
Just tried with diffoscope 86, same thing:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/diffoscope/main.py", line 401, in
main
sys.exit(run_diffoscope(parsed_args))
File "/usr/lib/python3/dist-packages/diffoscope/main.py", line 360, in
run_diffoscope
Config
Package: diffoscope
Version: 85~bpo9+1
`fdroid verify` calls diffoscope like this:
diffoscope --max-report-size 12345678 \
--max-diff-block-lines 100 \
--html foo.html --text foo.txt \
foo.apk another_foo.apk
And it has recently started to crash like this:
Trac
file 1:5.31-1, 1:5.30-1+deb9u1, and 1:5.25-2ubuntu1 all misdetect an APK
file:
$ file im.zom.messenger_1510005.apk
/tmp/im.zom.messenger_1510005.apk: DOS/MBR boot sector
Here is the 14MB APK called im.zom.messenger_1510005.apk:
https://drive.google.com/open?id=0B7TJ3OZ3bai_STVqbHZva21MZms
That dialog clearly says MTP. adb nor any of the Android Tools packages
have anything to do with MTP. So this is not an adb nor Android Tools bug.
What is making the screenshots? libadb can't do that. Also, where do
you see the message "Unable to mount Samsung Samsung Android/"? Where
are you seeing a prompt that asks permission for phone access?
Package: dpkg-dev
More and more packages are adding unicode files as unicode support has
become more reliable and available. The package building process is not
guaranteed to happen in a unicode locale since the Debian default locale
is LC_ALL=C, which is ASCII not UTF-8. Reading UTF-8 filename
The APK format is a ZIP file that always includes the files
AndroidManifest.xml and classes.dex. Then it also always
has a JAR signature (i.e. META-INF/). It does not have the
JAR magic number CAFEBABE in it.
I had to move this APK to here:
https://verification.f-droid.org/logs/Zom-15.1.0-alpha-5-zomrelease-release-unsigned.apk
Package: diffoscope
Version: 83
APKs are basically a ZIP file with a JAR signature, but not necessarily
the CAFEBABE byte sequence that marks a JAR. This means that comparing
APKs with diffoscope often results in a straight binary diff, which is
useless.
Here's one example:
https://verification
My hunch is that this doesn't really affect the Android SDK, but since
it was easy to include the patch, I just did it anyway.
Looks good to me!
.hc
Package: jenkins.debian.org
We would like to configure Build Timeout and Naginator for the
reproducible_setup_fdroid_build_environment job on pb7 so that the build
times out after 12 hours. Then if the build times out, it should retry
it. The Build Timeout plugin when used with the Naginator plu
This is happens every time I try to install Java on the official Debian
stretch-slim or testing-slim docker image. This is a blocker for moving
the F-Droid infrastructure to stretch.
Apparently, it works with the "testing" image, i.e. not "slim":
https://gitlab.com/eighthave/ci-images-base/build
r key in keys:
diff --git a/debian/changelog b/debian/changelog
index ab6a757..7226d65 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-biplist (1.0.2-1) unstable; urgency=medium
+
+ * New upstream release
+ * fix tests on 32-bit arches (Closes: #860656)
+
+ -- H
Minor correction, this is the official onion for security.debian.org
(https://onion.debian.org):
deb http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main
This one is an unofficial security.debian.org mirror run by me:
deb http://dju2peblv7upfz3q.onion/debian-security jessie/updates
And for HTTPS CDNs, this is one good option:
deb https://deb.debian.org/debian-security/ jessie/updates main
In any case, thanks for this bug report! The writing is on the wall:
Debian needs transport security by default.
A simple workaround that should narrow the scope of this attack down to
requiring the mirror to be hacked is to use Tor Onion Service or HTTPS.
Using a HTTPS CDN mirror makes attacking the mirror even harder.
The official onion address for security.debian.org is:
deb http://dju2peblv7upfz3q.onion
Control: tags -1 patch
Actually, upstream responded after looking into the details. I was
wrong, we should just fix the tests.
Package: openjdk-8-jre-headless
Version: 8u131-b11-2
Severity: Important
When setting up a gitlab-ci docker image based on the official
debian:stretch-slim image, it seems I cannot install Java:
Setting up openjdk-8-jre-headless:amd64 (8u131-b11-2) ...
update-alternatives: using
/usr/lib/jvm/jav
The tests don't need fixing, they are pointing out a real issue, check
the bug report to upstream for more info. If we just want to ship with
this specific issue not fixed, then patching the test could lead people
astray. Instead, seems like we should just disable that test on 32-bit
archs.
Package: python-typing
Version: 3.5.2.2-1~bpo8+1
Since jessie has python 3.4, and 'typing' was introduced in python 3.5,
it would be very useful to also build the python3 module that it
included in the upstream source.
Control: forwarded -1 https://bitbucket.org/wooster/biplist/issues/8
Since the plist format stores the length of the integer, storing a long
should always return a long:
0001 # of bytes is 2^, big-endian bytes
https://en.wikipedia.org/wiki/Property_list#Mac_OS_X
On python3 this does n
Control: reassign -1 xserver-xorg-input-libinput 0.18-1
Control: retitle -1 xorg crashes when input device removed during suspend
Looks like its this bug:
https://bugs.freedesktop.org/show_bug.cgi?id=97117
I'm getting this same crash on ElementaryOS Loki (based on Ubuntu 16.04)
with light-locker
Control: severity -1 wishlist
Control: retitle -1 FTBFS on machines with limited RAM
This is an "Architecture: all" package that should not be built on a
machine with limited RAM. This is unfortunately a common problem with
gradle builds. It would be a bug if this failed on amd64.
my guess is that this rebuild was done with limited RAM, since the
failure is:
"The system is out of resources."
actually, nevermind. In my case, it was a Xen VM that did not have the
kernel modules installed so binfmt was not being loaded.
This also affects apksigner, which is compiled with java8 and run with
java8.
ch git revision:
+
+unzip apksig-2.5.0-alpha-preview-01-sources.jar
+meld /path/to/android-platform-tools-apksig/src/main/java/com/ com/
+
+The source JAR does not include the gradle build files, but this
+package only uses the .java files anyway.
+
+ -- Hans-Christoph Steiner , Tue, 4 Apr 2017
Package: apksigner
Version: 0.5+git165~g42d07eb-1
Severity: important
Tags: fixed-upstream upstream
jarsigner also the use of "eTokens" to store the signing keys, and
apksigner is supposed to function as a drop-in replacement for
jarsigner. apksigner currently totally fails with an eToken/HSM.
Up
61 (Closes: #858177)
+
+ -- Hans-Christoph Steiner Wed, 15 Mar 2017 13:47:44 +0100
+
android-platform-system-core (1:7.0.0+r1-3) unstable; urgency=medium
* install bash-completion for adb and fastboot (Closes: #856418, #856419)
diff -Nru
android-platform-system-core-7.0.0+r1/debian/fastbo
Control: severity -1 important
Control: tags -1 -security
Almost all of the Android CVEs are for the Android OS, not the Android
SDK. The tricky part is that they are built from the same source tree.
Another thing to note is that some of the Android SDK libs used in the
SDK run at elevated privileges in Android OS, but not when part of the
SDK. So ther
積丹尼 Dan Jacobson:
>>>>>> "HS" == Hans-Christoph Steiner writes:
>
> HS> Thanks for the bug report! Does this happen everytime, or just once?
>
> Just once. I can't reproduce it.
>
> By the way, apparently even just doing a tab expansion
Package: vagrant-libvirt
Version: 0.0.37-1
Severity: important
Whenever I get an message related to vagrant-libvirt, I get a crash dump
like this, since the translations are not being properly installed:
/usr/lib/ruby/vendor_ruby/i18n/backend/base.rb:184:in `rescue in
load_yml': can not load tran
/changelog 2017-03-10
22:23:19.0 +0100
+++ android-sdk-meta-25.0.0+5/debian/changelog 2017-03-13
11:43:41.0 +0100
@@ -1,3 +1,15 @@
+android-sdk-meta (25.0.0+5) unstable; urgency=medium
+
+ * correct my git mistake, this has all of +3 and +4
+
+ -- Hans-Christoph Steiner Mon, 13 Mar
Thanks for the bug report! Does this happen everytime, or just once?
How did you install adb? e.g. `apt install adb` or `apt install
android-sdk`? Was it upgraded from a different version, or fresh
install from 1:7.0.0+r1-3 ?
.hc
積丹尼 Dan Jacobson:
> Package: adb
> Version: 1:7.0.0+r1-3
>
>
; urgency=medium
+
+ [ Bhavani Shankar ]
+ * upstream commit e1bd2a7 to fix compilation on non-x86 (Closes: #849647)
+
+ -- Hans-Christoph Steiner Sat, 11 Mar 2017 10:17:40 +0100
androguard (2.0-2) unstable; urgency=medium
* lintian overrides: the included binaries are test objects
diff --git a
Niels Thykier:
> Control: tags -1 moreinfo
>
> On Wed, 1 Mar 2017 18:21:56 +0100 Emilio Pozuelo Monfort
> wrote:
>> On 01/03/17 00:25, Hans-Christoph Steiner wrote:
>>> Package: release.debian.org
>>> Severity: normal
>>> User: release.debian.
Emilio Pozuelo Monfort:
> On 10/03/17 22:18, Hans-Christoph Steiner wrote:
>> Control: retitle -1 unblock android-platform-dalvik/7.0.0+r1-4
>
> android-platform-dalvik | 7.0.0+r1-3| testing| source
> android-platform-dalvik | 7.0.0+r1-3| unstable | sou
Control: retitle -1 unblock android-platform-dalvik/7.0.0+r1-4
--git a/debian/changelog b/debian/changelog
index b91d8bd..7309208 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+android-platform-dalvik (7.0.0+r1-2) unstable; urgency=medium
+
+ * depend on proguard-cli to avoid including GUI deps (Closes: #856407)
+
+ -- Hans-Christoph
Control: severity 856407 important
g
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+android-platform-tools-apksig (0.5+git165~g42d07eb-1) unstable; urgency=medium
+
+ * New upstream release (Closes: #857027)
+ * Add bash-completion
+
+ -- Hans-Christoph Steiner Fri, 10 Mar 2017 13:58:11 +0100
+
android-platform-tools-apksig (0.4+git162~
Control: severity 857027 serious
Control: tags 857027 pending
Package: apksigner
Version: 0.4+git162~g85a854b-1
Severity: severe
Tags: fixed-upstream upstream
upstream bug report
https://code.google.com/p/android/issues/detail?id=234089
When keytool and jarsigner obtain the keystore/key password via
stdin or console, contrary to the expectation of J
Control: retitle 823792 adb creates its log file in /tmp
Yes, it still makes the log, but now at least with reasonable
permissions, so its not a security issue any more but a Debian policy issue:
$ ls -l /tmp/adb.1000.log
-rw-r- 1 1000 1000 179 Mar 1 08:31 /tmp/adb.1000.log
I suppose that path should be changed to /var/log/adb/
My guess is that upstream only ever built this C code on x86 platforms.
It would be great to have help fixing this, I haven't worked on ARM much.
Thanks for the info. Sounds like something we want to support. How do
you know which proguard can you use? What kind of testing did you do?
2 @@
+licenses usr/lib/android-sdk
tools/* usr/lib/android-sdk/tools
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index b5d2220..9ccd4a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+android-sdk-meta (25.0.0+3) unstable; urgency=medium
+
+
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package: repo
It previously had bash-completion, and a build bug preventing the
upstream completion file from being installed in 1.12.37-2 (XX).
Attached is the source d
+0100
@@ -1,3 +1,11 @@
+android-platform-system-core (1:7.0.0+r1-3) unstable; urgency=medium
+
+ * install bash-completion for adb and fastboot (Closes: #856418, #856419)
+ * use package version for adb/fastboot's --version (Closes: #856001)
+ * fix depends built from this package to same ve
(Closes: #856420)
+
+ -- Hans-Christoph Steiner Tue, 28 Feb 2017 22:07:56 +0100
+
android-platform-frameworks-base (1:7.0.0+r1-2) unstable; urgency=medium
* Upload to unstable
diff --git a/debian/control b/debian/control
index 1c0e6f1..9d466de 100644
--- a/debian/control
+++ b/debian/control
We can't regenerate the upstream version since it is generated from a
git commit ID, but that git commit is not public:
fastboot/Android.mk:
fastboot_version := $(shell git -C $(LOCAL_PATH) rev-parse --short=12
HEAD 2>/dev/null)-android
https://android.googlesource.com/platform/system/core/+/0
Package: fastboot
Version: 1:7.0.0+r1-2
Severity: important
Tags: fixed-upstream upstream
Upstream includes a bash-completion file, and previous versions of this
package did to. For whatever reason, dh_bash-completion does not get
run on this version of the package, so the upstream bash-completi
Package: aapt
Version: 1:7.0.0+r1-2
Severity: important
Tags: fixed-upstream upstream
Upstream includes a bash-completion file, and previous versions of this
package did to. For whatever reason, dh_bash-completion does not get
run on this version of the package, so the upstream bash-completion f
Package: adb
Version: 1:7.0.0+r1-2
Severity: important
Tags: fixed-upstream upstream
Upstream includes a bash-completion file, and previous versions of this
package did to. For whatever reason, dh_bash-completion does not get
run on this version of the package, so the upstream bash-completion fi
Package: repo
Version: 1.12.37-2
Severity: important
Tags: fixed-upstream upstream
Upstream includes a bash-completion file, and previous versions of this
package did to. For whatever reason, dh_bash-completion does not get
run on this version of the package, so the upstream bash-completion file
:17:18.0 +0100
@@ -1,3 +1,10 @@
+fdroidserver (0.7.0-2) unstable; urgency=medium
+
+ * make sure bash-completion is installed (Closes: #856352)
+ * prefer headless JDK when available (Closes: #855978)
+
+ -- Hans-Christoph Steiner Tue, 28 Feb 2017 13:04:38 +0100
+
fdroidserver (0.7.0-1
Package: fdroidserver
Version: 0.7.0-1
Severity: important
Tags: fixed-upstream upstream
Upstream includes a bash-completion file, and previous versions of this
package did to. For whatever reason, dh_bash-completion does not get
run on this version of the package, so the upstream bash-completio
Niels Thykier:
> Control: tags -1 confirmed
>
> Hans-Christoph Steiner:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package: repo
>>
>> This m
devel
Priority: extra
Maintainer: Android tools Maintainer
Uploaders: Hans-Christoph Steiner
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package vagrant-libvirt
0.0.37 is the first upstream release since the git version that is
already included in stretch. 0.0.37 fixes a number of key bugs
including #855700 "
Hans-Christoph Steiner:
>
> hey Kali,
>
> Unfortunately, I'm slammed, so I don't really have time to do anything
> with sqlcipher. I think the best bet for this package would be to
> update to the latest upstream version, since they've already ported it
> to openssl
I'm fine with it being moved to contrib.
Its more vague than that. repo clones a git repo for each source repo
that it manages, so it becomes something like the stuff in the .git/
subdir for git repos. That functionality comes entirely from what's
packaged in Debian.
I have updated this package to 0.0.37 to git, which seems to fix this
issue. I'd love to get this into stretch. The diff is not large, if
you remove the whitespace changes.
Package: xkb-data
Version: 2.19-1
All Chromebooks since the beginning have a standard keyboard layout that
uses media keys by default instead of function keys. The keys are not
even labeled as function keys, but only as media keys. With some
Chromebooks, this is working fine without extra confi
sqlcipher 3.4.1 was just released, and it supports OpenSSL 1.1. I think
the best approach here is to try to get 3.4.1 into stretch and remove
the hacky patches for OpenSSL 1.1 that we currently have. I don't
currently have time to take that project on, but I'm happy to answer
questions for anyone
Yeah, ideally it would automatically find the SDK. But using
ANDROID_HOME is how upstream works, and I doubt it'll be easy to change
that behavior. I do want to find a good solution to this, but I think
we need to first get it Debian Android Tools packages working using the
normal Android workflo
My understanding of that policy seems to be the opposite of yours. I
think its saying that a package cannot set an env var, nor should it
require that an env var is set in order to function.
ANDROID_HOME is not required for things to function as far as I know.
android-platform-tools-swt is for the old Eclipse plugin, right? It
would be nice to have that still included in Debian, but yeah, its quite
low priority.
I'm guessing this error is caused by android-platform-tools-swt running
against a newer version of android-platform-tools-base than it should
There is always hope! The best way to ensure that this gets updated is
to find people to join in the effort. We have an update to
android-platform-tools-base underway, but there is still quite a bit to
be done. I think we have all the dependencies needed for updating this
to 2.2.2 complete, we
IOhannes m zmölnig:
> On Mon, 12 Dec 2016 23:45:41 +0100
> =?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian/GNU=29?=
> wrote:
>> On 12/12/2016 10:06 PM, IOhannes m zmoelnig wrote:
>>> please fix the loader, so it respects the 'path' argument.
>>
>>
>> afaict, this is fixed in the upstream-clone at
>
Rolling back to 3.2.0-1 is not really an option for stretch, since it
ships with openssl 1.1, and the only change in 3.2.0-2 is making
sqlcipher work with openssl 1.1. It would be good to get 3.4.0
included, perhaps that will help.
I'm currently not using sqlcipher on the desktop at all, so I'm n
Package: diffoscope
Version: 67
On https://verification.fdroid.org, diffoscope is run like this:
diffoscope --max-report-size 12345678 --max-diff-block-lines 100 \
--html foo.html --text bar.txt
The HTML reports are being size-limited, but there are still some giant
text reports, including a
I don't work on any of those packages, but I think your logic makes sense.
.hc
Carl Suster:
> I see that subliminal is currently using the tarballs from PyPI and then
> patching in the source for the nautilus extension which is of course
> absent from there. Also the Github-hosted tarballs inclu
yes, I'll happily review your fix.
So the test result files were cluttering things, and are small in a
tarball, so I removed them from here:
https://verification.f-droid.org/*.apk.file.txt
https://verification.f-droid.org/*.apk.file.unsigned.txt
And they are now attached.
file-libmagic-tests.tar.bz2
Description: application/b
Thanks for your work on the APK diffing! I had to fix a typo to get it
running that was introduced in diffoscope commit
fe7ae15e1c177866acd478af4cc4a51bd5002017 at the bottom of it. It turned
'f_out' into a non-existent 'w'.
With that change, diffoscope is now working for me again. I'm running
Hey Carl,
Glad to see you working on flexget again! This package looks good in
general. According to mentors.debian.net, your debian/watch is not
working. Replace it with the standard one and it should work fine:
http://pypi.debian.net/rpyc/watch
.hc
FYI, I filed https://bugs.debian.org/849782 about APKs being
inconsistently detected.
I'm not sure exactly where and when or if things changed. The essential
part of the bug report is that valid APK files are being inconsistently
detected as either JAR or ZIP. APK files are always JARs and always
ZIPs. If they are not being detected as APK, then JAR would make the
most sense, IM
Package: file
Version: 1:5.29-2
Severity: important
Android APK files are the standard app package for Android. They are a
slightly custom version of JAR format. Basically, they are JAR files
with standard files included in them, a custom padding method, and now a
new custom signature format.
Package: file
Version: 1:5.29-2
Severity: important
Android APK files are the standard app package for Android. They are a
slightly custom version of JAR format. Basically, they are JAR files
with standard files included in them, a custom padding method, and now a
new custom signature format.
androguard can extract and convert the binary AndroidManifest.xml, its
python2 and already in Debian.
It turns out that the approach in google-android-installers is not
maintainable going forward, so we need to split out each source package
from google-android-installers into its own source package. So we'll
need to remove google-android-ndk-installer from
google-android-installers. We can leave
Reiner Herrmann:
> On Thu, Dec 29, 2016 at 12:41:16PM +0100, Hans-Christoph Steiner wrote:
>> When running diffoscope on two APKs using version 66, it now just does a
>> straight binary comparison of the direct file itself. Running
>> diffoscope 64 generated a nice out
So it seems that the issue is not in diffoscope per se, since now
downgrading back to 64 from snapshot.debian.org generates the same
output. I'm guessing then this is related to interactions with the
dependencies, since I also did an `apt upgrade` at the same time. This
is on a machine running st
Package: diffoscope
Version: 66
Severity: important
When running diffoscope on two APKs using version 66, it now just does a
straight binary comparison of the direct file itself. Running
diffoscope 64 generated a nice output of the individual files in the ZIP
(an APK is a signed JAR with some ot
This reminds me: we need to revisit the possibility of merging
android-platform-external-libunwind with the plain libunwind package.
Its such a pain that Android uses all these forks.
Looks like we have another circular depends :-/
libandroid-tools-annotations-java comes from
source:android-platform-tools-base which depends on
libandroid-databinding-java/android-platform-frameworks-data-binding. I
think Java is a lot more tolerant than C, so I'm going to go ahead an
add liband
Package: wnpp
Severity: wishlist
Owner: "Hans-Christoph Steiner"
* Package name: jimfs
Version : 1.1
Upstream Author : Google Inc.
* URL : https://github.com/google/jimfs
* License : Apache-2.0
Programming Lang: Java
Package sourc
what about the sid and stretch instances? Do they also have the package
version mismatch?
301 - 400 of 748 matches
Mail list logo