Bug#990718: RFS: duma/2.5.21-1 [ITA] -- Detect Unintended Memory Access - A Red-Zone memory allocator

2021-10-01 Thread Peter 

On 30/09/2021 22:15, Bastian Germann wrote:

Hi Peter,

There was one QA (2.5.15-3) upload since you started your packaging effort. Please include the changelog entry in your 
version. The changes themselves are irrelevant with your upstream change.



Done


On Thu, 8 Jul 2021 13:04:29 +0100 Peter  wrote:


  duma (2.5.21-1) unstable; urgency=medium


Please keep the -1 as revision even if you provide new uploads on mentors.


Done


  .
    * Adopt package. (Closes: #565925)
    * New Upstream Release. (Closes: #550660, #623495, #655892)
    * Fixes FTBFS with GCC-11  (#984041)


Add a "Closes: " for this entry.


The bug report says
"/Please keep this issue open in the bug tracker for the package it//
//was filed for. ... Please keep the issue open until the package can be built 
in//
//a follow-up test rebuild./"
Let me know if you still want it closed in the changelog.


    * Use hardening flags, fixes bindnow, (Closes: #532483)
    * Use changelog file date instead of system date for build date
    * DEP-5 copyright


The license name has to be GPL-2+ because it has the "or later" clause.
Fix trailing whitespace.


Done


Some files are licensed under LGPL 2.1+. Please identify them and add the 
license.

Done (And the NTP files)




    * Add autopkgtests
    * Preserve Debian's CFLAGS etc (use += , not just = , in makefile)


Your 002-makefile.patch also has:
* Enable bindnow by using LDFLAGS
* C++14 standard needed tor testoperators.cpp

These two changes do not need a patch. Instead you can control the make 
variables via the debian/rules file.


I don't see how.
The upstream makefile overwrites CPPFLAGS and does not use LDFLAGS.
So setting these in the rules file has no effect.



Please do not add lintian overrides because the warnings are all valid. You do not have to address them for your first 
version because they are already in the package. But in the future it may be good to split out the library to separate 
binary packages.

I copied the overrides from electric-fence.  The comment is
"/#electric-fence is an unusual package, in that it contains a //
// #library that you should never build packages against, as it's a debugging 
tool/"

For now I've put this reasoning into the changelog.
I'll take the overrides out if you still want me to.



For bonus points you can use uscan's git mode (debian/watch) and add the upstream maintainer's GPG key that he uses to 
sign the release tags.



I would like the bonus points, but the upstream key
F1AFCF1143EA6309
does not seem to be valid!


Thanks,
Bastian



Thanks for looking at this package.

Cheers,
Peter

(Upload #6 on Mentors includes all the above)
https://mentors.debian.net/package/duma/

Bug#990718: RFS: duma/2.5.21-1 [ITA] -- Detect Unintended Memory Access - A Red-Zone memory allocator

2021-09-30 Thread Bastian Germann 

Hi Peter,

There was one QA (2.5.15-3) upload since you started your packaging effort. 
Please include the changelog entry in your version. The changes themselves are 
irrelevant with your upstream change.


On Thu, 8 Jul 2021 13:04:29 +0100 Peter  wrote:


  duma (2.5.21-1) unstable; urgency=medium


Please keep the -1 as revision even if you provide new uploads on mentors.


  .
    * Adopt package. (Closes: #565925)
    * New Upstream Release. (Closes: #550660, #623495, #655892)
    * Fixes FTBFS with GCC-11  (#984041)


Add a "Closes: " for this entry.


    * Use hardening flags, fixes bindnow, (Closes: #532483)
    * Use changelog file date instead of system date for build date
    * DEP-5 copyright


The license name has to be GPL-2+ because it has the "or later" clause.
Fix trailing whitespace.

Some files are licensed under LGPL 2.1+. Please identify them and add the 
license.


    * Add autopkgtests
    * Preserve Debian's CFLAGS etc (use += , not just = , in makefile)


Your 002-makefile.patch also has:
* Enable bindnow by using LDFLAGS
* C++14 standard needed tor testoperators.cpp

These two changes do not need a patch. Instead you can control the make 
variables via the debian/rules file.



I have dropped the patch from bug #532483 as Ubuntu dropped it in Focal Fossa.


Regards,
Peter Blackman


Please do not add lintian overrides because the warnings are all valid. You do 
not have to address them for your first version because they are already in the 
package. But in the future it may be good to split out the library to separate 
binary packages.


For bonus points you can use uscan's git mode (debian/watch) and add the 
upstream maintainer's GPG key that he uses to sign the release tags.


Thanks,
Bastian

Bug#990718: RFS: duma/2.5.21-1 [ITA] -- Detect Unintended Memory Access - A Red-Zone memory allocator

2021-09-30 Thread Bastian Germann 

    * DEP-5 copyright


The license name has to be GPL-2+ because it has the "or later" clause.
Fix trailing whitespace.

Some files are licensed under LGPL 2.1+. Please identify them and add the 
license.


There are also some old-style MIT licensed files.

Bug#990718: RFS: duma/2.5.21-1 [ITA] -- Detect Unintended Memory Access - A Red-Zone memory allocator

2021-07-08 Thread Peter 



 duma (2.5.21-1) unstable; urgency=medium
 .
   * Adopt package. (Closes: #565925)
   * New Upstream Release. (Closes: #550660, #623495, #655892)
   * Fixes FTBFS with GCC-11  (#984041)
   * Use hardening flags, fixes bindnow, (Closes: #532483)
   * Use changelog file date instead of system date for build date
   * DEP-5 copyright
   * Add autopkgtests
   * Preserve Debian's CFLAGS etc (use += , not just = , in makefile)


I have dropped the patch from bug #532483 as Ubuntu dropped it in Focal Fossa.


Regards,
Peter Blackman