Bug#945317: xcftools NMU for CVE-2019-5086 and CVE-2019-5087
Hi Salvatore and Markus, On Thu, Feb 11, 2021 at 06:32:42AM +0100, Salvatore Bonaccorso wrote: [...] > On Thu, Feb 11, 2021 at 03:03:19AM +0100, Markus Koschany wrote: > [...] > > Am Mittwoch, den 10.02.2021, 22:03 +0100 schrieb Salvatore Bonaccorso: > > [...] > > > > > > I'm not fully in favor to have all the (build-)rdeps forced out of > > > Debian, that would likely not be a benefit as seems unfair to the > > > castle-game-engine, game-data-packager and neurodebian packages, but > > > still think having out xcftools out of bullseye would be the right > > > thing. > > > > > > > I believe it makes sense to remove xcftools from Debian because there is a > > lack > > of upstream support and development but I wouldn't be too aggressive about > > the > > removal at the moment. My intention is to send a patch to fix the open CVE > > in > > stable to you when we have addressed the remaining 32 bit issues. > > Yes that sounds fine. Admittely it was for us in dsa-needed only > because Hugo initially aimed to adress it across all suites top-down. > It might just be an option to include a fix once it is stable enough > via a point release. But we can look at it once you have a fix as well > for the 32bit issues. > > So thanks for working on it! Thanks from my part too! Unfortunately I am struggling to find time for Debian currently. I makes me feel bad, and I hope that I will be able to come back soon. Do you know if xcftools is only used as a build dependency, or is it used by some end users directly? The popcon is not that low and my fear is that, even after removing it from Debian, users would continue to use it, installing from somewhere else, effectively being at even higher risk than with the Debian archive's (semi-) patched version. Of course if we can't offer any support I guess it's still better to get rid of it than giving a false impression of support/security. Best, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#964627: fractgen: diff for NMU version 2.1.5-1.1
Hi Adrian, On Fri, Feb 05, 2021 at 10:03:43AM +0200, Adrian Bunk wrote: > Control: tags 964627 + patch > Control: tags 964627 + pending > > Dear maintainer, > > I've prepared an NMU for fractgen (versioned as 2.1.5-1.1) and uploaded > it to DELAYED/1. Please feel free to tell me if I should cancel it. Thank you very much for this NMU. I am completely overloaded with work currently and could not find time to handle this. Feel free to upload to unstable right away! Best Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#947533: marked as pending in kupfer
Control: tag -1 pending Hello, Bug #947533 in kupfer reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/packages/kupfer/-/commit/6ede52261a379e73640e7249223e0d502fcf6464 New upstream release. * New upstream release. - Use itstool instead of xml2po. * debian/watch: Point to new upstream repo, use version=4. * debian/control: Build-Depend on itstool and not deprecated gnome-doc-utils (Closes: #947533). (this message was generated automatically) -- Greetings https://bugs.debian.org/947533
Bug#964627: fractgen: FTBFS: colorschemeinterface.cc
Hi Lucas, thanks a lot for this bug report. I will do my best to sort this out during the week-end. cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Bug#942514: CVE-2019-16729 fixed in 1.0.4-1.1+deb8u1
fixed 942514 1.0.4-1.1+deb8u1 thanks Hi Russell, thanks for preparing this update. I just became aware of this and noticed that no DLA was released. In fact, neither the bug tracker nor the security tracker are aware of this issue being fixed. Releasing DLA-2000-1 for this, updating the bug tracker as well. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#936214: bleachbit: Python2 removal in sid/bullseye
Hi Matthias, I see that you just raised the severity of this bug to serious, and Bleachbit is now to be removed on 16.11. I don't think this is the way to go. Upstream is actively working on this. We have recently managed the GTK3 migration, meaning that Py3 is now top priority. Loosing Bleachbit would be a significant source of annoyance for many Debian users (popcon 2754 at the moment). May I add the py2keep flag, until the Bleachbit Py3 migration completes? regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#885261: marked as pending in bleachbit
Control: tag -1 pending Hello, Bug #885261 in bleachbit reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/applications/bleachbit/commit/b42ee7491361fc5a14ee86b9ff131e6115e3bea5 New upstream release. * Run wrap-and-sort -a. * Refresh manpage for new upstream release. * Refresh patches for new upstream release. * debian/control: - remove pygtk dependency, upstream moved to GTK 3 as part of the 3.0 release (Closes: #885261). - add missing python-chardet, python-gi, python-requests and python-scandir dependencies. - Bump Standards-Version to 4.4.1. * debian/install: add rule to install data/app-menu.ui (this message was generated automatically) -- Greetings https://bugs.debian.org/885261
Bug#885261: bleachbit: Depends on unmaintained pygtk
Hi, > It seems that, while a Python 3 version is not yet available, upstream has > released version 3.0, which brings new features and fixes and transitions to > GTK3, which would be a step to the right direction, since a version with > full Python 3 is not yet ready by upstream (but they seem to be working on > it). > > It would be super nice to have this new version packaged from a user's > perspective and, also, from an archive/distribution/removal perspective > also. thanks for the heads up. 3.0 will be in the archive asap, I'm working on it. cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#930363: faad2: fix build with gcc-9 [patch]
Hi Fabian, > Am Donnerstag, den 29.08.2019, 08:04 -0400 schrieb Hugo Lefeuvre: > > Fabian (faad2 maintainer and upstream), do you want to handle this? > > Otherwise I can NMU a second time with this patch. > > please go ahead with a second NMU. I am a bit short on time currently > (home alone with the 10mo baby...). Ack, I'll NMU then. Good luck with the baby :) cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#930363: faad2: fix build with gcc-9 [patch]
Hi Gianfranco, On Thu, Aug 29, 2019 at 07:43:15AM +0200, Gianfranco Costamagna wrote: > control: severity -1 serious > On Tue, 11 Jun 2019 15:06:01 +0200 Gianfranco Costamagna > wrote: > > Source: faad2 > > Version: 2.8.8-3 > > Severity: normal > > tags: patch > > > > Hello, looks like gcc-9 is adding wl,asneeded flag in compilation, so libs > > passed as CFLAGS are not correctly used by gcc anymore, because only LIBS > > is added at the end of the compilation line. > > > > The following patch fixes the issue, and starts then using again the glib > > implementation of the library. (without the patch, the bundled version is > > used everywhere, and the build fails only on i386 because of an > > implementation mismatch of a long/int data type) > > > > I reported the patch already upstream > > https://sourceforge.net/p/faac/bugs/242/ > > patch: > > http://launchpadlibrarian.net/427773869/faad2_2.8.8-3_2.8.8-3ubuntu1.diff.gz > > Now this bug is RC, and preventing CVE fixes from Migration. > Hugo, can you please reupload with the Ubuntu patch? > https://launchpad.net/ubuntu/+source/faad2/2.8.8-3.1ubuntu1 > I rebased it with the upstream version Fabian (faad2 maintainer and upstream), do you want to handle this? Otherwise I can NMU a second time with this patch. cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#933242: python-slugify: text-unicode still required dependency
Source: python-slugify Version: 3.0.2-2 Severity: grave Hi, 3.0.2-2 fixed the missing unidecode binary dependency. However text-unidecode is still registered as a required dependency. This breaks reverse dependencies if text-unidecode is not installed on the system. I'm working on it. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#932732: marked as pending in python-slugify
Control: tag -1 pending Hello, Bug #932732 in python-slugify reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/modules/python-slugify/commit/c8552707e2b9734f8957716a568654a996668620 Add missing python{3,}-unidecode binary dependency (Closes: #932732). (this message was generated automatically) -- Greetings https://bugs.debian.org/932732
Bug#932732: python-slugify: autopkgtest failing since 3.0.2-1 update
Source: python-slugify Version: 3.0.2-1 Severity: grave Hi, autopkgtests are failing since 3.0.2-1. This is related to the text-unidecode dependency not being satisfied (instead we use unidecode) and might break other packages. I'm working on it. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi Salvatore, > CVE-2016-10745 was assigned for this issue. Thanks for the information. I just noticed you added CVE-2016-10745 to the tracker. I am fairly confused, do you know why this CVE was not referenced in the tracker? Or did you just request it? cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
> This should help confirming vulnerability in other suites. 2.7.3-1 and all later releases affected. In addition, both 2.7.3-1 and 2.8-1 are affected by the previous str.format issue[0]. [0] https://palletsprojects.com/blog/jinja-281-released/ -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#926602: CVE-2019-10906 - jinja sandbox escape poc
Hi, I'm working on a potential jinja2 Debian LTS security update. Here is a proof of concept which allows to easily reproduce the issue. This should help confirming vulnerability in other suites. >>> from jinja2.sandbox import SandboxedEnvironment >>> env = SandboxedEnvironment() >>> config = {'SECRET_KEY': '12345'} >>> class User(object): ... def __init__(self, name): ... self.name = name ... >>> t = env.from_string('{{ >>> "{x.__class__.__init__.__globals__[config]}".format_map(dic) }}') >>> t.render(dic={"x": User('joe')}) "{'SECRET_KEY': '12345'}" Expected behaviour would be jinja2.exceptions.SecurityError. Adapted from[0]. regards, Hugo [0] https://palletsprojects.com/blog/jinja-281-released/ -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#924655: liblivemedia: CVE-2019-9215: invalid memory access in parseAuthorizationHeader
> liblivemedia provides an implementation of the server and client side of > RTSP. So, unless a CVE affects the code path used by the RTSP client (as > for example used by vlc), I won't spend any time on it. Ok, I thought live555 was also known as one of the main free rtsp server implementations. Is this actually wrong ? > Before you start cherry-picking the patches from experimental, I'd > suggest to get in contact with the release team to do a proper > transition to the new upstream version (maybe even to the 2019.03.xx > release that's not yet packaged). Those new release effectively only > consists of the fixes for the recent CVEs. (Yes, I know that the freeze > already started.) Agree. I will look into it if I manage to find time for this. thanks regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#920337: Bug #920337 in python-igraph marked as pending
Control: tag -1 pending Hello, Bug #920337 in python-igraph reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/modules/python-igraph/commit/4e6b96a3240a303c34cc07f1dc311937e2fcc963 Temporary workaround for invalid install layout * Patch by Nicolas Boulenguez, thanks! * Temporary workaround to avoid shipping headers in /usr/include/python3.7 (instead of /usr/include/python3.7m). This is likely to be a python3-stdlib-extensions bug so we should consider removing this as soon as the bug as been addressed (Closes: #920337). * Migrate to compat = 12: * debian/control: - update debhelper dependency and migrate to debhelper-compat. - Rules-Requires-Root: no. * Remove now useless debian/compat file. * Bump debian/watch version to 4. (this message was generated automatically) -- Greetings https://bugs.debian.org/920337
Bug#905222: Bug #905222 in spambayes marked as pending
Control: tag -1 pending Hello, Bug #905222 in spambayes reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/applications/spambayes/commit/da6655f931a97ae7da0be27a2754501b18a18d54 Switch to version from upstream git repository * Switch to version from upstream git repository: upstream did not release for a long time and a large number of important fixes are available there. - this brings back missing asyncore modules which were not included in previous tarballs due to incorrect release scripts (Closes: #905222). - remove asyncore patch which is not needed anymore. * debian/patches/fix-imports-from-sb_server.patch: - fix import error in smtpproxy. * debian/control: - run testsuite autopkgtest-pkg-python. - bump Standards-Version to 4.3.0. * debian/copyright: - refresh copyright years. (this message was generated automatically) -- Greetings https://bugs.debian.org/905222
Bug#920337: python3-igraph: ships header in /usr/include/python3.7
Hi, I had a look into this issue. It does _not_ look like a bug in the python-igraph packaging to me. Nicolas suggested to patch debian/patches/3.7/distutils-install-layout.diff from python3-stdlib-extensions. It does in fact look like the actual issue: +'unix_local': { +'purelib': '$base/local/lib/python$py_version_short/dist-packages', +'platlib': '$platbase/local/lib/python$py_version_short/dist-packages', +'headers': '$base/local/include/python$py_version_short/$dist_name', +'scripts': '$base/local/bin', +'data' : '$base/local', +}, +'deb_system': { +'purelib': '$base/lib/python3/dist-packages', +'platlib': '$platbase/lib/python3/dist-packages', +'headers': '$base/include/python$py_version_short/$dist_name', +'scripts': '$base/bin', +'data' : '$base', +}, These headers entries seem wrong to me, $abiflags is missing. should be respectively '$base/local/include/python$py_version_short$abiflags/$dist_name' and '$base/include/python$py_version_short$abiflags/$dist_name' Matthias: should we open a python3-stdlib-extensions bug ? Do you think this issue can be fixed in time for Buster or should we upload a temporary fix for python-igraph ? cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#912410: Bug #912410 in python-igraph marked as pending
Control: tag -1 pending Hello, Bug #912410 in python-igraph reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/modules/python-igraph/commit/0a493106dbb3eef393167a11e33099d2055f5407 Disable buggy tests causing FTBFS * Thanks to Nicolas Boulenguez for his patch suggestions ! * debian/patches: - Disable buggy tests causing FTBFS (Closes: #912410). - Refresh patches. * Bump compat to 11. * debian/control: - Bump Standards-Version to 4.3.0. - Add python{3,}-numpy test dependency. - Add python{3,}-texttable dependency, stop using version from vendors/. - Bump debhelper dependency to >= 11. - Enable autopkgtest. * Bump copyright years. * Convert to git-dpm and run wrap-and-sort -a. (this message was generated automatically) -- Greetings https://bugs.debian.org/912410
Bug#912324: BleachBit causing error since updating Firefox to Firefox Quantum 60.0 ESR
severity 912324 important thanks Hi, Personal issues took me away from Debian these last weeks, I could not take care of this issue sooner. This is bad. I have lowered the severity to important, but unless the release team agrees to make an exception bleachbit will not be available in Buster (we did not get it back in time for the soft freeze). There is definitely no reason why bleachbit wouldn't be included in Buster: this issue appears to affect the stretch version, not the one from unstable. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#918567: Maintaining dlib in Debian Science team (Was: dlib: FTBFS when built with dpkg-buildpackage -A)
Hi Andreas, > since #918567 is RC critical there is some urgency to get this fixed. > If I do not hear from you until Saturday I will assume you are fine > with dlib in Debian Science team maintenance. Sorry for missing your previous e-mail. Personal life is taking me away from Debian right now. Not good during the freeze. :/ Of course I would be glad to maintain this package under the Debian Science Team umbrella. Feel free to upload. Thanks a lot for taking care of this issue. Best Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#902760: #902760 (python-igraph) duplicate of #902945 (igraph)
forwarded 902760 https://github.com/igraph/igraph/issues/1107 reassign 902760 igraph merge 902760 902945 thanks Hi Adrian, Andreas, The testsuite is failing because of a bug in igraph, the underlying C library. This is a duplicate of #902945. Reassigning. Thanks ! Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Bug#902774: jetty/jetty8/jetty9 not affected by CVE-2018-12538
Hi, FYI, none of the jetty releases present in Debian are affected by CVE-2018-12538. CVE-2018-12538 affects FileSessionDataStore and more specifically its function getFile(). This class was introduced in 9.4, this vulnerability thus affects 9.4.x releases only (and jetty package has version < 9.0, jetty9 has <= 9.2.24). FTR FileSessionDataStore was introduced in fa8232d3c81608c25d9e8c66cdfe8ab7a66c892b and the vulnerable code in 54a56314627f0a2c33ca67d813e3396f6bc03274. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA
Bug#895741: plastimatch FTBFS with libdlib-dev 19.10-1
Hi Adrian, Yes, it is most likely a bug in the dlib package. Last dlib updates made Debian packaging considerably trickier by separating build of static files and build of shared libraries. I have just noticed that we ship the cmake config files of the shared build into the -dev package, which might be the source of your problems. In fact, we should rather ship the files produced by the static build (but still, I'm not 100% it's going to be sufficient). I have just prepared an upload addressing this issue, but I had difficulties to build plastimatch with dlib 19.1 (configuration issues, plastimatch seems to to use deprecated directives), so I couldn't really test it. You can find test packages here[0]. Can you try them ? Regards, Hugo [0] https://people.debian.org/~hle/testpkg/dlib/ -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#896566: gummi: FTBFS against new libsyntex
Hi Samuel, Sebastian, Thanks for the patch. I'll take a look at it and upload the fix tomorrow if everything is fine. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#895701: dlib: Incomplete debian/copyright?
Davis E. King (da...@dlib.net), and Nils Labugt dlib/gui_widgets/style.cpp:// Copyright (C) 2008 Davis E. King (da...@dlib.net), and Nils Labugt dlib/image_saver/save_jpeg.cpp:// Copyright (C) 2014 Davis E. King (da...@dlib.net), Nils Labugt dlib/gui_widgets/canvas_drawing.cpp:// Copyright (C) 2005 Davis E. King (da...@dlib.net), and Nils Labugt dlib/gui_widgets/style_abstract.h:// Copyright (C) 2008 Davis E. King (da...@dlib.net), and Nils Labugt dlib/unicode/unicode.h:// Copyright (C) 2007 Davis E. King (da...@dlib.net), and Nils Labugt dlib/unicode/unicode_abstract.h:// Copyright (C) 2007 Davis E. King (da...@dlib.net), and Nils Labugt dlib/image_loader/load_image.h:// Copyright (C) 2011 Davis E. King (da...@dlib.net), Nils Labugt, Changjiang Yang (yang...@leidos.com) dlib/optimization/optimization_bobyqa.h:// Copyright (C) 2009 M.J.D. Powell, Davis E. King (da...@dlib.net) dlib/statistics/sammon.h:// Copyright (C) 2012 Emanuele Cesena (emanuele.ces...@gmail.com), Davis E. King dlib/statistics/sammon_abstract.h:// Copyright (C) 2012 Emanuele Cesena (emanuele.ces...@gmail.com), Davis E. King dlib/enable_if.h:// Copyright 2003 (C) The Trustees of Indiana University. dlib/image_transforms/fhog.h:Copyright (C) 2011, 2012 Ross Girshick, Pedro Felzenszwalb dlib/image_transforms/fhog.h:Copyright (C) 2008, 2009, 2010 Pedro Felzenszwalb, Ross Girshick dlib/image_transforms/fhog.h:Copyright (C) 2007 Pedro Felzenszwalb, Deva Ramanan dlib/noncopyable.h:// (C) Copyright Beman Dawes 1999-2003. Distributed under the Boost dlib/assert.h:// (C) Copyright John Maddock 2001 - 2003. dlib/assert.h:// (C) Copyright Darin Adler 2001. dlib/assert.h:// (C) Copyright Peter Dimov 2001. dlib/assert.h:// (C) Copyright Bill Kempf 2002. dlib/assert.h:// (C) Copyright Jens Maurer 2002. dlib/assert.h:// (C) Copyright David Abrahams 2002 - 2003. dlib/assert.h:// (C) Copyright Gennaro Prota 2003. dlib/assert.h:// (C) Copyright Eric Friedman 2003. dlib/server/server_http_abstract.h:// Copyright (C) 2006 Davis E. King (da...@dlib.net), Steven Van Ingelgem dlib/server/server_http.h:// Copyright (C) 2006 Davis E. King (da...@dlib.net), Steven Van Ingelgem Concerning the dlib models, there is nothing wrong IMO. The only issue is: Files: */shape_predictor_68_face_landmarks.dat Copyright: 2015-2016 Davis E King <da...@dlib.net> License: Creative-Commons-0-1.0 should rather be Files: dlib-models/shape_predictor_68_face_landmarks.dat Copyright: 2015-2016 Davis E King <da...@dlib.net> License: Creative-Commons-0-1.0 but it is nitpicking because anyways */shape_predictor_68_face_landmarks.dat matches dlib-models/shape_predictor_68_face_landmarks.dat I'll upload a fixed d/copyright asap. Thanks. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#892633: pytest-catchlog FTBFS with pytest 3.3.2-2
Upstream replied: > Like the note in the output says: > pytest-catchlog plugin has been merged into the core, please remove it from > your requirements. > So if you ship pytest 3.3.2, there's probably no reason to have a > pytest-catchlog package. So, I guess the pytest-catchlog package has no reasons of existing in unstable since we ship pytest 3.3.2, and we should let it get removed from unstable. Also, removing pytest-catchlog from the dependencies of your package should be fine. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#892633: pytest-catchlog FTBFS with pytest 3.3.2-2
Control: forwarded -1 https://github.com/eisensheng/pytest-catchlog/issues/76 Hi, I've forwarded this issue to upstream. I suspect incompatibilities with pytest version 3.3.2 (package was building fine with 3.2.5). I'm quite in a hurry right now, but without answer from him I'll start working on a patch (and will probably adopt python-catchlog at the same time). Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#889740: stretch update for xmotd
Hi Adrian, > Thanks a lot for fixing this bug for unstable. > > It is still present in stretch, could you also fix it there? > Alternatively, I can fix it for stretch if you don't object. Feel free to take care of it if possible. Otherwise I'll do it, but it might take some time. Thanks ! Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#889740: xmotd: crashes when built with hardening
I've had a look at your patch, looks fine to me. Thanks ! Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#889740: xmotd: crashes when built with hardening
Hi, Thanks for reporting this bug. Christoph, special acknowledgments for the patch ! I'll look into this and upload a fixed version asap. Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#887811: python-qrencode: Missing PIL dependencies due to use of Python 2.x substvars for Python 3 package
Hi Chris, Thanks for noticing this ! It looks like I have copy-and-pasted the Python 2 dependencies without updating the variables... :) I'll upload a fixed package. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#879474: quagga-bgpd: BGP session termination due to rather long AS paths in update messages
Hi, I have prepared an NMU fixing CVE-2017-16227 in unstable. Scott, can you take a look ? If you want, you can also upload the changes under your name, that's fine to me. Without answer in the next days, I'll upload it in the DELAYED queue to avoid the removal. You can find a debdiff in attachment. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA diff -Nru quagga-1.1.1/debian/changelog quagga-1.1.1/debian/changelog --- quagga-1.1.1/debian/changelog 2017-04-05 13:41:14.0 +0200 +++ quagga-1.1.1/debian/changelog 2017-11-02 11:55:28.0 +0100 @@ -1,3 +1,11 @@ +quagga (1.1.1-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * SECURITY: CVE-2017-16227: BGP session termination due to rather +long AS paths in update messages (Closes: #879474). + + -- Hugo Lefeuvre <h...@debian.org> Thu, 02 Nov 2017 11:55:28 +0100 + quagga (1.1.1-3) unstable; urgency=medium * Fix upgrade file conflict with old quagga packages (Closes: #859581). diff -Nru quagga-1.1.1/debian/patches/CVE-2017-16227.patch quagga-1.1.1/debian/patches/CVE-2017-16227.patch --- quagga-1.1.1/debian/patches/CVE-2017-16227.patch1970-01-01 01:00:00.0 +0100 +++ quagga-1.1.1/debian/patches/CVE-2017-16227.patch2017-11-02 11:55:28.0 +0100 @@ -0,0 +1,19 @@ +From: Andreas Jaggi <a...@open.ch> +Subject: bgpd: Fix AS_PATH size calculation for long paths + If you have an AS_PATH with more entries than what can be written into a + single AS_SEGMENT_MAX it needs to be broken up. The code that noticed + that the AS_PATH needs to be broken up was not correctly calculating the + size of the resulting message. This patch addresses this issue. +Origin: upstream, https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 +Bug-Debian: http://bugs.debian.org/879474 +--- a/bgpd/bgp_aspath.c2017-11-02 11:59:02.930664438 +0100 b/bgpd/bgp_aspath.c2017-11-02 11:59:02.930664438 +0100 +@@ -903,7 +903,7 @@ + assegment_header_put (s, seg->type, AS_SEGMENT_MAX); + assegment_data_put (s, seg->as, AS_SEGMENT_MAX, use32bit); + written += AS_SEGMENT_MAX; +- bytes += ASSEGMENT_SIZE (written, use32bit); ++ bytes += ASSEGMENT_SIZE (AS_SEGMENT_MAX, use32bit); + } + + /* write the final segment, probably is also the first */ diff -Nru quagga-1.1.1/debian/patches/series quagga-1.1.1/debian/patches/series --- quagga-1.1.1/debian/patches/series 2017-04-05 13:41:14.0 +0200 +++ quagga-1.1.1/debian/patches/series 2017-11-02 11:55:28.0 +0100 @@ -5,3 +5,4 @@ 0005-Fix-manpage-number-for-ospfclient.patch 0007-Patch-.service-files-for-Debian.patch 0008-Add-correct-QUAGGA_VERSION-to-manpages.patch +CVE-2017-16227.patch signature.asc Description: PGP signature
Bug#874065: unrar-free / CVE-2017-14120
Hi, I have just uploaded python-rarfile 3.0-1, which drops the unrar-free dependency. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA signature.asc Description: PGP signature
Bug#846045: marked as pending
tag 846045 pending thanks Hello, Bug #846045 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/python-modules/packages/python-pytest-benchmark.git/commit/?id=d85aa13 --- commit d85aa13c810fa52a507751f98777fa19d16664c5 Author: Hugo Lefeuvre <h...@debian.org> Date: Wed Apr 12 13:01:38 2017 +0200 Add forgotten Closes statement in d/changelog diff --git a/debian/changelog b/debian/changelog index 54ce9ce..668a9c5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,7 +5,8 @@ python-pytest-benchmark (3.1.0a2-1) experimental; urgency=low * debian/control: - Update required version of pytest to 2.8. - Recommend installation of python{3,}-pathlib and python{3,}-elasticsearch. -- Add python-statistics to the Depends field of python-pytest-benchmark. +- Add python-statistics to the Depends field of python-pytest-benchmark + (Closes: #846045). - Remove useless version indication in the Build-Dependency python-all. - Update Description field for binary package python-pytest-benchmark. * debian/copyright:
Bug#852363: python-pisa: xhtml2pdf throws exception (html5lib.inputstream)
Hi Sandro, Martin, Sorry for not replying sooner, I am just drowning in work currently. I have looked at the pisa package and tried to patch it the way I mentionned earlier, but it turned out to not be sufficient, so I have made some more modifications. You can find a first (somewhat dirty) draft of patch in attachment. With this patch, xhtml2pdf seemed to work correctly on several test pages (e.g. this one[0]). I'll try to improve/test this patch further. I'd not upload it in its current state. Could anybody have a look at it ? Getting rid of pisa for buster would be a good idea indeed. Thanks ! Cheers, Hugo [0] http://noir.liw.fi/ -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E --- a/sx/pisa3/pisa_parser.py 2017-02-08 15:38:26.127678118 +0100 +++ b/sx/pisa3/pisa_parser.py 2017-02-08 15:38:49.755588784 +0100 @@ -26,7 +26,8 @@ import os.path import html5lib -from html5lib import treebuilders, serializer, treewalkers, inputstream +from html5lib import treebuilders, treewalkers +from html5lib import _inputstream as inputstream from xml.dom import Node import xml.dom.minidom @@ -611,9 +612,7 @@ if inputstream.codecName(encoding) is None: log.error("%r is not a valid encoding", encoding) -document = parser.parse( -src, -encoding=encoding) +document = parser.parse(src) if xml_output: xml_output.write(document.toprettyxml(encoding="utf8")) --- a/sx/pisa3/pisa_context.py 2017-02-08 15:38:26.127678118 +0100 +++ b/sx/pisa3/pisa_context.py 2017-02-08 15:38:26.123678133 +0100 @@ -40,8 +40,6 @@ from sx.w3c import css, cssDOMElementInterface -from html5lib.sanitizer import * - import logging log = logging.getLogger("ho.pisa") signature.asc Description: PGP signature
Bug#846045: python-pytest-benchmark: fixture is not detected by pytest
Hi Ghislain, > Since python-pytest-benchmark will not make it to Stretch, you can just > drop the binary package for Python 2 to close this RC. Yes, I was extremely busy these last days and had no time to package python-statistics. I'll try to get rid of this RC bug during the week-end. Thanks for your reminder. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#846045: python-pytest-benchmark: fixture is not detected by pytest
Hi Afif, Thanks for reporting bugs. The problem comes from the fact that pytest-benchmark needs the statistics module, which I haven't declared in the dependencies as it is not packaged yet and is in the extra section of the setup.py. I'll package the needed module as soon as possible. Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#830551: marked as pending
tag 830551 pending thanks Hello, Bug #830551 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/elib.intl.git;a=commitdiff;h=df4abc5 --- commit df4abc5675b0bc3ee1b1b8b0bcacf7ad05a01a13 Author: Hugo Lefeuvre <h...@debian.org> Date: Sat Oct 8 15:49:59 2016 +0200 Make sphinxdoc stops accessing the internet during build. diff --git a/debian/changelog b/debian/changelog index a2ded96..1c5546d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +elib.intl (0.0.3~git20110809-5) unstable; urgency=medium + + * Team upload. + * Add debian/patches/fix-sphinxdoc-intermapping.patch: +- Makes sphinxdoc stops accessing internet during build (Closes: #830551). + + -- Hugo Lefeuvre <h...@debian.org> Sat, 08 Oct 2016 15:42:38 +0200 + elib.intl (0.0.3~git20110809-4) unstable; urgency=medium [ Ondřej Nový ]
Bug#838630: doona: failed with the error message Can't locate object method "new" via package "bedmod::http"
Hi Raphaël, Gianfranco, > well, we can do a repack upload if you want... > sorry for the issues I caused, I used the gbp command to recreate the tarball, > and I'm not even sure about where/how to find the orig tarball that kali uses > (I checkouted the git repo) You can download it using dget: dget http://http.kali.org/pool/main/d/doona/doona_1.0+git20160212-0kali1.dsc the shasums differ, but the contents of the tarballs are identical, according to diff -r. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#838630: doona: failed with the error message Can't locate object method "new" via package "bedmod::http"
Hi Gianfranco, > Hi, I imported the new release from kali and Team uploaded in deferred/2, > thanks a lot! > > Hugo, please let me know if I can speed it up or I have to cancel it :) Thanks a lot ! I had no time to work on this issue. Feel free to directly upload your changes (I would even upload it with urgency=high). Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#836824: python-pyotp: FTBFS in testing (failing tests)
> Please try to improve the changelog a little bit. Fixed. Thanks for the hint. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#836824: marked as pending
tag 836824 pending thanks Hello, Bug #836824 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-pyotp.git;a=commitdiff;h=43aee16 --- commit 43aee16edc28ebbe90922b6ac67b274f168a5f74 Author: Hugo Lefeuvre <h...@debian.org> Date: Sun Sep 11 22:16:04 2016 +0200 Close #836824. diff --git a/debian/changelog b/debian/changelog index 9cf7a1b..a6536ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ python-pyotp (2.2.1-1) unstable; urgency=medium - * New upstream release. + * New upstream release (Closes: #836824). * Remove debian/patches/timedelta-ingest-timestamp.patch: Integrated in new upstream version. * Remove useless PYBUILD_TEST_ARGS line in debian/rules.
Bug#836824: python-pyotp: FTBFS in testing (failing tests)
Hi Santiago, It looks like packaging the new upstream release fixes the issue. If you want, you can try to build the version on the repository[0] before I upload it. Regards, Hugo [0] https://anonscm.debian.org/git/python-modules/packages/python-pyotp.git/ -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#806383: marked as pending
tag 806383 pending thanks Hello, Bug #806383 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-igraph.git;a=commitdiff;h=6265548 --- commit 62655487f43dd2e608c473f4577502b62cb35525 Author: Hugo Lefeuvre <h...@debian.org> Date: Wed Aug 24 11:58:52 2016 +0200 Fix FTBFS on i386. * Fix FTBFS on i386 (Closes: #806383). * debian/control: - Add myself to the uploaders. - Bump Standards-Version to 3.9.8. - Update Homepage field. * debian/copyright: - Add an entry for Hugo Lefeuvre. - Update copyright years. * Bump compatibility to 9 (and dependency on debhelper to (> 9)). diff --git a/debian/changelog b/debian/changelog index e5abd58..8d4c0cd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,20 @@ -python-igraph (0.7.1.post6-3) UNRELEASED; urgency=medium +python-igraph (0.7.1.post6-3) unstable; urgency=medium + [ Ondřej Nový ] * Fixed VCS URL (https) - -- Ondřej Nový <n...@ondrej.org> Tue, 29 Mar 2016 22:08:57 +0200 + [ Hugo Lefeuvre ] + * Fix FTBFS on i386 (Closes: #806383). + * debian/control: +- Add myself to the uploaders. +- Bump Standards-Version to 3.9.8. +- Update Homepage field. + * debian/copyright: +- Add an entry for Hugo Lefeuvre. +- Update copyright years. + * Bump compatibility to 9 (and dependency on debhelper to (> 9)). + + -- Hugo Lefeuvre <h...@debian.org> Wed, 24 Aug 2016 11:34:14 +0200 python-igraph (0.7.1.post6-2) unstable; urgency=medium
Bug#831399: marked as pending
tag 831399 pending thanks Hello, Bug #831399 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-pyotp.git;a=commitdiff;h=bc4fc3d --- commit bc4fc3d4ec627b43c4f6cca96b26db8517a6542c Author: Hugo Lefeuvre <h...@debian.org> Date: Fri Jul 15 16:47:41 2016 +0200 Fix FTBFS on 32-bits platforms. diff --git a/debian/changelog b/debian/changelog index 86cc477..e5a2a4e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +python-pyotp (2.1.1-2) unstable; urgency=medium + + * Fix FTBFS on 32-bit platforms (Closes: #831399). + + -- Hugo Lefeuvre <h...@debian.org> Fri, 15 Jul 2016 16:45:17 +0200 + python-pyotp (2.1.1-1) unstable; urgency=low * Initial release (Closes: #829703).
Bug#831980: marked as pending
tag 831980 pending thanks Hello, Bug #831980 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-qrcode.git;a=commitdiff;h=2141af5 --- commit 2141af53ebe5dd082dce27cbd2c98a2009cfbaa0 Author: Hugo Lefeuvre <h...@debian.org> Date: Mon Aug 22 21:28:55 2016 +0200 New upstream release. * New upstream release. * debian/control: - Remove Cornelius Koelbel from the Maintainer field. His e-mail address was not valid anymore (Closes: #832329). - Set the DPMT as Maintainer. - Add myself to Uploaders. * debian/copyright: - Add a copyright entry for Hugo Lefeuvre. - Update copyright years. * debian/rules: - Install manpage for the Python 3 version of the package as python3-qrcode.1 (Closes: #831980). diff --git a/debian/changelog b/debian/changelog index a1fa311..f10ff1f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +python-qrcode (5.3-1) unstable; urgency=medium + + * New upstream release. + * debian/control: +- Remove Cornelius Koelbel from the Maintainer field. His e-mail address + was not valid anymore (Closes: #832329). +- Set the DPMT as Maintainer. +- Add myself to Uploaders. + * debian/copyright: +- Add a copyright entry for Hugo Lefeuvre. +- Update copyright years. + * debian/rules: +- Install manpage for the Python 3 version of the package as + python3-qrcode.1 (Closes: #831980). + + -- Hugo Lefeuvre <h...@debian.org> Mon, 22 Aug 2016 21:19:39 +0200 + python-qrcode (5.0.1-1.1) unstable; urgency=medium * Non-maintainer upload.
Bug#832329: marked as pending
tag 832329 pending thanks Hello, Bug #832329 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/python-qrcode.git;a=commitdiff;h=2141af5 --- commit 2141af53ebe5dd082dce27cbd2c98a2009cfbaa0 Author: Hugo Lefeuvre <h...@debian.org> Date: Mon Aug 22 21:28:55 2016 +0200 New upstream release. * New upstream release. * debian/control: - Remove Cornelius Koelbel from the Maintainer field. His e-mail address was not valid anymore (Closes: #832329). - Set the DPMT as Maintainer. - Add myself to Uploaders. * debian/copyright: - Add a copyright entry for Hugo Lefeuvre. - Update copyright years. * debian/rules: - Install manpage for the Python 3 version of the package as python3-qrcode.1 (Closes: #831980). diff --git a/debian/changelog b/debian/changelog index a1fa311..f10ff1f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +python-qrcode (5.3-1) unstable; urgency=medium + + * New upstream release. + * debian/control: +- Remove Cornelius Koelbel from the Maintainer field. His e-mail address + was not valid anymore (Closes: #832329). +- Set the DPMT as Maintainer. +- Add myself to Uploaders. + * debian/copyright: +- Add a copyright entry for Hugo Lefeuvre. +- Update copyright years. + * debian/rules: +- Install manpage for the Python 3 version of the package as + python3-qrcode.1 (Closes: #831980). + + -- Hugo Lefeuvre <h...@debian.org> Mon, 22 Aug 2016 21:19:39 +0200 + python-qrcode (5.0.1-1.1) unstable; urgency=medium * Non-maintainer upload.
Bug#831399: Fix commited by upstream
Hi, It looks like upstream commited a fix. I'll prepare a patched version of the package. Regards, HUgo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#810491: netsurf-gtk: CVE-2015-7505 CVE-2015-7506 CVE-2015-7507 CVE-2015-7508
Hi, Packaging the next upstream version (3.5) should fix the CVEs on unstable. The package has still a significant popcon, it's worse working on it. Vincent: If you don't package the next upstream version, I'll do an NMU. Concerning stable, I'll propose a patched version to the security team. Regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Bug#802063: marked as pending
tag 802063 pending thanks Hello, Bug #802063 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=python-modules/packages/cssutils.git;a=commitdiff;h=d69e8e5 --- commit d69e8e5db8a296ddde93c3440a6a625a156f4a1e Author: Hugo Lefeuvre <h...@debian.org> Date: Sun Nov 29 23:47:45 2015 +0100 Upload to unstable. diff --git a/debian/changelog b/debian/changelog index 5c383b0..c47646c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +cssutils (1.0-4) unstable; urgency=high + + * Upload to unstable (Closes: #802063). + * debian/control: +- Update Vcs-* fields; + + -- Hugo Lefeuvre <h...@debian.org> Sun, 29 Nov 2015 23:45:17 +0100 + cssutils (1.0-3) experimental; urgency=medium * Delete debian/patches/revert_to_0.9.10.patch:
Bug#802063: Upload to Unstable
Hi Chris, Thanks for reporting bugs. I'll upload the package currently in experimental to Unstable. Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#788561: python3-memcache not Python 3 compatible
Hi, Adam Barratt reported an interesting thing at #793117: python3-memcache has reverse dependencies, and python3-memcache's removal would lead to their simultaneous deletion. $ apt-rdepends -r python3-memcache Reading package lists... Done Building dependency tree Reading state information... Done python3-memcache Reverse Depends: python3-celery (3.1.18-1) python3-celery Reverse Depends: python3-django-celery (3.1.16-2) Reverse Depends: python3-django-celery-transactions (0.3.2-1) python3-django-celery python3-django-celery-transactions So, I think we should contact their maintainers before doing anything, to see what we can do to avoid their removal. Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#788561: Bug RC #788561 (python3-memcache not Python 3 compatible)
Hi, The diff looks ok, and I do support this. Please push it to the release team. I really think this is the most reasonable course of action we can do in Jessie. Done[0]. Cheers, Hugo [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793117 -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#788561: Bug RC #788561 (python3-memcache not Python 3 compatible)
Hi Thomas, Yes, that's the way to go. I think it's better to go directly for the removal of python3-memcached in fact. I've prepared the diff that I'd like to suggest to the release team. Could you have a look at it ? The diff is in attachement. I've decided to just make the package stops building python3-memcache. I haven't reverted the upstream changes you made on the package; I think it wouldn't be really useful, and it will surely make the backporting process harder. Thanks ! Cheers, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E --- a/debian/changelog 2015-07-13 11:00:34.426439594 +0200 +++ b/debian/changelog 2015-07-13 11:00:49.106419709 +0200 @@ -1,3 +1,12 @@ +python-memcache (1.53+2014.06.08.git.918e88c496-1+deb8u1) jessie; urgency=medium + + * Team upload. + * debian/control, debian/rules: + - Don't build python3-memcache anymore, upstream's Python3 support + is too incomplete (Closes: #788561). + + -- Hugo Lefeuvre hugo6...@orange.fr Sun, 12 Jul 2015 22:22:34 +0200 + python-memcache (1.53+2014.06.08.git.918e88c496-1) unstable; urgency=medium * New upstream release. --- a/debian/control2015-07-13 11:00:34.426439594 +0200 +++ b/debian/control2015-07-13 11:00:34.422439599 +0200 @@ -5,9 +5,7 @@ Uploaders: Carl Chenet cha...@ohmytux.com, Thomas Goirand z...@debian.org Build-Depends: debhelper (= 9), python-all (= 2.6.6-3), - python-setuptools, - python3-all, - python3-setuptools + python-setuptools Standards-Version: 3.9.5 Homepage: http://www.tummy.com/Community/software/python-memcached/ Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-memcache/trunk/ @@ -23,14 +21,3 @@ one or more, possibly remote, memcached servers. . This package contains the Python 2.x module. - -Package: python3-memcache -Architecture: all -Depends: python3-six, ${misc:Depends}, ${python3:Depends} -Suggests: memcached -Description: pure python memcached client - Python 3.x - This software is a 100% Python interface to the memcached memory cache daemon. - It is the client side software which allows storing values in one or more, - possibly remote, memcached servers. - . - This package contains the Python 3.x module. --- a/debian/rules 2015-07-13 11:00:34.426439594 +0200 +++ b/debian/rules 2015-07-13 11:00:34.422439599 +0200 @@ -1,22 +1,17 @@ #!/usr/bin/make -f PYTHONS:=$(shell pyversions -vr) -PYTHON3S:=$(shell py3versions -vr) UPSTREAM_GIT = git://github.com/linsomniac/python-memcached.git %: - dh $@ --buildsystem=python_distutils --with python2,python3 + dh $@ --buildsystem=python_distutils --with python2 override_dh_install: set -e for pyvers in $(PYTHONS); do \ python$$pyvers setup.py install --install-layout=deb \ --root $(CURDIR)/debian/python-memcache; \ done - set -e for pyvers in $(PYTHON3S); do \ - python$$pyvers setup.py install --install-layout=deb \ - --root $(CURDIR)/debian/python3-memcache; \ - done override_dh_clean: dh_clean -O--buildsystem=python_distutils signature.asc Description: Digital signature
Bug#788561: Bug RC #788561 (python3-memcache not Python 3 compatible)
Hi Thomas, This has already been done in Sid, and therefore, it is my opinion that we should have one of the below action: 1/ Remove support for Py3 in Jessie, and ask the release team to approve that. I do believe that they will accept this. 2/ Ask for the release team to accept an update to the package version which is in Sid. It's very unlikely that they accept. If you want to work on one of these, it'd be great. But dealing with the release team for doing this type of fix in stable is famously difficult because: 1/ They are very busy 2/ They don't accept often big changes in already existing package, and you need to convince them. Both are very valid reasons and I don't blame the release team for that. I'd be glad to try to help you to fix this bug. I agree with the fact that it will be quite difficult to update Jessie with the version currently in Sid. A lot of changes have been made between 1.53 and 1.54; it will be really hard to prove that this new version won't introduce new bugs. So, the first solution seems to be much easier. Moreover, according to memcache's popcon[0], python3-memcache isn't downloaded a lot. So, it won't be prolematic to remove this package in Jessie, at least for the moment. Naturally, I think it's sad to lose memcache's Python 3 support on Jessie, but we must fix this bug, and the first solution seems to be the only realistic solution. Maybe that we could try to ask the release team for the second solution, and, if they do not accept, ask them for the first solution ? BTW, the Debian BTS should be updated so that it shows the version in Sid isn't affected, otherwise indeed, we risk memcached to be removed from testing for a wrong reason. Can you do such update, with fixed and found commands to the BTS? #788561 is now marked as fixed in 1.54+20150423+git+48e882719c-2. Is it enough ? Cheers, Hugo [0] https://qa.debian.org/popcon.php?package=python-memcache -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#787657: #787657 shouldn't exist anymore.
Hi Hilko, This bug should be closed by 3.0.3+dfsg-0.1, but the changelog doesn't mentions the bug. So, 3.0.3+dfsg-0.1 can't migrate to Testing[0]. I think we should close it manually. Regards, Hugo [0] https://release.debian.org/migration/testing.pl?package=capstone -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#789578: libappstream-glib-dev: Missing dependency against libarchive-dev
Hi Laurent, I'm probably wrong, but it seems that libappstream-glib-dev already has a dependency against libarchive-dev[0]. Cheers, Hugo [0] http://anonscm.debian.org/cgit/pkg-packagekit/appstream-glib.git/tree/debian/control#n59 -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785472: closed by Hugo Lefeuvre hugo6...@fr33tux.org (Non-bug)
Hi Petr, Please, excuse the late answer. Sorry for not replying sooner. Although I have a solution, I'd definitely not mark it as solved. Parcellite had now an option which is documented in the man page etc, but doesn't work and produces weird error messages. Either the option needs to be fixed, or removed. So my suggestion would be to keep it as an open, low priority bug, which will most likely get resolved if the next release removes -d. You're right, it will be clearer for other users to let this bug open. If time permits, I'll prepare a new version of the package to mention the deprecation of -d. Best Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785472: [g...@rickyrockrat.net: Bug#785472: parcellite: Parcellite fails to start after upgrading to Jessie]
Removing '-d' indeed prevents the issue and parcellite works then as expected. So, Petr, can we close this bug ? I'll mention this deprecation in the README.Debian to make it clear for all users. -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785472: Acknowledgement (parcellite: Parcellite fails to start after upgrading to Jessie)
Thank you. One more comment: removing ~/.config/parcellite/parcelliterc has no effect on the issue, so most likely it's not dependent on user's configuration. Yes, I think it actually comes from the fact that parcellite is using g_source_remove() in a wrong way. So this bug has absolutely nothing to do with parcelliterc. PS: Please, don't CC me; I'm already receiving all messages sent to 785...@bugs.debian.org. -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785472: parcellite: Parcellite fails to start after upgrading to Jessie
Hi Petr, Thanks for reporting bugs. Could you provide more informations about parcellite's crash ? What happens if you directly call parcellite from the CLI (with the 'parcellite' command) ? Best Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#785472: Acknowledgement (parcellite: Parcellite fails to start after upgrading to Jessie)
I successfully reproduced this bug on an i3 Jessie laptop. After looking at it, I've noticed that this bug was due to some recent changes in glib. So I'll forward this bug as soon as possible. Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature
Bug#774918: cups-pdf, copyright file missing: postinst script ?
Hi, The problem seems to be that an old version of cups-pdf (maybe 2.6.1-6) was using directories for its documentation (especially d/copyright) and that a new version of the package asked debian/rules to use symlinks instead of installing the same documentation twice: override_dh_installdocs: dh_installdocs --link-doc=printer-driver-cups-pdf Unfortunately, dpkg can't replace directories with a symlink without help, so that an update from the old documentation system to the new will not be possible and will leave /usr/share/doc/cups-pdf empty. It's a violation of policy 12.5. A solution could be to write a script that checks the version of the old cups-pdf installed on the system and removes the documentation if the installed version of cups-pdf was using directories for its documentation (so, if the installed cups-pdf cups-pdf_2.6.1-10). The wiki[0] advices to write a postinst script to do the trick. I've adapted the given example[1], and tried it on my system. It seems to work. The script is in attachment. I hope this could help. :) Thanks ! Cheers, Hugo [0] https://wiki.debian.org/MissingCopyrightFile [1] http://anonscm.debian.org/cgit/collab-maint/mlterm.git/tree/debian/mlterm-im-ibus.preinst -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E #!/bin/sh set -e case $1 in install|upgrade) # dpkg does not replace directories by symlinks or vice versa. if dpkg --compare-versions $2 lt 2.6.1-10 ; then echo #rm -rf /usr/share/doc/cups-pdf rm -rf /usr/share/doc/cups-pdf || true fi ;; abort-upgrade) ;; *) echo preinst called with unknown argument \`$1' 2 exit 1 ;; esac #DEBHELPER# exit 0 signature.asc Description: Digital signature
Bug#731415: unrar-free is dead upstream and completely useless
Hi, I'm not sure that it would be a good idea to use unar instead of unrar-free. In fact, unar and unrar-free haven't the same functionalities: For exemple, unar isn't able to read archives entries without extracting them. I think bsdtar would be a better replacement for unrar-free. Then, I mean that it would be better to keep unrar-free in Debian, even if it isn't really usefull: For exemple, I've packaged python-rarfile, a python module which uses both bsdtar and unrar-free. unrar-free's functions are used only if they work, otherwise, it uses bsdtar. The removal of unrar-free will also cause problems for its reverse dependencies: python-rarfile python3-rarfile zipper.app unp qcomicbook krusader ark amavisd-new Regards, Hugo -- Hugo Lefeuvre (hugo6390)|www.hugo6390.org 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: Digital signature