Bug#987169: RFS: newlib/3.3.0-1.1 [NMU] -- C library and math library for embedded systems
Control: tags -1 moreinfo On Sun, 18 Apr 2021 19:29:00 + John Scott wrote: (note, I did not look at the package, this are general remarks. But at least you should target experimental, so that's why I tag it moreinfo for now.) > Changes since the last upload: > > newlib (3.3.0-1.1) unstable; urgency=medium > . > * Non-maintainer upload. > * Add newlib-source binary package to aid building for new targets. > (Closes: #912271) > > This change wouldn't normally be appropriate for an NMU, but the > maintainer, Agustin Henze, hasn't been responsive to my attempts for > contact, and is also on the LowThresholdNmu list and keeps the package > in the Debian group on Salsa for collaborative maintenance: > https://wiki.debian.org/LowThresholdNmu > > I haven't encountered the maintainer previously, but believe in good > faith that these changes would be welcome and that the LowThresholdNmu > criterion are met by addressing a bug with important severity. My > interest in this bug, to introduce a newlib-source binary package, is > to unblock my progress on gcc-sh-elf, which is otherwise almost ready. Probably still a good idea to CC them or file a bug in the BTS to document your intentions, as adding a binary package is not a usual change, even if the NMU criterias are fulfilled. Alternatively, you should consider ITS'ing the package. At least from your description it sounds as it would be a valid candidate, but I didn't check the details. > That package will bootstrap a toolchain by building GCC and Newlib > simultaneously in a combined build tree, which in my opinion is best > practice for embedded toolchains going forward. > > The changelog is set to unstable in anticipation that I won't manage to > clear NEW before Bullseye is released. If anyone would be so kind to > sponsor me sooner, I could change that to experimental. please change to experimental. (Its anyway _always_ a good idea to clear NEW first via experimental…) -- tobi
Bug#984901: RFS: open-ath9k-htc-firmware/1.4.0-106-gc583009+dfsg1-2 -- firmware for AR7010 and AR9271 USB wireless adapters
Control: tags -1 moreinfo On Tue, Jun 01, 2021 at 02:22:15AM +, John Scott wrote: > Control: tags -1 -moreinfo > > On Mon, 2021-05-31 at 20:25 +0200, Tobias Frost wrote: > > I've took a look at your package: > Awesome, thanks. > > > - d/copyright: > > - The word "Comment:" went missing after the Files-Exlucded section. > I don't believe this is an error. The Files-Excluded field is currently > not specified by the machine-readable copyright specification (this is > bug #685506), but at least the mk-origtargz manual page specifies that > this should be what the spec calls 'formatted text', i.e. the current > syntax should be valid: > > (In debian/copyright, the Files-Excluded and Files-Excluded-component > > stanzas are a part of the first paragraph and there is a blank line > > before the following paragraphs which contain Files and other > > stanzas. See uscan(1) "COPYRIGHT FILE EXAMPLE".) The Files-Excluded section is used by tools like uscan to strip files from the orig.tar. The formatted text just says that the field can extend over multiple lines, it does not mean its free text without meaning. TL;DR: I'm pretty sure you want the Comment: here. A quick test with uscan --verbose --force-download will convince you too. > > - Please review the file. I see e.g the section for "Files: *" be > > gone, not sure if that is intentional (I did not a d/copyright > > review) > This was intentional. > > > Lintian is the same oppionion that there is something missing: > > > > W: open-ath9k-htc-firmware source: file-without-copyright-information > > .gitignore > > W: open-ath9k-htc-firmware source: file-without-copyright-information > > NOTICE.TXT > > W: open-ath9k-htc-firmware source: file-without-copyright-information > > README > Those files have no copyright information, but they are so small > they're probably not copyrightable. There s no copyright status to > associate with them, so it's better that the copyright file say nothing > at all with respect to them. I'm sorry; no. You cannot assume that those files are not copyrightable, at minimum that would be a question for debian-legal. Generally, copyrightabilty is a very low barrier. Looking at NOTICE.TXT it is definitly copyrightable and has even a copyright statement, for example. Looking at README, it is also definitly beyond that barrier. *Usually* (I didnt check this particular case) such companion files in the repo are under the same license that the other files, thereofore usually the debian/* stanca is fine. Strictly, if there is no copyright information, it defaults to "all rights reserved", which means "not even distributeable." So if in doubt, you need to ask upstream to clarify. I guess it would be just easier to reinstanciate the * section, as ftp masters have at least one time looked at it already and found it ok. > > - W: open-ath9k-htc-firmware source: inconsistent-appstream- > > metadata-license > >debian/firmware-ath9k-htc.metainfo.xml (mit != expat) > In my opinion this is a bug that could be fixed in Lintian. If you're > not aware, the Expat license is a specific version of what's commonly > known as the MIT license. The SPDX identifier (and hence the identifier > used in the AppStream file) is MIT, although the Debian machine- > readable copyright specification requests that one refer to the Expat > license when that license is applicable. > > Basically, the copyright file referring to the Expat license is > consistent with the AppStream metadata proclaiming that it is subject > to the MIT license. OK, in this case an override and a comment towards the override would be helpful. Bonus points for filing a bug against lintian. > > Some patch have fuzz... maybe refresh? > If you're referring to > Hunk #1 succeeded at 43 (offset -1 lines). > Hunk #2 succeeded at 55 (offset -1 lines). > Hunk #3 succeeded at 99 (offset -1 lines). > Hunk #4 succeeded at 113 (offset -1 lines). > Hunk #5 succeeded at 151 (offset -1 lines). > then I believe this is normal, although refreshing the patches upstream > shouldn't hurt. Certainly it does not hurt to refresh. -- Cheers, tobi
Bug#984901: RFS: open-ath9k-htc-firmware/1.4.0-106-gc583009+dfsg1-2 -- firmware for AR7010 and AR9271 USB wireless adapters
Control: tags -1 -moreinfo On Mon, 2021-05-31 at 20:25 +0200, Tobias Frost wrote: > I've took a look at your package: Awesome, thanks. > - d/copyright: > - The word "Comment:" went missing after the Files-Exlucded section
Bug#989312: RFS: ircii/20210314+really20190117-1 [QA] [RC] -- Internet Relay Chat client
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "ircii": * Package name: ircii Version : 20210314+really20190117-1 Upstream Author : [fill in name and email of upstream] * URL : http://www.eterna.com.au/ircii/ * License : MIT-Old-Style-with-legal-disclaimer-2, public-domain, BSD-2-Clause, Custom, GPL-2.0+, BSD-3-Clause * Vcs : https://salsa.debian.org/debian/ircii Section : net It builds those binary packages: ircii - Internet Relay Chat client To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ircii/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/i/ircii/ircii_20210314+really20190117-1.dsc Changes since the last upload: ircii (20210314+really20190117-1) unstable; urgency=medium . * QA upload. * Revert to previous release, because of freeze. * Add patch to Fix CVE-2021-29376 Closes: #986214 I got confirmation that this release will be unblocked and accepted into testing [0] Regards, Håvard [0] https://bugs.debian.org/989273
Bug#988923: RFS: distorm3/3.5.2b-1 -- powerful disassembler library for x86/AMD64 binary streams (Python3 bindings)
Control: tags -1 moreinfo On Mon, 31 May 2021 15:58:56 +0200 Adam Borowski wrote: > On Fri, May 21, 2021 at 02:51:36PM +, Lin Qigang wrote: (...) > Hi! > This upload is targetted at unstable, which is currently affected by the > hard freeze. Only targetted fixes are permitted, not whole new upstream > releases (unless the upstream release consists of nothing but fixes...). > > Thus, your options here would be: > * targetting experimental instead, or > * waiting until after Bullseye is released > Tagging moreinfo for now because of that.
Bug#988329: RFS: usbredir/0.9.0-1 -- Simple USB host TCP server
Control: retitle -1 usbredir/0.9.0-1 -- [ITA] Simple USB host TCP server Control: tags -1 moreinfo (Retitling the RFS bug to indicate that this an ITA.) On Mon, 10 May 2021 16:08:10 + LQi254 wrote: > This is my first package and I am very excited! I just wanted to give you a short heads-up why you maybe did not get an response already. First, many thanks for contributing to Debian and wanting to adpopt usbredi
Bug#988490: RFS: mini-httpd/1.30-3 [ITA] -- Small HTTP server
Control: tags -1 moreinfo Hi Khoa Tran Minh, thanks for adopting the package! Please note that Debian is currently frozen, so the changes you've made are currently inappropiate to upload. So I see two options: - wait until bullseye release - target experimental for now. Regarding the package, I did not take a closer look beside looking at the mentors page: Possibly you could take a look at the lintian messages and try to solve them: W: package-contains-documentation-outside-usr-share-doc usr/share/mini-httpd/html/index.html mini-httpd source I patch-not-forwarded-upstream debian/patches/0007-manpage-hyphen debian/patches/0008-fix-ftbfs-kfreebsd-amd64 debian/patches/0009-fix-nullpointer-dereference X debian-watch-does-not-check-gpg-signature X upstream-metadata-file-is-missing P silent-on-rules-requiring-root Not sure if upstream is reachable (homepage a stroken out the mailing list), but the patches should be forwarded if possible. There are also several bugs on the BTS, one with a patch. Please check at least that one if it makes sense to apply the patch and check if the others can be triaged. Please remove the moreinfo tag when an revised package is available; targeting either experimental or after bullseye has been released. -- Cheers, tobi
Bug#988466: RFS: aspell-sl/0.60-5 -- Slovenian dictionary for GNU Aspell
Control: tags -1 moreinfo (Triaging RFS bugs) This bug seems to wait for an feedback from Tomaž. Tomaž, please remove the moreinfo tag once an updated package is ready
Bug#984901: RFS: open-ath9k-htc-firmware/1.4.0-106-gc583009+dfsg1-2 -- firmware for AR7010 and AR9271 USB wireless adapters
Control: tags -1 moreinfo Hi John, I've took a look at your package: - d/copyright: - The word "Comment:" went missing after the Files-Exlucded section. - Please review the file. I see e.g the section for "Files: *" be gone, not sure if that is intentional (I did not a d/copyright review) Lintian is the same oppionion that there is something missing: W: open-ath9k-htc-firmware source: file-without-copyright-information .gitignore W: open-ath9k-htc-firmware source: file-without-copyright-information NOTICE.TXT W: open-ath9k-htc-firmware source: file-without-copyright-information README - W: open-ath9k-htc-firmware source: inconsistent-appstream-metadata-license debian/firmware-ath9k-htc.metainfo.xml (mit != expat) - Some patch have fuzz... maybe refresh? Please fix above and then remove the moreinfo tag. -- Cheers, tobi
Bug#983104: RFS: mupdf/1.14.0+ds1-4+deb10u3 [NMU, CVE-2020-16600] -- lightweight PDF viewer
Control: tags -1 moreinfo Hi Bastian, > > Hi Bastian, > > > > thanks for your work on this. We think this update should go via > > stable-proposed-updates: > > Hi, > > Thanks for pointing that out. I have modified the changelog accordingly. > The diff looks good, but there are some formalities… - Can you file an "Stable Proposed Updates" unblock request to get an approval. - Possibly you should file an bug for CVE-2020-16600 and close it in the changelog. (That would make it more transparent.) - Please also send a NMU announcement to the package's bts. Thanks for providing the update! After the release team gives green light, remove the moreinfo, ping me and I'll do the upload. Cheers, -- tobi
Bug#981098: RFS: aiorwlock/1.0.0-1 -- Synchronization primitive RWLock for asyncio (Python 3)
Control: tags -1 moreinfo Hi Waqar Ahmed, > > aiorwlock (1.0.0-1) unstable; urgency=medium > . > * New upstream version 1.0.0 > * debian/control: > - Use pytest-asyncio for tests (Currently Debian is frozen, so an upload is likely inappropiate at this time. You can aim for experimental if you want, though.) One question: You are not listed as maintainer, neither this is marked as team upload nor as NMU… Can you elaborate on this point and clarify in the changelog what type of upload this is. Have you talked to the maintainer or/and python team? I'll marking the bug "moreinfo" as this needs clarification and documentation in d/changelog. Beside, there are some lintian stuff (quoted from the mentors site) > – Package has lintian warnings: > > I out-of-date-standards-version > 4.4.1 (released 2019-09-29) (current is 4.5.0) > P package-uses-old-debhelper-compat-version > 12 > P silent-on-rules-requiring-root I suggest to contact the maintainer and or python team (possibly after bullseye release) and remove the moreinfo tag here when you are ready for another review- Thanks for your contributions to Debian and sorry that I cant help with an upload… (I do not intend to sponsor this package; python packages are not mine…) Cheers, -- tobi
Bug#989303: marked as done (RFS: backintime/1.2.1-3 [RC] -- simple backup/snapshot system)
Your message dated Mon, 31 May 2021 18:06:07 +0200 with message-id <224280508e83886fc97a387882c60992316c3645.ca...@debian.org> and subject line Re: RFS: backintime/1.2.1-3 [RC] -- simple backup/snapshot system has caused the Debian Bug report #989303, regarding RFS: backintime/1.2.1-3 [RC] -- simple backup/snapshot system to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for an upload of the 'backintime' package. The upload fixes a release critical bug in the current version of the package (#946349). A patch was provided in the Debian bug tracking system and has since been applied upstream. My changes in this upload consist solely of cherry-picking the fix for #946349. Therefore, this upload is a targeted fix for a release critical bug and should qualify as an appropriate change according to the bullseye freeze policy [1]. Since this package neither is a key package nor has any autopkgtests, it will require manual review by the release team. Bullet point five of "Applying for an unblock" in the freeze policy states that If the diff is small and you believe it will be approved, you can upload it to unstable before filing the unblock request to avoid a round-trip. I suppose this applies here, which is why I'm looking for a sponsor for this upload now. The package is available on Salsa as well as on Mentors: https://salsa.debian.org/jmw/pkg-backintime https://mentors.debian.net/package/backintime/ I have also attached the debdiff of my changes vs. the current version of the package in testing/unstable. Thanks for your help! Fabian [1] https://release.debian.org/bullseye/freeze_policy.html diff -Nru backintime-1.2.1/debian/changelog backintime-1.2.1/debian/changelog --- backintime-1.2.1/debian/changelog 2019-10-30 22:35:50.0 +0100 +++ backintime-1.2.1/debian/changelog 2021-05-31 15:14:50.0 +0200 @@ -1,3 +1,10 @@ +backintime (1.2.1-3) unstable; urgency=medium + + * Cherry-pick patch for #946349 from upstream Git repository +(Closes: #946349). + + -- Fabian Wolff Mon, 31 May 2021 15:14:50 +0200 + backintime (1.2.1-2) unstable; urgency=medium * Source-only reupload after the package has been in the NEW queue diff -Nru backintime-1.2.1/debian/patches/00-fix-946349.patch backintime-1.2.1/debian/patches/00-fix-946349.patch --- backintime-1.2.1/debian/patches/00-fix-946349.patch 1970-01-01 01:00:00.0 +0100 +++ backintime-1.2.1/debian/patches/00-fix-946349.patch 2021-05-31 15:14:50.0 +0200 @@ -0,0 +1,39 @@ +Description: Cherry-pick fix for #946349 from upstream repository +Origin: upstream, https://github.com/bit-team/backintime/commit/7f6f570a01e7e0a623e670baaf63eaaf879948c4 +Bug: https://github.com/bit-team/backintime/issues/974 +Bug-Debian: https://bugs.debian.org/946349 +Last-Update: 2021-05-31 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/common/mount.py b/common/mount.py +@@ -648,7 +648,7 @@ + """ + tools.mkdir(self.mount_root, 0o700) + tools.mkdir(self.hash_id_path, 0o700) +-tools.mkdir(self.currentMountpoint, 0o700) ++tools.mkdir(self.currentMountpoint, 0o700, False) + tools.mkdir(self.lock_path, 0o700) + + def mountProcessLockAcquire(self, timeout = 60): +--- a/common/tools.py b/common/tools.py +@@ -287,7 +287,7 @@ + %(path, str(e)), traceDepth = 1) + return os.path.isdir(path) + +-def mkdir(path, mode = 0o755): ++def mkdir(path, mode = 0o755, enforce_permissions = True): + """ + Create directory ``path``. + +@@ -300,7 +300,8 @@ + """ + if os.path.isdir(path): + try: +-os.chmod(path, mode) ++if enforce_permissions: ++os.chmod(path, mode) + except: + return False + return True diff -Nru backintime-1.2.1/debian/patches/series backintime-1.2.1/debian/patches/series --- backintime-1.2.1/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ backintime-1.2.1/debian/patches/series 2021-05-31 15:14:50.0 +0200 @@ -0,0 +1 @@ +00-fix-946349.patch --- End Message --- --- Begin Message --- Uploaded. Thanks for providing the updated package! -- tobi--- End Message ---
Bug#989303: RFS: backintime/1.2.1-3 [RC] -- simple backup/snapshot system
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for an upload of the 'backintime' package. The upload fixes a release critical bug in the current version of the package (#946349). A patch was provided in the Debian bug tracking system and has since been applied upstream. My changes in this upload consist solely of cherry-picking the fix for #946349. Therefore, this upload is a targeted fix for a release critical bug and should qualify as an appropriate change according to the bullseye freeze policy [1]. Since this package neither is a key package nor has any autopkgtests, it will require manual review by the release team. Bullet point five of "Applying for an unblock" in the freeze policy states that If the diff is small and you believe it will be approved, you can upload it to unstable before filing the unblock request to avoid a round-trip. I suppose this applies here, which is why I'm looking for a sponsor for this upload now. The package is available on Salsa as well as on Mentors: https://salsa.debian.org/jmw/pkg-backintime https://mentors.debian.net/package/backintime/ I have also attached the debdiff of my changes vs. the current version of the package in testing/unstable. Thanks for your help! Fabian [1] https://release.debian.org/bullseye/freeze_policy.html diff -Nru backintime-1.2.1/debian/changelog backintime-1.2.1/debian/changelog --- backintime-1.2.1/debian/changelog 2019-10-30 22:35:50.0 +0100 +++ backintime-1.2.1/debian/changelog 2021-05-31 15:14:50.0 +0200 @@ -1,3 +1,10 @@ +backintime (1.2.1-3) unstable; urgency=medium + + * Cherry-pick patch for #946349 from upstream Git repository +(Closes: #946349). + + -- Fabian Wolff Mon, 31 May 2021 15:14:50 +0200 + backintime (1.2.1-2) unstable; urgency=medium * Source-only reupload after the package has been in the NEW queue diff -Nru backintime-1.2.1/debian/patches/00-fix-946349.patch backintime-1.2.1/debian/patches/00-fix-946349.patch --- backintime-1.2.1/debian/patches/00-fix-946349.patch 1970-01-01 01:00:00.0 +0100 +++ backintime-1.2.1/debian/patches/00-fix-946349.patch 2021-05-31 15:14:50.0 +0200 @@ -0,0 +1,39 @@ +Description: Cherry-pick fix for #946349 from upstream repository +Origin: upstream, https://github.com/bit-team/backintime/commit/7f6f570a01e7e0a623e670baaf63eaaf879948c4 +Bug: https://github.com/bit-team/backintime/issues/974 +Bug-Debian: https://bugs.debian.org/946349 +Last-Update: 2021-05-31 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/common/mount.py b/common/mount.py +@@ -648,7 +648,7 @@ + """ + tools.mkdir(self.mount_root, 0o700) + tools.mkdir(self.hash_id_path, 0o700) +-tools.mkdir(self.currentMountpoint, 0o700) ++tools.mkdir(self.currentMountpoint, 0o700, False) + tools.mkdir(self.lock_path, 0o700) + + def mountProcessLockAcquire(self, timeout = 60): +--- a/common/tools.py b/common/tools.py +@@ -287,7 +287,7 @@ + %(path, str(e)), traceDepth = 1) + return os.path.isdir(path) + +-def mkdir(path, mode = 0o755): ++def mkdir(path, mode = 0o755, enforce_permissions = True): + """ + Create directory ``path``. + +@@ -300,7 +300,8 @@ + """ + if os.path.isdir(path): + try: +-os.chmod(path, mode) ++if enforce_permissions: ++os.chmod(path, mode) + except: + return False + return True diff -Nru backintime-1.2.1/debian/patches/series backintime-1.2.1/debian/patches/series --- backintime-1.2.1/debian/patches/series 1970-01-01 01:00:00.0 +0100 +++ backintime-1.2.1/debian/patches/series 2021-05-31 15:14:50.0 +0200 @@ -0,0 +1 @@ +00-fix-946349.patch
Bug#988923: RFS: distorm3/3.5.2b-1 -- powerful disassembler library for x86/AMD64 binary streams (Python3 bindings)
On Fri, May 21, 2021 at 02:51:36PM +, Lin Qigang wrote: > * Package name: distorm3 >Version : 3.5.2b-1 > Changes since the last upload: > > distorm3 (3.5.2b-1) unstable; urgency=medium > . >* New upstream release. >* Removed fix_init_python patch >* debian/patches: Added patch to update the library version number >* debian/*.links: Updated symbolic links to new upstream version >* debian/not-installed: Account for varying python3 directory naming scheme >* debian/patches: Added makefile library version fix patch >* debian/libdistorm3-3.symbols: Updated symbols to 3.5.2b >* debian/python3-distorm: Account for varying python3 directory naming > scheme >* debian/rules: Account for upstream build changes >* debian/copyright: Updated packaging copyright years >* debian/control: Updated maintainer >* Release to unstable Hi! This upload is targetted at unstable, which is currently affected by the hard freeze. Only targetted fixes are permitted, not whole new upstream releases (unless the upstream release consists of nothing but fixes...). Thus, your options here would be: * targetting experimental instead, or * waiting until after Bullseye is released Meow! -- ⢀⣴⠾⠻⢶⣦⠀ The oldest dated printed book includes the following license grant: ⣾⠁⢠⠒⠀⣿⡁ Reverently made for universal free distribution by Wang Jie ⢿⡄⠘⠷⠚⠋⠀ on behalf of his two parents on the 15th of the 4th moon of ⠈⠳⣄ the 9th year of Xiantong [11 May 868].
