Bug#988611: unblock: kodi/2:19.1+dfsg2-1

[Vasyl Gello]

Package: release.debian.org
Followup-For: Bug #988611
X-Debbugs-Cc: davebl...@kodi.tv, phunkyf...@kodi.tv

Hi Sebastian,

>Unfortunately your descriptions of the changes in kodi (and all the
>plugins) are very terse and only highlight changes that sound like they
>would fit the freeze policy. The other changes -- like the
>reimplementation of kodi's logging which is a few hundred lines if not
>more or newly added features -- are swept under the rug. We do not have
>the time to dig into upstream's decision to include those changes and the
>associated risks. If you as maintainer think that it's worth having
>these changes in bullseye, please help us reviewing the changes by
>explaining why the changes are needed and the potential regressions
>they could introduce.

Sorry for ponging this late! Let me answer the question as per bullseye FAQ 
([1]),
mentioned in the #debian-multimedia channel.

1. Is this a targeted bug fix release, and how does that show?

Yes, it is a bug fix release that addresses various bugs reported to Kodi
upstream and backported from current development branch (master) to stable
release (Matrix). As per Kodi's release policy, only changes tagged with
'Type: Backport' get merged into stable branches.

The 19.1 bugfix release features 89 commits and 80 PRs are closed in
'19.1-Matrix' milestone [2]:

$ git log --oneline --no-merges 19.0-Matrix..19.1-Matrix | wc -l
89

The total number of commits in the PRs counted by script below is 90:

# ===
#!/bin/sh
TOTAL_COUNT=0
while read _1
do
COMMIT_COUNT=$(gh api "repos/xbmc/xbmc/pulls/$_1/commits" | jq length)
TOTAL_COUNT=$(( TOTAL_COUNT + COMMIT_COUNT ))
#echo "$_1: $COMMIT_COUNT"
gh api "repos/xbmc/xbmc/pulls/$_1/commits" | jq ".[].commit.message" | 
sed 's/\\n.*"$/"/' | while read _2
do
echo "- $_2"
done
done <<.p
$(gh pr list \
--limit 100 \
--search 'milestone:"Matrix 19.1"' \
--state merged -R xbmc/xbmc \
--json number |
jq -r '.[].number')
.p

echo "---"
echo "Total commit count = $TOTAL_COUNT"
# ===

The missing commit is:

"[Subtitles][Plugins] Do not browse plugin directory when browsing for 
subtitles"

which has not been merged due to reasons unknown to me. This proves there are
only bug and code quality fixes in the point release.

2. What are the risks of the changes for the quality of the Debian release?

Given that every upstream change must pass the CI pipeline for every supported
architecture to be merged, and the changes were tested by bug reporters and
Kodi users on the forums, I see no significant risks for Debian release quality.

3. Is there a policy that describes what upstream considers acceptable for this
   upstream release?

Yes, see the Kodi official wiki page [3]. Also, there are unwritten rules that
are considered the rule of thumb in merging the fixes.

4. Does that policy align with our bug severity important or higher?

The perception of bugs cab be clearly mapped from Debian to Kodi and vice versa.

For example, the 18.9 point release (the last bugfix release of now old-stable
18.x "Leia" branch) was caused by Cloudflare's decision to break Kodi's SSL
over HTTP/2 implementation. Such a bug would get an RC status in Debian if 
reported.

5. Does upstream test thoroughly?

Yes. First of all, the fix must build at the committer's machine (see [3]). 
Then.
code owners and other members of Kodi team review the changes and make sure the
fix does not introduce new regressions. Then, the bug reporters download the
build artifacts produced by Jenkins and confirm the issue is resolved. Finally,
once the PR is approved, the final run of Jenkins builds ensures all 
architectures
pass the build smoothly and the change gets merged into master. Another build 
run
is done for stable backports.

6. Has this package seen new upstream version uploads to stable in the past to
   facilitate security support?

Yes, 17.5 fixed two CVEs and was uploaded into stretch, if my memory still 
serves
me.

7. Look at the diff. If it's long, you probably need a targeted fix.
8. Look at the diff. If there's a number of changes not relevant for Debian,
   you probably need a targeted fix.
9. Look at the diff. If there something in there that is difficult to explain,
   but not directly related to the (RC or important) bugs you are fixing,
   you probably need a targeted fix.

The most controversial change here is removal of 'CStaticLoggerBase' class.
The reasoning behind the change is explained at [4]:

"Yes please do, we will be working with log files from Matrix for some time
to come so may as well have any benifits." (c) Dave Blake. I am adding Dave
to the converation in case the question arises whether it is OK to discard
changes approved by upstream.

The rest of changes are targeted fixes that I already tested manually and
via Podman container with (sort of) autopkgtest. This work is done by me to
ensure release quality at Debian, 

Bug#989538: unblock: ssl-cert/1.1.0+nmu1

[Timo Röhling]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: roehl...@debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package ssl-cert

[ Reason ]
Fixes #988310

[ Impact ]
It is impossible to create certificates with make-ssl-cert in manual mode
without clobbering the OpenSSL template file.

[ Tests ]
I verified that the NMU'd version works as intended by manually creating a
local certicate.

[ Risks ]
The risk is very low as it is a one-line change in a code path that is
only exercised for the manual mode. The automated snakeoil certifcate
generation is unaffected.

[ Other info ]
I have attached the nmudiff from the original bugreport for convenience.


unblock ssl-cert/1.1.0+nmu1


-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmC9RWAACgkQ+C8H+466
LVkvbAwA0AF/Z2bBU1rfdQS4E85kJ4gF292Z2VLtKI7GM+YFYEkRnPi3zO8fao2n
7+ly8iaHiiPABwidZtgUPglHwVsDWhVGurL7/m2wJzF6c0cLsq93HITCoUfw05EZ
xA1PducdJUb4Hr6VelBZ6YolTDwRUoZf51F5uORBLA+CP9MCAvZDAF8pr1U81sSo
obxvlcOLtS+Eraye6JsYqRNwKT8BdUm2V20sU6jIOdKfwNNAZwLHo0wRSISn+RWd
J27q9pPmkYZg4+Spqy/DKZHyiZUxVhHTOPKdIDRqaMzpvmrO/71vty/sUAfNEJeQ
CrBFgLgE7ileRx5gj0fj6FtZBugDY2509mRQROPmZcHDNLgx47/Myw74uUbWlrww
CP3hD0B+lSU7OO+/DsJKjQ0JtV8yu1g9NOips88szRBHnFKrn3QOLX3xFu+f+Thh
pY6xNrAc1K0a9W2yDoKe3NeoZSV/5U4+aCouMVLESPt0Ej5NreVKEbT2crPFwZKA
28ClgtsI
=qZ7f
-END PGP SIGNATURE-
diff -Nru ssl-cert-1.1.0/debian/changelog ssl-cert-1.1.0+nmu1/debian/changelog
--- ssl-cert-1.1.0/debian/changelog 2020-12-28 15:20:52.0 +0100
+++ ssl-cert-1.1.0+nmu1/debian/changelog2021-06-06 23:02:49.0 
+0200
@@ -1,3 +1,10 @@
+ssl-cert (1.1.0+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Use correct argument for output file (Closes: #988310)
+
+ -- Timo Röhling   Sun, 06 Jun 2021 23:02:49 +0200
+
 ssl-cert (1.1.0) unstable; urgency=medium
 
   [ Stefan Fritsch ]
diff -Nru ssl-cert-1.1.0/make-ssl-cert ssl-cert-1.1.0+nmu1/make-ssl-cert
--- ssl-cert-1.1.0/make-ssl-cert2020-12-28 15:20:52.0 +0100
+++ ssl-cert-1.1.0+nmu1/make-ssl-cert   2021-06-06 23:02:49.0 +0200
@@ -173,7 +173,7 @@
 
 # Takes two arguments, the base layout and the output cert.
 if [ "${subcommand}" = "manual" ]; then
-output="${1}"
+output="${2}"
 [ -n "${template}" ] || usage 1
 [ -n "${output}" ]   || usage 1
 

Processed: Re: Bug#989498: unblock: golang-1.15/1.15.9-5

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #989498 [release.debian.org] unblock: golang-1.15/1.15.9-5
Removed tag(s) moreinfo.
> tags -1 confirmed
Bug #989498 [release.debian.org] unblock: golang-1.15/1.15.9-5
Added tag(s) confirmed.

-- 
989498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989498
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#989498: unblock: golang-1.15/1.15.9-5

[Paul Gevers]

Control: tags -1 - moreinfo
Control: tags -1 confirmed

Hi Shengjing,

On 06-06-2021 08:36, Shengjing Zhu wrote:
> On Sun, Jun 6, 2021 at 11:46 AM Paul Gevers  wrote:
>> On 05-06-2021 13:57, Shengjing Zhu wrote:
>>> Please unblock package golang-1.15

Unblocked.

>> You're well aware that golang builds statically so normally we're not
>> done with just accepting one package. Do we now need to also rebuild
>> everything that build depends on golang (I'd expect so)?
> 
> Yes. That's why the compiler is uploaded in unstable, as rebuilding in
> unstable is much easier before release. We didn't manage to rebuild
> any package in buster for the compiler security update after release.

So let's keep this bug open to keep track of this and only close it when
all rebuilds have migrated. Please know that I expect the golang team to
keep an eye on this too and warn us if anything is going wrong or takes
longer than expected. Please refrain from uploading any of the reverse
dependencies until their rebuild has migrated.

> + one package won't migrate, which is kubernetes, but the
> outdated-built-using rebuild script will not pick it up, as it doesn't
> have built-using field. (This doesn't mean it doesn't need to be
> rebuilt for the compiler security update, but no one cares about this
> package).

I know that last sentence to be untrue. Did you contact the maintainer
to inform him? I'm putting him in CC to make him aware of the CVE's.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#989534: unblock: obs-studio/26.1.2+dfsg1-2

[Sebastian Ramacher]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sramac...@debian.org

Please unblock and age package obs-studio. The version in unstable adds
a missing dependency on libsimde-dev.

[ Reason ]
The headers in libobs-dev include headers from libsimde-dev. Hence, a
dependency is required.

[ Impact ]
Users need to manually install libsimde-dev

[ Tests ]
Compiled a file with an #include  (the only
header that includes headers from libsimde-dev).

[ Risks ]
obs-studio is a leaf package.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Auto-removal is in 10 days, so please age the package accordingly.


unblock obs-studio/26.1.2+dfsg1-2


diff -Nru obs-studio-26.1.2+dfsg1/debian/changelog 
obs-studio-26.1.2+dfsg1/debian/changelog
--- obs-studio-26.1.2+dfsg1/debian/changelog2021-01-10 19:13:04.0 
+
+++ obs-studio-26.1.2+dfsg1/debian/changelog2021-06-01 20:05:24.0 
+
@@ -1,3 +1,9 @@
+obs-studio (26.1.2+dfsg1-2) unstable; urgency=medium
+
+  * debian/control: Make libobs-dev depend on libsimde-dev (Closes: #980171)
+
+ -- Sebastian Ramacher   Tue, 01 Jun 2021 22:05:24 +0200
+
 obs-studio (26.1.2+dfsg1-1) unstable; urgency=medium
 
   [ gregor herrmann ]
diff -Nru obs-studio-26.1.2+dfsg1/debian/control 
obs-studio-26.1.2+dfsg1/debian/control
--- obs-studio-26.1.2+dfsg1/debian/control  2021-01-10 18:32:08.0 
+
+++ obs-studio-26.1.2+dfsg1/debian/control  2021-01-15 16:31:27.0 
+
@@ -107,6 +107,7 @@
 Architecture: any
 Depends:
  libobs0 (= ${binary:Version}),
+ libsimde-dev,
  ${misc:Depends}
 Description: recorder and streamer for live video content (development files)
  OBS Studio is designed for efficiently recording and streaming live video


Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Processed: Re: Bug#989448: unblock: htmldoc/1.9.11-4

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed moreinfo
Bug #989448 [release.debian.org] unblock: htmldoc/1.9.11-4
Added tag(s) moreinfo and confirmed.

-- 
989448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#989448: unblock: htmldoc/1.9.11-4

[Sebastian Ramacher]

Control: tags -1 confirmed moreinfo

On 2021-06-03 23:36:47 +0200, Håvard Flaget Aasen wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: haavard_aa...@yahoo.no
> 
> Please unblock package htmldoc
> 
> This release adds patches to fix 8 CVE's and closes: #989437.
> 
> There are two things which is not needed in this release.
> Though the changes is not related to the code. I added the file
> 'debian/gbp.conf' since I changed the repository layout. I also fixed a
> minor error in the previous changelog entry, added a missing '#' in a
> 'close bug' statement.
> 
> [ Reason ]
> CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191,
> CVE-2021-23206, CVE-2021-26252, CVE-2021-26259 and CVE-2021-26948
> 
> [ Impact ]
> 
> [ Tests ]
> I have manually tested CVE-2021-23158, CVE-2021-23165, CVE-2021-23180,
> CVE-2021-23206 and CVE-2021-26252
> The issues in GitHub provided files that failed, before the fix was
> applied, and succeeded with this release.
> 
> [ Risks ]
> I consider this to be of minor risk. Code is coming from upstream, which
> also has released a new version with the changes.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> 
> unblock htmldoc/1.9.11-4

ACK, please remove moreinfo tag once the new version is available in
unstable.

Cheers

> 
> Regards,
> Håvard

> diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
> --- htmldoc-1.9.11/debian/changelog   2021-05-10 16:10:41.0 +0200
> +++ htmldoc-1.9.11/debian/changelog   2021-06-03 21:29:16.0 +0200
> @@ -1,7 +1,16 @@
> +htmldoc (1.9.11-4) unstable; urgency=medium
> +
> +  * Add patches to fix many CVE's. Closes: #989437
> +Fix: CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191,
> +CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, CVE-2021-26948.
> +  * Switch to DEP-14 layout
> +
> + -- Håvard Flaget Aasen   Thu, 03 Jun 2021 21:29:16 
> +0200
> +
>  htmldoc (1.9.11-3) unstable; urgency=medium
>  
>* Add patch to mitigate buffer-overflow caused by integer-overflow in
> -image_load_gif() Closes: 984765 and fixes CVE-2021-20308
> +image_load_gif() Closes: #984765 and fixes CVE-2021-20308
>  
>   -- Håvard Flaget Aasen   Mon, 10 May 2021 16:10:41 
> +0200
>  
> diff -Nru htmldoc-1.9.11/debian/gbp.conf htmldoc-1.9.11/debian/gbp.conf
> --- htmldoc-1.9.11/debian/gbp.conf1970-01-01 01:00:00.0 +0100
> +++ htmldoc-1.9.11/debian/gbp.conf2021-05-23 08:32:55.0 +0200
> @@ -0,0 +1,3 @@
> +[DEFAULT]
> +debian-branch = debian/latest
> +upstream-branch = upstream/latest
> diff -Nru 
> htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
>  
> htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
> --- 
> htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
>   1970-01-01 01:00:00.0 +0100
> +++ 
> htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
>   2021-06-03 21:29:16.0 +0200
> @@ -0,0 +1,128 @@
> +From: Michael R Sweet 
> +Date: Thu, 1 Apr 2021 09:37:58 -0400
> +Subject: CVE-2021-23158, CVE-2021-23191, CVE-2021-26252
> +
> +Fix JPEG error handling (Issue #415)
> +
> +Origin: upstream, 
> https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
> +Bug: https://github.com/michaelrsweet/htmldoc/issues/412
> +Bug: https://github.com/michaelrsweet/htmldoc/issues/414
> +Bug: https://github.com/michaelrsweet/htmldoc/issues/415
> +Bug-Debian: https://bugs.debian.org/989437
> +---
> + htmldoc/file.c |  9 -
> + htmldoc/image.cxx  | 38 +++---
> + htmldoc/ps-pdf.cxx |  5 +
> + 3 files changed, 44 insertions(+), 8 deletions(-)
> +
> +diff --git a/htmldoc/file.c b/htmldoc/file.c
> +index 20229c1..9f017de 100644
> +--- a/htmldoc/file.c
>  b/htmldoc/file.c
> +@@ -1000,8 +1000,15 @@ file_rlookup(const char *filename)/* I - Filename 
> */
> + 
> + 
> +   for (i = web_files, wc = web_cache; i > 0; i --, wc ++)
> ++  {
> + if (!strcmp(wc->name, filename))
> +-  return (wc->url);
> ++{
> ++  if (!strncmp(wc->url, "data:", 5))
> ++return ("data URL");
> ++  else
> ++return (wc->url);
> ++}
> ++  }
> + 
> +   return (filename);
> + }
> +diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
> +index 8f53050..74abfac 100644
> +--- a/htmldoc/image.cxx
>  b/htmldoc/image.cxx
> +@@ -1336,6 +1336,15 @@ image_load_gif(image_t *img,  /* I - Image pointer */
> + }
> + 
> + 
> ++typedef struct hd_jpeg_err_s// JPEG error manager extension
> ++{
> ++  struct jpeg_error_mgr jerr;   // JPEG error manager information
> ++  jmp_buf   retbuf; // setjmp() return buffer
> ++  char  

Bug#989522: marked as done (unblock: trscripts/1.18+nmu2 xfonts-bolkhov/1.1.20001007-8.2)

[Debian Bug Tracking System]

Your message dated Sun, 06 Jun 2021 18:40:49 +
with message-id 
and subject line unblock trscripts
has caused the Debian Bug report #989522,
regarding unblock: trscripts/1.18+nmu2 xfonts-bolkhov/1.1.20001007-8.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989522
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package trscripts and xfonts-bolkhov

[ Reason ]
The awk script generated by trscripts used a non deterministic for-in
loop resulting in the russian letter 'у' displayed as latin u with the
xfonts-bolkhov-misc font. This was reported as #979599 and #979710.

[ Impact ]
Font rendering would be wrong without the patch.

[ Tests ]
run: xfontsel -sampleUCS у -pattern "-rfx-*" and look at the displayed
symbol.

[ Risks ]
The change in trscripts is minimal, just using a different for loop
style. xfonts-bolkhov is a no change rebuild, just bumping the
dependency on trscripts.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock trscripts/1.18+nmu2
unblock xfonts-bolkhov/1.1.20001007-8.2
diff -Nru trscripts-1.18+nmu1/debian/changelog 
trscripts-1.18+nmu2/debian/changelog
--- trscripts-1.18+nmu1/debian/changelog2021-01-07 15:01:30.0 
+0100
+++ trscripts-1.18+nmu2/debian/changelog2021-06-05 20:08:15.0 
+0200
@@ -1,3 +1,12 @@
+trscripts (1.18+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Make trbdf awk script portable (Closes: #979599).
+POSIX awk does not specify the order in a for(i in array) loop, so
+switching to a for loop with an increment.
+
+ -- Jochen Sprickerhof   Sat, 05 Jun 2021 20:08:15 +0200
+
 trscripts (1.18+nmu1) unstable; urgency=medium
 
   * Non maintainer upload by the Reproducible Builds team.
diff -Nru trscripts-1.18+nmu1/gen_trbdf trscripts-1.18+nmu2/gen_trbdf
--- trscripts-1.18+nmu1/gen_trbdf   2009-05-02 12:43:11.0 +0200
+++ trscripts-1.18+nmu2/gen_trbdf   2021-06-05 20:08:15.0 +0200
@@ -312,15 +312,15 @@
 EOF
 
 if [ "$usefb" = yes ]; then
-printf "   split(tu[i] \" \" alt1[tu[i]] \" \" alt2[tu[i]], a);\n"
+printf "   an = split(tu[i] \" \" alt1[tu[i]] \" \" alt2[tu[i]], a);\n"
 printf "   split(0 \" \" weight1[tu[i]] \" \" weight2[tu[i]], w);\n"
 else
-printf "   split(tu[i] \" \" alt1[tu[i]], a);\n"
+printf "   an = split(tu[i] \" \" alt1[tu[i]], a);\n"
 printf "   split(0 \" \" weight1[tu[i]], w);\n"
 fi
 
 cat <<"EOF"
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
@@ -339,7 +339,7 @@
  }
  }
k=0;
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
@@ -356,7 +356,7 @@
printf "\";\n";
  }
k=0;
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
diff -u xfonts-bolkhov-1.1.20001007/debian/changelog 
xfonts-bolkhov-1.1.20001007/debian/changelog
--- xfonts-bolkhov-1.1.20001007/debian/changelog
+++ xfonts-bolkhov-1.1.20001007/debian/changelog
@@ -1,3 +1,11 @@
+xfonts-bolkhov (1.1.20001007-8.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump dependency on trscripts to fix generated fonts when using mawk, cf.
+#979599.
+
+ -- Jochen Sprickerhof   Sat, 05 Jun 2021 23:47:31 +0200
+
 xfonts-bolkhov (1.1.20001007-8.1) unstable; urgency=medium
 
   * Non maintainer upload by the Reproducible Builds team.
diff -u xfonts-bolkhov-1.1.20001007/debian/control 
xfonts-bolkhov-1.1.20001007/debian/control
--- xfonts-bolkhov-1.1.20001007/debian/control
+++ xfonts-bolkhov-1.1.20001007/debian/control
@@ -3,7 +3,7 @@
 Section: fonts
 Priority: optional
 Standards-Version: 3.6.2
-Build-Depends: debhelper (>=9~), trscripts (>= 1.13), xfonts-utils
+Build-Depends: debhelper (>=9~), trscripts (>= 1.18+nmu2), xfonts-utils
 
 Package: xfonts-bolkhov-75dpi
 Architecture: all
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---

Re: Finding a tentative bullseye release date

[Paul Gevers]

Hi all,

On 04-06-2021 06:49, Paul Gevers wrote:
> 26 June   [Ansgar (ftp)]
> 3 July[Ansgar (ftp), Sebastian (release), Paul (release)]
> 10 July   [Steve (CD) MAYBE , Ansgar (ftp), Paul (release)]
> 17 July   [Steve (CD), press, Ansgar (ftp), Paul (release)]
> 24 July   [Steve (CD), press, Ansgar (ftp), Sebastian (release)]
> 31 July   [Steve (CD), press, Ansgar (ftp), Sebastian (release)]
> 7 August  [Steve (CD), press, Ansgar (ftp), Sebastian (release)]
> 14 August [Steve (CD), press, Ansgar (ftp), Sebastian (release)]

With the availability of Adam now known (and some off-list info), we have:

26 June
  [Ansgar (ftp), Sebastian (release), Adam (release)]
3 July
  [Ansgar (ftp), Paul (release), Adam (release)]
10 July
  [Steve (CD) MAYBE , Ansgar (ftp), Paul (release), Adam (release),
   Graham (release)]
17 July
  [Steve (CD), press, Ansgar (ftp), Paul (release)]
24 July
  [Steve (CD), press, Ansgar (ftp), Sebastian (release), Adam (release),
   Graham (release)]
31 July
  [Steve (CD), press, Ansgar (ftp), Sebastian (release), Adam (release)]
7 August
  [Steve (CD), press, Ansgar (ftp), Sebastian (release), Adam (release)]
14 August
  [Steve (CD), press, Ansgar (ftp), Sebastian (release), Adam (release)]

So, what to pick? We still believe that shorter freezes are better for
the Debian community as a whole, so Steve can you look at turning your
maybe on 10 July into a "lets go for this"? If the answer is no, than
lets pick 24 July as the *tentative* release date.

Regardless of which of the two we pick, I propose we decide two weeks
before if it's going to be final.

And, relevant for every maintainer of non-key packages without passing
autopkgtests, the full freeze will start two weeks before the
*tentative* release. The means that, with traditionally the last week
being totally frozen, the last week that packages can migrate *all*
packages need manual unblocks by the release team.

Paul




OpenPGP_signature
Description: OpenPGP digital signature

Bug#989532: unblock: mc/3:4.8.26-1.1

[Thorsten Glaser]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: t...@mirbsd.de, only...@debian.org, y...@shurup.com, 
ti...@debian.org, deb...@denis-briand.fr

Please unblock package mc

[ Reason ]
This fixes #987446 which basically made any file that isn’t called
.zip but is a PKZIP container (including both things that are ZIP-like
archives, like *.jar, and those which aren’t, like office documents)
unusable with mc.

[ Impact ]
Quite a regression and limiting use.

[ Tests ]
I’ve manually tested this. It’s a backport of an upstream fix,
so I guess they also tested it, and it’ll be part of the next
upstream release.

[ Risks ]
This changes a conffile only, in a somewhat-leaf (only pulled
in by tasks-like packages) package. If anything should need to
be fixed up later, it can if necessary be done by the end user
changing the file in /etc.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock mc/3:4.8.26-1.1
diff -Nru mc-4.8.26/debian/changelog mc-4.8.26/debian/changelog
--- mc-4.8.26/debian/changelog  2021-02-01 02:44:43.0 +0100
+++ mc-4.8.26/debian/changelog  2021-06-01 15:26:23.0 +0200
@@ -1,3 +1,10 @@
+mc (3:4.8.26-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix PKZIP archive handling, patch backported from upstream
+
+ -- Thorsten Glaser   Tue, 01 Jun 2021 15:26:23 +0200
+
 mc (3:4.8.26-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru mc-4.8.26/debian/patches/fix-987446.patch 
mc-4.8.26/debian/patches/fix-987446.patch
--- mc-4.8.26/debian/patches/fix-987446.patch   1970-01-01 01:00:00.0 
+0100
+++ mc-4.8.26/debian/patches/fix-987446.patch   2021-06-01 15:24:55.0 
+0200
@@ -0,0 +1,263 @@
+Origin: upstream, commit:fa2cbd2a2c7e38ee56d1756eac5899b57f7f4262
+From: Andrew Borodin 
+Description: Ticket #4180: reorgzanize mc.ext.
+ $ file -L image.zip
+ image.zip: Zip archive data, at least v2.0 to extract
+ $ file -L -z image.zip
+ image.zip: JPEG image data, JFIF standard 1.01, resolution (DPI),
+ density 96x96, segment length 16, baseline, precision 8, 1024x768,
+ frames 3 (Zip archive data, at least v2.0 to extract)
+ .
+ Since in mc.ext
+ .
+ type/^JPEG
+ .
+ is evaluated before
+ .
+ type/\(Zip archive
+ .
+ mc assume image.zip is a image not an archive.
+ .
+ To solve this, since we use "file -z", match file name at first
+ (regex/ and shell/), then type/.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987446
+
+--- a/misc/mc.ext.in
 b/misc/mc.ext.in
+@@ -107,6 +107,7 @@
+ ### Changes ###
+ #
+ # Reorganization: 2012-03-07 Slava Zanko 
++# 2021-03-28 Andrew Borodin 
+ 
+ 
+ ### GIT Repo ###
+@@ -117,6 +118,7 @@ regex/^\[git\]
+ 
+ 
+ ### Archives ###
++# Since we use "file -z", we should use regex/ and shell/ at first, then 
type/.
+ 
+ # .tgz, .tpz, .tar.gz, .tar.z, .tar.Z, .ipk, .gem
+ regex/\.t([gp]?z|ar\.g?[zZ])$|\.ipk$|\.gem$
+@@ -171,16 +173,6 @@ shell/i/.tar
+   Open=%cd %p/utar://
+   View=%view{ascii} @EXTHELPERSDIR@/archive.sh view tar
+ 
+-# lha
+-type/^LHa\ .*archive
+-  Open=%cd %p/ulha://
+-  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view lha
+-
+-# PAK
+-type/^PAK\ .*archive
+-  Open=%cd %p/unar://
+-  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view pak
+-
+ # arj
+ regex/i/\.a(rj|[0-9][0-9])$
+   Open=%cd %p/uarj://
+@@ -300,7 +292,6 @@ shell/i/.iso
+   Open=%cd %p/iso9660://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view iso9660
+ 
+-
+ regex/\.(diff|patch)$
+   Open=%cd %p/patchfs://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view cat
+@@ -316,6 +307,102 @@ shell/i/.lib
+   Open=%cd %p/ulib://
+   View=%view{ascii} @EXTHELPERSDIR@/misc.sh view lib
+ 
++# ace
++shell/i/.ace
++  Open=%cd %p/uace://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view ace
++  Extract=unace x %f
++
++# arc
++shell/i/.arc
++  Open=%cd %p/uarc://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view arc
++  Extract=arc x %f '*'
++  Extract (with flags)=I=%{Enter any Arc flags:}; if test -n "$I"; then 
arc x $I %f; fi
++
++# zip
++shell/i/.zip
++  Open=%cd %p/uzip://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zip
++
++# zoo
++shell/i/.zoo
++  Open=%cd %p/uzoo://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view zoo
++
++# lz4
++regex/\.lz4$
++  Open=@EXTHELPERSDIR@/archive.sh view lz4 %var{PAGER:more}
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view lz4
++
++# WIM
++shell/i/\.wim
++  Open=%cd %p/uwim://
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view wim
++
++# gzip
++type/\(gzip compressed
++  Open=@EXTHELPERSDIR@/archive.sh view gz %var{PAGER:more}
++  View=%view{ascii} @EXTHELPERSDIR@/archive.sh view gz
++
++# bzip2
++type/\(bzip2 compressed
++  

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_source.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_all.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_i386-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: 
firefox-esr_78.11.0esr-1~deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: firefox-esr_78.11.0esr-1~deb10u1_s390x-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_sourceonly.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_i386.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: lasso_2.6.0-2+deb10u1_s390x.changes
  ACCEPT
Processing changes file: openjdk-11-jre-dcevm_11.0.11+9-2~deb10u1_source.changes
  ACCEPT
Processing changes file: openjdk-11-jre-dcevm_11.0.11+9-2~deb10u2_source.changes
  ACCEPT
Processing changes file: 
openjdk-11-jre-dcevm_11.0.11+9-2~deb10u2_amd64-buildd.changes
  ACCEPT
Processing changes file: openjdk-11-jre-dcevm_11.0.11+9-2~deb10u2_i386.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_source.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_all.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_amd64-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_arm64-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_armel-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_armhf-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_i386.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_mips-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_mips64el-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_mipsel-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_ppc64el-buildd.changes
  ACCEPT
Processing changes file: squid_4.6-1+deb10u6_s390x.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_source.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_all.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_i386.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.32.1-1~deb10u1_s390x.changes
  ACCEPT

Please dak copy-installer 20210606

[Cyril Brulebois]

Hi,

FTP Masters, please sync the installer from sid to testing, as it seems
to be Installed for all release architectures (9 total):

  dak copy-installer 20210606

(Release team: FYI, I've unblocked + urgented it; sorry for the missing
changelog entry about mini.iso, this will be amended in the next upload.)


Thanks for your time.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#989530: buster-pu: package mupdf/1.14.0+ds1-4+deb10u3

[Bastian Germann]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear Stable Release Team,

At #983104, I have prepared a NMU RFS to fix two CVEs in mupdf for buster that are already fixed in 
bullseye/sid. The security team asked me to hand in a Stable Proposed Updates request for it.


The debdiff for the NMU is attached.

Thanks,
Bastian
diff -Nru mupdf-1.14.0+ds1/debian/changelog mupdf-1.14.0+ds1/debian/changelog
--- mupdf-1.14.0+ds1/debian/changelog   2020-11-07 10:20:45.0 +0100
+++ mupdf-1.14.0+ds1/debian/changelog   2021-02-19 08:55:54.0 +0100
@@ -1,3 +1,13 @@
+mupdf (1.14.0+ds1-4+deb10u3) stable-proposed-updates; urgency=high
+
+  * Non-maintainer upload.
+  * Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600)
+(Closes: #989526)
+  * Fix double free of object during linearization (CVE-2021-3407)
+(Closes: #983684)
+
+ -- Bastian Germann   Fri, 19 Feb 2021 08:55:54 
+0100
+
 mupdf (1.14.0+ds1-4+deb10u2) buster-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru 
mupdf-1.14.0+ds1/debian/patches/0017-Bug-702253-Avoid-a-use-after-free-in-fz_drop_band_writer.patch
 
mupdf-1.14.0+ds1/debian/patches/0017-Bug-702253-Avoid-a-use-after-free-in-fz_drop_band_writer.patch
--- 
mupdf-1.14.0+ds1/debian/patches/0017-Bug-702253-Avoid-a-use-after-free-in-fz_drop_band_writer.patch
 1970-01-01 01:00:00.0 +0100
+++ 
mupdf-1.14.0+ds1/debian/patches/0017-Bug-702253-Avoid-a-use-after-free-in-fz_drop_band_writer.patch
 2021-02-19 00:54:26.0 +0100
@@ -0,0 +1,34 @@
+From: theshoals 
+Date: Mon, 4 May 2020 03:33:40 -0400
+Origin: 
http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=702253
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-16600
+Subject: Bug 702253: Avoid a use-after-free in fz_drop_band_writer
+
+A use-after-free would occur when a valid page was followed by
+a page with invalid pixmap dimensions, causing bander --
+a static -- to point to previously freed memory instead of a new
+band_writer.
+---
+ source/tools/mudraw.c | 7 +++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/source/tools/mudraw.c b/source/tools/mudraw.c
+index d17506d37..36536bd2c 100644
+--- a/source/tools/mudraw.c
 b/source/tools/mudraw.c
+@@ -920,7 +920,14 @@ static void dodrawpage(fz_context *ctx, fz_page *page, 
fz_display_list *list, in
+   fz_always(ctx)
+   {
+   if (output_format != OUT_PCLM)
++  {
+   fz_drop_band_writer(ctx, bander);
++  /* bander must be set to NULL to avoid 
use-after-frees. A use-after-free
++   * would occur when a valid page was followed 
by a page with invalid
++   * pixmap dimensions, causing bander -- a 
static -- to point to previously
++   * freed memory instead of a new band_writer. */
++  bander = NULL;
++  }
+   fz_drop_bitmap(ctx, bit);
+   bit = NULL;
+   if (num_workers > 0)
diff -Nru 
mupdf-1.14.0+ds1/debian/patches/0018-Bug-703366-Fix-double-free-of-object-during-lineariz.patch
 
mupdf-1.14.0+ds1/debian/patches/0018-Bug-703366-Fix-double-free-of-object-during-lineariz.patch
--- 
mupdf-1.14.0+ds1/debian/patches/0018-Bug-703366-Fix-double-free-of-object-during-lineariz.patch
 1970-01-01 01:00:00.0 +0100
+++ 
mupdf-1.14.0+ds1/debian/patches/0018-Bug-703366-Fix-double-free-of-object-during-lineariz.patch
 2021-02-19 08:55:54.0 +0100
@@ -0,0 +1,51 @@
+From: Robin Watts 
+Date: Fri, 22 Jan 2021 17:05:15 +
+Subject: Bug 703366: Fix double free of object during linearization.
+origin: 
http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=703366
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3407
+Bug-Debian: https://bugs.debian.org/983684
+
+This appears to happen because we parse an illegal object from
+a broken file and assign it to object 0, which is defined to
+be free.
+
+Here, we fix the parsing code so this can't happen.
+---
+ source/pdf/pdf-parse.c | 6 ++
+ source/pdf/pdf-xref.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
+index 7abc8c3d41aa..5761c3351773 100644
+--- a/source/pdf/pdf-parse.c
 b/source/pdf/pdf-parse.c
+@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc,
+   fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d 
? obj)", num);
+   }
+   gen = buf->i;
++  if (gen < 0 || gen >= 65536)
++  {
++  if (try_repair)
++  *try_repair = 1;

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: scrollz_2.2.3-2+deb10u1_source.changes
  REJECT

Bug#989522: unblock: trscripts/1.18+nmu2 xfonts-bolkhov/1.1.20001007-8.2

[Jochen Sprickerhof]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package trscripts and xfonts-bolkhov

[ Reason ]
The awk script generated by trscripts used a non deterministic for-in
loop resulting in the russian letter 'у' displayed as latin u with the
xfonts-bolkhov-misc font. This was reported as #979599 and #979710.

[ Impact ]
Font rendering would be wrong without the patch.

[ Tests ]
run: xfontsel -sampleUCS у -pattern "-rfx-*" and look at the displayed
symbol.

[ Risks ]
The change in trscripts is minimal, just using a different for loop
style. xfonts-bolkhov is a no change rebuild, just bumping the
dependency on trscripts.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock trscripts/1.18+nmu2
unblock xfonts-bolkhov/1.1.20001007-8.2
diff -Nru trscripts-1.18+nmu1/debian/changelog 
trscripts-1.18+nmu2/debian/changelog
--- trscripts-1.18+nmu1/debian/changelog2021-01-07 15:01:30.0 
+0100
+++ trscripts-1.18+nmu2/debian/changelog2021-06-05 20:08:15.0 
+0200
@@ -1,3 +1,12 @@
+trscripts (1.18+nmu2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Make trbdf awk script portable (Closes: #979599).
+POSIX awk does not specify the order in a for(i in array) loop, so
+switching to a for loop with an increment.
+
+ -- Jochen Sprickerhof   Sat, 05 Jun 2021 20:08:15 +0200
+
 trscripts (1.18+nmu1) unstable; urgency=medium
 
   * Non maintainer upload by the Reproducible Builds team.
diff -Nru trscripts-1.18+nmu1/gen_trbdf trscripts-1.18+nmu2/gen_trbdf
--- trscripts-1.18+nmu1/gen_trbdf   2009-05-02 12:43:11.0 +0200
+++ trscripts-1.18+nmu2/gen_trbdf   2021-06-05 20:08:15.0 +0200
@@ -312,15 +312,15 @@
 EOF
 
 if [ "$usefb" = yes ]; then
-printf "   split(tu[i] \" \" alt1[tu[i]] \" \" alt2[tu[i]], a);\n"
+printf "   an = split(tu[i] \" \" alt1[tu[i]] \" \" alt2[tu[i]], a);\n"
 printf "   split(0 \" \" weight1[tu[i]] \" \" weight2[tu[i]], w);\n"
 else
-printf "   split(tu[i] \" \" alt1[tu[i]], a);\n"
+printf "   an = split(tu[i] \" \" alt1[tu[i]], a);\n"
 printf "   split(0 \" \" weight1[tu[i]], w);\n"
 fi
 
 cat <<"EOF"
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
@@ -339,7 +339,7 @@
  }
  }
k=0;
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
@@ -356,7 +356,7 @@
printf "\";\n";
  }
k=0;
-   for(j in a)
+   for(j=1; j <= an; ++j)
  {
if(ut[a[j]]!="")
  {
diff -u xfonts-bolkhov-1.1.20001007/debian/changelog 
xfonts-bolkhov-1.1.20001007/debian/changelog
--- xfonts-bolkhov-1.1.20001007/debian/changelog
+++ xfonts-bolkhov-1.1.20001007/debian/changelog
@@ -1,3 +1,11 @@
+xfonts-bolkhov (1.1.20001007-8.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump dependency on trscripts to fix generated fonts when using mawk, cf.
+#979599.
+
+ -- Jochen Sprickerhof   Sat, 05 Jun 2021 23:47:31 +0200
+
 xfonts-bolkhov (1.1.20001007-8.1) unstable; urgency=medium
 
   * Non maintainer upload by the Reproducible Builds team.
diff -u xfonts-bolkhov-1.1.20001007/debian/control 
xfonts-bolkhov-1.1.20001007/debian/control
--- xfonts-bolkhov-1.1.20001007/debian/control
+++ xfonts-bolkhov-1.1.20001007/debian/control
@@ -3,7 +3,7 @@
 Section: fonts
 Priority: optional
 Standards-Version: 3.6.2
-Build-Depends: debhelper (>=9~), trscripts (>= 1.13), xfonts-utils
+Build-Depends: debhelper (>=9~), trscripts (>= 1.18+nmu2), xfonts-utils
 
 Package: xfonts-bolkhov-75dpi
 Architecture: all

Bug#989498: unblock: golang-1.15/1.15.9-5

[Shengjing Zhu]

On Sun, Jun 6, 2021 at 11:46 AM Paul Gevers  wrote:
>
> Control: tags -1 moreinfo
>
> Hi Shengjing,
>
> On 05-06-2021 13:57, Shengjing Zhu wrote:
> > Please unblock package golang-1.15
>
> You're well aware that golang builds statically so normally we're not
> done with just accepting one package. Do we now need to also rebuild
> everything that build depends on golang (I'd expect so)?

Yes. That's why the compiler is uploaded in unstable, as rebuilding in
unstable is much easier before release. We didn't manage to rebuild
any package in buster for the compiler security update after release.

> Did anything in
> the golang community get uploaded to unstable that needs reverting
> before it can migrate?

>From my observation[1], all packages are in good condition, thanks to
the freezone policy this year. Most Go packages are not key packages,
and have non-trivial autopkgtest.
+ one package still has long migration days, which is secsipidx(only 5
of 20 days old), but it will not block the migration of the Go
compiler or other packages.
+ one package won't migrate, which is kubernetes, but the
outdated-built-using rebuild script will not pick it up, as it doesn't
have built-using field. (This doesn't mean it doesn't need to be
rebuilt for the compiler security update, but no one cares about this
package).

[1] https://people.debian.org/~zhsj/out-of-sync.html

-- 
Shengjing Zhu