Bug#1041554: bookworm-pu: package openscap/1.3.7+dfsg-1+deb12u1

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: opens...@packages.debian.org, havard.f.aa...@pfft.no
Control: affects -1 + src:openscap

The application 'oscap-docker' in openscap-utils is non-functional
because of a missing dependency on python3-openscap, python3-openscap is
also missing a dependency on python3-docker, this release fixes both
issues and closes: #1040936.

[ Reason ]
Missing dependency for the package openscap-utils and python3-openscap,
most likely introduced with the update to version 1.3.5.
This stable release is the first to hold the 'oscap-docker'.

[ Impact ]
oscap-docker will not work until the users has manually added the
missing dependencies.

[ Tests ]
Manually tested with running the application with the required
dependencies installed.

[ Risks ]
I would say none, since it is only two added dependencies.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Add python3-openscap as dependency for openscap-utils and python3-docker
as dependency for python3-openscap. Added 'bookworm' as target for CI in
d/salsa-ci.yml, this change is not documented in the changelog.

[ Other info ]
No

Regards,
-- 
Håvard
diff -Nru openscap-1.3.7+dfsg/debian/changelog 
openscap-1.3.7+dfsg/debian/changelog
--- openscap-1.3.7+dfsg/debian/changelog2023-01-27 23:41:17.0 
+0100
+++ openscap-1.3.7+dfsg/debian/changelog2023-07-20 19:50:10.0 
+0200
@@ -1,3 +1,10 @@
+openscap (1.3.7+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Update dependencies for openscap-utils and python3-openscap
+Closes: #1040936
+
+ -- Håvard F. Aasen   Thu, 20 Jul 2023 19:50:10 +0200
+
 openscap (1.3.7+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru openscap-1.3.7+dfsg/debian/control openscap-1.3.7+dfsg/debian/control
--- openscap-1.3.7+dfsg/debian/control  2023-01-27 23:41:17.0 +0100
+++ openscap-1.3.7+dfsg/debian/control  2023-07-20 19:50:10.0 +0200
@@ -92,6 +92,7 @@
 Section: python
 Architecture: linux-any
 Depends: libopenscap25 (= ${binary:Version}),
+ python3-docker,
  ${misc:Depends},
  ${python3:Depends},
  ${shlibs:Depends},
@@ -167,6 +168,7 @@
 Package: openscap-utils
 Architecture: linux-any
 Depends: openscap-scanner (= ${binary:Version}),
+ python3-openscap (= ${binary:Version}),
  rpm,
  ${misc:Depends},
  ${python3:Depends},
diff -Nru openscap-1.3.7+dfsg/debian/salsa-ci.yml 
openscap-1.3.7+dfsg/debian/salsa-ci.yml
--- openscap-1.3.7+dfsg/debian/salsa-ci.yml 2023-01-27 23:41:17.0 
+0100
+++ openscap-1.3.7+dfsg/debian/salsa-ci.yml 2023-07-20 19:50:10.0 
+0200
@@ -2,3 +2,6 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
   - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  RELEASE: 'bookworm'

Bug#1033219: unblock: ghostscript/10.0.0~dfsg-10

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ghostscr...@packages.debian.org, havard.f.aa...@pfft.no
Control: affects -1 + src:ghostscript

Please unblock package ghostscript

This fix from upstream to handle an issue with cross building the package,
a regression from 9.56.1~dfsg.

The bug #717825 was definitively created for a different issue, but I
thought it would serve. It has the severity of 'wishlist' though since this
is a regression the severity could probably be higher.

[ Reason ]
Fix cross build.

[ Impact ]
The package in it's present state can't be cross built.

[ Tests ]
salsa CI was used to actually test the cross building of the package.

[ Risks ]
I consider the risk to be small, most of the related issue was a wrong
command line option.
The upstream patch removes this erroneous option and updates an if
statement in 'configure.ac'.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock ghostscript/10.0.0~dfsg-10
diff -Nru ghostscript-10.0.0~dfsg/debian/changelog 
ghostscript-10.0.0~dfsg/debian/changelog
--- ghostscript-10.0.0~dfsg/debian/changelog2022-12-12 07:45:09.0 
+0100
+++ ghostscript-10.0.0~dfsg/debian/changelog2023-03-20 09:12:00.0 
+0100
@@ -1,3 +1,10 @@
+ghostscript (10.0.0~dfsg-10) unstable; urgency=medium
+
+  * QA upload.
+  * Add patch from upstream to fix cross build. Closes: #717825
+
+ -- Håvard F. Aasen   Mon, 20 Mar 2023 09:12:00 +0100
+
 ghostscript (10.0.0~dfsg-9) unstable; urgency=medium
 
   * QA upload.
diff -Nru ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch 
ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch
--- ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch 
1970-01-01 01:00:00.0 +0100
+++ ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch 
2023-03-20 09:12:00.0 +0100
@@ -0,0 +1,36 @@
+From: Chris Liddell 
+Date: Thu, 24 Nov 2022 16:33:47 +
+Subject: [PATCH] Fix a little bitrot in the cross-compiling logic
+
+Removing the option to disable FAPI meant configuring for cross compiling would
+fail because the option being passed to the sub-call to configure would include
+an unknown command line option.
+
+Origin: upstream, 
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec
+Bug-Debian: https://bugs.debian.org/717825
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index bb57825..aa5c9ad 100644
+--- a/configure.ac
 b/configure.ac
+@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then
+   echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in
+ 
+   AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary 
tools)])
+-  "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" 
CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= 
MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only 
--disable-hidden-visibility --with-local-zlib --without-libtiff 
--disable-contrib --disable-fontconfig --disable-dbus --disable-freetype 
--disable-fapi --disable-cups --disable-openjpeg --disable-gtk 
--with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster 
--without-ijs --without-jbig2dec --without-x --with-drivers=""
++  "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" 
CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= 
MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only 
--disable-hidden-visibility --with-local-zlib --without-libtiff 
--disable-contrib --disable-fontconfig --disable-dbus --disable-freetype 
--disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no 
--without-libidn --without-libpaper --without-pdftoraster --without-ijs 
--without-jbig2dec --without-x --with-drivers=""
+   status=$?
+   cp config.log "$olddir/configaux.log"
+   if test $status -eq 0 ; then
+@@ -2482,7 +2482,7 @@ PDF=
+ PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak"
+ PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak"
+ 
+-if test x"$with_pdf" != x"no" ; then
++if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then
+ 
+   if test x"$JBIG2_DECODER" = x""; then
+   AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support])
diff -Nru ghostscript-10.0.0~dfsg/debian/patches/series 
ghostscript-10.0.0~dfsg/debian/patches/series
--- ghostscript-10.0.0~dfsg/debian/patches/series   2022-12-12 
07:45:09.0 +0100
+++ ghostscript-10.0.0~dfsg/debian/patches/series   2023-03-20 
09:12:00.0 +0100
@@ -1,3 +1,4 @@
+0001_fix_cross_compile.patch
 1004_enable_spot_devices.patch
 2001_docdir_fix_for_debian.patch
 2002_gs_man_fix_debian.patch

Bug#1029619: bullseye-pu: package ghostscript/9.53.3~dfsg-7+deb11u3

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ghostscr...@packages.debian.org, havard.f.aa...@pfft.no
Control: affects -1 + src:ghostscript

The bugs closed by this upload has only severity normal, but there are
two bugs, so I believe it is important enough to have it fixed.

[ Reason ]
The file '/usr/bin/ps2epsi' is a wrapper for 'ps2epsi.ps', and
'ps2epsi.ps' is being called with wrong path, which prevents it from
being executed.

I haven't checked when the bug was introduced, but the version in
Bullseye is the last version that as it. The patch from upstream was
included in version 9.54.

[ Impact ]
The application 'ps2epsi' will continue to be non-functional.

[ Tests ]
Did a manual test on amd64, before and after the patch to verify.

[ Risks ]
No risk.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The upstream patch updates a comment, and removes a variable.

[ Other info ]
diff -Nru ghostscript-9.53.3~dfsg/debian/changelog 
ghostscript-9.53.3~dfsg/debian/changelog
--- ghostscript-9.53.3~dfsg/debian/changelog2022-01-04 15:09:14.0 
+0100
+++ ghostscript-9.53.3~dfsg/debian/changelog2023-01-25 08:11:34.0 
+0100
@@ -1,3 +1,11 @@
+ghostscript (9.53.3~dfsg-7+deb11u3) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-pick upstream patch to fix path for PostScript helper file in
+ps2epsi. Closes: #1003926, #1029541
+
+ -- Håvard F. Aasen   Wed, 25 Jan 2023 08:11:34 +0100
+
 ghostscript (9.53.3~dfsg-7+deb11u2) bullseye-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru ghostscript-9.53.3~dfsg/debian/patches/020201214~c616676.patch 
ghostscript-9.53.3~dfsg/debian/patches/020201214~c616676.patch
--- ghostscript-9.53.3~dfsg/debian/patches/020201214~c616676.patch  
1970-01-01 01:00:00.0 +0100
+++ ghostscript-9.53.3~dfsg/debian/patches/020201214~c616676.patch  
2023-01-25 08:11:34.0 +0100
@@ -0,0 +1,33 @@
+From: Ray Johnston 
+Date: Mon, 14 Dec 2020 08:39:50 -0800
+Subject: Fix bug 703270: Wrong path for PostScript helper file in ps2epsi
+Origin: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c6166768c6e963b0fe28ccdb266629443e521381
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=703270
+Bug-Debian: https://bugs.debian.org/1003926
+Bug-Debian: https://bugs.debian.org/1029541
+
+In the change mentioned in the bug, rather than rely on the LIBPATH
+search method, the ps2epsi script assumed that pd2epsi.ps would be
+in the same directory as the 'gs' executable, which is not correct.
+
+Change to use bare 'ps2epsi.ps' so that it will be found on the
+LIBPATH as instialled by: make install
+---
+ lib/ps2epsi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/ps2epsi b/lib/ps2epsi
+index 7590cb5a7..dbfc9fb3d 100755
+--- a/lib/ps2epsi
 b/lib/ps2epsi
+@@ -40,8 +40,8 @@ else
+   outfile=$2
+ fi
+ 
+-# Note, we expect 'ps2epsi.ps' to be in the same directory as 'ps2epsi'
++# Note, we expect 'ps2epsi.ps' to be on one of the search paths which can be 
seen by: gs -h
+ "$GS_EXECUTABLE" -q -dNOOUTERSAVE -dNODISPLAY -dLastPage=1 
-sOutputFile="${outfile}" \
+-  --permit-file-all="${infile}" -- "$LIBDIR/ps2epsi.ps"  
"${infile}" 1>&2
++  --permit-file-all="${infile}" -- ps2epsi.ps  "${infile}" 1>&2
+ 
+ exit 0
diff -Nru ghostscript-9.53.3~dfsg/debian/patches/series 
ghostscript-9.53.3~dfsg/debian/patches/series
--- ghostscript-9.53.3~dfsg/debian/patches/series   2022-01-04 
15:09:14.0 +0100
+++ ghostscript-9.53.3~dfsg/debian/patches/series   2023-01-25 
08:11:34.0 +0100
@@ -1,6 +1,7 @@
 020201007~c6ce09a.patch
 020201028~41ef9a0.patch
 020201120~bd48c43.patch
+020201214~c616676.patch
 020210130~d787dad.patch
 020210201~41130dd.patch
 020210212~7861fca.patch

Bug#997222: libexplain: FTBFS in bullseye

[Håvard Flaget Aasen]

tir. 6. des. 2022 kl. 00:20 skrev Santiago Vila :
>
> Hi.
>
> I'm considering to make an upload to fix this in bullseye.
>
> Am I right to think that the termiox patch with the following changelog
> entry is also desirable to be able to build from bullseye+recent kernel?
>
>- Patch: termiox removed since kernel 5.12, from ALT Linux.
>

Yes, this still still seems to be the right thing to do.
I see that the release that resides in Sid/testing hasn't been pushed
to the correct repo on salsa. If it is of interest, the commit can be
found in my fork [1]

Regards,
Håvard

[1] 
https://salsa.debian.org/haava/libexplain/-/commit/cbda43b911408c6aae87321773ce1529526fba01

Bug#1002030: RFS: swish++/6.1.5-6 [QA] [RC] -- Simple Document Indexing System for Humans: C++ version

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "swish++":

 * Package name: swish++
   Version : 6.1.5-6
   Upstream Author :
 * URL : http://swishplusplus.sourceforge.net/
 * License :
 * Vcs : https://salsa.debian.org/debian/swishplusplus
   Section : web

It builds those binary packages:

  swish++ - Simple Document Indexing System for Humans: C++ version

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/swish++/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/s/swish++/swish++_6.1.5-6.dsc

Changes since the last upload:

 swish++ (6.1.5-6) unstable; urgency=medium
 .
   [ Tobias Frost ]
   * QA upload.
   * Moved repository to salsa.debian.org.
 .
   [ Ondřej Nový ]
   * d/changelog: Remove trailing whitespaces
   * d/rules: Remove trailing whitespaces
   * d/watch: Use https protocol
 .
   [ Debian Janitor ]
   * Trim trailing whitespace.
   * Add missing ${misc:Depends} to Depends for swish++.
   * debian/rules: Use dh_prep rather than "dh_clean -k".
   * Set debhelper-compat version in Build-Depends.
   * Remove patches fix_splitmail_manpage that are missing from
 debian/patches/series.
 .
   [ Håvard Flaget Aasen ]
   * Refresh all patches using quilt.
   * Change to dh sequencer. Closes: #838727
 - This includes target build-arch and build-indep. Closes: #998917
 - Build also respects DEB_BUILD_OPTIONS nostrip and noopt. Closes:
#908047
   * d/watch: Bump to version 4.
   * Change capitalization on Vcs* fields.
   * Bump debhelper to 13.
   * Drop quilt as build dependency.
   * Convert d/email_indexing/nnir.el to utf-8
   * Document Root-Requires-Root.
   * Update Standards-Version to 4.6.0.

Regards,
Håvard

Bug#1000953: c-blosc: FTBFS on mips64el

[Håvard Flaget Aasen]

ons. 1. des. 2021 kl. 11:39 skrev Bastian Germann :
>
> Source: c-blosc
> Severity: serious
> Version: 1.21.1+ds2-1
>
> The build fails on mips64el with:
>
> 98% tests passed, 35 tests failed out of 1651
>
> Total Test time (real) = 452.24 sec
>
> The following tests FAILED:
>   1 - test_api (Failed)
>   2 - test_bitshuffle_leftovers (Failed)
> 270 - test_compressor (Failed)
> 672 - test_noinit (Failed)
> 673 - test_nolock (Failed)
> 674 - test_nthreads (Failed)
> 1606 - test_compat_blosc-1.11.1-blosclz.cdata (Failed)
> 1607 - test_compat_blosc-1.11.1-lz4.cdata (Failed)
> 1608 - test_compat_blosc-1.11.1-lz4hc.cdata (Failed)
> 1609 - test_compat_blosc-1.11.1-snappy.cdata (Failed)
> 1610 - test_compat_blosc-1.11.1-zlib.cdata (Failed)
> 1611 - test_compat_blosc-1.11.1-zstd.cdata (Failed)
> 1612 - test_compat_blosc-1.14.0-blosclz.cdata (Failed)
> 1613 - test_compat_blosc-1.14.0-lz4.cdata (Failed)
> 1614 - test_compat_blosc-1.14.0-lz4hc.cdata (Failed)
> 1615 - test_compat_blosc-1.14.0-snappy.cdata (Failed)
> 1616 - test_compat_blosc-1.14.0-zlib.cdata (Failed)
> 1617 - test_compat_blosc-1.14.0-zstd.cdata (Failed)
> 1618 - test_compat_blosc-1.18.0-blosclz-bitshuffle.cdata (Failed)
> 1619 - test_compat_blosc-1.18.0-blosclz.cdata (Failed)
> 1620 - test_compat_blosc-1.18.0-lz4-bitshuffle.cdata (Failed)
> 1621 - test_compat_blosc-1.18.0-lz4.cdata (Failed)
> 1622 - test_compat_blosc-1.18.0-lz4hc.cdata (Failed)
> 1623 - test_compat_blosc-1.18.0-zlib.cdata (Failed)
> 1624 - test_compat_blosc-1.18.0-zstd.cdata (Failed)
> 1625 - test_compat_blosc-1.3.0-blosclz.cdata (Failed)
> 1626 - test_compat_blosc-1.3.0-lz4.cdata (Failed)
> 1627 - test_compat_blosc-1.3.0-lz4hc.cdata (Failed)
> 1628 - test_compat_blosc-1.3.0-snappy.cdata (Failed)
> 1629 - test_compat_blosc-1.3.0-zlib.cdata (Failed)
> 1630 - test_compat_blosc-1.7.0-blosclz.cdata (Failed)
> 1631 - test_compat_blosc-1.7.0-lz4.cdata (Failed)
> 1632 - test_compat_blosc-1.7.0-lz4hc.cdata (Failed)
> 1633 - test_compat_blosc-1.7.0-snappy.cdata (Failed)
> 1634 - test_compat_blosc-1.7.0-zlib.cdata (Failed)
> Errors while running CTest
> make[1]: *** [Makefile:94: test] Error 8
> make[1]: Leaving directory '/<>/obj-mips64el-linux-gnuabi64'
> dh_auto_test: error: cd obj-mips64el-linux-gnuabi64 && make -j4 test 
> ARGS\+=--verbose ARGS\+=-j4 returned exit code 2
>

I believe it's related to cmake and the recently updated package.
The previous version of c-blosc (1.21.1+ds1-1) uploaded 2021-10-08
used cmake with version 3.21.3-4, it built successfully. Building
c-blosc with the current version of cmake fails, as does the earlier
versions of c-blosc, I tested 1.17.1+ds1-1, 1.20.1+ds1-2 and
1.21.1+ds1-1. What's strange is that it's only on mips64el the
testsuite fails, none of the other architectures seems to be affected.
I have yet to discover where the fault lies, if it's cmake itself or
the CMakeLists.txt in c-blosc.

The solution to make the testsuite succeed is to override the cmake
flag provided by debhelper '-DCMAKE_BUILD_TYPE=None' Changing this to
'Release' is enough to make the testsuite succeed.


Regards,
Håvard

Bug#999802: RFS: libexplain/1.4.D001-12 [QA] [RC] -- library of system-call-specific strerror repl - development files

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "libexplain":

 * Package name: libexplain
   Version : 1.4.D001-12
   Upstream Author : Peter Miller 
 * URL : http://libexplain.sourceforge.net/
 * License : GPL-3+, LGPL-3+
 * Vcs : https://salsa.debian.org/debian/libexplain
   Section : devel

It builds those binary packages:

  explain - utility to explain system call errors
  libexplain-doc - library of system-call-specific strerror repl - documentation
  libexplain51 - library of system-call-specific strerror repl
  libexplain-dev - library of system-call-specific strerror repl -
development files

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/libexplain/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/libe/libexplain/libexplain_1.4.D001-12.dsc

Changes since the last upload:

 libexplain (1.4.D001-12) unstable; urgency=medium
 .
   * QA upload.
   * Patch: Linux 5.11 no longer has if_frad.h, from Ubuntu. Closes: #997222
   * Patch: termiox removed since kernel 5.12, from ALT Linux.
   * Patch: Change from which -> command -v
   * d/watch: Update to version 4.
   * Add d/clean to avoid FTBFSx2, from Ubuntu.

Regards,
Håvard

Bug#996808: RFS: zope.schema/6.2.0-1 [QA] -- zope.interface extension for defining data schemas

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.schema":

 * Package name: zope.schema
   Version : 6.2.0-1
   Upstream Author : Zope Foundation and Contributors 
 * URL : https://github.com/zopefoundation/zope.schema
 * License : Zope-2.1
 * Vcs :
   Section : zope

It builds those binary packages:

  python3-zope.schema - zope.interface extension for defining data schemas

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.schema/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/z/zope.schema/zope.schema_6.2.0-1.dsc

Changes since the last upload:

 zope.schema (6.2.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream version 6.2.0
   * d/watch: Update version to 4
   * d/control:
 - Change homepage to GitHub
 - Update Standards-Version to 4.6.0

Regards,
Håvard

Bug#995841: RFS: c-blosc/1.21.1+ds1-1 [ITA] -- high performance meta-compressor optimized for binary data

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "c-blosc":

 * Package name: c-blosc
   Version : 1.21.1+ds1-1
   Upstream Author : Blosc Development Team 
 * URL : https://blosc.org/
 * License : Expat, BSD-3-clause
 * Vcs : https://salsa.debian.org/debian/c-blosc
   Section : libs

It builds those binary packages:

  libblosc1 - high performance meta-compressor optimized for binary data
  libblosc-dev - high performance meta-compressor optimized for binary
data (development files)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/c-blosc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/c/c-blosc/c-blosc_1.21.1+ds1-1.dsc

Changes since the last upload:

 c-blosc (1.21.1+ds1-1) unstable; urgency=medium
 .
   * New upstream release
   * Adopt package. Closes: #945176
   * d/watch: Update URL to GitHub.
   * d/control:
 - Drop version constriction on build-dependency
 - Update Standards-Version to 4.6.0
   * d/copyright: Update mail address.

Regards,
Håvard

Bug#995290: wand: FTBFS with imagemagick 6.9.12.20

[Håvard Flaget Aasen]

Control: tags -1 moreinfo

On Wed, 29 Sep 2021 10:26:41 +0200 Johannes Schauer Marin Rodrigues
 wrote:
> Source: wand
> Severity: serious
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
> Control: block #994540 by -1
>
> Hi,
>
> wand FTBFS with imagemagick 8:6.9.12.20+dfsg1-1.1 from experimental. The
> build log is attached. It seems the new imagemagick version needs some
> changes to the expected hashes in the tests.
>
> Thanks!
>
> cheers, josch

Hi,

It looks like Imagemagick has changed some configure options. In
commit [1] they changed support for FFTW from default enabled to
default disabled. Was it your intent to drop support for FFTW? If so,
I need to disable the corresponding tests.

This should only affect two of the tests, I can't reproduce the
strange color failures.

Håvard


[1] 
https://github.com/ImageMagick/ImageMagick6/commit/3e34aa8bdf295e0a9d1630eab6c45cbdc2d90d4f#diff-49473dca262eeab3b4a43002adb08b4db31020d190caaad1594b47f1d5daa810

Bug#994149: RFS: mailnag/2.2.0-1 [QA] -- extensible mail notification daemon

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "mailnag":

 * Package name: mailnag
   Version : 2.2.0-1
   Upstream Author : Patrick Ulbrich 
 * URL : https://github.com/pulb/mailnag
 * License : CC0-1.0, GPL-2.0+, Python-2.0
 * Vcs :
   Section : mail

It builds those binary packages:

  mailnag - extensible mail notification daemon

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/mailnag/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/m/mailnag/mailnag_2.2.0-1.dsc

Changes since the last upload:

 mailnag (2.2.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream version 2.2.0
   * Set Maintainer to Debian QA Group. see #968540
   * d/control:
 - Remove Vcs-* entries, no longer exists.
 - Add Rules-Requires-Root: no
 - Bump debhelper to 13
 - Update Standards-Version to 4.6.0
   * d/watch: Update to version 4
   * Add metadata file.
   * d/copyright:
 - Change URL to https
 - Update years
 - Add new copyright entries.

Regards,
Håvard

Bug#994143: RFS: gnome-shell-mailnag/40.0-1 [QA] [RC] -- mail notification extension for GNOME Shell

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "gnome-shell-mailnag":

 * Package name: gnome-shell-mailnag
   Version : 40.0-1
   Upstream Author :
 * URL : https://github.com/pulb/mailnag-gnome-shell
 * License : GPL-2.0+, BSD-3-clause
 * Vcs :
   Section : gnome

It builds those binary packages:

  gnome-shell-mailnag - mail notification extension for GNOME Shell

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/gnome-shell-mailnag/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/g/gnome-shell-mailnag/gnome-shell-mailnag_40.0-1.dsc

Changes since the last upload:

 gnome-shell-mailnag (40.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream version 40.0
 - Compatible with GNOME 40. Closes: #993203
   * d/control:
 - Remove Vcs-* entries, no longer exists.
 - Update Standards-Version to 4.6.0
 - Use debhelper-compat and bump debhelper to 13
 - Add Rules-Requires-Root: no
   * d/watch: Update URL.
   * d/rules:
 - Add compiler hardening
 - Remove trailing whitespace
   * d/copyright: Update years
   * d/upstream/metadata: Add Bug-Database, Bug-Submit, Repository
 and Repository-Browse.

Regards,
Håvard

Bug#994110: RFS: python-mongoengine/0.23.1-1 -- Python Document-Object Mapper for working with MongoDB

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-mongoengine":

 * Package name: python-mongoengine
   Version : 0.23.1-1
   Upstream Author : Harry Marr 
 * URL : http://mongoengine.org/
 * License : MIT
 * Vcs :
https://salsa.debian.org/python-team/packages/python-mongoengine
   Section : python

It builds those binary packages:

  python-mongoengine-doc - Python Document-Object Mapper for working
with MongoDB (documentation)
  python3-mongoengine - Python 3 Document-Object Mapper for working with
MongoDB

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-mongoengine/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-mongoengine/python-mongoengine_0.23.1-1.dsc

Changes since the last upload:

 python-mongoengine (0.23.1-1) unstable; urgency=medium
 .
   * New upstream version 0.23.1
   * Drop old patch, no longer needed.
   * Add patch to disable sphinx extension.
   * d/gbp.conf: Added new file.
   * d/control: Update Standards-Version to 4.6.0

Regards,
Håvard

Bug#992824: RFS: mwclient/0.10.1-2 -- MediaWiki API client in Python

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "mwclient":

 * Package name: mwclient
   Version : 0.10.1-2
   Upstream Author : Dan Michael O. Heggø 
 * URL : https://github.com/mwclient/mwclient
 * License : MIT
 * Vcs : https://salsa.debian.org/python-team/packages/mwclient
   Section : python

It builds those binary packages:

  python3-mwclient - MediaWiki API client in Python

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/mwclient/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/m/mwclient/mwclient_0.10.1-2.dsc

Changes since the last upload:

 mwclient (0.10.1-2) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/control: Update Maintainer field with new Debian Python Team
 contact address.
   * d/control: Update Vcs-* fields with new Debian Python Team Salsa
 layout.
 .
   [ Håvard Flaget Aasen ]
   * d/watch: Update to version 4.
   * Add autopkgtest
   * Move disabling of test from patch to d/rules.
   * d/patches: Add "Forwarded" to comply with DEP-3.
   * d/gbp.conf: Make debian/master default branch.
   * d/control: Update Standards-Version to 4.6.0

Regards,
Håvard

Bug#992822: RFS: sanlock/3.8.4-1 -- Shared storage lock manager

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "sanlock":

 * Package name: sanlock
   Version : 3.8.4-1
   Upstream Author : [fill in name and email of upstream]
 * URL : https://www.pagure.io/sanlock/
 * License : LGPL-2.1+, GPL-2+
 * Vcs : https://salsa.debian.org/haava/sanlock
   Section : libs

It builds those binary packages:

  python3-sanlock - Python3 bindings to shared storage lock manager
  libsanlock-dev - Shared storage lock manager (development files)
  libsanlock1 - Shared storage lock manager (shared library)
  libsanlock-client1 - Shared storage lock manager (client library)
  sanlk-reset - Host reset daemon and client using sanlock
  sanlock - Shared storage lock manager

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/sanlock/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_3.8.4-1.dsc

Changes since the last upload:

 sanlock (3.8.4-1) unstable; urgency=medium
 .
   * New upstream version 3.8.4
   * upload to unstable
   * d/README.Source: Remove file, information no longer applies.
   * Move package into Vcs repository
   * Add Build-Profile nopython


There are some lintian errors "systemd-service-file-outside-lib". This
has been addressed in lintian.[1] For some reasons they don't show up
on the mentors site.

Regards,
Håvard

[1] https://bugs.debian.org/992465

Bug#992671: RFS: zope.hookable/5.1.0-1 [QA] -- Hookable object support

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.hookable":

 * Package name: zope.hookable
   Version : 5.1.0-1
   Upstream Author : Zope Corporation and Contributors 
 * URL : https://github.com/zopefoundation/zope.hookable
 * License : Zope-2.1
 * Vcs : [fill in URL of packaging vcs]
   Section : zope

It builds those binary packages:

  python3-zope.hookable - Hookable object support

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.hookable/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/z/zope.hookable/zope.hookable_5.1.0-1.dsc

Changes since the last upload:

 zope.hookable (5.1.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream version 5.1.0
   * d/control:
 - Change homepage, point to GitHub
 - Update Standards-Version to 4.6.0
 - Bump debhelper to 13
   * d/watch: Update version to 4

Regards,
Håvard

Bug#992487: RFS: wand/0.6.7-1 -- Python interface for ImageMagick library

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "wand":

 * Package name: wand
   Version : 0.6.7-1
   Upstream Author : E. McConville 
 * URL : https://github.com/emcconville/wand
 * License : Expat, BSD-3-clause
 * Vcs : https://salsa.debian.org/debian/wand
   Section : python

It builds those binary packages:

  wand-doc - Python interface for ImageMagick library (documentation)
  pypy-wand - Python interface for ImageMagick library (PyPy)
  python3-wand - Python interface for ImageMagick library (Python 3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/wand/

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/w/wand/wand_0.6.7-1.dsc

Changes since the last upload:

 wand (0.6.7-1) unstable; urgency=medium
 .
   * New upstream version 0.6.7
   * Rebase patch
   * d/control: Update Standards-Version to 4.6.0
   * Re-enable all tests.

Regards,
Håvard

Bug#992232: RFS: python-jsbeautifier/1.14.0-1 -- JavaScript unobfuscator and beautifier

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-jsbeautifier":

 * Package name: python-jsbeautifier
   Version : 1.14.0-1
   Upstream Author : Liam Newman, Einar Lielmanis, et al. 
 * URL : https://github.com/beautify-web/js-beautify
 * License : MIT
 * Vcs : https://salsa.debian.org/debian/python-jsbeautifier
   Section : python

It builds those binary packages:

  jsbeautifier - JavaScript unobfuscator and beautifier
  python3-jsbeautifier - JavaScript unobfuscator and beautifier (python3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-jsbeautifier/

Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/p/python-jsbeautifier/python-jsbeautifier_1.14.0-1.dsc

Changes since the last upload:

 python-jsbeautifier (1.14.0-1) unstable; urgency=medium
 .
   * New upstream version 1.14.0
   * Rebase patch.
   * d/watch: Bump version to 4
   * d/control: Update Standards-Version to 4.5.1
   * d/copyright: Add myself
   * d/source/options: Add extend-diff-ignore

Regards,
Håvard

Bug#992175: RFS: htmldoc/1.9.12-1 -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.12-1
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : Apache-2.0 with (L)GPL-2 exception, BSD-2-Clause,
GPL-2, bitstream, Apache-2.0, zlib, MIT-CMU, GPL-2 with document exception
 * Vcs : https://salsa.debian.org/haava/htmldoc
   Section : web

It builds those binary packages:

  htmldoc-common - Common arch-independent files for htmldoc
  htmldoc - HTML processor that generates indexed HTML, PS, and PDF

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.12-1.dsc

Changes since the last upload:

 htmldoc (1.9.12-1) unstable; urgency=medium
 .
   * New upstream version 1.9.12
   * Update patches
   * d/rules: Prevent automake and autoheader being run.
   * d/copyright: Remove entries for third-party libraries.
   * d/copyright: Update copyright year and fixed a typo.
   * Run wrap-and-sort -at
   * Move package into Vcs repository

Regards,
Håvard

Bug#991080: RFS: dhelp/0.6.27 [QA] [RC] -- online help system

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "dhelp":

 * Package name: dhelp
   Version : 0.6.27
   Upstream Author : [fill in name and email of upstream]
 * URL : [fill in URL of upstream's web site]
 * License : [fill in]
 * Vcs : https://salsa.debian.org/debian/dhelp
   Section : doc

It builds those binary packages:

  dhelp - online help system

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/dhelp/

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/d/dhelp/dhelp_0.6.27.dsc

Changes since the last upload:

 dhelp (0.6.27) unstable; urgency=medium
 .
   * QA upload.
   * d/cron.monthly: Update xargs command. Closes: #990048

Upload has been approved by the release team, bug #991035

Regards,
Håvard

Bug#991035: unblock: dhelp/0.6.27

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package dhelp

Changes consist of updating the command line parameter to xargs, in the
cron.monthly script.

[ Reason ]
Bug #990048

[ Impact ]
The monthly cron script fails, which in turn isn't cleaning the
necessary directory.

[ Tests ]
Manually tested after the change.

[ Risks ]
Small

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock dhelp/0.6.27
diff -Nru dhelp-0.6.26/debian/changelog dhelp-0.6.27/debian/changelog
--- dhelp-0.6.26/debian/changelog   2019-06-24 21:40:44.0 +0200
+++ dhelp-0.6.27/debian/changelog   2021-07-13 11:57:45.0 +0200
@@ -1,3 +1,10 @@
+dhelp (0.6.27) unstable; urgency=medium
+
+  * QA upload.
+  * d/cron.monthly: Update xargs command. Closes: #990048
+
+ -- Håvard Flaget Aasen   Tue, 13 Jul 2021 11:57:45 
+0200
+
 dhelp (0.6.26) unstable; urgency=medium
 
   * QA upload.
diff -Nru dhelp-0.6.26/debian/cron.monthly dhelp-0.6.27/debian/cron.monthly
--- dhelp-0.6.26/debian/cron.monthly2019-06-24 21:40:44.0 +0200
+++ dhelp-0.6.27/debian/cron.monthly2021-07-13 11:42:58.0 +0200
@@ -23,6 +23,6 @@
 ls *.index-log.* \
 | sort --numeric-sort --field-separator='-' --key=1,4 --key=6,7 --key=9,10 
\
 | head --lines=-5 \
-| xargs --no-run-if-empty --max-args=1 --max-lines=1 rm -f
+| xargs --no-run-if-empty --max-args=1 rm -f
   )
 fi

Bug#989682: RFS: libexplain/1.4.D001-11 [QA] [RC] -- library of system-call-specific strerror repl - development files

[Håvard Flaget Aasen]

> 
> The unblock request is bug #989681 [0], not confirmed yet.
> 

Unblock request was approved earlier today.


Håvard

Bug#989682: RFS: libexplain/1.4.D001-11 [QA] [RC] -- library of system-call-specific strerror repl - development files

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "libexplain":

 * Package name: libexplain
   Version : 1.4.D001-11
   Upstream Author : Peter Miller 
 * URL : http://libexplain.sourceforge.net/
 * License : GPL-3+, LGPL-3+
 * Vcs : https://salsa.debian.org/debian/libexplain
   Section : devel

It builds those binary packages:

  explain - utility to explain system call errors
  libexplain-doc - library of system-call-specific strerror repl -
documentation
  libexplain51 - library of system-call-specific strerror repl
  libexplain-dev - library of system-call-specific strerror repl -
development files

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/libexplain/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/libe/libexplain/libexplain_1.4.D001-11.dsc

Changes since the last upload:

 libexplain (1.4.D001-11) unstable; urgency=medium
 .
   * QA upload.
   * d/control: Add libacl1-dev as dependency Closes: #962342


The unblock request is bug #989681 [0], not confirmed yet.

Regards,
Håvard

[0] https://bugs.debian.org/989681

Bug#989681: unblock: libexplain/1.4.D001-11

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: haavard_aa...@yahoo.no

Please unblock package libexplain

Add missing dependency for package libexplain-dev Closes: #962342

[ Tests ]
Confirmed what the submitter wrote in the bug report.

[ Risks ]
None.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock libexplain/1.4.D001-11


*** libexplain.debdiff
diff -Nru libexplain-1.4.D001/debian/changelog 
libexplain-1.4.D001/debian/changelog
--- libexplain-1.4.D001/debian/changelog2020-05-18 16:16:07.0 
+0200
+++ libexplain-1.4.D001/debian/changelog2021-06-09 22:23:28.0 
+0200
@@ -1,3 +1,10 @@
+libexplain (1.4.D001-11) unstable; urgency=medium
+
+  * QA upload.
+  * d/control: Add libacl1-dev as dependency Closes: #962342
+
+ -- Håvard Flaget Aasen   Wed, 09 Jun 2021 22:23:28 
+0200
+
 libexplain (1.4.D001-10) unstable; urgency=medium
 
   [ Andreas Beckmann ]
diff -Nru libexplain-1.4.D001/debian/control libexplain-1.4.D001/debian/control
--- libexplain-1.4.D001/debian/control  2020-05-18 16:16:07.0 +0200
+++ libexplain-1.4.D001/debian/control  2021-06-09 22:20:43.0 +0200
@@ -63,6 +63,7 @@
  .
  This package contains the development files.
 Depends:
+ libacl1-dev,
  libexplain51 (= ${binary:Version}),
  lsof,
  ${misc:Depends},

Bug#989536: RFS: htmldoc/1.9.11-4 -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.11-4
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : IJG, zlib, MIT-CMU, BSD-2-Clause, Apache-2.0 with
(L)GPL-2 exception, GPL-2, PNG, GPL-2 with document exception,
bitstream, Apache-2.0
   Section : web

It builds those binary packages:

  htmldoc - HTML processor that generates indexed HTML, PS, and PDF
  htmldoc-common - Common arch-independent files for htmldoc

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.11-4.dsc

Changes since the last upload:

 htmldoc (1.9.11-4) unstable; urgency=medium
 .
   * Add patches to fix many CVE's. Closes: #989437
 Fix: CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191,
 CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, CVE-2021-26948.
   * Switch to DEP-14 layout


Unblock request has been confirmed [0]

Regards,
Håvard

[0] https://bugs.debian.org/989448

Bug#989448: unblock: htmldoc/1.9.11-4

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: haavard_aa...@yahoo.no

Please unblock package htmldoc

This release adds patches to fix 8 CVE's and closes: #989437.

There are two things which is not needed in this release.
Though the changes is not related to the code. I added the file
'debian/gbp.conf' since I changed the repository layout. I also fixed a
minor error in the previous changelog entry, added a missing '#' in a
'close bug' statement.

[ Reason ]
CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191,
CVE-2021-23206, CVE-2021-26252, CVE-2021-26259 and CVE-2021-26948

[ Impact ]

[ Tests ]
I have manually tested CVE-2021-23158, CVE-2021-23165, CVE-2021-23180,
CVE-2021-23206 and CVE-2021-26252
The issues in GitHub provided files that failed, before the fix was
applied, and succeeded with this release.

[ Risks ]
I consider this to be of minor risk. Code is coming from upstream, which
also has released a new version with the changes.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]

unblock htmldoc/1.9.11-4

Regards,
Håvard
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.0 +0200
+++ htmldoc-1.9.11/debian/changelog 2021-06-03 21:29:16.0 +0200
@@ -1,7 +1,16 @@
+htmldoc (1.9.11-4) unstable; urgency=medium
+
+  * Add patches to fix many CVE's. Closes: #989437
+Fix: CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191,
+CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, CVE-2021-26948.
+  * Switch to DEP-14 layout
+
+ -- Håvard Flaget Aasen   Thu, 03 Jun 2021 21:29:16 
+0200
+
 htmldoc (1.9.11-3) unstable; urgency=medium
 
   * Add patch to mitigate buffer-overflow caused by integer-overflow in
-image_load_gif() Closes: 984765 and fixes CVE-2021-20308
+image_load_gif() Closes: #984765 and fixes CVE-2021-20308
 
  -- Håvard Flaget Aasen   Mon, 10 May 2021 16:10:41 
+0200
 
diff -Nru htmldoc-1.9.11/debian/gbp.conf htmldoc-1.9.11/debian/gbp.conf
--- htmldoc-1.9.11/debian/gbp.conf  1970-01-01 01:00:00.0 +0100
+++ htmldoc-1.9.11/debian/gbp.conf  2021-05-23 08:32:55.0 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = debian/latest
+upstream-branch = upstream/latest
diff -Nru 
htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
 
htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
--- 
htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
1970-01-01 01:00:00.0 +0100
+++ 
htmldoc-1.9.11/debian/patches/CVE-2021-23158-CVE-2021-23191-CVE-2021-26252.patch
2021-06-03 21:29:16.0 +0200
@@ -0,0 +1,128 @@
+From: Michael R Sweet 
+Date: Thu, 1 Apr 2021 09:37:58 -0400
+Subject: CVE-2021-23158, CVE-2021-23191, CVE-2021-26252
+
+Fix JPEG error handling (Issue #415)
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+Bug: https://github.com/michaelrsweet/htmldoc/issues/412
+Bug: https://github.com/michaelrsweet/htmldoc/issues/414
+Bug: https://github.com/michaelrsweet/htmldoc/issues/415
+Bug-Debian: https://bugs.debian.org/989437
+---
+ htmldoc/file.c |  9 -
+ htmldoc/image.cxx  | 38 +++---
+ htmldoc/ps-pdf.cxx |  5 +
+ 3 files changed, 44 insertions(+), 8 deletions(-)
+
+diff --git a/htmldoc/file.c b/htmldoc/file.c
+index 20229c1..9f017de 100644
+--- a/htmldoc/file.c
 b/htmldoc/file.c
+@@ -1000,8 +1000,15 @@ file_rlookup(const char *filename)  /* I - Filename 
*/
+ 
+ 
+   for (i = web_files, wc = web_cache; i > 0; i --, wc ++)
++  {
+ if (!strcmp(wc->name, filename))
+-  return (wc->url);
++{
++  if (!strncmp(wc->url, "data:", 5))
++return ("data URL");
++  else
++return (wc->url);
++}
++  }
+ 
+   return (filename);
+ }
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 8f53050..74abfac 100644
+--- a/htmldoc/image.cxx
 b/htmldoc/image.cxx
+@@ -1336,6 +1336,15 @@ image_load_gif(image_t *img,/* I - Image pointer */
+ }
+ 
+ 
++typedef struct hd_jpeg_err_s  // JPEG error manager extension
++{
++  struct jpeg_error_mgr   jerr;   // JPEG error manager information
++  jmp_buf retbuf; // setjmp() return buffer
++  charmessage[JMSG_LENGTH_MAX];
++  // Last error message
++} hd_jpeg_err_t;
++
++
+ /*
+  * 'image_load_jpeg()' - Load a JPEG image file.
+  */
+@@ -1347,14 +1356,21 @@ image_load_jpeg(image_t *img,  /* I - Image pointer */
+ int load_data)/* I - 1 = load image data, 0 = just info */
+ {
+   struct jpeg_decompress_struct   cinfo;  /* Decompresso

Bug#989312: RFS: ircii/20210314+really20190117-1 [QA] [RC] -- Internet Relay Chat client

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "ircii":

 * Package name: ircii
   Version : 20210314+really20190117-1
   Upstream Author : [fill in name and email of upstream]
 * URL : http://www.eterna.com.au/ircii/
 * License : MIT-Old-Style-with-legal-disclaimer-2,
public-domain, BSD-2-Clause, Custom, GPL-2.0+, BSD-3-Clause
 * Vcs : https://salsa.debian.org/debian/ircii
   Section : net

It builds those binary packages:

  ircii - Internet Relay Chat client

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/ircii/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/i/ircii/ircii_20210314+really20190117-1.dsc

Changes since the last upload:

 ircii (20210314+really20190117-1) unstable; urgency=medium
 .
   * QA upload.
   * Revert to previous release, because of freeze.
   * Add patch to Fix CVE-2021-29376 Closes: #986214


I got confirmation that this release will be unblocked and accepted into
testing [0]

Regards,
Håvard

[0] https://bugs.debian.org/989273

Bug#989273: unblock: ircii/20210314+really20190117-1

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: haavard_aa...@yahoo.no

Please unblock package ircii

I reverted all changes made for the current 20210314 release and added a
patch to fix CVE-2020-29376 which also Closes: #986214

The patch has been sourced from upstream, and is also approved for buster.

[ Reason ]
fix denial of service issue [CVE-2021-29376]

[ Impact ]
The CVE's description is:
allows remote attackers to cause a denial of service (segmentation
fault and client crash, disconnecting the victim from an IRC server)
via a crafted CTCP UTC message.

[ Tests ]
I did test these changes and can confirm that this patch fix
CVE-2021-29376

[ Risks ]
Minimal.
The code is taken from upstream.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
No

unblock ircii/20210314+really20190117-1


Håvard
diff -Nru ircii-20190117/debian/changelog 
ircii-20210314+really20190117/debian/changelog
--- ircii-20190117/debian/changelog 2019-02-21 05:35:56.0 +0100
+++ ircii-20210314+really20190117/debian/changelog  2021-05-30 
22:39:28.0 +0200
@@ -1,3 +1,38 @@
+ircii (20210314+really20190117-1) unstable; urgency=medium
+
+  * QA upload.
+  * Revert to previous release, because of freeze.
+  * Add patch to Fix CVE-2021-29376 Closes: #986214
+
+ -- Håvard Flaget Aasen   Sun, 30 May 2021 22:39:28 
+0200
+
+ircii (20210314-1) unstable; urgency=medium
+
+  * QA Upload.
+  [ Debian Janitor ]
+  * Set debhelper-compat version in Build-Depends.
+  * Changes Urgency by urgency in changelog file.
+
+  * New upstream release.
+Fix (CVE-2021-29376). (Closes: #986214).
+  * debian/control
++ Bump Standards-Version to 4.5.1. (no changes).
++ Bump Debhelper-compat to 13.
++ Add Rules-Requires-Root: no.
+  * debian/patches
++ Refresh:
+  + 0008-fix-spelling-error.diff
+  + 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
+  + 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
+  + 0006-fix-some-spelling-errors.patch
+  * debian/rules
++ Remove --as-needed linker flag.
+  * debian/watch
++ Update to version 4.
+  * Update copyright file.
+
+ -- Daniel Echeverri   Sun, 11 Apr 2021 11:19:42 -0500
+
 ircii (20190117-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 
ircii-20210314+really20190117/debian/patches/0009-Fix-CVE-2021-29376.patch
--- ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 1970-01-01 
01:00:00.0 +0100
+++ ircii-20210314+really20190117/debian/patches/0009-Fix-CVE-2021-29376.patch  
2021-05-30 22:39:28.0 +0200
@@ -0,0 +1,44 @@
+From: Håvard Flaget Aasen 
+Date: Thu, 13 May 2021 21:39:51 +0200
+Subject: Fix CVE-2021-29376
+
+CVE-2021-29376 allows remote attackers to cause a denial of service
+(segmentation fault and client crash, disconnecting the victim from an IRC
+server) via a crafted CTCP UTC message.
+
+Bug-Debian: https://bugs.debian.org/#986214
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-29376
+---
+ source/ctcp.c | 15 +--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/source/ctcp.c b/source/ctcp.c
+index 1a714c6..c5ddde0 100644
+--- a/source/ctcp.c
 b/source/ctcp.c
+@@ -536,12 +536,23 @@ do_utc(CtcpEntry *ctcp, u_char *from, u_char *to, u_char 
*args)
+ {
+   time_t  tm;
+   u_char  *date = NULL;
++  char*curtime;
+ 
+   if (!args || !*args)
+   return NULL;
+   tm = my_atol(args);
+-  malloc_strcpy(, UP(ctime()));
+-  date[my_strlen(date)-1] = '\0';
++  curtime = ctime();
++  if (curtime)
++  {
++  u_char *s = my_index(curtime, '\n');
++  if (s)
++  *s = '\0';
++
++  malloc_strcpy(, UP(curtime));
++  }
++  else
++  /* if we can't find a time, just return the number */
++  malloc_strcpy(, args);
+   return date;
+ }
+ 
diff -Nru ircii-20190117/debian/patches/series 
ircii-20210314+really20190117/debian/patches/series
--- ircii-20190117/debian/patches/series2019-02-20 03:07:03.0 
+0100
+++ ircii-20210314+really20190117/debian/patches/series 2021-05-30 
22:39:28.0 +0200
@@ -3,3 +3,4 @@
 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
 0006-fix-some-spelling-errors.patch
+0009-Fix-CVE-2021-29376.patch

Bug#988494: RFS: ircii/20190117-1+deb10u1 [QA] [RC] -- Internet Relay Chat client

[Håvard Flaget Aasen]

Control: tags -1 -moreinfo

Hi Tobias,

Thanks for the review.

> 
> The package looks fine; however, you need to say 
> "Closes: #986214" (the "#" is missing).
> Would be cool if you could update the package accordingly.
> Possibly a good idea to send the updated debdiff also to the pu-buster bug.

I updated the package yesterday, and sent a new debdiff to the buster-pu
bug.

> 
> (After release-team says "OK", it can be uploaded…)
> 
> (I'm tagging it more info to get it from the list of actionable RFS;
> please remove the tag once the release team gives green light.)

The buster-pu bug was approved earlier today.


Håvard
> 
> Cheers,
> -- 
> tobi
> 
> >   ircii - Internet Relay Chat client
> > 
> > To access further information about this package, please visit the
> > following URL:
> > 
> >   https://mentors.debian.net/package/ircii/
> > 
> > Alternatively, one can download the package with dget using this command:
> > 
> >   dget -x
> >
> https://mentors.debian.net/debian/pool/main/i/ircii/ircii_20190117-1+deb10u1.dsc
> > 
> > Changes since the last upload:
> > 
> >  ircii (20190117-1+deb10u1) buster; urgency=medium
> >  .
> >    * QA upload.
> >    * Fix CVE-2021-29376: allows remote attackers to cause a denial of
> >  service (segmentation fault and client crash, disconnecting
> >  the victim from an IRC server) via a crafted CTCP UTC message.
> >  Closes: 986214
> > 
> > 
> > I've sent a "buster-pu" mail, which is located here [0]
> > 
> > 
> > Regards,
> > Håvard
> > 
> > 
> > [0] https://bugs.debian.org/#988492
> > 
> > 
> 
> 
> 

Bug#988492: buster-pu: package ircii/20190117-1

[Håvard Flaget Aasen]

Hi,

The package was reviewed on the mentors site. I forgot a '#' when I
closed the bug, that is now fixed.

Updated the debdiff

Håvard
diff -Nru ircii-20190117/debian/changelog ircii-20190117/debian/changelog
--- ircii-20190117/debian/changelog 2019-02-21 05:35:56.0 +0100
+++ ircii-20190117/debian/changelog 2021-05-14 01:51:43.0 +0200
@@ -1,3 +1,13 @@
+ircii (20190117-1+deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Fix CVE-2021-29376: allows remote attackers to cause a denial of
+service (segmentation fault and client crash, disconnecting
+the victim from an IRC server) via a crafted CTCP UTC message.
+Closes: #986214
+
+ -- Håvard Flaget Aasen   Fri, 14 May 2021 01:51:43 
+0200
+
 ircii (20190117-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 
ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch
--- ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 1970-01-01 
01:00:00.0 +0100
+++ ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 2021-05-14 
01:51:43.0 +0200
@@ -0,0 +1,44 @@
+From: Håvard Flaget Aasen 
+Date: Thu, 13 May 2021 21:39:51 +0200
+Subject: Fix CVE-2021-29376
+
+CVE-2021-29376 allows remote attackers to cause a denial of service
+(segmentation fault and client crash, disconnecting the victim from an IRC
+server) via a crafted CTCP UTC message.
+
+Bug-Debian: https://bugs.debian.org/#986214
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-29376
+---
+ source/ctcp.c | 15 +--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/source/ctcp.c b/source/ctcp.c
+index 1a714c6..c5ddde0 100644
+--- a/source/ctcp.c
 b/source/ctcp.c
+@@ -536,12 +536,23 @@ do_utc(CtcpEntry *ctcp, u_char *from, u_char *to, u_char 
*args)
+ {
+   time_t  tm;
+   u_char  *date = NULL;
++  char*curtime;
+ 
+   if (!args || !*args)
+   return NULL;
+   tm = my_atol(args);
+-  malloc_strcpy(, UP(ctime()));
+-  date[my_strlen(date)-1] = '\0';
++  curtime = ctime();
++  if (curtime)
++  {
++  u_char *s = my_index(curtime, '\n');
++  if (s)
++  *s = '\0';
++
++  malloc_strcpy(, UP(curtime));
++  }
++  else
++  /* if we can't find a time, just return the number */
++  malloc_strcpy(, args);
+   return date;
+ }
+ 
diff -Nru ircii-20190117/debian/patches/series 
ircii-20190117/debian/patches/series
--- ircii-20190117/debian/patches/series2019-02-20 03:07:03.0 
+0100
+++ ircii-20190117/debian/patches/series2021-05-14 01:51:43.0 
+0200
@@ -3,3 +3,4 @@
 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
 0006-fix-some-spelling-errors.patch
+0009-Fix-CVE-2021-29376.patch

Bug#988504: buster-pu: package tnef/1.4.12-1.2

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: haavard_aa...@yahoo.no

Added patch to fix CVE-2019-18849, bug #944851. The patch is identical
to that applied in jessie, but I also controlled it against the upstream
commit, to make sure nothing had changed and everything is included.

[ Reason ]
Fix: CVE-2019-18849 and bug: #944851
In tnef before 1.4.18, an attacker may be able to write to the victim's
.ssh/authorized_keys file via an e-mail message with a crafted
winmail.dat application/ms-tnef attachment, because of a heap-based
buffer over-read involving strdup.

[ Impact ]

[ Tests ]
None, but the original patch is from upstream. This exact patch has also been
included in jessie since late 2019

[ Risks ]
I consider the risk to be small since the code has been implemented by
upstream and has been included in jessie.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The changes is to prevent the possibility of not terminating strings with
strdup()


Regards,
Håvard
diff -Nru tnef-1.4.12/debian/changelog tnef-1.4.12/debian/changelog
--- tnef-1.4.12/debian/changelog2017-05-29 15:03:02.0 +0200
+++ tnef-1.4.12/debian/changelog2021-05-14 11:14:22.0 +0200
@@ -1,3 +1,15 @@
+tnef (1.4.12-1.2+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-18849
+In tnef before 1.4.18, an attacker may be able to write to the
+victim's .ssh/authorized_keys file via an e-mail message with a
+crafted winmail.dat application/ms-tnef attachment, because of
+a heap-based buffer over-read involving strdup.
+Closes: #944851
+
+ -- Håvard Flaget Aasen   Fri, 14 May 2021 11:14:22 
+0200
+
 tnef (1.4.12-1.2) unstable; urgency=medium
 
   * Non-maintainer upload by the Wheezy LTS Team. (Closes: #862442)
diff -Nru tnef-1.4.12/debian/patches/CVE-2019-18849.patch 
tnef-1.4.12/debian/patches/CVE-2019-18849.patch
--- tnef-1.4.12/debian/patches/CVE-2019-18849.patch 1970-01-01 
01:00:00.0 +0100
+++ tnef-1.4.12/debian/patches/CVE-2019-18849.patch 2021-05-14 
11:11:07.0 +0200
@@ -0,0 +1,146 @@
+Description: This patch fixes CVE-2019-18849.
+ Fix strdup() on possibly unterminated string.
+Author: Paul Dreik
+Author: Utkarsh Gupta 
+Origin: https://github.com/verdammelt/tnef/pull/40
+Bug-Debian: https://bugs.debian.org/944851
+Reviewed-by: Håvard Flaget Aasen 
+Last-Update: 2021-05-14
+
+--- a/src/alloc.c
 b/src/alloc.c
+@@ -72,13 +72,14 @@
+ 
+ /* attempts to malloc memory, if fails print error and call abort */
+ void*
+-xmalloc (size_t num, size_t size)
++xmalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, ))
+ abort();
+-
+-void *ptr = malloc (res);
++if (res + extra < res)
++abort();
++void *ptr = malloc (res + extra);
+ if (!ptr
+ && (size != 0)) /* some libc don't like size == 0 */
+ {
+@@ -90,41 +91,44 @@
+ 
+ /* Allocates memory but only up to a limit */
+ void*
+-checked_xmalloc (size_t num, size_t size)
++checked_xmalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, ))
+ abort();
+-
++if (res + extra < res)
++abort();
+ alloc_limit_assert ("checked_xmalloc", res);
+-return xmalloc (num, size);
++return xmalloc (num, size, extra);
+ }
+ 
+ /* xmallocs memory and clears it out */
+ void*
+-xcalloc (size_t num, size_t size)
++xcalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, ))
+ abort();
+ 
+ void *ptr;
+-ptr = malloc(res);
++if (res + extra < res)
++abort();
++ptr = malloc(res + extra);
+ if (ptr)
+ {
+-memset (ptr, '\0', (res));
++memset (ptr, '\0', (res + extra));
+ }
+ return ptr;
+ }
+ 
+ /* xcallocs memory but only up to a limit */
+ void*
+-checked_xcalloc (size_t num, size_t size)
++checked_xcalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, ))
+ abort();
+ 
+ alloc_limit_assert ("checked_xcalloc", (res));
+-return xcalloc (num, size);
++return xcalloc (num, size, extra);
+ }
+--- a/src/alloc.h
 b/src/alloc.h
+@@ -35,19 +35,23 @@
+ extern void set_alloc_limit (size_t size);
+ extern size_t get_alloc_limit();
+ extern void alloc_limit_assert (char *fn_name, size_t size);
+-extern void* checked_xmalloc (size_t num, size_t size);
+-extern void* xmalloc (size_t num, size_t size);
+-extern void* checked_xcalloc (size_t num, size_t size);
+-extern void* xcalloc (size_t num, size_t size);
++extern void* checked_xmalloc (size_t num, size

Bug#988494: RFS: ircii/20190117-1+deb10u1 [QA] [RC] -- Internet Relay Chat client

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "ircii":

 * Package name: ircii
   Version : 20190117-1+deb10u1
   Upstream Author :
 * URL : http://www.eterna.com.au/ircii/
 * License : BSD-2-Clause,
MIT-Old-Style-with-legal-disclaimer-2, BSD-3-Clause, Custom,
public-domain, GPL-2.0+
 * Vcs : https://salsa.debian.org/debian/ircii
   Section : net

It builds those binary packages:

  ircii - Internet Relay Chat client

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/ircii/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/i/ircii/ircii_20190117-1+deb10u1.dsc

Changes since the last upload:

 ircii (20190117-1+deb10u1) buster; urgency=medium
 .
   * QA upload.
   * Fix CVE-2021-29376: allows remote attackers to cause a denial of
 service (segmentation fault and client crash, disconnecting
 the victim from an IRC server) via a crafted CTCP UTC message.
 Closes: 986214


I've sent a "buster-pu" mail, which is located here [0]


Regards,
Håvard


[0] https://bugs.debian.org/#988492

Bug#988492: buster-pu: package ircii/20190117-1

[Håvard Flaget Aasen]

Attaching the debdiff as well.
diff -Nru ircii-20190117/debian/changelog ircii-20190117/debian/changelog
--- ircii-20190117/debian/changelog 2019-02-21 05:35:56.0 +0100
+++ ircii-20190117/debian/changelog 2021-05-14 01:51:43.0 +0200
@@ -1,3 +1,13 @@
+ircii (20190117-1+deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Fix CVE-2021-29376: allows remote attackers to cause a denial of
+service (segmentation fault and client crash, disconnecting
+the victim from an IRC server) via a crafted CTCP UTC message.
+Closes: 986214
+
+ -- Håvard Flaget Aasen   Fri, 14 May 2021 01:51:43 
+0200
+
 ircii (20190117-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 
ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch
--- ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 1970-01-01 
01:00:00.0 +0100
+++ ircii-20190117/debian/patches/0009-Fix-CVE-2021-29376.patch 2021-05-14 
01:43:05.0 +0200
@@ -0,0 +1,44 @@
+From: Håvard Flaget Aasen 
+Date: Thu, 13 May 2021 21:39:51 +0200
+Subject: Fix CVE-2021-29376
+
+CVE-2021-29376 allows remote attackers to cause a denial of service
+(segmentation fault and client crash, disconnecting the victim from an IRC
+server) via a crafted CTCP UTC message.
+
+Bug-Debian: https://bugs.debian.org/#986214
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-29376
+---
+ source/ctcp.c | 15 +--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/source/ctcp.c b/source/ctcp.c
+index 1a714c6..c5ddde0 100644
+--- a/source/ctcp.c
 b/source/ctcp.c
+@@ -536,12 +536,23 @@ do_utc(CtcpEntry *ctcp, u_char *from, u_char *to, u_char 
*args)
+ {
+   time_t  tm;
+   u_char  *date = NULL;
++  char*curtime;
+ 
+   if (!args || !*args)
+   return NULL;
+   tm = my_atol(args);
+-  malloc_strcpy(, UP(ctime()));
+-  date[my_strlen(date)-1] = '\0';
++  curtime = ctime();
++  if (curtime)
++  {
++  u_char *s = my_index(curtime, '\n');
++  if (s)
++  *s = '\0';
++
++  malloc_strcpy(, UP(curtime));
++  }
++  else
++  /* if we can't find a time, just return the number */
++  malloc_strcpy(, args);
+   return date;
+ }
+ 
diff -Nru ircii-20190117/debian/patches/series 
ircii-20190117/debian/patches/series
--- ircii-20190117/debian/patches/series2019-02-20 03:07:03.0 
+0100
+++ ircii-20190117/debian/patches/series2021-05-14 01:40:45.0 
+0200
@@ -3,3 +3,4 @@
 0003-Add-ioption-to-local-include-paths-so-they-do-not-co.patch
 0004-absolute-path-for-motd-and-servers-file-and-other-de.patch
 0006-fix-some-spelling-errors.patch
+0009-Fix-CVE-2021-29376.patch

Bug#988492: buster-pu: package ircii/20190117-1

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: haavard_aa...@yahoo.no

This is a release to fix CVE-2021-29376, which is also Debian bug #986214. [0]
The change has been taken from the upstream version 20210314 which is
known to work. It is also similar to the commit the scrollz package has. [1]

[ Reason ]
Fix: CVE-2021-29376 and Closes: #986214

[ Impact ]
The CVE's description is:
allows remote attackers to cause a denial of service (segmentation
fault and client crash, disconnecting the victim from an IRC server)
via a crafted CTCP UTC message.

[ Tests ]
I tested this manually, with sending a crafted CTCP message. The current
version crashed, while the new version printed out the wrongly
formatted string.

[ Risks ]
Minimal.
The code is taken from upstream.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Added a patch to fix CVE-2021-29376


Håvard


[0] https://bugs.debian.org/#986214
[1] https://github.com/ScrollZ/ScrollZ/pull/26

Bug#988289: htmldoc: CVE-2019-19630

[Håvard Flaget Aasen]

On 12.05.2021 00:13, Utkarsh Gupta wrote:
> Hi Håvard,
> 
> On Wed, May 12, 2021 at 2:11 AM Håvard Flaget Aasen
>  wrote:
>> I've got the release ready for buster and uploaded it to mentors [0]. I
>> also sent a request to the RM, for  buster-pu, but haven't got any
>> response yet [1].
> 
> Thanks for the buster update; uploaded! \o/
> You'll not receive any reply to -pu bug unless the release team has
> some problem with it. However, you'll receive a reply when someone
> from the release team will batch-accept the uploads from the proposed
> queue.
> 
> So basically, we're all good and set!
> 
>> I was lucky with the sponsoring to unstable, the package got uploaded
>> earlier today. I also got it unblocked, so it will migrate to bullseye.
> 
> Awesome, thank you!
> 
> 
> - u
> 

Thanks for the sponsoring Utkarsh!

I made a package for stretch as well, and uploaded it to mentors. [0]
Though I'm not sure about this lts stuff. So far this package I made
just targets "stretch". else it's quite identical to the package you
sponsored to buster.

If you have your own package it might be better suited.


Håvard

Bug#988289: htmldoc: CVE-2019-19630

[Håvard Flaget Aasen]

Hi Utkarsh

> 
>> I can make a release to buster if you want. I would need a sponsor
>> though, so if your determined, I won't rip it out of your hands.
> 
> That'd be helpful, thank you! Please let me know when you have a dsc ready?
I've got the release ready for buster and uploaded it to mentors [0]. I
also sent a request to the RM, for  buster-pu, but haven't got any
response yet [1].
> 
>> Regardless who does it, can we fix CVE-2021-20308 [0] as well? It's
>> marked as unimportant but since we already is preparing packages...
> 
> Absolutely, by all means!
> 
>> I'v prepared a release to unstable and bullseye with the fix for
>> cve-2021-20308 it's on the mentors site now.
> 
> Since this CVE is "unimportant", uploading to bullseye won't make
> sense. Rather we can upload to unstable and file an unblock request,
> that'd be a good way out here.
> 
> That said, I couldn't find the dsc there, could you sense the link to
> dsc for unstable and I'll be very happy to sponsor the upload. Thanks!
> :)
> 

I was lucky with the sponsoring to unstable, the package got uploaded
earlier today. I also got it unblocked, so it will migrate to bullseye.


Håvard

[0] https://mentors.debian.net/package/htmldoc/
[1] https://bugs.debian.org/#988365

Bug#988365: buster-pu: package htmldoc/1.9.3-1

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: haavard_aa...@yahoo.no

This updates fixes CVE-2019-19630 and CVE-2021-20308 which is bug:
#984765. Both patches is from upstream and has very small changes.

CVE-2019-19630 is marked with no DSA and CVE-2021-20308 is marked
unimportant, so I have not contacted the security team.

[ Reason ]
Fix CVE-2019-19630 and CVE-2021-20308

[ Impact ]
Minor

[ Tests ]
None

[ Risks ]
Small to none

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patches adds additional if-statements to prevent buffer-overflows.

Regards,
Håvard

https://security-tracker.debian.org/tracker/CVE-2019-19630
https://security-tracker.debian.org/tracker/CVE-2021-20308
https://bugs.debian.org/#984765
diff -Nru htmldoc-1.9.3/debian/changelog htmldoc-1.9.3/debian/changelog
--- htmldoc-1.9.3/debian/changelog  2018-04-11 20:04:27.0 +0200
+++ htmldoc-1.9.3/debian/changelog  2021-05-11 12:03:14.0 +0200
@@ -1,3 +1,13 @@
+htmldoc (1.9.3-1+deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Add patch to fix a stack-based buffer overflow in the hd_strlcpy()
+Fixes: CVE-2019-19630
+  * Add patch to fix buffer-overflow caused by integer-overflow
+Closes: #984765 Fixes: CVE-2021-20308
+
+ -- Håvard Flaget Aasen   Tue, 11 May 2021 12:03:14 
+0200
+
 htmldoc (1.9.3-1) unstable; urgency=medium
 
   * QA upload.
diff -Nru 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
--- 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 1970-01-01 01:00:00.0 +0100
+++ 
htmldoc-1.9.3/debian/patches/Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch
 2021-05-11 11:55:58.0 +0200
@@ -0,0 +1,28 @@
+From: Michael R Sweet 
+Date: Sun, 8 Dec 2019 14:00:26 -0500
+Subject: Fix a buffer underflow issue with GCC on Linux (Issue #360)
+
+CVE-2019-19630
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
+Bug: https://github.com/michaelrsweet/htmldoc/issues/370
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2019-19630
+---
+ htmldoc/ps-pdf.cxx | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/htmldoc/ps-pdf.cxx b/htmldoc/ps-pdf.cxx
+index 78a0183..5d96591 100644
+--- a/htmldoc/ps-pdf.cxx
 b/htmldoc/ps-pdf.cxx
+@@ -3721,7 +3721,9 @@ render_contents(tree_t *t,   /* I - Tree to 
parse */
+  nptr < (number + sizeof(number) - 1) && width < right;
+width += dot_width)
+   *nptr++ = '.';
+-nptr --;
++
++if (nptr > number)
++  nptr --;
+ 
+ strlcpy((char *)nptr, pages[hpage].page_text, sizeof(number) - 
(size_t)(nptr - number));
+ 
diff -Nru 
htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 
htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
1970-01-01 01:00:00.0 +0100
+++ htmldoc-1.9.3/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
2021-05-11 11:55:58.0 +0200
@@ -0,0 +1,27 @@
+From: Michael R Sweet 
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 907db8f..9d36a41 100644
+--- a/htmldoc/image.cxx
 b/htmldoc/image.cxx
+@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
+   img->height = (buf[9] << 8) | buf[8];
+   ncolors = 2 << (buf[10] & 0x07);
+ 
++  if (img->width <= 0 || img->width > 32767 || img->height <= 0 || 
img->height > 32767)
++return (-1);
++
+   // If we are writing an encrypted PDF file, bump the use count so we create
+   // an image object (Acrobat 6 bug workaround)
+   if (Encryption)
diff -Nru htmldoc-1.9.3/debian/patches/series 
htmldoc-1.9.3/debian/patches/series
--- htmldoc-1.9.3/debian/patches/series 2018-04-11 20:04:27.0 +0200
+++ htmldoc-1.9.3/debian/patches/series 2021-05-11 11:55:58.0 +0200
@@ -4,3 +4,5 @@
 autoheader_support.patch
 disable_libz.patch
 remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch
+Fix-a-buffer-underflow-issue-with-GCC-on-Linux-Issue-360.patch

Bug#988289: htmldoc: CVE-2019-19630

[Håvard Flaget Aasen]

On Mon, 10 May 2021 00:28:43 +0530 Utkarsh Gupta  wrote:
> Hello,
> 
> That's pretty unfortunate what happened. Since I fixed this in jessie
> (back when it was LTS), I'll take care of stretch (now that it's LTS)
> and subsequently buster as well. Thanks!
> 
> 


Hi Utkarsh,

I wasn't aware this versioning could be a problem.

I can make a release to buster if you want. I would need a sponsor
though, so if your determined, I won't rip it out of your hands.

Regardless who does it, can we fix CVE-2021-20308 [0] as well? It's
marked as unimportant but since we already is preparing packages...

I'v prepared a release to unstable and bullseye with the fix for
cve-2021-20308 it's on the mentors site now.

Håvard

[0] https://security-tracker.debian.org/tracker/CVE-2021-20308

Bug#988344: RFS: htmldoc/1.9.11-3 -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.11-3
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : BSD-2-Clause, zlib, GPL-2 with document exception,
MIT-CMU, PNG, bitstream, IJG, GPL-2, Apache-2.0, Apache-2.0 with
(L)GPL-2 exception
   Section : web

It builds those binary packages:

  htmldoc - HTML processor that generates indexed HTML, PS, and PDF
  htmldoc-common - Common arch-independent files for htmldoc

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.11-3.dsc

Changes since the last upload:

 htmldoc (1.9.11-3) unstable; urgency=medium
 .
   * Add patch to mitigate buffer-overflow caused by integer-overflow in
 image_load_gif() Closes: 984765 and fixes CVE-2021-20308


The unblock to testing is confirmed in bug #988325

Regards,
Håvard

Bug#988325: unblock: htmldoc/1.9.11-3

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: haavard_aa...@yahoo.no

Please unblock package htmldoc

The bug #984765 [0] is only of severity normal, but it got a CVE number some 
days
ago, it has been deemed unimportant by the security team.

The patch is cherry-picked from upstream.

[ Reason ]
buffer-overflow caused by integer-overflow in image_load_gif(), which is
CVE-2021-20308 [1]

[ Impact ]
Probably quite small.

[ Tests ]
None.

[ Risks ]
Small risk.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock htmldoc/1.9.11-3

Regards,
Håvard

[0] https://bugs.debian.org/#984765
[1] https://security-tracker.debian.org/tracker/CVE-2021-20308
diff -Nru htmldoc-1.9.11/debian/changelog htmldoc-1.9.11/debian/changelog
--- htmldoc-1.9.11/debian/changelog 2021-02-08 15:46:44.0 +0100
+++ htmldoc-1.9.11/debian/changelog 2021-05-10 16:10:41.0 +0200
@@ -1,3 +1,10 @@
+htmldoc (1.9.11-3) unstable; urgency=medium
+
+  * Add patch to mitigate buffer-overflow caused by integer-overflow in
+image_load_gif() Closes: 984765 and fixes CVE-2021-20308
+
+ -- Håvard Flaget Aasen   Mon, 10 May 2021 16:10:41 
+0200
+
 htmldoc (1.9.11-2) unstable; urgency=medium
 
   * Update build-dependency to libfltk1.3-dev Closes: #982276
diff -Nru 
htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch 
htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch
--- htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch   
1970-01-01 01:00:00.0 +0100
+++ htmldoc-1.9.11/debian/patches/Fix-crash-bug-with-bad-GIFs-Issue-423.patch   
2021-05-10 16:10:41.0 +0200
@@ -0,0 +1,27 @@
+From: Michael R Sweet 
+Date: Wed, 31 Mar 2021 20:18:00 -0400
+Subject: Fix crash bug with bad GIFs (Issue #423)
+
+CVE-2021-20308
+
+Origin: upstream, 
https://github.com/michaelrsweet/htmldoc/commit/6a8322a718b2ba5c440bd33e6f26d9e281c39654
+Bug: https://github.com/michaelrsweet/htmldoc/issues/423
+Bug-Debian: https://bugs.debian.org/#984765
+---
+ htmldoc/image.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
+index 68d6b92..8f53050 100644
+--- a/htmldoc/image.cxx
 b/htmldoc/image.cxx
+@@ -1245,6 +1245,9 @@ image_load_gif(image_t *img, /* I - Image pointer */
+   img->height = (buf[9] << 8) | buf[8];
+   ncolors = 2 << (buf[10] & 0x07);
+ 
++  if (img->width <= 0 || img->width > 32767 || img->height <= 0 || 
img->height > 32767)
++return (-1);
++
+   // If we are writing an encrypted PDF file, bump the use count so we create
+   // an image object (Acrobat 6 bug workaround)
+   if (Encryption)
diff -Nru htmldoc-1.9.11/debian/patches/series 
htmldoc-1.9.11/debian/patches/series
--- htmldoc-1.9.11/debian/patches/series2021-02-08 14:38:12.0 
+0100
+++ htmldoc-1.9.11/debian/patches/series2021-05-10 16:10:41.0 
+0200
@@ -5,3 +5,4 @@
 autoheader_support.patch
 disable_libz.patch
 remove-os-check.patch
+Fix-crash-bug-with-bad-GIFs-Issue-423.patch

Bug#982996: buster-pu: package awstats/7.6+dfsg-2

[Håvard Flaget Aasen]

On 03.04.2021 09:42, Salvatore Bonaccorso wrote:
> Hi Håvard,
> 
> On Thu, Mar 25, 2021 at 06:32:40AM +0000, Håvard Flaget Aasen wrote:
>> Hi Salvatore,
>>
>> On Tue, 23 Mar 2021 13:35:48 +0100 Salvatore Bonaccorso
>>  wrote:
>>
>>>
>>> On Sat, Mar 13, 2021 at 05:16:24PM +, Adam D. Barratt wrote:
>>>> Control: tags -1 + confirmed
>>>>
>>>> On Wed, 2021-02-17 at 23:33 +0100, Håvard Flaget Aasen wrote:
>>>>> These  are the same changes which was implemented in stretch, two
>>>>> upstream patches. Both of these patches resolves a path traversal
>>>>> flaw, which was first discovered with CVE-2017-1000501.
>>>>>
>>>>
>>>> Please go ahead.
>>>
>>> Was this uploaded? Can you still do it, but will be late for 10.9 now.
>>>
>>
>>
>> Since I'm not a DD, I uploaded it to the mentors site. I haven't found
>> any sponsor yet..
> 
> Thanks for the status update. Could you maybe ask your sponsor (for
> the unstable upload) directly on the case for the buster-pu upload?
> 
> Many thanks for your work and taking care of fixing those issues!
> 
> Regards,
> Salvatore
> 


Hi Salvatore,

The package was sponsored yesterday.

Regards,
Håvard

Bug#982996: buster-pu: package awstats/7.6+dfsg-2

[Håvard Flaget Aasen]

Hi Salvatore,

On Tue, 23 Mar 2021 13:35:48 +0100 Salvatore Bonaccorso
 wrote:

> 
> On Sat, Mar 13, 2021 at 05:16:24PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Wed, 2021-02-17 at 23:33 +0100, Håvard Flaget Aasen wrote:
> > > These  are the same changes which was implemented in stretch, two
> > > upstream patches. Both of these patches resolves a path traversal
> > > flaw, which was first discovered with CVE-2017-1000501.
> > > 
> > 
> > Please go ahead.
> 
> Was this uploaded? Can you still do it, but will be late for 10.9 now.
> 


Since I'm not a DD, I uploaded it to the mentors site. I haven't found
any sponsor yet..

Regards,
Håvard

Bug#985215: RFS: awstats/7.6+dfsg-2+deb10u1 [QA] -- powerful and featureful web server log analyzer

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "awstats":

 * Package name: awstats
   Version : 7.6+dfsg-2+deb10u1
   Upstream Author : Laurent Destailleur 
 * URL : http://awstats.sourceforge.net/
 * License : Apache-2.0, GPL-3+, CC-BY-3.0, GPL-1+
 * Vcs :
http://anonscm.debian.org/gitweb/?p=collab-maint/awstats.git;a=summary
   Section : web

It builds those binary packages:

  awstats - powerful and featureful web server log analyzer

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/awstats/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/a/awstats/awstats_7.6+dfsg-2+deb10u1.dsc

Changes since the last upload:

 awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium
 .
   * QA upload.
   * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
 pathname, even though it was intended to only read a file in the
 /etc/awstats/awstats.conf format. NOTE: this issue exists because of
 an incomplete fix for CVE-2017-1000501. Closes: #891469
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
 accepts a partial absolute pathname (omitting the initial /etc), even
 though it was intended to only read a file in the
 /etc/awstats/awstats.conf format. NOTE: this issue exists because of
 an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
 Closes: #977190


This upload was approved with bug #982996. Afterwards I changed it from
a NMU to QA upload.

Regards,
Håvard

Bug#983053: RFS: sanlock/3.8.3-1 -- Shared storage lock manager

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "sanlock":

 * Package name: sanlock
   Version : 3.8.3-1
   Upstream Author :
 * URL : https://www.pagure.io/sanlock/
 * License : GPL-2+, LGPL-2.1+
 * Vcs :
   Section : libs

It builds those binary packages:

  python3-sanlock - Python3 bindings to shared storage lock manager
  libsanlock-dev - Shared storage lock manager (development files)
  libsanlock1 - Shared storage lock manager (shared library)
  libsanlock-client1 - Shared storage lock manager (client library)
  sanlk-reset - Host reset daemon and client using sanlock
  sanlock - Shared storage lock manager

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/sanlock/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_3.8.3-1.dsc

Changes since the last upload:

 sanlock (3.8.3-1) experimental; urgency=medium
 .
   * New upstream version 3.8.3
   * Drop patches applied upstream
   * New package: sanlk-reset
   * d/rules: Drop Python version flag
   * d/control:
 - Remove sanlock as dependency for libsanlock-dev
 - Add packages to suggests field
 - Add multiarch field
 - Bump debhelper to 13

Regards,
Håvard

Bug#982996: buster-pu: package awstats/7.6+dfsg-2

[Håvard Flaget Aasen]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: haavard_aa...@yahoo.no

These  are the same changes which was implemented in stretch, two
upstream patches. Both of these patches resolves a path traversal flaw,
which was first discovered with CVE-2017-1000501.


[ Reason ]
This update fixes bug #891469 and #977197 which is CVE-2020-29600
and CVE-2020-35176

[ Impact ]
Possibility to parse and read files in /etc directory

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable


Regards,
Håvard


diff -Nru awstats-7.6+dfsg/debian/changelog awstats-7.6+dfsg/debian/changelog
--- awstats-7.6+dfsg/debian/changelog   2018-02-02 02:21:35.0 +0100
+++ awstats-7.6+dfsg/debian/changelog   2021-02-02 09:35:23.0 +0100
@@ -1,3 +1,19 @@
+awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
+pathname, even though it was intended to only read a file in the
+/etc/awstats/awstats.conf format. NOTE: this issue exists because of
+an incomplete fix for CVE-2017-1000501. Closes: #891469
+  * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
+accepts a partial absolute pathname (omitting the initial /etc), even
+though it was intended to only read a file in the
+/etc/awstats/awstats.conf format. NOTE: this issue exists because of
+an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
+Closes: #977190
+
+ -- Håvard Flaget Aasen   Tue, 02 Feb 2021 09:35:23 
+0100
+
 awstats (7.6+dfsg-2) unstable; urgency=medium

   * QA upload.
diff -Nru awstats-7.6+dfsg/debian/patches/CVE-2020-29600.patch 
awstats-7.6+dfsg/debian/patches/CVE-2020-29600.patch
--- awstats-7.6+dfsg/debian/patches/CVE-2020-29600.patch1970-01-01 
01:00:00.0 +0100
+++ awstats-7.6+dfsg/debian/patches/CVE-2020-29600.patch2021-02-02 
09:35:23.0 +0100
@@ -0,0 +1,55 @@
+From: Laurent Destailleur 
+Date: Mon, 17 Dec 2018 12:59:51 +0100
+Subject: [PATCH] FIX #90
+
+Fixes #90/CVE-2020-29600
+
+Origin: upstream, 
https://github.com/eldy/awstats/commit/d4d815d0caae3dbae83ac70a1ae4581bd57cf376
+Bug: https://github.com/eldy/awstats/issues/90
+Bug-Debian: https://bugs.debian.org/#891469
+Last-Update: 2021-02-02
+Reviewed-by: Håvard Flaget Aasen 
+
+---
+ wwwroot/cgi-bin/awstats.pl | 34 ++
+ 1 file changed, 18 insertions(+), 16 deletions(-)
+
+--- a/wwwroot/cgi-bin/awstats.pl
 b/wwwroot/cgi-bin/awstats.pl
+@@ -1781,21 +1781,21 @@
+   }
+
+   #CL - Added to open config if full path is passed to awstats
+-  if ( !$FileConfig ) {
+-
+-  my $SiteConfigBis = File::Spec->rel2abs($SiteConfig);
+-  debug("Finally, try to open an absolute path : $SiteConfigBis", 
2);
+-
+-  if ( -f $SiteConfigBis && open(CONFIG, "$SiteConfigBis")) {
+-  $FileConfig = "$SiteConfigBis";
+-  $FileSuffix = '';
+-  if ($Debug){debug("Opened config: $SiteConfigBis", 2);}
+-  $SiteConfig=$SiteConfigBis;
+-  }
+-  else {
+-  if ($Debug){debug("Unable to open config file: 
$SiteConfigBis", 2);}
+-  }
+-  }
++#if ( !$FileConfig ) {
++#
++# my $SiteConfigBis = File::Spec->rel2abs($SiteConfig);
++# debug("Finally, try to open an absolute path : $SiteConfigBis", 
2);
++#
++# if ( -f $SiteConfigBis && open(CONFIG, "$SiteConfigBis")) {
++# $FileConfig = "$SiteConfigBis";
++# $FileSuffix = '';
++# if ($Debug){debug("Opened config: $SiteConfigBis", 2);}
++# $SiteConfig=$SiteConfigBis;
++# }
++# else {
++# if ($Debug){debug("Unable to open config file: 
$SiteConfigBis", 2);}
++# }
++# }
+
+   if ( !$FileConfig ) {
+   if ($DEBUGFORCED || !$ENV{'GATEWAY_INTERFACE'}){
diff -Nru awstats-7.6+dfsg/debian/patches/CVE-2020-35176.patch 
awstats-7.6+dfsg/debian/patches/CVE-2020-35176.patch
--- awstats-7.6+dfsg/debian/patches/CVE-2020-35176.patch1970-01-01 
01:00:00.0 +0100
+++ awstats-7.6+dfsg/debian/patches/CVE-2020-35176.patch2021-02-02 
09:35:23.0 +0100
@@ -0,0 +1,33 @@
+From: Beuc 
+Date: Thu, 17 Dec 2020 18:14:43 +0100
+Subject: Only look for configuration in dedicated awstats directories
+
+Fixes #195/CVE-2020-35176
+
+Origin: upstream, 
https://github.com/eldy/AWStats/pull/196/commits/0d4d4c05f8e73be8f71dd361dc55cbd5285

Bug#982549: RFS: sanlock/3.8.2-2 -- Shared storage lock manager

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "sanlock":

 * Package name: sanlock
   Version : 3.8.2-2
   Upstream Author :
 * URL : https://www.pagure.io/sanlock/
 * License : GPL-2+, LGPL-2.1+
 * Vcs :
   Section : libs

It builds those binary packages:

  python3-sanlock - Python3 bindings to shared storage lock manager
  libsanlock-dev - Shared storage lock manager (development files)
  libsanlock1 - Shared storage lock manager (shared library)
  libsanlock-client1 - Shared storage lock manager (client library)
  sanlock - Shared storage lock manager

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/sanlock/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_3.8.2-2.dsc

Changes since the last upload:

 sanlock (3.8.2-2) unstable; urgency=medium
 .
   * d/control: Drop Built-Using field, for Python3 package.
   * Move libraries and pkg-config to a multiarch location Closes: #980335
 Thanks to Helmut Grohne for patch.
   * Move Python example file to correct folder.
   * Change section for the binary package sanlock, from libs to utils.
   * Remove libblkid1 as build-dependency.

Regards,
Håvard

Bug#982305: RFS: htmldoc/1.9.11-2 -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.11-2
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : IJG, GPL-2, BSD-2-Clause, PNG, bitstream, MIT-CMU,
GPL-2 with document exception, zlib, Apache-2.0, Apache-2.0 with
(L)GPL-2 exception
 * Vcs : [fill in URL of packaging vcs]
   Section : web

It builds those binary packages:

  htmldoc-common - Common arch-independent files for htmldoc
  htmldoc - HTML processor that generates indexed HTML, PS, and PDF

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.11-2.dsc

Changes since the last upload:

 htmldoc (1.9.11-2) unstable; urgency=medium
 .
   * Update build-dependency to libfltk1.3-dev Closes: #982276

Regards,
Håvard

Bug#977588: RFS: pmacct/1.7.5-2 [QA] [RC] -- promiscuous mode traffic accountant

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "pmacct":

 * Package name: pmacct
   Version : 1.7.5-2
   Upstream Author :
 * URL : http://www.pmacct.net/
 * License :
 * Vcs : https://salsa.debian.org/debian/pmacct
   Section : net

It builds those binary packages:

  pmacct - promiscuous mode traffic accountant

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/pmacct/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/pmacct/pmacct_1.7.5-2.dsc

Changes since the last upload:

 pmacct (1.7.5-2) unstable; urgency=medium
 .
   * QA upload.
   * Bump to debhelper 9.20160709
   * Drop dh-systemd as build dependency Closes: #958597
   * Fix broken symlink Closes: #924202
   * d/patches: Cherry-pick upstream commit Closes: #964083
 fix-BGP-daemon-ecommunity_ecom2str-first-thing-makin.patch
 Thanks to Chris Danis
   * Change Vcs-* fields, points to repository in salsa


I uploaded a new version to mentors, smaller diff then the previous
upload, and hopefully, only the important changes.

Regards,
Håvard

Bug#981622: RFS: awstats/7.8-2 [QA] [RC] -- powerful and featureful web server log analyzer

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "awstats":

 * Package name: awstats
   Version : 7.8-2
   Upstream Author : Laurent Destailleur 
 * URL : http://awstats.sourceforge.net/
 * License : Apache-2.0, GPL-1+, GPL-3+, CC-BY-3.0
 * Vcs : https://salsa.debian.org/debian/awstats
   Section : web

It builds those binary packages:

  awstats - powerful and featureful web server log analyzer

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/awstats/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/a/awstats/awstats_7.8-2.dsc

Changes since the last upload:

 awstats (7.8-2) unstable; urgency=high
 .
   * QA upload.
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
 accepts a partial absolute pathname (omitting the initial /etc), even
 though it was intended to only read a file in the
 /etc/awstats/awstats.conf format. NOTE: this issue exists because of
 an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
 Closes: #977190


This only adds an upstream patch to close a CVE

Regards,
Håvard

Bug#981545: ITS: openscap

[Håvard Flaget Aasen]

Package: openscap
Severity: important
Version: 1.2.17-0.1
X-Debbugs-CC: pol...@debian.org,m...@qa.debian.org

Dear openscap maintainer,

I intend to salvage this package.

There is an almost 2 year old bug for packaging a new upstream version
(#924324). openscap was also removed from testing in January 2020 for
about 5 months. It migrated back after it was updated with an NMU.

I have also seen that both upstream [1] and Ubuntu developers [2] has
tried to get in contact with you, without success.

Please let me know if you are still willing to maintain this package.
According to the criteria listed at [3], I will upload a Non-maintainer
Upload (NMU) of openscap onto DELAYED/7 after 21 days (2021-02-23) to
continue with the package salvaging If it's necessary to pause the ITS
process, please let me know immediately by replying this bug report.

Thank you for your previous work in Debian and looking forward to your
reply.

Regards,
Håvard

[1]
https://github.com/OpenSCAP/openscap/issues/1641#issuecomment-728976110
[2]
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1877696/comments/5
[3] https://wiki.debian.org/PackageSalvaging

Bug#981355: RFS: cramfsswap/1.4.2 [QA] -- swap endianness of a cram filesystem (cramfs)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "cramfsswap":

 * Package name: cramfsswap
   Version : 1.4.2
   Upstream Author :
 * URL :
 * License : GPL-2
 * Vcs :
   Section : utils

It builds those binary packages:

  cramfsswap - swap endianness of a cram filesystem (cramfs)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/cramfsswap/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/c/cramfsswap/cramfsswap_1.4.2.dsc

Changes since the last upload:

 cramfsswap (1.4.2) unstable; urgency=medium
 .
   * QA upload.
   * Change back to native version Closes: #953595
   * Use source format 3.0 native
   * d/dirs: Remove empty directory
   * d/control:
 - Fix spelling error in description Closes: #543208, #684790
 - Set Debian QA as maintainer. see #981049
 - Change to debhelper-compat
 - Bump debhelper to 12
 - Change Priority field from extra to optional
 - Add misc:Depends to support debhelper
 - Add Rules-Requires-Root
 - Change architecture to linux-any
 - Update Standards-Version to 4.5.1
   * d/rules: Change to dh-sequencer
   * d/copyright: Change to DEP-5 format
   .
   * Add CFLAGS, CPPFLAGS and LDFLAGS in makefile
   * Fix typo in man-page

Regards,

Bug#978279: marked as pending in afew

[Håvard Flaget Aasen]

> 
> I see that you are a DM, If you agree to add yourself to the uploader's
> field, I'll happily grant permissions.

Thanks! I updated, and included myself in the uploader's field.
> 
> 
> > I believe the packaging is finished, so if you would do a short review
> > and upload it, it would be appreciated.
> >
> 
> Looks good, however I'm unsure about this one change:
> 
> * Why add yourself to copyright?[1] Usually this is done by the person who
> debianizes the initial package which is Free Ekanayaka
>IMHO, this should be reverted.

I reverted the commit. I wasn't aware of this, I'm quite sure I've seen
people adding their names to this field before.

> 
> [1]:
> https://salsa.debian.org/python-team/packages/afew/-/commit/b1431c378d6e44f4e706570b238ffed072c3b61b
> 

Both changes has been pushed to salsa

Håvard

Bug#978279: marked as pending in afew

[Håvard Flaget Aasen]

Hi Nilesh

The reason I haven't uploaded is because I'm not a DD, so I don't have
the necessary permissions.

I believe the packaging is finished, so if you would do a short review
and upload it, it would be appreciated.

Regards,
Håvard

On Thu, 28 Jan 2021 17:56:32 +0530 Nilesh Patra  wrote:
> Hi Håvard
> 
> Looks like you've fixed this, but not uploaded yet.
> Is there anything missing, or should I upload this one?
> 
> Regards,
> Nilesh
> 
> 
> On Thu, 14 Jan 2021 11:09:50 + =?UTF-8?B?SMOldmFyZCBGbGFnZXQgQWFzZW4=?= 
>  wrote:
> > Control: tag -1 pending
> >
> > Hello,
> >
> > Bug #978279 in afew reported by you has been fixed in the
> > Git repository and is awaiting an upload. You can see the commit
> > message below and you can check the diff of the fix at:
> >
> > https://salsa.debian.org/python-team/packages/afew/-/commit/ef9a6c241721ec0de127ab3d4e889483fec7c94a
> >
> > 
> > Remove regenerated file by scm. Closes: #978279
> > 
> >
> > (this message was generated automatically)
> > --
> > Greetings
> >
> > https://bugs.debian.org/978279
> >
> >
> 
> 
> 

Bug#981200: RFS: sanlock/3.8.3-1 -- Shared storage lock manager

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "sanlock":

 * Package name: sanlock
   Version : 3.8.3-1
   Upstream Author :
 * URL : https://www.pagure.io/sanlock/
 * License : LGPL-2.1+, GPL-2+
 * Vcs :
   Section : libs

It builds those binary packages:

  python3-sanlock - Python3 bindings to shared storage lock manager
  libsanlock-dev - Shared storage lock manager (development files)
  libsanlock1 - Shared storage lock manager (shared library)
  libsanlock-client1 - Shared storage lock manager (client library)
  sanlk-reset - Host reset daemon and client using sanlock
  sanlock - Shared storage lock manager

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/sanlock/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_3.8.3-1.dsc

Changes since the last upload:

 sanlock (3.8.3-1) unstable; urgency=medium
 .
   * New upstream version 3.8.3
   * Move libraries and pkg-config to a multiarch location (Closes: #980335)
 Thanks to Helmut Grohne for patch
   * New package: sanlk-reset
   * Drop patches applied upstream
   * d/rules: Drop Python version flag
   * Move Python example file to correct folder
   * d/control:
 - Drop Built-Using for Python3 package
 - Change section for binary package sanlock, from libs to utils
 - Remove sanlock as dependency for libsanlock-dev
 - Remove libblkid1 as build-dependency

Regards,
Håvard

Bug#980335: libsanlock-dev: move libsanlock.pc to a multiarch location

[Håvard Flaget Aasen]

On Sun, 17 Jan 2021 21:52:19 +0100 Helmut Grohne  wrote:
> Package: libsanlock-dev
> Version: 3.8.2-1
> Tags: patch
> User: debian-cr...@lists.debian.org
> Usertags: ftcbfs
> Control: affects -1 + src:libvirt
> 
> libvirt cannot be cross built from source, because pkg-config cannot
> find libsanlock.pc. In general, pkg-config does not search
> /usr/lib/pkgconfig during cross compilation. It only searches
> /usr/share/pkgconfig and /usr/lib//pkgconfig. However,
> libsanlock-dev places its .pc files where pkg-config does not search.
> Please move them. I'm attaching a patch for your convenience.
> 
> Helmut


Hi Helmut,

Thanks for the patch

I noticed that the patch also moves the libraries to a different folder.
I assume this will break some setups if they don't use the pkg-config files?

Håvard

Bug#980460: RFS: python-jsbeautifier/1.13.4-1 -- JavaScript unobfuscator and beautifier

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-jsbeautifier":

 * Package name: python-jsbeautifier
   Version : 1.13.4-1
   Upstream Author : Liam Newman, Einar Lielmanis, et al.

 * URL : https://github.com/beautify-web/js-beautify
 * License : MIT
 * Vcs : https://salsa.debian.org/debian/python-jsbeautifier
   Section : python

It builds those binary packages:

  jsbeautifier - JavaScript unobfuscator and beautifier
  python3-jsbeautifier - JavaScript unobfuscator and beautifier (python3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-jsbeautifier/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-jsbeautifier/python-jsbeautifier_1.13.4-1.dsc

Changes since the last upload:

 python-jsbeautifier (1.13.4-1) unstable; urgency=medium
 .
   * New upstream version 1.13.4
   * d/watch: Bump version to 4
   * d/control: Update Standards-Version to 4.5.1
   * d/copyright: Add myself
   * d/source/options: Add extend-diff-ignore

Regards,
Håvard

Bug#979235: RFS: gtick/0.5.5-2 [QA] [RC] -- Metronome application

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "gtick":

 * Package name: gtick
   Version : 0.5.5-2
   Upstream Author :
 * URL : https://www.antcom.de/gtick/
 * License :
 * Vcs : https://salsa.debian.org/debian/gtick
   Section : sound

It builds those binary packages:

  gtick - Metronome application

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/gtick/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/g/gtick/gtick_0.5.5-2.dsc

Changes since the last upload:

 gtick (0.5.5-2) unstable; urgency=medium
 .
   * QA upload.
   [ Debian Janitor ]
   * Use secure URI in Homepage field.
 .
   [ Håvard Flaget Aasen ]
   * d/copyright: Update URL
   * d/control:
 - Add Rules-Requires-Root
 - Update Standards-Version to 4.5.1
   * d/menu: Drop file in favor of *.desktop file
   * d/watch:
 - Update to version 4
 - Use secure URL
 - Point to git repo
   * d/rules:
 - Add hardening flags '+all'
 - Minor clean up
   * d/patches:
 - Append number to patch
 - New patch, update autoconf macros regarding gettext (Closes: #978346)
 - New patch, address warnings generated by lintian and AppStream.

The watch file was broken, so I updated it, it works fine locally, but
when I uploaded the package to mentors it complains about no matching
files for watch line..

Regards,
Håvard

Bug#979117: RFS: wand/0.6.5-1 [RC] -- Python interface for ImageMagick library (documentation)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "wand":

 * Package name: wand
   Version : 0.6.5-1
   Upstream Author : E. McConville 
 * URL : https://github.com/emcconville/wand
 * License : Expat, BSD-3-clause
 * Vcs : https://salsa.debian.org/debian/wand
   Section : python

It builds those binary packages:

  wand-doc - Python interface for ImageMagick library (documentation)
  pypy-wand - Python interface for ImageMagick library (PyPy)
  python3-wand - Python interface for ImageMagick library (Python 3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/wand/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/w/wand/wand_0.6.5-1.dsc

Changes since the last upload:

 wand (0.6.5-1) unstable; urgency=medium
 .
   * New upstream version 0.6.5
   * d/source/options: Exclude *.egg-info files
   * d/rules, autopkgtest: Change arguments for pytest regarding
 the '-k' flag Closes: #977100

Regards,
Håvard

Bug#979082: RFS: transcalc/0.14-7 [QA] [RC] -- microwave and RF transmission line calculator

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "transcalc":

 * Package name: transcalc
   Version : 0.14-7
   Upstream Author :
 * URL : http://transcalc.sourceforge.net/
 * License :
 * Vcs :
   Section : science

It builds those binary packages:

  transcalc - microwave and RF transmission line calculator

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/transcalc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/t/transcalc/transcalc_0.14-7.dsc

Changes since the last upload:

 transcalc (0.14-7) unstable; urgency=medium
 .
   * QA upload.
   * Add patch to fix ftbfs with gcc10 (Closes: #957880)
   * Add patch to fix segfault when closing windows (Closes: #763125)
   * Add patch which fixes a deprecation warning regarding autoconf
   * d/clean: Remove some embedded code copies (Closes: #947972)
   * d/rules:
 - Change to dh sequencer
 - Change hardening rules to +all
 - Override dh_auto_test, we don't have any tests
 - Move example files to the recommended path
   * d/compat: Drop file, use debhelper-compat in d/control
   * d/control:
 - Bump debhelper to 12
 - Update Standards-Version to 3.9.7
 - Add Rules-Requires-Root
   * d/changelog: Remove whitespace
   * d/watch: Update to version 4
   * d/copyright: Change license file link to GPL-2
   * Add Debian source format 3.0 (quilt)

Regards,
Håvard

Bug#978756: RFS: gkdebconf/2.1.1 [QA] [RC] -- Helper to reconfigure packages with Debconf

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "gkdebconf":

 * Package name: gkdebconf
   Version : 2.1.1
   Upstream Author :
 * URL :
 * License : GPL-2+
 * Vcs : https://salsa.debian.org/debian/gkdebconf
   Section : admin

It builds those binary packages:

  gkdebconf - Helper to reconfigure packages with Debconf

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/gkdebconf/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/g/gkdebconf/gkdebconf_2.1.1.dsc

Changes since the last upload:

 gkdebconf (2.1.1) unstable; urgency=low
 .
   * QA upload.
   [ Debian Janitor ]
   * Set debhelper-compat version in Build-Depends.
   * Update standards version to 4.5.0, no changes needed.
 .
   [ Helge Kreutzmann ]
   * Update German translation (Closes: #978115)
 .
   [ Håvard Flaget Aasen ]
   * d/control:
 - Bump debhelper to 13
 - Update Standards-Version to 4.5.1
   * Rename d/NEWS.debian to d/NEWS and change distribution
 from unreleased to unstable.
   * Drop de_DE.po and es_ES.po translation, rely on de.po and es.po instead
   * Require gettext 0.21, update with gettextize (Closes: #978375)


I'm not to familiar with gettext and translations, but I tested the
packaged with different translations and it was identical as the
previous version.

The changes has also been pushed to my repository [0]

Regards,
Håavrd

[0] https://salsa.debian.org/haava/gkdebconf

Bug#978508: RFS: htmldoc/1.9.11-1 [ITA] -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.11-1
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : Apache-2.0, GPL-2 with document exception, IJG,
BSD-2-Clause, GPL-2, bitstream, MIT-CMU, zlib, PNG, Apache-2.0 with
(L)GPL-2 exception
   Section : web

It builds those binary packages:

  htmldoc-common - Common arch-independent files for htmldoc
  htmldoc - HTML processor that generates indexed HTML, PS, and PDF

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.11-1.dsc

Changes since the last upload:

 htmldoc (1.9.11-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer Closes: #854222
   * d/control: Update Standards-Version to 4.5.1
   * d/upstream/metadata:
 - Update Bug-Submit
 - Drop deprecated fields
   * d/patches
 - Append .patch to patches
 - New patch to make documentation be encoded with utf8
   * d/copyright
 - Update years
 - Include myself under debian/*
 - Update copyright notice for png/*
 - Update copyright notice for htmldoc/http*
* d/htmldoc-common.install: Include folder with desktop icons

Compared with the previous package this is updated to the latest
upstream release and fixed the lintian warning about national-encoding.

Regards,
Håvard

Bug#975834: python-blosc: FTBFS: dh_auto_configure: error: pybuild --configure -i python{version} -p "3.8 3.9" returned exit code 13

[Håvard Flaget Aasen]

Hi Adrian

I believe there has been some mixing with the bugs here.
Bug #975834 [0] is not a duplicate of #976569 [1] and should not have
been merged.

I believe #975834 was a problem with CMake in python-blosc, which was
fixed in version 1.9.2+ds1-2 with this commit [2]. The bug #975834
happened when c-blosc was still at version 1.17.1+ds1-1.

Bug #976569 happened when c-blosc was updated to 1.20.1+ds1-1 and got
compiled without snappy support. which is the reason for the bug.

Regards,
Håvard

[0] https://bugs.debian.org/cgi-bin/#975834
[1] https://bugs.debian.org/cgi-bin/#976569
[2]
https://salsa.debian.org/python-team/packages/python-blosc/-/commit/8e961cd6ae1c82eed6170a6683acb209fb08714a

Bug#977588: RFS: pmacct/1.7.5-2 [QA] [RC] -- promiscuous mode traffic accountant

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "pmacct":

 * Package name: pmacct
   Version : 1.7.5-2
   Upstream Author : Paolo Lucente 
 * URL : http://www.pmacct.net/
 * License :
 * Vcs : https://salsa.debian.org/debian/pmacct
   Section : net

It builds those binary packages:

  pmacct - promiscuous mode traffic accountant

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/pmacct/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/pmacct/pmacct_1.7.5-2.dsc

Changes since the last upload:

 pmacct (1.7.5-2) unstable; urgency=medium
 .
   * QA upload.
   * d/control:
 - Change to debhelper-compat
 - Bump debhelper to 10
 - Update Vcs-*, now points to salsa
 - Drop dh-systemd as build-dependency Closes: #958597
 - Drop autotools-dev, dh-autoreconf and a duplicated libjansson-dev
   as build-dependencies.
 - Add Rules-Requires-Root: no
   * d/changelog: Remove trailing-whitespace
   * d/not-installed:
 - Drop upstream documentation INSTALL and COPYING
   * man-page: Fix acute-accent-in-manual-page
   * d/rules:
 - Include /usr/share/dpkg/architecture.mk to set variables
 - Drop some examples, only Python2 compatible
 - Add hardening option 'bindnow'
   * d/NEWS: Removed
   * Fix broken symlink Closes: #924202
 Move symlink creation to d/rules, and use variable for correct path
   * d/patches: Cherry-pick upstream commit Closes: #964083
 0004-fix-BGP-daemon-ecommunity_ecom2str-first-thing-makin.patch
 Thanks to Chris Danis
   * d/patches/af_link.patch: Change to secure URI, reported by duck.
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository
 and Repository-Browse
   * d/copyright:
 - Update copyright year
 - Update copyright license
   * d/pmacct.maintscript: Place dpkg-maintscript-helper script in this
file,
 drop d/pmacct.post* and d/pmacct.pre* files


The file d/pmacct.maintscript might be dropped, I guess it's unlikely
that someone does an upgrade from before Debian 8. Also, the examples is
causing some trouble, causing two errors with lintian. Not sure what to
do about that.
I pushed the changes to my salsa repository,
https://salsa.debian.org/haava/pmacct
If this gets sponsored it would be nice if these changes could be pushed
to the original repository.


Regards,
Håvard

Bug#976116: RFS: c-blosc/1.20.1+ds1-2 [QA] -- high performance meta-compressor optimized for binary data

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "c-blosc":

 * Package name: c-blosc
   Version : 1.20.1+ds1-2
   Upstream Author : Blosc Development Team 
 * URL : https://blosc.org/
 * License : BSD-3-clause, Expat
 * Vcs : https://salsa.debian.org/debian/c-blosc
   Section : libs

It builds those binary packages:

  libblosc1 - high performance meta-compressor optimized for binary data
  libblosc-dev - high performance meta-compressor optimized for binary
data (development files)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/c-blosc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/c/c-blosc/c-blosc_1.20.1+ds1-2.dsc

Changes since the last upload:

 c-blosc (1.20.1+ds1-2) unstable; urgency=medium
 .
   * QA upload.
   * d/rules: Change CMake flag to include support for snappy.


I missed a change with the CMake flags, which created regression with a
package.

Regards,
Håvard

Bug#975978: RFS: c-blosc/1.20.1+ds1-1 [QA] -- high performance meta-compressor optimized for binary data

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "c-blosc":

 * Package name: c-blosc
   Version : 1.20.1+ds1-1
   Upstream Author : Blosc Development Team 
 * URL : https://blosc.org/
 * License : BSD-3-clause, Expat
 * Vcs : https://salsa.debian.org/debian/c-blosc
   Section : libs

It builds those binary packages:

  libblosc1 - high performance meta-compressor optimized for binary data
  libblosc-dev - high performance meta-compressor optimized for binary
data (development files)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/c-blosc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/c/c-blosc/c-blosc_1.20.1+ds1-1.dsc

Changes since the last upload:

 c-blosc (1.20.1+ds1-1) unstable; urgency=medium
 .
   * QA upload.
   [ Debian Janitor ]
   * Use secure URI in Homepage field.
   * debian/copyright: use spaces rather than tabs to start continuation
 lines.
   * Set upstream metadata fields: Bug-Database.
   * Set upstream metadata fields: Bug-Submit.
   * Update standards version to 4.5.0, no changes needed.
 .
   [ Håvard Flaget Aasen ]
   * New upstream version 1.20.1+ds1
   * d/control:
 - Bump debhelper to 13
 - Add rules-Requires-Root: no
 - Update Standards-Version to 4.5.1
   * d/watch: Update to version 4
   * Set upstream metadata fields: Repository, Repository-Browse
   * d/rules, d/libblosc-dev.docs: Rename documentation files, to match
 changes upstream.
   * d/not-installed: New file, explicitly mention files which is not
installed.
   * d/copyright:
 - Add Upstream-Contact.
 - Add Blosc Development Team in Copyright field

Regards,
Håvard

Bug#975965: RFS: python-chameleon/3.8.1-1 [QA] [RC] -- XML-based template compiler

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "python-chameleon":

 * Package name: python-chameleon
   Version : 3.8.1-1
   Upstream Author : Malthe Borch 
 * URL : https://github.com/malthe/chameleon
 * License : BSD-3-clause, Python, Zope-2.1, BSD-3-clause~repoze
   Section : python

It builds those binary packages:

  python3-chameleon - XML-based template compiler

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-chameleon/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-chameleon/python-chameleon_3.8.1-1.dsc

Changes since the last upload:

 python-chameleon (3.8.1-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream release.
 Release supports Python 3.9. Closes: #973169
   * d/watch: Switch to GitHub, PyPI dropped the testsuite.
   * Switch to debhelper-compat
   * d/patches: Deleted, contained an empty series file.
   * d/dirs: Deleted, related to the removed documentation package.
   * d/control:
 - Add rules-Requires-Root: no
 - Update Standards-Version to 4.5.1
 - Bump debhelper to 13
 - Remove lines for documentation package.
 - Point homepage to GitHub repository.
 - Remove XS-Testsuite field.
   * d/copyright:
 - Change source field to GitHub repository
 - Use secure URI
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse.

Regards,
Håvard

Bug#947097: ITP: scikit-build -- build system generator for Python C/C++/Fortran/Cython extensions

[Håvard Flaget Aasen]

ons. 4. nov. 2020 kl. 14:36 skrev Emmanuel Arias :
>
> Hi Håvard,
>
> How is the process of this packaging?
>
> python-blosc need skbuild  as build-depends.
>
> Cheers,
> eamanu


Hi Emmanuel,

I actually filed this ITP because of python-blosc, but haven't done
much with it after that. I actually thought of removing myself as
owner of the bug.

Do you wish to take ownership of this ITP bug and package?
The work I have done is here [1]. Looking at it now, I'm seeing that
the version is older than the current release.

Regards,
Håvard

[1] https://salsa.debian.org/haava/scikit-build

Bug#973402: RFS: zope.schema/6.0.0-1 [QA] -- zope.interface extension for defining data schemas

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.schema":

 * Package name: zope.schema
   Version : 6.0.0-1
   Upstream Author : Zope Foundation and Contributors 
 * URL : https://pypi.python.org/pypi/zope.schema
 * License : Zope-2.1
   Section : zope

It builds those binary packages:

  python3-zope.schema - zope.interface extension for defining data schemas

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.schema/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/z/zope.schema/zope.schema_6.0.0-1.dsc

Changes since the last upload:

 zope.schema (6.0.0-1) unstable; urgency=medium
 .
   * QA upload.
   * New upstream release.
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse
   * d/control:
 - Update Standards-Version to 4.5.0
 - Bump debhelper to 13
 - Set minimum version on python3-zope.interface

Regards,
H??vard

Bug#971543: RFS: sanlock/3.8.2-1 [ITA] [RC] -- Shared storage lock manager

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "sanlock":

* Package name : sanlock
Version : 3.8.2-1
* URL : https://www.pagure.io/sanlock/
* License : LGPL-2.1+, GPL-2+
Section : libs

It builds those binary packages:

python3-sanlock - Python3 bindings to shared storage lock manager
libsanlock-dev - Shared storage lock manager (development files)
libsanlock1 - Shared storage lock manager (shared library)
libsanlock-client1 - Shared storage lock manager (client library)
sanlock - Shared storage lock manager

To access further information about this package, please visit the
following URL:

https://mentors.debian.net/package/sanlock/

Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_3.8.2-1.dsc

Changes since the last upload:

sanlock (3.8.2-1) unstable; urgency=medium
.
* New upstream release.
* New maintainer Closes: #903571
* New package: python3-sanlock
* d/*.symbols:
- Update symbols
- Add Build-Depends-Package: libsanlock-dev
* Switch to debhelper-compat
- d/control: Replace debhelper with debhelper-compat
- Remove d/compat
* d/control:
- Bump debhelper to 12
- Update Standards-Version to 4.4.1
- Drop dh-systemd as build dependency Closes: #958620
- Update homepage
- Add Rules-Requires-Root: no
- Add Pre-Depends: ${misc:Pre-Depends} for sanlock
* d/patches:
- Rebase patches
- Remove patches which is no longer needed.
- Add fix_man-page_macro.patch
- Add fix_typo.patch
* d/changelog: Remove whitespace
* d/copyright:
- Change to secure URI
- Update year
- Move debian/* to a separate file paragraph
* d/watch: Add file
* d/*.service: Add documentation-key
* Set upstream metadata fields: Bug-Database, Repository,
Repository-Browse.
* d/rules: Change to Debian specific init.d script LP: #1745986
This is the same file implemented in bug: #854696

Regards,
Håvard

Bug#970770: RFS: wand/0.6.3-1 -- Python interface for ImageMagick library

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "wand":

 * Package name: wand
   Version : 0.6.3-1
   Upstream Author : E. McConville 
 * URL : https://github.com/emcconville/wand
 * License : BSD-3-clause, Expat
 * Vcs : https://salsa.debian.org/debian/wand
   Section : python

It builds those binary packages:

  wand-doc - Python interface for ImageMagick library (documentation)
  pypy-wand - Python interface for ImageMagick library (PyPy)
  python3-wand - Python interface for ImageMagick library (Python 3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/wand/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/w/wand/wand_0.6.3-1.dsc

Changes since the last upload:

 wand (0.6.3-1) unstable; urgency=medium
 .
   * New upstream version 0.6.3
   * Rebase patches
   * d/salsa-ci.yml: Disable kernel variation in reprotest
   * Build-Profiles: Add nocheck
   * d/rules: Disable two tests for armhf and i386,
 needed for reproducible builds

Regards,
Håvard

Bug#970661: RFS: htmldoc/1.9.10-1 [ITA] -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc":

 * Package name: htmldoc
   Version : 1.9.10-1
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : BSD-2-Clause, GPL-2 with document exception,
Apache-2.0 with (L)GPL-2 exception, GPL-2, PNG, IJG, bitstream, MIT-CMU,
zlib
   Section : web

It builds those binary packages:

  htmldoc-common - Common arch-independent files for htmldoc
  htmldoc - HTML processor that generates indexed HTML, PS, and PDF

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.10-1.dsc

Changes since the last upload:

 htmldoc (1.9.10-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer Closes: #854222
   * d/upstream/metadata: Update Bug-Submit
   * d/patches
 - Append .patch to the remaining patches
 - Add include_desktop_icons.patch
   * d/copyright
 - Update years
 - Include myself under debian/*
 - Update copyright notice for png/*

Regards,
Håvard

Bug#970468: RFS: makebootfat/1.4-8 [QA] [RC] -- Utility to create a bootable FAT filesystem

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "makebootfat":

 * Package name: makebootfat
   Version : 1.4-8
 * URL : http://advancemame.sourceforge.net/boot-readme.html
 * License : Expat, GPL-2+
   Section : utils

It builds those binary packages:

  makebootfat - Utility to create a bootable FAT filesystem

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/makebootfat/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/m/makebootfat/makebootfat_1.4-8.dsc

Changes since the last upload:

 makebootfat (1.4-8) unstable; urgency=medium
 .
   * QA upload.
   * d/control:
 - Add Rules-Requires-Root: no
 - Bump debhelper to 13
   * d/tests/control: Add Restrictions: superficial Closes: #969843

Regards,

Bug#966982: Uploading disabling that test to DELAYED/2

[Håvard Flaget Aasen]

On Tue, 8 Sep 2020 16:27:20 +0200 Thomas Goirand  wrote:
> On 9/8/20 2:01 PM, Håvard Flaget Aasen wrote:
> > On Tue, 8 Sep 2020 13:40:25 +0200 Thomas Goirand  wrote:
> >> Hi,
> >>
> >> Since nobody seem to care about this, I've uploaded disabling that
> >> failing test to DELAYED/2. Indeed, to me, it looked like a broken test,
> >> rather than a broken package. Otherwise, a long list of reverse
> >> dependency will be removed from testing in 8 days.
> >>
> >> Debdiff of the change attached. Let me know if you would like me to
> >> cancel the upload.
> >>
> >> Cheers,
> >>
> >> Thomas Goirand (zigo)
> > 
> > Thanks for this Thomas but I actually have a package up for RFS to
> > address this issue.
> > I must admit I removed all tests during build. Because of the same
> > reason.  same testsuite is being run as an autopkgtest which succeeds.
> > Previous there has also been some issues with these tests bug: [761325]
> > I intend to reopen this bug.
> > 
> > Can I persuade you to review and upload my own package instead of doing
> > an NMU? bug: [965370] package in mentors [3]
> > 
> > Thanks,
> > H??vard
> > 
> > [761325] https://bugs.debian.org/761325
> > [965370] https://bugs.debian.org/965370
> > [3] https://mentors.debian.net/package/wand/
> > 
> 
> Hi Håvard,
> 
> I'm very much surprised by this. Why didn't you write in the bug report
> then, saying you've addressed the issue and was searching for a sponsor?
> I had the impression that nobody cared, you know... And you can't expect
> everyone to closely monitor mentors.
> 
> I do not agree that removing all tests is the solution, when only a
> single one fails. I would happily sponsor your upload, but *not* if it's
> removing all tests.
> 
> Cheers,
> 
> Thomas Goirand (zigo)
> 
> 


Hi Thomas,

I wrote a reply to this email without CC'ing you, not sure if you got it.
I did the change that you asked for and pushed it to salsa, I did NOT
update the package in mentors.
I also didn't use your patch, I excluded the test with pybuild in
debian/rules.

I'd be happy if you still wish to sponsor this.

Git repository:
g...@salsa.debian.org:debian/wand.git
or
https://salsa.debian.org/debian/wand.git


Regards,
Håvard

Bug#966982: Uploading disabling that test to DELAYED/2

[Håvard Flaget Aasen]

tir. 8. sep. 2020 kl. 14:29 skrev Thomas Goirand :
>
> On 9/8/20 2:01 PM, Håvard Flaget Aasen wrote:
> > On Tue, 8 Sep 2020 13:40:25 +0200 Thomas Goirand  wrote:
> >> Hi,
> >>
> >> Since nobody seem to care about this, I've uploaded disabling that
> >> failing test to DELAYED/2. Indeed, to me, it looked like a broken test,
> >> rather than a broken package. Otherwise, a long list of reverse
> >> dependency will be removed from testing in 8 days.
> >>
> >> Debdiff of the change attached. Let me know if you would like me to
> >> cancel the upload.
> >>
> >> Cheers,
> >>
> >> Thomas Goirand (zigo)
> >
> > Thanks for this Thomas but I actually have a package up for RFS to
> > address this issue.
> > I must admit I removed all tests during build. Because of the same
> > reason.  same testsuite is being run as an autopkgtest which succeeds.
> > Previous there has also been some issues with these tests bug: [761325]
> > I intend to reopen this bug.
> >
> > Can I persuade you to review and upload my own package instead of doing
> > an NMU? bug: [965370] package in mentors [3]
> >
> > Thanks,
> > H??vard
> >
> > [761325] https://bugs.debian.org/761325
> > [965370] https://bugs.debian.org/965370
> > [3] https://mentors.debian.net/package/wand/
> >
>
> Hi Håvard,
>

Hi Thomas,

> I'm very much surprised by this. Why didn't you write in the bug report
> then, saying you've addressed the issue and was searching for a sponsor?

I guess the reason for that is my workflow, I work from a forked repo
and don't push it to the official until it has been released into
Debian. I will change this from now on, so the BTS can track when I
close a bug in salsa, and make it easier to collaborate with others.

> I had the impression that nobody cared, you know... And you can't expect
> everyone to closely monitor mentors.

I don't expect it, but for me, and many others, it's the only way to
get a sponsor.
There is a pane in the package tracker page, that informs about the RFS.

>
> I do not agree that removing all tests is the solution, when only a
> single one fails. I would happily sponsor your upload, but *not* if it's
> removing all tests.

I do agree with you that disabling all the tests isn't the best
option, but keep in mind that I enabled the testsuite with the last
release, and it didn't last much more than two months before a test
failed, because of the test, not the package. The testsuite had been
disabled for four years before that.
The autopkgtest also uses the same testsuite, which strangely enough succeeds.

If my reasoning isn't enough, I will comply and change the package to
only disable that one test.

>
> Cheers,
>
> Thomas Goirand (zigo)


Regards,
Håvard

Bug#966982: Uploading disabling that test to DELAYED/2

[Håvard Flaget Aasen]

On Tue, 8 Sep 2020 13:40:25 +0200 Thomas Goirand  wrote:
> Hi,
> 
> Since nobody seem to care about this, I've uploaded disabling that
> failing test to DELAYED/2. Indeed, to me, it looked like a broken test,
> rather than a broken package. Otherwise, a long list of reverse
> dependency will be removed from testing in 8 days.
> 
> Debdiff of the change attached. Let me know if you would like me to
> cancel the upload.
> 
> Cheers,
> 
> Thomas Goirand (zigo)

Thanks for this Thomas but I actually have a package up for RFS to
address this issue.
I must admit I removed all tests during build. Because of the same
reason.  same testsuite is being run as an autopkgtest which succeeds.
Previous there has also been some issues with these tests bug: [761325]
I intend to reopen this bug.

Can I persuade you to review and upload my own package instead of doing
an NMU? bug: [965370] package in mentors [3]

Thanks,
H??vard

[761325] https://bugs.debian.org/761325
[965370] https://bugs.debian.org/965370
[3] https://mentors.debian.net/package/wand/

Bug#965370: RFS: wand/0.6.2-1 -- Python interface for ImageMagick library (Python 3)

[Håvard Flaget Aasen]

søn. 2. aug. 2020 kl. 18:45 skrev Adam Borowski :
>
> On Mon, Jul 20, 2020 at 01:17:13PM +, Håvard Flaget Aasen wrote:
> >  * Package name: wand
> >Version : 0.6.2-1
>
> > Changes since the last upload:
> >
> >* New upstream version 0.6.2
> >* Set upstream metadata fields: Bug-Submit.
> >* Update salsa CI
> >  - Watch all variations of reprotest.
> >* Use spaces rather than tabs in d/copyright
> >* Rebase patches
> >* flask sphinx theme is now in the upstream repository
> >  - Remove patch and lintian-override
>
> Alas, it fails to build; during tests:
>
> === FAILURES 
> ===
>  test_artifacts 
> 
>
> def test_artifacts():
> with Image(filename='rose:') as img:
> img.artifacts['key'] = 'value'
> assert 'date:create' in img.artifacts
> assert img.artifacts['key'] == 'value'
> assert img.artifacts['novalue'] is None
> >   assert len(img.artifacts) > 0
> E   AssertionError: assert 0 > 0
> E+  where 0 = len( 0x7f064a3ce760>)
> E+where  = 
> .artifacts
>
> tests/image_properties_test.py:51: AssertionError
> === warnings summary 
> ===
> .pybuild/cpython3_3.8_wand/build/tests/color_test.py::test_user_error
>   /<>/.pybuild/cpython3_3.8_wand/build/wand/color.py:113: 
> OptionWarning: unrecognized color `not_a_color' @ 
> warning/color.c/GetColorCompliance/1057
> self.raise_exception()
>
> -- Docs: https://docs.pytest.org/en/latest/warnings.html
> = 1 failed, 538 passed, 7 skipped, 3 deselected, 2 xfailed, 1 warnings in 
> 16.48 seconds =
>
>
> Meow!
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁
> ⢿⡄⠘⠷⠚⠋⠀ It's time to migrate your Imaginary Protocol from version 4i to 6i.
> ⠈⠳⣄
>

Thanks for the review.
I'm not entirely sure why this test failed, it was succeeding when I
uploaded it. It also looks like the current version in Debian fails
for the same test.

I uploaded a new version, and ended up disabling the testsuite during
build. This is the same testsuite that I enabled in the last release.
When the package gets uploaded I will reopen bug [#761325]

The autopkgtest is still active and seems to be more reliable.

Håvard

[#761325] https://bugs.debian.org/761325

Bug#969459: RFS: python-jsbeautifier/1.13.0-1 -- JavaScript unobfuscator and beautifier

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-jsbeautifier":

 * Package name: python-jsbeautifier
   Version : 1.13.0-1
   Upstream Author : Liam Newman, Einar Lielmanis, et al.

 * URL : https://github.com/beautify-web/js-beautify
 * License : MIT
 * Vcs : https://salsa.debian.org/debian/python-jsbeautifier
   Section : python

It builds those binary packages:

  jsbeautifier - JavaScript unobfuscator and beautifier
  python3-jsbeautifier - JavaScript unobfuscator and beautifier (python3)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-jsbeautifier/

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-jsbeautifier/python-jsbeautifier_1.13.0-1.dsc

Changes since the last upload:

 python-jsbeautifier (1.13.0-1) unstable; urgency=medium
 .
   * New upstream version 1.13.0
   * Rebase patch
   * Bump debhelper to 13

Regards,
Håvard

Bug#965370: RFS: wand/0.6.2-1 -- Python interface for ImageMagick library (Python 3)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "wand"

 * Package name: wand
   Version : 0.6.2-1
   Upstream Author : E. McConville 
 * URL : https://github.com/emcconville/wand
 * License : Expat
 * Vcs : https://salsa.debian.org/debian/wand
   Section : python

It builds those binary packages:

  python3-wand - Python interface for ImageMagick library (Python 3)
  pypy-wand - Python interface for ImageMagick library (PyPy)
  wand-doc - Python interface for ImageMagick library (documentation)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/wand

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/w/wand/wand_0.6.2-1.dsc

Changes since the last upload:

   * New upstream version 0.6.2
   * Set upstream metadata fields: Bug-Submit.
   * Update salsa CI
 - Watch all variations of reprotest.
   * Use spaces rather than tabs in d/copyright
   * Rebase patches
   * flask sphinx theme is now in the upstream repository
 - Remove patch and lintian-override


This package has a lintian warning, which is still being discussed here [1]

Regards,
Håvard

[1] https://bugs.debian.org/964013

Bug#965190: RFS: c-blosc/1.19.0+ds1-1 {QA] -- high performance meta-compressor optimized for binary data (development files)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "c-blosc"

 * Package name: c-blosc
   Version : 1.19.0+ds1-1
   Upstream Author : Blosc Development Team 
 * URL : https://blosc.org/
 * License : BSD-3-clause
 * Vcs : https://salsa.debian.org/debian/c-blosc
   Section : libs

It builds those binary packages:

  libblosc-dev - high performance meta-compressor optimized for binary
data (development files)
  libblosc1 - high performance meta-compressor optimized for binary data

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/c-blosc

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/c/c-blosc/c-blosc_1.19.0+ds1-1.dsc

Changes since the last upload:

   * QA upload.
   [ Debian Janitor ]
   * Use secure URI in Homepage field.
   * debian/copyright: use spaces rather than tabs to start continuation
 lines.
   * Set upstream metadata fields: Bug-Database.
 .
   [ Håvard Flaget Aasen ]
   * New upstream version 1.19.0+ds1
   * d/control
 - Bump debhelper to 13
 - Add Rules-Requires-Root: no
 - Update Standards-Version to 4.5.0
   * Set upstream metadata fields: Bug-Submit, Repository and
Repository-Browse
   * Add d/not-installed
   * d/copyright
 - Add Upstream-Contact
 - Update copyright paragraph

Regards,

Bug#964018: RFS: grap/1.46-1 [QA] -- program for typesetting graphs

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "grap"

 * Package name: grap
   Version : 1.46-1
   Upstream Author : Ted Faber 
 * URL : https://www.lunabase.org/~faber/Vault/software/grap/
 * License : BSD-like
 * Vcs : None
   Section : text

It builds those binary packages:

  grap - program for typesetting graphs

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/grap

Alternatively, one can download the package with dget using this command:

  dget -x https://mentors.debian.net/debian/pool/main/g/grap/grap_1.46-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream release.
   * d/copyright
 - Add Upstream-Contact
 - Use secure URI
   * d/control
 - Change to debhelper-compat
 - Bump debhelper to 12
 - Update Standards-Version to 4.5.0
 - Use secure URI
 - Add Rules-Requires-Root: no
   * d/watch
 - Use secure URI
   * Add fix_spelling.patch
   * Make the build reproducible closes: #870573
 Thanks to Chris Lamb for patch.

Regards,
Håvard

Bug#964003: RFS: htmldoc/1.9.9-1 [ITA] -- HTML processor that generates indexed HTML, PS, and PDF

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "htmldoc"

 * Package name: htmldoc
   Version : 1.9.9-1
   Upstream Author : Michael R Sweet 
 * URL : https://www.msweet.org/htmldoc/
 * License : GPL-2
 * Vcs : None
   Section : web

It builds those binary packages:

  htmldoc - HTML processor that generates indexed HTML, PS, and PDF
  htmldoc-common - Common arch-independent files for htmldoc

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/htmldoc

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/h/htmldoc/htmldoc_1.9.9-1.dsc

Changes since the last upload:

   * New upstream release.
   * Adopt package closes: 854222
   * Use hicolor icons instead of pixmap
   * Append '.patch' to patches that don't have extensions.

Regards,
Håvard

Bug#963994: RFS: pygresql/1:5.2-1 [QA] -- PostgreSQL module for Python3

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "pygresql"

 * Package name: pygresql
   Version : 1:5.2-1
   Upstream Author : PyGreSQL team  
 * URL : https://www.pygresql.org/index.html
 * License : PostgreSQL
 * Vcs : https://salsa.debian.org/debian/pygresql
   Section : python

It builds those binary packages:

  python3-pygresql - PostgreSQL module for Python3
  python-pygresql-doc - Python Pygresql (common documentation)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/pygresql

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/pygresql/pygresql_5.2-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream version 5.2
   * Add another superficial autopkgtest

Regards,
Håvard

Bug#962091: RFS: xine-ui/0.99.12-1 [QA] -- xine video player, user interface

[Håvard Flaget Aasen]

Hi, and thanks for the review.

lør. 6. jun. 2020 kl. 11:41 skrev Adrian Bunk :
>
> Control: tags -1 moreinfo
>
> On Wed, Jun 03, 2020 at 08:04:45AM +0000, Håvard Flaget Aasen wrote:
> >...
> > Changes since the last upload:
> >...
> >* d/rules
> >  - Change to dh-sequence
> >...
> >* d/control
> >...
> >  - Remove unnecessary Depends field
> >...
>
> This was necessary, it was just broken by your debian/rules rewrite.
> This RC regression can easily be reproduced with aaxine.
>
> For the debian/rules change, please verify that the changed package
> does not contain any unexpected changes from the original one.
> This means first understanding what the old debian/rules did.
> I can immediately find two things that were done in the old debian/rules
> but are missing in the new one.
>

I re added  the dependency fields in d/control, dh_xine, and
dh_compress targets in d/rules, which shouldn't have been removed,
thanks for spotting that. I also added back dh_installchangelog,
I'm still not sure if anything is actually using this symlink, but it
is consistent with the previous version.

> >* Add fix_spelling_error.patch
> >...

I've updated the .pot file and .po files as well, I believe that should fix it.

>
> This is a translated string, such a change breaks all translations of
> this string.
>
> > Regards,
> > Håvard
>
> cu
> Adrian

Regards,
Håvard

Bug#962103: RFS: xine-lib-1.2/1.2.10-3 [QA] [RC] -- xine media player library

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "xine-lib-1.2"

 * Package name: xine-lib-1.2
   Version : 1.2.10-3
   Upstream Author :
 * URL :
 * License : GPL-2+
 * Vcs : None
   Section : libs

It builds those binary packages:

  libxine2   - xine media player library – metapackage
   libxine2-all-plugins - xine video/media player library ‒ metapackage
for all plugins
   libxine2-bin - xine video/media player library – binary files
   libxine2-console - libaa/libcaca/framebuffer/directfb related plugins
for libxine2
   libxine2-dev - xine video player library – development packages
   libxine2-doc - xine video player library – documentation files
   libxine2-ffmpeg - MPEG-related plugins for libxine2
   libxine2-gnome - GNOME-related plugins for libxine2
   libxine2-misc-plugins - Input, audio output and post plugins for libxine2
   libxine2-plugins - xine video/media player library ‒ metapackage for
commonly-used p
   libxine2-vdr - VDR-related plugins for libxine2
   libxine2-x - X desktop video output plugins for libxine2

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/xine-lib-1.2

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/x/xine-lib-1.2/xine-lib-1.2_1.2.10-3.dsc

Changes since the last upload:

   * QA upload.
   * Add Breaks and Replaces closes: #961509
   * Exclude more files from hurd-i386

Regards,
Håvard

Bug#962091: RFS: xine-ui/0.99.12-1 [QA] -- xine video player, user interface

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "xine-ui"

 * Package name: xine-ui
   Version : 0.99.12-1
   Upstream Author : xine-de...@lists.sf.net
 * URL : https://xine-project.org/
 * License : GPL-2+
 * Vcs : None
   Section : video

It builds those binary packages:

  xine-ui - xine video player, user interface (X11 gui)
  xine-console - xine video player, user interface

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/xine-ui

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/x/xine-ui/xine-ui_0.99.12-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream release.
   * Orphan the package see: #881516
   * Update d/watch
   * d/copyright: rewrite using copyright-format 1.0 and add
 some missing attributions
   * d/rules
 - Change to dh-sequence
 - Add hardening options
 - Fix FTCBFS, original patch by Helmut Grohne Closes: #881790
   * d/control
 - Change to debhelper-compat
 - Bump debhelper to 13
 - Update Standards-Version to 4.5.0
 - Change to secure URI on homepage
 - Remove Vcs-* fields
 - Add Rules-Requires-Root: no
 - Update short description.
 - Remove unnecessary Depends field
   * Remove unused entry debian/source/include-binaries
   * Split xine-ui.mime into two files.
   * Remove whitespace from d/changelog
   * Add fix_macro_in_manpage.patch
   * Add fix_spelling_error.patch

I'm unsure about the invocation of the postinst script, though the end
result should be correct.

Regards,
Håvard

Bug#961509: libxine2-bin: missing Breaks+Replaces: libxine2-doc (<< 1.2.10)

[Håvard Flaget Aasen]

I intend to fix this bug, but I hope it can wait until I have sorted
out the build on hurd-i386 as well.

Regards,
Håvard

Bug#961385: RFS: xine-lib-1.2/1.2.10-2 [QA] -- xine media player library

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "xine-lib-1.2"

 * Package name: xine-lib-1.2
   Version : 1.2.10-2
   Upstream Author :
 * URL : https://xine-project.org/
 * License : GPL-2+
 * Vcs : https://salsa.debian.org/debian/xine-lib-1.2
   Section : libs

It builds those binary packages:

  libxine2   - xine media player library – metapackage
   libxine2-all-plugins - xine video/media player library ‒ metapackage
for all plugins
   libxine2-bin - xine video/media player library – binary files
   libxine2-console - libaa/libcaca/framebuffer/directfb related plugins
for libxine2
   libxine2-dev - xine video player library – development packages
   libxine2-doc - xine video player library – documentation files
   libxine2-ffmpeg - MPEG-related plugins for libxine2
   libxine2-gnome - GNOME-related plugins for libxine2
   libxine2-misc-plugins - Input, audio output and post plugins for libxine2
   libxine2-plugins - xine video/media player library ‒ metapackage for
commonly-used p
   libxine2-vdr - VDR-related plugins for libxine2
   libxine2-x - X desktop video output plugins for libxine2

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/xine-lib-1.2

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/x/xine-lib-1.2/xine-lib-1.2_1.2.10-2.dsc

Changes since the last upload:

   * QA upload.
   * Update year in d/copyright
   * Bump debhelper to 13
 - Remove override_dh_missing
   * Remove xineplug_decode_qt.so from d/libxine2-misc-plugins.install
   * Add 0003-fix-non-Linux-build.patch

My previous release got uploaded earlier today, I noticed it didn't
build on i386 and hurd-i386. This release should fix it.

Regards,
Håvard

Bug#961137: RFS: wand/0.6.1-1 -- Python interface for ImageMagick library (Python 3)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "wand"

 * Package name: wand
   Version : 0.6.1-1
   Upstream Author : E. McConville 
 * URL : https://github.com/emcconville/wand
 * License : Expat
 * Vcs : https://salsa.debian.org/debian/wand
   Section : python

It builds those binary packages:

  python3-wand - Python interface for ImageMagick library (Python 3)
  pypy-wand - Python interface for ImageMagick library (PyPy build)
  wand-doc - Python interface for ImageMagick library (documentation)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/wand

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/w/wand/wand_0.6.1-1.dsc

Changes since the last upload:

   * New upstream release.
   * Bump debhelper to 13
   * Update package description
   * Remove unneeded entries in d/rules
   * Add libmagickwand-6.q16-6 as build-dependency

I would also appreciate if the sponsor can grant me accsess to upload
this package on my own.

Regards,
Håvard

Bug#959225: libcap-ng: diff for NMU version 0.7.9-2.2

[Håvard Flaget Aasen]

Package: libcap-ng
Version: 0.7.9-2.1
Severity: normal
Tags: patch  pending

Dear maintainer,

I've prepared an NMU for libcap-ng (versioned as 0.7.9-2.2) and
uploaded it to mentors. Please feel free to tell me if I
should remove it.

Regards,
Håvard
diff -Nru libcap-ng-0.7.9/debian/changelog libcap-ng-0.7.9/debian/changelog
--- libcap-ng-0.7.9/debian/changelog	2019-10-17 23:30:59.0 +0200
+++ libcap-ng-0.7.9/debian/changelog	2020-05-19 14:54:57.0 +0200
@@ -1,3 +1,13 @@
+libcap-ng (0.7.9-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * d/control
+- Remove dependency on linux-kernel-headers closes: #959225
+- Remove libattr1-dev as build dependency closes: #953925
+- Build for default python3 version closes: #943627
+
+ -- Håvard Flaget Aasen   Tue, 19 May 2020 14:54:57 +0200
+
 libcap-ng (0.7.9-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libcap-ng-0.7.9/debian/control libcap-ng-0.7.9/debian/control
--- libcap-ng-0.7.9/debian/control	2019-10-17 23:30:14.0 +0200
+++ libcap-ng-0.7.9/debian/control	2020-05-19 14:53:03.0 +0200
@@ -5,11 +5,10 @@
 dh-autoreconf,
 dh-python ,
 autotools-dev,
-libattr1-dev,
-linux-kernel-headers,
+linux-libc-dev,
 swig ,
-libpython3-all-dev ,
-python3-all-dev:any 
+libpython3-dev ,
+python3-dev:any 
 Standards-Version: 3.9.8
 Section: libs
 Homepage: http://people.redhat.com/sgrubb/libcap-ng

Bug#961025: RFS: libcap-ng/0.7.9-2.2 [NMU, RC] -- Development and header files for libcap-ng

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "libcap-ng"

 * Package name: libcap-ng
   Version : 0.7.9-2.2
   Upstream Author :
 * URL : http://people.redhat.com/sgrubb/libcap-ng
 * License :
 * Vcs : None
   Section : libs

It builds those binary packages:

  libcap-ng-dev - Development and header files for libcap-ng
  libcap-ng0 - An alternate POSIX capabilities library
  libcap-ng-utils - Utilities for analysing and setting file capabilities
  python3-cap-ng - Python3 bindings for libcap-ng

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/libcap-ng

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/libc/libcap-ng/libcap-ng_0.7.9-2.2.dsc

Changes since the last upload:

   * Non-maintainer upload.
   * d/control
 - Remove dependency on linux-kernel-headers closes: #959225
 - Remove libattr1-dev as build dependency closes: #953925
 - Build for default python3 version closes: #943627

Regards,
Håvard

Bug#960740: RFS: zope.i18nmessageid/5.0.1-1 [QA] [RC] -- Message Identifiers for internationalization

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "zope.i18nmessageid"

 * Package name: zope.i18nmessageid
   Version : 5.0.1-1
   Upstream Author : Zope Foundation and Contributors 
 * URL : https://pypi.python.org/pypi/zope.i18nmessageid
 * License : Zope-2.1
 * Vcs : None
   Section : zope

It builds those binary packages:

  python3-zope.i18nmessageid - Message Identifiers for internationalization

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.i18nmessageid

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/z/zope.i18nmessageid/zope.i18nmessageid_5.0.1-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream release. closes: #959636
   * d/control
 - Use debhelper-compat
 - Bump to debhelper 13
 - Update Standards-Version to 4.5.0
 - Add build-dependencies for testing
 - Change Priority to optional
 - Use secure URI for homepage
 - Add Rules-Requires-Root: no
 - Change to Testsuite: autopkgtest-pkg-python and remove
   obsolete d/tests
   * Add hardening options in d/rules
   * Use secure URI in d/watch
   * d/copyright
 - Remove Files-Excluded, no longer needed.
 - Use secure URI
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository and
 Repository-Browse.

Regards,

Bug#960487: RFS: python-mongoengine/0.20.0-1 -- Python 3 Document-Object Mapper for working with MongoDB

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-mongoengine"

 * Package name: python-mongoengine
   Version : 0.20.0-1
   Upstream Author : Harry Marr 
 * URL : http://mongoengine.org/
 * License : MIT
 * Vcs :
https://salsa.debian.org/python-team/modules/python-mongoengine
   Section : python

It builds those binary packages:

  python3-mongoengine - Python 3 Document-Object Mapper for working with
MongoDB
  python-mongoengine-doc - Python Document-Object Mapper for working
with MongoDB (documentation)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-mongoengine

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-mongoengine/python-mongoengine_0.20.0-1.dsc

Changes since the last upload:

   * New upstream version 0.20.0
   * Bump debhelper to 13
   * Rebase patch
   * Add python3-blinker as suggested package
   * Fix Source URI in d/copyright

Regards,
Håvard

Bug#956395: openscap_1.2.17-0.1_source.changes REJECTED

[Håvard Flaget Aasen]

Hi Boyuan,

Thanks for reviewing and uploading this.

On 13.05.2020 04:37, Debian FTP Masters wrote:
> 
> 
> Source-only uploads to NEW are not allowed.
> 
> binary:python3-openscap is NEW.

Do you think you could upload it again, so it can enter the NEW queue?

> 
> ===
> 
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
> 


Thanks,
Håvard

Bug#959440: RFS: zope.configuration/4.4.0-1 [QA] -- Zope Configuration Markup Language (ZCML)

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.configuration"

 * Package name: zope.configuration
   Version : 4.4.0-1
   Upstream Author : Zope Foundation and Contributors 
 * URL : https://pypi.python.org/pypi/zope.configuration
 * License : Zope-2.1
 * Vcs : None
   Section : zope

It builds those binary packages:

  python3-zope.configuration - Zope Configuration Markup Language (ZCML)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.configuration

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/z/zope.configuration/zope.configuration_4.4.0-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream release
   * Update Standards-Version to 4.5.0
   * Bump debhelper to 13
   * Set upstream metadata field: Bug-Submit

Regards,
Håvard

Bug#959438: RFS: zope.proxy/4.3.5-1 [QA] -- Generic transparent proxies for Python

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.proxy"

 * Package name: zope.proxy
   Version : 4.3.5-1
   Upstream Author : Zope Foundation and Contributors 
 * URL : https://pypi.python.org/pypi/zope.proxy
 * License : Zope-2.1
 * Vcs : https://salsa.debian.org/python-team/modules/zope.proxy
   Section : zope

It builds those binary packages:

  python3-zope.proxy - Generic transparent proxies for Python

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.proxy

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/z/zope.proxy/zope.proxy_4.3.5-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream version 4.3.5
   * Update Standards-Version to 4.5.0
   * Bump debhelper to 13
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse
   * Implement upstream testsuite during build

Regards,
Håvard

Bug#958885: RFS: xine-lib-1.2/1.2.10-1 [QA] -- xine media player library

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "xine-lib-1.2"

 * Package name: xine-lib-1.2
   Version : 1.2.10-1
   Upstream Author :
 * URL : http://xine-project.org/
 * License : GPL-2+
 * Vcs : https://salsa.debian.org/debian/xine-lib-1.2
   Section : libs

It builds those binary packages:

  libxine2   - xine media player library – metapackage
   libxine2-all-plugins - xine video/media player library ‒ metapackage
for all plugins
   libxine2-bin - xine video/media player library – binary files
   libxine2-console - libaa/libcaca/framebuffer/directfb related plugins
for libxine2
   libxine2-dev - xine video player library – development packages
   libxine2-doc - xine video player library – documentation files
   libxine2-ffmpeg - MPEG-related plugins for libxine2
   libxine2-gnome - GNOME-related plugins for libxine2
   libxine2-misc-plugins - Input, audio output and post plugins for libxine2
   libxine2-plugins - xine video/media player library ‒ metapackage for
commonly-used p
   libxine2-vdr - VDR-related plugins for libxine2
   libxine2-x - X desktop video output plugins for libxine2

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/xine-lib-1.2

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/x/xine-lib-1.2/xine-lib-1.2_1.2.10-1.dsc

Changes since the last upload:

   * QA upload.
   [ Ondřej Nový ]
   * d/watch: Use https protocol
 .
   [ Håvard Flaget Aasen ]
   * New upstream version
   * Add 0001-Fix-ftbfs-with-gcc-10.patch closes: #957982
   * Update Standards-Version to 4.5.0
   * Change to debhelper-compat
   * Remove override_dh_installchangelogs
   * Add Build-Depends-Field to *.symbols file
   * Update symbols in *.symbols file
   * Update path to mime.types in d/not-installed
   * debian/*.install
 - Update after joining 3 video plugins
 - Add libpng decoder
 - Add OpenGL, EGL and Wayland support

The distribution is set to unstable, I'm not sure if it should go into
experimental first.

Regards,
Håvard

Bug#958701: RFS: zope.hookable/5.0.1-1 [QA] -- Hookable object support

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "zope.hookable"

 * Package name: zope.hookable
   Version : 5.0.1-1
   Upstream Author : Zope Corporation and Contributors 
 * URL : https://pypi.python.org/pypi/zope.hookable
 * License : Zope-2.1
 * Vcs : None
   Section : zope

It builds those binary packages:

  python3-zope.hookable - Hookable object support

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/zope.hookable

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/z/zope.hookable/zope.hookable_5.0.1-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream release
   * Update Standards-Version to 4.5.0
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse

Regards,

Bug#958482: RFS: pygresql/1:5.1.2-1 [QA] -- PostgreSQL module for Python3

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "pygresql"

 * Package name: pygresql
   Version : 1:5.1.2-1
   Upstream Author : PyGreSQL team  
 * URL : https://www.pygresql.org/index.html
 * License : PostgreSQL
 * Vcs : https://salsa.debian.org/debian/pygresql
   Section : python

It builds those binary packages:

  python3-pygresql - PostgreSQL module for Python3
  python-pygresql-doc - Python Pygresql (common documentation)

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/pygresql

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/pygresql/pygresql_5.1.2-1.dsc

Changes since the last upload:

   * QA upload.
   * New upstream version 5.1.2

Regards,
Håvard

Bug#958480: RFS: python-pyperclip/1.8.0-1 [QA] -- Cross-platform clipboard module for Python3

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "python-pyperclip"

 * Package name: python-pyperclip
   Version : 1.8.0-1
   Upstream Author : Al Sweigart 
 * URL : https://github.com/asweigart/pyperclip
 * License : BSD-3-clause
 * Vcs : https://salsa.debian.org/debian/python-pyperclip
   Section : python

It builds those binary packages:

  python3-pyperclip - Cross-platform clipboard module for Python3

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/python-pyperclip

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/p/python-pyperclip/python-pyperclip_1.8.0-1.dsc

Changes since the last upload:

   * QA upload.
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse.
 .
   [ Håvard Flaget Aasen ]
   * New upstream version 1.8.0
   * Update Standards-Version to 4.5.0
   * Add Upstream-Contact in d/copyright

Regards,
Håvard

Bug#956702: RFS: feedreader/2.10.0-1.1 [NMU, RC] -- simple client for online RSS services like tt-rss and others

[Håvard Flaget Aasen]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "feedreader"

 * Package name: feedreader
   Version : 2.10.0-1.1
   Upstream Author : [fill in name and email of upstream]
 * URL : https://jangernert.github.io/FeedReader/
 * License : GPL-3.0+
 * Vcs : https://salsa.debian.org/debian/FeedReader
   Section : net

It builds those binary packages:

  feedreader - simple client for online RSS services like tt-rss and others

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/feedreader

Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/f/feedreader/feedreader_2.10.0-1.1.dsc

Changes since the last upload:

   * Non-maintainer upload.
   * Cherry-pick upstream commit. closes: #951986
 0002-Fix-infinite-loading-icon-after-opening-article-in-b.patch

Regards,
Håvard