Bug#1050462: gtg: crashes on startup often
Hi Antonio, > We probably want to fix the code to *not* segfault when the workaround > is not in place. Agreed! > I'm not sure whether this is a bug in gtg itself, or > in pango. The issue is likely in the g_object_get_property or in pango_font_description_to_string, or in the code calling both methods in GTG/gtk/general_preferences.py For now, I've followed the upstream advice to revert the behavior to get a default font when font_name is not available, hence by-passing the two problematic methods. I've just committed the patch [1], and I'll likely upload a new package shortly to prevent package removal. Let me know if this sounds acceptable to you. Best, François [1] https://salsa.debian.org/python-team/packages/gtg/-/commit/e9ac644f40629704a4e85b56ff887a59d6748d58 signature.asc Description: This is a digitally signed message part
Bug#1050462: gtg: crashes on startup often
Dear Antonio, thanks for the crash report! I can reproduce it easily with unstable distribution and the call stack points to pango_font_description_to_string method. The issues seems to have been already reported upstream [1] and the suggested worj around is to add "font_name = Sans 11" in the [browser] section of the ~/.config/gtg/gtg.conf config file. I've checked the fix and no more crash occurs, so it could be integrated as a quilt patch for the Debian package. Best Regards, François [1] https://github.com/getting-things-gnome/gtg/issues/961#issuecomment-1475321154 signature.asc Description: This is a digitally signed message part
Bug#753416: gtg bug report #753416
Dear David, thanks for the enhancement report. With the 0.6 version, we can sort tasks by start date and due date, which may match your expectation. However, there is still no way to reorder tasks manually or to force the subtasks order by the order they appear in an entry. These requests are related to the software itself and not the Debian package, so I would suggest to open an issue in the upstream bug tracker: https://github.com/getting-things-gnome/gtg/issues As the request is more than 9 years old without any significant activity, we may close this bug in some time if no action taken. Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#851463: Need moreinfo for gtg bug #851463
Hi Arav, your request sounds quite specific and not related to the package, but related to the software itself. So I would suggest to report it directly to the upstream bug tracker: https://github.com/getting-things-gnome/gtg/issues We may close this bug report in some time if no action taken. Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#1033156: gtg bug #1033156 investigation
Control: forwarded -1 https://github.com/getting-things-gnome/gtg/issues/950 Tags: patch Thanks for the bug report, the problem have been identified upstream [1] and the steps to reproduce are: - type "pay my taxes every:year" in the quick entry, then enter - close gtg - open gtg - open the task "pay my taxes" Upstream proposes a patch [2] which adds a strftime method to the Date object. It should be checked if it actually fixes the reported issue. Best Regards, François [1] https://github.com/getting-things-gnome/gtg/issues/950 [2] https://github.com/getting-things-gnome/gtg/pull/943/files signature.asc Description: This is a digitally signed message part
Bug#1037579: Patch for FTBFS
tags 1037579 + patch thanks Dear maintainers, please find attached a patch to fix the FTBFS with gcc13. The main issue was missing headers for the uint32_t and uint64_t definitions. I can prepare an NMU in case you don't have time to upload new package. Best Regards, François Author: Francois Mazen Description: Fix fail to build from source due to missing header with GCC13. Forwarded: not-needed --- a/src/armnnUtils/VerificationHelpers.hpp +++ b/src/armnnUtils/VerificationHelpers.hpp @@ -4,6 +4,7 @@ // #include +#include #include #include --- a/include/armnn/profiling/ISendTimelinePacket.hpp +++ b/include/armnn/profiling/ISendTimelinePacket.hpp @@ -6,6 +6,7 @@ #pragma once #include +#include #include #include signature.asc Description: This is a digitally signed message part
Bug#1034709: f3d: F3D default configuration files are not installed
Hi Mathieu, > Since you rightly point that this will only be fixed with the new > upstream version, I will only give information about F3D 2.0.0 > (...) Thanks for all the details, I'll update the next package version accordingly. Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#1034709: f3d: F3D default configuration files are not installed
Hi Mathieu, thanks for this bug report. Could you please list the configuration files that you are referring, and where they should be installed? or just point to documentation if applicable. Please note that Debian is currently in hard freeze phase, so this bug will likely be fixed with the update of the new upstream version (f3d 2.x) for next Debian major release (13). Best, François signature.asc Description: This is a digitally signed message part
Bug#1023229: f3d: autopkgtest regression on s390x: Compare with ref failed
Hello Paul, thanks for reporting the issue, I've investigated and this is an Assimp problem that I've reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023212 The big endian architecture may be the root of the issue, thanks for pointing that out. Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#1021566: fixed in opencascade 7.6.3+dfsg1-4
Thanks Tobias for the quick fix! François signature.asc Description: This is a digitally signed message part
Bug#1016598: binoculars: vtk[6,7] removal
Hello, I've pushed the modification to the salsa repo [1] and I've uploaded a NMU package to mentors [2]. VTK is used in the tests, so I had to keep the package python3-vtk9. Could you please review the code and upload? Additional request: could you enable CI on the salsa repo? Thanks, François [1] https://salsa.debian.org/science-team/binoculars [2] https://mentors.debian.net/package/binoculars/ signature.asc Description: This is a digitally signed message part
Bug#966000: tag
Hi, > François, if you do give it another shot, please do document it here. Yes, it's ready for another upload to the NEW queue [1]. Copyright file have been updated, and upstream were very responsive and helpful [2]. Bastian or Antoine, would you like to review and sponsor the upload? Thanks, François [1] https://salsa.debian.org/python-team/packages/nicotine [2] https://github.com/nicotine-plus/nicotine-plus/issues/1448#issuecomment-1218208777 signature.asc Description: This is a digitally signed message part
Bug#1014213: RFS: liblarch/3.2.0-1 [ITP] [Team] -- easily handle data structures
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "liblarch": * Package name : liblarch Version : 3.2.0-1 Upstream Author : [fill in name and email of upstream] * URL : https://wiki.gnome.org/Projects/liblarch * License : LGPL-3.0+ * Vcs : https://salsa.debian.org/python-team/packages/liblarch Section : python The source builds the following binary packages: python3-liblarch - easily handle data structures To access further information about this package, please visit the following URL: https://mentors.debian.net/package/liblarch/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/libl/liblarch/liblarch_3.2.0-1.dsc Changes since the last upload: liblarch (3.2.0-1) unstable; urgency=medium . * Team upload . [ Ondřej Nový ] * Fixed VCS URL (https) * d/control: Set Vcs-* to salsa.debian.org * d/copyright: Use https protocol in Format field * d/changelog: Remove trailing whitespaces * d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP * d/control: Remove ancient X-Python3-Version field * Convert git repository from git-dpm to gbp layout * Use debhelper-compat instead of debian/compat. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. . [ Sandro Tosi ] * Use the new Debian Python Team contact name and address . [ Francois Mazen ] * Package reintroduction (Closes: #1014194) * New upstream version (Closes: #1001820) * Set debhelper compat to 13 * Set Rules-Requires-Root no Regards, signature.asc Description: This is a digitally signed message part
Bug#1014196: RFS: python-pyalsa/1.2.7-1 [Team] -- Official ALSA Python binding library for Python3
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "python-pyalsa": * Package name : python-pyalsa Version : 1.2.7-1 Upstream Author : The ALSA Team * URL : http://www.alsa-project.org/main/index.php/Main_Page * License : public-domain, LGPL-2.0+, GPL-2.0+ * Vcs : https://salsa.debian.org/python-team/packages/python-pyalsa Section : python The source builds the following binary packages: python3-pyalsa - Official ALSA Python binding library for Python3 To access further information about this package, please visit the following URL: https://mentors.debian.net/package/python-pyalsa/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/p/python-pyalsa/python-pyalsa_1.2.7-1.dsc Changes since the last upload: python-pyalsa (1.2.7-1) unstable; urgency=medium . * Team upload * Update watch file to new URL and check package signature * New upstream version (Closes: #938965) * Bump standard version to 4.6.1.0 * Fix spelling errors * Add Rules-Requires-Root: no * Set hardening flags. * Write Dep5 copyright Regards,
Bug#1013756: solfege: crash with pyalsa
reopen 935535 reopen 938965 merge 935535 1013756 block 1013756 by 938965 thanks Hello Michael! Thanks for reporting this issue. This is a problem in python-alsa itself that have been reported in [1], fixed upstream [2], but the Debian package is still waiting for an update. I reopen associated bugs and try to update python-alsa. Best Regards, François [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938965 [2] https://github.com/alsa-project/alsa-python/commit/a64a6cc703d08db5c223a16bf812a569534ba464
Bug#1012280: fixed in cgal 5.4-3
Hi Joachim, Thanks for the quick update! Best, François signature.asc Description: This is a digitally signed message part
Bug#982055: dia Debian package and bug #982055
Hello Philippe and Nicolas, I would be happy to help maintaining this package that I use regularly! So feel free to ping me if help needed. By the way, do you use a VCS where we could get the WIP package and eventually contribute? Salsa [1] is usually the way to go. Best Regards, François [1] : https://salsa.debian.org signature.asc Description: This is a digitally signed message part
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Hi Bastian, I've updated the salsa repo with the repacking and I've also pushed the updated package to mentors. https://mentors.debian.net/package/f3d/ Salsa CI is still failing with an error that I do not understand. Maybe from git lfs storage in the documentation folder? https://salsa.debian.org/debian/f3d/-/jobs/2156215 I may also exclude this folder in the repacking as we do not generate the documentation. Not sure this is a good solution as we may want to also deliver documentation in the future. Could you please review again? Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Hello Bastian, Thanks for the salsa Debian repository creation and copyright update! In the meantime, I've updated the upstream issue with the binary package information you've provided. The only remaining item is the "data" folder. The copyright is apparently the global BSD-3 licence, but I agree that the origin is unclear. Fortunately, it looks like it's used for testing purpose only so it would be OK to remove it from the Debian archive. I propose to repack the source with the +dfsg prefix to remove this folder. Do you agree? Best, François signature.asc Description: This is a digitally signed message part
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Hello Bastian, > Please consider relicensing debian/* or at least debian/patches/* I've relicensed to BSD-3, in order to match upstream license. > Ken Martin, Will Schroeder, Bill Lorensen's copyright is missing. I guess you are referencing classic VTK's copyright. F3D's copyright is "Kitware, SAS" according to source code and official website, without any link to VTK's copyright. > src/cxxopts.hpp: Expat license is missing. Added to the copyright file, and I've opened an upstream bug: https://gitlab.kitware.com/f3d/f3d/-/issues/253 > d/f3d.1 > === > Please describe the options in the man page. Man page updated. > You should prefer using the not-installed file for this use case. The not-installed file seems to avoid trigger dh_missing error, which is not what I need here. I haven't figured out how exclude files during the CMake install target (--exclude has no effect), so I've added an "rm" command in the rules file. If there is a better way, please suggest. > I suggest to have the package in Salsa's debian namespace so that > others > can contribute easily. If you agree I can create that and grant you > maintainer rights for it. Yes! Please create the debian repository and grant me right to maintain it. Thanks a lot for this review, the new package is available on mentors. Best, François signature.asc Description: This is a digitally signed message part
Bug#966382: RFS: photoprint/0.4.2~pre2-3 -- Image printing utility
Hi Bastian, the package is fixed and I've uploaded new version at mentors: https://mentors.debian.net/package/photoprint/ Best, François Le jeudi 28 octobre 2021 à 22:37 +0200, Bastian Germann a écrit : > Control: tags -1 moreinfo > > The package fails to build from scratch: > https://salsa.debian.org/debian/photoprint/-/jobs/2124003 > > Please fix it and then remove the moreinfo tag. > signature.asc Description: This is a digitally signed message part
Bug#992924: freefem++: autopkgtest failure on arm64/ppc64el
Hello Adrian, thanks for making the failures visible with this bug. I'm waiting for my access to porter boxes [1] in order to debug and fix the issue(s). In the meantime, do not hesitate to provide patch or any kind of help. Best Regards, François [1]: https://nm.debian.org/process/920/approval/
Bug#962728: F3D
Hello Sylwester, Thanks for your interest in F3D, I'm working on the packaging of this software [1]. The package is already on mentors [2], so let's hope that it will bring some DD's attention! [3] Best, François [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985993 [2]: https://mentors.debian.net/package/f3d/ [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986108 signature.asc Description: This is a digitally signed message part
Bug#992381: freefem++: missing comma in Uploaders field
Hi Paul, thanks for the notification about the error in the uploaders field! Should be fixed with the 4.9+dfsg1-2 version. Have a nice day, François Le mercredi 18 août 2021 à 10:14 +0800, Paul Wise a écrit : > Source: freefem++ > Version: 4.9+dfsg1-1 > Severity: serious > Usertags: uploaders > X-Debbugs-CC: Francois Mazen > > freefem++ 4.9+dfsg1-1 introduced an invalid uploaders field, that is > missing a comma between Ricardo Mones & Joseph Nahmias. > > $ apt-cache showsrc freefem++ | grep -E '^$|^Version|^Uploaders' > Version: 3.61.1+dfsg1-6 > Uploaders: Christophe Trophime > , Dimitrios Eftaxiopoulos > > > Version: 4.9+dfsg1-1 > Uploaders: Christophe Trophime > , Dimitrios Eftaxiopoulos > Francois Mazen > > According to Debian policy 5.6.3 the Uploaders field must separate > individual uploaders using commas: > > List of the names and email addresses of co-maintainers of the > package, if any. ... The format of each entry is the same as that > of > the Maintainer field, and multiple entries must be comma > separated. > > https://www.debian.org/doc/debian-policy/ch-controlfields.html#uploaders > signature.asc Description: This is a digitally signed message part
Bug#992334: blhc: False positive with ff-c++ from FreeFEM++ package
Hi Eriberto, I've added the correct echo statements in the rules file and the Salsa CI is now clean: https://salsa.debian.org/science-team/freefempp/-/commit/58a8da15dff355b9e120923c80f8dab8eef31dc3#8756c63497c8dc39f7773438edf53b220c773f67_15_15 Thanks a lot for your guidance! Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#992334: blhc: False positive with ff-c++ from FreeFEM++ package
Hi Eriberto, thanks for the pointer and the examples, and sorry for the noise! Have a nice day, François Le mardi 17 août 2021 à 11:23 -0300, Eriberto Mota a écrit : > Hi Francois, > > blhc has a mechanism to ignore false positives. Please, search for > "FALSE POSITIVES" in manpage (man blhc) and see some examples > here[1]. > > [1] > https://codesearch.debian.net/search?q=blhc%3A+ignore-line-regexp=1=1 > > I am closing this bug. Feel free to reopen if needed. > > Regards, > > Eriberto signature.asc Description: This is a digitally signed message part
Bug#988474: [Fwd: Bug#988474: RFS: freefem++/3.61.1+dfsg1-5.2 [NMU] [RC] -- Provides the binaries of the FreeFem++ FE suite]
Hello Anton, > When the package is successfully built on all relevant platforms, > you can ask the release team to unblock it. But it will unlikely > happen > due to release policy. I've requested the unblock, see [1]. Let me know if I've missed something. Thanks again for the sponsoring! Have a nice day, François [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988552 signature.asc Description: This is a digitally signed message part
Bug#988474: [Fwd: Bug#988474: RFS: freefem++/3.61.1+dfsg1-5.2 [NMU] [RC] -- Provides the binaries of the FreeFem++ FE suite]
Hi Nilesh, thanks for the pointer to the freeze policy. I understand that it's too late and I'm closing the unblock request. Best Regards, François Le lundi 17 mai 2021 à 00:30 +0530, Nilesh Patra a écrit : > Hi, > > On Mon, 17 May 2021 at 00:10, François Mazen wrote: > > Hello Anton, > > > > > When the package is successfully built on all relevant platforms, > > > you can ask the release team to unblock it. But it will unlikely > > > happen > > > due to release policy. > > > > I've requested the unblock, see [1]. Let me know if I've missed > > something. > > As you might see freefem++ is not in testing, and as per the release > policy[1] the packages not in testing cannot re-enter testing at this > stage. > The deadline for such packages to enter testing was Feb 12 and we are > months away from that date. > > Nevertheless, it can definitely be a part of bookworm and bullseye- > backports. Thanks a lot for your work on > freefem++ :-) > > [1]: https://release.debian.org/bullseye/freeze_policy.html#soft > > Nilesh
Bug#988555: RFS: hpcc/1.5.0-2.1 [NMU] [RC] -- HPC Challenge benchmark
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "hpcc": * Package name: hpcc Version : 1.5.0-2.1 Upstream Author : [fill in name and email of upstream] * URL : http://icl.cs.utk.edu/hpcc/ * License : BSD-3-clause * Vcs : https://salsa.debian.org/hpc-team/hpcc Section : science It builds those binary packages: hpcc - HPC Challenge benchmark To access further information about this package, please visit the following URL: https://mentors.debian.net/package/hpcc/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/h/hpcc/hpcc_1.5.0-2.1.dsc Changes since the last upload: hpcc (1.5.0-2.1) unstable; urgency=medium . * Non-maintainer upload. * Fix FTBFS with recent openMPI (Closes: #952067) Regards,
Bug#988552: unblock: freefem++/3.61.1+dfsg1-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package freefem++ [ Reason ] Fix the FTBFS RC bug #957233 (fail to build with GCC-10) [ Impact ] The package is usable again. [ Tests ] Manual tests. [ Risks ] No other package depends on freefem++, so impact and risk are low. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] The package is very active upstream. I've attached the debdiff against the package in stable because the one in testing has been removed due to the RC bug #957233. unblock freefem++/3.61.1+dfsg1-6 -- System Information: Debian Release: 10.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-16-amd64 (SMP w/16 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash diff -Nru freefem++-3.61.1+dfsg1/debian/changelog freefem++-3.61.1+dfsg1/debian/changelog --- freefem++-3.61.1+dfsg1/debian/changelog 2019-01-06 22:28:01.0 +0100 +++ freefem++-3.61.1+dfsg1/debian/changelog 2021-05-13 14:06:33.0 +0200 @@ -1,3 +1,27 @@ +freefem++ (3.61.1+dfsg1-6) unstable; urgency=high + + * Team upload. + * Fix FTBFS with GCC-10 (Closes: #957233) + + -- Francois Mazen Thu, 13 May 2021 14:06:33 +0200 + +freefem++ (3.61.1+dfsg1-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS with gsl 2.6 (Closes: #960010) + + -- Stefano Rivera Sun, 17 May 2020 13:41:04 -0700 + +freefem++ (3.61.1+dfsg1-5) unstable; urgency=medium + + * Team upload. + * Build-Depends non-versioned libpetsc-real-dev and libpetsc-complex-dev +Closes: #939663 + * debhelper-compat 12 + * Rework manual changes in source tree to quilt patches + + -- Andreas Tille Sat, 05 Oct 2019 09:21:24 +0200 + freefem++ (3.61.1+dfsg1-4) unstable; urgency=medium * Enforce BD to libpetsc-(real,complex)3.10-dev (Closes: #917977) diff -Nru freefem++-3.61.1+dfsg1/debian/compat freefem++-3.61.1+dfsg1/debian/compat --- freefem++-3.61.1+dfsg1/debian/compat 2018-08-05 12:33:22.0 +0200 +++ freefem++-3.61.1+dfsg1/debian/compat 1970-01-01 01:00:00.0 +0100 @@ -1 +0,0 @@ -11 diff -Nru freefem++-3.61.1+dfsg1/debian/control freefem++-3.61.1+dfsg1/debian/control --- freefem++-3.61.1+dfsg1/debian/control 2019-01-06 22:23:45.0 +0100 +++ freefem++-3.61.1+dfsg1/debian/control 2021-05-13 14:06:33.0 +0200 @@ -4,7 +4,7 @@ Dimitrios Eftaxiopoulos Section: science Priority: optional -Build-Depends: debhelper (>= 11~), +Build-Depends: debhelper-compat (= 12), libsuperlu-dev, gawk, gfortran, @@ -42,15 +42,15 @@ coinor-libipopt-dev, libgmm++-dev, libtet1.5-dev, - libpetsc-real3.10-dev, - libpetsc-complex3.10-dev + libpetsc-real-dev, + libpetsc-complex-dev # libmmg3dlib4.0-4.0-dev, freeyams, mshmet, mshint, # libparms2-dev, libitsol-dev, # libhips-dev, libpastix-dev, # libsuperlu-dist-dev -Standards-Version: 4.3.0.1 -Vcs-Git: https://salsa.debian.org/science-team/freefempp.git +Standards-Version: 4.4.1 Vcs-Browser: https://salsa.debian.org/science-team/freefempp +Vcs-Git: https://salsa.debian.org/science-team/freefempp.git Homepage: http://www.freefem.org/ff++/ Package: freefem++ diff -Nru freefem++-3.61.1+dfsg1/debian/.gitlab-ci.yml freefem++-3.61.1+dfsg1/debian/.gitlab-ci.yml --- freefem++-3.61.1+dfsg1/debian/.gitlab-ci.yml 1970-01-01 01:00:00.0 +0100 +++ freefem++-3.61.1+dfsg1/debian/.gitlab-ci.yml 2021-05-13 14:06:33.0 +0200 @@ -0,0 +1,2 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml diff -Nru freefem++-3.61.1+dfsg1/debian/patches/double-cblas-import.patch freefem++-3.61.1+dfsg1/debian/patches/double-cblas-import.patch --- freefem++-3.61.1+dfsg1/debian/patches/double-cblas-import.patch 1970-01-01 01:00:00.0 +0100 +++ freefem++-3.61.1+dfsg1/debian/patches/double-cblas-import.patch 2021-05-13 14:06:33.0 +0200 @@ -0,0 +1,25 @@ +Description: Avoid FTBFS with gsl 2.6 by including 2 incompatible cblas headers +Bug-Debian: https://bugs.debian.org/960010 +Author: Frederic Hecht +Origin: upstream, https://github.com/FreeFem/FreeFem-sources/commit/3bfe3eb669c580583e9290474614b45cee52a96c + +--- a/src/femlib/MatriceCreuse_tpl.hpp b/src/femlib/MatriceCreuse_tpl.hpp +@@ -12,7 +12,7 @@ + // test blas + // on MacOS9 under MWERKS + // cblas_ddot macos-9 is not +-#ifdef HAVE_CBLAS_H ++#ifdef HAVE_CBLAS_H_BUG + extern "C" { + #define FF_VERSION VERSION + #undef VERSION +@@ -21,7 +21,7 @@ + #define VERSION VERSION
Bug#988474: [Fwd: Bug#988474: RFS: freefem++/3.61.1+dfsg1-5.2 [NMU] [RC] -- Provides the binaries of the FreeFem++ FE suite]
Hello Anton, thanks for your time testing my upload! Apparently, piuparts tries to install the package 3.61.1+dfsg1-5.1 instead of 3.61.1+dfsg1-5.2, why? In the old package 3.61.1+dfsg1-5.1, the control file contains libmumps-seq-5.3.1 as libfreefem++ dependency which does not exist anymore in sid. The control file of the build package (3.61.1+dfsg1- 5.2) indicates libmumps-seq-5.3, which exists in sid. The problem is not new [1] and it appears since the version 5.3.4 of mumps. In the mumps changelog [2], we can read: > MUMPS is now ABI-compatible in the minor version. > Provide new packages as libmumps-5.3, etc instead of libmumps-5.3.4 I think that rebuilding the package and using puipart with the 3.61.1+dfsg1-5.2 should be fine. Let me know if I'm missing something. Best, François [1] https://piuparts.debian.org/sid/source/f/freefem++.html [2] https://tracker.debian.org/media/packages/m/mumps/changelog-5.3.5-2 Le jeudi 13 mai 2021 à 22:31 +0200, Anton Gladky a écrit : > Your upload is fine. It fixes the FTBFS. But piuparts > identified some problems with the installation of libfreefem++-dev > [1]. > > Could you please verify whether the problem really exists or not? > > [1] https://salsa.debian.org/science-team/freefempp/-/jobs/1640984 > > Thanks > > Anton > > > Am Do., 13. Mai 2021 um 19:27 Uhr schrieb François Mazen < > franc...@mzf.fr>: > > Dear Science Team, > > > > In case of a DD in this list is interested: I'm forwarding my > > Request > > For Sponsor about RC bug that I've just fixed in the freefem++ > > package. > > It should prevent the removal of the package in the next release. > > > > Then, I volunteer to maintain this package as it need to be updated > > with the new upstream version. > > > > Best Regards, > > François > >
Bug#988474: RFS: freefem++/3.61.1+dfsg1-5.2 [NMU] [RC] -- Provides the binaries of the FreeFem++ FE suite
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "freefem++": * Package name: freefem++ Version : 3.61.1+dfsg1-5.2 Upstream Author : [fill in name and email of upstream] * URL : http://www.freefem.org/ff++/ * License : LGPL-2.1, BSD-3-clause, GPL-2 * Vcs : https://salsa.debian.org/science-team/freefempp Section : science It builds those binary packages: freefem++ - Provides the binaries of the FreeFem++ FE suite libfreefem++ - Provides the shared libraries of the FreeFem++ FE suite libfreefem++-dev - Provides the development files of the FreeFem++ FE suite freefem++-doc - Provides the documentation of the FreeFem++ FE suite To access further information about this package, please visit the following URL: https://mentors.debian.net/package/freefem++/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/f/freefem++/freefem++_3.61.1+dfsg1-5.2.dsc Changes since the last upload: freefem++ (3.61.1+dfsg1-5.2) unstable; urgency=high . * Non-maintainer upload. * Fix FTBFS with GCC-10 (Closes: #957233) Regards, -- Francois Mazen
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "f3d": * Package name: f3d Version : 1.1.0-1 Upstream Author : Kitware SAS * URL : https://kitware.github.io/F3D/ * License : BSD-3-clause * Vcs : https://salsa.debian.org/mzf/f3d Section : graphics It builds those binary packages: f3d - fast and minimalist 3D viewer To access further information about this package, please visit the following URL: https://mentors.debian.net/package/f3d/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/f/f3d/f3d_1.1.0-1.dsc Changes for the initial release: f3d (1.1.0-1) unstable; urgency=medium . * Initial release (Closes: #985993) Regards,
Bug#985993: ITP: f3d -- fast and minimalist 3D viewer
Package: wnpp Severity: wishlist Owner: Francois Mazen * Package name: f3d Version : 1.1.0 Upstream Author : Kitware SAS * URL : https://kitware.github.io/F3D/ * License : BSD-3-clause Programming Lang: C++ Description : fast and minimalist 3D viewer F3D (pronounced /fɛd/) supports many file formats, from digital content to scientific datasets (including glTF, stl, ply, obj) , can show animations, has a lot of rendering options including real time physically based rendering and Monte Carlo pathtracing. signature.asc Description: This is a digitally signed message part
Bug#942884: Bug#971395: RFS: zipios++/2.2.5.0-1 -- small C++ library for reading zip files (documents)
Hello Tobias, thanks for the Merge Request. I've just reviewed it and merged it. My understanding of arch/indep was not very clear, now it's better :) The reproducible issue is a bug in doxygen, similar to: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970431 It has been fixed upstream but not released yet: https://github.com/doxygen/doxygen/issues/8037 Minor question: you let the "export DH_VERBOSE=1" uncommented in d/rules file. I know it adds extra logging. Is it OK to keep it for the final upload? The package is uploaded at mentors. Could you please check that everything is fine and upload it to experimental? Thanks, François signature.asc Description: This is a digitally signed message part
Bug#942884: Bug#971395: RFS: zipios++/2.2.5.0-1 -- small C++ library for reading zip files (documents)
Hello Tobias, thanks a lot for this valuable review! I did my best to update the packages. It's uploaded to mentors: https://mentors.debian.net/package/zipios++/ Please note that the upstream applied some of my patches and they released a new version (2.2.6). I've updated the package with this new release. Comments inline below: > So, yes, sourceful upload of all r-depends it will be… And you > likely will need > to provide patches. (Luckily, those r-depends are just two: freecad > and enigma) > I've forked freecad and enigma in my salsa account and I'm working on patches. > - On the dev package: > It should not Conflict/Replaces, It should be Breaks/Replaces. Done > - On the library package: > be a need for the Conflict/Replace, not even a Breaks/Replaces. Done > - On the docs package: >This is a classic "package renaming" situation explained here: >https://wiki.debian.org/RenamingPackages. >So you will need a transistional package here as well. >Or not renaming the -doc package. I've added a transitional package libzipios++-doc that depends on the new one. > d/docs: > - don't install README.md > - NEWS should be installed as upstream changelog (see > dh_installchangelogs) Done > d/rules + d/control: > - It looks like as your rules already supports building docs in > build-indep. > Please see if you can move doxygen / graphviz B-D to Build-Depends- > Indep. Done > - The docs package has references to the old package: References removed. > BTW, it is _NOT_ recommended to replace the jsquery from doxygen. > read /usr/share/doc/doxygen/README.jquery. No more replace, thanks for the documentation pointer. > - The dev package has the following files, which shoudln't be there: > drwxr-xr-x root/root 0 2020-03-07 14:08 > ./usr/share/doc/libzipios-doc/ > -rw-r--r-- root/root 1654 2019-08-17 00:13 > ./usr/share/doc/libzipios-doc/NEWS.gz > -rw-r--r-- root/root 2352 2019-08-17 00:13 > ./usr/share/doc/libzipios-doc/README.md.gz Files removed. > - The dev package isntalls the man pages. Shouldn't they go to the > -doc package? Moved manpages to libzipios-doc.manpages > - d/rules: > What was the problem with > "# dh_installdocs does not detect the doc main package correctly."? By default, dh_installdocs installs the html documentation under /usr/share/doc/libzipios-dev instead of /usr/share/doc/libzipios-doc inside the libzipios-doc package. I can't figure out why. Any help is welcome! For the moment the only solution I get is to override dh_installdocs. > - There is also dh_doxygen. Perfect tool! It removes md5 and map files, but it does not solve the issue above. > - As per Policy 12.3, the -dev package should Suggest: the -doc > package. Done Thanks, François signature.asc Description: This is a digitally signed message part
Bug#971723: RFS: mp3report/1.0.3-1 -- Script to create an HTML report of MP3 files in a directory
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "mp3report": * Package name: mp3report Version : 1.0.3-1 Upstream Author : David Parker * URL : http://mp3report.sourceforge.net * License : GPL-2+ * Vcs : https://salsa.debian.org/mzf/mp3report Section : utils It builds those binary packages: mp3report - Script to create an HTML report of MP3 files in a directory To access further information about this package, please visit the following URL: https://mentors.debian.net/package/mp3report/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/m/mp3report/mp3report_1.0.3-1.dsc Changes since the last upload: mp3report (1.0.3-1) unstable; urgency=medium . * New upstream version. * Update watch file to new GitHub repository. * Remove patches applied upstream: - check_folder_read_permission.patch - fix_typo_in_manual_page.patch - fix_uninitialized_variables.diff * Generate documentation in debian/tmp instead of in source folder. * Add autopkgtests. Regards,
Bug#942884: Bug#971395: RFS: zipios++/2.2.5.0-1 -- small C++ library for reading zip files (documents)
Hello Tobias, > # please do not reopen new bugs if the old one was not sponsored. > # -- otherwise context is lost. Sorry for the mess, I thought that I had to open a new sponsorship request due to different package name. > You need to upload it to experimental first. Updated package ready to experimental at mentors: https://mentors.debian.net/package/zipios++/ Could you please upload and review? Thanks, François signature.asc Description: This is a digitally signed message part
Bug#971395: RFS: zipios++/2.2.5.0-1 -- small C++ library for reading zip files (documents)
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "zipios++": * Package name: zipios++ Version : 2.2.5.0-1 Upstream Author : Thomas Sondergaard * URL : http://zipios.sourceforge.net/ * License : LGPL-2+ * Vcs : https://salsa.debian.org/debian/zipios Section : devel It builds those binary packages: libzipios-dev - small C++ library for reading zip files (development) libzipios2 - small C++ library for reading zip files (library) libzipios-doc - small C++ library for reading zip files (documents) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/zipios++/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/z/zipios++/zipios++_2.2.5.0-1.dsc Changes since the last upload: zipios++ (2.2.5.0-1) unstable; urgency=high . * Import new upstream release (Closes: #834171). * Rename library package from libzipios++0v5 to libzipios2 * Add watch file * Fix reproducible issue with doxygen documentation * Add autopkgtest * Add upstream metadata * Bump standard version to 4.5.0 * Forward patches to upstream * Remove documentation duplicate files * Update debhelper compatibility to 13 and ignore uninstalled test binaries. * Fix privacy breach in html documentation. Regards, signature.asc Description: This is a digitally signed message part
Bug#942884: RFS: zipios/2.2.5.0-1 -- small C++ library for reading zip files
Hello Tobias, I've repacked the v2 of Zipios at salsa/debian/zipios repository. The last package is uploaded at mentors: https://mentors.debian.net/package/zipios++/ Could you please review and eventually sponsor the upload? Thanks, François
Bug#966382: RFS: photoprint/0.4.2~pre2-3 -- Image printing utility
Hello Tobias, I've updated the package following your instructions. It's available at mentors: https://mentors.debian.net/package/photoprint/ Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#942884: RFS: zipios/2.2.5.0-1 -- small C++ library for reading zip files
Hello Tobias, > > my 2 cents say keep the old name, but see what I've written above. > thanks for your time explaining the reasons to keep the old package name. So I'll restart the version 2 packaging with the zipios++ package name, and I'll drop the renaming process. Could you please create a zipios++ repository under debian group on salsa and grant me right to commit? Best Regards, François
Bug#970613: ITP: photoprint -- Image printing utility
Subject: ITP: photoprint -- Image printing utility Package: wnpp Owner: Francois Mazen Severity: wishlist * Package name: photoprint Version : 0.4.2~pre2 Upstream Author : Alastair M. Robinson * URL : http://blackfiveimaging.co.uk/index.php?article=02Software%2F01PhotoPrint * License : GPL-2+ Programming Lang: C++ Description : Image printing utility PhotoPrint is a utility offering special features for printing digital photographs and other images. It can print multiple images on a single page, create posters split over several pages, arrange images into a sort of carousel when printing on CDs, adding fading or decorative borders to images, etc. It also supports use of ICC colour profiles and sending 16-bit data to the printer. This is the reintroduction of the package. It was removed because a FTBFS on gutenprint 5.3+ (Bug: #915189). The original maintainer (David Stone) agreed to let me maintain the package.
Bug#942884: RFS: zipios/2.2.5.0-1 -- small C++ library for reading zip files
Hello Tobias, the renaming is because the upstream changed the name from zipios++ to zipios when they went from version 1 to version 2 [1]. In addition, there is some API changes with the version 2. This is minor breaks but still break. So I also changed the name of the generated binary packages: libzipios++-dev => libzipios-dev libzipios++-doc => libzipios-doc libzipios++0v5 => libzipios2 plus a transistion package libzipios++0v5 that points to libzipios2 package. Let me know if all this renaming makes sense to you or if I should stick with the existing zipios++ package (that I already maintain). Thanks, François [1]: https://github.com/Zipios/Zipios/issues/2 Le samedi 19 septembre 2020 à 17:18 +0200, Tobias Frost a écrit : > Control: tags -1 moreinfo > > Hi François > > the changelog and package seems to indicate that there is already a > package > in Debian? I can't find it though. Do you have a pointer? > > Update: I found it. The source package name's is zipios++. > Why do you rename the source package? (That needs a good reason as > this is > a quite expensive operation.) > > Tagging moreinfo. > signature.asc Description: This is a digitally signed message part
Bug#966382: RFS: photoprint/0.4.2~pre2-3 -- Image printing utility
Hello Tobias, thanks a lot for all your advice! I'll try to update the package the next days. > - I don't like private repos on salsa very much. Please consider > moving > it to the Debian namespace for collaborative maintaince. Could you please create the debian/photoprint repo on salsa and grant me rights to commit? Thanks, François
Bug#970260: RFS: extractpdfmark/1.1.0-1.1 [NMU] [RC] -- Extract page mode and named destinations as PDFmark from PDF
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "extractpdfmark": * Package name: extractpdfmark Version : 1.1.0-1.1 Upstream Author : [fill in name and email of upstream] * URL : https://github.com/trueroad/extractpdfmark * License : GPL-3.0+ * Vcs : https://salsa.debian.org/debian/extractpdfmark Section : tex It builds those binary packages: extractpdfmark - Extract page mode and named destinations as PDFmark from PDF To access further information about this package, please visit the following URL: https://mentors.debian.net/package/extractpdfmark/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/e/extractpdfmark/extractpdfmark_1.1.0-1.1.dsc Changes since the last upload: extractpdfmark (1.1.0-1.1) unstable; urgency=high . * Non-maintainer upload. * Fix FTBFS with poppler 0.85 (Closes: #968714). Regards,
Bug#970254: RFS: mp3report/1.0.2-5 [ITA] -- Script to create an HTML report of MP3 files in a directory
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "mp3report": * Package name: mp3report Version : 1.0.2-5 Upstream Author : David Parker * URL : http://mp3report.sourceforge.net * License : GPL-2+ * Vcs : https://salsa.debian.org/mzf/mp3report Section : utils It builds those binary packages: mp3report - Script to create an HTML report of MP3 files in a directory To access further information about this package, please visit the following URL: https://mentors.debian.net/package/mp3report/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/m/mp3report/mp3report_1.0.2-5.dsc Changes since the last upload: mp3report (1.0.2-5) unstable; urgency=medium . * New Maintainer (Closes: #831719). * Switch to dpkg-source 3.0 (quilt) format. * Fix crash when scanning empty directory (Closes: #381212). * Generate documentation and manual page from the perl source and register documentation via doc-base. * Add watch file. * Forward patches upstream. * Update VCS to salsa. Regards,
Bug#967212: solfege: Unversioned Python removal in sid/bullseye
Hello Matthias, the python2 dependency may be dh-python, but I doubt it actually depends on python2 because there is no dh-python3 package. As indirect dependency, lilypond package depends on python2. Could you please confirm that this bug is only because of lilypond? Thanks, François signature.asc Description: This is a digitally signed message part
Bug#938965: Alsaseq constants are wrong
fixed 938965 python3-alsa/1.1.6-2+b2 thanks Can not reproduce using python3/3.8.2-3 and python-alsa/1.1.6-2+b2. So closing the bug report. François
Bug#952871: itstool: Segmentation Fault when Merging French Translation
fixed 952871 thanks Can not reproduce on recent sid, package versions: itstool 2.0.6-1 python3 3.8.2-3 python3-libxml2 2.9.10+dfsg-5+b1 It was probably an issue in python3-libxml2. Thanks, François
Bug#966382: RFS: photoprint/0.4.2~pre2-3 -- Image printing utility
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "photoprint": * Package name: photoprint Version : 0.4.2~pre2-3 Upstream Author : Alastair M. Robinson * URL : http://blackfiveimaging.co.uk/index.php?article=02Software%2F01PhotoPrint * License : GPL-2+, CC-BY-2.0~UK * Vcs : https://salsa.debian.org/mzf/photoprint Section : graphics It builds those binary packages: photoprint - Image printing utility To access further information about this package, please visit the following URL: https://mentors.debian.net/package/photoprint/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/p/photoprint/photoprint_0.4.2~pre2-3.dsc Changes since the last upload: photoprint (0.4.2~pre2-3) unstable; urgency=medium . * New maintainer * Fix FTBFS on gutenprint 5.3+ (Closes: #915189) * Bump standard version to 4.5.0 * Update watch file * Fix lintian warnings Regards,
Bug#965930: RFS: taptempo/1.4.5-1 -- command line tap tempo
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "taptempo": * Package name: taptempo Version : 1.4.5-1 Upstream Author : Francois Mazen * URL : https://taptempo.tuxfamily.org * License : GPL-3.0+ * Vcs : https://salsa.debian.org/mzf/taptempo Section : sound It builds those binary packages: taptempo - command line tap tempo To access further information about this package, please visit the following URL: https://mentors.debian.net/package/taptempo/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/t/taptempo/taptempo_1.4.5-1.dsc Changes since the last upload: * New upstream release * Change Vcs-Browser and Vcs-Git to Salsa * Bump standard version to 4.5.0 * Fix lintian warnings Regards, François signature.asc Description: This is a digitally signed message part
Bug#954020: buster-pu: package zipios++/0.1.5.9+cvs.2007.04.28-10+deb10u1
Hello Georg, thanks a lot for your help. The packaging repo is: https://salsa.debian.org/mzf/zipios the branch for this buster patch is "fix_CVE-2019-13453_for_buster": https://salsa.debian.org/mzf/zipios/-/tree/fix_CVE-2019-13453_for_buster the last commit is: https://salsa.debian.org/mzf/zipios/-/commit/7bdc65a62cacea47e03c13e6d92157da3c11f6bd I can upload the package to mentors.d.n if needed. Just let me know. Best, François
Bug#954020: buster-pu: package zipios++/0.1.5.9+cvs.2007.04.28-10+deb10u1
Hi Salvatore, > The problem is just, the upload is not there. Did an error happen on > uploading? > I'm not DM, so someone has to sponsor the upload. Adam or you, could you please upload it? Thanks, François
Bug#954020: buster-pu: package zipios++/0.1.5.9+cvs.2007.04.28-10+deb10u1
Hi Salvatore, > It's now unfortunately to late for 10.4 but did you saw the ack from > Adam? If so this can be included then in 10.5. > I'm OK for the 10.5. Should I do anything? Thanks, François
Bug#954020: buster-pu: package zipios++/0.1.5.9+cvs.2007.04.28-10+deb10u1
Please find attached the debdiff. Best, François diff -Nru zipios++-0.1.5.9+cvs.2007.04.28/debian/changelog zipios++-0.1.5.9+cvs.2007.04.28/debian/changelog --- zipios++-0.1.5.9+cvs.2007.04.28/debian/changelog 2017-05-28 21:20:05.0 +0200 +++ zipios++-0.1.5.9+cvs.2007.04.28/debian/changelog 2020-03-15 17:28:33.0 +0100 @@ -1,3 +1,9 @@ +zipios++ (0.1.5.9+cvs.2007.04.28-10+deb10u1) buster; urgency=high + + * fix CVE-2019-13453 for Buster (Closes: #932556) + + -- Francois Mazen Sun, 15 Mar 2020 17:28:33 +0100 + zipios++ (0.1.5.9+cvs.2007.04.28-10) unstable; urgency=medium * QA upload. diff -Nru zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/fix_CVE-2019-13453.diff zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/fix_CVE-2019-13453.diff --- zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/fix_CVE-2019-13453.diff 1970-01-01 01:00:00.0 +0100 +++ zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/fix_CVE-2019-13453.diff 2020-03-15 17:28:33.0 +0100 @@ -0,0 +1,50 @@ +Description: Fix CVE-2019-13453 +Author: Francois Mazen +Origin: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/ + +--- a/zipios++/zipheadio.h b/zipios++/zipheadio.h +@@ -9,6 +9,7 @@ + + #include "zipios++/ziphead.h" + #include "zipios++/zipios_defs.h" ++#include "zipios++/fcollexceptions.h" + + namespace zipios { + +@@ -79,10 +80,16 @@ + static const int buf_len = sizeof ( uint32 ) ; + unsigned char buf [ buf_len ] ; + int rsf = 0 ; +- while ( rsf < buf_len ) { ++ std::streampos original_pos = is.tellg() ; ++ while ( rsf < buf_len && !is.eof() ) { + is.read ( reinterpret_cast< char * >( buf ) + rsf, buf_len - rsf ) ; + rsf += is.gcount () ; + } ++ if ( rsf != buf_len ) { ++is.seekg( original_pos ) ; ++throw InvalidStateException( "Reached end-of-file while trying to read a" ++ "Uint32; the zip archive may be corrupt." ) ; ++ } + return ztohl ( buf ) ; + } + +@@ -95,10 +102,16 @@ + static const int buf_len = sizeof ( uint16 ) ; + unsigned char buf [ buf_len ] ; + int rsf = 0 ; +- while ( rsf < buf_len ) { ++ std::streampos original_pos = is.tellg() ; ++ while ( rsf < buf_len && !is.eof() ) { + is.read ( reinterpret_cast< char * >( buf ) + rsf, buf_len - rsf ) ; + rsf += is.gcount () ; + } ++ if ( rsf != buf_len ) { ++is.seekg( original_pos ) ; ++throw InvalidStateException( "Reached end-of-file while trying to read a" ++ "Uint16; the zip archive may be corrupt." ) ; ++ } + return ztohs ( buf ) ; + } + diff -Nru zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/series zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/series --- zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/series 2017-05-09 00:29:06.0 +0200 +++ zipios++-0.1.5.9+cvs.2007.04.28/debian/patches/series 2020-03-15 17:28:33.0 +0100 @@ -4,3 +4,4 @@ gcc43_fix.diff amd64_fix.diff pkg-config.diff +fix_CVE-2019-13453.diff signature.asc Description: This is a digitally signed message part
Bug#942884: RFS: zipios/2.2.5.0-1 -- small C++ library for reading zip files (development)
Package: sponsorship-requests Severity: normal Dear mentors, I've updated my package "zipios" at mentors.debian.net and I am looking for a sponsor. Associated bug #942884: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942884 * Package name: zipios Version : 2.2.5.0-1 Upstream Author : Thomas Sondergaard * URL : http://zipios.sourceforge.net/ * License : LGPL-2+ * Vcs : https://salsa.debian.org/mzf-guest/zipios Section : devel It builds those binary packages: libzipios-dev - small C++ library for reading zip files (development) libzipios2 - small C++ library for reading zip files (library) libzipios-doc - small C++ library for reading zip files (documents) libzipios++0v5 - transitional package To access further information about this package, please visit the following URL: https://mentors.debian.net/package/zipios Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/z/zipios/zipios_2.2.5.0-1.dsc Changes since the last upload: * Import new upstream release (Closes: #834171) * Add watch file * Fix reproducible issue with doxygen documentation * Rename to Zipios from Zipios++ * Rename to libzipios2 from libzipios0v5 and create a transition package. * Add autopkgtest * Add upstream metadata * Bump standard version to 4.5.0 Regards, -- Francois Mazen
Bug#952871: itstool: Segmentation Fault when Merging French Translation
Additional information: I can't reproduce within buster/stable release, using 2.0.5-2 package version. Hence it may be a regression introduced by the 2.0.6-1 version. Thanks, François
Bug#949294: solfege: help file not found
Hello Charles, thanks for your bug report! You should install the solfege-doc package to get the html files that are referenced by the help link. I agree that if the documentation package is not installed then the 404 html error is not informative. A better behavior would be to display a nice error pop-up to indicate what to do. In addition, the solfege package does not Recommends the solfege-doc package, which violates the debian policy [1]. I'll try to upload a new package to fix these errors. In the meantime you should install the solfege-doc package to resume your work. Have a nice day, François [1] https://www.debian.org/doc/debian-policy/ch-docs.html#additional-documentation signature.asc Description: This is a digitally signed message part
Bug#941537: Solfege removal
Hello, Lilypond and Solfege packages will be removed in about 14 days. As maintainer of Solfege, this will affect my work. Do you plan tu upload a new Lilypond package to avoid the automatic removal? If not, I can prepare a NMU. Just let me know. Thanks, François signature.asc Description: This is a digitally signed message part
Bug#942884: RFS: zipios/2.2.5.0-1 -- small C++ library for reading zip files (development)
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "zipios" * Package name: zipios Version : 2.2.5.0-1 Upstream Author : Thomas Sondergaard * URL : http://zipios.sourceforge.net/ * License : LGPL-2+ * Vcs : https://salsa.debian.org/mzf-guest/zipios Section : devel It builds those binary packages: libzipios-dev - small C++ library for reading zip files (development) libzipios2 - small C++ library for reading zip files (library) libzipios-doc - small C++ library for reading zip files (documents) libzipios++0v5 - transitional package To access further information about this package, please visit the following URL: https://mentors.debian.net/package/zipios Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/z/zipios/zipios_2.2.5.0-1.dsc Changes since the last upload: * Import new upstream release (Closes: #834171) * Add watch file * Fix reproducible issue with doxygen documentation * Rename to Zipios from Zipios++ * Rename to libzipios2 from libzipios0v5 and create a transition package. * Add autopkgtest * Add upstream metadata * Bump standard version to 4.4.1 Regards,
Bug#941796: RFS: zipios++/0.1.5.9+cvs.2007.04.28-11 [ITA] -- small C++ library for reading zip files (development)
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "zipios++" * Package name: zipios++ Version : 0.1.5.9+cvs.2007.04.28-11 Upstream Author : Thomas Sondergaard ; * URL : http://zipios.sourceforge.net/ * License : LGPL-2+ * Vcs : https://anonscm.debian.org/cgit/collab-maint/zipios++.git Section : devel It builds those binary packages: libzipios++-dev - small C++ library for reading zip files (development) libzipios++0v5 - small C++ library for reading zip files (library) libzipios++-doc - small C++ library for reading zip files (documents) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/zipios%2B%2B Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/z/zipios++/zipios++_0.1.5.9+cvs.2007.04.28-11.dsc Changes since the last upload: * New Maintainer (Closes: #834214) * fix CVE-2019-13453 (Closes: #932556) Please note that this is a minimal upload to fix the CVE-2019-13453 in sid/testing, and then in stable/old-stable. For the upstream update to 2.x, including package name change from zipios++ to zipios, please refer to: https://mentors.debian.net/package/zipios Regards, François Mazen
Bug#939965: buster-pu: package flightcrew/0.7.2+dfsg-13+deb10u1
Hi, please find enclosed the diff that fixes CVE-2019-13241 and CVE-2019- 13032 for buster release of flightcrew. Best, François diff --git a/debian/changelog b/debian/changelog index b6a222f..3fc3b7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +flightcrew (0.7.2+dfsg-13+deb10u1) buster; urgency=high + + * Fix CVE-2019-13241 for Buster. + * Fix CVE-2019-13032 for Buster. + + -- Francois Mazen Sun, 08 Sep 2019 21:55:23 +0200 + flightcrew (0.7.2+dfsg-13) unstable; urgency=medium [ Ondřej Nový ] diff --git a/debian/patches/fix-CVE-2019-13032.diff b/debian/patches/fix-CVE-2019-13032.diff new file mode 100644 index 000..0fe7699 --- /dev/null +++ b/debian/patches/fix-CVE-2019-13032.diff @@ -0,0 +1,44 @@ +Description: fix CVE-2019-13032 +Author: Francois Mazen + +Index: flightcrew/src/FlightCrew/Framework/ValidateEpub.cpp +=== +--- flightcrew.orig/src/FlightCrew/Framework/ValidateEpub.cpp flightcrew/src/FlightCrew/Framework/ValidateEpub.cpp +@@ -118,10 +118,15 @@ fs::path GetRelativePathToNcx( const xc: + std::string href = fromX( item->getAttribute( toX( "href" ) ) ); + std::string media_type = fromX( item->getAttribute( toX( "media-type" ) ) ); + +-if ( xc::XMLUri::isValidURI( true, toX( href ) ) && +- media_type == NCX_MIME ) ++// prevent segfault here that would result as toX() will return null when ++// passed and empty string ++if (!href.empty()) + { +-return Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ); ++if ( xc::XMLUri::isValidURI( true, toX( href ) ) && ++ media_type == NCX_MIME ) ++{ ++return Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ); ++} + } + } + +@@ -141,10 +146,13 @@ std::vector< fs::path > GetRelativePaths + std::string href = fromX( item->getAttribute( toX( "href" ) ) ); + std::string media_type = fromX( item->getAttribute( toX( "media-type" ) ) ); + +-if ( xc::XMLUri::isValidURI( true, toX( href ) ) && +- ( media_type == XHTML_MIME || media_type == OEB_DOC_MIME ) ) +-{ +-paths.push_back( Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ) ); ++if (!href.empty()) ++{ ++if ( xc::XMLUri::isValidURI( true, toX( href ) ) && ++ ( media_type == XHTML_MIME || media_type == OEB_DOC_MIME ) ) ++{ ++ paths.push_back( Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ) ); ++} + } + } + diff --git a/debian/patches/fix-CVE-2019-13241.diff b/debian/patches/fix-CVE-2019-13241.diff new file mode 100644 index 000..5357d6a --- /dev/null +++ b/debian/patches/fix-CVE-2019-13241.diff @@ -0,0 +1,58 @@ +Description: fix CVE-2019-13241 +Author: Francois Mazen + + +--- a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp +@@ -63,6 +63,43 @@ + fs::create_directory( filepath ); + } + ++void CheckPathTraversalVulnerability(const fs::path& root_folder, const fs::path& file_path) ++{ ++ ++fs::path canonical_path = fs::weakly_canonical(file_path); ++fs::path canonical_root_path = fs::weakly_canonical(root_folder); ++ ++fs::path::iterator root_iterator = canonical_root_path.begin(); ++fs::path::iterator path_iterator = canonical_path.begin(); ++bool isDifferenceFound = false; ++while(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator != canonical_path.end()) ++{ ++if((*root_iterator) != (*path_iterator)) ++{ ++isDifferenceFound = true; ++} ++else ++{ ++++root_iterator; ++++path_iterator; ++} ++} ++ ++if(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator == canonical_path.end()) ++{ ++// We reached the end of the path without iterating the whole root. ++isDifferenceFound = true; ++} ++ ++if(isDifferenceFound) ++{ ++throw InvalidStateException( "Corrupt epub detected with local file path: " + file_path.string()) ; ++} ++} + + void ExtractZipToFolder( const fs::path _to_zip, const fs::path _to_folder ) + { +@@ -75,6 +112,7 @@ + + fs::path new_file_path = path_to_folder / (*it)->getName(); + ++CheckPathTraversalVulnerability(path_to_folder, new_file_path); + CreateFilepath( new_file_path ); + WriteEntryToFile( *stream, new_file_path ); + } diff --git a/debian/patches/series b/debian/patches/series index dd411b2..3a46586 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,5 @@ disable_filesystem3_overload modify_cmake_for_debian reproducible-build use_random_unique_tmp_path
Bug#939967: stretch-pu: package flightcrew/0.7.2+dfsg-9+deb9u1
Hi, please find enclosed the diff that fixes CVE-2019-13241 and CVE-2019- 13032 for stretch release of flightcrew. Best, François diff --git a/debian/changelog b/debian/changelog index f602446..88e5e40 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +flightcrew (0.7.2+dfsg-9+deb9u1) stretch; urgency=medium + + * Fix CVE-2019-13241 for stretch release. + * Fix CVE-2019-13032 for stretch release. + + -- Francois Mazen Tue, 10 Sep 2019 15:34:26 +0200 + flightcrew (0.7.2+dfsg-9) unstable; urgency=medium * d/copyright: claim copyright for the 2017. diff --git a/debian/patches/fix-CVE-2019-13032.diff b/debian/patches/fix-CVE-2019-13032.diff new file mode 100644 index 000..0fe7699 --- /dev/null +++ b/debian/patches/fix-CVE-2019-13032.diff @@ -0,0 +1,44 @@ +Description: fix CVE-2019-13032 +Author: Francois Mazen + +Index: flightcrew/src/FlightCrew/Framework/ValidateEpub.cpp +=== +--- flightcrew.orig/src/FlightCrew/Framework/ValidateEpub.cpp flightcrew/src/FlightCrew/Framework/ValidateEpub.cpp +@@ -118,10 +118,15 @@ fs::path GetRelativePathToNcx( const xc: + std::string href = fromX( item->getAttribute( toX( "href" ) ) ); + std::string media_type = fromX( item->getAttribute( toX( "media-type" ) ) ); + +-if ( xc::XMLUri::isValidURI( true, toX( href ) ) && +- media_type == NCX_MIME ) ++// prevent segfault here that would result as toX() will return null when ++// passed and empty string ++if (!href.empty()) + { +-return Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ); ++if ( xc::XMLUri::isValidURI( true, toX( href ) ) && ++ media_type == NCX_MIME ) ++{ ++return Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ); ++} + } + } + +@@ -141,10 +146,13 @@ std::vector< fs::path > GetRelativePaths + std::string href = fromX( item->getAttribute( toX( "href" ) ) ); + std::string media_type = fromX( item->getAttribute( toX( "media-type" ) ) ); + +-if ( xc::XMLUri::isValidURI( true, toX( href ) ) && +- ( media_type == XHTML_MIME || media_type == OEB_DOC_MIME ) ) +-{ +-paths.push_back( Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ) ); ++if (!href.empty()) ++{ ++if ( xc::XMLUri::isValidURI( true, toX( href ) ) && ++ ( media_type == XHTML_MIME || media_type == OEB_DOC_MIME ) ) ++{ ++ paths.push_back( Util::Utf8PathToBoostPath( Util::UrlDecode( href ) ) ); ++} + } + } + diff --git a/debian/patches/fix-CVE-2019-13241.diff b/debian/patches/fix-CVE-2019-13241.diff new file mode 100644 index 000..98019d0 --- /dev/null +++ b/debian/patches/fix-CVE-2019-13241.diff @@ -0,0 +1,59 @@ +Description: fix CVE-2019-13241 +Author: Francois Mazen + + +--- a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp +@@ -63,6 +63,44 @@ + fs::create_directory( filepath ); + } + ++void CheckPathTraversalVulnerability(const fs::path& root_folder, const fs::path& file_path) ++{ ++ ++fs::path canonical_path = fs::weakly_canonical(file_path); ++fs::path canonical_root_path = fs::weakly_canonical(root_folder); ++ ++fs::path::iterator root_iterator = canonical_root_path.begin(); ++fs::path::iterator path_iterator = canonical_path.begin(); ++bool isDifferenceFound = false; ++while(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator != canonical_path.end()) ++{ ++if((*root_iterator) != (*path_iterator)) ++{ ++isDifferenceFound = true; ++} ++else ++{ ++++root_iterator; ++++path_iterator; ++} ++} ++ ++if(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator == canonical_path.end()) ++{ ++// We reached the end of the path without iterating the whole root. ++isDifferenceFound = true; ++} ++ ++if(isDifferenceFound) ++{ ++throw InvalidStateException( "Corrupt epub detected with local file path: " + file_path.string()) ; ++} ++} ++ + + void ExtractZipToFolder( const fs::path _to_zip, const fs::path _to_folder ) + { +@@ -75,6 +113,7 @@ + + fs::path new_file_path = path_to_folder / (*it)->getName(); + ++CheckPathTraversalVulnerability(path_to_folder, new_file_path); + CreateFilepath( new_file_path ); + WriteEntryToFile( *stream, new_file_path ); + } diff --git a/debian/patches/series b/debian/patches/series index dd411b2..3a46586 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,5 @@ disable_filesystem3_overload modify_cmake_for_debian
Bug#939978: buster-pu: package flightcrew/0.7.2+dfsg-13+deb10u1
Subject: buster-pu: package flightcrew/0.7.2+dfsg-13+deb10u1 Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal Hello, I would like to update the flightcrew package in Buster release. The goal is to fix the CVE-2019-13241. Please find attached the debdiff. Best Regards, François -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/16 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash From 1ee41f78678f520402823b1524e02cba5c5d0d88 Mon Sep 17 00:00:00 2001 From: Francois Mazen Date: Tue, 10 Sep 2019 09:27:47 +0200 Subject: [PATCH] Fix CVE-2019-13241 --- debian/changelog | 6 ++ debian/patches/fix-CVE-2019-13241.diff | 58 ++ debian/patches/series| 1 + debian/source/include-binaries | 1 + debian/tests/CVE-2019-13241 | 28 debian/tests/CVE-2019-13241_zip-slip.zip | Bin 0 -> 545 bytes debian/tests/control | 2 ++ 7 files changed, 96 insertions(+) create mode 100644 debian/patches/fix-CVE-2019-13241.diff create mode 100644 debian/source/include-binaries create mode 100644 debian/tests/CVE-2019-13241 create mode 100644 debian/tests/CVE-2019-13241_zip-slip.zip create mode 100644 debian/tests/control diff --git a/debian/changelog b/debian/changelog index b6a222f..dd9a681 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +flightcrew (0.7.2+dfsg-13+deb10u1) buster; urgency=high + + * Fix CVE-2019-13241 for buster. + + -- Francois Mazen Sun, 08 Sep 2019 21:55:23 +0200 + flightcrew (0.7.2+dfsg-13) unstable; urgency=medium [ Ondřej Nový ] diff --git a/debian/patches/fix-CVE-2019-13241.diff b/debian/patches/fix-CVE-2019-13241.diff new file mode 100644 index 000..5357d6a --- /dev/null +++ b/debian/patches/fix-CVE-2019-13241.diff @@ -0,0 +1,58 @@ +Description: fix CVE-2019-13241 +Author: Francois Mazen + + +--- a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp +@@ -63,6 +63,43 @@ + fs::create_directory( filepath ); + } + ++void CheckPathTraversalVulnerability(const fs::path& root_folder, const fs::path& file_path) ++{ ++ ++fs::path canonical_path = fs::weakly_canonical(file_path); ++fs::path canonical_root_path = fs::weakly_canonical(root_folder); ++ ++fs::path::iterator root_iterator = canonical_root_path.begin(); ++fs::path::iterator path_iterator = canonical_path.begin(); ++bool isDifferenceFound = false; ++while(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator != canonical_path.end()) ++{ ++if((*root_iterator) != (*path_iterator)) ++{ ++isDifferenceFound = true; ++} ++else ++{ ++++root_iterator; ++++path_iterator; ++} ++} ++ ++if(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator == canonical_path.end()) ++{ ++// We reached the end of the path without iterating the whole root. ++isDifferenceFound = true; ++} ++ ++if(isDifferenceFound) ++{ ++throw InvalidStateException( "Corrupt epub detected with local file path: " + file_path.string()) ; ++} ++} + + void ExtractZipToFolder( const fs::path _to_zip, const fs::path _to_folder ) + { +@@ -75,6 +112,7 @@ + + fs::path new_file_path = path_to_folder / (*it)->getName(); + ++CheckPathTraversalVulnerability(path_to_folder, new_file_path); + CreateFilepath( new_file_path ); + WriteEntryToFile( *stream, new_file_path ); + } diff --git a/debian/patches/series b/debian/patches/series index dd411b2..f8c0cdb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ disable_filesystem3_overload modify_cmake_for_debian reproducible-build use_random_unique_tmp_path +fix-CVE-2019-13241.diff diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 000..5b216eb --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1 @@ +debian/tests/CVE-2019-13241_zip-slip.zip diff --git a/debian/tests/CVE-2019-13241 b/debian/tests/CVE-2019-13241 new file mode 100644 index 000..baac7e0 --- /dev/null +++ b/debian/tests/CVE-2019-13241 @@ -0,0 +1,28 @@ +#!/bin/sh + +# Check the CVE-2019-13241 vulnerability. +# See https://security-tracker.debian.org/tracker/CVE-2019-13241 +# Author: Francois Mazen + +EVIL_FILE=/tmp/evil.txt + +if [ -f "$EVIL_FILE" ]; then +echo "$EVIL_FILE exists, removing it." +rm -f $EVIL_FILE +else +echo
Bug#939967: stretch-pu: package flightcrew/0.7.2+dfsg-9+deb9u1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: stretch Severity: normal Hello, I would like to update the flightcrew package in Stretch release. The goal is to fix the CVE-2019-13241. Please find attached the debdiff. Best Regards, François -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/16 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash From 24d531e5efce69f77b85d8c16aef2a099e9f143c Mon Sep 17 00:00:00 2001 From: Francois Mazen Date: Tue, 10 Sep 2019 16:28:31 +0200 Subject: [PATCH] Fix CVE-2019-13241. --- debian/changelog | 6 ++ debian/patches/fix-CVE-2019-13241.diff | 59 +++ debian/patches/series| 1 + debian/source/include-binaries | 1 + debian/tests/CVE-2019-13241 | 28 debian/tests/CVE-2019-13241_zip-slip.zip | Bin 0 -> 545 bytes debian/tests/control | 2 ++ 7 files changed, 97 insertions(+) create mode 100644 debian/patches/fix-CVE-2019-13241.diff create mode 100644 debian/source/include-binaries create mode 100644 debian/tests/CVE-2019-13241 create mode 100644 debian/tests/CVE-2019-13241_zip-slip.zip create mode 100644 debian/tests/control diff --git a/debian/changelog b/debian/changelog index f602446..511639c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +flightcrew (0.7.2+dfsg-9+deb9u1) stretch; urgency=medium + + * Fix CVE-2019-13241 for stretch release. + + -- Francois Mazen Tue, 10 Sep 2019 15:34:26 +0200 + flightcrew (0.7.2+dfsg-9) unstable; urgency=medium * d/copyright: claim copyright for the 2017. diff --git a/debian/patches/fix-CVE-2019-13241.diff b/debian/patches/fix-CVE-2019-13241.diff new file mode 100644 index 000..98019d0 --- /dev/null +++ b/debian/patches/fix-CVE-2019-13241.diff @@ -0,0 +1,59 @@ +Description: fix CVE-2019-13241 +Author: Francois Mazen + + +--- a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp +@@ -63,6 +63,44 @@ + fs::create_directory( filepath ); + } + ++void CheckPathTraversalVulnerability(const fs::path& root_folder, const fs::path& file_path) ++{ ++ ++fs::path canonical_path = fs::weakly_canonical(file_path); ++fs::path canonical_root_path = fs::weakly_canonical(root_folder); ++ ++fs::path::iterator root_iterator = canonical_root_path.begin(); ++fs::path::iterator path_iterator = canonical_path.begin(); ++bool isDifferenceFound = false; ++while(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator != canonical_path.end()) ++{ ++if((*root_iterator) != (*path_iterator)) ++{ ++isDifferenceFound = true; ++} ++else ++{ ++++root_iterator; ++++path_iterator; ++} ++} ++ ++if(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator == canonical_path.end()) ++{ ++// We reached the end of the path without iterating the whole root. ++isDifferenceFound = true; ++} ++ ++if(isDifferenceFound) ++{ ++throw InvalidStateException( "Corrupt epub detected with local file path: " + file_path.string()) ; ++} ++} ++ + + void ExtractZipToFolder( const fs::path _to_zip, const fs::path _to_folder ) + { +@@ -75,6 +113,7 @@ + + fs::path new_file_path = path_to_folder / (*it)->getName(); + ++CheckPathTraversalVulnerability(path_to_folder, new_file_path); + CreateFilepath( new_file_path ); + WriteEntryToFile( *stream, new_file_path ); + } diff --git a/debian/patches/series b/debian/patches/series index dd411b2..f8c0cdb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ disable_filesystem3_overload modify_cmake_for_debian reproducible-build use_random_unique_tmp_path +fix-CVE-2019-13241.diff diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 000..5b216eb --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1 @@ +debian/tests/CVE-2019-13241_zip-slip.zip diff --git a/debian/tests/CVE-2019-13241 b/debian/tests/CVE-2019-13241 new file mode 100644 index 000..baac7e0 --- /dev/null +++ b/debian/tests/CVE-2019-13241 @@ -0,0 +1,28 @@ +#!/bin/sh + +# Check the CVE-2019-13241 vulnerability. +# See https://security-tracker.debian.org/tracker/CVE-2019-13241 +# Author: Francois Mazen + +EVIL_FILE=/tmp/evil.txt + +if [ -f "$EVIL_FILE" ]; then +echo "$EVIL_FILE exists, removing it." +rm -f $EVIL_FILE +else +echo "$EVIL_FILE does
Bug#939965: buster-pu: package flightcrew/0.7.2+dfsg-13+deb10u1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal Hello, I would like to update the flightcrew package in Buster release. The goal is to fix the CVE-2019-13241. Please find attached the debdiff. Best Regards, François -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/16 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash From 1ee41f78678f520402823b1524e02cba5c5d0d88 Mon Sep 17 00:00:00 2001 From: Francois Mazen Date: Tue, 10 Sep 2019 09:27:47 +0200 Subject: [PATCH] Fix CVE-2019-13241 --- debian/changelog | 6 ++ debian/patches/fix-CVE-2019-13241.diff | 58 ++ debian/patches/series| 1 + debian/source/include-binaries | 1 + debian/tests/CVE-2019-13241 | 28 debian/tests/CVE-2019-13241_zip-slip.zip | Bin 0 -> 545 bytes debian/tests/control | 2 ++ 7 files changed, 96 insertions(+) create mode 100644 debian/patches/fix-CVE-2019-13241.diff create mode 100644 debian/source/include-binaries create mode 100644 debian/tests/CVE-2019-13241 create mode 100644 debian/tests/CVE-2019-13241_zip-slip.zip create mode 100644 debian/tests/control diff --git a/debian/changelog b/debian/changelog index b6a222f..dd9a681 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +flightcrew (0.7.2+dfsg-13+deb10u1) buster; urgency=high + + * Fix CVE-2019-13241 for buster. + + -- Francois Mazen Sun, 08 Sep 2019 21:55:23 +0200 + flightcrew (0.7.2+dfsg-13) unstable; urgency=medium [ Ondřej Nový ] diff --git a/debian/patches/fix-CVE-2019-13241.diff b/debian/patches/fix-CVE-2019-13241.diff new file mode 100644 index 000..5357d6a --- /dev/null +++ b/debian/patches/fix-CVE-2019-13241.diff @@ -0,0 +1,58 @@ +Description: fix CVE-2019-13241 +Author: Francois Mazen + + +--- a/src/zipios/src/zipextraction.cpp b/src/zipios/src/zipextraction.cpp +@@ -63,6 +63,43 @@ + fs::create_directory( filepath ); + } + ++void CheckPathTraversalVulnerability(const fs::path& root_folder, const fs::path& file_path) ++{ ++ ++fs::path canonical_path = fs::weakly_canonical(file_path); ++fs::path canonical_root_path = fs::weakly_canonical(root_folder); ++ ++fs::path::iterator root_iterator = canonical_root_path.begin(); ++fs::path::iterator path_iterator = canonical_path.begin(); ++bool isDifferenceFound = false; ++while(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator != canonical_path.end()) ++{ ++if((*root_iterator) != (*path_iterator)) ++{ ++isDifferenceFound = true; ++} ++else ++{ ++++root_iterator; ++++path_iterator; ++} ++} ++ ++if(!isDifferenceFound && ++ root_iterator != canonical_root_path.end() && ++ path_iterator == canonical_path.end()) ++{ ++// We reached the end of the path without iterating the whole root. ++isDifferenceFound = true; ++} ++ ++if(isDifferenceFound) ++{ ++throw InvalidStateException( "Corrupt epub detected with local file path: " + file_path.string()) ; ++} ++} + + void ExtractZipToFolder( const fs::path _to_zip, const fs::path _to_folder ) + { +@@ -75,6 +112,7 @@ + + fs::path new_file_path = path_to_folder / (*it)->getName(); + ++CheckPathTraversalVulnerability(path_to_folder, new_file_path); + CreateFilepath( new_file_path ); + WriteEntryToFile( *stream, new_file_path ); + } diff --git a/debian/patches/series b/debian/patches/series index dd411b2..f8c0cdb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ disable_filesystem3_overload modify_cmake_for_debian reproducible-build use_random_unique_tmp_path +fix-CVE-2019-13241.diff diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 000..5b216eb --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1 @@ +debian/tests/CVE-2019-13241_zip-slip.zip diff --git a/debian/tests/CVE-2019-13241 b/debian/tests/CVE-2019-13241 new file mode 100644 index 000..baac7e0 --- /dev/null +++ b/debian/tests/CVE-2019-13241 @@ -0,0 +1,28 @@ +#!/bin/sh + +# Check the CVE-2019-13241 vulnerability. +# See https://security-tracker.debian.org/tracker/CVE-2019-13241 +# Author: Francois Mazen + +EVIL_FILE=/tmp/evil.txt + +if [ -f "$EVIL_FILE" ]; then +echo "$EVIL_FILE exists, removing it." +rm -f $EVIL_FILE +else +echo "$EVIL_FILE does not exist" +fi + +echo "Opening the evil
Bug#935535: solfege: crashes with python3-pyalsa installed
Hello Reiner, thanks a lot for reporting this issue. It seems that the update of python3-pyalsa from 1.0.29-1 to 1.1.6-2 triggers the crash. I've opened the bug#938965 to python3-pyalsa package with this issue [1], and I'll upload a workaround for solfege. Best Regards, François [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938965 signature.asc Description: This is a digitally signed message part
Bug#938965: Alsaseq constants are wrong
Package: python3-pyalsa Version: 1.1.6-2 Dear Maintainer, upgrading python3-pyalsa from version 1.0.29-1 (python2) to version 1.1.6-2 (python3) changes the values of the alsaseq constants like SEQ_OPEN_OUTPUT. Then alsaseq.Sequencer call with theses constants fails with message: OverflowError: signed integer is greater than maximum If I replace the constant by their integer values, like 1 for SEQ_OPEN_OUTPUT, no error raised. To reproduce, in python3 interactive console with python3-pyalsa 1.1.6- 2 (Debian Unstable): - Python 3.7.4 (default, Aug 21 2019, 16:01:23) [GCC 9.2.1 20190813] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from pyalsa import alsaseq >>> sequencer = alsaseq.Sequencer(name='default', ... clientname="solfege-alsa.py", ... streams=alsaseq.SEQ_OPEN_OUTPUT, ... mode=alsaseq.SEQ_NONBLOCK) Traceback (most recent call last): File "", line 4, in OverflowError: signed integer is greater than maximum >>> alsaseq.SEQ_OPEN_OUTPUT SEQ_OPEN_OUTPUT(0x1) >>> alsaseq.SEQ_OPEN_OUTPUT.real 3495274726 >>> sequencer = alsaseq.Sequencer(name='default', ... clientname="solfege-alsa.py", ... streams=1, ... mode=1) >>> sequencer - Same commands in python2 interactive console with python-pyalsa 1.0.29- 1 (Debian Stretch): - Python 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from pyalsa import alsaseq >>> sequencer = alsaseq.Sequencer(name='default', ... clientname="solfege-alsa.py", ... streams=alsaseq.SEQ_OPEN_OUTPUT, ... mode=alsaseq.SEQ_NONBLOCK) >>> sequencer >>> alsaseq.SEQ_OPEN_OUTPUT 1 >>> alsaseq.SEQ_OPEN_OUTPUT.real 1 - It looks like the Constant class does not return the right value for SEQ_OPEN_OUTPUT (3495274726 instead of 1) in 1.1.6-2 version. This leads to the integer overflow because 3495274726 is greater than the typical signed integer upper limit (2147483647). I've found the behavior change while trying to fix the Bug#935535 [1]: solfege: crashes with python3-pyalsa installed Thanks, François [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935535
Bug#901148: timidity: Timidity needed by solfege
Hi Alain, > I upgraded from Stretch to Buster and sound completely disappeared. > Removing Timidity fixed the problem but made me unable to use gnu > solfege as it > depends on timidity. The sound is broken by timidity-daemon, not the timidity package itself. So you should try to install GNU Solfege and check that timidity-daemon is not installed (timidity "suggests" timidity-daemon so it should not be installed automatically). Best, François
Bug#861997: ITA: flightcrew -- C++ epub validator
retitle 861997 ITA: flightcrew -- C++ epub validator owner 861997 Francois Mazen thanks I volunteer to adopt this package. The Sigil's code seems to be the new upstream reference: https://github.com/Sigil-Ebook/flightcrew Best Regards, François
Bug#923570: RFS: zipios/2.1.7.11-1 [ITA] -- small C++ library for reading zip files
Hi Adam, I'm aware of the hard freeze, no problem for waiting. I've uploaded the package in order to find a mentor to monitor the renaming process, and check that I'm doing it right. Hope someone would be interested. Thanks for the information. Best Regards, François Message initial De: Adam Borowski À: François Mazen , 923...@bugs.debian.org Objet: Re: Bug#923570: RFS: zipios/2.1.7.11-1 [ITA] -- small C++ library for reading zip files Date: Sat, 2 Mar 2019 11:38:07 +0100 On Sat, Mar 02, 2019 at 09:43:57AM +0100, François Mazen wrote: > Package name: zipios > Version : 2.1.7.11-1 > Changes since the last upload: > > * Rename to Zipios from Zipios++ > * New maintainer (Closes: #834214) > * Import new upstream release (Closes: #834171) > * Add watch file > * Fix reproducible issue with doxygen documentation > * Rename to libzipios2 from libzipios0v5 and create a transition > package. > * Add autopkgtest > * Add upstream metadata Alas, the transition freeze is in for quite a while already, and we're entering hard freeze. There's no way to get such a rename in. Even if we uploaded your new version today, it'd stay in NEW then in unstable until Buster's release -- for no benefit but blocking any fixes to the frozen package. Thus, I'm afraid such changes should wait. Meow! signature.asc Description: This is a digitally signed message part
Bug#923570: RFS: zipios/2.1.7.11-1 [ITA] -- small C++ library for reading zip files
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "zipios" Package name: zipios Version : 2.1.7.11-1 Upstream Author : Thomas Sondergaard URL : http://zipios.sourceforge.net/ License : LGPL-2+ Section : libs It builds those binary packages: libzipios-dev - small C++ library for reading zip files (development) libzipios2 - small C++ library for reading zip files (library) libzipios-doc - small C++ library for reading zip files (documents) libzipios++0v5 - transitional package To access further information about this package, please visit the following URL: https://mentors.debian.net/package/zipios Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/z/zipios/zipios_2.1.7.11-1.dsc More information about zipios can be obtained from http://zipios.sourceforge.net/ and https://github.com/zipios/zipios Changes since the last upload: * Rename to Zipios from Zipios++ * New maintainer (Closes: #834214) * Import new upstream release (Closes: #834171) * Add watch file * Fix reproducible issue with doxygen documentation * Rename to libzipios2 from libzipios0v5 and create a transition package. * Add autopkgtest * Add upstream metadata Regards, Francois Mazen signature.asc Description: This is a digitally signed message part
Bug#834214: ITA: zipios++ -- a small C++ library for reading zip files (development)
retitle 834214 ITA: zipios++ -- a small C++ library for reading zip files thanks (Adding Mentors to get more answers of questions below) Hello, I volunteer to maintain zipios++ package. The upstream has changed a lot, like moving to github [1]. I have few questions about the package name: * There is a new major release 2.x.x that potentially breaks the API. Should I re-brand the package to reflects this change (like zipios++2)? * The upstream decided to drop the "++" at the end of the name [2]. Should I do the same? * The current library package name is "libzipios++0v5", why the "0v5" at the end? Can I drop it? Thanks, François [1] https://sourceforge.net/p/zipios/news/2016/09/zipios-moving-to-github/ [2] https://github.com/Zipios/Zipios/issues/2 signature.asc Description: This is a digitally signed message part
Bug#920639: solfege: Does not start
Hello, thanks a lot for reporting this issue. It seems that the behavior of python3 webbrowser module changed with python 3.7.2 release. A simple fix is to call webbrowser.get() before using the module. --- a/solfege/mainwin.py +++ b/solfege/mainwin.py @@ -25,6 +25,7 @@ # debian etch system, the browser does will freeze solfege until # I close the browser window. try: +webbrowser.get() i = webbrowser._tryorder.index("x-www-browser") webbrowser._tryorder.append(webbrowser._tryorder[i]) del webbrowser._tryorder[i] A patch is attached, and I'll generate a new package as soon as possible. Best Regards, François --- a/solfege/mainwin.py +++ b/solfege/mainwin.py @@ -25,6 +25,7 @@ # debian etch system, the browser does will freeze solfege until # I close the browser window. try: +webbrowser.get() i = webbrowser._tryorder.index("x-www-browser") webbrowser._tryorder.append(webbrowser._tryorder[i]) del webbrowser._tryorder[i] signature.asc Description: This is a digitally signed message part
Bug#893377: Re: Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi Lumin, the file msys/mingw-bundledlls.py was committed by mistake. It is only needed to generate the Windows package. I've removed it in the upstream code and I generated a new release (1.4.3). I've also updated the copyright file for the new 1.4.3-1 package. The new package is tagged debian/1.4.3-1 in the packaging repository: https://git.tuxfamily.org/taptempo/taptempo_deb_packaging.git/tag/?h=debian/1.4.3-1 and it's uploaded to mentors (just to check that everything is still fine). Best Regards, François Le vendredi 14 septembre 2018 à 03:09 +, Mo Zhou a écrit : > On Thu, Sep 13, 2018 at 10:57:42PM +0200, François Mazen wrote: > > Hi Lumin, > > > > congratulation for your promotion as Debian Developer! > > > > I downgraded the standard version of my package from 4.2.1 to 4.1.4 > > and > > I uploaded it to mentors but Lintian has been updated in the > > meantime. > > So I've kept the 4.2.1 version and you can upload: > > https://mentors.debian.net/package/taptempo > > Oops, I have no idea when msys/mingw-bundledlls.py appeared in > the source package but you have to add it to the copyright file. > > The rest looks good to me. Please tag debian/1.4.2-1 in your > packaging > repository after fixing the copyright. I'll directly upload the > package from your git repo instead of mentors. (So you don't have to > upload to mentors again)
Bug#893377: Re: Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi Lumin, congratulation for your promotion as Debian Developer! I downgraded the standard version of my package from 4.2.1 to 4.1.4 and I uploaded it to mentors but Lintian has been updated in the meantime. So I've kept the 4.2.1 version and you can upload: https://mentors.debian.net/package/taptempo Thanks a lot for the sponsoring! Best Regards, François Le jeudi 13 septembre 2018 à 11:59 +, Mo Zhou a écrit : > control: owner -1 ! > > Hi François, > > I can sponsor this package for you now. Would you mind updating the > package and bump the standard version? Or should I upload it as is? signature.asc Description: This is a digitally signed message part
Bug#898075: jack: segfaults at start
Hello, apparently the character string generated in jack_cursesmodule that is passed to ncurses is invalid. I can't figure why this happen but I suspect an issue in the python binding in jack_cursesmodule. Hopefully you can bypass jack_cursesmodule to use the built-in ncurses python binding. It fixes the issue, and a patch is attached to this message. I think it's a viable solution because according to the documentation in the cursesmodule folder [1], the jack_cursesmodule is an old binding of ncurses: version 1.5b1 from before the release of python 2.0 [2] (see the version number at the beginning of jack_cursesmodule.c [3]). So, using the official binding from python is a much more reliable solution. In addition, I can provide a non-maintainer upload for this package and eventually maintain the package. Best Regards, François [1] https://sources.debian.org/src/jack/3.1.1+cvs20050801-29.2/cursesmodule/README.cursesmodule/ [2] https://invisible-island.net/ncurses/ncurses-python.html [3] https://sources.debian.org/src/jack/3.1.1+cvs20050801-29.2/cursesmodule/jack_cursesmodule.c/ Author: Francois Mazen Description: remove jack_cursesmodule, an obsolete curses binding Bug-Debian: https://bugs.debian.org/898075 --- a/setup.py +++ b/setup.py @@ -13,11 +13,6 @@ url = "http://www.home.unix-ag.org/arne/jack/;, # Description of the modules and packages in the distribution -ext_modules = [ Extension('jack_cursesmodule', -['cursesmodule/jack_cursesmodule.c'], libraries=["ncursesw"], -include_dirs=["/usr/include/ncursesw"], -extra_compile_args=["-Wno-strict-prototypes"]) ], - py_modules = [ 'jack_CDTime', 'jack_TOC', 'jack_TOCentry', 'jack_argv', 'jack_checkopts', 'jack_children', 'jack_config', 'jack_constants', 'jack_display', 'jack_encstuff', 'jack_freedb', 'jack_functions',
Bug#762451: 762451 ITA: solfege -- Ear training software
retitle 762451 ITA: solfege -- Ear training software (duplicate) owner 762451 ! stop Hello, I'm preparing a new package of solfege to fix the lintian error missing-depends-on-sensible-utils, and I volunteer for maintaining this package. Should I do something else in addition to upload the new package to mentors.debian.net? Best Regards, François signature.asc Description: This is a digitally signed message part
Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi, I've uploaded a new release for my package taptempo (1.4.1-1), and I'm looking for a sponsor: Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "taptempo" * Package name: taptempo Version : 1.4.1-1 Upstream Author : Francois Mazen * URL : https://taptempo.tuxfamily.org/ * License : GPL-3.0 Section : sound It builds those binary packages: taptempo - command line tap tempo To access further information about this package, please visit the following URL: https://mentors.debian.net/package/taptempo Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/t/taptempo/tapt empo_1.4.1-1.dsc More information about TapTempo can be obtained from https://taptempo .tuxfamily.org/. Changes since the last upload (1.3.0): - Move debian package code to a separate repository. - Add unit tests using Catch framework. - Add gaming mode with --game switch. - Fix Options class when calling multiple times getopt_long - Change "check" target to "test" target, to match debian packaging system. Regards, Francois Mazen Le mardi 10 avril 2018 à 05:11 +, Lumin a écrit : > Hi François, > > I'm trying to apply for DD so I'm helping newcomers to review their > packages. As agreed by Gianfranco, once we've finished polising > the packaging, he will check and sponsor the package. > > Now your package is in good shape, and there is nothing left to > be dealt with except for waiting for the sponsorship. > Let's hope Gianfranco will find a time doing the sponsorship. > > Regards, > > On 9 April 2018 at 17:43, François Mazen wrote: > > Hi Lumin, > > > > I just want to know if I must do something to go on with the > > integration of TapTempo into Debian. > > Should I submit again a RFS for the new package version? > > > > Thanks a lot for your help, > > François > > > > > > Le mardi 03 avril 2018 à 23:13 +0200, François Mazen a écrit : > > > Hi Lumin, > > > > > > upload to mentors done, please check: > > > https://mentors.debian.net/package/taptempo > > > > > > Regards, > > > > > > François > > > > > > > > > > > > Le mardi 03 avril 2018 à 06:17 +, Lumin a écrit : > > > > Hi François, > > > > > > > > On 31 March 2018 at 21:59, François Mazen > > > > wrote: > > > > > > > > > > This program is useful to quickly find the tempo of a song. > > > > > The idea is to type "taptempo" in a terminal, then hit enter > > > > > key > > > > > at > > > > > each beat while hearing a song, and display the tempo. > > > > > > > > > > The targeted people are mainly musicians who need to > > > > > transcribe > > > > > music > > > > > or play the song at the exact original tempo. The typical > > > > > situation > > > > > to > > > > > use this software is when you are in a hurry and you don't > > > > > have > > > > > time to > > > > > launch a big workstation like Ardour or Lmms in order to find > > > > > the > > > > > tempo. > > > > > > > > Got it. Thank you for this explanation. > > > > > > > > > > > > > > > 8. When you have built the latest version of the modified > > > > > > package, > > > > > > you could run lintian against it: > > > > > > > > > > > > lintian -EviI --pedantic .changes > > > > > > > > > > > > There generally shouldn't be any Error or Warning. > > > > > > > > > > I've fixed all the error and the lintian output should be > > > > > clean. > > > > > > > > You have done quite a good job making the package in a good > > > > shape, > > > > and making the upstream very standard. > > > > > > > > By the way I'm surprised that you have fixed all lintian > > > > outputs, > > > > including the pedantic stuff. The pedantic items are only > > > > optional, > > > > not what must be fixed. Errors and Warnings should be dealt > > > > with, > > > > and some lintian Info can even pass if the maintainer has a > > > > go
Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi Lumin, upload to mentors done, please check: https://mentors.debian.net/package/taptempo Regards, François Le mardi 03 avril 2018 à 06:17 +, Lumin a écrit : > Hi François, > > On 31 March 2018 at 21:59, François Mazen <franc...@mzf.fr> wrote: > > > > This program is useful to quickly find the tempo of a song. > > The idea is to type "taptempo" in a terminal, then hit enter key at > > each beat while hearing a song, and display the tempo. > > > > The targeted people are mainly musicians who need to transcribe > > music > > or play the song at the exact original tempo. The typical situation > > to > > use this software is when you are in a hurry and you don't have > > time to > > launch a big workstation like Ardour or Lmms in order to find the > > tempo. > > Got it. Thank you for this explanation. > > > > > > 8. When you have built the latest version of the modified > > > package, > > > you could run lintian against it: > > > > > > lintian -EviI --pedantic .changes > > > > > > There generally shouldn't be any Error or Warning. > > > > I've fixed all the error and the lintian output should be clean. > > You have done quite a good job making the package in a good shape, > and making the upstream very standard. > > By the way I'm surprised that you have fixed all lintian outputs, > including the pedantic stuff. The pedantic items are only optional, > not what must be fixed. Errors and Warnings should be dealt with, > and some lintian Info can even pass if the maintainer has a good > reason. > > In return everything's shining and in good shape :-) > > > Let me know if it still require more work. > > Nitpicking: > > 1. Please collapse the two lines in changelog into one. They refer to > the same thing. > > - * Initial debian package. > - * Closes: #893306 > + * Initial debian package. (Closes: #893306) > > 2. there is still an autpkgtest problem: > > autopkgtest [07:01:02]: test version: [--- > spawn taptempo --version > couldn't execute "taptempo": no such file or directory > while executing > "spawn taptempo --version" > (file > "/tmp/autopkgtest.C3pEq9/build.uWo/src/debian/tests/version" line 6) > autopkgtest [07:01:03]: test version: ---] > autopkgtest [07:01:03]: test version: - - - - - - - - - - results - > - > - - - - - - - - > version FAIL non-zero exit status 1 > autopkgtest [07:01:03]: test version: - - - - - - - - - - stderr - - > - - - - - - - - > couldn't execute "taptempo": no such file or directory > while executing > "spawn taptempo --version" > (file > "/tmp/autopkgtest.C3pEq9/build.uWo/src/debian/tests/version" line 6) > > this can be fixed by the patch. It looks somewhat wired but we need > it. > > --- a/debian/tests/control > +++ b/debian/tests/control > @@ -1,2 +1,2 @@ > Tests: version, help, tempo > -Depends: expect > +Depends: expect, taptempo > > The autopkgtest result after patched: > > http://debomatic-amd64.debian.net/distribution#unstable/taptempo/1.3. > 0-1/autopkgtest > > build result: > > http://debomatic-amd64.debian.net/distribution#unstable/taptempo/1.3. > 0-1/buildlog > > > Should I update this new package to the mentors website? > > Yes, please fix the two problem mentioned above, and upload to > mentors. > > Thank you for you contribution to Debian, and have a good day. signature.asc Description: This is a digitally signed message part
Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi, I've chosen to create a separate repo for packaging: https://git.tuxfamily.org/taptempo/taptempo_deb_packaging.git and I will soon remove the debian folder in the upstream repository. > 0. This program seems to be a terminal bpm meter. I'm not quite good > at music stuff, so I'd like to make sure: > 0.1 For what purpose can this program be used? > 0.2 Who's the targeted people of this program? This program is useful to quickly find the tempo of a song. The idea is to type "taptempo" in a terminal, then hit enter key at each beat while hearing a song, and display the tempo. The targeted people are mainly musicians who need to transcribe music or play the song at the exact original tempo. The typical situation to use this software is when you are in a hurry and you don't have time to launch a big workstation like Ardour or Lmms in order to find the tempo. > 8. When you have built the latest version of the modified package, > you could run lintian against it: > > lintian -EviI --pedantic .changes > > There generally shouldn't be any Error or Warning. I've fixed all the error and the lintian output should be clean. Let me know if it still require more work. Should I update this new package to the mentors website? Thanks, François Le mardi 27 mars 2018 à 07:05 +, Lumin a écrit : > Hi François, > > On 26 March 2018 at 19:56, François Mazen <franc...@mzf.fr> wrote: > > I've manually changed the timestamp of the changelog file from the > > original repo, and I haven't check that the date was wrong. I can > > update the changelog file. > > I've seen new commits in the repo. Let's assume it's the latest > version > we would talk about. The following discussion will be based on > https://github.com/moleculext/taptempo > > > The public key is published on the sks-keyservers network. Should I > > sent it to debian keyring or other keyserver? > > I can retrieve the key now. > > > Should I submit a new revision of the package (1.2.1-2) or re- > > upload > > with the current revision number (1.2.1-1)? > > Not necessary. Further changes are needed, I'll check the git repo > directly since there is delay for mentor uploads. > > Here are a list of problems I have found: > > 0. This program seems to be a terminal bpm meter. I'm not quite good > at music stuff, so I'd like to make sure: > 0.1 For what purpose can this program be used? > 0.2 Who's the targeted people of this program? > > 1. Upstream source should not contain a "debian" directory. However, > you seem to be the upstream author, so you have two choices: > (a) remove debian directory from source, and create another > packaging > repo where the debian directory is tracked. > (b) change source/format to 3.0 (naitive). In this way you can > keep > the debian directory in upstream source. > > 2. The standards version is quite out of date. You could lookup the > update > checklist of Debian Policy[2], and update the standards version > to the > latest one (version 4.1.3). > > 3. Debhelper compatibility version is old. Version 11 is preferred. > > 4. control: the long discription is somewhat short. Could you please > explain a bit more about the program's purpose and functionality? > > 5. changelog: It should close the ITP bug you've submitted. e.g. > Close: #XXX > > 6. control: I'd recommend to add the Vcs-Git and Vcs-Browser field > which > point to the packaging repository. And add a homepage which > points > to the upstream homepage or simply the upstream repo. > > 7. Hardening flags[3] should be added to rules. i.e. > export DEB_BUILD_MAINT_OPTIONS = hardening=+all > > 8. When you have built the latest version of the modified package, > you could run lintian against it: > > lintian -EviI --pedantic .changes > > There generally shouldn't be any Error or Warning. > > 9. changelog: please keep the version number aligned with upstream > version. > or thing may get into a mess. > > I'll check the git repo again once you have updated it. If you have > any > questions about the above points, just feel free to ask > > [1] https://www.debian.org/doc/manuals/maint-guide/index.en.html > [2] https://www.debian.org/doc/debian-policy/ > [3] https://wiki.debian.org/Hardening >
Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Hi Lumin, thanks a lot for your help. I'll try to fix everything. > 1. Why is the package on mentors newer than that on github repo? > Could you please keep the packaging repo up-to-date? I've manually changed the timestamp of the changelog file from the original repo, and I haven't check that the date was wrong. I can update the changelog file. > > 2. Where is your public key? no such key on keyserver. > > 86A5ABD6FFDB0A0C7F5057D34797FA721C351C9E The public key is published on the sks-keyservers network. Should I sent it to debian keyring or other keyserver? http://hkps.pool.sks-keyservers.net/pks/lookup?search=0x86A5ABD6FFDB0A0C7F5057D34797FA721C351C9E > > 3. There are still many problems related to package, let's > discuss on that once we have a synced git repository > to talk about. Should I submit a new revision of the package (1.2.1-2) or re-upload with the current revision number (1.2.1-1)? Regards, François
Bug#893377: RFS: taptempo/1.2.1-1 [ITP]
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "taptempo" * Package name: taptempo Version : 1.2.1-1 Upstream Author : Francois Mazen* URL : https://github.com/moleculext/taptempo * License : GPL-3.0 Section : misc It builds those binary packages: taptempo - command line tap tempo To access further information about this package, please visit the following URL: https://mentors.debian.net/package/taptempo Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/t/taptempo/tapt empo_1.2.1-1.dsc More information about TapTempo can be obtained from https://github.c om/moleculext/taptempo. Changes since the last upload: taptempo (1.2.1-1) unstable; urgency=low * Initial debian package. * Closes: #893306 -- Francois Mazen Sun, 18 Mar 2018 09:52:03 +0100 Regards, Francois Mazen