Bug#1086032: calibre: SEGV when trying to "add books" on a PinePhonePro arm64 architecture
Hello, This Debian bug 1086032 seems same as Debian bug 1085035. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085035 Because Calibre crushes at same point QHeaderView::sectionSizeFromContents(). > Stack trace of thread 611645: > #0 0x99a41acc n/a (libQt6Gui.so.6 + 0x171acc) > #1 0x9b58f5f8 QVariant::~QVariant() (libQt6Core.so.6 + 0x1bf5f8) > #2 0x9a4cbd5c QHeaderView::sectionSizeFromContents(int) const > (libQt6Widgets.so.6 + 0x47bd5c) > #3 0x9a4babcc QHeaderView::sizeHint() const (libQt6Widgets.so.6 + > 0x46abcc) > #4 0x9a528e0c QTreeView::updateGeometries() (libQt6Widgets.so.6 + > 0x4d8e0c) > #5 0x9a4a0aa4 QAbstractItemView::doItemsLayout() (libQt6Widgets.so.6 > + 0x450aa4) > #6 0x9a51fc04 QTreeView::doItemsLayout() (libQt6Widgets.so.6 + > 0x4cfc04) > #7 0x9a45d03c n/a (libQt6Widgets.so.6 + 0x40d03c) > #8 0x9a44f78c QFileDialogPrivate::init(QFileDialogArgs const&) > (libQt6Widgets.so.6 + 0x3ff78c) > #9 0x9ae4 QFileDialog::QFileDialog(QFileDialogArgs const&) > (libQt6Widgets.so.6 + 0x3f44e4) > #10 0x9a44be84 QFileDialog::getOpenFileUrls(QWidget*, QString const&, > QUrl const&, QString const&, QString*, QFlags, > QList const&) (libQt6Widgets.so.6 + 0x3fbe84) > #11 0x9a44c100 QFileDialog::getOpenFileNames(QWidget*, QString > const&, QString const&, QString const&, QString*, > QFlags) (libQt6Widgets.so.6 + 0x3fc100) > #12 0x9ab733b8 n/a (QtWidgets.abi3.so + 0x3833b8) > #13 0x004fff94 n/a (python3.12 + 0xfff94) -- YOKOTA Hiroshi
Bug#1086032: calibre: SEGV when trying to "add books" on a PinePhonePro arm64 architecture
Hello, > This could be a Python bug and it might be appropriate to reassign it to one > of the Python packages. But I will leave that decision to someone who knows > more about Python than I do. Calibre uses PyQt6 as Qt interface. "add books" button shows a file open dialog and crashes inside the dialog. I think it's a bug of file-open dialog inside PyQt6 or Qt6. >Stack trace of thread 611645: >#0 0x99a41acc n/a (libQt6Gui.so.6 + 0x171acc) >#1 0x9b58f5f8 QVariant::~QVariant() (libQt6Core.so.6 > + 0x1bf5f8) >#2 0x9a4cbd5c > QHeaderView::sectionSizeFromContents(int) const (libQt6Widgets.so.6 + > 0x47bd5c) >#3 0x9a4babcc QHeaderView::sizeHint() const > (libQt6Widgets.so.6 + 0x46abcc) >#4 0x9a528e0c QTreeView::updateGeometries() > (libQt6Widgets.so.6 + 0x4d8e0c) >#5 0x9a4a0aa4 QAbstractItemView::doItemsLayout() > (libQt6Widgets.so.6 + 0x450aa4) >#6 0x9a51fc04 QTreeView::doItemsLayout() > (libQt6Widgets.so.6 + 0x4cfc04) >#7 0x9a45d03c n/a (libQt6Widgets.so.6 + 0x40d03c) >#8 0x9a44f78c > QFileDialogPrivate::init(QFileDialogArgs const&) (libQt6Widgets.so.6 + > 0x3ff78c) >#9 0x9ae4 > QFileDialog::QFileDialog(QFileDialogArgs const&) (libQt6Widgets.so.6 + > 0x3f44e4) >#10 0x9a44be84 QFileDialog::getOpenFileUrls(QWidget*, > QString const&, QUrl const&, QString const&, QString*, > QFlags, QList const&) (libQt6Widgets.so.6 + > 0x3fbe84) >#11 0x9a44c100 QFileDialog::getOpenFileNames(QWidget*, > QString const&, QString const&, QString const&, QString*, > QFlags) (libQt6Widgets.so.6 + 0x3fc100) >#12 0x9ab733b8 n/a (QtWidgets.abi3.so + 0x3833b8) >#13 0x004fff94 n/a (python3.12 + 0xfff94) Arm64 platform currently try PAC/BTI transition. I wonder this transition might crashes some programs. > https://wiki.debian.org/ToolChain/PACBTI -- YOKOTA Hiroshi
Bug#1086343: libzstd1: FTBFS fix for hurd-amd64 build
Package: libzstd1 Version: 1.5.6+dfsg-1 Severity: normal Tags: ftbfs X-Debbugs-Cc: yokota.h...@gmail.com Dear libzstd Maintainer, Please apply hurd-i386 patches into hurd-amd64 to fix FTBFS. I add a merge request on salsa. > https://salsa.debian.org/pkg-rpm-team/libzstd/-/merge_requests/5 -- YOKOTA Hiroshi -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.11.4-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libzstd1 depends on: ii libc6 2.40-3 libzstd1 recommends no packages. libzstd1 suggests no packages. -- no debconf information
Bug#1084171: bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1
> Please add a bit more detail about what those CVEs refer to in the > changelog, and then go ahead. Thank you. I was upload with detailed changelog. -- TOKOTA Hiroshi
Bug#1084171: bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm security
X-Debbugs-Cc: 7...@packages.debian.org, t...@security.debian.org,
yokota.h...@gmail.com
Control: affects -1 + src:7zip
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
[ Impact ]
Some vulnerabilities are unfixed.
[ Tests ]
Very trivial NTFS disk image file test was passed.
* list files
* extract files
[ Risks ]
Upstream dose not provide fix patch.
So I extract fix patch from CVE reporter's blog entry.
> https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
I think the fix patch will works, but not confirmed by upstream
because upstream dose not provides fix patch files.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Add fix-ups to NTFS extractor.
[ Other info ]
CVE Reporter's blog entry:
> https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
Debdiff can be examine from online:
> https://salsa.debian.org/debian/7zip/-/tree/bookworm-update
>
https://salsa.debian.org/debian/7zip/-/commits/33950db8e8c9130ac6718fde10515c74f9c6cecc
Roger Shimizu provides bookworm-backports package
7zip:24.08+dfsg-1~bpo12+1.
7zip 24.08 already fixed the vulnerabilities by upstream since 24.05.
--
YOKOTA Hiroshi
diff -Nru 7zip-22.01+dfsg/debian/changelog 7zip-22.01+dfsg/debian/changelog
--- 7zip-22.01+dfsg/debian/changelog2022-12-18 21:09:42.0 +0900
+++ 7zip-22.01+dfsg/debian/changelog2024-10-06 11:40:03.0 +0900
@@ -1,3 +1,9 @@
+7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
+
+ * Fix CVE-2023-52168 and CVE-2023-52169
+
+ -- YOKOTA Hiroshi Sun, 06 Oct 2024 11:40:03 +0900
+
7zip (22.01+dfsg-8) unstable; urgency=medium
* Upgrade Debian standards
diff -Nru
7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
---
7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
1970-01-01 09:00:00.0 +0900
+++
7zip-22.01+dfsg/debian/patches/0009-Fix-CVE-2023-52168-and-CVE-2023-52169.patch
2024-10-06 11:40:03.0 +0900
@@ -0,0 +1,146 @@
+From: YOKOTA Hiroshi
+Date: Wed, 2 Oct 2024 12:09:49 +0900
+Subject: Fix CVE-2023-52168 and CVE-2023-52169
+
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-52168
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-52169
+Forwarded: not-needed
+
+This patch was extracted from reporter's blog and
+upstream/23.01..upstream/24.05 diff.
+> https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
+---
+ CPP/7zip/Archive/NtfsHandler.cpp | 89 +---
+ 1 file changed, 57 insertions(+), 32 deletions(-)
+
+diff --git a/CPP/7zip/Archive/NtfsHandler.cpp
b/CPP/7zip/Archive/NtfsHandler.cpp
+index 0b9ee29..39a1299 100755
+--- a/CPP/7zip/Archive/NtfsHandler.cpp
b/CPP/7zip/Archive/NtfsHandler.cpp
+@@ -71,6 +71,7 @@ struct CHeader
+ {
+ unsigned SectorSizeLog;
+ unsigned ClusterSizeLog;
++ unsigned MftRecordSizeLog;
+ // Byte MediaType;
+ UInt32 NumHiddenSectors;
+ UInt64 NumSectors;
+@@ -156,14 +157,47 @@ bool CHeader::Parse(const Byte *p)
+
+ NumClusters = NumSectors >> sectorsPerClusterLog;
+
+- G64(p + 0x30, MftCluster);
++ G64(p + 0x30, MftCluster); // $MFT.
+ // G64(p + 0x38, Mft2Cluster);
+- G64(p + 0x48, SerialNumber);
+- UInt32 numClustersInMftRec;
+- UInt32 numClustersInIndexBlock;
+- G32(p + 0x40, numClustersInMftRec); // -10 means 2 ^10 = 1024 bytes.
+- G32(p + 0x44, numClustersInIndexBlock);
+- return (numClustersInMftRec < 256 && numClustersInIndexBlock < 256);
++ G64(p + 0x48, SerialNumber); // $MFTMirr
++
++ /*
++numClusters_per_MftRecord:
++numClusters_per_IndexBlock:
++only low byte from 4 bytes is used. Another 3 high bytes are zeros.
++ If the number is positive (number < 0x80),
++ then it represents the number of clusters.
++ If the number is negative (number >= 0x80),
++ then the size of the file record is 2 raised to the absolute value
of this number.
++ example: (0xF6 == -10) means 2^10 = 1024 bytes.
++ */
++ {
++UInt32 numClusters_per_MftRecord;
++G32(p + 0x40, numClusters_per_MftRecord);
++if (numClusters_per_MftRecord >= 0x100 || numClusters_per_MftRecord == 0)
++ return false;
++if (numClusters_per_MftRecord < 0x80)
++{
++ const int t = GetLog(numClusters_per_MftRecord);
++ if (t < 0)
++return false;
++ MftRecordSizeLog = (unsigned)t + ClusterSizeLog;
++}
++else
++ MftRecordSizeLog = 0x100 - numClusters_per_MftRecord;
++// what exact MFT record si
Bug#1079597: bullseye-pu: package calibre/5.12.0+dfsg-1+deb11u2
> Please go ahead, bearing in mind that today is the last day to get > fixes into the final bullseye point release. After that you will need > to co-ordinate with the LTS Team. Thank you. I was uploaded the package. -- YOKOTA Hiroshi
Bug#1079388: bookworm-pu: package calibre/6.13.0+repack-2+deb12u4
> Please go ahead. Thank you. I was uploaded the package. -- YOKOTA Hiroshi
Bug#1079597: bullseye-pu: package calibre/5.12.0+dfsg-1+deb11u2
Package: release.debian.org
Severity: normal
Tags: bullseye, security
X-Debbugs-Cc: cali...@packages.debian.org, t...@security.debian.org,
yokota.h...@gmail.com
Control: affects -1 + src:calibre
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Fix these CVEs:
* CVE-2024-7008
* CVE-2024-7009
[ Impact ]
Some security problems are unfixed.
* cross-site scripting
* SQL injection
[ Tests ]
Build and automated build-time tests were succeeded.
[ Risks ]
Not fully tested on bullseye.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* Fix CVE-2024-7008
* Fix CVE-2024-7009
[ Other info ]
You can examine commits from online:
> https://github.com/debian-calibre/calibre/tree/bullseye-update
diff --git a/debian/changelog b/debian/changelog
index 33068fc40c..a7a13add8a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+calibre (5.12.0+dfsg-1+deb11u2) bullseye; urgency=medium
+
+ * Fix #2075131 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075131)
+(Fix for CVE-2024-7009)
+ * Fix #2075130 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075130)
+(Fix for CVE-2024-7008)
+
+ -- YOKOTA Hiroshi Sun, 25 Aug 2024 13:32:32 +0900
+
calibre (5.12.0+dfsg-1+deb11u1) bullseye; urgency=medium
* Avoid to use embedded assignment syntax (Closes: #998744)
diff --git
a/debian/patches/0012-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
b/debian/patches/0012-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
new file mode 100644
index 00..5c4a925777
--- /dev/null
+++
b/debian/patches/0012-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
@@ -0,0 +1,42 @@
+From: Kovid Goyal
+Date: Tue, 30 Jul 2024 13:36:39 +0530
+Subject: Fix #2075131 [Private
+ bug](https://bugs.launchpad.net/calibre/+bug/2075131)
+
+Origin: backport,
https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7.patch
+Forwarded: not-needed
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-7009
+---
+ src/calibre/db/backend.py | 12 +++-
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/src/calibre/db/backend.py b/src/calibre/db/backend.py
+index 55526b7..bae5b35 100644
+--- a/src/calibre/db/backend.py
b/src/calibre/db/backend.py
+@@ -1803,18 +1803,20 @@ class DB(object):
+ ):
+ fts_table = 'annotations_fts_stemmed' if use_stemming else
'annotations_fts'
+ text = 'annotations.searchable_text'
++data = []
+ if highlight_start is not None and highlight_end is not None:
+ if snippet_size is not None:
+-text = 'snippet({fts_table}, 0, "{highlight_start}",
"{highlight_end}", "…", {snippet_size})'.format(
+-fts_table=fts_table, highlight_start=highlight_start,
highlight_end=highlight_end,
+-snippet_size=max(1, min(snippet_size, 64)))
++text = "snippet({fts_table}, 0, ?, ?, '…',
{snippet_size})".format(
++fts_table=fts_table, snippet_size=max(1,
min(snippet_size, 64)))
+ else:
+-text = 'highlight({}, 0, "{}", "{}")'.format(fts_table,
highlight_start, highlight_end)
++text = f"highlight({fts_table}, 0, ?, ?)"
++data.append(highlight_start)
++data.append(highlight_end)
+ query = 'SELECT {0}.id, {0}.book, {0}.format, {0}.user_type,
{0}.user, {0}.annot_data, {1} FROM {0} '
+ query = query.format('annotations', text)
+ query += ' JOIN {fts_table} ON annotations.id =
{fts_table}.rowid'.format(fts_table=fts_table)
+ query += ' WHERE {fts_table} MATCH ?'.format(fts_table=fts_table)
+-data = [fts_engine_query]
++data.append(fts_engine_query)
+ if restrict_to_user:
+ query += ' AND annotations.user_type = ? AND annotations.user = ?'
+ data += list(restrict_to_user)
diff --git
a/debian/patches/0013-Fix-2075130-Private-bug-https-bugs.launchpad.net-cal.patch
b/debian/patches/0013-Fix-2075130-Private-bug-https-bugs.launchpad.net-cal.patch
new file mode 100644
index 00..060fe0b9b4
--- /dev/null
+++
b/debian/patches/0013-Fix-2075130-Private-bug-https-bugs.launchpad.net-cal.patch
@@ -0,0 +1,25 @@
+From: Kovid Goyal
+Date: Tue, 30 Jul 2024 13:40:21 +0530
+Subject: Fix #2075130 [Private
+ bug](https://bugs.launchpad.net/calibre/+bug/2075130)
+
+Origin: backport,
https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0.patch
+Forwarded: not-needed
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE
Bug#1079388: bookworm-pu: package calibre/6.13.0+repack-2+deb12u4
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com,
t...@security.debian.org
Control: affects -1 + src:calibre
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Fix these CVEs:
* CVE-2024-6782 + fixup
* CVE-2024-7008
* CVE-2024-7009
[ Impact ]
Some security problems are unfixed.
* remote-code execution
* cross-site scripting
* SQL injection
[ Tests ]
Build and automated build-time tests are passed.
[ Risks ]
Not fully tested on bookworm.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* Fix CVE-2024-6782
* Fix CVE-2024-7008
* Fix CVE-2024-7009
* Add fixup for CVE-2024-6782. See also Debian bug 1079277
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079277
[ Other info ]
You can examine commits from online:
> https://github.com/debian-calibre/calibre/tree/bookworm-update
diff --git a/debian/changelog b/debian/changelog
index 8985397430..7d465145f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+calibre (6.13.0+repack-2+deb12u4) bookworm; urgency=medium
+
+ * Fix #2075131 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075131)
+(Fix for CVE-2024-7009)
+ * Fix #2075130 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075130)
+(Fix for CVE-2024-7008)
+ * Fix #2075128 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075128)
+(Fix for CVE-2024-6782)
+ * Fix #2076515 [calibredb list command ignores fields
+option](https://bugs.launchpad.net/calibre/+bug/2076515)
+Add fixup to CVE-2024-6782 .
+See also Debian bug 1079277.
+> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079277
+
+ -- YOKOTA Hiroshi Thu, 22 Aug 2024 20:41:03 +0900
+
calibre (6.13.0+repack-2+deb12u3) bookworm; urgency=medium
* HTML Input: Don't add resources that exist outside the folder hierarchy
diff --git
a/debian/patches/0032-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
b/debian/patches/0032-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
new file mode 100644
index 00..ebc9c23760
--- /dev/null
+++
b/debian/patches/0032-Fix-2075131-Private-bug-https-bugs.launchpad.net-cal.patch
@@ -0,0 +1,73 @@
+From: Kovid Goyal
+Date: Tue, 30 Jul 2024 13:36:39 +0530
+Subject: Fix #2075131 [Private
+ bug](https://bugs.launchpad.net/calibre/+bug/2075131)
+
+Origin: backport,
https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7.patch
+Forwarded: not-needed
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-7009
+---
+ src/calibre/db/backend.py | 12 +++-
+ src/calibre/db/fts/connect.py | 8 +---
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/calibre/db/backend.py b/src/calibre/db/backend.py
+index 614abdb..8cdaee3 100644
+--- a/src/calibre/db/backend.py
b/src/calibre/db/backend.py
+@@ -1917,18 +1917,20 @@ class DB:
+ fts_engine_query = unicode_normalize(fts_engine_query)
+ fts_table = 'annotations_fts_stemmed' if use_stemming else
'annotations_fts'
+ text = 'annotations.searchable_text'
++data = []
+ if highlight_start is not None and highlight_end is not None:
+ if snippet_size is not None:
+-text = 'snippet({fts_table}, 0, "{highlight_start}",
"{highlight_end}", "…", {snippet_size})'.format(
+-fts_table=fts_table, highlight_start=highlight_start,
highlight_end=highlight_end,
+-snippet_size=max(1, min(snippet_size, 64)))
++text = "snippet({fts_table}, 0, ?, ?, '…',
{snippet_size})".format(
++fts_table=fts_table, snippet_size=max(1,
min(snippet_size, 64)))
+ else:
+-text = f'highlight({fts_table}, 0, "{highlight_start}",
"{highlight_end}")'
++text = f"highlight({fts_table}, 0, ?, ?)"
++data.append(highlight_start)
++data.append(highlight_end)
+ query = 'SELECT {0}.id, {0}.book, {0}.format, {0}.user_type,
{0}.user, {0}.annot_data, {1} FROM {0} '
+ query = query.format('annotations', text)
+ query += ' JOIN {fts_table} ON annotations.id =
{fts_table}.rowid'.format(fts_table=fts_table)
+ query += f' WHERE {fts_table} MATCH ?'
+-data = [fts_engine_query]
++data.append(fts_engine_query)
+ if restrict_to_user:
+ query += ' AND annotations.user_type = ? AND annotations.user = ?'
+ data += list(restrict_to_user)
+diff --git a/src/calibre/db/fts/connect.py
Bug#1072992: pycryptodome: FTBFS: cannot find -lasan and -lubsan on loong64, sparc64 and other architectures
Hello PyCryptodome maintainers, I was added FTBFS fix for Debian bug 1069534, 1072992, 1045521 to Debian salsa repository. https://salsa.debian.org/python-team/packages/pycryptodome/-/merge_requests/2 Please examine the merge request. -- YOKOTA Hiroshi
Bug#1075105: jxrlib: ftbfs with GCC-14
Hello Debian PhotoTools Maintainers, I was added marge request to jxrlib and fix FTBFS error with GCC-14. https://salsa.debian.org/debian-phototools-team/jxrlib/-/merge_requests/4 Please fix this FTBFS issue on jxrlib. -- YOKOTA Hiroshi
Bug#1076311: calibre: fix appstream ID warning
Hello Petter, > > Each application IDs must be globally unique. > > So we can't change application IDs without upstream fix. > I do not understand this statement. Of course Debian can change the > application ID without waiting for upstream to change it there first. > Globally unique do not mean globally consistent and identical > everywhere. Sorry. Here is my understanding. Application ID must be same along with other OSs/systems. So, we can change application ID first, but must accept the new ID by upstream later. * https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#tag-id-generic > Note that the value of this tag must be unique across all distributions and > software > deployment platforms. In case it is not unique, distributors are expected to > reject the > conflicting components from inclusion into their metadata and notify the > upstream > projects about this issue. And XDG desktop standards recommends application IDs as there desktop entry file name. * https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#file-naming > The name of the desktop entry should follow the "reverse DNS" convention: > it should start with a reversed DNS domain name controlled by the author of > the application, in lower case. The domain name should be followed by the > name of the application, which is conventionally written with words run > together > and initial capital letters (CamelCase). For example, if the owner of > example.org > writes "Foo Viewer", they might choose the name org.example.FooViewer, > resulting in a file named org.example.FooViewer.desktop. -- YOKOTA Hiroshi
Bug#1076311: calibre: fix appstream ID warning
Hello Petter, > * asv-cid-desktopapp-is-not-rdns > calibre-gui.metainfo.xml:3 - calibre-gui.desktop This issue was asked to upstream some years ago. But not accepted by upstream. > https://github.com/kovidgoyal/calibre/pull/731 > https://github.com/kovidgoyal/calibre/pull/1070 Each application IDs must be globally unique. So we can't change application IDs without upstream fix. If you interesting about this issue, please ask to upstream once more. -- YOKOTA Hiroshi
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello, > And here is debdiff file to show updated part in "debian" directory. > All of difference can be examine from salsa. > > https://salsa.debian.org/debian/7zip/-/compare/debian%2F22.01+dfsg-8...bookworm-update I was update my debdiff to set update urgency status to "high" because this is a security update. -- YOKOTA Hiroshi 7zip_24.07+dfsg-1~deb12u1.debian.debdiff Description: Binary data
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello, I want to update Debian 12 with 7zip 23.07 to fix these security issues. * CVE-2023-31102 * CVE-2023-40481 * CVE-2023-52168 * CVE-2023-52169 And here is debdiff file to show updated part in "debian" directory. All of difference can be examine from salsa. > https://salsa.debian.org/debian/7zip/-/compare/debian%2F22.01+dfsg-8...bookworm-update -- YOKOTA Hiroshi 7zip_24.07+dfsg-1~deb12u1.debian.debdiff Description: Binary data
Bug#1073480: Fwd: zstdTargets.cmake: missing targets zstd::libzstd_shared, zstd::libzstd_static, zstd::libzstd
Hello Debian Qt/KDE Maintainers, I think Debian bug 1073480 is not a libzstd's bug but qt6-base's bug. Please examine this bug report and my forwarded message below. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073480 -- YOKOTA Hiroshi -- Forwarded message - Subject: Re: zstdTargets.cmake: missing targets zstd::libzstd_shared, zstd::libzstd_static, zstd::libzstd To: <1073...@bugs.debian.org> Hello, I think this bug is not a libzstd's bug but qt6-base's bug. Please check this QTBUG. > [#QTBUG-119469] Targets not yet defined: zstd::libzstd_static > https://bugreports.qt.io/browse/QTBUG-119469 The QTBUG said this bug was fixed in Qt 6.7.2, so update Qt to 6.7.2 will fixes the problem. Or, back port QTBUG-119469 fix from git commits. > https://code.qt.io/cgit/qt/qtbase.git/log/?qt=grep&q=QTBUG-119469 PS: Arch Linux also have this bug. > https://gitlab.archlinux.org/archlinux/packaging/packages/qt6-doc/-/issues/1 -- YOKOTA Hiroshi
Bug#1073480: zstdTargets.cmake: missing targets zstd::libzstd_shared, zstd::libzstd_static, zstd::libzstd
Hello, I think this bug is not a libzstd's bug but qt6-base's bug. Please check this QTBUG. > [#QTBUG-119469] Targets not yet defined: zstd::libzstd_static > https://bugreports.qt.io/browse/QTBUG-119469 The QTBUG said this bug was fixed in Qt 6.7.2, so update Qt to 6.7.2 will fixes the problem. Or, back port QTBUG-119469 fix from git commits. https://code.qt.io/cgit/qt/qtbase.git/log/?qt=grep&q=QTBUG-119469 PS: Arch Linux also have this bug. > https://gitlab.archlinux.org/archlinux/packaging/packages/qt6-doc/-/issues/1 -- YOKOTA Hiroshi
Bug#1072988: calibre: Calibre viewer displays text only on very small area on the top of the window the window
Hello, Your problem was confirmed on current Debian testing (trixie) distribution box. But the problem is not happen on current Debian unstable (sid) box. Current Debian unstable has Calibre 7.12.0+ds-2, so please wait until Calibre is update to this version. -- YOKOTA
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello Étienne, > py7zr was ready for upload to Debian. py7zr 0.21 is now split-out all architecture-dependent binary module to external python modules. And py7zr target architecture is changed to "all". I think we send RM request to Debian release team to drop old architecture-dependent packages. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello Étienne, py7zr was ready for upload to Debian. Please examine salsa repository and upload to Debian if it looks well. https://salsa.debian.org/python-team/packages/py7zr -- YOKOTA Hiroshi
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, > In case you might become Debian Maintainer we could grant you > upload permissions for the packages you are maintaining. Thank you. I want upload permissions to maintain this package. -- YOKOTA Hiroshi
Bug#1068314: python-inflate64_1.0.0+ds-1_amd64.changes REJECTED
Hello, > please also mention Ma Lin in your debian/copyright. I was updated Debian salsa repository to fix the issue. https://salsa.debian.org/python-team/packages/python-inflate64 Please upload it as Debian package by Debian Python Team because I don't have upload rights. -- YOKOTA Hiroshi
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, Debian pychm was updated. I can't upload the new package because I don't have upload rights. Please upload the new package by someone in debian-python who has upload rights. -- YOKOTA Hiroshi
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
> I am not in a position to assess that for you. You're the maintainer, you > need to be able to vouch for your proposed upload. Upstream dose not have VCS and not provide fix patch, and just releases new version 7-Zip 23.01 as fix. So, I can't guarantee the bug was fixed except new upstream version 23.01. I think we need some Debian Developer provide BPO package 7zip 23.01 to fix this issue. Because I am a Debian Maintainer, I can't provide such BPO package. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, > When writing this I'm wondering whether it might be better to remove > this in Files-Excluded. On one hand this saves us from mentioning the > copyright on the other hand we could be really sure that it is not used. > What do you think - should I override the previous upload without that > code copy? I did not wanted to be too invasive with your packaging > but I would have done so in my packages. Thanks for your suggestion. I was dropped embedded library code from brotlicffi and pyzstd, and push them to salsa.debian.org repository. I was also fix some copyright issues. -- YOKOTA Hiroshi
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, I think these packages are now ready for upload to NEW queue. Please examine them. https://salsa.debian.org/python-team/packages/python-brotlicffi https://salsa.debian.org/python-team/packages/python-inflate64 https://salsa.debian.org/python-team/packages/python-pyppmd https://salsa.debian.org/python-team/packages/python-pyzstd -- YOKOTA Hiroshi
Bug#1065221: Packaging multivolumefile?
Hi Andreas, Thanks a lot for your detailed document. I will try to fixup other packages. PS: If py7zr is done, I will also try package pychm to use for Debian Calibre package. Please sponsor me for pychm package if you have time. > O: pychm -- Python binding for CHMLIB - Python 3 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065222 -- YOKOTA Hiroshi
Bug#1068317: ITP: python-pyzstd -- Facebook's Zstandard (or zstd as short name) algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyzstd Version : 0.15.10 Upstream Contact: Rogdham * URL : https://github.com/Rogdham/pyzstd * License : BSD-3-Clause Programming Lang: Python Description : Facebook's Zstandard (or zstd as short name) algorithm for Python Pyzstd module provides classes and functions for compressing and decompressing data, using Facebook's Zstandard (or zstd as short name) algorithm. The API style is similar to Python's bz2/lzma/zlib modules. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068315: ITP: python-pyppmd -- PPM(Prediction by partial matching) compression algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyppmd Version : 1.1.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pyppmd * License : LGPL-2.1+ Programming Lang: Python Description : PPM(Prediction by partial matching) compression algorithm for Python pyppmd module provides classes and functions for compressing and decompressing text data, using PPM(Prediction by partial matching) compression algorithm which has several variations of implementations. PPMd is the implementation by Dmitry Shkarin. PyPPMD use Igor Pavlov's range coder introduced in 7-zip. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068314: ITP: python-inflate64 -- Enhanced Deflate compression algorithm for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-inflate64 Version : 1.0.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/inflate64 * License : LGPL-2.1+ Programming Lang: Python Description : Enhanced Deflate compression algorithm for Python The inflate64 is a python package to provide Deflater and Inflater class to compress and decompress with Enhanced Deflate compression algorithm. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068313: ITP: python-brotlicffi -- Python CFFI bindings for the reference Brotli encoder/decoder
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-brotlicffi Version : 1.1.0.0 Upstream Contact: Seth Michael Larson * URL : https://github.com/python-hyper/brotlicffi * License : MIT Programming Lang: Python Description : Python CFFI bindings for the reference Brotli encoder/decoder This library contains Python CFFI bindings for the reference Brotli encoder/decoder. This allows Python software to use the Brotli compression algorithm directly from Python code. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068309: ITP: python-bcj -- BCJ(Branch-Call-Jump) filter for python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-bcj Version : 1.0.2 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pybcj * License : LGPL-2.1-or-later Programming Lang: Python Description : BCJ(Branch-Call-Jump) filter for python In data compression, BCJ, short for Branch-Call-Jump, refers to a technique that improves the compression of machine code of executable binaries by replacing relative branch addresses with absolute ones. This allows a LZMA compressor to identify duplicate targets and archive higher compression rate. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1068305: ITP: python-multivolumefile -- multiple files-wrapping library for Python
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: python-multivolumefile Version : 0.2.3 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/multivolume * License : LGPL-2.1+ Programming Lang: Python Description : multiple files-wrapping library for Python MultiVolumefile is a Python library to provide file-object wrapping multiple files as virtually like as a single file. It inherits io.RawIOBase class and supports some of its standard methods. This package is required to Debian package py7zr (>= 0.16.0). I will maintain this package with Debian Python team. Andreas Tille will sponsors me for this package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065221
Bug#1065222: O: pychm -- Python binding for CHMLIB - Python 3
Hello, I want to maintain pychm because it's required by Debian Calibre package. -- YOKOTA
Bug#1065221: O: py7zr -- pure Python 7-zip library
Hello, I'm interested in py7zr because it is required by Calibre. New py7zr requires some other modules that not packaged by Debian yet. I make those modules into Debian packages. https://salsa.debian.org/yokota/python-multivolumefile https://salsa.debian.org/yokota/python-bcj https://salsa.debian.org/yokota/python-brotlicffi https://salsa.debian.org/yokota/python-inflate64 https://salsa.debian.org/yokota/python-pyppmd https://salsa.debian.org/yokota/python-pyzstd And here is my py7zr repository. https://salsa.debian.org/yokota/py7zr I am a Debian Maintainer, so I want mentor to upload these packages. -- YOKOTA Hiroshi
Bug#1067715: closed by yokota (Re: Bug#1067715: calibre: doesn't install DeACSM plugin)
Hello, > Please, don't close bugs just because they are fixed upstream, the > fixed-upstream exists exactly for this. I think it's external plugin's bug and not Calibre's bug. But I will keep this bug open as you requested. If you think the bug is fixed, let me know. Or close this bug by yourself. Best regards, -- YOKOTA
Bug#1067715: calibre: doesn't install DeACSM plugin
Hello, José. > oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto This bug was already fixed on DeACSM upstream development code. Try it from DeACSM plugin forum. https://www.mobileread.com/forums/showpost.php?p=4157570&postcount=2 https://www.mobileread.com/forums/showthread.php?t=341975 FYI: DeACSM plugin was renamed to ACSMInput plugin. Use "calibre-customize --add-plugin FILE_PATH" to install plugins from local path. https://manual.calibre-ebook.com/generated/en/calibre-customize.html -- YOKOTA
Bug#1067715: calibre: doesn't install DeACSM plugin
Hello, José.
I'm not maintain external plugins.
So I can't fix plugin codes.
But this bug might fix when you installs Debian
python3-oscrypto/1.3.0-1+deb12u1 package.
https://tracker.debian.org/pkg/oscrypto
DeACSM plugin seems to load properly on my Debian Calibre 7.7.0.
Here is my technical analysis about this issue.
1. This line shows Python oscrypto code fails to detect OpenSSL version.
> raise LibraryNotFoundError('Error detecting the version of libcrypto')
> oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
DeACSM plugin includes Python oscrypto module, and use it when required.
2. Current upstream oscrypto release code has some bugs about OpenSSL
version detection.
OpenSSL has MAJOR.MINOR.PATCHLEVEL version scheme and each section
has 1 or more
digits.
But oscrypto code can only accepts 1 digit for each section. And it
fails to detect version numbers.
Current Debian OpenSSL version in Debian stable is 3.0.11, and it
has 2 degits in PATCHLEVEL.
3. This bug was fixed in oscrypto upstream development codes, but not
in release codes.
https://github.com/wbond/oscrypto/pull/76
4. This bug was also fixed in Debian bug 1055598. And released as
python3-oscrypto/1.3.0-1+deb12u1.
Use Debian oscrypto module instead of included oscrypto module
might fix the bug.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055598
5. If it went wrong, fix manually oscrypto code in plugin code. The
oscrypto code is Zip-ed as oscrypto.zip
See previous GitHub pull request for fix.
https://github.com/wbond/oscrypto/pull/76
--
YOKOTA
Bug#1065494: libgtk-3-0t64: 64-bit time_t transition breaks gtk+3.0 immodule cache
Package: libgtk-3-0t64
Version: 3.24.41-1.1
Severity: normal
X-Debbugs-Cc: yokota.h...@gmail.com, vor...@debian.org,
debian-de...@lists.debian.org
Usertags: time-t
Dear Maintainer,
libgtk-3-0 package generates cache file
/usr/lib/${arch}/gtk-3.0/3.0.0/immodules.cache
when installing, and removes this cache file when removing the package.
This behavior is good in most cases, but not so good in 64-bit time_t
transition.
Because this behavior accidentally drops the cache file
If the cache file is missing, gtk3 immodules will not works.
Reinstall libgtk-3-0t64 package will rebuild the cache file, and immodules
works again.
libglib2.0-0t64 package had same bug, but fixed.
Please checkout there fix.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065022
https://salsa.debian.org/gnome-
team/glib/-/commit/55e33e4eb3165e66d9bf0f6598a6a59c9cedda4c
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.7-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgtk-3-0t64 depends on:
ii adwaita-icon-theme 46~beta-4
ii hicolor-icon-theme 0.17-2
ii libatk-bridge2.0-0t64 2.51.90-2
ii libatk1.0-0t64 2.51.90-2
ii libc6 2.37-15.1
ii libcairo-gobject2 1.18.0-1+b1
ii libcairo2 1.18.0-1+b1
ii libcloudproviders0 0.3.5-1
ii libcolord2 1.4.7-1
ii libcups2t642.4.7-1.2+b1
ii libepoxy0 1.5.10-1+b2
ii libfontconfig1 2.15.0-1
ii libfribidi01.0.13-3+b1
ii libgdk-pixbuf-2.0-02.42.10+dfsg-3+b1
ii libglib2.0-0t642.78.4-3
ii libgtk-3-common3.24.41-1.1
ii libharfbuzz0b 8.3.0-2
ii libpango-1.0-0 1.52.0+ds-1
ii libpangocairo-1.0-01.52.0+ds-1
ii libpangoft2-1.0-0 1.52.0+ds-1
ii libwayland-client0 1.22.0-2.1+b1
ii libwayland-cursor0 1.22.0-2.1+b1
ii libwayland-egl11.22.0-2.1+b1
ii libx11-6 2:1.8.7-1
ii libxcomposite1 1:0.4.5-1
ii libxcursor11:1.2.1-1
ii libxdamage11:1.1.6-1
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2
ii libxi6 2:1.8.1-1
ii libxinerama1 2:1.1.4-3
ii libxkbcommon0 1.6.0-1
ii libxrandr2 2:1.5.2-2+b1
ii shared-mime-info 2.4-1
Versions of packages libgtk-3-0t64 recommends:
ii libgtk-3-bin 3.24.41-1.1
ii librsvg2-common 2.54.7+dfsg-2
Versions of packages libgtk-3-0t64 suggests:
ii gvfs 1.53.90-3
Versions of packages libgtk-3-0t64 is related to:
pn appmenu-gtk3-module
pn fcitx-frontend-gtk3
pn gcin-gtk3-immodule
pn gtk-vector-screenshot
pn gtk3-engines-xfce
pn gtk3-im-libthai
pn hime-gtk3-immodule
ii ibus-gtk3 1.5.29-1
pn imhangul-gtk3
ii libcanberra-gtk3-module 0.30-12
pn libcaribou-gtk3-module
pn libgtk3-nocsd0
pn maliit-inputcontext-gtk3
pn packagekit-gtk3-module
pn scim-gtk-immodule
pn topmenu-gtk3
pn uim-gtk3
pn uim-gtk3-immodule
-- no debconf information
Bug#1065493: libgtk2.0-0t64: 64-bit time_t transition breaks gtk+2.0 immodule cache
Package: libgtk2.0-0t64
Version: 2.24.33-3.1
Severity: normal
X-Debbugs-Cc: yokota.h...@gmail.com, vor...@debian.org,
debian-de...@lists.debian.org
Dear Maintainer,
libgtk2.0-0 package generates cache file
/usr/lib/${arch}/gtk-2.0/2.10.0/immodules.cache
when installing, and removes this cache file when removing the package.
This behavior is good in most cases, but not so good in 64-bit time_t
transition.
Because this behavior accidentally drops the cache file
If the cache file is missing, gtk2 immodules will not works.
Reinstall libgtk2.0-0t64 package will rebuild the cache file, and immodules
works again.
libglib2.0-0t64 package had same bug, but fixed.
Please checkout there fix.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065022
https://salsa.debian.org/gnome-
team/glib/-/commit/55e33e4eb3165e66d9bf0f6598a6a59c9cedda4c
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.7-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgtk2.0-0t64 depends on:
ii adwaita-icon-theme 46~beta-4
ii gnome-icon-theme 3.12.0-5
ii hicolor-icon-theme 0.17-2
ii libatk1.0-0t64 2.51.90-2
ii libc62.37-15.1
ii libcairo21.18.0-1+b1
ii libcups2t64 2.4.7-1.2+b1
ii libfontconfig1 2.15.0-1
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-3+b1
ii libglib2.0-0t64 2.78.4-3
ii libgtk2.0-common 2.24.33-3.1
ii libpango-1.0-0 1.52.0+ds-1
ii libpangocairo-1.0-0 1.52.0+ds-1
ii libpangoft2-1.0-01.52.0+ds-1
ii libx11-6 2:1.8.7-1
ii libxcomposite1 1:0.4.5-1
ii libxcursor1 1:1.2.1-1
ii libxdamage1 1:1.1.6-1
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2
ii libxi6 2:1.8.1-1
ii libxinerama1 2:1.1.4-3
ii libxrandr2 2:1.5.2-2+b1
ii libxrender1 1:0.9.10-1.1
ii shared-mime-info 2.4-1
Versions of packages libgtk2.0-0t64 recommends:
ii libgail-common 2.24.33-3.1
ii libgtk2.0-bin2.24.33-3.1
ii librsvg2-common 2.54.7+dfsg-2
Versions of packages libgtk2.0-0t64 suggests:
ii gvfs 1.53.90-3
-- no debconf information
Bug#1063014: unrar-nonfree: NMU diff for 64-bit time_t transition
Dear Steve, > Please find the patch for this NMU attached. The patch was pushed to experimental branch. https://github.com/debian-calibre/unrar-nonfree/tree/experimental -- YOKOTA
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
> + * HTML Input: Dont add resources that exist outside the folder hierarchy > s/Dont/Don't/ > > Please go ahead. Thank you. I was uploaded new package with your fix. -- YOKOTA Hiroshi
Bug#1061485: 7zip: The 7zip-standalone package isn't standalone
Hello, > currently, the 7zip-standalone package has a hard dependency on the > full-featured 7zip package, rendering it quite useless as a "light" > standalone package. This hard dependency is because 7zz requires SFX stub module (/usr/lib/7zip/7zCon.sfx) for SFX archive creation. I will re-consider this issue because SFX is not required in most usage. -- YOKOTA Hiroshi
Bug#1060755: calibre: Cant execute calibre. Error: cannot import name QNetworkProxyFactory from qt.core
Hello, Gabriel Sorry, I can't reproduce this error on my Sid (unstable) machine even I installs Krita. > opening from terminal gives the following log error: Failed to import PyQt module: PyQt6.QtNetwork with error: /lib/x86_64-linux-gnu/libQt6Network.so.6: undefined symbol: _Z12qt_safe_pollP6pollfdmPK8timespec, version Qt_6 It seems PyQt6 fails to load libQt6Network.so.6 because it fails to find "_Z12qt_safe_pollP6pollfdmPK8timespec" symbol. Symbol "_Z12qt_safe_pollP6pollfdmPK8timespec" (version Qt_6) is defined in /lib/x86_64-linux-gnu/libQt6Core.so.6 , so something is wrong in libQt6Core.so.6 . And libQt6Core.so.6 is in "libqt6core6" package. Please try to re-install those libraries to recover this error. You can re-install "libqt6core6" and "libqt6network6" packages with this command. > sudo apt reinstall libqt6core6 libqt6network6 -- YOKOTA
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com,
secur...@debian.org
Control: affects -1 + src:calibre
[ Reason ]
Fix CVE-2023-46303.
https://security-tracker.debian.org/tracker/CVE-2023-46303
[ Impact ]
CVE-2023-46303 is unfixed.
[ Tests ]
Build time test was passed.
[ Risks ]
This fix is already applied for Debian 11 backports
calibre/5.44.0+dfsg-1~bpo11+2.
https://github.com/debian-calibre/calibre/pull/10
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Add upstream fix:
https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b
[ Other info ]
Debian security tracker:
https://security-tracker.debian.org/tracker/CVE-2023-46303
Upstream fix:
https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b
Fix for Debian 11 backports:
https://github.com/debian-calibre/calibre/pull/10
diff -Nru calibre-6.13.0+repack/debian/changelog
calibre-6.13.0+repack/debian/changelog
--- calibre-6.13.0+repack/debian/changelog 2023-10-14 11:48:44.0
+0900
+++ calibre-6.13.0+repack/debian/changelog 2024-01-12 20:16:45.0
+0900
@@ -1,3 +1,11 @@
+calibre (6.13.0+repack-2+deb12u3) bookworm; urgency=medium
+
+ * HTML Input: Dont add resources that exist outside the folder hierarchy
+rooted at the parent folder of the input HTML file by default (Fix for
+CVE-2023-46303)
+
+ -- YOKOTA Hiroshi Fri, 12 Jan 2024 20:16:45 +0900
+
calibre (6.13.0+repack-2+deb12u2) bookworm; urgency=medium
* fix crash in Get Books when regenerating UIC files (Closes: #1053899)
diff -Nru
calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
---
calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
1970-01-01 09:00:00.0 +0900
+++
calibre-6.13.0+repack/debian/patches/0031-HTML-Input-Dont-add-resources-that-exist-outside-the.patch
2024-01-12 19:24:57.0 +0900
@@ -0,0 +1,55 @@
+From: Kovid Goyal
+Date: Sun, 28 May 2023 14:03:15 +0530
+Subject: HTML Input: Dont add resources that exist outside the folder
+ hierarchy rooted at the parent folder of the input HTML file by default
+
+Origin: backport,
https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b.patch
+Forwarded: not-needed
+Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-46303
+
+Fix for CVE-2023-46303
+---
+ src/calibre/ebooks/conversion/plugins/html_input.py | 16
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/calibre/ebooks/conversion/plugins/html_input.py
b/src/calibre/ebooks/conversion/plugins/html_input.py
+index ca5b729..eb26b5c 100644
+--- a/src/calibre/ebooks/conversion/plugins/html_input.py
b/src/calibre/ebooks/conversion/plugins/html_input.py
+@@ -64,6 +64,16 @@ class HTMLInput(InputFormatPlugin):
+ )
+ ),
+
++OptionRecommendation(name='allow_local_files_outside_root',
++recommended_value=False, level=OptionRecommendation.LOW,
++help=_('Normally, resources linked to by the HTML file or its
children will only be allowed'
++ ' if they are in a sub-folder of the original HTML file.
This option allows including'
++ ' local files from any location on your computer. This can
be a security risk if you'
++ ' are converting untrusted HTML and expecting to
distribute the result of the conversion.'
++)
++),
++
++
+ }
+
+ def convert(self, stream, opts, file_ext, log,
+@@ -76,6 +86,7 @@ class HTMLInput(InputFormatPlugin):
+ if hasattr(stream, 'name'):
+ basedir = os.path.dirname(stream.name)
+ fname = os.path.basename(stream.name)
++self.root_dir_of_input = os.path.abspath(basedir) + os.sep
+
+ if file_ext != 'opf':
+ if opts.dont_package:
+@@ -250,6 +261,11 @@ class HTMLInput(InputFormatPlugin):
+ frag = l.fragment
+ if not link:
+ return None, None
++link = os.path.abspath(os.path.realpath(link))
++if not link.startswith(self.root_dir_of_input):
++if not self.opts.allow_local_files_outside_root:
++self.log.warn('Not adding {} as it is outside the document
root: {}'.format(link, self.root_dir_of_input))
++return None, None
+ return link, frag
+
+ def resource_adder(self, link_, base=Non
Bug#1058096: Test suite issues with new version of python3-antlr4
Hello python3-antlr4 maintainer, Build fix was pushed as merge request. https://salsa.debian.org/python-team/packages/python3-antlr4/-/merge_requests/1 Please examine this merge request. -- YOKOTA Hiroshi
Bug#1058792: Acknowledgement (python3-ironic-lib: Zeroconf API was changed since Zeroconf-0.129.0)
Hello python-ironic-lib maintainer, I was pushed merge request at: https://salsa.debian.org/openstack-team/libs/python-ironic-lib/-/merge_requests/2 -- YOKOTA Hiroshi
Bug#1058792: python3-ironic-lib: Zeroconf API was changed since Zeroconf-0.129.0
Package: python3-ironic-lib Version: 5.5.0-2 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com Dear Maintainer, python3-zeroconf API was changed since zeroconf-0.129.0 and it breaks python3-ironic-lib build time unit test. From Zeroconf Changelog: https://github.com/python-zeroconf/python-zeroconf/blob/master/CHANGELOG.md ## v0.129.0 (2023-12-13) ### Feature * Add decoded_properties method to ServiceInfo ([#1332](https://github.com/python-zeroconf/python-zeroconf/issues/1332)) ([`9b595a1`](https://github.com/python-zeroconf/python- zeroconf/commit/9b595a1dcacf109c699953219d70fe36296c7318)) * Ensure ServiceInfo.properties always returns bytes ([#1333](https://github.com/python-zeroconf/python-zeroconf/issues/1333)) ([`d29553a`](https://github.com/python-zeroconf/python- zeroconf/commit/d29553ab7de6b7af70769ddb804fe2aaf492f320)) ### Technically breaking change * `ServiceInfo.properties` always returns a dictionary with type `dict[bytes, bytes | None]` instead of a mix `str` and `bytes`. It was only possible to get a mixed dictionary if it was manually passed in when `ServiceInfo` was constructed. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-ironic-lib depends on: ii python3 3.11.6-1 ii python3-bcrypt3.2.2-1 ii python3-oslo.concurrency 5.2.0-2 ii python3-oslo.config 1:9.2.0-2 ii python3-oslo.i18n 6.1.0-2 ii python3-oslo.utils6.2.1-2 ii python3-pbr 5.11.1-5 ii python3-tenacity 8.2.1-1 ii python3-webob 1:1.8.6-3 ii python3-zeroconf 0.129.0-1 python3-ironic-lib recommends no packages. python3-ironic-lib suggests no packages. -- no debconf information
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
> Please go ahead. Thank you. Fix was uploaded to FTP server. -- YOKOTA Hiroshi
Bug#1055100: calibre: Installation in Bookworm stable is not possible. Paketdaten sind beschädigt.
Hello Martin, > Entpacken von calibre (6.13.0+repack-2+deb12u1) ... > dpkg-deb (Unterprozess): Dekomprimieren des Archivs > »/var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb« > (Größe=28871284), Element »data.tar«: lzma-Fehler: komprimierte Daten sind > beschädigt > dpkg-deb: Fehler: »«-Unterprozess gab den Fehlerwert 2 zurück > dpkg: Fehler beim Bearbeiten des Archivs > /var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb (--unpack): > »dpkg-deb --fsys-tarfile«-Unterprozess gab den Fehlerwert 2 zurück > Fehler traten auf beim Bearbeiten von: > /var/cache/apt/archives/calibre_6.13.0+repack-2+deb12u1_all.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > Element »data.tar«: lzma-Fehler: komprimierte Daten sind beschädigt >> Element "data.tar": lzma-Error: compressed Data is corrupted It seems your download package file is broken. This is not calibre's fault. Remove broken package file in /var/cache/apt/archives/ and re-install calibre from package manger, or download pacakge file manually from Debian server at https://packages.debian.org/bookworm/calibre and install proper package file. > Versions of packages calibre depends on: > pn calibre-bin You also needs "calibre-bin" pacakge to use calibre. Install calibre-bin package from package manger. Or, you can download it manually from Debian server at https://packages.debian.org/bookworm/calibre-bin -- YOKOTA
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello Jonathan, > The diff you attached is unreviewable: > 979 files changed, 40347 insertions(+), 25060 deletions(-) > Please prepare targetted fixes for the security issues. Upstream dose not release fix patch, but they releases new version (23.01) source code. I was try to extract fix patch from diff file of 22.01..23.01 source code. Trivial autopkgtest was passed, but I don't know that this debdiff really fixes CVE-2023-31102 and CVE-2023-40481. Please examine attached debdiff. diff stat: changelog |8 patches/0009-CVE-2023-40481-fix.patch | 253 ++ patches/0010-CVE-2023-31102-fix.patch | 856 ++ patches/series|2 4 files changed, 1119 insertions(+) -- YOKOTA Hiroshi 7zip_22.01+dfsg-8+deb12u1.debdiff Description: Binary data
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
> It looks like you forgot the debdiff. Oops, sorry. Here is debdeff. -- YOKOTA Hiroshi calibre_6.13.0+repack-2+deb12u2.debdiff Description: Binary data
Bug#1053899: "Get books" not working: TypeError: ResultsView.__init__()
Hello Nicolas, > In current version of Calibre in Bookworm, the "Get books" menu doesn't > work, and give this error when accessing it: Thank you, fix was pushed at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053908 -- YOKOTA Hiroshi
Bug#1053908: bookworm-pu: package calibre/6.13.0+repack-2+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com Control: affects -1 + src:calibre [ Reason ] Fix Debian bug 1053899 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053899 [ Impact ] "Get books" window not working [ Tests ] Build time test passed. Trivial manual test passed. [ Risks ] Tests are done on Debian unstable, not Debian bookworm. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch "fix crash in Get Books when regenerating UIC files". [ Other info ] Upstream fix: https://github.com/kovidgoyal/calibre/commit/f4fe3f254d3de0dd51722b3b5e08112ae82ebf51
Bug#1050562: bookworm-pu: package unrar-nonfree/1:6.2.6-1+deb12u1
Hello, > Please go ahead. Thank you. I was uploaded new package unrar-nonfree 6.2.6-1+deb12u1 . -- YOKOTA Hiroshi
Bug#1051254: 7zip: [Merge Request] Add development and library package: lib7zip-dev and lib7zip0
Hello,
> It's confirmed to work with my package: android-platform-tools
> which currently includes a copy of lzma.
Your patch breaks existing 7z command.
Check formats-7z and benchmark-7z-simple test in autopkgtest result.
https://salsa.debian.org/debian/7zip/-/jobs/4656760
In fact, /usr/lib/7zip/7z.so is not a shared library, but big fat
plugin for 7z command.
So, don't replace 7z.so with lib7zip.so.0 .
7z.so includes some C++ interface for plugin system that not needed
for liblzma.so.0 in android-platform-tools.
If you really want to 7-Zip LZMA library, try Debian lzma-dev package.
But lzma-dev package is quite obsolete because of xz-utils package.
https://tracker.debian.org/pkg/lzma
/usr/lib/{arch}/android/liblzma.so.0 is exists because the
android-platform-tools document says
org.apache.commons.compress.archivers.sevenz class requires this
native library.
https://salsa.debian.org/android-tools-team/android-platform-tools/-/blob/debian/34.0.4-1/development/sdk/sdk_files_NOTICE.txt#L14611
> The files in the package org.apache.commons.compress.archivers.sevenz
> were derived from the LZMA SDK, version 9.20 (C/ and CPP/7zip/),
> which has been placed in the public domain:
> "LZMA SDK is placed in the public domain." (http://www.7-zip.org/sdk.html)
But current org.apache.commons.compress.archivers.sevenz class in
Debian libcommons-compress-java package uses org.tukaani.xz class in
Debian libxz-java package to handle LZMA.
So, I think the document is obsolete, and there is no need to install
liblzma.so.0 or other native libraries.
Try libcommons-compress-java package to list 7z files.
1. Install libxz-java package that not automatically installed.
2. Type in from console: "java -jar /usr/share/java/commons-compress.jar foo.7z"
--
YOKOTA Hiroshi
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello, > What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there > some > kind of public upstream VCS or can you ask upstream about it? CVE site is not disclose info about this issue yet, but Zero Day Initiative already disclose this issue. > CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ > CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ In Zero Day Initiative report, they shows the fixes about these issues. > ADDITIONAL DETAILS 7-Zip has issued an update to correct this vulnerability. > More details can be found at: > https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ Updated 7-Zip 23.00beta is released in this sourceforge link. I want to upload 7-Zip 23.01 to Debian because 23.01 is non-beta version. -- YOKOTA Hiroshi
Bug#1050562: bookworm-pu: package unrar-nonfree/1:6.2.6-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: unrar-nonf...@packages.debian.org, t...@security.debian.org,
yokota.h...@gmail.com
Control: affects -1 + src:unrar-nonfree
[ Reason ]
To fix CVE-2023-40477.
CVE-2023-40477 was fixed in unrar-nonfree 6.2.9-1 that already released for
trixie/sid.
[ Impact ]
If not fixed, it allows remote attackers to execute arbitrary code.
[ Tests ]
There are no test case for CVE-2023-40477.
Debian autopkgtest for normal operation was passed.
[ Risks ]
There are no test case for CVE-2023-40477.
I can't confirm the bug was fixed.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Apply upstream fix in UnRAR 6.2.9 to unrar-nonfree 6.2.6-1 that in bookworm.
Debdiff canbe examine from online:
https://github.com/debian-calibre/unrar-
nonfree/compare/debian/1%256.2.6-1...debian/1%256.2.6-1+deb12u1
[ Other info ]
* RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code
Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
* WinRAR 6.23 final released
https://www.win-
rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
diff -Nru unrar-nonfree-6.2.6/debian/changelog
unrar-nonfree-6.2.6/debian/changelog
--- unrar-nonfree-6.2.6/debian/changelog2023-02-23 12:31:56.0
+0900
+++ unrar-nonfree-6.2.6/debian/changelog2023-08-26 16:27:26.0
+0900
@@ -1,3 +1,9 @@
+unrar-nonfree (1:6.2.6-1+deb12u1) bookworm; urgency=medium
+
+ * Fix CVE-2023-40477
+
+ -- YOKOTA Hiroshi Sat, 26 Aug 2023 16:27:26 +0900
+
unrar-nonfree (1:6.2.6-1) unstable; urgency=medium
* New upstream version 6.2.6
diff -Nru unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch
unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch
--- unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch
1970-01-01 09:00:00.0 +0900
+++ unrar-nonfree-6.2.6/debian/patches/0015-CVE-2023-40477.patch
2023-08-26 16:27:26.0 +0900
@@ -0,0 +1,106 @@
+From: YOKOTA Hiroshi
+Date: Fri, 21 Jul 2023 00:33:42 +0900
+Subject: CVE-2023-40477
+
+---
+ getbits.cpp | 8
+ pathfn.cpp | 2 +-
+ recvol3.cpp | 11 +--
+ secpassword.cpp | 8
+ 4 files changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/getbits.cpp b/getbits.cpp
+index 8805f27..5d5ad2b 100644
+--- a/getbits.cpp
b/getbits.cpp
+@@ -5,11 +5,11 @@ BitInput::BitInput(bool AllocBuffer)
+ ExternalBuffer=false;
+ if (AllocBuffer)
+ {
+-// getbits*() attempt to read data from InAddr, ... InAddr+3 positions.
+-// So let's allocate 3 additional bytes for situation, when we need to
++// getbits*() attempt to read data from InAddr, ... InAddr+4 positions.
++// So let's allocate 4 additional bytes for situation, when we need to
+ // read only 1 byte from the last position of buffer and avoid a crash
+-// from access to next 3 bytes, which contents we do not need.
+-size_t BufSize=MAX_SIZE+3;
++// from access to next 4 bytes, which contents we do not need.
++size_t BufSize=MAX_SIZE+4;
+ InBuf=new byte[BufSize];
+
+ // Ensure that we get predictable results when accessing bytes in area
+diff --git a/pathfn.cpp b/pathfn.cpp
+index 49d16a8..7a54354 100644
+--- a/pathfn.cpp
b/pathfn.cpp
+@@ -746,7 +746,7 @@ static void GenArcName(wchar *ArcName,size_t MaxSize,const
wchar *GenerateMask,u
+ // Here we ensure that we have enough 'N' characters to fit all digits
+ // of archive number. We'll replace them by actual number later
+ // in this function.
+- if (NCount255)
++if (P[0]<=0 || P[1]<=0 || P[2]<=0 || P[1]+P[2]>255 || P[0]+P[2]-1>255)
+ continue;
+ if (RecVolNumber!=0 && RecVolNumber!=P[1] || FileNumber!=0 &&
FileNumber!=P[2])
+ {
+@@ -238,7 +238,14 @@ bool RecVolumes3::Restore(CommandData *Cmd,const wchar
*Name,bool Silent)
+ wcsncpyz(PrevName,CurName,ASIZE(PrevName));
+ File *NewFile=new File;
+ NewFile->TOpen(CurName);
+-SrcFile[FileNumber+P[0]-1]=NewFile;
++
++// This check is redundant taking into account P[I]>255 and
P[0]+P[2]-1>255
++// checks above. Still we keep it here for better clarity and security.
++int SrcPos=FileNumber+P[0]-1;
++if (SrcPos<0 || SrcPos>=ASIZE(SrcFile))
++ continue;
++SrcFile[SrcPos]=NewFile;
++
+ FoundRecVolumes++;
+
+ if (RecFileSize==0)
+diff --git a/secpassword.cpp b/secpassword.cpp
+index 42ed47d..08da549 100644
+--- a/secpassword.cpp
b/secpassword.cpp
+@@ -70,7 +70,7 @@ void SecPassword::Clean()
+ {
+ PasswordSet=false;
+
Bug#1050118: 7zip-standalone/experimental: undeclared file conflict with 7zip/bookworm+trixie+unstable
Hello, Helmut
> 7zip-standalone and 7zip both ship /usr/bin/7zip, but they do not
> declare any Conflicts, Replaces or diversions to alleviate that
> situation. As a consequence, an unpack error may result when attempting
> to install both.
>
> Given the changelog entry saying "split", I think you meant to move
> files between packages. In this case, please ensure that you set both
> Breaks and Replaces.
7zip and 7zip-standalone dose not provides /usr/bin/7zip.
They provides:
7zip: 7z, 7za, 7zr, p7zip
7zip-standalone: 7zz
And 7zip-standalone requires "7zip (= ${binary:Version})" and 7zip
breaks/conflicts/replaces "p7zip (<= 16.02+dfsg-8)".
I think it works at least on my machine.
Current package control file is here:
https://salsa.debian.org/debian/7zip/-/blob/debian/23.01+dfsg-4_exp1/debian/control
--
YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Hello Markus, > I wanted to prepare a fix for CVE-2022-48579 in Bullseye and release it via a > bullsye point update. Do you want to take care of the upload instead? Thank you. So, please upload bullseye fix via point update by you. My current Git status is here. https://github.com/debian-calibre/unrar-nonfree/tree/bullseye-update Close this bug report when the bug was fixed. -- YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Hello Salvatore, > FWIW, does not warrant a DSA, but can be fixed via upcoming point > release. Thank you. I will try to do that. -- YOKOTA Hiroshi
Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11
Package: unrar Version: 1:6.0.3-1+deb11u1 Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com, a...@debian.org, t...@security.debian.org CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10 by Debian LTS team ( DLA-3535-1 ). The fix patch for Debian 10 can be apply for Debian 11. Fix patch for CVE-2022-48579 Debian 10: https://github.com/debian-calibre/unrar- nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272 Debian 11: https://github.com/debian-calibre/unrar- nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid. -- YOKOTA Hiroshi
Bug#1043042: calibre: New warning when running `calibredb catalog'
Hello gregor and python-apsw maintainer, > Since yesterday, `calibredb catalog' outputs a warning. > > I'm running the following command in a script from a daily cronjob: > > % calibredb catalog /home/gregoa/tmp/calibre.bib --entry-type=mixed > --add-files-path=False > --fields="authors,title,pubdate,id,library_name,publisher,#fullseries" > > and on the last run I -- for the first time -- got the following warning: > > Missing sys.apsw_fault_inject_control > > Exit code 0, and the resulting .bib file is ok; just the warning is > slightly annoying (as in: unnecessary mail from cron). This error comes from python3-apsw (3.42.0.1-1) package. This error can be reproducible that just load "apsw" package. ``` $ python3 Python 3.11.4 (main, Jun 7 2023, 10:13:09) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import apsw Missing sys.apsw_fault_inject_control >>> ``` This error message comes from src/apsw.c:APSW_FaultInjectControl() in python-apsw source code. Check out python-apsw source code in this line: https://sources.debian.org/src/python-apsw/3.42.0.1-1/src/apsw.c/#L2067 -- YOKOTA Hiroshi
Bug#1042452: Please move big 7zz binary from 7zip package to separate package, for example 7zip-noplugins or split like p7zip
Hello Mantas, > My suggestion is to move the big 7zz binary from 7zip package to > separate package, for example 7zip-noplugins, then most regular users > will use 7zip package and 7zip-noplugins package is only for these, > who want "special" 7zz binary. Currently, 7-Zip upstream only provides 7zz for Linux pre-compiled distribution archives. I think 7z/7za/7zr are might works for you, but not guaranteed by 7-Zip upstream. This is the point that 7zip package includes 7zz binary. -- YOKOTA
Bug#1041854: bookworm-pu: package calibre/6.13.0+repack-2+deb12u1
> Please go ahead. Thank you, I uploaded the fixed package. -- YOKOTA Hiroshi
Bug#1041779: "ERROR: Unhandled exception" when opening Settings > Saving Books to disk
Hello, Fix has been send to release manager. Checkout Debian bug 1041854 and wait for next stable-update. [bookworm-pu: package calibre/6.13.0+repack-2+deb12u1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041854 -- YOKOTA
Bug#1041854: bookworm-pu: package calibre/6.13.0+repack-2+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cali...@packages.debian.org, yokota.h...@gmail.com
Control: affects -1 + src:calibre
[ Reason ]
To fix Debian bug 1041779
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041779
[ Impact ]
Preferences dialog won't work
[ Tests ]
Manually reproduces this bug, and confirm to fixed the bug with this patch.
[ Risks ]
The fix is trivial.
This bug is already fixed in calibre/6.15.1-4 (Debian bug 1034089).
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Fixes Python syntax mismatch.
[ Other info ]
The patch is taken from Debian unstable code.
https://github.com/debian-
calibre/calibre/blob/debian/6.15.1-4/debian/patches/0027-TypeError-on-opening-
Preferences-Closes-1034089.patch
See also Debian bug 1034089.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089
Attached debdiff can be examine from online.
https://github.com/debian-
calibre/calibre/compare/debian/6.13.0+repack-2...debian/6.13.0+repack-2+deb12u1
diff --git a/debian/changelog b/debian/changelog
index e484562458..f758dc7971 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+calibre (6.13.0+repack-2+deb12u1) bookworm; urgency=medium
+
+ * "ERROR: Unhandled exception" when opening Settings > Saving Books to disk
(Closes: #1041779)
+ * Rediff patches.
+Add reproduced error messages
+
+ -- YOKOTA Hiroshi Mon, 24 Jul 2023 20:35:33 +0900
+
calibre (6.13.0+repack-2) unstable; urgency=medium
* Update lintian overrides
diff --git
a/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch
b/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch
new file mode 100644
index 00..b942c4aff5
--- /dev/null
+++
b/debian/patches/0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch
@@ -0,0 +1,57 @@
+From: YOKOTA Hiroshi
+Date: Sun, 9 Apr 2023 14:50:50 +0900
+Subject: "ERROR: Unhandled exception" when opening Settings > Saving Books to
+ disk (Closes: #1041779)
+
+Forwarded: not-needed
+
+Click "Preferences->Import/Export->Sending Books to disk" to
+reproduce the error.
+
+This is mostly same case of Debian bug 1034089 and 1032095.
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032095
+
+
+calibre, version 6.13.0
+ERROR: Unhandled exception: TypeError:SaveTemplate.__init__() got an
unexpected keyword argument 'parent'
+
+calibre 6.13 embedded-python: False
+Linux-6.3.0-2-amd64-x86_64-with-glibc2.37 Linux ('64bit', 'ELF')
+('Linux', '6.3.0-2-amd64', '#1 SMP PREEMPT_DYNAMIC Debian 6.3.11-1
(2023-07-01)')
+Python 3.11.4
+Interface language: None
+Traceback (most recent call last):
+ File "/usr/lib/calibre/calibre/gui2/preferences/main.py", line 308, in
show_plugin
+self.showing_widget = plugin.create_widget(self.scroll_area)
+ ^^
+ File "/usr/lib/calibre/calibre/customize/__init__.py", line 675, in
create_widget
+return widget(parent)
+ ^^
+ File "/usr/lib/calibre/calibre/gui2/preferences/__init__.py", line 267, in
__init__
+self.setupUi(self)
+ File "/usr/lib/calibre/calibre/gui2/preferences/saving_ui.py", line 46, in
setupUi
+self.save_template = SaveTemplate(parent=Form)
+ ^
+TypeError: SaveTemplate.__init__() got an unexpected keyword argument 'parent'
+
+(the Preferences dialog does not open)
+---
+ src/calibre/gui2/preferences/save_template.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/calibre/gui2/preferences/save_template.py
b/src/calibre/gui2/preferences/save_template.py
+index 82cf951..47d4510 100644
+--- a/src/calibre/gui2/preferences/save_template.py
b/src/calibre/gui2/preferences/save_template.py
+@@ -18,8 +18,8 @@ class SaveTemplate(QWidget, Ui_Form):
+
+ changed_signal = pyqtSignal()
+
+-def __init__(self, *args):
+-QWidget.__init__(self, *args)
++def __init__(self, parent=None):
++QWidget.__init__(self, parent)
+ Ui_Form.__init__(self)
+ self.setupUi(self)
+ self.orig_help_text = self.help_label.text()
diff --git a/debian/patches/series b/debian/patches/series
index 651a3ce7be..ba0e98e8d3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@
0026-Don-t-download-translation-files-from-GitHub.patch
0027-Use-text-file-instead-of-BZip2-compressed-file.patch
0028-TypeError-HistoryLineEdit.__init__-got-an-unexpected.patch
+0029-ERROR-Unhandled-exception-when-opening-Settings-Savi.patch
Bug#1041779: "ERROR: Unhandled exception" when opening Settings > Saving Books to disk
Hello, > Calibre settings are currently broken on my system. Opening "Saving Books to > disk", "Sending Books to device" in the preferences fails with the following > error : "TypeError:SaveTemplate._init_() got an unexpected keyword argument > 'parent'" > Additionally, other menus like "Behavior" are broken, with checkboxes and > empty drop-downs in random places (https://i.imgur.com/v4odGA5.png for > example). I think this bug is same bug that fixed in Debian unstable but not in Debian stable. See also Debian bug #1034089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034089 If you have package build environment, you can try patch: https://github.com/debian-calibre/calibre/blob/debian/6.15.1-4/debian/patches/0027-TypeError-on-opening-Preferences-Closes-1034089.patch -- YOKOTA
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, I was added new marge request at salsa: https://salsa.debian.org/debian/p7zip/-/merge_requests/5 This fix adds alternative selection to p7zip to allow co-installable with 7zip. -- YOKOTA
Bug#1040754: chromium: Enable GTK4 backend to use IME for Wayland window
Package: chromium Version: 114.0.5735.198-1 Severity: wishlist X-Debbugs-Cc: yokota.h...@gmail.com Dear Chromium Maintainer, Current Debian Chromium enables GTK3 backend only, but I want GTK4 backend to use IMEs for Wayland window. See upstream issue tracker for technical details: https://bugs.chromium.org/p/chromium/issues/detail?id=1422087 -- YOKOTA
Bug#1036938: libpodofo: libpodofo 0.10.0 was released
Hello, libpodofo maintainer I add merge request to update libpodofo 0.10.1. https://salsa.debian.org/debian/libpodofo/-/merge_requests/3 Please check this merge request. Thanks, -- YOKOTA Hiroshi
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, > Now that the 7zip package is feature-compatible with p7zip please move this > forward > and convert the p7zip packages to transitional packages. I was uploaded experimental 7zip package (22.01+dfsg-10~exp1) to replace p7zip. This package also adds alternative selection to allow other 7-Zip implementation like p7zip or forked p7zip. Updated codes are also available from salsa. https://salsa.debian.org/debian/7zip/-/tree/experimental -- YOKOTA
Bug#991428: Consider migrating to original 7-Zip for Linux
Hello, I'm maintaining 7zip package. > The 7zip is available for bookworm. > > Features that its Debian configuration is currently lacking but that are > available: > * Creating SFX archives (missing 7zCon.sfx) > * rar module in non-free SFX is supported since 7zip 22.01+dfsg-9. rar module provided by another package and currently in ITP at: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036990 I need a mentor/sponsor to upload this package. rar module is currently availale at: https://salsa.debian.org/yokota/7zip-rar Build yourself to try it. -- YOKOTA Hiroshi
Bug#1036990: ITP: 7zip-rar -- non-free RAR module for 7zip
Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-de...@lists.debian.org, yokota.h...@gmail.com * Package name: 7zip-rar Version : 22.01 Upstream Contact: Igor Pavlov * URL : https://www.7-zip.org/ * License : unRAR License Programming Lang: C, C++ Description : non-free RAR module for 7zip This package provides a module for 7zip to make 7z able to extract RAR files. I was already maintain 7zip package, so I can also maintain this package. Current status of 7zip-rar packaging project is here: https://salsa.debian.org/yokota/7zip-rar
Bug#1036938: Debian Bug Tracking System
Package: libpodofo0.9.8 Version: 0.9.8+dfsg-3+b1 Severity: wishlist X-Debbugs-Cc: yokota.h...@gmail.com Dear Maintainer, "libpodofo" project was moved to GitHub https://github.com/podofo/podofo . And released 0.10.0 from there. Please package them. "calibre" package now needs libpodofo 0.10 API since Calibre 6.18. PS: libpodofo 0.10 API is changed from 0.9 API. So you might need some package transition request. -- YOKOTA Hiroshi
Bug#879989: calibre registers as application/pdf handler, overrides better ones
Hello, Alexandre. > Just to confirm that this "bug" remains in the current version and > state that IMHO the mimetypes associated to calibre is "too > greedy". For instance it doesn't make sense to me open a .docx file > sent by e-mail in ebook-edit or ebook-viewer instead of libreofffice. System default application choice may vary on your applications installation order, or some other reasons. For example, .docx uses LibreOffice even I installs Calibre on my machine. You can choose your favorite applications as default application from GNOME file manager application: "Files" or other file managers. The help file of this application describes how to change default application choice (See blow). Don't forget to set "Always use for this file type" switch to keep your choice. > Change the default application > You can change the default application that is used to open files of a given > type. This will allow you > to open your preferred application when you double-click to open a file. For > example, you might want > your favorite music player to open when you double-click an MP3 file. > > 1. Select a file of the type whose default application you want to change. > For example, to change > which application is used to open MP3 files, select a .mp3 file. > 2. Right-click the file and select "Open with...". > 3. Open "Open File" window. > 4. Select the application you want and click "Always use for this file type". > 5. Click "Open" button to open the file with selected application. > 6. Next time, selected application will uses as default application. > > This changes the default application not just for the selected file, but for > all files with the same type. -- YOKOTA
Bug#1032091: py7zr: CVE-2022-44900
Hello, py7zr maintainer. I was pushed some commits for Debain salsa repository to fix CVE-2022-44900 . https://salsa.debian.org/python-team/packages/py7zr/-/merge_requests/2 -- YOKOTA
Bug#1032095: calibre 6.11.0: TypeError: HistoryLineEdit.__init__() got an unexpected keyword argument 'parent'
Hello, David. > TypeError: HistoryLineEdit.__init__() got an unexpected keyword argument > 'parent' This error also happen on current Sid package 6.13.0+repack-1 . > I have see that there is a new version in Sid, but I don't have > understand if that one will go into the next stable. The fix was pushed to Git repository. https://github.com/debian-calibre/calibre/blob/master/debian/patches/0028-TypeError-HistoryLineEdit.__init__-got-an-unexpected.patch I will release new Sid package soon. -- YOKOTA
Bug#1028059: calibre-bin version 6.10.0+dfsg-5 uses unknown compression for control.tar.zst, cannot be installed
Hello, > Tried to install 6.10.0+dfsg-5 and got the error below: > calibre-bin_6.10.0+dfsg-5_amd64.deb' uses unknown compression for member > 'control.tar.zst', giving up > > Forced to cancel upgrade, leaving a number of packages that cannot be > upgraded as they need the qt6 packages but I need a working calibre. Sorry, there is some problem in Qt6 transitions. This probrem will fix in 5 days. Currently, calibre is works well on "sid" distributions. "control.tar.zst" is used in Ubuntu package. Use Debian package for your machine. There are some options to fix: 1. Hold current "testing" distribution packages. New calibre package for "testing" distribution will be available in 5 days. 2. Install manually "sid" distribution package from Debian web site. You must downloads and installs 2 packages. (binary package page) https://packages.debian.org/sid/calibre https://packages.debian.org/sid/calibre-bin (package distribution server) https://ftp.debian.org/debian/pool/main/c/calibre/ Install package files by super user. dpkg -i calibre_6.10.0+dfsg-5_all.deb calibre-bin_6.10.0+dfsg-5_amd64.deb If you don't know what to do, choose option 1 and wait 5 days or less. -- YOKOTA
Bug#1027607: calibre: FTBFS: unsatisfiable build-dependency: qt6-base-abi (= 6.3.1) (versioned dep on a virtual pkg?)
Hi, > Source: calibre > Version: 6.10.0+dfsg-3 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20230101 ftbfs-bookworm > > The following packages have unmet dependencies: > > python3-pyqt6 : Depends: qt6-base-abi (= 6.3.1) > > E: Unable to correct problems, you have held broken packages. > > apt-get failed. This error comes from python3-pyqt6 is not build with Qt 6.4.2 yet. Please wait Qt 6.4.2 transition on python3-pyqt6. https://release.debian.org/transitions/html/qt6baseabi-6.4.2.html -- YOKOTA
Bug#1019996: lxml: FTBFS: ModuleNotFoundError: No module named 'lxml'
Hello, lxml maintainer. This bug comes from obsolete module usage in "python3-defaults" package. Please examine my merge request at: https://salsa.debian.org/cpython-team/python3-defaults/-/merge_requests/12 -- YOKOTA Hiroshi
Bug#1021175: calibre - content server only listen on IPv4
Hello, Bastian. > The embedded only listens on 0.0.0.0, aka AF_INET, aka IPv4. This makes > the content server quite unusable in the current internet, where IPv4 > connectivity gets sparingly, either by CG-NAT used by the provider or by > IPv6-only environments. You can change listening address from preferences window. Change listening address from "Preferences"->"Sharing"->"Sharing over the net"->"Advanced"->"The interface on which to listen for connections:". The default value is "0.0.0.0", but you can change to "::" for IPv6. And use "127.0.0.1" or "::1" to limit access from localhost. Here is document text for this option: > The default is to listen on all available IPv4 interfaces. You can change > this to, for example, "127.0.0.1" to only listen for connections from the > local machine, or to "::" to listen to all incoming IPv6 and IPv4 connections. -- YOKOTA
Bug#1019136: cmake injects randomly named dummy function to output binary and it breaks reproducible build
Package: cmake
Version: 3.24.1-1
Severity: normal
X-Debbugs-Cc: yokota.h...@gmail.com
Dear Maintainer,
Current CMake (3.24.1) injects randomly named dummy function to output binary.
Output binary works well, but this issue breaks reproducible build.
Injected code can be examine from here:
https://salsa.debian.org/cmake-team/cmake/-/blob/debian/3.24.1-1/Source/cmQtAutoMocUic.cxx#L2177
```c++
// Placeholder content
cmCryptoHash hash(cmCryptoHash::AlgoSHA256);
const std::string hashedPath = hash.HashString(compAbs);
const std::string functionName =
"cmake_automoc_silence_linker_warning" + hashedPath;
content += "// No files found that require moc or the moc files are "
"included\n"
"void " +
functionName + "() {}\n";
```
Randomly named dummy function was generated from absolute path name and SHA256.
Absolute path name might be vary in each development machines because
source code will be placed in each developer's own path.
So, this feature generates non-deterministic output, and breaks
reproducible build.
Here is issue about this feature in upstream:
https://gitlab.kitware.com/cmake/cmake/-/issues/23551
And merge request:
https://gitlab.kitware.com/cmake/cmake/-/merge_requests/7558
This bug will break Debian "calibre" package from reproducible build.
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/calibre.html
I want to make Debian "calibre" package to reproducible.
--
YOKOTA Hiroshi
Bug#1018067: calibre: Remove unsuppoted architecture package from unstable distribution, and enable testing migration
Hi, Thanks for your quick reply. > > Please remove Calibre 5.44.0+dfsg-1 mips64el/mips package from unstable > > distribution, and enable testing migration. > It's an arch:all package, so not a blocker. Calibre has architecture-dependent package "calibre-bin". I want to remove "calibre-bin" mips64el/mipsel package. https://packages.debian.org/unstable/calibre-bin -- YOKOTA Hiroshi
Bug#1018067: calibre: Remove unsuppoted architecture package from unstable distribution, and enable testing migration
Package: release.debian.org Severity: normal X-Debbugs-Cc: yokota.h...@gmail.com Old Calibre mips64el/mipsel package prevents testing migration from Calibre v5 to v6. Calibre v6 dose not support mips64el/mipsel architecture anymore. Because Calibre now uses Qt6, and Qt6 drops mips64el/mipsel support. Please remove Calibre 5.44.0+dfsg-1 mips64el/mips package from unstable distribution, and enable testing migration. See also Calibre package page: https://tracker.debian.org/pkg/calibre -- YOKOTA Hiroshi
Bug#1012987: libpodofo: ftbfs with GCC-12
Hi Nicholas > It looks like the a "Source" or "Forwarded" DEP3 header with a link to > Pino's pull request is missing. > https://dep-team.pages.debian.net/deps/dep3 I was updated my salsa merge request. https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 -- YOKOTA Hiroshi
Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1
Hello, > Please go ahead; sorry for the delay. Thanks, I was uploaded to buster. -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello, > I rewrite my patch to enable all string test. New patch was already uploaded to salsa. https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello Mattia, > At the very least, I'd prefer fedora's patch better since it disable > specific tests and not the whole file the failing test lives in… > But I really don't like either. I rewrite my patch to enable all string test. -- YOKOTA
Bug#1012987: libpodofo: ftbfs with GCC-12
Hello Debian libpodofo maintainer, I maintain Debian Calibre which uses libpodofo. I make FTBFS fix to Debian libpodofo at: https://salsa.debian.org/debian/libpodofo/-/merge_requests/2 Please examine this merge request. -- YOKOTA
Bug#1015259: calibre: preferences link no longer available
Tags: moreinfo Hello, > I was looking for that arrow to expose the preferencesw link but the > arrow was missing. Sorry about that as it was the real problem for me. Calibre supports color palette settings (Light/Dark) from Calibre v6. If your icon theme is not suitable for color palette, icons seems missing from your eyes. You can change color palette or icon theme from preferences window. Color palette and icon theme can be change from "Look & Feel" in preferences window. If somethings still wrong about this issue, send screen shots. -- YOKOTA
Bug#1015259: calibre: preferences link no longer available
Hello Gary, > Wanted to edit Calibre preferences and attempted to find link fo them. No > such > link exists any more. Right most command buttons are not display when Calibre window is too smalll. Enlarge Calibre window to display more icons on command tool bar. Use shortcut key "Ctrl+p" to show preferences window. Use "Toolbars & menus" configuration item on preferences window to arrange command icons order on tool bars. Use "Look & feel" configuretion item to change command icon size. -- YOKOTA
Bug#1012886: 7zip: ftbfs with GCC-12
Hello, ftbfs fix was uploaded to Debian sid as 7zip/21.07+dfsg-5 . -- YOKOTA
Bug#1012820: calibre fails on converting to PDF
Hello, > 2. If I run as a non-root user I get: > > Authorization required, but no authorization protocol specified > qt.qpa.xcb: could not connect to display :0.0 > qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though > it > was found. > This application failed to start because no Qt platform plugin could be > initialized. Reinstalling the application may fix this problem. > > Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, > offscreen, > vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, > xcb. > qt.qpa.xcb: could not connect to display :0.0 This line shows that you are not connected to X11. PDF render uses Qt library, and Qt requires some GUI environment like X11. Check X11 environment and works other X11 client programs on your machine. You must setup X11 and connect X server properly even if you don't want to use GUI. Install X11 environment and related Qt libraries, and run from GUI environment. -- YOKOTA
Bug#1012457: calibre: segfault on startup for different locales
Tags: confirmed It also reproduce with other non-UTF-8 locales. 1. Edit "/etc/locale.gen" and setup non-UTF-8 locale 2. Use non-UTF-8 locale for Calibre $ LANG=ja_JP.EUC-JP calibre $ LANG=en_US.ISO-8859-15 calibre 3. Segmentation fault > If LC_CTYPE=ro_RO then calibre segfaults on startup > If LC_CTYPE is unset (or LC_ALL=C) then calibre starts and works normally. > Locale: LANG=en_GB.UTF-8, LC_CTYPE=ro_RO (charmap=ISO-8859-2), > LANGUAGE=en_GB:en Current Linux system recommends UTF-8 based locale. "ro_RO" uses legacy encoding "ISO-8859-2" and it's not recommended for modern Linux systems. Use UTF-8 based ro_RO locale "ro_RO.UTF-8" to avoids this bug. 1. Edit "/etc/locale.gen" and adds "ro_RO.UTF-8" locale support. Use "dpkg-reconfigure locales" command for easy setup. It also drops legacy locale support. # dpkg-reconfigure locales 2. Use "ro_RO.UTF-8" for Calibre $ LC_CTYPE=ro_RO.UTF-8 calibre $ LANG=ro_RO.UTF-8 calibre 3. Works well. > The offcial calibre version 5.43.0 does not segfault on the same machine. > This is a debian specific issue. Official calibre uses embedded Python, and not uses system Python. Embedded Python uses limited locale support, and this avoids locale problems. -- YOKOTA Hiroshi
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
> > Fix CVE-2022-30333 and its corresponding RC bug. ... > Please go ahead. Thanks. I was uploaded unrar-nonfree/1:6.0.3-1+deb11u1 to bullseye. -- YOKOTA Hiroshi
Bug#948108: closed by yokota (Re: unrar corrupts filenames given as arguments)
Tags: -wontfix > Why would unrar even try to do such a thing for an archive filename on > the command line? It would make sense if this had anything to do with the > filenames stored in the archive, but that's not the case. Because unrar is originally made for Windows. Windows command line programs uses GetCommandline() function and use wide char (wchar_t) strings to get command line options. Unix unrar code uses thin wrapper around startup routines for Windows unrar code to work with multi byte (char) strings. Because Unix uses multi byte strings to get command line options. > The proof for this is that basically every other command has no trouble > with this. If unsure, try to look at how programs such as "cat", "zip" or > "unzip" work, none of which have trouble with this. Unix tools like "cat" and others uses multi byte strings to get command line options. Because "cat" is made for Unix, and no need to convert command line option strings. Anyway, this issue is once forwarded to upstream, but upstream does not want to fix. I have no more ideas about this issue, because I am not an expert of RAR archiver programs. But you can ask your request to upstream by yourself. If upstream releases new version of unrar, I will make new unrar package. -- YOKOTA
Bug#1010857: bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.h...@gmail.com [ Reason ] Fix CVE-2022-30333 and its corresponding RC bug. [ Impact ] CVE-2022-30333 is directory traversal vulnerability. It write to files during an extract operation on outside of extraction directory. [ Tests ] Compiled executable file passes current autopkgtest in Debian sid. [ Risks ] Test case of CVE-2022-30333 is not available. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch to fix CVE-2022-30333. This patch was taken from diff file between unrar 6.1.6 and 6.1.7. [ Other info ] Upstream developer uses both application version and source version. Upstream says this security vulnerability is fixed in application version 6.12. Application version 6.12's corresponding source version is 6.1.7. CVE-2022-30333 was fixed in source version 6.1.7. -- YOKOTA Hiroshi unrar-nonfree-bullseye-update-1:6.0.3-1+deb11u1.debdiff Description: Binary data
Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: yokota.h...@gmail.com [ Impact ] CVE-2022-30333 is directory traversal vulnerability. It write to files during an extract operation on outside of extraction directory. [ Tests ] Compiled executable file passes current autopkgtest in Debian sid. [ Risks ] Test case of CVE-2022-30333 is not available. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Add patch to fix CVE-2022-30333. This patch was taken from diff file between unrar 6.1.6 and 6.1.7. [ Other info ] Upstream developer uses both application version and source version. Upstream says this security vulnerability is fixed in application version 6.12. Application version 6.12's corresponding source version is 6.1.7. CVE-2022-30333 was fixed in source version 6.1.7. -- YOKOTA Hiroshi unrar-nonfree-buster-update-1:5.6.6-1+deb10u1.debdiff Description: Binary data
Bug#999900: epubcheck: java.lang.StackOverflowError
Control: tags 00 + patch Add tags
