Bug#984740: nmu: cnrun_2.1.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu cnrun_2.1.0-1 . ANY . experimental . -m "Rebuild against libgsl25." Depends on libgsl23 which is cruft. Andreas
Bug#984739: nmu: singular_1:4.1.2-p1+ds-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu singular_1:4.1.2-p1+ds-2 . ANY . experimental . -m "Rebuild against libflint-2.6.1." libflint-2.5.2 is gone ... Andreas
Bug#984738: nmu: eeshow_0.git20170731-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu eeshow_0.git20170731-2 . ANY . experimental . -m "Rebuild against libgit2 1.1" That package still depends on no longer available libgit2-27 Andreas
Bug#984737: nmu: mupen64plus-video-glide64mk2_2.5.9-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu mupen64plus-video-glide64mk2_2.5.9-1 . ANY . experimental . -m "Rebuild against Boost 1.74" That package still depends on Boost 1.67 packages. Andreas
Bug#984717: marked as done (unblock: opencc/1.1.1+git20200624+ds2-10)
Your message dated Sun, 7 Mar 2021 21:16:50 +0100 with message-id <57d6c166-039a-c3f4-74ee-f99fbfa64...@debian.org> and subject line Re: Bug#984717: unblock: opencc/1.1.1+git20200624+ds2-10 has caused the Debian Bug report #984717, regarding unblock: opencc/1.1.1+git20200624+ds2-10 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984717: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984717 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: z...@debian.org, by...@debian.org Please unblock package opencc Summary of changes since testing/1.1.1+git20200624+ds2-5 + Enable upstream tests in package building. + Add autopkgtest + Backport 2 upstream patches to fix performance regression. [ Reason ] This fix is small, but the performance is improved a lot. As opencc is also used in generating Debian official website for Simplified and Traditional Chinese version, and a lot of text needs to be processed by opencc, so the performance matters. opencc is key package, so it needs manual unblock. [ Impact ] Without this patch, the performance drops a lot. [ Tests ] + Upstream unit and integration tests + Autopkgtest for installed library and tool + Manual tests + With opencc in testing: $ time opencc -c /usr/share/opencc/t2s.json -i <(printf "Open Chinese Convert 開放中文轉換\n%.0s" {1..5}) -o /dev/null real0m40.328s user0m40.272s sys 0m0.105s + With opencc in unstable: $ time opencc -c /usr/share/opencc/t2s.json -i <(printf "Open Chinese Convert 開放中文轉換\n%.0s" {1..5}) -o /dev/null real0m0.556s user0m0.551s sys 0m0.065s [ Risks ] + Patch is small + Key package [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The upstream patch was first backported in 1.1.1+git20200624+ds2-6, but the tests were not run, so Boyuan didn't notice the backport is incomplete. Then the backport was reverted in -7. After adding tests and autopkgtest, the patches are backported again in -10. unblock opencc/1.1.1+git20200624+ds2-10 Diff: Real effected code added are only 13 lines. + https://salsa.debian.org/debian/opencc/-/blob/debian/1.1.1+git20200624+ds2-10/debian/patches/0006-Fix-a-bug-in-the-calculation-of-DictGroup-keyMaxLeng.patch L28-L42 + https://salsa.debian.org/debian/opencc/-/blob/debian/1.1.1+git20200624+ds2-10/debian/patches/0007-Fix-a-severe-performance-bug-in-Conversion-Convert-t.patch L78-L80 Full diff: Also available at: https://salsa.debian.org/debian/opencc/-/compare/debian%2F1.1.1+git20200624+ds2-5...debian%2F1.1.1+git20200624+ds2-10 Some long test code added by upstream commit are skipped below. diff --git a/debian/changelog b/debian/changelog index eee8331..69db793 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,48 @@ +opencc (1.1.1+git20200624+ds2-10) unstable; urgency=medium + + * Team upload. + * Upload to unstable. + * Backport patch to fix performance regression again. +Add ++ 0006-Fix-a-bug-in-the-calculation-of-DictGroup-keyMaxLeng.patch ++ 0007-Fix-a-severe-performance-bug-in-Conversion-Convert-t.patch + + -- Shengjing Zhu Sun, 07 Mar 2021 14:20:40 +0800 + +opencc (1.1.1+git20200624+ds2-9) experimental; urgency=medium + + * Team upload. + * Remove unused command from autopkgtest scripts + * Add build-essential to autopkgtest + + -- Shengjing Zhu Sun, 07 Mar 2021 00:54:22 +0800 + +opencc (1.1.1+git20200624+ds2-8) experimental; urgency=medium + + * Team upload. + * Enable test when building + * Add autopkgtest + + -- Shengjing Zhu Sat, 06 Mar 2021 17:57:00 +0800 + +opencc (1.1.1+git20200624+ds2-7) unstable; urgency=high + + * Team upload. + * Drop debian/patches/0005 for now due to regression reported. +See also https://github.com/fcitx/fcitx5/issues/238 . + + -- Boyuan Yang Fri, 05 Mar 2021 09:37:48 -0500 + +opencc (1.1.1+git20200624+ds2-6) unstable; urgency=high + + * Team upload. + * debian/patches/0005: Add upstream patch to fix severe performance +regression in `Conversion::Convert` that caused O(N^2) complexity. + * debian/rules: Disable parallel build to workaround some random +build error for now. + + -- Boyuan Yang Sun, 28 Feb 2021 19:48:01 -0500 + opencc (1.1.1+git20200624+ds2-5) unstable; urgency=medium * Team upload. diff --git a/debian/control b/debian/control index 2eadc
Re: ruby-vcr: DFSG violation (Hippocratic license)
On Sun, Mar 07, 2021 at 11:01:16PM +0530, Pirate Praveen wrote: > [adding release team] > > On Sun, Mar 7, 2021 at 10:49 pm, Utkarsh Gupta wrote: > > Hi Praveen, > > > > On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen > > wrote: > > > It looks like we will have to remove ruby-vcr and we will have to > > > disable tests for the following packages. I don't think there is > > > another way, thoughts? > > > > Maybe worth opening an issue upstream and discuss the cons of this > > change or something? Or if that doesn't work out > > and we need this > > I doubt discussing with upstream will yield any possitive outcome as this is > a specific philosophical movement. > > See https://github.com/vcr/vcr/pull/792 > and > https://github.com/vcr/vcr/issues/804 > > > package or something, would forking be an option? > > https://github.com/vcr/vcr/blob/master/CHANGELOG.md#510-feb-5-2020 > > We will have to go back to 5.0 and someone will have to maintain it > independently. > > Hi Release team, > > Do you think this needs to be fixed before bullseye? If yes, do you agree to > change the reverse dependencies listed in my previous message to this bug? I don't think that will be needed. I reverted to 5.0.0 locally, added a few patches, and at least all of our reverse dependencies seem to pass their tests with it: = Testing reverse (build) dependencies rebuild nanoc ... PASS rebuild ruby-coveralls ... PASS autopkgtest ruby-faraday... PASS rebuild ruby-graphlient ... PASS rebuild ruby-mixlib-install ... PASS rebuild ruby-octokit... PASS So in principle we could fix this issue without touching anything else. signature.asc Description: PGP signature
Bug#984671: marked as done (unblock: dbconfig-common/2.0.19)
Your message dated Sun, 7 Mar 2021 21:49:48 +0200 with message-id and subject line Re: Bug#984671: unblock: dbconfig-common/2.0.19 has caused the Debian Bug report #984671, regarding unblock: dbconfig-common/2.0.19 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984671 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package dbconfig-common [ Reason ] Changes in dbconfig-common made during the bullseye release cycle introduced a regression handling database names containing hyphens, which made dbconfig-common fail in postinst when creating a database user for a database containing a hyphen. Escape the database name again to reestablish old behaviour. [ Impact ] Users that install packages that use dbconfig-common to handle the database processing can see installation failures if databases are involved that contain a hyphen. [ Tests ] dbconfig-common comes with an extensive test suite that's also run as autopkgtest. I ran it manually and it passes, after I updated the references to accommodate for the change. [ Risks ] The risk is small as the exact same quoting is present in buster too. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] https://salsa.debian.org/debian/dbconfig-common/-/merge_requests/6 unblock dbconfig-common/2.0.19 Paul diff -Nru dbconfig-common-2.0.18/debian/changelog dbconfig-common-2.0.19/debian/changelog --- dbconfig-common-2.0.18/debian/changelog 2021-01-29 21:34:31.0 +0100 +++ dbconfig-common-2.0.19/debian/changelog 2021-03-06 20:56:28.0 +0100 @@ -1,3 +1,10 @@ +dbconfig-common (2.0.19) unstable; urgency=medium + + [ Simon Hollenbach ] + * Fix mysql grant for db names containing hyphens + + -- Paul Gevers Sat, 06 Mar 2021 20:56:28 +0100 + dbconfig-common (2.0.18) unstable; urgency=medium [ Chris Halls ] diff -Nru dbconfig-common-2.0.18/internal/mysql dbconfig-common-2.0.19/internal/mysql --- dbconfig-common-2.0.18/internal/mysql 2021-01-29 21:34:31.0 +0100 +++ dbconfig-common-2.0.19/internal/mysql 2021-03-06 20:56:28.0 +0100 @@ -326,7 +326,7 @@ fi cat << EOF >> "$l_sqlfile" ALTER USER '$dbc_dbuser'@'$dbc_dballow' IDENTIFIED BY '$(dbc_mysql_escape_str "$dbc_dbpass")'; -GRANT ALL PRIVILEGES ON $dbc_dbname.* TO '$dbc_dbuser'@'$dbc_dballow'; +GRANT ALL PRIVILEGES ON \`$dbc_dbname\`.* TO '$dbc_dbuser'@'$dbc_dballow'; FLUSH PRIVILEGES; EOF l_dbname=$dbc_dbname diff -Nru dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.nohost.sql.txt dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.nohost.sql.txt --- dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.nohost.sql.txt 2021-01-29 21:34:31.0 +0100 +++ dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.nohost.sql.txt 2021-03-06 20:56:28.0 +0100 @@ -1,4 +1,4 @@ CREATE USER IF NOT EXISTS 'testdbuser'@'localhost'; ALTER USER 'testdbuser'@'localhost' IDENTIFIED BY 'testdbpass'; -GRANT ALL PRIVILEGES ON testdbname.* TO 'testdbuser'@'localhost'; +GRANT ALL PRIVILEGES ON `testdbname`.* TO 'testdbuser'@'localhost'; FLUSH PRIVILEGES; diff -Nru dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.remote.sql.txt dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.remote.sql.txt --- dbconfig-common-2.0.18/test/data/dbc_mysql_createuser.remote.sql.txt 2021-01-29 21:34:31.0 +0100 +++ dbconfig-common-2.0.19/test/data/dbc_mysql_createuser.remote.sql.txt 2021-03-06 20:56:28.0 +0100 @@ -1,4 +1,4 @@ CREATE USER IF NOT EXISTS 'testdbuser'@'host2'; ALTER USER 'testdbuser'@'host2' IDENTIFIED BY 'testdbpass'; -GRANT ALL PRIVILEGES ON testdbname.* TO 'testdbuser'@'host2'; +GRANT ALL PRIVILEGES ON `testdbname`.* TO 'testdbuser'@'host2'; FLUSH PRIVILEGES; OpenPGP_signature Description: OpenPGP digital signature --- End Message --- --- Begin Message --- On Sat, 6 Mar 2021 at 23:15, Paul Gevers wrote: > unblock dbconfig-common/2.0.19 Unblocked, thanks.--- End Message ---
Bug#983499: marked as done (unblock: python3-defaults/3.9.2~rc1-1, python3.9/3.9.2~rc1-1)
Your message dated Sun, 7 Mar 2021 20:42:48 +0100 with message-id <0d5bec28-a83b-ebac-7885-a3bc17eb0...@debian.org> and subject line Re: Bug#983499: unblock: python3-defaults/3.9.2~rc1-1, python3.9/3.9.2~rc1-1 has caused the Debian Bug report #983499, regarding unblock: python3-defaults/3.9.2~rc1-1, python3.9/3.9.2~rc1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 983499: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983499 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: d...@debian.org Please unblock package python3-defaults and python3.9 Adding a new binary package, -full, to both source packages. Both are currently in binNEW. Sorry, should have probably filed this a couple of weeks ago. Once we saw this coming. [ Reason ] The reason for this change is laid out in https://lists.debian.org/debian-python/2021/02/msg00035.html TL;DR: Debian heard of some upstream Python grumpyness about our standard library splits, recently. This is all very badly timed for the freeze. Including a python3-full and python3.x-full packages, that Depends on the entire stdlib, is a compromise position to help them to support Python users on Debian (and derivative) platforms. These packages would be dependency-only packages, and only directly installed by end-users, not used as a dependency of other packages. We intend to try to backport this to stable releases too. [ Impact ] Impact, if this isn't granted, is continuation of status-quo. We'd probably attempt to add it in a point release. [ Tests ] Not relevant. [ Risks ] While the source packages at question are core to the system, this is just the addition of leaf packages. [ Checklist ] unblock python3-defaults/3.9.2~rc1-1 unblock python3.9/3.9.2~rc1-1 diff --git a/.gitignore b/.gitignore index 1f20116..0717416 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,7 @@ debian/python3-dbg debian/python3-dev debian/python3-doc debian/python3-examples +debian/python3-full debian/python3-minimal debian/python3-venv diff --git a/debian/changelog b/debian/changelog index 19ee73a..f360209 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +python3-defaults (3.9.2~rc1-1) experimental; urgency=medium + + * Bump version to 3.9.2 rc1. + + [ Stefano Rivera ] + * Improve package descriptions, describing venv, stdlib, and lib2to3 package +contents. + + [ Matthias Klose ] + * Build a python3-full package. + + -- Matthias Klose Thu, 18 Feb 2021 12:16:46 +0100 + python3-defaults (3.9.1-1) unstable; urgency=medium * Bump version to 3.9.1. diff --git a/debian/control b/debian/control index 59ed6f6..0087ed5 100644 --- a/debian/control +++ b/debian/control @@ -39,13 +39,19 @@ Architecture: any Multi-Arch: allowed Depends: python3.9-venv (>= 3.9.1-1~), python3 (= ${binary:Version}), python3-distutils (>= 3.9.1-1~), ${misc:Depends} -Description: pyvenv-3 binary for python3 (default python3 version) - Python, the high-level, interactive object oriented language, - includes an extensive class library with lots of goodies for - network programming, system administration, sounds and graphics. +Description: venv module for python3 (default python3 version) + This package contains the venv module for the Python language (default python3 + version). + . + The venv module provides support for creating lightweight "virtual + environments" with their own site directories, optionally isolated from system + site directories. Each virtual environment has its own Python binary (which + matches the version of the binary that was used to create this environment) + and can have its own independent set of installed Python packages in its site + directories. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's venv module (currently v3.9). Package: python3-minimal Architecture: any @@ -68,7 +74,7 @@ Description: examples for the Python language (default version) the upstream Python distribution. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). + Python 3 version's examples (currently v3.9). Package: python3-dev Architecture: any @@ -83,7 +89,7 @@ Description: header files and a static library for Python (default) in applications. . This package is a dependency package, which depends on Debian's default - Python 3 version (currently v3.9). +
Re: ruby-vcr: DFSG violation (Hippocratic license)
[adding release team] On Sun, Mar 7, 2021 at 10:49 pm, Utkarsh Gupta wrote: Hi Praveen, On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen wrote: It looks like we will have to remove ruby-vcr and we will have to disable tests for the following packages. I don't think there is another way, thoughts? Maybe worth opening an issue upstream and discuss the cons of this change or something? Or if that doesn't work out and we need this I doubt discussing with upstream will yield any possitive outcome as this is a specific philosophical movement. See https://github.com/vcr/vcr/pull/792 and https://github.com/vcr/vcr/issues/804 package or something, would forking be an option? https://github.com/vcr/vcr/blob/master/CHANGELOG.md#510-feb-5-2020 We will have to go back to 5.0 and someone will have to maintain it independently. Hi Release team, Do you think this needs to be fixed before bullseye? If yes, do you agree to change the reverse dependencies listed in my previous message to this bug? Thanks Praveen
Bug#983051: buster-pu: package xterm/344-1+deb10u1
On 2021-02-18 17:54 +0100, Sven Joachim wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: Salvatore Bonaccorso , Julien Cristau > , Sven Joachim > > I would like to fix bug #982439/CVE-2021-27135[1] in Buster, a potential > DoS against xterm when the user selects specially crafted text. The fix > is already in testing and applies unmodified to the version in Buster, > the code in question had not seen any changes since then. The xterm > package in Stretch-LTS has also already been patched. It turned out that the patch was insufficient and introduced new problems reported in bug #984615. Fortunately, upstream had already fixed it in xterm 365e/366. Please find an updated debdiff attached, with it the SaltTextAway() function in question is identical to the one in xterm 366 (bullseye/sid). Apologies for not having tested the initial patch thoroughly enough. Cheers, Sven diff -Nru xterm-344/debian/changelog xterm-344/debian/changelog --- xterm-344/debian/changelog 2019-02-14 18:04:18.0 +0100 +++ xterm-344/debian/changelog 2021-03-07 17:53:16.0 +0100 @@ -1,3 +1,11 @@ +xterm (344-1+deb10u1) buster; urgency=medium + + * Apply upstream fix from xterm 366 for CVE-2021-27135. +- Correct upper-limit for selection buffer, accounting for combining + characters (Closes: #982439). + + -- Sven Joachim Sun, 07 Mar 2021 17:53:16 +0100 + xterm (344-1) unstable; urgency=medium * New upstream release. diff -Nru xterm-344/debian/patches/CVE-2021-27135.diff xterm-344/debian/patches/CVE-2021-27135.diff --- xterm-344/debian/patches/CVE-2021-27135.diff 1970-01-01 01:00:00.0 +0100 +++ xterm-344/debian/patches/CVE-2021-27135.diff 2021-03-07 17:36:55.0 +0100 @@ -0,0 +1,61 @@ +Description: Fix for CVE-2021-27135 from xterm 366 + Correct upper-limit for selection buffer, accounting for + combining characters (report by Tavis Ormandy). + +--- + button.c | 29 + + 1 file changed, 25 insertions(+), 4 deletions(-) + +--- a/button.c b/button.c +@@ -3914,6 +3914,7 @@ SaltTextAway(XtermWidget xw, + int i; + int eol; + int need = 0; ++size_t have = 0; + Char *line; + Char *lp; + CELL first = *cellc; +@@ -3948,7 +3949,11 @@ SaltTextAway(XtermWidget xw, + + /* UTF-8 may require more space */ + if_OPT_WIDE_CHARS(screen, { +- need *= 4; ++ if (need > 0) { ++ if (screen->max_combining > 0) ++ need += screen->max_combining; ++ need *= 6; ++ } + }); + + /* now get some memory to save it in */ +@@ -3986,10 +3991,26 @@ SaltTextAway(XtermWidget xw, + } + *lp = '\0'; /* make sure we have end marked */ + +-TRACE(("Salted TEXT:%u:%s\n", (unsigned) (lp - line), +- visibleChars(line, (unsigned) (lp - line; ++have = (size_t) (lp - line); ++/* ++ * Scanning the buffer twice is unnecessary. Discard unwanted memory if ++ * the estimate is too-far off. ++ */ ++if ((have * 2) < (size_t) need) { ++ Char *next; ++ scp->data_limit = have + 1; ++ next = realloc(line, scp->data_limit); ++ if (next == NULL) { ++ free(line); ++ scp->data_length = 0; ++ scp->data_limit = 0; ++ } ++ scp->data_buffer = next; ++} ++scp->data_length = have; + +-scp->data_length = (size_t) (lp - line); ++TRACE(("Salted TEXT:%u:%s\n", (unsigned) have, ++ visibleChars(scp->data_buffer, (unsigned) have))); + } + + #if OPT_PASTE64 diff -Nru xterm-344/debian/patches/series xterm-344/debian/patches/series --- xterm-344/debian/patches/series 2019-02-13 17:54:29.0 +0100 +++ xterm-344/debian/patches/series 2021-03-05 22:10:42.0 +0100 @@ -1,3 +1,4 @@ 900_debian_xterm.diff 902_windowops.diff 904_fontops.diff +CVE-2021-27135.diff signature.asc Description: PGP signature
Bug#984487: marked as done (nmu: libzstd1 rdeps relying on 1.3.8)
Your message dated Sun, 7 Mar 2021 18:12:21 +0100 with message-id and subject line Re: Bug#984487: nmu: libzstd1 rdeps relying on 1.3.8 has caused the Debian Bug report #984487, regarding nmu: libzstd1 rdeps relying on 1.3.8 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984487: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984487 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Dear release team, libzstd1 used to provide an over-enthusiastic symbols file, which has resulted in dependencies which are too relaxed. The library API isn’t determined by its exported symbols, unfortunately, but by one of its headers. See https://bugs.debian.org/969597 and https://github.com/facebook/zstd/pull/2501 for details. As a result, a (small) number of packages have picked up a dependency on “libzstd1 (>= 1.3.8)” when it should be “(>= 1.4.0)” — they were built with one of the 1.4 packages, but the symbols file declared some of the 1.4 functions as available in 1.3.8 (which they were, technically, but with a different API in some cases). To fix this, would it be possible to binNMU the following? The version of libzstd1 no longer provides a symbols file and relies on shlibs to provide the correct dependency. nmu badger_2.2007.2-2 . ANY . unstable . -m "update libzstd1 dependency" nmu burrow_1.2.1-2 . ANY . unstable . -m "update libzstd1 dependency" nmu cadvisor_0.38.7+ds1-2 . ANY . unstable . -m "update libzstd1 dependency" nmu garagemq_0.0~git20200204.15e6a9d+ds-3 . ANY . unstable . -m "update libzstd1 dependency" nmu lammps_20210122~gita77bb+ds1-2 . ANY . unstable . -m "update libzstd1 dependency" nmu libarchive_3.4.3-2 . ANY . unstable . -m "update libzstd1 dependency" nmu libdrpm_0.5.0-2 . ANY . unstable . -m "update libzstd1 dependency" nmu mmllib_12-113e3+ds-3 . ANY . unstable . -m "update libzstd1 dependency" nmu mysql-8.0_8.0.23-3 . ANY . unstable . -m "update libzstd1 dependency" nmu rsymphony_3.2.3-4 . ANY . unstable . -m "update libzstd1 dependency" Regards, Stephen -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 4.19.0-12-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- On 2021-03-06 16:04:57 +0100, Stephen Kitt wrote: > On Fri, 5 Mar 2021 10:34:06 +0100, Sebastian Ramacher > wrote: > > On 2021-03-04 07:06:05, Stephen Kitt wrote: > > > Package: release.debian.org > > > Severity: normal > > > User: release.debian@packages.debian.org > > > Usertags: binnmu > > > > > > Dear release team, > > > > > > libzstd1 used to provide an over-enthusiastic symbols file, which has > > > resulted in dependencies which are too relaxed. The library API isn’t > > > determined by its exported symbols, unfortunately, but by one of its > > > headers. See https://bugs.debian.org/969597 and > > > https://github.com/facebook/zstd/pull/2501 for details. > > > > > > As a result, a (small) number of packages have picked up a dependency > > > on “libzstd1 (>= 1.3.8)” when it should be “(>= 1.4.0)” — they were > > > built with one of the 1.4 packages, but the symbols file declared some > > > of the 1.4 functions as available in 1.3.8 (which they were, > > > technically, but with a different API in some cases). > > > > Please explain. If they were available with a different API prior to > > 1.4, that sounds like an ABI break to me. In that case, the binNMUs > > would just hide the problem. > > They weren’t intended to be available as part of the library API. libzstd > distinguishes two sets of functions: one intended for use by programs linked > with the dynamic library, another intended for use by programs linked > statically. Programs built in Debian abide by this rule and don’t use any > symbols they shouldn’t. > > Unfortunately, the way the library is built means that “static-only” symbols > are still exported by the dynamic library (even though no dynamically-linked > program uses them)
Bug#984651: marked as done (unblock: freedict/2021.01.05-3)
Your message dated Sun, 07 Mar 2021 16:52:36 + with message-id and subject line unblock freedict has caused the Debian Bug report #984651, regarding unblock: freedict/2021.01.05-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984651: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984651 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package freedict The previous version ran the build in parallel and consumed vast amounts of memory. The fix is simplistic: just build sequentially. I therefore would like to request to unblock the package, since it will not affect the stability of the upcoming release. It was blocked by #982730. Debdiff: ``` gpgv: Signature made Tue Feb 16 22:48:52 2021 CET gpgv:using RSA key A8574EA4228468D0463BEB0C731F86C6AC61798D gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on /tmp/freedict_2021.01.05-2.dsc gpgv: Signature made Sat Mar 6 14:05:06 2021 CET gpgv:using RSA key 0DD2BC30C6C7326B3FFACD24DBF124790B30ECA5 gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on /mnt/sdb6/streicher/quellen/debian/freedict/freedict_2021.01.05-3.dsc diff -Nru freedict-2021.01.05/debian/changelog freedict-2021.01.05/debian/changelog --- freedict-2021.01.05/debian/changelog2021-02-16 22:45:56.0 +0100 +++ freedict-2021.01.05/debian/changelog2021-03-03 18:26:24.0 +0100 @@ -1,3 +1,9 @@ +freedict (2021.01.05-3) unstable; urgency=medium + + * properly disable parallel builds (Closes: #982730) + + -- Sebastian Humenda Wed, 03 Mar 2021 18:26:24 +0100 + freedict (2021.01.05-2) unstable; urgency=medium * rules: Decrease --max-parallel to 1 (Closes: #982730) diff -Nru freedict-2021.01.05/debian/control freedict-2021.01.05/debian/control --- freedict-2021.01.05/debian/control 2021-02-16 22:45:03.0 +0100 +++ freedict-2021.01.05/debian/control 2021-03-03 18:26:24.0 +0100 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Sebastian Humenda Build-Depends: debhelper-compat (= 13), freedict-tools (>= 0.5.0) -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 Rules-Requires-Root: no Homepage: https://freedict.org/ Vcs-Browser: https://salsa.debian.org/freedict-team/dictionaries diff -Nru freedict-2021.01.05/debian/control.HEAD freedict-2021.01.05/debian/control.HEAD --- freedict-2021.01.05/debian/control.HEAD 2021-02-16 22:45:03.0 +0100 +++ freedict-2021.01.05/debian/control.HEAD 2021-03-03 18:26:24.0 +0100 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Sebastian Humenda Build-Depends: debhelper-compat (= 13), freedict-tools (>= 0.5.0) -Standards-Version: 4.5.0 +Standards-Version: 4.5.1 Rules-Requires-Root: no Homepage: https://freedict.org/ Vcs-Browser: https://salsa.debian.org/freedict-team/dictionaries diff -Nru freedict-2021.01.05/debian/rules freedict-2021.01.05/debian/rules --- freedict-2021.01.05/debian/rules2021-02-16 22:45:46.0 +0100 +++ freedict-2021.01.05/debian/rules2021-03-03 15:14:00.0 +0100 @@ -11,10 +11,10 @@ BUILD_MODE ?= normal # pass parallelisation through from debhelper -ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) -NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) -MAKEFLAGS += -j$(NUMJOBS) -endif +#ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +#NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +#MAKEFLAGS += -j$(NUMJOBS) +#endif %: dh $@ --max-parallel=1 ``` Note that due to hardware failure, I cannot access my private key at the moment, but that shouldn't make the debdiff less useful. unblock freedict/2021.01.05-3 -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: i386 (i686) Kernel: Linux 4.19.0-14-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#984717: unblock: opencc/1.1.1+git20200624+ds2-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: z...@debian.org, by...@debian.org Please unblock package opencc Summary of changes since testing/1.1.1+git20200624+ds2-5 + Enable upstream tests in package building. + Add autopkgtest + Backport 2 upstream patches to fix performance regression. [ Reason ] This fix is small, but the performance is improved a lot. As opencc is also used in generating Debian official website for Simplified and Traditional Chinese version, and a lot of text needs to be processed by opencc, so the performance matters. opencc is key package, so it needs manual unblock. [ Impact ] Without this patch, the performance drops a lot. [ Tests ] + Upstream unit and integration tests + Autopkgtest for installed library and tool + Manual tests + With opencc in testing: $ time opencc -c /usr/share/opencc/t2s.json -i <(printf "Open Chinese Convert 開放中文轉換\n%.0s" {1..5}) -o /dev/null real0m40.328s user0m40.272s sys 0m0.105s + With opencc in unstable: $ time opencc -c /usr/share/opencc/t2s.json -i <(printf "Open Chinese Convert 開放中文轉換\n%.0s" {1..5}) -o /dev/null real0m0.556s user0m0.551s sys 0m0.065s [ Risks ] + Patch is small + Key package [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The upstream patch was first backported in 1.1.1+git20200624+ds2-6, but the tests were not run, so Boyuan didn't notice the backport is incomplete. Then the backport was reverted in -7. After adding tests and autopkgtest, the patches are backported again in -10. unblock opencc/1.1.1+git20200624+ds2-10 Diff: Real effected code added are only 13 lines. + https://salsa.debian.org/debian/opencc/-/blob/debian/1.1.1+git20200624+ds2-10/debian/patches/0006-Fix-a-bug-in-the-calculation-of-DictGroup-keyMaxLeng.patch L28-L42 + https://salsa.debian.org/debian/opencc/-/blob/debian/1.1.1+git20200624+ds2-10/debian/patches/0007-Fix-a-severe-performance-bug-in-Conversion-Convert-t.patch L78-L80 Full diff: Also available at: https://salsa.debian.org/debian/opencc/-/compare/debian%2F1.1.1+git20200624+ds2-5...debian%2F1.1.1+git20200624+ds2-10 Some long test code added by upstream commit are skipped below. diff --git a/debian/changelog b/debian/changelog index eee8331..69db793 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,48 @@ +opencc (1.1.1+git20200624+ds2-10) unstable; urgency=medium + + * Team upload. + * Upload to unstable. + * Backport patch to fix performance regression again. +Add ++ 0006-Fix-a-bug-in-the-calculation-of-DictGroup-keyMaxLeng.patch ++ 0007-Fix-a-severe-performance-bug-in-Conversion-Convert-t.patch + + -- Shengjing Zhu Sun, 07 Mar 2021 14:20:40 +0800 + +opencc (1.1.1+git20200624+ds2-9) experimental; urgency=medium + + * Team upload. + * Remove unused command from autopkgtest scripts + * Add build-essential to autopkgtest + + -- Shengjing Zhu Sun, 07 Mar 2021 00:54:22 +0800 + +opencc (1.1.1+git20200624+ds2-8) experimental; urgency=medium + + * Team upload. + * Enable test when building + * Add autopkgtest + + -- Shengjing Zhu Sat, 06 Mar 2021 17:57:00 +0800 + +opencc (1.1.1+git20200624+ds2-7) unstable; urgency=high + + * Team upload. + * Drop debian/patches/0005 for now due to regression reported. +See also https://github.com/fcitx/fcitx5/issues/238 . + + -- Boyuan Yang Fri, 05 Mar 2021 09:37:48 -0500 + +opencc (1.1.1+git20200624+ds2-6) unstable; urgency=high + + * Team upload. + * debian/patches/0005: Add upstream patch to fix severe performance +regression in `Conversion::Convert` that caused O(N^2) complexity. + * debian/rules: Disable parallel build to workaround some random +build error for now. + + -- Boyuan Yang Sun, 28 Feb 2021 19:48:01 -0500 + opencc (1.1.1+git20200624+ds2-5) unstable; urgency=medium * Team upload. diff --git a/debian/control b/debian/control index 2eadce4..834dae0 100644 --- a/debian/control +++ b/debian/control @@ -13,6 +13,7 @@ Build-Depends: darts, debhelper-compat (= 13), doxygen , + googletest , libmarisa-dev, libtclap-dev, python3:any, diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000..cec628c --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True diff --git a/debian/patches/use-cmake-install-libdir.patch b/debian/patches/0001-use-cmake-install-libdir.patch similarity index 100% rename from debian/patches/use-cmake-install-libdir.patch rename to debian/patches/0001-use-cmake-install-libdir.patch diff --git a/debian/patches/0003-use-system-libraries.patch b/debian/patches/0002-use-system-libraries.patch similarity index 100% rename from debian/patches/0003-use-system-libraries.patch rename to debian/patches/0002-use-system-librari
Bug#983499: unblock: python3-defaults/3.9.2~rc1-1, python3.9/3.9.2~rc1-1
On 3/4/21 9:58 AM, Paul Gevers wrote: > Control: tag -1 moreinfo > > Hi Stefano, > > On 25-02-2021 07:17, Stefano Rivera wrote: >> Please unblock package python3-defaults and python3.9 > > The python3-defaults package is currently blocked by autopkgtest > regressions. As usual, I suspect these are transient failures (either > infrastructure or flaky tests). If your going to inspect, flaky tests > are RC and can be filed, all failures are retried after a day. Please > remove the moreinfo bug if there's something that needs our attention. The four remaining failures are triggered by the fix for https://security-tracker.debian.org/tracker/CVE-2021-23336 bugs for mercurial, python-furl, python-w3lib and twisted are filed. the vorta/ppc64el issue seems to be unrelated, and fixed with vorta 0.7.5-1.
Bug#984697: unblock: setuptools/52.0.0-3
Package: release.debian.org X-Debbugs-CC: Stefano Rivera please unblock: setuptools/52.0.0-3, fixing the same issue #982921 as fixed in python-packaging in https://tracker.debian.org/news/1232090/accepted-python-packaging-209-2-source-into-unstable/ and already migrated to testing. Discussed with Stefano Rivero, that we don't want to unvendor packaging at this point.
NEW changes in stable-new
Processing changes file: linux_4.19.177-1_mipsel-buildd.changes ACCEPT
Bug#984578: marked as done (unblock: flatpak/1.10.1-4)
Your message dated Sun, 07 Mar 2021 09:34:07 + with message-id and subject line unblock flatpak has caused the Debian Bug report #984578, regarding unblock: flatpak/1.10.1-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package flatpak [ Reason ] * Apply proposed patch fixing a security vulnerability * Improve compatibility with C++ * Fixes to automated tests [ Impact ] * If the security fix is not applied: - a malicious Flatpak app can escape the sandbox even if its permissions should not allow that * If the header file fixes are not applied: - C++ code cannot use libflatpak without using a problematic workaround that is broken by future (Debian 12) versions of GLib * If test fixes are not applied: - test failure on non-x86 in non-schroot, non-lxc environments - some minor memory leaks when running the automated tests (I wouldn't have fixed this one if I had known I would have to do a security update so soon, but the patch is trivial and low-risk) [ Tests ] The upstream test suite is run at build time and under autopkgtest. A lot of it has to be skipped in schroot and lxc, but I run it under qemu before upload for better coverage. Also manually tested by installing an app modified to exploit the security vulnerability. Most of the changes were only 2 days from migration, but the need to upload the security fix resets the migration clock. [ Risks ] These are targeted fixes that seem unlikely to cause regressions. They're easy to revert if it somehow becomes necessary. The patch adding G_BEGIN_DECLS/G_END_DECLS (macros around 'extern "C" {}' guards) is fairly long, but is just making one straightforward change in multiple places. The other patches are all closely-targeted and easy to review. The security fix might not be the final version: it has not been reviewed by an upstream maintainer yet, and I made some suggestions for improvement on the upstream PR. However, it seems correct, and applying something is better than nothing. I'll update the package with an upstream-reviewed patch when one becomes available. The fix for test failure on non-x86 is unreviewed, but is also quite obvious. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] In previous Debian stable releases I have followed the upstream stable-branch in Debian for as long as it continued to be maintained, to pick up targeted bug fixes and interop fixes recommended by upstream, and I hope to do the same for Flatpak 1.10.x in Debian 11. The SRMs and security team seem happy with this approach so far. unblock flatpak/1.10.1-4 diffstat for flatpak-1.10.1 flatpak-1.10.1 changelog | 23 + patches/Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch | 208 ++ patches/Disallow-and-u-usage-in-desktop-files.patch | 23 + patches/series|4 patches/testlibrary-Fix-memory-leaks.patch| 28 + patches/tests-Disable-revokefs-if-FUSE-doesn-t-work.patch |3 patches/tests-Remove-hard-coded-references-to-x86_64.patch| 40 + 7 files changed, 328 insertions(+), 1 deletion(-) diff -Nru flatpak-1.10.1/debian/changelog flatpak-1.10.1/debian/changelog --- flatpak-1.10.1/debian/changelog 2021-01-28 22:24:20.0 + +++ flatpak-1.10.1/debian/changelog 2021-03-05 10:21:35.0 + @@ -1,3 +1,26 @@ +flatpak (1.10.1-4) unstable; urgency=high + + * d/p/Disallow-and-u-usage-in-desktop-files.patch: +Add proposed patch to fix a sandbox escape via crafted .desktop +files (flatpak#4146). Thanks, Ryan Gonzalez + * d/p/tests-Remove-hard-coded-references-to-x86_64.patch: +Add proposed patch to fix some tests on non-x86_64 machines. +The affected tests were already skipped in schroot/lxc for other +reasons, but would be run (and fail) on autopkgtest testbeds with +isolation-machine and working FUSE. + + -- Simon McVittie Fri, 05 Mar 2021 10:21:35 + + +flatpak (1.10.1-3) unstable; urgency=medium + + * Mark patch as applied upstream + * Add bugfixes from upstream flatpak-1.10.x branch +- Add extern "C" guards to header files, fixing compilation