Bug#1074259: transition: alglib

[Anton Gladky]

Done.

Anton

Am Mi., 26. Juni 2024 um 09:10 Uhr schrieb Emilio Pozuelo Monfort
:
>
> Control: tags -1 confirmed
>
> On 25/06/2024 15:14, Anton Gladky wrote:
> > Package: release.debian.org
> > Severity: normal
> > X-Debbugs-Cc: alg...@packages.debian.org
> > Control: affects -1 + src:alglib
> > User: release.debian@packages.debian.org
> > Usertags: transition
> >
> >
> > Dear release team,
> >
> > plase schedule a tiny transition of the new version of
> > alglib library. There are only 3 dependencies and they
> > are all building fine against new alglib.
>
> Go ahead.
>
> Cheers,
> Emilio

Bug#1074259: transition: alglib

[Anton Gladky]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: alg...@packages.debian.org
Control: affects -1 + src:alglib
User: release.debian@packages.debian.org
Usertags: transition


Dear release team,

plase schedule a tiny transition of the new version of
alglib library. There are only 3 dependencies and they
are all building fine against new alglib.

Thanks


Ben file:

title = "alglib";
is_affected = .depends ~ "libalglib4.0" | .depends ~ "libalglib4.2";
is_good = .depends ~ "libalglib4.2";
is_bad = .depends ~ "libalglib4.0";

Bug#1061200: transition: vtk9

[Anton Gladky]

Hi,

it looks like the transition can be finished soon.
Please check. Thanks

Anton

Bug#1061200: transition: vtk9

[Anton Gladky]

Hi Sebastian,

thanks for the note. Yes, I started to work on it. liggghts is already
fixed.

Regards

Anton


Am So., 9. Juni 2024 um 18:07 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:

> Hi Anton
>
> On 2024-06-08 09:44:05 +0200, Anton Gladky wrote:
> > Uploaded and built on all relevant platforms.
> > Please, schedule the rebuild.
>
> There are some failures. #1072822 in gdcm looks like an issue in vtk9
> though. could you please take a look?
>
> Cheers
>
> >
> > Thank you.
> >
> > Anton
> >
> >
> > Am So., 2. Juni 2024 um 13:10 Uhr schrieb Sebastian Ramacher <
> > sramac...@debian.org>:
> >
> > > Control: tags -1 confirmed
> > >
> > > On 2024-01-20 18:15:32 +0100, Anton Gladky wrote:
> > > > Package: release.debian.org
> > > > Severity: normal
> > > > User: release.debian@packages.debian.org
> > > > Usertags: transition
> > > > X-Debbugs-Cc: v...@packages.debian.org
> > > > Control: affects -1 + src:vtk9
> > > >
> > > >
> > > > Dear release team,
> > > >
> > > > please schedule vtk9.3 transition.
> > > >
> > > > Ben file:
> > > >
> > > > title = "vtk9";
> > > > is_affected = .depends ~ "libvtk9\.1|libvtk9\.1\-qt" | .depends ~
> > > "libvtk9\.3|libvtk9\.3\-qt";
> > > > is_good = .depends ~ "libvtk9\.3|libvtk9\.3\-qt";
> > > > is_bad = .depends ~ "libvtk9\.1|libvtk9\.1\-qt";
> > > >
> > > > I have done a full rebuild and some failures are detected. Bugs
> (most of
> > > them with patches) will
> > > > be filed in the next time.
> > >
> > > Please go ahead.
> > >
> > > Cheers
> > > --
> > > Sebastian Ramacher
> > >
>
> --
> Sebastian Ramacher
>

Bug#1061200: transition: vtk9

[Anton Gladky]

Uploaded and built on all relevant platforms.
Please, schedule the rebuild.

Thank you.

Anton


Am So., 2. Juni 2024 um 13:10 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:

> Control: tags -1 confirmed
>
> On 2024-01-20 18:15:32 +0100, Anton Gladky wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: v...@packages.debian.org
> > Control: affects -1 + src:vtk9
> >
> >
> > Dear release team,
> >
> > please schedule vtk9.3 transition.
> >
> > Ben file:
> >
> > title = "vtk9";
> > is_affected = .depends ~ "libvtk9\.1|libvtk9\.1\-qt" | .depends ~
> "libvtk9\.3|libvtk9\.3\-qt";
> > is_good = .depends ~ "libvtk9\.3|libvtk9\.3\-qt";
> > is_bad = .depends ~ "libvtk9\.1|libvtk9\.1\-qt";
> >
> > I have done a full rebuild and some failures are detected. Bugs (most of
> them with patches) will
> > be filed in the next time.
>
> Please go ahead.
>
> Cheers
> --
> Sebastian Ramacher
>

Bug#1061200: transition: vtk9

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: v...@packages.debian.org
Control: affects -1 + src:vtk9

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear release team,

please schedule vtk9.3 transition.

Ben file:

title = "vtk9";
is_affected = .depends ~ "libvtk9\.1|libvtk9\.1\-qt" | .depends ~ 
"libvtk9\.3|libvtk9\.3\-qt";
is_good = .depends ~ "libvtk9\.3|libvtk9\.3\-qt";
is_bad = .depends ~ "libvtk9\.1|libvtk9\.1\-qt";

I have done a full rebuild and some failures are detected. Bugs (most of them 
with patches) will
be filed in the next time.

Thank you

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmWr/7QRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYKUA//a5VTdDoQST30wyb4hSsN40HKHU5Y65xX
wLIcozZWvdzSnFQa7NDojOihsiYEjUEokhqqCGf7XbVZ/FokyJclzgh6ZHoX9APj
6O/Xfz5GHPpYblwMGC8029yUqnlQfQXcR7gS5HqfGBGZ1FyWRAqY0hS5kzbY/LYK
mpcOAo0zGqj/4FaSNCCycPP9Yn+0HMUqcmT2mmGPye3cjnhrl+Ixlo/Is8+1vb3Z
92APiFLa259DeucniY02qMMSZdCS9Gv3VjMSah/4qYpJnbdtGjz/Vy0t0IRY6hSY
D06I/YJiM8miY1QK5xwG2F5ElXermhuWNvf8dfy/DFJk7gul6HiSTUpe18xcv2y9
PR1h+NA0fEFVtaHf0KYaST45KPN2xIcRLovZQPX3IPzxuwHO5TcGYzd632/TTF7e
8OnVj3yoqhd41Gc0K8/0XBv7TgJ7nrXhcsUwi8MA1CArir0fGr5ZjTrKRBrzCc4p
xF7AtxZuxWXoJ18SXE3oudWmuk97kSS5yAHzgBOgj4LUjTtJAzZIQtwgJT+sLvLJ
QeISyC3z3mEf9+ed287EuYxWKuhdyUdElvLDfU66H/FL6Nzb2LrjskK6HfPrLsBe
tDyyDm09rnhI47t6gDy3X+oPcgLd7SzIrXQQm8jmXCx3PxKHx8bDWXanF5ViBvte
pfsgZmdit5k=
=56QT
-END PGP SIGNATURE-

Bug#1059961: transition: benchmark

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: benchm...@packages.debian.org
Control: affects -1 + src:benchmark

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please schedule a tiny benchmark transition.

Thanks!

Ben file:

title = "benchmark";
is_affected = .depends ~ "libbenchmark1debian" | .depends ~ "libbenchmark1.8.3";
is_good = .depends ~ "libbenchmark1.8.3";
is_bad = .depends ~ "libbenchmark1debian";




-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmWWWMARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wb6uA/9FuLjNjbEHrnfYhaMJPlFjc1d7xSOv5MJ
SsQJP8RRQP3KpSuP2U3B66b1itzRSOCMb+OiDIK9nigUPjM79l/E8WlVtZ6mLTBp
9PAoe391wPmJ4th3MzGQCOwCam/eXgy1xLa7/l6BgfBDRiOCygokFB1Pu3Af8IJq
34fsyPX2mbFoGjA+oqQcCLDPDmkWWYvo6iuMvP9tC3nGWojzAJlj4BS0Kds4ulsQ
NQ78W28wNfwqGSyfegHYN/8krkxWZI+OVXD/4eaW4qs+lfsMabdfCaiomA5dZZb8
N3UaPZdXwDRVw00btwW2lB/FN4smWd7V9gOprVzwwU8VfG9NGWGZ1DTrLQCjDQgj
/FGVFgTnp29xZSE1Z9FGJJh0BwJJLgM77x3+cDf8SHVwLiWO8DS51Y4P4xLTXSS6
9fvjea5XfquhDfSLsXpXFt6wFrnjrAImj/v1OWp9negPSRWyKycNzf4ePgIqhvw6
rQV6+VTVFGpB7DggoHqHmFEi8JV6SC44f5USpcHd5mMvHczGIgfuzho69xSoKx4U
CmdGtVEbEGsnxqylqFYHkfUz6B2Euper193JXAX5GQ/2DzrJe5TNsXStGvRBy+PS
TNSLeZMMkMofNE+1VjiffqQgmRSdFzqCmX6gmd3Zs6ZA20iNUjdcNPxKW9BAslbh
TndgQAtpDV4=
=EugD
-END PGP SIGNATURE-

Bug#1028489: boost1.83 as default

[Anton Gladky]

Hi Sebastian,

uploded.

Anton

Am So., 17. Dez. 2023 um 18:13 Uhr schrieb Sebastian Ramacher
:
...
> Please go ahead.
>
> Cheers
> --
> Sebastian Ramacher

Bug#1028489: boost1.83 as default

[Anton Gladky]

Hi Sebastian,

bugs are filed:

https://udd.debian.org/bugs/?release=na=ign=7=7=only=ftbfs-boost183-transition=gl...@debian.org=1=1=1=1#results

Regards

Anton

Bug#1028489: boost1.83 as default

[Anton Gladky]

retitle 1028489 transition: boost1.83
thanks

Dear release team, please consider an updated ben-file. Thanks!

Ben file:

title = "boost1.83";
is_affected = .depends ~ /libboost[a-z-.]*1\.[74]/
is_good = .depends ~ /libboost[a-z-.]*1\.83/
is_bad = .depends ~ /libboost[a-z-.]*1\.74/

Bug#1053912: transition: alglib

[Anton Gladky]

Hi Sebastian,

uploaded, thanks!

Anton


Am Di., 17. Okt. 2023 um 17:37 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:

> Control: tags -1 confirmed
> Control: forwarded -1
> https://release.debian.org/transitions/html/auto-alglib.html
>
> Hi Anton
>
> On 2023-10-14 09:59:15 +0200, Anton Gladky wrote:
> > Please schedule the transition of alglib. All reverse dependencies are
> built and fine.
>
> Please go ahead.
>
> Cheers
> --
> Sebastian Ramacher
>

Bug#1053912: transition: alglib

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: alg...@packages.debian.org
Control: affects -1 + src:alglib

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Please schedule the transition of alglib. All reverse dependencies are built 
and fine.

Thanks


Ben file:

title = "alglib";
is_affected = .depends ~ "libalglib3.19" | .depends ~ "libalglib4.0";
is_good = .depends ~ "libalglib4.0";
is_bad = .depends ~ "libalglib3.19";


-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmUqSlERHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYWWhAAgl9opG5Ch9wN8FvouBJqkdhJs/yfI5Sg
iL2Qf3UGLuW+pCEYmnlJm2B+cJCCMQvqXKNpAHWfr9pSylQzc0/lBhl3QnAKFu2K
5m8Lm8aMTMWj5LdiCnsA/A2bN5oCQW74aAHi5f2aOIgOMCVmWpjXP3fG1CdoTh4h
DgYfqjRHt9wELlSKuBCk+VvHfCg2S2mhvgTi4tCtWUJFetgb9Dg2Uxsd0AJNLS8x
f7xP/Azzy+fWHFO32ncbIKNXQ0ee3cm/j9HI0Oq9BkvAMlIS/EU5qTD6u5jSwkQm
x6FL50ribCodm41wvnWPs8cT7qF/ZbP3DZv8sCqpa8nM7EI+JhnWCOXthAsKYs+/
KJWZiGxDoXDTP0STuhV2ENg5xahQM6SZMWten/5GvxuteZIUEuTNigxhgEyqE0AY
gtAsLjRImsVmqlfOPjV9213/GuNiZW1vequrnIrhDsJj2jJ3VH+A8HfHnYv15/+p
IcszCVmHHNP5szOMvmk/bPIk9CMsg7bMUNg2AdmOsMbPwGBMGL+6aJRmVvdiHOql
VQPfwxAwn32TZQy2TuOLr3kT5VDRMwOOD38AdmnQL8lj4DVWjarqM7Cb7l12x8Cz
UO7nhvnXzqPMh0bTQDffvoOXey2vLKqMGYrOhyANVY35ugA3ctOnAzv0ol/cF1gN
U+N5xvOI4DY=
=rzva
-END PGP SIGNATURE-

Bug#1028489: transition: boost1.81

[Anton Gladky]

Hi James,

thanks for the offer. At the moment I am preparing 1.83 and will ask for
transition soon.

Best regards

David James  schrieb am Mi., 4. Okt. 2023, 20:23:

> Hi Anton,
>
> Is there anything I can do to help this transition along? I wish to
> package software that does not build on 1.74, but does on 1.81 and 1.82.
> If there's anyway I can assist with bumping boost-defaults to 1.81 or 1.82
> I would be happy to help.
>
> Regards,
>
> David James
>
>

Bug#1028489: transition: boost1.81

[Anton Gladky]

Hi Sebastian,

unfortunately no. I am cosidering though the packaging of 1.82. Let's see.

Regards

Anton

Am Di., 20. Juni 2023 um 00:35 Uhr schrieb Sebastian Ramacher
:
>
> Hi Anton
>
> On 2023-01-30 19:28:37 +0100, Anton Gladky wrote:
> > Hi Sebastian,
> >
> > thanks for the information. Let's do it just after release.
> >
> > Just for the record. The full test rebuild has been done (thanks to Lucas!).
> > Results and logs are here:
> >
> > http://qa-logs.debian.net/2023/01/15/
>
> Have bugs been filed for the failing builds?
>
> Cheers
> --
> Sebastian Ramacher

Bug#1028489: transition: boost1.81

[Anton Gladky]

Hi Sebastian,

thanks for the information. Let's do it just after release.

Just for the record. The full test rebuild has been done (thanks to Lucas!).
Results and logs are here:

http://qa-logs.debian.net/2023/01/15/

Regards

Anton

Bug#1028489: transition: boost1.81

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: boost1...@packages.debian.org
Control: affects -1 + src:boost1.81


Dear release team,

this is the placeholder for the possible upcoming boost1.81 transition.
We are working hard to prepare the transition as smooth as possible.

Large test rebuild of all dependent packages is planned.

Thanks

Ben file:

title = "boost1.81";
is_affected = .depends ~ /libboost[a-z-.]*1\.[74]/
is_good = .depends ~ /libboost[a-z-.]*1\.81/
is_bad = .depends ~ /libboost[a-z-.]*1\.74/

Bug#1025056: transition: numerical library transition: hypre / petsc / slepc / sundials

[Anton Gladky]

Hi Sebastian,

thanks for noting it! #1027402 is fixed now in unstable (that was wrong version
in Breaks+Replaces).

Regards

Anton

Am Sa., 31. Dez. 2022 um 14:20 Uhr schrieb Sebastian Ramacher
:
>
> Hi Anton
>
> On 2022-12-28 09:30:00 +0100, Anton Gladky wrote:
> > Hi Sebastian,
> >
> > sundials is already in NEW, fixing two RC bugs.
> > Dyssol will be uploaded shortly.
>
> It's now in unstable. Please also fix #1027402.
>
> Cheers
>
> >
> > Regards
> >
> > Anton
> >
> > Am Di., 27. Dez. 2022 um 12:23 Uhr schrieb Sebastian Ramacher
> > :
> > >
> > > Hi Drew, hi Anton
> > >
> > > On 2022-12-19 21:52:10 +0100, Sebastian Ramacher wrote:
> > > > Hi Drew
> > > >
> > > > On 2022-12-19 18:14:53 +0100, Drew Parsons wrote:
> > > > > The hypre/petsc part of this transition is complete.
> > > > >
> > > > > The sundials part is waiting for dyssol to be patched.  Anton is 
> > > > > preparing
> > > > > this.
> > > >
> > > > sundials will also need fixes for #1026330 and #1026352.
> > >
> > > Any news regarding sundials?
> > >
> > > Cheers
> > >
> > > >
> > > > Cheers
> > > >
> > > > >
> > > > > Drew
> > > > >
> > > > >
> > > > > On 2022-11-29 23:34, Sebastian Ramacher wrote:
> > > > > > Control: tags -1 confirmed
> > > > > >
> > > > > > Hi Drew
> > > > > >
> > > > > > On 2022-11-29 12:16:55 +0100, Drew Parsons wrote:
> > > > > > > Package: release.debian.org
> > > > > > > Severity: normal
> > > > > > > User: release.debian@packages.debian.org
> > > > > > > Usertags: transition
> > > > > > > X-Debbugs-Cc: Anton Gladky 
> > > > > > >
> > > > > > > We'd like to update the numerical library stack in time for the 
> > > > > > > new
> > > > > > > stable release.
> > > > > > >
> > > > > > > Affected libraries are
> > > > > > >
> > > > > > > hypre2.25.0 -> 2.26.0
> > > > > > > petsc/slepc3.17 -> 3.18
> > > > > > > sundials  5.8.0 -> 6.4.1
> > > > > > >
> > > > > > > Autotransitions are already generated:
> > > > > > > https://release.debian.org/transitions/html/auto-hypre.html
> > > > > > > https://release.debian.org/transitions/html/auto-petsc.html
> > > > > > > https://release.debian.org/transitions/html/auto-slepc.html
> > > > > > > https://release.debian.org/transitions/html/auto-sundials.html
> > > > > > >
> > > > > > > Most of the dependent packages are under our control
> > > > > > > (Debian Science Team), octave is the main one outside our team.
> > > > > > >
> > > > > > > Updates have built fine in experimental and dependent
> > > > > > > packages are building successfully against them.
> > > > > > >
> > > > > > > Anton Gladky will upload the sundials update.
> > > > > >
> > > > > > Please go ahead
> > > > > >
> > > > > > Cheers
> > > > >
> > > >
> > > > --
> > > > Sebastian Ramacher
> > > >
> > >
> > > --
> > > Sebastian Ramacher
> >
>
> --
> Sebastian Ramacher

Bug#1025056: transition: numerical library transition: hypre / petsc / slepc / sundials

[Anton Gladky]

Hi Sebastian,

sundials is already in NEW, fixing two RC bugs.
Dyssol will be uploaded shortly.

Regards

Anton

Am Di., 27. Dez. 2022 um 12:23 Uhr schrieb Sebastian Ramacher
:
>
> Hi Drew, hi Anton
>
> On 2022-12-19 21:52:10 +0100, Sebastian Ramacher wrote:
> > Hi Drew
> >
> > On 2022-12-19 18:14:53 +0100, Drew Parsons wrote:
> > > The hypre/petsc part of this transition is complete.
> > >
> > > The sundials part is waiting for dyssol to be patched.  Anton is preparing
> > > this.
> >
> > sundials will also need fixes for #1026330 and #1026352.
>
> Any news regarding sundials?
>
> Cheers
>
> >
> > Cheers
> >
> > >
> > > Drew
> > >
> > >
> > > On 2022-11-29 23:34, Sebastian Ramacher wrote:
> > > > Control: tags -1 confirmed
> > > >
> > > > Hi Drew
> > > >
> > > > On 2022-11-29 12:16:55 +0100, Drew Parsons wrote:
> > > > > Package: release.debian.org
> > > > > Severity: normal
> > > > > User: release.debian@packages.debian.org
> > > > > Usertags: transition
> > > > > X-Debbugs-Cc: Anton Gladky 
> > > > >
> > > > > We'd like to update the numerical library stack in time for the new
> > > > > stable release.
> > > > >
> > > > > Affected libraries are
> > > > >
> > > > > hypre2.25.0 -> 2.26.0
> > > > > petsc/slepc3.17 -> 3.18
> > > > > sundials  5.8.0 -> 6.4.1
> > > > >
> > > > > Autotransitions are already generated:
> > > > > https://release.debian.org/transitions/html/auto-hypre.html
> > > > > https://release.debian.org/transitions/html/auto-petsc.html
> > > > > https://release.debian.org/transitions/html/auto-slepc.html
> > > > > https://release.debian.org/transitions/html/auto-sundials.html
> > > > >
> > > > > Most of the dependent packages are under our control
> > > > > (Debian Science Team), octave is the main one outside our team.
> > > > >
> > > > > Updates have built fine in experimental and dependent
> > > > > packages are building successfully against them.
> > > > >
> > > > > Anton Gladky will upload the sundials update.
> > > >
> > > > Please go ahead
> > > >
> > > > Cheers
> > >
> >
> > --
> > Sebastian Ramacher
> >
>
> --
> Sebastian Ramacher

Bug#1025056: transition: numerical library transition: hypre / petsc / slepc / sundials

[Anton Gladky]

Dyssol has just been (today!) released. I will upload it ASAP.

Regards

Anton

Am Mo., 19. Dez. 2022 um 18:14 Uhr schrieb Drew Parsons :
>
> The hypre/petsc part of this transition is complete.
>
> The sundials part is waiting for dyssol to be patched.  Anton is
> preparing this.
>
> Drew
>
>
> On 2022-11-29 23:34, Sebastian Ramacher wrote:
> > Control: tags -1 confirmed
> >
> > Hi Drew
> >
> > On 2022-11-29 12:16:55 +0100, Drew Parsons wrote:
> >> Package: release.debian.org
> >> Severity: normal
> >> User: release.debian@packages.debian.org
> >> Usertags: transition
> >> X-Debbugs-Cc: Anton Gladky 
> >>
> >> We'd like to update the numerical library stack in time for the new
> >> stable release.
> >>
> >> Affected libraries are
> >>
> >> hypre2.25.0 -> 2.26.0
> >> petsc/slepc3.17 -> 3.18
> >> sundials  5.8.0 -> 6.4.1
> >>
> >> Autotransitions are already generated:
> >> https://release.debian.org/transitions/html/auto-hypre.html
> >> https://release.debian.org/transitions/html/auto-petsc.html
> >> https://release.debian.org/transitions/html/auto-slepc.html
> >> https://release.debian.org/transitions/html/auto-sundials.html
> >>
> >> Most of the dependent packages are under our control
> >> (Debian Science Team), octave is the main one outside our team.
> >>
> >> Updates have built fine in experimental and dependent
> >> packages are building successfully against them.
> >>
> >> Anton Gladky will upload the sundials update.
> >
> > Please go ahead
> >
> > Cheers

Bug#1023419: transition: freeglut

[Anton Gladky]

Uploaded, thanks!

Anton

Bug#1023419: transition: freeglut

[Anton Gladky]

Hi Sebastian, you are right.

I have uploaded a new package into experimental, which introduces
fereglut3-dev as a transitional package. I will rebuild and report
about results.

Regards

Anton

Am Do., 3. Nov. 2022 um 22:51 Uhr schrieb Sebastian Ramacher
:
>
> Control: tags -1 moreinfo
> Control: forwarded -1 
> https://release.debian.org/transitions/html/auto-freeglut.html
>
> On 2022-11-03 20:12:03 +0100, Anton Gladky wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> >
> >
> > New version of freeglut library and binary renaming.
> > Reverse depends were rebuilt against new lib.
> >
> >
> > Ben file:
> >
> > title = "freeglut";
> > is_affected = .depends ~ "freeglut3|freeglut3-dev" | .depends ~ 
> > "libglut-dev|libglut3.12";
> > is_good = .depends ~ "libglut-dev|libglut3.12";
> > is_bad = .depends ~ "freeglut3|freeglut3-dev";
>
> What's the deal with the renamed -dev package? Do we need sourceful
> uploads for all the reverse dependencies? What's the upgrade path for
> users?  Or in other words: why is there no transitional freeglut3-dev
> package?
>
> Cheers
> --
> Sebastian Ramacher

Bug#1023419: transition: freeglut

[Anton Gladky]

Hi Sebastian,

rename was done to match the real shared object name to the
package name:
/usr/lib/x86_64-linux-gnu/libglut.so.3.11.0 will go to libglut3.11.

At the moment source uploads are not necessary as libglut-dev provides
freeglut3-dev. But after the transition yes, the batch of NMUs is planned.

> why is there no transitional freeglut3-dev

I thought it was enough that libglut-dev "provides" the freeglu3-dev.
If not - I will
add it.

Thanks

Regards

Anton

Am Do., 3. Nov. 2022 um 22:51 Uhr schrieb Sebastian Ramacher
:
>
> Control: tags -1 moreinfo
> Control: forwarded -1 
> https://release.debian.org/transitions/html/auto-freeglut.html
>
> On 2022-11-03 20:12:03 +0100, Anton Gladky wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> >
> >
> > New version of freeglut library and binary renaming.
> > Reverse depends were rebuilt against new lib.
> >
> >
> > Ben file:
> >
> > title = "freeglut";
> > is_affected = .depends ~ "freeglut3|freeglut3-dev" | .depends ~ 
> > "libglut-dev|libglut3.12";
> > is_good = .depends ~ "libglut-dev|libglut3.12";
> > is_bad = .depends ~ "freeglut3|freeglut3-dev";
>
> What's the deal with the renamed -dev package? Do we need sourceful
> uploads for all the reverse dependencies? What's the upgrade path for
> users?  Or in other words: why is there no transitional freeglut3-dev
> package?
>
> Cheers
> --
> Sebastian Ramacher

Bug#1023419: transition: freeglut

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition


New version of freeglut library and binary renaming.
Reverse depends were rebuilt against new lib.


Ben file:

title = "freeglut";
is_affected = .depends ~ "freeglut3|freeglut3-dev" | .depends ~ 
"libglut-dev|libglut3.12";
is_good = .depends ~ "libglut-dev|libglut3.12";
is_bad = .depends ~ "freeglut3|freeglut3-dev";


Thanks

Anton

Re: debian-archive-keyring, update for stretch, problem

[Anton Gladky]

Hi Adam,

thanks for your reply!

I have found the reason. I generated the signature using
Debian/Testing (Bookworm), but the signature should be
generated in the same environment, where it will
be used (in this case Stretch).

I regenerated signatures under stretch and everything works fine.

Best regards

Anton

Am Sa., 12. März 2022 um 22:24 Uhr schrieb Adam D. Barratt
:


>
> Hi,
>
> FWIW, I haven't touched d-a-k for a few years now, nor have I seen your
> package, so I'm largely guessing based on your provided text below.
>
> On Sat, 2022-03-12 at 21:52 +0100, Anton Gladky wrote:
> > I followed the README.maintainer. Added my key into team/members.
> > But then, when I just refresh the signature:
> >
> > make clean
> > make keyrings/debian-archive-keyring.gpg
> > gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg
> >
> > The package does not build and fails with the following message:
> >
> > ===
> > gpg --no-options --no-default-keyring --no-auto-check-trustdb
> > --trustdb-name ./trustdb.gpg \
> > --keyring keyrings/team-members.gpg --verify \
> > keyrings/debian-archive-removed-keys.gpg.asc \
> > keyrings/debian-archive-removed-keys.gpg
> > gpg: Signature made Sat Mar 12 20:41:08 2022 UTC
> > gpg:using RSA key
> > BBBD45EA818AB86FF67E7285D3E17383CFA7FF06
> > gpg: BAD signature from "Anton Gladky " [unknown]
> >
> > ===
> >
> > Could you please give advice, why the lately refreshed and signed
> > debian-archive-removed-keys.gpg has a bad signature?
>
> My suspicion would be that you signed the keyring before running the
> build - although you only mention signing debian-archive-keyring.gpg -
> but had somehow not built it correctly so, after it got rebuilt by the
> makefile, your previous signature file no longer matched. (The point of
> using jetring is that the result should match.)
>
> How did you manipulate debian-archive-removed-keys.gpg? Do its contents
> align with removed-keys/index, and the signature on that?
>
> Not that it helps you directly, but I don't remember having seen such
> an error when I was building the package.
>
> Regards,
>
> Adam
>

debian-archive-keyring, update for stretch, problem

[Anton Gladky]

Dear all,

it is basically the followup of this discussion [1].

I followed the README.maintainer. Added my key into team/members.
But then, when I just refresh the signature:

make clean
make keyrings/debian-archive-keyring.gpg
gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg

The package does not build and fails with the following message:

===
gpg --no-options --no-default-keyring --no-auto-check-trustdb
--trustdb-name ./trustdb.gpg \
--keyring keyrings/team-members.gpg --verify \
keyrings/debian-archive-removed-keys.gpg.asc \
keyrings/debian-archive-removed-keys.gpg
gpg: Signature made Sat Mar 12 20:41:08 2022 UTC
gpg:using RSA key BBBD45EA818AB86FF67E7285D3E17383CFA7FF06
gpg: BAD signature from "Anton Gladky " [unknown]

===

Could you please give advice, why the lately refreshed and signed
debian-archive-removed-keys.gpg has a bad signature? Should I do some
other steps as listed in readme?

[1] https://lists.debian.org/debian-release/2021/10/msg00395.html

Thanks

Anton

Re: Update of debian-archive-keyring in stretch?

[Anton Gladky]

I have followed the steps described in README.maintainer,
added my key to the team for stretch and imported keys.

It looks like everything works.Testing it.

Regards

Anton

Am Fr., 11. März 2022 um 14:28 Uhr schrieb Utkarsh Gupta
:
>
> Hi Jonathan,
>
> On Mon, Oct 11, 2021 at 6:24 AM Utkarsh Gupta  wrote:
> > On Tue, Oct 5, 2021 at 1:26 PM Jonathan Wiltshire  wrote:
> > > You will need (but may not want) the commit removing jessie's keys as 
> > > well.
> > > Basically all intermediate commits which touch keyrings - a removal is
> > > really a move from the main keyring to the archive keyring, so it will
> > > change the makeup of the keyring and fail the validation.
> > >
> > > If you actually need the jessie keys kept, as I suspect you do, I can
> > > prepare a stretch branch with new signatures on it in a few days.
> >
> > That'd be really helpful, yes. Though I am still unsure what am I missing.
> > When you prep a branch for stretch, please let me know and as I said,
> > that'd be really helpful. Thank you so much!
>
> Friendly ping on this. Any status update on this, please? :)
> Do you think you can take a look at this sooner? Let me/us know.
>
> > > I intend to simplify the whole thing significantly in bookworm; this whole
> > > jetring and gpg validation thing makes for a lot of maintenance pain.
> >
> > Perfect, that'll indeed help a lot. :)
>
>
> - u
>

Bug#1002627: transition: alglib

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear release team,

please provide a slot for the transition of alglib.
All reverse-dependencies are checked and not FTBFS are detected.
So the tranition should be short and easy.

Thanks,

Anton


Ben file:

title = "alglib";
is_affected = .depends ~ "libalglib3.17" | .depends ~ "libalglib3.18";
is_good = .depends ~ "libalglib3.18";
is_bad = .depends ~ "libalglib3.17";

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHknARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wb+Eg//VXgqo+MEfluKITlUQyu3bjJ0WP8rbRDb
Bf/0/cHAxjvhowRUI4h9KlyVfhkfDrXQ1+a7p4+M37XFj6uMxpvKrRBUJbfpjwge
D3ydsaS636bjcxhPL6Bf2UXLtAidQ4jWJgNjzgGevxyoTUeKvQX8CqrbYBi7HcxS
zr8JmfaJwwClRXgzhO34mWt5MxdhxlthjNMI17jrrkVxN8SbKYv7eablO3Nre4Mi
SDv16/Gd0T8ldOn41EfNz9F0Sm66XxNlNj7kCRP7c0EDtR/IBJ28NoaBh6jaoU/1
vGvhfsqXaO2XFXcgB4OW/wu3+ioL/Xv6rz88Ec44nEm5Tlbfv2gGfaKD7P2QBa0K
K5WdJOPrZTRfgimr02SS+tXdCZb/d+ucH44tvTgWxWiRFFIrKy+WRQsidYHZpfdP
F0CpRmDcydtr7fxxxz/yQFoUmDaB4wNF/wGOc1nhyH0PupaLEgDekbNuwzqlMu7K
TA/fj+6D5ws4FBxwauVEpWV2Qb8gwJByFXTaDt7vzEhlsDIwgjHP+TVdERyPhYE2
nhs/Hs+RUsYACEjqOk7HXGE+uIrsG05iD8yxFsgGsRdCssESWov5TBJwwm2Vlqq2
JOa/0Vv8iagsarO+neTiKhtRWW1LHqkmVye5uo9wTevj1Ws80aHETAWJqODOSfzU
BBTMi+957/A=
=yKYi
-END PGP SIGNATURE-

Bug#1002619: bullseye-pu: package gnuplot/gnuplot_5.4.1+dfsg1-1+deb11u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

[ Reason ]
gnuplot_5.4.1+dfsg1-1+deb11u1 is fixing security issue CVE-2021-44917.
Please include it into the bullseye.

[ Impact ]
Security issue

[ Tests ]
Done on CI and locally.

[ Risks ]
No risks awaited

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Patch imported from upstream.

Thanks

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHZV4RHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/waXwg/+N32dARCRDysGWA2f1KWiP/9slcH00cYQ
Vyja1+nYut1S4HuWv8oWX7dvC9anSj8+I123M3Q7k2kG1iRN0FyydXnxwQT7xU8p
ewS0NJvgO8QLPAS1kAzn72zT6KMnBlIbYoLGuVjnWRpQiCO8P0GJ8pgK7mr1tNN2
2/t+TfD7gvGgpN1ZIxnrpa5wwSBvG/txJqO7sazC6O7NZwRRxzHP5GG1Gn6I6yJP
MparDEkNpSDeZTIo6o6D6g8dnMVIG6ukpWp0aJIHzKpy6a/P3agzglwTyl2V20+L
m06EP4/zureXmAQz8mCA7rvTMo/N6LCRPKVOssNXwnja98kD612icYFhFg+P7tOY
xlhbHVh+E8mEAbbovfaQp0MvlkvrkOwB0KtB8vcSaC0//HU3OsBS4f0g8Gb+fFa6
9OMTuCZ3XUEiNXHOr8P6LyCwK6R+blU1O0nAF8DuC14nR00Wjbi/h6SwuHNvNHEq
WuGwLp2fWDKBd4ViQCMRwI5IcEhi9usW+q3e/X08VuI2t/tb2Nv+5fPbqTzQ6q1w
TD4vQOT8YrTP4i+MKDOUkXoVePidmVNVHmChEgANqCMQfQ85gcHT6ldq1l+GADJ9
pVLZi6qjA3T/ePS70Dox/TAy/saKXO7hQhtlj4V4vKm2EGh0hvZzdS6wkvMHORuq
z6abtXAa96M=
=tBfC
-END PGP SIGNATURE-
diff -Nru gnuplot-5.4.1+dfsg1/debian/changelog 
gnuplot-5.4.1+dfsg1/debian/changelog
--- gnuplot-5.4.1+dfsg1/debian/changelog2020-12-03 22:27:21.0 
+0100
+++ gnuplot-5.4.1+dfsg1/debian/changelog2021-12-25 19:15:06.0 
+0100
@@ -1,3 +1,9 @@
+gnuplot (5.4.1+dfsg1-1+deb11u1) bullseye; urgency=medium
+
+  * Fix divide by zero vulnerability. CVE-2021-44917.  (Closes: #1002539)
+
+ -- Anton Gladky   Sat, 25 Dec 2021 19:15:06 +0100
+
 gnuplot (5.4.1+dfsg1-1) unstable; urgency=medium
 
   * [945257b] New upstream version 5.4.1+dfsg1
diff -Nru gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 
gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml
--- gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml   2020-09-24 23:46:23.0 
+0200
+++ gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml   2021-12-25 19:15:06.0 
+0100
@@ -1,3 +1,4 @@
 include:
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+ - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+  RELEASE: 'bullseye'
diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 
gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch
--- gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 1970-01-01 
01:00:00.0 +0100
+++ gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 2021-12-25 
19:15:06.0 +0100
@@ -0,0 +1,114 @@
+Description: 
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ gnuplot (5.4.2+dfsg2-1) unstable; urgency=medium
+ .
+   * [4370a18] Update d/watch
+   * [7d7c5c0] New upstream version 5.4.2+dfsg1.orig
+   * [97d5d83] Refresh patches
+   * [9d8bbae] Update gitlab.ci
+   * [e168129] Use secure URI in debian/watch.
+   * [08324bf] Bump debhelper from old 12 to 13.
+   * [3a47530] Update standards version to 4.5.1, no changes needed.
+   * [ba4a50d] Avoid explicitly specifying -Wl,--as-needed linker flag.
+   * [9ce752b] Set Standards-Version: 4.6.0
+   * [917e564] Use execute-syntax for some commands in d/rules
+Author: Anton Gladky 
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: , 
+Bug: 
+Bug-Debian: https://bugs.debian.org/
+Bug-Ubuntu: https://launchpad.net/bugs/
+Forwarded: 
+Reviewed-By: 
+Last-Update: 2021-12-25
+
+Index: gnuplot-5.4.1+dfsg1/src/set.c
+===
+--- gnuplot-5.4.1+dfsg1.orig/src/set.c
 gnuplot-5.4.1+dfsg1/src/set.c
+@@ -5058,18 +5058,6 @@ set_terminal()
+   fprintf(stderr,"Options are '%s'\n",term_options);
+ if ((term->flags & TERM_MONOCHROME))
+   init_monochrome();
+-
+-/* Sanity check:
+- * The most common failure mode found by fuzzing is a divide-by-zero
+- * caused by initializing the basic unit of the current terminal character
+- * size to zero.  I keep patching the individual terminals, but a generic
+- * sanity check may at least prevent a crash due to mistyping.
+- 

Bug#1000477: bullseye-pu: package gmp/2:6.2.1+dfsg-1+deb11u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu


Dear release team,

I have prepared a fix for bullseye, fixing CVE-2021-43618.
The fix was also successfully fixed in unstable and testing.
Gitlab-CI is employed for the package testing. Diff is aattached.

[ Checklist ]
 [x] *all* changes are documented in the d/changelog
 [x] I reviewed all changes and I approve them
 [x] attach debdiff against the package in (old)stable
 [x] the issue is verified as fixed in unstable

Thanks

Anton
diff -Nru gmp-6.2.1+dfsg/debian/changelog gmp-6.2.1+dfsg/debian/changelog
--- gmp-6.2.1+dfsg/debian/changelog 2020-11-15 19:04:37.0 +0100
+++ gmp-6.2.1+dfsg/debian/changelog 2021-11-23 21:37:19.0 +0100
@@ -1,3 +1,10 @@
+gmp (2:6.2.1+dfsg-1+deb11u1) bullseye; urgency=medium
+
+  * [ba91bc2] Add .gitlab-ci.yml
+  * [a848ad6] Avoid bit size overflows. CVE-2021-43618
+
+ -- Anton Gladky   Tue, 23 Nov 2021 21:37:19 +0100
+
 gmp (2:6.2.1+dfsg-1) unstable; urgency=medium
 
   [ Steve Robbins ]
diff -Nru gmp-6.2.1+dfsg/debian/.gitlab-ci.yml 
gmp-6.2.1+dfsg/debian/.gitlab-ci.yml
--- gmp-6.2.1+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 
+0100
+++ gmp-6.2.1+dfsg/debian/.gitlab-ci.yml2021-11-23 21:31:26.0 
+0100
@@ -0,0 +1,6 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+  RELEASE: 'bullseye'
+  SALSA_CI_DISABLE_REPROTEST: 1
+  SALSA_CI_DISABLE_BLHC: 1
diff -Nru gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch 
gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch
--- gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch  1970-01-01 
01:00:00.0 +0100
+++ gmp-6.2.1+dfsg/debian/patches/CVE-2021-43618.patch  2021-11-23 
21:36:27.0 +0100
@@ -0,0 +1,25 @@
+# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+# HG changeset patch
+# User Marco Bodrato 
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+Index: gmp/mpz/inp_raw.c
+===
+--- gmp.orig/mpz/inp_raw.c
 gmp/mpz/inp_raw.c
+@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+ {
diff -Nru gmp-6.2.1+dfsg/debian/patches/series 
gmp-6.2.1+dfsg/debian/patches/series
--- gmp-6.2.1+dfsg/debian/patches/series1970-01-01 01:00:00.0 
+0100
+++ gmp-6.2.1+dfsg/debian/patches/series2021-11-15 22:20:32.0 
+0100
@@ -0,0 +1 @@
+CVE-2021-43618.patch

Bug#1000473: buster-pu: package gmp/gmp_6.1.2+dfsg-4+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu


Dear release team,

I have prepared a fix for buster, fixing CVE-2021-43618.
The fix was also successfully fixed in unstable and testing.
Gitlab-CI is employed for the package testing. Diff is applied.
Thanks

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Thanks

Anton
diff -Nru gmp-6.1.2+dfsg/debian/changelog gmp-6.1.2+dfsg/debian/changelog
--- gmp-6.1.2+dfsg/debian/changelog 2018-12-02 07:39:34.0 +0100
+++ gmp-6.1.2+dfsg/debian/changelog 2021-11-23 21:09:08.0 +0100
@@ -1,3 +1,10 @@
+gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium
+
+  * [1f4ce6d] Add .gitlab-ci.yml
+  * [df6d314] Avoid bit size overflows. CVE-2021-43618
+
+ -- Anton Gladky   Tue, 23 Nov 2021 21:09:08 +0100
+
 gmp (2:6.1.2+dfsg-4) unstable; urgency=medium
 
   * Team Upload.
diff -Nru gmp-6.1.2+dfsg/debian/.gitlab-ci.yml 
gmp-6.1.2+dfsg/debian/.gitlab-ci.yml
--- gmp-6.1.2+dfsg/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 
+0100
+++ gmp-6.1.2+dfsg/debian/.gitlab-ci.yml2021-11-23 21:04:00.0 
+0100
@@ -0,0 +1,6 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_DISABLE_REPROTEST: 1
+  SALSA_CI_DISABLE_BLHC: 1
diff -Nru gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch 
gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch
--- gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch  1970-01-01 
01:00:00.0 +0100
+++ gmp-6.1.2+dfsg/debian/patches/CVE-2021-43618.patch  2021-11-23 
21:06:22.0 +0100
@@ -0,0 +1,25 @@
+# Origin: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+# HG changeset patch
+# User Marco Bodrato 
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+Index: gmp/mpz/inp_raw.c
+===
+--- gmp.orig/mpz/inp_raw.c
 gmp/mpz/inp_raw.c
+@@ -89,8 +89,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+ {
diff -Nru gmp-6.1.2+dfsg/debian/patches/series 
gmp-6.1.2+dfsg/debian/patches/series
--- gmp-6.1.2+dfsg/debian/patches/series2018-12-02 07:39:27.0 
+0100
+++ gmp-6.1.2+dfsg/debian/patches/series2021-11-23 21:06:09.0 
+0100
@@ -1 +1,2 @@
 gmp-exception-sigfpe.patch
+CVE-2021-43618.patch

Bug#996204: Bug#998411: Bug#996204: transition: numerical library stack: hypre SONAME (Policy 8.1)

[Anton Gladky]

I have fixed gmsh. It will appear in NEW soon.

Regards

Anton

Bug#996204: transition: numerical library stack

[Anton Gladky]

sundials_5.8.0 is in unstable already.

Cheers


Anton

Bug#996204: transition: numerical library stack

[Anton Gladky]

OK, I will upload it into unstable very soon. What abou #997664?
The package should go to NEW actually. Or leave it as it is for the moment?

Anton

Am Mo., 25. Okt. 2021 um 21:15 Uhr schrieb Drew Parsons :
>
> The sundials 5.8.0 test build in experimental looks successful.
> Probably not worth waiting for the mipsel build, it's been slow to
> build, especially for experimental.
>
> Drew
>
>
>
> On 2021-10-22 17:40, Anton Gladky wrote:
> > Great, thanks! Will do it very shortly.
> >
> > Anton
> >
> > Sebastian Ramacher  schrieb am Fr., 22. Okt.
> > 2021, 14:35:
> ...
> >>
> >> I think we are ready for the sundials upload.
> >>

Bug#996204: transition: numerical library stack

[Anton Gladky]

Great, thanks! Will do it very shortly.

Anton

Sebastian Ramacher  schrieb am Fr., 22. Okt. 2021,
14:35:

> Hi Anton
>
> On 2021-10-12 13:09:02, Drew Parsons wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: debian-scie...@lists.debian.org, Anton Gladky <
> gl...@debian.org>
> >
> > I'd like to proceed with a transition of the numerical library stack.
> > This involves
> >
> > superlu   5.2.2+dfsg1 -> 5.3.0+dfsg1  (both libsuperlu5 so not
> really a transition)
> > superlu-dist  libsuperlu-dist6 -> libsuperlu-dist7
> > hypre 2.18.2 -> 2.22.1 (internal within libhypre-dev)
> > mumps libmumps-5.3 -> libmumps-5.4
> > scotch6.1.0 -> 6.1.1 (both libscotch-6.1 so not a transition)
> > petsc libpetsc-.*3.14 -> libpetsc-.*3.15
> > slepc libslepc-.*3.14 -> libslepc-.*3.15
> > (together with petsc4py, slepc4py)
> >
> > Header packages libxtensor-dev, libxtensor-blas-dev will also be
> > upgraded (xtl-dev 0.7.2 already got uploaded to unstable).
> >
> > fenics-dolfinx will upgrade
> >   libdolfinx-.*2019.2 -> libdolfinx-.*0.3
> > (along with other fenics components). There is currently some problem
> > with fenics-dolfinx 1:0.3.0-4 on 32-bit arches i386, armel, armhf.
> > I'll skip the demo_poisson_mpi tests for them if necessary.
> >
> > sundials 5.7.0 is incompatible with hypre 2.22, Anton Gladky (cc:d) will
> > upgrade to sundials 5.8.0.
>
> I think we are ready for the sundials upload.
>
> Cheers
>
> >
> > openmpi/mpi4py/h5py have recently migrated to testing so shouldn't give
> > any particular trouble (apart from the known 32-bit dolfinx problem)
> >
> > auto transitions are already in place:
> >
> > https://release.debian.org/transitions/html/auto-superlu-dist.html
> > https://release.debian.org/transitions/html/auto-mumps.html
> > https://release.debian.org/transitions/html/auto-petsc.html
> > https://release.debian.org/transitions/html/auto-slepc.html
> >
> >
> > Ben file:
> >
> > title = "numerical library stack";
> > is_affected = .depends ~ "libpetsc-.*3.14" | .depends ~
> "libpetsc-.*3.15";
> > is_good = .depends ~ "libpetsc-.*3.15";
> > is_bad = .depends ~ "libpetsc-.*3.14";
> >
>
> --
> Sebastian Ramacher
>

Bug#996695: buster-pu: package plib/plib_1.8.5-8+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Anton Gladky 
  
Anhänge15:17 (vor 1 Minute)
  
an Debian; Bcc: gladk
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303704

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb10u1) buster; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'buster'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

Bug#996694: bullseye-pu: package plib/1.8.5-8+deb11u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the plib versioned 1.8.5-8+deb10u1 is prepared for the bullseye next
stable release.

[ Reason ]
This upload fixes a security issue CVE-2021-38714.

[ Impact ]
It should not have any impact on end users.

[ Tests ]
Salsa-ci is employed to check main package characteristics
https://salsa.debian.org/debian/plib/-/pipelines/303701

[ Risks ]
No risks are known.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See attached diff. Sanitized values check is implemented.

Best regards

Anton
diff -Nru plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog 2017-07-24 21:24:48.0 +0200
+++ plib-1.8.5/debian/changelog 2021-10-17 14:56:13.0 +0200
@@ -1,3 +1,10 @@
+plib (1.8.5-8+deb11u1) bullseye; urgency=medium
+
+  * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+(Closes: #992973)
+
+ -- Anton Gladky   Sun, 17 Oct 2021 14:56:13 +0200
+
 plib (1.8.5-8) unstable; urgency=medium
 
   * QA upload.
diff -Nru plib-1.8.5/debian/.gitlab-ci.yml plib-1.8.5/debian/.gitlab-ci.yml
--- plib-1.8.5/debian/.gitlab-ci.yml1970-01-01 01:00:00.0 +0100
+++ plib-1.8.5/debian/.gitlab-ci.yml2021-10-17 14:56:13.0 +0200
@@ -0,0 +1,7 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+  RELEASE: 'bullseye'
+  SALSA_CI_COMPONENTS: 'main contrib non-free'
+  SALSA_CI_DISABLE_REPROTEST: 1
diff -Nru plib-1.8.5/debian/patches/08_CVE-2021-38714.patch 
plib-1.8.5/debian/patches/08_CVE-2021-38714.patch
--- plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   1970-01-01 
01:00:00.0 +0100
+++ plib-1.8.5/debian/patches/08_CVE-2021-38714.patch   2021-10-10 
15:14:22.0 +0200
@@ -0,0 +1,64 @@
+Description: Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/992973
+Last-Update: 2021-10-02
+
+Index: plib/src/ssg/ssgLoadTGA.cxx
+===
+--- plib.orig/src/ssg/ssgLoadTGA.cxx
 plib/src/ssg/ssgLoadTGA.cxx
+@@ -23,6 +23,7 @@
+ 
+ 
+ #include "ssgLocal.h"
++#include 
+ 
+ #ifdef SSG_LOAD_TGA_SUPPORTED
+ 
+@@ -103,9 +104,9 @@ bool ssgLoadTGA ( const char *fname, ssg
+ 
+ // image info
+ int type = header[2];
+-int xsize = get16u(header + 12);
+-int ysize = get16u(header + 14);
+-int bits  = header[16];
++unsigned int xsize = get16u(header + 12);
++unsigned int ysize = get16u(header + 14);
++unsigned int bits  = header[16];
+ 
+ /* image types:
+  *
+@@ -169,9 +170,32 @@ bool ssgLoadTGA ( const char *fname, ssg
+ }
+ 
+ 
++const auto bytes_to_allocate = (bits / 8) * xsize * ysize;
++
++ulSetError( UL_DEBUG, "bytes_to_allocate=%ld xsize = %ld, ysize = %ld, 
%ld == %ld ", bytes_to_allocate, xsize, ysize, bytes_to_allocate / xsize, 
(ysize * (bits / 8)));
++
++if (xsize != 0 && ((ysize * (bits / 8)) != bytes_to_allocate / xsize))
++{
++  ulSetError( UL_WARNING, "Integer overflow in image size: xsize = %d, 
ysize = %d", xsize, ysize);
++  return false;
++}
++else
++{
++ulSetError( UL_DEBUG, "ssgLoadTGA: Allocating %ld bytes for the size 
%d x %d", bytes_to_allocate, xsize, ysize );
++}
++
+ // read image data
+ 
+-GLubyte *image = new GLubyte [ (bits / 8) * xsize * ysize ];
++GLubyte *image;
++try
++{
++image = new GLubyte [ bytes_to_allocate ];
++}
++catch (const std::bad_alloc&)
++{
++ulSetError( UL_WARNING, "ssgLoadTGA:  Allocation of %d bytes 
failed!", bytes_to_allocate);
++  return false;
++}
+ 
+ if ((type & 8) != 0) 
+ {
diff -Nru plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series2017-07-24 20:11:17.0 +0200
+++ plib-1.8.5/debian/patches/series2021-10-02 13:24:19.0 +0200
@@ -6,3 +6,4 @@
 06_spelling_errors.diff
 05_CVE-2012-4552.diff
 07_dont_break_joystick_system_calibration.diff
+08_CVE-2021-38714.patch

Bug#990898: unblock: httraqt/1.4.9-5

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please unblock package httraqt.

Upload 1.4.9-5 fixes release critical bug #990895, which was
recently detected. Diff is attached.


unblock httraqt/1.4.9-5

Thanks

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDqBXcRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wY4QA/8DiDz9fNaWAW/2onyn+zou2k4lDVnvf0X
52NRdpOJ2dDYfVh/DjOL8bgF0hhva/jqpXsRuOx6cw0r3LBfn+ifafUhIV7sH0SI
4IhyRSjgL2nHl1Qfr693+vR5Wxb84WTbXsMZBux/M1Y55Q9TlEVjmuDuKy+SC9lg
POV/xUs/XC4EwtLSsN5SBVk/uVZfCvYelU6i7mtBlRmnJbtSopGReYGmZVLrQFD8
OGkWk6HcLCr2LefYCvRLjtzggVpZZjaDD84FPzxCxmqsMlkSVLyz/LmTBYQqH4LB
NSmZNLhIsOjJDO10nDzXOFxvOvDeqJkew5oHp9q/mkD2yhClDZHEVoIYpk2nqE/l
HOv9Ce1aaaBDBDHHEhiv+Y50/a5M2SJpTHq138W+T3kPLDR4R190Xo4AuJLGituT
kZme4dnRDs7syrV8R6S0xy74/b4qtP5RemGOS9RP/UKV+Xk4AdDni3pERfKdKUnb
ybdD4fqdZSD1E5qB4/MjlEX9CHsFWDO43zYHsUpsG/nPpiH9ODvXpxmdL/v6o2AN
QXTOQBkcTQb9QDjoyPl56BdD9CNl1LLTPaVELHHcfCXT+WW89eQn6Kde9Lr19kU6
ggD+1EL8rA5tkesAsg79j3T9Mq4zZQy//2s8yUmu/1W8exw36oFvBVRIgiqKdEdg
aJvqImoF83c=
=RzFI
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index c7da9ab..bf983b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+httraqt (1.4.9-5) unstable; urgency=medium
+
+  * Install doc-files in /usr/share/httraqt. (Closes: #990895)
+
+ -- Anton Gladky   Sat, 10 Jul 2021 22:16:58 +0200
+
 httraqt (1.4.9-4) unstable; urgency=medium
 
   * [936829d] Fix section in manpage. (Closes: #963343)
diff --git a/debian/httraqt.doc-base b/debian/httraqt.doc-base
index d97da4c..4fef6b5 100644
--- a/debian/httraqt.doc-base
+++ b/debian/httraqt.doc-base
@@ -4,5 +4,5 @@ Author: Xavier Roche & other contributors
 Section: Network/Web Browsing
 
 Format: HTML
-Index: /usr/share/doc/httraqt/help/index.html
-Files: /usr/share/doc/httraqt/help/*.*
+Index: /usr/share/httraqt/help/index.html
+Files: /usr/share/httraqt/help/*.*
diff --git a/debian/rules b/debian/rules
index c132f1a..ba78c0d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,8 +11,3 @@ override_dh_installchangelogs:
 
 override_dh_auto_configure:
dh_auto_configure -- -DBUILD_DATE="$(BUILD_DATE)"
-
-override_dh_auto_install:
-   dh_auto_install
-   mkdir -p $(CURDIR)/debian/httraqt/usr/share/doc
-   mv $(CURDIR)/debian/httraqt/usr/share/httraqt 
$(CURDIR)/debian/httraqt/usr/share/doc/httraqt

Bug#988557: Diff

[Anton Gladky]

Diff is now attached.

Anton
diff -Nru sundials-4.1.0+dfsg/debian/changelog sundials-4.1.0+dfsg/debian/changelog
--- sundials-4.1.0+dfsg/debian/changelog	2020-12-20 14:20:47.0 +0100
+++ sundials-4.1.0+dfsg/debian/changelog	2021-05-15 16:51:20.0 +0200
@@ -1,3 +1,9 @@
+sundials (4.1.0+dfsg-4) unstable; urgency=medium
+
+  * [5c80d16] Install libsundials_*sunnonlinsol*.so.*. (Closes: #988551)
+
+ -- Anton Gladky   Sat, 15 May 2021 16:51:20 +0200
+
 sundials (4.1.0+dfsg-3) unstable; urgency=medium
 
   * Team upload.
diff -Nru sundials-4.1.0+dfsg/debian/libsundials-sunlinsol2.install sundials-4.1.0+dfsg/debian/libsundials-sunlinsol2.install
--- sundials-4.1.0+dfsg/debian/libsundials-sunlinsol2.install	2020-12-07 20:30:37.0 +0100
+++ sundials-4.1.0+dfsg/debian/libsundials-sunlinsol2.install	2021-05-15 16:50:44.0 +0200
@@ -1 +1,2 @@
 usr/lib/*/libsundials_*sunlinsol*.so.*
+usr/lib/*/libsundials_*sunnonlinsol*.so.*

Bug#988557: unblock: sundials/4.1.0+dfsg-4

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release team,
please unblock package sundials.

Version 4.1.0+dfsg-4 fixes RC-Bug #988551. Diff is attached.

unblock sundials/4.1.0+dfsg-4

Thanks

Anton

Bug#988482: buster-pu: package libgetdata/0.10.0-5+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

I have prepared an upload libgetdata_0.10.0-5+deb10u1 which fixes
CVE-2021-20204.

Security team has marked this CVE as no-dsa and recommended to use
a point release to fix this CVE.

Diff is attached.

Regards

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCdntMRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wY9fA/9GhbpQE/14peaNZt693zH+Rytwe6nazqa
ZbWljwhAXFDgNKNtlphAmoBVmhGBAnS4r2lpi8sBnTgTJByZL4QQYWv5YGX4sle0
79uYmpRHpykDR+9EufEYdAykx68voieai5COkp86RmsiSyUrdIUKIxj7osNQ4BdZ
euTSejNiMGxYxjMesI2UYFtYrEsEqe5z1HuKo4fJSjfvjB8xchLhAWgeWp7Xj0nC
W3zbnutXKracEyxo+pi0kbRzyLoc8I/N4yzX0b85Q7LoP3Iib/7N2+FrskW6LFQ2
bxF9SpbvZcnIdgirPqoAVtnbUK+kb5Ux6f9GJwDZLyAeT3gwxfKZEyODQKz/+rYq
qAtlDiSZ2nLgORw35oEqdJZCOoOdByigQ+T5pbtdzfvWUyQokTO6l+u5vo31kkse
5PE7YHtbsarvWamvAMLUTUPvH23bLG6tNgPkFSLQQBqz75y9OMl7+fsslXUoMlpv
+ELQRFTywOXHmfOlpHGDjGqgWdhWn03PEcMAsDcTGSxUOHTlsXFkHidkLTQR2A0G
nUVSee5MBougDzTP8qZ6dcRelLYolf7hD3MkNfiOMzfD8YLFpSKkaGRFGN3Aur5A
QPOQ3SdDgX/b3OQSHX1121wTuiLWAf/avoQvM79V4TSDdLCjKwZ2JbB30YTE3ULl
h8bmLlsgihM=
=XSBh
-END PGP SIGNATURE-
diff -Nru libgetdata-0.10.0/debian/changelog libgetdata-0.10.0/debian/changelog
--- libgetdata-0.10.0/debian/changelog  2018-07-08 16:05:59.0 +0200
+++ libgetdata-0.10.0/debian/changelog  2021-05-13 23:20:53.0 +0200
@@ -1,3 +1,10 @@
+libgetdata (0.10.0-5+deb10u1) buster; urgency=medium
+
+  * Team upload.
+  * Fix CVE-2021-20204.
+
+ -- Anton Gladky   Thu, 13 May 2021 23:20:53 +0200
+
 libgetdata (0.10.0-5) unstable; urgency=medium
 
   * Rebuild for python3.7 support
diff -Nru libgetdata-0.10.0/debian/patches/CVE-2021-20204.patch 
libgetdata-0.10.0/debian/patches/CVE-2021-20204.patch
--- libgetdata-0.10.0/debian/patches/CVE-2021-20204.patch   1970-01-01 
01:00:00.0 +0100
+++ libgetdata-0.10.0/debian/patches/CVE-2021-20204.patch   2021-05-13 
23:20:53.0 +0200
@@ -0,0 +1,24 @@
+Description: Raise error if returned first_raw in _GD_ParseFieldSpec is NULL
+  Fix for CVE-2021-20204
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/988239
+Last-Update: 2021-05-09
+
+Index: libgetdata/src/parse.c
+===
+--- libgetdata.orig/src/parse.c
 libgetdata/src/parse.c
+@@ -2501,9 +2501,12 @@ char *_GD_ParseFragment(FILE *restrict f
+   match = _GD_ParseDirective(D, p, in_cols, n_cols, me, _name,
+   , tok_pos);
+ 
+-if (D->error == GD_E_OK && !match)
++if (D->error == GD_E_OK && !match) {
+   first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols, 
strlen(in_cols[0]),
+   NULL, me, 0, 1, , tok_pos);
++  if (first_raw == NULL)
++_GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0, NULL);
++}
+ 
+ if (D->error == GD_E_FORMAT) {
+   /* call the callback for this error */
diff -Nru libgetdata-0.10.0/debian/patches/series 
libgetdata-0.10.0/debian/patches/series
--- libgetdata-0.10.0/debian/patches/series 2018-07-08 16:05:59.0 
+0200
+++ libgetdata-0.10.0/debian/patches/series 2021-05-13 23:20:13.0 
+0200
@@ -1 +1,2 @@
 #python3.patch
+CVE-2021-20204.patch

Bug#988278: [pre-approval] unblock: libgetdata/0.10.0-10

[Anton Gladky]

Sebastian, I have double checked the code, and you are probably right.
It is better to put this if-check into the internal scope of "(D->error ==
GD_E_OK && !match)".
Pipeline is passed, so I will upload it into unstable.

Thanks again.

Anton


Am Mo., 10. Mai 2021 um 22:42 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:

> Control: tags -1 confirmed
>
> On 2021-05-10 22:35:28, Anton Gladky wrote:
> > Control: tags -1 -moreinfo
> >
> > Hi Sebastian,
> >
> > Thanks for looking into this issue. Yes, it is intentional. We should
> always
> > check whether first_raw is NULL or not.
>
> Then please go ahead.
>
> Cheers
>
> >
> > I have reproduced the issue in the CI-pipeline [1], and the proposed
> patch
> > fixes
> > the issue [2]: no more segfault, just an error message due to exploit.
> >
> > [1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525
> > [2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848
> >
> > Anton
> >
> >
> > Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher <
> > sramac...@debian.org>:
> > 
> >
> > > > +--- libgetdata-0.10.0.orig/src/parse.c
> > > >  libgetdata-0.10.0/src/parse.c
> > > > +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
> > > > + if (D->error == GD_E_OK && !match)
> > > > +   first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols,
> > > strlen(in_cols[0]),
> > > > +   NULL, me, 0, 1, , tok_pos);
> > > > ++  if (first_raw == NULL) {
> > > > ++_GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0,
> > > NULL);
> > > > ++  }
> > >
> > > Is it intentional that newly addeded if is evaluated in any case or is
> > > this patch missing curly brackets for the body of "if (D->error =
> > > GD_E_OK && !match)"?
> > >
>
> --
> Sebastian Ramacher
>

Bug#988278: [pre-approval] unblock: libgetdata/0.10.0-10

[Anton Gladky]

Control: tags -1 -moreinfo

Hi Sebastian,

Thanks for looking into this issue. Yes, it is intentional. We should always
check whether first_raw is NULL or not.

I have reproduced the issue in the CI-pipeline [1], and the proposed patch
fixes
the issue [2]: no more segfault, just an error message due to exploit.

[1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525
[2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848

Anton


Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher <
sramac...@debian.org>:


> > +--- libgetdata-0.10.0.orig/src/parse.c
> >  libgetdata-0.10.0/src/parse.c
> > +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
> > + if (D->error == GD_E_OK && !match)
> > +   first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols,
> strlen(in_cols[0]),
> > +   NULL, me, 0, 1, , tok_pos);
> > ++  if (first_raw == NULL) {
> > ++_GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0,
> NULL);
> > ++  }
>
> Is it intentional that newly addeded if is evaluated in any case or is
> this patch missing curly brackets for the body of "if (D->error =
> GD_E_OK && !match)"?
>

Bug#988278: [pre-approval] unblock: libgetdata/0.10.0-10

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

this is the pre-approval request for libgetdata/0.10.0-10

It fixes CVE-2021-20204 (#988239). It is not a release critical bug,
but security issue. Diff is attached.

Thanks

unblock libgetdata/0.10.0-10

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCX2GcRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYG0BAAlD+ubdz+Y5mTIlSqqb5mbSatB7ok0Gbs
gI9loXe46+9VupBk4hEG75EBhM5JDk4y2Zy5ZSy3ErT29/cxUhcU9U7tGht//HDg
sHCFQASoUkwxJFtUTSWFsNELA1S7ZICAAkLYzk+mLIP/tOOXqeInHscYZ+XRjPdC
Erlc+8RbTF9RTHIKXB6LEOne8IgqXgLGEWYNwIk70qUrIQ5gZlS0qiQ2hr7LhMJQ
ZmNwbGUlpAIVw3AelYb301VyS6Mfl3jSUTbunTIXrRtGI7S6RNnRA+nYHsnS/ozj
MqDMot9O9NRQS+2YyF808Mdz+wleR5TqXGuOG8vqUdCXcyRZCSCSCKVbJLAGSEPz
TmZnTUDAiFLxD0O519c2qPhV2I4HaahveDS3jmt8Wk6jbFjX/j+MCFFhrPRJgko6
CsRFm4K9jA7qWydNrZqHVC5EKCdXANmzlM8PZtckCR6srDzJj3z0MvKFybdVfYvP
/OEC4t42oTBwxaaArXXYMaNqPJIwdeCQdgTIht5SXS+yk/JdCF27ZOHuvVUTI7p8
hSYxx1pPvvet+1wwpV+Xw3uG92xuEe55nrd1lMLdhRpFyPT2LMupr043rRB6zTMr
goOL9ZlO9aKHHUAU1C1as50gD5vtBEENuVol7HCDtxQGTX79nFg8aW3oLG7ZeeTl
wPH0S5YFf+c=
=PdQH
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index 2c30a9c..514058c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libgetdata (0.10.0-10) unstable; urgency=medium
+
+  * Team upload.
+  * [4ee5ad0] Fix CVE-2021-20204. (Closes: #988239)
+
+ -- Anton Gladky   Sun, 09 May 2021 14:27:38 +0200
+
 libgetdata (0.10.0-9) unstable; urgency=medium
 
   * Fix FTBFFS on binary-all build (missing file). Closes: #966522
diff --git a/debian/patches/CVE-2021-20204.patch 
b/debian/patches/CVE-2021-20204.patch
new file mode 100644
index 000..08bb876
--- /dev/null
+++ b/debian/patches/CVE-2021-20204.patch
@@ -0,0 +1,18 @@
+Description: Raise error if returned first_raw in _GD_ParseFieldSpec is NULL
+  Fix for CVE-2021-20204
+Author: Anton Gladky 
+Bug-Debian: https://bugs.debian.org/988239 
+Last-Update: 2021-05-09
+
+--- libgetdata-0.10.0.orig/src/parse.c
 libgetdata-0.10.0/src/parse.c
+@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
+ if (D->error == GD_E_OK && !match)
+   first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols, 
strlen(in_cols[0]),
+   NULL, me, 0, 1, , tok_pos);
++  if (first_raw == NULL) {
++_GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0, NULL);
++  }
+ 
+ if (D->error == GD_E_FORMAT) {
+   /* call the callback for this error */
diff --git a/debian/patches/series b/debian/patches/series
index 24c0911..cc09615 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 #python3.patch
+CVE-2021-20204.patch

Bug#988112: unblock: gfsview/20121130+dfsg-7

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please unblock package gfsview

Upload gfsview/20121130+dfsg-7 fixes RC-bug #987935.
I have enabled ci-pipelines to ensure the package functionality,
and now all tests are green [1]. Diff is attached.

[1] https://salsa.debian.org/science-team/gfsview/-/pipelines

unblock gfsview/20121130+dfsg-7


Best regards

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCTAXcRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wZocA/+O/2XDkjko0feJZzyA3WKmh3qymptclOi
jQU3RacssdCCvxlmQ0fusea6LJ0uC/779rZ8ps3dZ87+7zE5ZBeS6V/oo8rExgmO
uPE9Mjnt5sttzKCECpFD19O4DvGZF03JTFRvU2QpGJT4NPAgldmmwk8C2DJU+AM8
GWz9UTq2qIZ36znMNbgoKixqcPYklxgbD4ruAkaT9AGlv9+eEnzJL5RIuxb6YSBU
mn6np/tg/iXog7ZWgHgtYGkvzXpxctdDOYlxZ++UzcIL4Ro2vpdRnOXw1gn8ZJbP
0b5vK0I4HGrZuhlHOIdayGKjfTjNXlDM86UMjtlXTFzbMBBJTAdieBBlFEvfCfF3
EOBRLh1YMwk8n39oonxQuxs0svI2BywXO9u/eIlXU2PyMkfNKaVB3vCojV18ei/D
Ny7e+w6Jn7mkS5sQyELMy5cISA3G85Wg/lIL1HPr1WUioTvXYGv3XNfJivSoCT+v
vMwY2WC+wtYLE669gxeNIIw+K1H1z/8UYfOg9Pr3OvI+LxKcyUtGeTxx5ZPE0WUy
EgWNCezdFhqQWsD7rLw030n7Fbp4UlifTEtSCbX9Q0bZ4fcCq7tvPKMs4fFswugz
HEB6Y5y4lJy+MI72xO/ATzKCZgECqtQ3mGg7t9SisYrUZyC4id83XIKUZpjYUqAe
8vF0qAoKW14=
=Kv+6
-END PGP SIGNATURE-
diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml
new file mode 100644
index 000..26871b9
--- /dev/null
+++ b/debian/.gitlab-ci.yml
@@ -0,0 +1,2 @@
+include:
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
diff --git a/debian/changelog b/debian/changelog
index 74725fa..1f11cf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+gfsview (20121130+dfsg-7) unstable; urgency=medium
+
+  * Team upload.
+  * [9fb3053] Add .gitlab-ci.yml
+  * [634d5c0] Link against X11. (Closes: #987935)
+
+ -- Anton Gladky   Wed, 05 May 2021 22:03:32 +0200
+
 gfsview (20121130+dfsg-6) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/02_use_system_gl2ps.patch 
b/debian/patches/02_use_system_gl2ps.patch
index 02c99c4..3f384f1 100644
--- a/debian/patches/02_use_system_gl2ps.patch
+++ b/debian/patches/02_use_system_gl2ps.patch
@@ -2,10 +2,10 @@ Description: use packaged gl2ps instead of embedded.
 Author: Anton Gladky 
 Last-Update: 2014-05-08
 
-Index: gfsview-snapshot-121130/Makefile.am
+Index: gfsview-20121130+dfsg/Makefile.am
 ===
 gfsview-snapshot-121130.orig/Makefile.am
-+++ gfsview-snapshot-121130/Makefile.am
+--- gfsview-20121130+dfsg.orig/Makefile.am
 gfsview-20121130+dfsg/Makefile.am
 @@ -26,12 +26,10 @@ if HAVE_GTK
INTERACTIVE = view
  endif
@@ -20,10 +20,10 @@ Index: gfsview-snapshot-121130/Makefile.am
m4
  
  if DARCS_CONTROLLED
-Index: gfsview-snapshot-121130/batch/Makefile.am
+Index: gfsview-20121130+dfsg/batch/Makefile.am
 ===
 gfsview-snapshot-121130.orig/batch/Makefile.am
-+++ gfsview-snapshot-121130/batch/Makefile.am
+--- gfsview-20121130+dfsg.orig/batch/Makefile.am
 gfsview-20121130+dfsg/batch/Makefile.am
 @@ -10,17 +10,15 @@ noinst_LTLIBRARIES = librender2D.la libr
  
  librender2D_la_SOURCES = render.c render.h
@@ -44,10 +44,10 @@ Index: gfsview-snapshot-121130/batch/Makefile.am
  
  bin_PROGRAMS = gfsview-batch2D gfsview-batch3D
  
-Index: gfsview-snapshot-121130/gl/gfsgl.h
+Index: gfsview-20121130+dfsg/gl/gfsgl.h
 ===
 gfsview-snapshot-121130.orig/gl/gfsgl.h
-+++ gfsview-snapshot-121130/gl/gfsgl.h
+--- gfsview-20121130+dfsg.orig/gl/gfsgl.h
 gfsview-20121130+dfsg/gl/gfsgl.h
 @@ -23,7 +23,7 @@
  
  #include 
@@ -57,10 +57,10 @@ Index: gfsview-snapshot-121130/gl/gfsgl.h
  
  #ifdef __cplusplus
  extern "C" {
-Index: gfsview-snapshot-121130/view/Makefile.am
+Index: gfsview-20121130+dfsg/view/Makefile.am
 ===
 gfsview-snapshot-121130.orig/view/Makefile.am
-+++ gfsview-snapshot-121130/view/Makefile.am
+--- gfsview-20121130+dfsg.orig/view/Makefile.am
 gfsview-20121130+dfsg/view/Makefile.am
 @@ -26,23 +26,20 @@ SRC = \
glade/mangled_interface.c glade/interface.h \
glade/callbacks.c glade/callbacks.h \
@@ -72,7 +72,7 @@ Index: gfsview-snapshot-121130/view/Makefile.am
  gfsview2D_SOURCES = $(SRC) gfkgl2D.h
  gfsview2D_CFLAGS = @SN_CFLAGS@ @GTK_CFLAGS@ @GERRIS2D_CFLAGS@
 -gfsview2D_LDADD = -L$(top_builddir)/gl2ps -lgl2ps \
-+gfsview2D_LDADD = -lgl2ps \
++gfsview2D_LDADD = -lgl2ps -lX11 \
-L$(top_builddir)/gl -lgfsgl2D \
  @SN_LIBS@ @GTK_LIBS@ @GERRIS2D_LIBS@
 -gfsview2D_DEPENDENCIES = $(top_builddir)/gl2ps/libgl2ps.la 
$(top_builddir)/gl/libgfsgl2D.la
@@ -80,17 +80,17 @@ Index: gfsview-snapshot-121130/view/Makefile.am
  gfsview3D_SOURC

Bug#985378: unblock: boost1.74/1.74.0-9

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please unblock package boost1.74

boost1.74_1.74.0-9 fixes RC-bug #984838
Diff is attached.


unblock boost1.74/1.74.0-9

Thanks

Anton Gladky

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmBRF0IRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYT0g//YZuOhL9/699+0fNcMECh1UX/rtCGE7Ee
jlaU9j3fIbRLIDe/SDzGF4EOJmlR64I4h+tzde3ze4YCdvueVVXRcGLXX3aobROr
GYnGXiDvEWTL3ZUA65aGZVLNcy5ytjrUtC2Y3xLi4Ti4w0oxmih+F5hKE6OmU3BD
SRJBi8XPJ2AAiItydo3gR89l9jK5sau9yiM7IBNiCT5CWXpzWwrH+DyDuvvOqTAG
SGlkl0Ppl4i/bGe+VjrBw0uO2I7gBwie613ybRevFXEu8op00Ei30N/y2RqTyXqq
14W/Cql2iOHN3vyLzfZiyyWLk9JXslPzwEwWEL5KpeCYk3CA+Csdj1rRnnIKMNL+
lM+jEloYENhhu7+sM2E8su8slUsFKBauPc6U+jCUrWsBztkIzxTz+mrVMSqmkIBW
9ZyE1R0xrTtiQ+kjQMAsfnbOWNJ2XZ/1QeVaYcoLL8AbWSIXWZVJsBrb8dZMpENW
kV95pgn3wDbwtxpsXnxXfOjpdQuwfOM2u2D277reCf46KURTm8PO7lb2oqlK9DiN
32sIceQUnuQIYVSPzreRUbe3JV9cIyapLGZU1fn4McLE8x4ups2DNXFXMdpG3e5o
S1G1GY6zf+Ay1pICy4zLr6eEzDcOKoiM3Y67WNMzBtnZrrggc1dN916J7TuQP3vC
0KOP2eosxHA=
=Pwa4
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index 0d4a3cf10..98695eea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+boost1.74 (1.74.0-9) unstable; urgency=medium
+
+  [ Andreas Beckmann ]
+  * libboost1.74-dev: Smoothen upgrades from buster by depending on
+libstdc++-${gxx:major}-dev using the build-time version of g++ instead of
+the virtual libstdc++-dev provided by multiple packages.
+(Closes: #984838)
+
+ -- Anton Gladky   Sat, 13 Mar 2021 09:21:38 +0100
+
 boost1.74 (1.74.0-8) unstable; urgency=medium
 
   * [85a2610] Fix compilation warnings. (Closes: #980497)
diff --git a/debian/control b/debian/control
index e730db2af..a9d12e62a 100644
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Package: libboost1.74-dev
 Architecture: any
 Multi-Arch: same
 Section: libdevel
-Depends: ${misc:Depends}, ${shlibs:Depends}, libstdc++-dev
+Depends: ${misc:Depends}, ${shlibs:Depends}, libstdc++-${gxx:major}-dev
 Suggests: libboost1.74-doc,
  libboost-atomic1.74-dev,
  libboost-chrono1.74-dev,
diff --git a/debian/rules b/debian/rules
index 025139a8c..da506a948 100755
--- a/debian/rules
+++ b/debian/rules
@@ -343,6 +343,9 @@ ifeq ($(BUILD_NUMPY), yes)
sed -i -r 's/^(libboost_numpy([0-9]{2}) \S+ (\S+).*)$$/\1, \3-py\2/' 
debian/libboost-numpy$(SOVERSION)/DEBIAN/shlibs
 endif
 
+override_dh_gencontrol:
+   dh_gencontrol -- -V'gxx:major=$(shell dpkg-query -f '$${version}' -W 
g++ | sed 's/.*://;s/\..*//')'
+
 $(b2):
cd tools/build && bison -y -d -o src/engine/jamgram.cpp 
src/engine/jamgram.y
./bootstrap.sh --with-icu=/usr --prefix=$(CURDIR)/debian/tmp/usr \

Bug#976115: transition: boost-defaults

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear release team,

this is a transition request to upgrade boost-defaults from 1.71 to 1.74.
Most of issues in packages are tracked here [1], many of them are already
fixed.

Ben file:

title = "boost-defaults";
is_affected = .depends ~ /libboost[a-z-.]*1\.7[14]/;
is_good = .depends ~ /libboost[a-z-.]*1\.74/;
is_bad = .depends ~ /libboost[a-z-.]*1\.71/;

[1] 
https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=team%2Bboost%40tracker.debian.org=boost174

Best regards


Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl/EG1ARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wbO1g/+L9hHIPADbzvSHsoFB7a65YGX8Zt6lLWP
Lgeyd5ybf2CJEtmanRE4ynl9+hwvmxrRL2S90vIzSpt9/LGp4c8nVoVDLKQWQ0SE
czTwEfUa0pozK0Iqg3ZNzuQewOFiTaCXqZNUUg0lEKfrXc66wv98YdqyogW1mxAE
BYCleO8bMHGbdqOnwWQ25+OxkjAdPAa0bYmE5MskfAJS+M9TBkRtkKHpSUMjoRjm
wQAQV/qMz5lcsdIjzLF3b05y0CAl4NLVhXUcPDiaurVQF90isfkWrjERSChfbT7b
eUPc3BYGSub2BTyIjZ7yhiL7/gGF1yfcE0raLp697Pd8DrrIVpKJ4rqrXcfQpvVI
RZ84QDplbHThfDXMS75y2CfEV5SN5aZxmHNC/DabCAlAIogcX8znT5ZZXJ1bi1I0
NgDT431qDsslhv541pxy2LNwyLomAM1UAIw32ZMzbJBiJXN+XZLA82Ys7yxoXL5n
RlAuPLRafE0bN4GwK+D5xMx3xEngLzjp/IRK2sQY686WMuoaneQmoZWrp7GUSO17
pr1CxgPJtyBySlFnYjvfCHDaJogQQRRvZ35TAA9s3kAdn0nyCwVs+52YZSb9ZU+1
+cmGvSb1py9lzx21cN0C2vu7Qq0xKVbT6uSf5Dfu5a/jaiozG4b2JLiBKJAV4F1L
v5ne8TmiMs8=
=sQyK
-END PGP SIGNATURE-

Bug#954023: stretch-pu: package amd64-microcode/3.20181128.1~deb9u1

[Anton Gladky]

Hi Adam,

> Anton, do you have any idea how widespread use of the existing stretch-
> backports package has been?

No, I do not have this information. If you are not sure - feel free to
reject this request.

Best regards

Anton


Am Do., 2. Juli 2020 um 22:14 Uhr schrieb Adam D. Barratt <
a...@adam-barratt.org.uk>:

> Apologies for letting this sit for a while.
>
> On Mon, 2020-03-23 at 18:08 -0300, Henrique de Moraes Holschuh wrote:
> > On Sat, 21 Mar 2020, Adam D. Barratt wrote:
> > > On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote:
> > > > I have prepared an update for amd64-microcode for Debian Stretch,
> > > > which fixes CVE-2017-5715. Please see an attached debdiff.
> > > >
> > > > This is the newer upstream version, which fixes CVE-2017-5715.
> > > > Security team marked this CVE for Stretch as  [1].
> > >
> > > Do you have any input / thoughts on this proposed update?
> >
> > The microcode might be safe enough, we don't have regressions
> > reported against the lastest one (which is just a revert by AMD of an
> > update that did cause regressions when not applied through UEFI).
> >
> > But that's with recent kernels.
> >
> > I have no idea about the kernel codepaths it might activate, though,
> > if new MSRs are exposed.
>
> I'm torn as to what to do with this request, given that we're about to
> hit the EOL point release for stretch.
>
> Anton, do you have any idea how widespread use of the existing stretch-
> backports package has been?
>
> Regards,
>
> Adam
>
>

Bug#961379: buster-pu: package libntlm/1.5-1+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

I have prepared an NMU for buster release which fixes CVE-2019-17455.

Please let mw know whether I can upload it.

Diff is attached.

Thanks,

Anton
diff -Nru libntlm-1.5/debian/changelog libntlm-1.5/debian/changelog
--- libntlm-1.5/debian/changelog2018-08-24 22:03:11.0 +0200
+++ libntlm-1.5/debian/changelog2020-05-23 21:18:56.0 +0200
@@ -1,3 +1,17 @@
+libntlm (1.5-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload
+  * Fix buffer overflow. CVE-2019-17455:
+  Libntlm through 1.5 relies on a fixed buffer size for
+  tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
+  read and write operations, as demonstrated by a stack-based buffer
+  over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted
+  NTLM request.
+  Closes: #942145
+  * Add regression test for CVE-2019-17455
+
+ -- Anton Gladky   Sat, 23 May 2020 21:18:56 +0200
+
 libntlm (1.5-1) unstable; urgency=low
 
   * New upstream version.
diff -Nru 
libntlm-1.5/debian/patches/10_fix_buffer_overflow_CVE-CVE-2019-17455.patch 
libntlm-1.5/debian/patches/10_fix_buffer_overflow_CVE-CVE-2019-17455.patch
--- libntlm-1.5/debian/patches/10_fix_buffer_overflow_CVE-CVE-2019-17455.patch  
1970-01-01 01:00:00.0 +0100
+++ libntlm-1.5/debian/patches/10_fix_buffer_overflow_CVE-CVE-2019-17455.patch  
2020-05-23 21:12:10.0 +0200
@@ -0,0 +1,85 @@
+From b967886873fcf19f816b9c0868465f2d9e5df85e Mon Sep 17 00:00:00 2001
+From: Simon Josefsson 
+Date: Sun, 19 Apr 2020 09:30:05 +0200
+Subject: [PATCH] Fix buffer overflow.  Patch from Cedric Buissart based on
+ report by Kirin.  CVE-2019-17455
+
+<https://gitlab.com/jas/libntlm/-/issues/2>
+---
+ ntlm.h|  8 +---
+ smbutil.c | 13 -
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+Index: libntlm-1.5/ntlm.h
+===
+--- libntlm-1.5.orig/ntlm.h
 libntlm-1.5/ntlm.h
+@@ -36,6 +36,8 @@ extern "C"
+ 
+ #define NTLM_VERSION "1.5"
+ 
++#define MSG_BUFSIZE 1024
++
+ /*
+  * These structures are byte-order dependant, and should not
+  * be manipulated except by the use of the routines provided
+@@ -55,7 +57,7 @@ extern "C"
+ uint32 flags;
+ tSmbStrHeader user;
+ tSmbStrHeader domain;
+-uint8 buffer[1024];
++uint8 buffer[MSG_BUFSIZE];
+ uint32 bufIndex;
+   } tSmbNtlmAuthRequest;
+ 
+@@ -68,7 +70,7 @@ extern "C"
+ uint8 challengeData[8];
+ uint8 reserved[8];
+ tSmbStrHeader emptyString;
+-uint8 buffer[1024];
++uint8 buffer[MSG_BUFSIZE];
+ uint32 bufIndex;
+   } tSmbNtlmAuthChallenge;
+ 
+@@ -84,7 +86,7 @@ extern "C"
+ tSmbStrHeader uWks;
+ tSmbStrHeader sessionKey;
+ uint32 flags;
+-uint8 buffer[1024];
++uint8 buffer[MSG_BUFSIZE];
+ uint32 bufIndex;
+   } tSmbNtlmAuthResponse;
+ 
+Index: libntlm-1.5/smbutil.c
+===
+--- libntlm-1.5.orig/smbutil.c
 libntlm-1.5/smbutil.c
+@@ -46,9 +46,9 @@ char versionString[] = PACKAGE_STRING;
+ 
+ /*
+  * Must be multiple of two
+- * We use a statis buffer of 1024 bytes for message
++ * We use a statis buffer of MSG_BUFSIZE [1024] bytes for message
+  * At maximun we but 48 bytes (ntlm responses) and 3 unicode strings so
+- * NTLM_BUFSIZE * 3 + 48 <= 1024
++ * NTLM_BUFSIZE * 3 + 48 <= MSG_BUFSIZE
+  */
+ #define NTLM_BUFSIZE 320
+ 
+@@ -70,10 +70,13 @@ char versionString[] = PACKAGE_STRING;
+  */
+ #define AddBytes(ptr, header, buf, count) \
+ { \
+-  ptr->header.len = ptr->header.maxlen = UI16LE(count); \
++  size_t count2 = count; \
++  if (count2  > MSG_BUFSIZE - ptr->bufIndex)  \
++count2 = MSG_BUFSIZE - ptr->bufIndex; \
++  ptr->header.len = ptr->header.maxlen = UI16LE(count2); \
+   ptr->header.offset = UI32LE((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex); 
\
+-  memcpy(ptr->buffer+ptr->bufIndex, buf, count); \
+-  ptr->bufIndex += count; \
++  memcpy(ptr->buffer+ptr->bufIndex, buf, count2); \
++  ptr->bufIndex += count2; \
+ }
+ 
+ #define AddString(ptr, header, string) \
diff -Nru libntlm-1.5/debian/patches/20_test_CVE-2019-17455.patch 
libntlm-1.5/debian/patches/20_test_CVE-2019-17455.patch
--- libntlm-1.5/debian/patches/20_test_CVE-2019-17455.patch 1970-01-01 
01:00:00.0 +0100
+++ libntlm-1.5/debian/patches/20_test_CVE-2019-17455.patch 2020-05-23 
21:05:29.0 +0200
@@ -0,0 +1,90 @@
+From aa975994cf9cf39c33ce33a1b2988277c456dec1 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson 
+Date: Sun, 19 Apr 2020 09:44:17 +0200
+Subject: [PATCH] Add regression check for CVE-2019-17455 overflow.
+
+---
+ Makefile.am   |  2 +-
+ test_CVE-2019-17455.c | 61 +++
+

Bug#954023: Minor debdiff update

[Anton Gladky]

Please see an updated debdiff in attachment (dropped one line in
d/changelog).

Best regards

Anton
diff -Nru amd64-microcode-3.20160316.3/debian/changelog 
amd64-microcode-3.20181128.1~deb9u1/debian/changelog
--- amd64-microcode-3.20160316.3/debian/changelog   2016-11-30 
02:54:53.0 +0100
+++ amd64-microcode-3.20181128.1~deb9u1/debian/changelog2020-03-12 
20:29:09.0 +0100
@@ -1,3 +1,71 @@
+amd64-microcode (3.20181128.1~deb9u1) stretch; urgency=high
+
+  * New upstream release.
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+(since version 3.20180515.1).
+
+ -- Anton Gladky   Thu, 12 Mar 2020 20:29:09 +0100
+
+amd64-microcode (3.20181128.1) unstable; urgency=medium
+
+  * New microcode update packages from AMD upstream:
++ New Microcodes:
+  sig 0x00800f82, patch id 0x0800820b, 2018-06-20
+  * README: update for new release
+
+ -- Henrique de Moraes Holschuh   Sat, 15 Dec 2018 18:42:12 
-0200
+
+amd64-microcode (3.20180524.1) unstable; urgency=high
+
+  * New microcode update packages from AMD upstream:
++ Re-added Microcodes:
+  sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * This update avoids regressing sig 0x610f01 processors on systems with
+outdated firmware by adding back exactly the same microcode patch that was
+present before [for these processors].  It does not implement Spectre-v2
+mitigation for these processors.
+  * README: update for new release
+
+ -- Henrique de Moraes Holschuh   Fri, 25 May 2018 15:38:22 
-0300
+
+amd64-microcode (3.20180515.1) unstable; urgency=high
+
+  * New microcode update packages from AMD upstream:
++ New Microcodes:
+  sig 0x00800f12, patch id 0x08001227, 2018-02-09
++ Updated Microcodes:
+  sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+  sig 0x00600f20, patch id 0x06000852, 2018-02-06
++ Removed Microcodes:
+  sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+plus other unspecified fixes/updates.
+  * README, debian/copyright: update for new release
+
+ -- Henrique de Moraes Holschuh   Sat, 19 May 2018 13:51:06 
-0300
+
+amd64-microcode (3.20171205.2) unstable; urgency=medium
+
+  * debian/control: update Vcs-* fields for salsa.debian.org
+
+ -- Henrique de Moraes Holschuh   Fri, 04 May 2018 07:51:40 
-0300
+
+amd64-microcode (3.20171205.1) unstable; urgency=high
+
+  * New microcode updates (closes: #886382):
+sig 0x00800f12, patch id 0x08001213, 2017-12-05
+Thanks to SuSE for distributing these ahead of AMD's official release!
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+  * README: describe source for faml17h microcode update
+  * Upload to unstable to match IBPB microcode support on Intel in Debian
+unstable.
+  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+"x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+it will not be applied to the processor.
+
+ -- Henrique de Moraes Holschuh   Mon, 08 Jan 2018 12:19:57 
-0200
+
 amd64-microcode (3.20160316.3) unstable; urgency=medium
 
   * initramfs: Make the early initramfs reproducible (closes: #845194)
diff -Nru amd64-microcode-3.20160316.3/debian/control 
amd64-microcode-3.20181128.1~deb9u1/debian/control
--- amd64-microcode-3.20160316.3/debian/control 2016-11-30 02:53:04.0 
+0100
+++ amd64-microcode-3.20181128.1~deb9u1/debian/control  2018-12-15 
03:43:55.0 +0100
@@ -5,8 +5,8 @@
 Uploaders: Giacomo Catenazzi 
 Build-Depends: debhelper (>= 9)
 Standards-Version: 3.9.8
-Vcs-Git: git://git.debian.org/users/hmh/amd64-microcode.git
-Vcs-Browser: http://git.debian.org/?p=users/hmh/amd64-microcode.git
+Vcs-Git: https://salsa.debian.org/hmh/amd64-microcode.git
+Vcs-Browser: https://salsa.debian.org/hmh/amd64-microcode
 XS-Autobuild: yes
 
 Package: amd64-microcode
diff -Nru amd64-microcode-3.20160316.3/debian/copyright 
amd64-microcode-3.20181128.1~deb9u1/debian/copyright
--- amd64-microcode-3.20160316.3/debian/copyright   2016-11-30 
02:53:04.0 +0100
+++ amd64-microcode-3.20181128.1~deb9u1/debian/copyright2018-12-15 
03:43:55.0 +0100
@@ -2,8 +2,9 @@
 Sun Jun 10 10:54:36 BRT 2012
 
 It was downloaded from http://www.amd64.org/support/microcode.html up to
-version 20120910 (now: http://www.amd64.org/microcode.html).  It was built from
-the linux-firmware git tree at  for version 20131007 onwards.
+version 20120910 (now: http://www.amd64.org/microcode.html).  For version
+20131007 onwards, it was built from the linux-firmware git repository at:
+https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
 
 Debian only distributes the AMD64 microcode file in its unaltered form.
 
@@ -13,7 +14,7 @@
 
 Upstream Copyright: 
 
-Copyright (C) 2010-2014 Advanced Micro Devices, Inc.,
+Copyright 

Bug#954023: stretch-pu: package amd64-microcode/3.20181128.1~deb9u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear release team,

I have prepared an update for amd64-microcode for Debian Stretch, which
fixes CVE-2017-5715. Please see an attached debdiff.

This is the newer upstream version, which fixes CVE-2017-5715.
Security team marked this CVE for Stretch as  [1].

The package version with "~" is needed to guarantee the smooth update
to the buster, where the current version is 3.20181128.1.

Also I am preparing an update for Jessie [2] and it would be good
to have 3.20181128.1~deb9u1 in Stretch for the smooth Jessie->Stretch
upgrade.

Please review the dediff and let me know, whether I may proceed with an update
or make some changes.

[1] 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9dda4132363fd5b169a3aad5fec48a4e4d2f72#4716ef5aa8f2742228ba3b3633215c8b808565e3_171225_171225
[2] https://lists.debian.org/ 

Best regards

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl5ukfwRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wZgDw/+Js19fZilIjDbjr0w8iYC+qxnO47RGErn
AedyJM95teD29SM9mIqPzXc2/u1x1NXwLY8ClFNHIOR1ZytvHKdzBU/KIyUk8WqH
mAZrND1y+lGuwn6kigAFJlKBg1TDqnb48zXYoMyesnrs0ssQHydf9LfHlOjCNgTe
j0W3clD9FyEsFibiZbhAnFd1Qsw4BL0kFgu9UqkPkUukoux1OS0RQ3EqJgGS9K2L
ak6lGSzKgvXZPY5WHcsTVni9v4OK4qVyPR8z0Wbd7eZOwGXLtYWUsB1rzAVlvDoR
CPStHhhneCzSvRYYAL4du2CaKRI7NLv+xIcJauraXWGVVvTVi6kkR7K3jb4BZeSV
5wIYzc5n5ErVXhwMJrDiD+ADhw4AqBz/8m81ogKN615BWb6+MFnFp57l8WlvTuNU
EzcPTTndJwym76N2MsKn9xC79xAKx+IKK8LpDgN+0PhXGHOExCPddBubLgfXr45w
WiydO+E/z+tuMOZWpU3RMDZBeRiAhXL/A9qfAhjftrI6LNdRAu3Mu/kOTkqwq8CN
x3TPHjmhy46XKF7qd43jF40kNI5Kdk++9+LFQvhV8pzhndPSSzN6PGX8fA2o5zn8
Je14ja1dKx1j09oCJALip/qA3nxO5tvH83OW1Kc+tKegJYut/vydInANWfpGX3yC
j+t+z6slM2g=
=/zSd
-END PGP SIGNATURE-
diff -Nru amd64-microcode-3.20160316.3/debian/changelog 
amd64-microcode-3.20181128.1~deb9u1/debian/changelog
--- amd64-microcode-3.20160316.3/debian/changelog   2016-11-30 
02:54:53.0 +0100
+++ amd64-microcode-3.20181128.1~deb9u1/debian/changelog2020-03-12 
20:29:09.0 +0100
@@ -1,3 +1,72 @@
+amd64-microcode (3.20181128.1~deb9u1) stretch; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * New upstream release.
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+(since version 3.20180515.1).
+
+ -- Anton Gladky   Thu, 12 Mar 2020 20:29:09 +0100
+
+amd64-microcode (3.20181128.1) unstable; urgency=medium
+
+  * New microcode update packages from AMD upstream:
++ New Microcodes:
+  sig 0x00800f82, patch id 0x0800820b, 2018-06-20
+  * README: update for new release
+
+ -- Henrique de Moraes Holschuh   Sat, 15 Dec 2018 18:42:12 
-0200
+
+amd64-microcode (3.20180524.1) unstable; urgency=high
+
+  * New microcode update packages from AMD upstream:
++ Re-added Microcodes:
+  sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * This update avoids regressing sig 0x610f01 processors on systems with
+outdated firmware by adding back exactly the same microcode patch that was
+present before [for these processors].  It does not implement Spectre-v2
+mitigation for these processors.
+  * README: update for new release
+
+ -- Henrique de Moraes Holschuh   Fri, 25 May 2018 15:38:22 
-0300
+
+amd64-microcode (3.20180515.1) unstable; urgency=high
+
+  * New microcode update packages from AMD upstream:
++ New Microcodes:
+  sig 0x00800f12, patch id 0x08001227, 2018-02-09
++ Updated Microcodes:
+  sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+  sig 0x00600f20, patch id 0x06000852, 2018-02-06
++ Removed Microcodes:
+  sig 0x00610f01, patch id 0x06001119, 2012-07-13
+  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+plus other unspecified fixes/updates.
+  * README, debian/copyright: update for new release
+
+ -- Henrique de Moraes Holschuh   Sat, 19 May 2018 13:51:06 
-0300
+
+amd64-microcode (3.20171205.2) unstable; urgency=medium
+
+  * debian/control: update Vcs-* fields for salsa.debian.org
+
+ -- Henrique de Moraes Holschuh   Fri, 04 May 2018 07:51:40 
-0300
+
+amd64-microcode (3.20171205.1) unstable; urgency=high
+
+  * New microcode updates (closes: #886382):
+sig 0x00800f12, patch id 0x08001213, 2017-12-05
+Thanks to SuSE for distributing these ahead of AMD's official release!
+  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+  * README: describe source for faml17h microcode update
+  * Upload to unstable to match IBPB microcode support on Intel in Debian
+unstable.
+  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+"x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+it will not be applied to the processor.
+
+ -- Henrique de Moraes Holschuh  

Re: New proposed-updates diff: h2o 2.2.5+dfsg2-2+deb10u1

[Anton Gladky]

Hello Adam,

thanks, I will reupload the package.

Regards

Anton

Am Mi., 21. Aug. 2019 um 22:25 Uhr schrieb Adam D. Barratt
:
>
> On Wed, 2019-08-21 at 19:34 +, Debian Queue Viewer wrote:
> [...]
> >
> > +h2o (2.2.5+dfsg2-2+deb10u1) buster-security; urgency=high
> > +
> > +  * [d9b7843] Fix HTTP/2 DoS attack vulnerabilities.
> > +  CVE-2019-9512 CVE-2019-9514 CVE-2019-9515. (Closes:
> > #934886)
> > +
> > + -- Anton Gladky   Tue, 20 Aug 2019 22:29:07 +0200
>
> This was intended to be uploaded to the security archive, not ftp-
> master.
>
> I'll get the copy that's landed in stable-new flagged for rejection,
> please re-upload to the security archive so that it can be processed
> there.
>
> Regards,
>
> Adam
>

Bug#932030: stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.

Thanks,

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0q/vARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYySg/+NJdSPSbuE172bzEx7/WvZnnSGw7GDOvN
mltnjYsHFqOa4Fh7G1k2mPJEZjgb/1q3APR+iHWLYTp7upkxY3u6PyciHFYkus7l
xNQb4oolS2J+wbaH0pV+5eKSScz26zSWNFioy/YEt14u09R7B1/SZ5JsLCUFLyrd
BzYdmp0fnShxSPB/5ZDWq5NReMSFa//lx4b7vklRiyx6B5Gua9gXQEAm4/Z8TZXi
hRth1XtfDxchKpU8j4n5IblhMLofC/NO1AdoErdEVL5L+uzEg9nIXOGP9v3pXem2
9IXGLdd2cWbn65FpYypo/mg8R2GqODHGKohUc5amVJJB4LhdqF/MrxcXDlteTdJF
hhK+mAyftSk/sGpswWrUkPiVplCY9FhyMLv2SNl1DA1sqAPr/nT7X95UZH4kxuFl
lu561ZDcv4EWZFnZN2W/JFKusO08VaRnVHXJtBRsTxo95CXhplrJGUbIjwIPqO4q
XOxvsc1krkqF2do10qG9P1lLeEZgIJMmf2fDkwkB6qztDCOKLmQtDtGxnXW+wcP4
Ullxy8NSGD9CVIPDNfJTQDK7A/QZOz22ZdrCws7hifAmgMlDhUECoCYoGWk+SkJh
o81fmguVkFcpvNSel1eDFc9gf2SINEYR9r6mcbQ6HNTI1qKmeauPv4NDHLQfea9G
eWJ6ZD/CqE0=
=+uwc
-END PGP SIGNATURE-
diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog 
gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog2019-01-05 23:07:07.0 
+0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog2019-07-14 09:49:07.0 
+0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+  * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+  (Closes: #926658)
+
+ -- Anton Gladky   Sun, 14 Jul 2019 09:49:07 +0200
+
 gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
 
   * [132187c] New upstream version 5.2.6+dfsg1
diff -Nru 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
1970-01-01 01:00:00.0 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
2019-07-14 09:48:48.0 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author:  Ethan A Merritt
+Origin: 
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
 gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+ udv->udv_value.type = ARRAY;
+ ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * 
sizeof(t_value), "array state");
+ ARGV[0].v.int_val = argv_size;
++ARGV[0].type = NOTDEFINED;
+ 
+ for (argindex = 1; argindex <= 9; argindex++) {
+   char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+   }
+   /* Save ARGV[] */
+   lf->argv[0].v.int_val = 0;
++  lf->argv[0].type = NOTDEFINED;
+   if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+-  for (argindex = 0; argindex <= call_argc; argindex++)
++  for (argindex = 0; argindex <= call_argc; argindex++) {
+   lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++  if (lf->argv[argindex].type == STRING)
++  lf->argv[argindex].v.string_val =
++  gp_strdup(lf->argv[argindex].v.string_val);
++  }
+   }
+ }
+ lf->depth = lf_head ? lf_head->depth+1 : 0;   /* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
 gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 
markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+ 
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+   fprintf(stderr, "syntax:  gnuplot -c scriptname args\n");
+   gp_exit(EXIT_FAILURE);
+   }
+-  for (i=0; i

Bug#932029: stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.

Thanks

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0q/cARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wZ/hxAAkMGXgPOoWbKMu/XGgWQ/pmejR7is2ncF
+e98xbUxycNLoL9qioNugf5dF5O7D4QNR2xjwJ7YZAXUQOZMVcKmzeIv3U2pP3Ij
JS/BmfAcBl5hXYW+BRKXO9yEIOmdVfv/n6NJ19ROuH+bTiaQukKsG3tURC0mztJS
soDihB1FKPoh9HzYPsyXxevOQ8OaiD71mwZdudW5r1dCKDR2uC2042DKD85T279T
eIqzzBOn/1PelagXChyoJZA5M2qz/ZpKiUkEHf5SVd89iUoCYuGwiRaTFoJ26Tko
3dNDs2qgFuQkFCwy8grpH7tT+yKzmbWpbpyaGGOGk8gzsYa6CytXsbKEbDsDpxn+
bwL3ikcW4rNhhuzletKzbvHh7i5EjcfX5sBUrQMYIjoD9YIxpFNcHxevA59whYjv
3WS9c6a6TIpFxgeubVskbkbMdLqpu5yki8uWVpYu2/wVC5U0gzwFbaBlL9yFZtPX
7igw7ci3e4vv3qorQjgVt+NjXLLTsxtnFG/2b5HBJxaQx3OXOUg/APcyJj9eBZZg
3lvDjN8+swgnyJCL4Fx6yWOaiLx+e4nItcOvhDDjPp3Ui+tDoxoDv9gljkfPVrsr
OIXZC7S5nGXwsQ1c9Sm0t315cvhCGPwQ5uObo1l7JkOaln4t/399Y1T9wxjuGHBX
CxIVqjY5A+A=
=bcul
-END PGP SIGNATURE-
diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog 
gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog2019-01-05 23:07:07.0 
+0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog2019-07-14 09:49:07.0 
+0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+  * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+  (Closes: #926658)
+
+ -- Anton Gladky   Sun, 14 Jul 2019 09:49:07 +0200
+
 gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
 
   * [132187c] New upstream version 5.2.6+dfsg1
diff -Nru 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
1970-01-01 01:00:00.0 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
2019-07-14 09:48:48.0 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author:  Ethan A Merritt
+Origin: 
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
 gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+ udv->udv_value.type = ARRAY;
+ ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * 
sizeof(t_value), "array state");
+ ARGV[0].v.int_val = argv_size;
++ARGV[0].type = NOTDEFINED;
+ 
+ for (argindex = 1; argindex <= 9; argindex++) {
+   char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+   }
+   /* Save ARGV[] */
+   lf->argv[0].v.int_val = 0;
++  lf->argv[0].type = NOTDEFINED;
+   if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+-  for (argindex = 0; argindex <= call_argc; argindex++)
++  for (argindex = 0; argindex <= call_argc; argindex++) {
+   lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++  if (lf->argv[argindex].type == STRING)
++  lf->argv[argindex].v.string_val =
++  gp_strdup(lf->argv[argindex].v.string_val);
++  }
+   }
+ }
+ lf->depth = lf_head ? lf_head->depth+1 : 0;   /* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
 gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 
markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+ 
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+   fprintf(stderr, "syntax:  gnuplot -c scriptname args\n");
+   gp_exit(EXIT_FAILURE);
+   }
+-  for (i=0; i

Bug#932028: stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.

Thanks,

Anton

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0rAo0RHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wamNA//aJ7jiIEW51CfAgpF9gN6CI3bEHN9pLYJ
UALWTP5tIzKesg9oxMXGlg4j6pkNlVV4D8rYFgh1mVTzwmHcWtx88NiO0L7rZnr+
Jsvq0BPhEVfZf10pxPuyYP9f7m4mU6x1LIf+48iMAOw59grP0pu4YlpdGie67Yie
jX99KKKUenZP+zpAafRuiQ+UHggY3J2ofoyjtKWrWPoTuCyyEhfPE3wJgc96qJE8
jKZvqxuoBGyPLb/iX67wJowOFfDo7aXRme9/sybNPWM3QXOdpIxaehOmWCywZ9pP
mqdktLoERdv/yP/w33KeSTilbfu6naqCasBh1DJu44HZQdVNtLuEDJ/rk0X4qv9m
FkG9X7xHHX0FqPuPeru2vc5h71pkZfIpIUodrCOjBmwaSWOfvlK6XP56TrIwDipR
qgjkWKFIbWQLm8pN3OMnk3pByVhanB9MhKcqNBtUKDVUIJEdqmcAqi97STD7kkAC
UL3ef9GGLZcvBmzur9kPNJmOYukH7QW3IkhIP/lbW06BqIarMLEu2COL4raX6Q9F
QH50zdGP4CJIEy7e9fCqKZk4bWpsuiRtTHQni4V2WqdD3zPA22x4dqzSpw31vDEw
5appCh4QBx3OIRxMsvCk1uWJ2K8gme+8Rv2+/rjNTdk47hdJVdS8lvTqfh9yVKt7
zofxD1s7cX4=
=KhD4
-END PGP SIGNATURE-
diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog 
gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog2019-01-05 23:07:07.0 
+0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog2019-07-14 09:49:07.0 
+0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+  * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+  (Closes: #926658)
+
+ -- Anton Gladky   Sun, 14 Jul 2019 09:49:07 +0200
+
 gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
 
   * [132187c] New upstream version 5.2.6+dfsg1
diff -Nru 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch 
gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
1970-01-01 01:00:00.0 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch  
2019-07-14 09:48:48.0 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author:  Ethan A Merritt
+Origin: 
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
 gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+ udv->udv_value.type = ARRAY;
+ ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * 
sizeof(t_value), "array state");
+ ARGV[0].v.int_val = argv_size;
++ARGV[0].type = NOTDEFINED;
+ 
+ for (argindex = 1; argindex <= 9; argindex++) {
+   char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+   }
+   /* Save ARGV[] */
+   lf->argv[0].v.int_val = 0;
++  lf->argv[0].type = NOTDEFINED;
+   if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+-  for (argindex = 0; argindex <= call_argc; argindex++)
++  for (argindex = 0; argindex <= call_argc; argindex++) {
+   lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++  if (lf->argv[argindex].type == STRING)
++  lf->argv[argindex].v.string_val =
++  gp_strdup(lf->argv[argindex].v.string_val);
++  }
+   }
+ }
+ lf->depth = lf_head ? lf_head->depth+1 : 0;   /* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
 gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 
markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+ 
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+   fprintf(stderr, "syntax:  gnuplot -c scriptname args\n");
+   gp_exit(EXIT_FAILURE);
+   }
+-  for (i=0; i

Bug#914563: transition: alglib

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition


Dear release team,

please provide a slot for the transition of the new alglib
version 3.14.

All build reverse-depenencies of the package are building fine
with this new version.


Thanks,

  Anton

===
Ben file:

title = "alglib";
is_affected = .depends ~ "libalglib3.11" | .depends ~ "libalglib3.14";
is_good = .depends ~ "libalglib3.14";
is_bad = .depends ~ "libalglib3.11";


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#904316: transition: boost-defaults

[Anton Gladky]

Hi.

from my point of view it is also better to have new boost-defaults
in the unstable and fix needed packages there. We doe not have too
much time for now to have an intermediate upload into experimental.

If this transition will be smooth and fast, we could consider to package
1.68/1.69. But it would probably be too risky and can potentially delay
the next release.

Regards

Anton

Am Mo., 24. Sep. 2018 um 02:21 Uhr schrieb Dimitri John Ledkov
:
...
> Largely rebuilds in Ubuntu have been sufficient to identify and fix
> the bulk of boost transition issues
> http://people.canonical.com/~ubuntu-archive/transitions/html/boost1.67.html
>
> After the initial rounds of NMUs I typically work off the Debian
> transition tracker to complete transition / files FTBFS bugs / NMU
> patches.
>
> I can prepare the boost-defaults upload into experimental, but I'd
> rather have this transition approved and boost-defaults uploaded into
> unstable.

Bug#907771: transition: qcustomplot

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear release team,

please schedule the transition of the qcustomplot package. It seems
that the bost dependent packages are building fine against the
new package version.


Ben file:

title = "qcustomplot";
is_affected = .depends ~ "libqcustomplot1.3" | .depends ~ "libqcustomplot2.0";
is_good = .depends ~ "libqcustomplot2.0";
is_bad = .depends ~ "libqcustomplot1.3";

Thanks

Anton

Bug#841234: jessie-pu: package libiberty/20141014-1

[Anton Gladky]

Hi Adam,

I forgot about this bug. Actually I do not have any interest and time
now to make an upload. So, I think the bug can be closed.

Thanks

Anton


2018-06-13 22:17 GMT+02:00 Adam D. Barratt :
> On Sat, 2016-12-17 at 11:42 +0100, Julien Cristau wrote:
>> Control: tag -1 moreinfo
>>
>> On Tue, Oct 18, 2016 at 20:32:56 +0200, Anton Gladky wrote:
>>
>> > Package: release.debian.org
>> > Severity: normal
>> > Tags: jessie
>> > User: release.debian@packages.debian.org
>> > Usertags: pu
>> >
>> > Dear release team,
>> >
>> > libiberty needs to be updated in Jessie, because the newer version
>> > fixes many security issues:
>> >
>> > CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
>> > CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131
>> >
>>
>> What makes it impossible to backport just the fixes for the above
>> issues, rather than importing a full new upstream release?  A short
>> description of the issues so we don't have to look them up would also
>> have been helpful.
>>
>
> Ping? The above was 18 months ago, and we're within a few days of
> closing updates to jessie before it becomes LTS.
>
> Regards,
>
> Adam

Bug#876041: transition: gl2ps

[Anton Gladky]

The package is successfully built on all relevant platforms.
Please, schedule binnmus.

Thank you,

Anton


2017-09-27 0:24 GMT+02:00 Emilio Pozuelo Monfort :
>
> Go ahead.
>
> Cheers,
> Emilio

Bug#876041: transition: gl2ps

[Anton Gladky]

Control: tags -1 -moreinfo

All rdeps are tested against new version (except vtk6
due to the current dependency problem in sid).

Package: avogadro OK
Package: drawxtlOK
Package: gabedit   OK
Package: gfsview   OK
Package: giac   OK
Package: gmshOK
Package: oce OK
Package: octave  OK
Package: paraviewOK
Package: qtiplot OK
Package: sumoOK
Package: vtk6Not testable now in sid, fails to install deps
Package: xcrysdenOK

Please consider scheduling the transition.

Thanks

Anton


2017-09-23 18:10 GMT+02:00 Emilio Pozuelo Monfort <po...@debian.org>:
> Control: tags -1 moreinfo
>
> On 23/09/17 17:44, Anton Gladky wrote:
>> I did not check them. Just generated the list of symbols and
>> no symbols were removed since the last versions (+4 new
>> symbols)
>
> That's not enough. E.g. symbols may have changed their signatures, or structs
> may have renamed or deleted some members...
>
>> So, from my point of view, it is enough to be sure that everything
>> is OK with the back-compatibility. If it is not the case, just let me
>> know and I will try to build rdeps against new gl2ps.
>
> Yes please.
>
> Emilio

Bug#876510: transition: oce

[Anton Gladky]

oce is successfully built in sid on all relevant platforms.

Cheers

Anton


2017-09-23 15:49 GMT+02:00 Emilio Pozuelo Monfort :
>
> Go ahead.
>
> Emilio

Bug#876041: transition: gl2ps

[Anton Gladky]

I did not check them. Just generated the list of symbols and
no symbols were removed since the last versions (+4 new
symbols)

So, from my point of view, it is enough to be sure that everything
is OK with the back-compatibility. If it is not the case, just let me
know and I will try to build rdeps against new gl2ps.

Cheers

Anton


2017-09-23 17:35 GMT+02:00 Emilio Pozuelo Monfort <po...@debian.org>:
> On 17/09/17 22:19, Anton Gladky wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: transition
>>
>>
>> Dear release team,
>>
>> due to a new version of gl2ps, one need the transition to a new binary.
>> Please schedule it.
>
> Do the rdeps build fine against the new gl2ps?
>
> Emilio

Bug#876510: transition: oce

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition


Dear release team,

please schedule the transition slot for the new version of oce.

All reverse-depends build fine except deal.ii which seems to be
failing due to some other reasons (#876509).

Ben file:

title = "oce";
is_affected = .depends ~ 
"liboce-foundation10|liboce-modeling10|liboce-ocaf-lite10|liboce-ocaf10|liboce-visualization10"
 | .depends ~ 
"liboce-foundation11|liboce-modeling11|liboce-ocaf-lite11|liboce-ocaf11|liboce-visualization11";
is_good = .depends ~ 
"liboce-foundation11|liboce-modeling11|liboce-ocaf-lite11|liboce-ocaf11|liboce-visualization11";
is_bad = .depends ~ 
"liboce-foundation10|liboce-modeling10|liboce-ocaf-lite10|liboce-ocaf10|liboce-visualization10";


Thanks,

Anton

Bug#876041: transition: gl2ps

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition


Dear release team,

due to a new version of gl2ps, one need the transition to a new binary.
Please schedule it.

Ben file:

title = "gl2ps";
is_affected = .depends ~ "libgl2ps1" | .depends ~ "libgl2ps1.4";
is_good = .depends ~ "libgl2ps1.4";
is_bad = .depends ~ "libgl2ps1";


Thanks,

Anton

Bug#868355: nmu: ceres-solver_1.12.0+dfsg0-1+b3

[Anton Gladky]

Hi all,

well, I would prefer to rebuild all reverse dependencies after
each new eigen3 (and probably any other header-only lib)
upload [1] and be ready to request it. But it looks like it is
not a common case to do such BinNMUs.

[1] https://bugs.debian.org/845819

Regards

Anton


2017-07-19 8:35 GMT+02:00 Philipp Huebner :
> Hi,
>
> until I find the time to package the new release of Ceres Solver,
> please go ahead with the BinNMU.
>
> With Eigen3 being a header-only library and numeric math libraries
> making use of derivatives and templating like crazy, I believe this
> strict Eigen3 check to be well reasoned.
>
> I'll ask upstream about this, but expect them to confirm it.
>
>
> Regards,
> --
>  .''`.   Philipp Huebner 
> : :'  :  pgp fp: 6719 25C5 B8CD E74A 5225  3DF9 E5CA 8C49 25E4 205F
> `. `'`
>   `-
>

Bug#868146: transition: alglib

[Anton Gladky]

2017-07-14 9:16 GMT+02:00 Emilio Pozuelo Monfort :
> Go ahead now.

Uploaded.

Anton

Bug#868146: transition: alglib

[Anton Gladky]

Hi Emilio,

libalglib-dev is in build-deps of vtk6. But it looks like vtk6 does
not use it. I will not file a bug against vtk6 because it mostly
EOL.

Please let me know when I can make an upload into the sid.

Best regards

Anton


2017-07-12 19:48 GMT+02:00 Emilio Pozuelo Monfort :
> I don't see vtk6 as affected? In any case this needs to wait for the gdal
> transition to finish, as that one can't smooth transition to testing and this
> would get entangled with it due to qmapshack (and possibly vtk6).

Bug#868146: transition: alglib

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear release team,

please provide a slot for the transition of alglib-library.
The new version 3.11 has been uploaded to the experimental
and built succesfully an all relevant platforms [1].

All reverse dependencies has been successfully built against
the new library version (vtk6, qtiplot and qmapshack).

Ben file:

title = "alglib";
is_affected = .depends ~ "libalglib3.10" | .depends ~ "libalglib3.11";
is_good = .depends ~ "libalglib3.11";
is_bad = .depends ~ "libalglib3.10";


[1] https://buildd.debian.org/status/package.php?p=alglib=experimental

Thanks,

Anton

Bug#867624: Debdiff

[Anton Gladky]

Debdiff is applied.

Anton


avogadro.debdiff
Description: Binary data

Bug#867624: stretch-pu: package avogadro/1.2.0-1+deb9u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

avogadro_1.2.0-1 in stretch has a serious bug #865085 which makes
the package completely unusable.

The reason is the incompatibility with eigen3 >> 3.3 which
was not detected during the development phase. Upstream fixed
this problem [1], [2].

The proposed update fixes the bug. Basically both patches were
applied against the current source package.

Please consider to accept this update, though patches are big.
Otherwise the package should be completely removed from the
stretch not to scare users.

[1] 
https://github.com/cryos/avogadro/commit/43af3c117b0b3220b15c2fe2895b94bbd83d3a60.patch
[2] 
https://github.com/cryos/avogadro/commit/2d4be7ede177a8df7340fe3b209698d591ee8a04.patch


Thank you,

Anton

Bug#865214: stretch-pu: package gnuplot/5.0.5+dfsg1-6+deb9u1

[Anton Gladky]

Hi Cyril,

thank you for the extended answer and useful information! Please find an
attached patch with the fixed changelog number.

Best regards

Anton

On 06/25/2017 11:09 PM, Cyril Brulebois wrote:
> Hi,
> 
> Anton Gladky <gl...@debian.org> (2017-06-19):
>> Package: release.debian.org
>> Severity: normal
>> Tags: stretch
>> User: release.debian@packages.debian.org
>> Usertags: pu
>>
>> Dear release team,
>>
>> the following gnuplot version fixes the CVE-2017-9670. Please let me
>> know, whether it can be upoaded to proposed-updates.
> 
> Looking at the security tracker, it looks like this was decided this was
> going to be a no-dsa fix, but feel free to mention this upfront in your
> next pu requests. :)
> 
> Anyway, looking at the diff: the version number isn't appropriate, as
> stretch has 5.0.5+dfsg1-6, you should be uploading 5.0.5+dfsg1-6+deb9u1.
> Alternatively, if you were going to backport 5.0.5+dfsg1-7 from testing,
> you could use 5.0.5+dfsg1-7~deb9u1, but then this should be on top of
> the 5.0.5+dfsg1-7 changelog entry.
> 
> Either way, please provide an updated debdiff with a proper version (for
> a simple patch like this, I think the first solution would have a slight
> preference on my side → 5.0.5+dfsg1-6+deb9u1).
> 
> Thanks already.
> 
> 
> KiBi.
> 

diff -Nru gnuplot-5.0.5+dfsg1/debian/changelog 
gnuplot-5.0.5+dfsg1/debian/changelog
--- gnuplot-5.0.5+dfsg1/debian/changelog2017-04-03 22:58:59.0 
+0200
+++ gnuplot-5.0.5+dfsg1/debian/changelog2017-06-16 22:35:29.0 
+0200
@@ -1,3 +1,10 @@
+gnuplot (5.0.5+dfsg1-6+deb9u1) stretch; urgency=high
+
+  * [02931b6] Fix memory corruption vulnerability. CVE-2017-9670.
+  (Closes: #864901)
+
+ -- Anton Gladky <gl...@debian.org>  Fri, 16 Jun 2017 22:35:29 +0200
+
 gnuplot (5.0.5+dfsg1-6) unstable; urgency=medium
 
   * Team upload.
diff -Nru gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch 
gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch
--- gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch   1970-01-01 
01:00:00.0 +0100
+++ gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch   2017-06-16 
22:35:29.0 +0200
@@ -0,0 +1,18 @@
+Description: Fix memory corruption vulnerability. CVE-2017-9670
+Author: Ethan Merritt
+Bug-Debian: https://bugs.debian.org/864901
+Origin: 
https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
+Bug: https://sourceforge.net/p/gnuplot/bugs/1933/
+Reviewed-By: Anton Gladky <gl...@debian.org>
+Last-Update: 2017-06-16
+
+--- gnuplot-5.0.5+dfsg1.orig/src/set.c
 gnuplot-5.0.5+dfsg1/src/set.c
+@@ -5926,6 +5926,7 @@ load_tic_series(AXIS_INDEX axis)
+ 
+ if (!equals(c_token, ",")) {
+   /* only step specified */
++  incr_token = c_token;
+   incr = start;
+   start = -VERYLARGE;
+   end = VERYLARGE;
diff -Nru gnuplot-5.0.5+dfsg1/debian/patches/series 
gnuplot-5.0.5+dfsg1/debian/patches/series
--- gnuplot-5.0.5+dfsg1/debian/patches/series   2017-04-03 22:54:50.0 
+0200
+++ gnuplot-5.0.5+dfsg1/debian/patches/series   2017-06-16 22:35:29.0 
+0200
@@ -6,3 +6,4 @@
 11_fix_linkage_wx.patch
 13_honour_SOURCE_DATE_EPOCH.patch
 14_strip_username_from_output.patch
+20_CVE-2017-9670.patch


signature.asc
Description: OpenPGP digital signature

Bug#865214: stretch-pu: package gnuplot/5.0.5+dfsg1-7+deb9u1

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear release team,

the following gnuplot version fixes the CVE-2017-9670. Please let me know,
whether it can be upoaded to proposed-updates.

Diff is provided.

Thanks,

Anton
diff -Nru gnuplot-5.0.5+dfsg1/debian/changelog 
gnuplot-5.0.5+dfsg1/debian/changelog
--- gnuplot-5.0.5+dfsg1/debian/changelog2017-04-03 22:58:59.0 
+0200
+++ gnuplot-5.0.5+dfsg1/debian/changelog2017-06-16 22:35:29.0 
+0200
@@ -1,3 +1,10 @@
+gnuplot (5.0.5+dfsg1-7+deb9u1) stretch; urgency=high
+
+  * [02931b6] Fix memory corruption vulnerability. CVE-2017-9670.
+  (Closes: #864901)
+
+ -- Anton Gladky <gl...@debian.org>  Fri, 16 Jun 2017 22:35:29 +0200
+
 gnuplot (5.0.5+dfsg1-6) unstable; urgency=medium
 
   * Team upload.
diff -Nru gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch 
gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch
--- gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch   1970-01-01 
01:00:00.0 +0100
+++ gnuplot-5.0.5+dfsg1/debian/patches/20_CVE-2017-9670.patch   2017-06-16 
22:35:29.0 +0200
@@ -0,0 +1,18 @@
+Description: Fix memory corruption vulnerability. CVE-2017-9670
+Author: Ethan Merritt
+Bug-Debian: https://bugs.debian.org/864901
+Origin: 
https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
+Bug: https://sourceforge.net/p/gnuplot/bugs/1933/
+Reviewed-By: Anton Gladky <gl...@debian.org>
+Last-Update: 2017-06-16
+
+--- gnuplot-5.0.5+dfsg1.orig/src/set.c
 gnuplot-5.0.5+dfsg1/src/set.c
+@@ -5926,6 +5926,7 @@ load_tic_series(AXIS_INDEX axis)
+ 
+ if (!equals(c_token, ",")) {
+   /* only step specified */
++  incr_token = c_token;
+   incr = start;
+   start = -VERYLARGE;
+   end = VERYLARGE;
diff -Nru gnuplot-5.0.5+dfsg1/debian/patches/series 
gnuplot-5.0.5+dfsg1/debian/patches/series
--- gnuplot-5.0.5+dfsg1/debian/patches/series   2017-04-03 22:54:50.0 
+0200
+++ gnuplot-5.0.5+dfsg1/debian/patches/series   2017-06-16 22:35:29.0 
+0200
@@ -6,3 +6,4 @@
 11_fix_linkage_wx.patch
 13_honour_SOURCE_DATE_EPOCH.patch
 14_strip_username_from_output.patch
+20_CVE-2017-9670.patch

Bug#864907: unblock: gnuplot/5.0.5+dfsg1-7, CVE-2017-9670

[Anton Gladky]

Package: release.debian.org
Severity: normal
Tags: security upstream patch
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gnuplot

it fixes CVE-2017-9670. The fix is trivial. Patch is attached.

unblock gnuplot/5.0.5+dfsg1-7

The diff is attached.

Thanks

Anton
diff --git a/debian/changelog b/debian/changelog
index 3705f0e..a27d6a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+gnuplot (5.0.5+dfsg1-7) unstable; urgency=high
+
+  * [02931b6] Fix memory corruption vulnerability. CVE-2017-9670.
+  (Closes: #864901)
+
+ -- Anton Gladky <gl...@debian.org>  Fri, 16 Jun 2017 22:35:29 +0200
+
 gnuplot (5.0.5+dfsg1-6) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/20_CVE-2017-9670.patch 
b/debian/patches/20_CVE-2017-9670.patch
new file mode 100644
index 000..482ea7e
--- /dev/null
+++ b/debian/patches/20_CVE-2017-9670.patch
@@ -0,0 +1,18 @@
+Description: Fix memory corruption vulnerability. CVE-2017-9670
+Author: Ethan Merritt
+Bug-Debian: https://bugs.debian.org/864901
+Origin: 
https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
+Bug: https://sourceforge.net/p/gnuplot/bugs/1933/
+Reviewed-By: Anton Gladky <gl...@debian.org>
+Last-Update: 2017-06-16
+
+--- gnuplot-5.0.5+dfsg1.orig/src/set.c
 gnuplot-5.0.5+dfsg1/src/set.c
+@@ -5926,6 +5926,7 @@ load_tic_series(AXIS_INDEX axis)
+ 
+ if (!equals(c_token, ",")) {
+   /* only step specified */
++  incr_token = c_token;
+   incr = start;
+   start = -VERYLARGE;
+   end = VERYLARGE;
diff --git a/debian/patches/series b/debian/patches/series
index 94e0bfa..3c19808 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 11_fix_linkage_wx.patch
 13_honour_SOURCE_DATE_EPOCH.patch
 14_strip_username_from_output.patch
+20_CVE-2017-9670.patch

Bug#864046: unblock: freemat/4.2+dfsg1-4

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freemat

this version workarounds #863686 by disabling LLVM-support.

unblock freemat/4.2+dfsg1-4

Thanks,

Anton

Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5

[Anton Gladky]

Control: tags -1 - moreinfo

Uploaded and the package was built successfully on all relevant
release platforms.

Thanks,

Anton


2017-05-12 17:09 GMT+02:00 Niels Thykier <ni...@thykier.net>:
> Control: tags -1 confirmed moreinfo
>
> Anton Gladky:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package vtk6
>>
>> During the last upload of the version 6.3.0+dfsg1-4 some line endings
>> in autopkgtests were accidentally broken and it causes test failures [1].
>>
>> This upload is trivial and just replaces broken line endings.
>>
>> [1] https://ci.debian.net/packages/v/vtk6/unstable/amd64/
>>
>> unblock vtk6/6.3.0+dfsg1-5
>>
>>
>> Thanks,
>>
>> Anton
>>
>
> Please go ahead and remove the moreinfo tag once the upload has been
> accepted into unstable and built on all relevant release architectures.
>
> Thanks,
> ~Niels
>
>

Bug#862214: Pre-approval request, unblock: vtk6/6.3.0+dfsg1-5

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vtk6

During the last upload of the version 6.3.0+dfsg1-4 some line endings
in autopkgtests were accidentally broken and it causes test failures [1].

This upload is trivial and just replaces broken line endings.

[1] https://ci.debian.net/packages/v/vtk6/unstable/amd64/

unblock vtk6/6.3.0+dfsg1-5


Thanks,

Anton
diff -Nru vtk6-6.3.0+dfsg1/debian/changelog vtk6-6.3.0+dfsg1/debian/changelog
--- vtk6-6.3.0+dfsg1/debian/changelog   2017-03-14 21:34:10.0 +0100
+++ vtk6-6.3.0+dfsg1/debian/changelog   2017-05-09 22:38:56.0 +0200
@@ -1,3 +1,9 @@
+vtk6 (6.3.0+dfsg1-5) unstable; urgency=medium
+
+  * Fix line endings in autopkgtests to let them run.
+
+ -- Anton Gladky <gl...@debian.org>  Tue, 09 May 2017 22:38:56 +0200
+
 vtk6 (6.3.0+dfsg1-4) unstable; urgency=medium
 
   * [9a28dbe] Fix symlink onto vtk. (Closes: #857533).
diff -Nru vtk6-6.3.0+dfsg1/debian/patches/100_javac-heap.patch 
vtk6-6.3.0+dfsg1/debian/patches/100_javac-heap.patch
--- vtk6-6.3.0+dfsg1/debian/patches/100_javac-heap.patch2016-04-14 
14:36:27.0 +0200
+++ vtk6-6.3.0+dfsg1/debian/patches/100_javac-heap.patch2017-05-09 
22:38:24.0 +0200
@@ -1,8 +1,8 @@
-Description: set JVM max memory to 1024m.
-Author: Matthias Klose <d...@ubuntu.com>
-Acked-By: Anton Gladky <gl...@debian.org>
-Last-Update: 2016-02-12
-
+Description: set JVM max memory to 1024m.
+Author: Matthias Klose <d...@ubuntu.com>
+Acked-By: Anton Gladky <gl...@debian.org>
+Last-Update: 2016-02-12
+
 Index: VTK-6.3.0/Wrapping/Java/CMakeLists.txt
 ===
 --- VTK-6.3.0.orig/Wrapping/Java/CMakeLists.txt
diff -Nru vtk6-6.3.0+dfsg1/debian/patches/101_java_install_path.patch 
vtk6-6.3.0+dfsg1/debian/patches/101_java_install_path.patch
--- vtk6-6.3.0+dfsg1/debian/patches/101_java_install_path.patch 2016-04-14 
14:36:38.0 +0200
+++ vtk6-6.3.0+dfsg1/debian/patches/101_java_install_path.patch 2017-05-09 
22:38:24.0 +0200
@@ -1,11 +1,11 @@
-Description: Install Java modules in the correct path
- This patch corrects the installation of the native Java modules
- to go to the path given by the Debian Java Policy. This helps
- to later use the simple install file to get them to the right
- location in the package. 
-Author: Gert Wollny <gw.foss...@gmail.com
-Last-Update: 2016-03-26
-
+Description: Install Java modules in the correct path
+ This patch corrects the installation of the native Java modules
+ to go to the path given by the Debian Java Policy. This helps
+ to later use the simple install file to get them to the right
+ location in the package. 
+Author: Gert Wollny <gw.foss...@gmail.com
+Last-Update: 2016-03-26
+
 Index: VTK-6.3.0/CMake/vtkJavaWrapping.cmake
 ===
 --- VTK-6.3.0.orig/CMake/vtkJavaWrapping.cmake
diff -Nru vtk6-6.3.0+dfsg1/debian/patches/102_enable_system_proj4_lib.patch 
vtk6-6.3.0+dfsg1/debian/patches/102_enable_system_proj4_lib.patch
--- vtk6-6.3.0+dfsg1/debian/patches/102_enable_system_proj4_lib.patch   
2016-04-14 14:36:45.0 +0200
+++ vtk6-6.3.0+dfsg1/debian/patches/102_enable_system_proj4_lib.patch   
2017-05-09 22:38:24.0 +0200
@@ -1,8 +1,8 @@
-Description: Correct code to enable use of system proj4 
-Author: Matthew Woehlke <matthew.woeh...@kitware.com>
-Bug: https://bugs.debian.org/750184
-Upstream-Bug: http://www.vtk.org/Bug/view.php?id=14126
-
+Description: Correct code to enable use of system proj4 
+Author: Matthew Woehlke <matthew.woeh...@kitware.com>
+Bug: https://bugs.debian.org/750184
+Upstream-Bug: http://www.vtk.org/Bug/view.php?id=14126
+
 Index: VTK-6.3.0/CMake/FindLIBPROJ4.cmake
 ===
 --- VTK-6.3.0.orig/CMake/FindLIBPROJ4.cmake
diff -Nru vtk6-6.3.0+dfsg1/debian/patches/104_fix_gcc_version_6.patch 
vtk6-6.3.0+dfsg1/debian/patches/104_fix_gcc_version_6.patch
--- vtk6-6.3.0+dfsg1/debian/patches/104_fix_gcc_version_6.patch 2016-04-14 
14:36:53.0 +0200
+++ vtk6-6.3.0+dfsg1/debian/patches/104_fix_gcc_version_6.patch 2017-05-09 
22:38:24.0 +0200
@@ -1,7 +1,7 @@
-Description: Fix to be able to compile with gcc-6
-Author: Gerardo Malazdrewicz <gera...@malazdrewicz.com.ar>
-Bug: https://bugs.debian.org/812296
-
+Description: Fix to be able to compile with gcc-6
+Author: Gerardo Malazdrewicz <gera...@malazdrewicz.com.ar>
+Bug: https://bugs.debian.org/812296
+
 Index: VTK-6.3.0/CMake/GenerateExportHeader.cmake
 ===
 --- VTK-6.3.0.orig/CMake/GenerateExportHeader.cmake
diff -Nru vtk6-6.3.0+dfsg1/debian/patches/105_unforce_embedded_glew.patch 
vtk6-6.3.0+dfsg1/debian/patches/105_unforce_embedded_glew.patch
--- vtk6-6.3.0+dfsg1/debian/p

Bug#860310: unblock pre-apptoval request for yade/2017.01a-8

[Anton Gladky]

tags 860310 -moreinfo
thanks

Hi Niels,

yade_2017.01a-8 has been succesfully built on all relevant release
platforms [1].

[1] https://buildd.debian.org/status/package.php?p=yade

Best regards

Anton


2017-04-17 13:07 GMT+02:00 Niels Thykier :
> Ack, please go ahead and let us know when the upload has been built on
> all relevant release architectures.

Bug#860346: unblock: oce/0.17.2-2

[Anton Gladky]

tags 860346 -moreinfo
thanks

Hi Niels,

oce_0.17.2-2 has been succesfully built on all release
platforms [1].

[1] https://buildd.debian.org/status/package.php?p=oce

Anton


2017-04-17 13:02 GMT+02:00 Niels Thykier :
> Ack, please go ahead and let us know once the upload has been compiled
> on all relevant release architectures.

Bug#860346: unblock: oce/0.17.2-2

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package oce

The upstream has found and fixed an annoying bug [1] in
oce. Debian and Ubuntu packages are affected. OCE_LIBRARIES
wrongly includes DRAWEX if -DOCE_DRAW=ON.

The attached patch was cherry-picked from upstream repo.

unblock oce/0.17.2-2


[1] https://github.com/tpaviot/oce/issues/660

Thanks,

Anton
diff -Nru oce-0.17.2/debian/changelog oce-0.17.2/debian/changelog
--- oce-0.17.2/debian/changelog 2016-06-16 23:05:45.0 +0200
+++ oce-0.17.2/debian/changelog 2017-04-14 22:35:14.0 +0200
@@ -1,3 +1,10 @@
+oce (0.17.2-2) unstable; urgency=medium
+
+  [ Janus Weil ]
+  * [c25582f] Prevent DRAWEXE from being added to OCE_LIBRARIES.
+
+ -- Anton Gladky <gl...@debian.org>  Fri, 14 Apr 2017 22:35:14 +0200
+
 oce (0.17.2-1) unstable; urgency=medium
 
   * [776089c] Imported Upstream version 0.17.2
diff -Nru oce-0.17.2/debian/patches/do_not_add_drawexe.patch 
oce-0.17.2/debian/patches/do_not_add_drawexe.patch
--- oce-0.17.2/debian/patches/do_not_add_drawexe.patch  1970-01-01 
01:00:00.0 +0100
+++ oce-0.17.2/debian/patches/do_not_add_drawexe.patch  2017-04-14 
22:33:04.0 +0200
@@ -0,0 +1,25 @@
+From 340781368c4d1902887fe6a5b7288cce5eb53456 Mon Sep 17 00:00:00 2001
+From: Janus Weil <ja...@gcc.gnu.org>
+Date: Sun, 12 Mar 2017 16:47:28 +0100
+Subject: [PATCH] prevent DRAWEXE from being added to OCE_LIBRARIES * see issue
+ #660
+
+---
+ CMakeLists.txt | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 19e9705..c379b3c 100644
+--- a/CMakeLists.txt
 b/CMakeLists.txt
+@@ -990,7 +990,9 @@ macro(process_module modulename modules_std)
+   list(APPEND modules ${ARGN})
+   endif(NOT OCE_DISABLE_X11)
+   foreach(module ${modules})
+-  list(APPEND OCE_LIBRARIES ${module})
++  if(NOT module MATCHES ".*EXE")
++  list(APPEND OCE_LIBRARIES ${module})
++  endif()
+   set(TOOLKIT_MODULES "")
+   set(TOOLKIT_DEPENDS "")
+   set(TOOLKIT_INCLUDE_DIRECTORIES "")
diff -Nru oce-0.17.2/debian/patches/series oce-0.17.2/debian/patches/series
--- oce-0.17.2/debian/patches/series2016-01-29 13:01:05.0 +0100
+++ oce-0.17.2/debian/patches/series2017-04-14 22:33:49.0 +0200
@@ -1,2 +1,3 @@
 split-export.patch
 speedup-BRepMesh_test.patch
+do_not_add_drawexe.patch

Bug#860310: unblock pre-apptoval request for yade/2017.01a-8

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package yade

Yade upstream have found a critical bug in so-called periodic
boundaries contact detection [1]. It would be good to have this
fix in Debian as well. I cherry-picked the upstream's patch,
which is attached to this mail.

unblock yade/2017.01a-8

[1] http://www.mail-archive.com/yade-dev@lists.launchpad.net/msg12355.html


Thanks,

Anton
diff -Nru yade-2017.01a/debian/changelog yade-2017.01a/debian/changelog
--- yade-2017.01a/debian/changelog  2017-02-28 22:03:24.0 +0100
+++ yade-2017.01a/debian/changelog  2017-04-14 12:43:59.0 +0200
@@ -1,3 +1,10 @@
+yade (2017.01a-8) unstable; urgency=medium
+
+  [ Bruno Chareyre ]
+  * [be08409] Critical bugfix for periodic boundaries.
+
+ -- Anton Gladky <gl...@debian.org>  Fri, 14 Apr 2017 12:43:59 +0200
+
 yade (2017.01a-7) unstable; urgency=medium
 
   * [31387da] Add missing dependency on python-pyqt5.qtsvg in python-yade.
diff -Nru yade-2017.01a/debian/patches/09_fix_periodic_boundaries.patch 
yade-2017.01a/debian/patches/09_fix_periodic_boundaries.patch
--- yade-2017.01a/debian/patches/09_fix_periodic_boundaries.patch   
1970-01-01 01:00:00.0 +0100
+++ yade-2017.01a/debian/patches/09_fix_periodic_boundaries.patch   
2017-04-14 12:42:33.0 +0200
@@ -0,0 +1,28 @@
+From c7c8e6f62d452c81a31415f05a12587a6cc8c452 Mon Sep 17 00:00:00 2001
+From: bchareyre <bruno.chare...@grenoble-inp.fr>
+Date: Fri, 14 Apr 2017 12:04:32 +0200
+Subject: [PATCH] Critical bugfix for collision detection in periodic boundary
+ conditions. Bounds lists were left partially unordered,  then some
+ interactions were never detected (my toughest yade debugging until now).
+
+---
+ pkg/common/InsertionSortCollider.cpp | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/pkg/common/InsertionSortCollider.cpp 
b/pkg/common/InsertionSortCollider.cpp
+index dc5d7ac..163a4f4 100644
+--- a/pkg/common/InsertionSortCollider.cpp
 b/pkg/common/InsertionSortCollider.cpp
+@@ -410,8 +410,10 @@ Real InsertionSortCollider::cellWrapRel(const Real x, 
const Real x0, const Real
+ void InsertionSortCollider::insertionSortPeri(VecBounds& v, 
InteractionContainer* interactions, Scene*, bool doCollide){
+   assert(periodic);
+   long =v.loIdx; const long =v.size;
+-  for(long _i=0; _i<size; _i++){
+-  const long i=v.norm(_i);
++  /* We have to visit each bound at least once (first condition), but 
this is not enough. The correct ordering in the begining of the list needs a 
second pass to connect begin and end consistently (the second condition). 
Strictly the second condition should include "+ (v.norm(j+1)==loIdx ? v.cellDim 
: 0)" but it is ok as is since the shift is added inside the loop. */
++  long _i=0;
++  for(; (_i<size) || (v[v.norm(_i)].coord <  v[v.norm(_i-1)].coord); 
_i++){
++  const long i=v.norm(_i);//FIXME: useless, and many others can 
probably be removed
+   const long i_1=v.norm(i-1);
+   //switch period of (i) if the coord is below the lower edge 
cooridnate-wise and just above the split
+   if(i==loIdx && v[i].coord<0){ v[i].period-=1; 
v[i].coord+=v.cellDim; loIdx=v.norm(loIdx+1); }
diff -Nru yade-2017.01a/debian/patches/series 
yade-2017.01a/debian/patches/series
--- yade-2017.01a/debian/patches/series 2017-02-26 20:21:22.0 +0100
+++ yade-2017.01a/debian/patches/series 2017-04-14 12:42:59.0 +0200
@@ -1,3 +1,4 @@
 01_remove_google_analytics.patch
 08_fix_gui.patch
+09_fix_periodic_boundaries.patch
 

Bug#857079: unblock: solvespace/2.3+repack2-2

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package solvespace

This upload fixes an RC-bug #856937 and the patch is very small,
adding a dependency on libslvs1 to the -dev package. Diff is
attached.

unblock solvespace/2.3+repack2-2

Thanks,

Anton
diff -Nru solvespace-2.3+repack1/debian/changelog 
solvespace-2.3+repack1/debian/changelog
--- solvespace-2.3+repack1/debian/changelog 2016-12-31 09:54:59.0 
+0100
+++ solvespace-2.3+repack1/debian/changelog 2017-03-06 20:59:20.0 
+0100
@@ -1,3 +1,9 @@
+solvespace (2.3+repack1-2) unstable; urgency=medium
+
+  * [0d4dc2b] Add missing dependency on libslvs1. (Closes: #856937)
+
+ -- Anton Gladky <gl...@debian.org>  Mon, 06 Mar 2017 20:59:20 +0100
+
 solvespace (2.3+repack1-1) unstable; urgency=medium
 
   * [a7825d4] Add d/watch.
diff -Nru solvespace-2.3+repack1/debian/control 
solvespace-2.3+repack1/debian/control
--- solvespace-2.3+repack1/debian/control   2016-08-15 22:31:44.0 
+0200
+++ solvespace-2.3+repack1/debian/control   2016-12-31 09:54:59.0 
+0100
@@ -55,7 +55,7 @@
 Section: libdevel
 Architecture: any
 Multi-Arch: same
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}, libslvs1 (= ${binary:Version})
 Description: SolveSpace geometric kernel (development files)
  SolveSpace is a parametric 2d/3d CAD. libslvs contains the geometric
  kernel of SolveSpace, built as a library.

Bug#856837: unblock: yade/2017.01a-7

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package yade

There were several uploads, which are fixing the RC-bugs #856175
(GUI was not visible completely) and #856218 (detected FTBFS during
generation of PDF-file). Debdiff is attached.


unblock yade/2017.01a-7

Thanks,

Anton
diff -Nru yade-2017.01a/debian/changelog yade-2017.01a/debian/changelog
--- yade-2017.01a/debian/changelog  2017-01-23 17:36:15.0 +0100
+++ yade-2017.01a/debian/changelog  2017-02-28 22:03:24.0 +0100
@@ -1,3 +1,34 @@
+yade (2017.01a-7) unstable; urgency=medium
+
+  * [31387da] Add missing dependency on python-pyqt5.qtsvg in python-yade.
+
+ -- Anton Gladky <gl...@debian.org>  Tue, 28 Feb 2017 22:03:24 +0100
+
+yade (2017.01a-6) unstable; urgency=medium
+
+  * [2366d84] Add missing dependency on python-pyqt5.qtsvg.
+
+ -- Anton Gladky <gl...@debian.org>  Tue, 28 Feb 2017 21:53:02 +0100
+
+yade (2017.01a-5) unstable; urgency=medium
+
+  * [eb193dd] Revert patch applied by last upload.
+  * [11efabc] Stop generating of PDF file. (Closes: #856218)
+
+ -- Anton Gladky <gl...@debian.org>  Mon, 27 Feb 2017 23:20:27 +0100
+
+yade (2017.01a-4) unstable; urgency=medium
+
+  * [e248862] Fix FTBFS during documentation build. (Closes: #856218)
+
+ -- Anton Gladky <gl...@debian.org>  Sun, 26 Feb 2017 20:21:22 +0100
+
+yade (2017.01a-3) unstable; urgency=medium
+
+  * [14120f5] Initialize GUI in IPython 5. (Closes: #856175)
+
+ -- Anton Gladky <gl...@debian.org>  Sun, 26 Feb 2017 00:47:26 +0100
+
 yade (2017.01a-2) unstable; urgency=medium
 
   * [1a804bb] Disable parallel build.
diff -Nru yade-2017.01a/debian/control yade-2017.01a/debian/control
--- yade-2017.01a/debian/control2017-01-19 22:48:02.0 +0100
+++ yade-2017.01a/debian/control2017-02-28 22:03:03.0 +0100
@@ -32,6 +32,7 @@
python-numpy,
python-sip,
python-pyqt5,
+   python-pyqt5.qtsvg,
python-tk,
python-xlib,
zlib1g-dev
@@ -108,6 +109,7 @@
  python-matplotlib,
  python-minieigen,
  python-pyqt5,
+ python-pyqt5.qtsvg,
  python-tk,
  python-xlib,
  ${misc:Depends},
diff -Nru yade-2017.01a/debian/patches/08_fix_gui.patch 
yade-2017.01a/debian/patches/08_fix_gui.patch
--- yade-2017.01a/debian/patches/08_fix_gui.patch   1970-01-01 
01:00:00.0 +0100
+++ yade-2017.01a/debian/patches/08_fix_gui.patch   2017-02-26 
00:46:13.0 +0100
@@ -0,0 +1,21 @@
+From: Anton Gladky <gl...@debian.org>
+Date: Sat, 25 Feb 2017 22:30:24 +0100
+Subject: [PATCH] Initialize gui in IPython 5.
+---
+ core/main/main.py.in | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+Index: yade/core/main/main.py.in
+===
+--- yade.orig/core/main/main.py.in
 yade/core/main/main.py.in
+@@ -244,6 +244,9 @@ def userSession(gui='none',qapp=None):
+   InteractiveShellEmbed.config=cfg
+   InteractiveShellEmbed.banner1=banner+'\n'
+   ipshell=InteractiveShellEmbed()
++  # If IPython > 5 one need to initialize graphic gui
++  if ((gui == "qt5" or gui == "qt4")and 
yade.runtime.ipython_version>=500):
++  ipshell.enable_gui(gui)
+   ipshell()
+ 
+ ## run userSession in a way corresponding to the features we use:
diff -Nru yade-2017.01a/debian/patches/series 
yade-2017.01a/debian/patches/series
--- yade-2017.01a/debian/patches/series 2017-01-19 22:46:11.0 +0100
+++ yade-2017.01a/debian/patches/series 2017-02-26 20:21:22.0 +0100
@@ -1 +1,3 @@
 01_remove_google_analytics.patch
+08_fix_gui.patch
+
diff -Nru yade-2017.01a/debian/rules yade-2017.01a/debian/rules
--- yade-2017.01a/debian/rules  2017-01-23 17:35:59.0 +0100
+++ yade-2017.01a/debian/rules  2017-02-27 23:21:05.0 +0100
@@ -47,7 +47,7 @@
dh_numpy
 ifeq ($(BUILD_DOC), yes)
#Generate docs
-   cd $(CURDIR)/doc/sphinx; PYTHONPATH=. $(tmpInstall)/usr/bin/yade 
yadeSphinx.py; cd _build/latex; xelatex Yade.tex; xelatex Yade.tex; xelatex 
Yade.tex;
+   cd $(CURDIR)/doc/sphinx; PYTHONPATH=. $(tmpInstall)/usr/bin/yade 
yadeSphinx.py
 endif
#Delete all pyc files
find . -name '*.pyc' -print0 | xargs -0 rm -f
diff -Nru yade-2017.01a/debian/yade-doc.doc-base 
yade-2017.01a/debian/yade-doc.doc-base
--- yade-2017.01a/debian/yade-doc.doc-base  2014-06-25 20:23:46.0 
+0200
+++ yade-2017.01a/debian/yade-doc.doc-base  2017-02-27 23:21:05.0 
+0100
@@ -7,6 +7,3 @@
 Format: html
 Index: /usr/share/doc/yade-doc/html/index.html
 Files: /usr/share/doc/yade-doc/*.*
-
-Format: PDF
-Files: /usr/share/doc/yade-doc/Yade.pdf
diff -Nru yade-2017.01a/debian/yade-doc.docs ya

Bug#845819: nmu all revers build depends of eigen3

[Anton Gladky]

Hi Niels,

2017-02-05 17:52 GMT+01:00 Niels Thykier :
> We don't plan to rebuild for the sake of rebuilding, so I am closing
> this request with no action.
>
> Please do reopen it if there are requirements (i.e. something breaks) if
> we do not recompile the reverse dependencies.  But from what I can tell
> so far, this is not the case here.

Sure, no problem with the bug closing.

it is probably the question for the longer discussion in the future, how should
we proceed with header-only libraries. Usually I do not ask for the
rebuilding after an upload of this package. But there was a discussion
last August [1] regarding this topic. And sometimes it makes really
sense to rebuild all rdeps.

[1] https://lists.debian.org/debian-science/2016/08/msg00032.html

Best regards

Anton

Bug#845819: nmu all revers build depends of eigen3

[Anton Gladky]

It is a header-only library. There is no ABI. But it would be
good to build all deps against new eigen3.

Regards

Anton


2017-01-18 0:30 GMT+01:00 Emilio Pozuelo Monfort <po...@debian.org>:
> On 26/11/16 23:03, Anton Gladky wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: binnmu
>>
>> Dear release team,
>>
>> the new version of header only library eigen3 has recently
>> been released and uploaded into the Debian. Thus it would
>> be good to rebuild all reverse dependencies of this package
>> in the archive.
>>
>> The arrached list contains all possible reverse-debendencies,
>> which need to be binNMUed.
>
> Why is this needed? Did libeigen break the ABI?
>
> Cheers,
> Emilio

Bug#845819: nmu all revers build depends of eigen3

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Dear release team,

the new version of header only library eigen3 has recently
been released and uploaded into the Debian. Thus it would
be good to rebuild all reverse dependencies of this package
in the archive.

The arrached list contains all possible reverse-debendencies,
which need to be binNMUed.

If there is a better mechanism to ask for such request, please
let me know.

Thank you

Anton
analitza
avogadro
cain
calligra
ceres-solver
csound
digikam
dolfin
fastqtl
freecad
gnudatalanguage
guitarix
iqtree
kalzium
kido
kstars
lammps
liggghts
mia
minieigen
movit
mpqc3
mrpt
nanopolish
openbabel
opencv
openscad
opensurgsim
orocos-kdl
palabos
paraview
pcl
probabel
purify
ros-eigen-stl-containers
ros-geometric-shapes
ros-geometry
ros-geometry-experimental
ros-laser-geometry
ros-pcl-conversions
ros-rviz
salmon
sopt
step
tiledarray
woo
yade
cufflinks

Bug#844526: Bug#844486: gnuplot-qt: Mismatch between the program and library build versions with GNUTERM=wxt

[Anton Gladky]

Hi Olly,

thanks for your opinion! From my point of view, wxwidgets3.0
should be binNMUed together with all rdeps. Because even a
minor source upload of wxwidges3.0t will start this process anyway
but in uncoordinated mode.

Cheers

Anton

2016-11-17 2:36 GMT+01:00 Olly Betts :
> However, if you want to eliminate this warning message and are going to
> binNMU wxwidgets3.0 to that end, you will also need to binNMU any of its
> rdeps which haven't been built with the newer compiler ABI, or else
> you're just going to swap around which rdeps issue this warning.
>
> Cheers,
> Olly

Bug#844526: nmu: wxwidgets3.0_3.0.2+dfsg-2

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu


Dear release team,

wxwidgets needs to be recompiled due to a versions mismatch.
See #844486 for more details.

Recompiling this package fixes the problem in #844486

nmu wxwidgets3.0_3.0.2+dfsg-2 . ANY . unstable . -m "Fix ABI mismatch"


Thanks,

Anton

Re: jessie-pu: package libiberty/20161017-1+deb8u1

[Anton Gladky]

Hello Adam,

2016-10-17 21:48 GMT+02:00 Adam D. Barratt :
> Please file this as an appropriately-tagged bug against
> release.debian.org; mails to the list have a tendency to get lost.

thanks for the review. I used a reportbug, but it
did not send a mail to submit@b.d.o. Will repeat the
procedure.

>> Also libiberty is statically linked against "ht" which is also
>> should be updated in order to fix same CVEs, becuase ht used
>> embedded copy of libiberty (#840358).
>
> I'm slightly confused here. libiberty is statically linked against
> something that embeds libiberty? That seems somewhat circular.

ht contained a vulnerable embedded copy of libiberty. I stripped it
out and built ht against fixed libiberty, which is now statically linked
against ht.

So, for the proper fixing of all CVEs in Jessie and potentially in Wheezy
one need to backport the newest libiberty and then upload the stripped
version of ht.

> From a very quick look:
>
> +libiberty (20161017-1+deb8u1) jessie-proposed-updates; urgency=medium
> +libiberty (20161017-1) unstable; urgency=medium
> That's broken. The upload to stable needs to have a lower version than
> unstable.

libiberty (20161017-1~deb8u1) will that work?

> diff -Nru libiberty-20141014/debian/compat libiberty-20161017/debian/compat
> --- libiberty-20141014/debian/compat2013-11-16 20:38:52.0 +0100
> +++ libiberty-20161017/debian/compat2016-02-15 20:15:24.0 +0100
> @@ -1 +1 @@
> -7
> +9
> [...]
> -Build-Depends: debhelper (>= 8.0.0), autotools-dev
> -Standards-Version: 3.9.6
> +Build-Depends: debhelper (>= 9), autotools-dev
>
> That's not an acceptable change for a stable update.

Ok, I will revert it.

> The debdiff also doesn't appear to contain any changes outside of
> debian/, which makes it impossible to review.

I filtered it because the full diff is over 40k lines, which is unreadable.
To fix those CVEs we need to backport the complete new version.

Thanks

Anton

jessie-pu: package libiberty/20161017-1+deb8u1

[Anton Gladky]

Dear release team,

libiberty needs to be updated in Jessie, because the newer version
fixes many security issues:

CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131

Also libiberty is statically linked against "ht" which is also
should be updated in order to fix same CVEs, becuase ht used
embedded copy of libiberty (#840358).

Please review an attached patch (filtered).

Thanks

Anton
diff -Nru libiberty-20141014/debian/changelog libiberty-20161017/debian/changelog
--- libiberty-20141014/debian/changelog	2014-10-14 14:24:19.0 +0200
+++ libiberty-20161017/debian/changelog	2016-10-17 21:05:57.0 +0200
@@ -1,3 +1,38 @@
+libiberty (20161017-1+deb8u1) jessie-proposed-updates; urgency=medium
+
+  * Update to the latest version. Fix security issues.
+CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
+CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131
+
+ -- Anton Gladky <gl...@debian.org>  Mon, 17 Oct 2016 21:05:57 +0200
+
+libiberty (20161017-1) unstable; urgency=medium
+
+  * Update to 20161017 (CVE-2016-6131). Closes: #840889.
+  * Don't apply "fixes" which are not yet accepted upstream.
+
+ -- Matthias Klose <d...@debian.org>  Mon, 17 Oct 2016 11:37:08 +0200
+
+libiberty (20161011-1) unstable; urgency=medium
+
+  * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493,
+CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488,
+CVE-2016-4487, CVE-2016-2226. Closes: #840360.
+
+ -- Matthias Klose <d...@debian.org>  Tue, 11 Oct 2016 09:14:23 +0200
+
+libiberty (20160807-1) unstable; urgency=medium
+
+  * Update to 20160807.
+
+ -- Matthias Klose <d...@debian.org>  Sun, 07 Aug 2016 14:03:33 +0200
+
+libiberty (20160215-1) unstable; urgency=medium
+
+  * Update to 20160215.
+
+ -- Matthias Klose <d...@debian.org>  Mon, 15 Feb 2016 20:15:28 +0100
+
 libiberty (20141014-1) unstable; urgency=medium
 
   * Update to 20141014.
diff -Nru libiberty-20141014/debian/compat libiberty-20161017/debian/compat
--- libiberty-20141014/debian/compat	2013-11-16 20:38:52.0 +0100
+++ libiberty-20161017/debian/compat	2016-02-15 20:15:24.0 +0100
@@ -1 +1 @@
-7
+9
diff -Nru libiberty-20141014/debian/control libiberty-20161017/debian/control
--- libiberty-20141014/debian/control	2014-10-14 14:23:49.0 +0200
+++ libiberty-20161017/debian/control	2016-08-07 14:04:01.0 +0200
@@ -3,8 +3,8 @@
 Priority: optional
 Maintainer: Debian GCC Maintainers <debian-...@lists.debian.org>
 Uploaders: Matthias Klose <d...@debian.org>
-Build-Depends: debhelper (>= 8.0.0), autotools-dev
-Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9), autotools-dev
+Standards-Version: 3.9.8
 Homepage: http://gcc.gnu.org/
 
 Package: libiberty-dev
diff -Nru libiberty-20141014/debian/patches/use-ldflags.diff libiberty-20161017/debian/patches/use-ldflags.diff
--- libiberty-20141014/debian/patches/use-ldflags.diff	2014-10-14 14:28:49.0 +0200
+++ libiberty-20161017/debian/patches/use-ldflags.diff	2016-10-11 09:17:52.0 +0200
@@ -2,7 +2,7 @@
 ===
 --- a/libiberty/Makefile.in
 +++ b/libiberty/Makefile.in
-@@ -415,7 +415,7 @@ TAGS: $(CFILES)
+@@ -416,7 +416,7 @@ etags tags TAGS: etags-subdir
  demangle: $(ALL) $(srcdir)/cp-demangle.c
  	@echo "The standalone demangler, now named c++filt, is now"
  	@echo "a part of binutils."

Re: Unsattisfied dependency python-cffi-backend-api-min (<= 9729)

[Anton Gladky]

Dear all,

is there any progress on this issue? How can we help
with it?  I have 3 pending packages, waiting to be built.

Thanks

Anton

Re: Unsattisfied dependency python-cffi-backend-api-min (<= 9729)

[Anton Gladky]

Dear all,

I have just uploaded dose3_5.0-1~bpo8+1 into jessie-backports.

Thanks

Anton


2016-06-29 11:37 GMT+02:00 Ralf Treinen <trei...@pps.univ-paris-diderot.fr>:
> Hi,
>
> On Wed, Jun 29, 2016 at 07:34:03AM +0200, Johannes Schauer wrote:
>> Hi Anton,
>>
>> Quoting Anton Gladky (2016-06-29 07:30:36)
>> > are you planning to upload dose3 to jessie-backports?
>>
>> I would like to ask Ralf to do that because I never did a backport upload and
>> would first have to familiarize myself with all the policies and 
>> technicalities
>> for which I currently do not have time right now.
>
> yes I can do that in the next days. I think Josch prepared already
> something in our git repo.
>
> Cheers -Ralf.
> --
> Ralf Treinen
> Institut de Recherche en Informatique Fondamentale
> Équipe Preuves, Programmes et Systèmes
> Université Paris Diderot, Paris, France.
> http://www.irif.univ-paris-diderot.fr/~treinen/

Re: Unsattisfied dependency python-cffi-backend-api-min (<= 9729)

[Anton Gladky]

Hi Johannes,

are you planning to upload dose3 to jessie-backports?

Thanks


Anton

2016-06-22 13:32 GMT+02:00 Johannes Schauer :

> Hi all,
>
> Quoting Pietro Abate (2016-06-22 11:44:59)
> > Hei josh, can you check this branch ?
> >
> > dose3.5.0-debian-jessie
> >
> > I don't have a vm with debian jessie ready, but I've used an opam
> > switch that should be close enough to what we ave in jessie.
>
> thanks to Pietro we now have a patch that lets dose3 from experimental
> work in
> stable. I pushed it to the branch jessie-backports/master of the dose3
> packaging git.
>
>
> https://anonscm.debian.org/cgit/pkg-ocaml-maint/packages/dose3.git/commit/?h=jessie-backports/master=e6b2a9b7321cf5639826ef73ff6f668dfc3fdf0d
>
> It builds fine inside a Jessie chroot with backports enabled (needed for
> newer
> librpm).
>
> Thanks!
>
> cheers, josch
>

Unsattisfied dependency python-cffi-backend-api-min (<= 9729)

[Anton Gladky]

Dear release team,

I am not sure, whether I ask the question, using
the correct address. If I am not right, please redirect
me.

Two of my packages (liggghts and yade) are waiting to
be build on build servers due to unsatisfied dependency
with the following note:

=
liggghts build-depends on:
- amd64:libvtk6-dev
amd64:libvtk6-dev depends on:
- amd64:python-vtk6 (= 6.3.0+dfsg1-1)
amd64:python-vtk6 depends on:
- amd64:python-twisted
amd64:python-twisted depends on:
- amd64:python-twisted-core (>= 16.2.0-1)
amd64:python-twisted-core depends on:
- amd64:python-openssl
amd64:python-openssl depends on:
- amd64:python-cryptography (>= 1.3)
amd64:python-cryptography depends on missing:
- amd64:python-cffi-backend-api-min (<= 9729)

=

Can it happen due to some ongoing transitions and I should
just wait?

Thank you

Anton

Bug#824887: transition: gl2ps

[Anton Gladky]

Thanks, have just uploaded it to unstable.

Regards

Anton

2016-05-27 12:30 GMT+02:00 Emilio Pozuelo Monfort :
> BTW did you test that the rdeps build against the new version? If so, then you
> can go ahead and upload to unstable.

Bug#824887: transition: gl2ps

[Anton Gladky]

Hi Emilio,

no problem. Is it possible to schedule "gmsh" to be
built after "oce" during the transition?

Thanks

Anton

2016-05-21 11:20 GMT+02:00 Emilio Pozuelo Monfort :
>
> Let's wait until the gdal transition is finished.

Bug#824887: transition: gl2ps

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

New lib-version.

Ben file:

title = "gl2ps";
is_affected = .depends ~ "libgl2ps0" | .depends ~ "libgl2ps1";
is_good = .depends ~ "libgl2ps1";
is_bad = .depends ~ "libgl2ps0";


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#812314: nmu: oce_0.15-7

[Anton Gladky]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu oce_0.15-7 . ANY . unstable . -m "Rebuild oce against freeimage_3.17"

Dear release team,

oce needs to be rebuilt against freeimage_3.17, because
shared objects are now shipped in multi-arch way and it
causes FTBFS of 3rd party package #812269.

Thanks

Anton

Bug#808521: transition: mpich

[Anton Gladky]

Hi Emilio,

2016-01-09 12:07 GMT+01:00 Emilio Pozuelo Monfort :
>
> netpipe-mpich2 depends on mpich2
>

Fixed (NMUed).


> espresso/s390x failed to build
>

Fixed in package elpa, could you please schedule espresso_s390x
and check, whether we can finish this transition?

Thanks

Regards

Anton

Bug#808521: transition: mpich

[Anton Gladky]

2016-01-09 12:07 GMT+01:00 Emilio Pozuelo Monfort :
> I won't know until the package gets to 5/5 and britney tries to migrate it, 
> but
> some potential issues:
>
> netpipe-mpich2 depends on mpich2

I will NMU it.

> espresso/s390x failed to build

I was trying to fix it, but it looks like it fails on other archs too.
Will file RC-bug.

Regards

Anton

Bug#808521: transition: mpich

[Anton Gladky]

Hi Emilio,

it looks like almost all problems were resolved. Could you please check,
what should be done to finish this transition?

Thanks

Anton

> e.g. netpipe fails because mpicc.mpich2 is gone, other packages fail because
> they can't find mpif77.mpich...
>
> Emilio