Bug#1036037: unblock: emacs/1:28.2+1-15

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: em...@packages.debian.org
Control: affects -1 + src:emacs

Please unblock package emacs

The only changes are two bug fixes, one for a file conflict with
bullseye emacs-bin-common and one for a conflict with older elpa-cider:

  https://bugs.debian.org/1034941
  https://bugs.debian.org/1035781

diff -Nru emacs-28.2+1/debian/changelog emacs-28.2+1/debian/changelog
--- emacs-28.2+1/debian/changelog	2023-04-01 22:38:56.0 -0500
+++ emacs-28.2+1/debian/changelog	2023-05-13 15:17:27.0 -0500
@@ -1,3 +1,16 @@
+emacs (1:28.2+1-15) unstable; urgency=medium
+
+  * emacs-common: add breaks/replaces emacs-bin-common (<< 1:28) since the
+emacs.service file moved from emacs-bin-common to emacs-common.
+Thanks to Helmut Grohne for reporting the problem and Andreas Beckmann
+for providing and testing the fix. (Closes: 1034941)
+
+  * emacs-common: add breaks elpa-cider (<< 0.19.0+dfsg-4~).  Thanks to
+Andreas Beckmann for reporting the problem and providing and testing
+the fix. (Closes: 1035781)
+
+ -- Rob Browning   Sat, 13 May 2023 15:17:27 -0500
+
 emacs (1:28.2+1-14) unstable; urgency=medium
 
   * Fix gnus nnml crash on some invalid headers.  Add
diff -Nru emacs-28.2+1/debian/control emacs-28.2+1/debian/control
--- emacs-28.2+1/debian/control	2023-03-31 13:22:31.0 -0500
+++ emacs-28.2+1/debian/control	2023-05-13 14:31:35.0 -0500
@@ -142,7 +142,9 @@
  apel (<< 10.8+0.20120427-4),
  edb (<< 1.32),
  egg (<< 4.2.0-2),
+ elpa-cider (<< 0.19.0+dfsg-4~),
  emacs (<< 1:25),
+ emacs-bin-common (<< 1:28),
  emacs-gtk (<< 1:25),
  emacs-lucid (<< 1:25),
  emacs-nox (<< 1:25),
@@ -159,7 +161,9 @@
  emacs24-nox,
  emacs25,
  emacs25-lucid,
- emacs25-nox,
+ emacs25-nox
+Replaces:
+ emacs-bin-common (<< 1:28)
 Description: GNU Emacs editor's shared, architecture independent infrastructure
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture independent infrastructure

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#1033844: unblock: emacs/1:28.2+1-13

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: em...@packages.debian.org
Control: affects -1 + src:emacs

Please unblock package emacs

The only changes are two bug fixes, one for the Org Mode CVE.  The
patches added are the cherry-picked upstream changes, as indicated in
the patch headers.

https://bugs.debian.org/1033342
https://bugs.debian.org/1033397

unblock emacs/1:28.2+1-14

(Package hasn't been uploaded yet; this is a preapproval request.)

diff -Nru emacs-28.2+1/debian/.git-dpm emacs-28.2+1/debian/.git-dpm
--- emacs-28.2+1/debian/.git-dpm	2023-03-14 15:30:28.0 -0500
+++ emacs-28.2+1/debian/.git-dpm	2023-03-31 13:22:32.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-4e6971c25c27c9a3f34cc69b51db894105362d08
-4e6971c25c27c9a3f34cc69b51db894105362d08
+023ac1eff558f6fb387fea1629b084c8929de18d
+023ac1eff558f6fb387fea1629b084c8929de18d
 279b82e64e15b5e2df3cb522636c6db85a8ee659
 279b82e64e15b5e2df3cb522636c6db85a8ee659
 emacs_28.2+1.orig.tar.xz
diff -Nru emacs-28.2+1/debian/changelog emacs-28.2+1/debian/changelog
--- emacs-28.2+1/debian/changelog	2023-03-14 15:30:28.0 -0500
+++ emacs-28.2+1/debian/changelog	2023-04-01 22:38:56.0 -0500
@@ -1,7 +1,20 @@
+emacs (1:28.2+1-14) unstable; urgency=medium
+
+  * Fix gnus nnml crash on some invalid headers.  Add
+0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch to
+address the issue. (Closes: 1033397)
+
+  * Fix Org Mode command injection vulnerability CVE-2023-28617.  Add
+0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch and
+0028-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-2-2.patch to
+address the issue. (Closes: 1033342)
+
+ -- Rob Browning   Sat, 01 Apr 2023 22:38:56 -0500
+
 emacs (1:28.2+1-13) unstable; urgency=high
 
   * Cherry-pick upstream fixes for command injection vulnerabilities
-(CVE-2023-27984, CVE-2023-27986) (Closes: #1032538).
+(CVE-2023-27985, CVE-2023-27986) (Closes: #1032538).
 
  -- Sean Whitton   Tue, 14 Mar 2023 13:30:28 -0700
 
diff -Nru emacs-28.2+1/debian/patches/0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch emacs-28.2+1/debian/patches/0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch
--- emacs-28.2+1/debian/patches/0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch	1969-12-31 18:00:00.0 -0600
+++ emacs-28.2+1/debian/patches/0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch	2023-03-31 13:22:31.0 -0500
@@ -0,0 +1,52 @@
+From cf3c2037c3531b756fbb443b8ab2f6873f10930e Mon Sep 17 00:00:00 2001
+From: Eli Zaretskii 
+Date: Mon, 19 Dec 2022 19:01:04 +0200
+Subject: Gnus nnml should avoid crashing on some invalid headers
+
+This upstream patch has been incorporated to fix the problem:
+
+  Fix storing email into nnmail by Gnus
+
+  * lisp/gnus/nnml.el (nnml--encode-headers): Wrap
+  'rfc2047-encode-string' calls with 'ignore-errors', to avoid
+  disrupting email workflows due to possibly-invalid headers.
+  Reported by Florian Weimer .
+
+Origin: upstream, commit: 23f7c9c2a92e4619b7c4d2286d4249f812cd695d
+Bug-Debian: https://bugs.debian.org/1033397
+Forwarded: not-needed
+---
+ lisp/gnus/nnml.el | 13 +
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/lisp/gnus/nnml.el b/lisp/gnus/nnml.el
+index afdb0c780a5..258c5efc79f 100644
+--- a/lisp/gnus/nnml.el
 b/lisp/gnus/nnml.el
+@@ -775,17 +775,22 @@ nnml-parse-head
+ 	(nnml--encode-headers headers)
+ 	headers
+ 
++;; RFC2047-encode Subject and From, but leave invalid headers unencoded.
+ (defun nnml--encode-headers (headers)
+   (let ((subject (mail-header-subject headers))
+ 	(rfc2047-encoding-type 'mime))
+ (unless (string-match "\\`[[:ascii:]]*\\'" subject)
+-  (setf (mail-header-subject headers)
+-	(mail-encode-encoded-word-string subject t
++  (let ((encoded-subject
++ (ignore-errors (mail-encode-encoded-word-string subject t
++(if encoded-subject
++(setf (mail-header-subject headers) encoded-subject)
+   (let ((from (mail-header-from headers))
+ 	(rfc2047-encoding-type 'address-mime))
+ (unless (string-match "\\`[[:ascii:]]*\\'" from)
+-  (setf (mail-header-from headers)
+-	(rfc2047-encode-string from t)
++  (let ((encoded-from
++ (ignore-errors (rfc2047-encode-string from t
++(if encoded-from
++(setf (mail-header-from headers) encoded-from))
+ 
+ (defun nnml-get-nov-buffer (group  incrementalp)
+   (let ((buffer (gnus-get-buffer-create
diff -Nru emacs-28.2+1/debian/patches/0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch emacs-28.2+1/debian/patches/0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch
--- emacs-28.2+1/debian/patches/0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch	1969-12-31 18:00:00.0 -0600
+++ emacs-28.2+1

Bug#990078: unblock: guile-2.2/2.2.7+1-6

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

unblock guile-2.2/2.2.7+1-6

Please unblock package guile-2.2

The test-out-of-memory test is known to fail intermittently, and has
done so again
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966301#46

We've previously disabled it in guile-3.0, and this release just
cherry-picks that change to guile-2.2.

https://salsa.debian.org/rlb/deb-guile/-/commit/e9341779527efccf736a2a3c737371a10bc8ec63



guile-2.2_2.2.7+1-5.4-to-6.debdiff
Description: guile-2.2_2.2.7+1-5.4-to-6.debdiff

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#990049: unblock: guile-3.0/3.0.5-4

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

unblock guile-3.0/3.0.5-4

Please unblock package guile-3.0.

[ Reason ]

The (only) changes between -2 and -4 fix a significant bug that can
cause packages that depend on libguile to crash unpredictably:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982217

See also:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964284#33
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964284#58

I'd thought that -4 had migrated a while ago, I was clearly mistaken.

[ Impact ]

Programs in packages that link against libguile can crash
unpredictably.

[ Tests ]

I don't know of any tests that exercise this problem directly, but
the problem was reproducible (see the links above) and the changes
between -2 and -4 were added to fix it.



guile-3.0_3.0.5-2-to-4.debdiff
Description: guile-3.0_3.0.5-2-to-4.debdiff

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#979749: buster-pu: package emacs/1:26.1+1-3.2+deb10u1

[Rob Browning]

"Adam D. Barratt"  writes:

> The metadata for that bug implies that it still affects the package in
> unstable (hence the lack of any green on the version graph). I suspect
> this is simply because the "fixed" version doesn't correspond to an
> actual Debian package version. Please could you add a fixed version
> that indicates the earliest upload to Debian that included the fix.

Done, I think.

> Also, while it's possibly slightly picky:
>
> +emacs (1:26.1+1-3.2+deb10u2~1.gbp7c5887) UNRELEASED; urgency=medium
> +
> +  ** SNAPSHOT build @7c5887c8ae064398fafa38b8fea4c5d500830d5f **
> +
> +  * UNRELEASED
> +
> + -- Rob Browning   Sun, 10 Jan 2021 19:22:48 -0600
>
> could we have a finalised version of that, please? :-)

Oh, no, certainly.  I just submitted the UNRELEASED version for the
pre-approval.  I'll of course finalize that before the actual upload.

If that all sounds fine, I'll proceed with a real upload.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#979749: buster-pu: package emacs/1:26.1+1-3.2+deb10u1

[Rob Browning]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

dkg has requested that we consider fixing this bug in buster:

  Debian: https://bugs.debian.org/919642
  Upstream: https://debbugs.gnu.org/34121

which is fairly straightforward (just the new patch at the end,
cherry-picked directly from the upstream fix):

diff -Nru emacs-26.1+1/debian/.git-dpm emacs-26.1+1/debian/.git-dpm
--- emacs-26.1+1/debian/.git-dpm	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/.git-dpm	2021-01-10 19:22:48.0 -0600
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-face2676a9d5a13b40eaeecfb09a16e81364e916
-face2676a9d5a13b40eaeecfb09a16e81364e916
+7812b00398e73156c07be2ea2abe1dbf0153ccfe
+7812b00398e73156c07be2ea2abe1dbf0153ccfe
 511a2cebd6df0f71ec24b5939564fb58726ead84
 511a2cebd6df0f71ec24b5939564fb58726ead84
 emacs_26.1+1.orig.tar.xz
diff -Nru emacs-26.1+1/debian/changelog emacs-26.1+1/debian/changelog
--- emacs-26.1+1/debian/changelog	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/changelog	2021-01-10 19:22:48.0 -0600
@@ -1,3 +1,11 @@
+emacs (1:26.1+1-3.2+deb10u2~1.gbp7c5887) UNRELEASED; urgency=medium
+
+  ** SNAPSHOT build @7c5887c8ae064398fafa38b8fea4c5d500830d5f **
+
+  * UNRELEASED
+
+ -- Rob Browning   Sun, 10 Jan 2021 19:22:48 -0600
+
 emacs (1:26.1+1-3.2+deb10u1) buster; urgency=high
 
   * Update the EPLA packaging key (previous key expires 2019-09-23) via
diff -Nru emacs-26.1+1/debian/patches/0001-Prefer-usr-share-info-emacs.patch emacs-26.1+1/debian/patches/0001-Prefer-usr-share-info-emacs.patch
--- emacs-26.1+1/debian/patches/0001-Prefer-usr-share-info-emacs.patch	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/patches/0001-Prefer-usr-share-info-emacs.patch	2021-01-10 19:22:48.0 -0600
@@ -15,7 +15,7 @@
 index 8743b449976..14d62f7f1cb 100644
 --- a/lisp/info.el
 +++ b/lisp/info.el
-@@ -213,7 +213,8 @@ A header-line does not scroll with the rest of the buffer."
+@@ -213,7 +213,8 @@ Info-default-directory-list
  	  (nconc standard-info-dirs (list config-dir))
  	(cons config-dir standard-info-dirs
  (if (not (eq system-type 'windows-nt))
diff -Nru emacs-26.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch emacs-26.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
--- emacs-26.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2021-01-10 19:22:48.0 -0600
@@ -19,7 +19,7 @@
 index 9d16b59defd..d20431492a7 100644
 --- a/lisp/startup.el
 +++ b/lisp/startup.el
-@@ -434,6 +434,10 @@ Warning Warning!!!  Pure space overflow!!!Warning Warning
+@@ -434,6 +434,10 @@ tutorial-directory
:type 'directory
:initialize #'custom-initialize-delay)
  
@@ -30,7 +30,7 @@
  (defun normal-top-level-add-subdirs-to-load-path ()
"Recursively add all subdirectories of `default-directory' to `load-path'.
  More precisely, this uses only the subdirectories whose names
-@@ -1121,8 +1125,21 @@ please check its value")
+@@ -1121,8 +1125,21 @@ command-line
  ;; be loaded from site-run-file and wants to test if -q was given
  ;; should check init-file-user instead, since that is already set.
  ;; See cus-edit.el for an example.
diff -Nru emacs-26.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch emacs-26.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
--- emacs-26.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2021-01-10 19:22:48.0 -0600
@@ -253,7 +253,7 @@
 index 77e32848318..22516310692 100644
 --- a/lisp/help.el
 +++ b/lisp/help.el
-@@ -292,6 +292,14 @@ If that doesn't give a function, return nil."
+@@ -292,6 +292,14 @@ view-help-file
(goto-address-mode 1)
(goto-char (point-min)))
  
diff -Nru emacs-26.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch emacs-26.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
--- emacs-26.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2019-09-04 21:35:24.0 -0500
+++ emacs-26.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2021-01-10 19:22:48.0 -0600
@@ -15,7 +15,7 @@
 index 3a38b1d83c8..5d1248ac581 100644
 --- a/lisp/version.el
 +++ b/lisp/version.el
-@@ -62,7 +62,7 @@ Don't use this function in programs to choose actions according
+@@ -62,7 +62,7 @@ emacs-version
  to the system configuration; look at `system-configuration' instead."
(interactive "P")
(let ((version-string
diff -Nru emacs-

Bug#939446: buster-pu: package emacs/1:26.1+1-3.2

[Rob Browning]

"Adam D. Barratt"  writes:

> Apologies for not getting back to you on this sooner - the request was
> filed just before the 10.1 point release, and things have been a little
> busy since.

No worries -- just uploaded with urgency "high".  Please let me know if
I got something wrong.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#939446: buster-pu: package emacs/1:26.1+1-3.2

[Rob Browning]

Andreas Beckmann  writes:

> On Mon, 16 Sep 2019 22:02:59 -0500 Rob Browning 
> wrote:
>> Rob Browning  writes:
>> >   emacs (1:26.1+1-3.2+deb10u1) buster; urgency=medium
>> >
>> > * Update the EPLA packaging key (previous key expires 2019-09-23) via
>
> You probably want to include the fixes for #929567 in case that affects
> stable, too.

So for whoever's reviewing this request -- yes, I'd be happy to include
this cherry-pick too if that's acceptable:

  
https://salsa.debian.org/rlb/deb-emacs/commit/d9e0db4bfd4bc34ba4db286acc161a7db77f5309

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#939446: buster-pu: package emacs/1:26.1+1-3.2

[Rob Browning]

Andreas Beckmann  writes:

> You probably want to include the fixes for #929567 in case that affects
> stable, too.

I'd be happy to if the release managers are amenable -- I was just
trying to make the minimum change in order to get the key updated
without potentially raising other questions.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#939446: buster-pu: package emacs/1:26.1+1-3.2

[Rob Browning]

Rob Browning  writes:

> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: buster
> Severity: normal
>
>   emacs (1:26.1+1-3.2+deb10u1) buster; urgency=medium
>
> * Update the EPLA packaging key (previous key expires 2019-09-23) via
>   the upstream commit f16785d361097df9fddfcc0b60ae6f0d92e7e911.  Add the
>   old and new keyrings to debian/ and debian/source/include-binaries
>   since debian/patches/ can't handle git binary diffs.  Thanks to Stefan
>   Monnier for reporting the problem and providing the patch.

Just a ping -- if we want the packages be available in at least
proposed-updates before the certificate expires, I imagine I might need
to upload soon.

Unstable and testing should now be OK as the same keyring (more or less
the same patch) is in 1:26.1+1-4 which has migrated to bullseye.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#939802: buster-pu: package guile-2.2/2.2.4+1-2

[Rob Browning]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

This should fix the FTBFS that's already been fixed in sid.

diff -Nru guile-2.2-2.2.4+1/debian/changelog guile-2.2-2.2.4+1/debian/changelog
--- guile-2.2-2.2.4+1/debian/changelog	2019-06-02 11:17:15.0 -0500
+++ guile-2.2-2.2.4+1/debian/changelog	2019-09-08 15:22:44.0 -0500
@@ -1,3 +1,10 @@
+guile-2.2 (2.2.4+1-2+deb10u1) buster; urgency=medium
+
+  * Switch to dh_missing and ignore guile-X.Y for binary-indep.  Thanks to
+Santiago Vila for reporting the problem. (Closes: 930774)
+
+ -- Rob Browning   Sun, 08 Sep 2019 15:22:44 -0500
+
 guile-2.2 (2.2.4+1-2) unstable; urgency=medium
 
   * Backport upstream fix for after-gc-hook test failures.  Replace
diff -Nru guile-2.2-2.2.4+1/debian/rules guile-2.2-2.2.4+1/debian/rules
--- guile-2.2-2.2.4+1/debian/rules	2019-06-02 11:17:15.0 -0500
+++ guile-2.2-2.2.4+1/debian/rules	2019-09-08 15:22:01.0 -0500
@@ -231,7 +231,8 @@
 
 override_dh_install-arch: $(autogen_install_files)
 	cd debian/tmp/usr/bin && mv -i guile-$(deb_src_eff_ver) guile
-	dh_install -a --fail-missing \
+	dh_install -a
+	dh_missing -a --fail-missing \
 	  -Xusr/lib/$(march)guile/$(deb_src_eff_ver)/extensions/guile-readline.a \
 	  -Xusr/lib/$(march)guile/$(deb_src_eff_ver)/extensions/guile-readline.la
 	test -e $(gdb_ext)
@@ -242,7 +243,9 @@
 # Glob should match the one in debian/guile-doc.install
 	test "$(sort $(expected_info))" = \
 	  "$(sort $(shell cd debian/tmp/usr/share/info && ls guile.info*))"
-	dh_install -i --fail-missing \
+	dh_install -i
+	dh_missing -i --fail-missing \
+	  -Xusr/bin/guile-$(deb_src_eff_ver) \
 	  -Xusr/share/info/dir \
 	  -Xusr/share/info/r5rs.info \
 	  -Xusr/lib/$(march)guile/$(deb_src_eff_ver)/extensions/guile-readline.a \

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#939446: buster-pu: package emacs/1:26.1+1-3.2

[Rob Browning]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

  emacs (1:26.1+1-3.2+deb10u1) buster; urgency=medium

* Update the EPLA packaging key (previous key expires 2019-09-23) via
  the upstream commit f16785d361097df9fddfcc0b60ae6f0d92e7e911.  Add the
  old and new keyrings to debian/ and debian/source/include-binaries
  since debian/patches/ can't handle git binary diffs.  Thanks to Stefan
  Monnier for reporting the problem and providing the patch.

diff -Nru emacs-26.1+1/debian/.gitignore emacs-26.1+1/debian/.gitignore
--- emacs-26.1+1/debian/.gitignore	2019-02-03 08:42:30.0 -0600
+++ emacs-26.1+1/debian/.gitignore	1969-12-31 18:00:00.0 -0600
@@ -1,72 +0,0 @@
-*~
-.\#*
-/*-stamp
-/build-lucid
-/build-nox
-/build-x
-/emacs
-/emacs.debhelper.log
-/emacs.substvars
-/emacs-gtk
-/emacs-bin-common
-/emacs-bin-common.README.Debian
-/emacs-bin-common.debhelper.log
-/emacs-bin-common.lintian-overrides
-/emacs-bin-common.postinst
-/emacs-bin-common.postrm
-/emacs-bin-common.prerm
-/emacs-bin-common.substvars
-/emacs-common
-/emacs-common.README.Debian
-/emacs-common.debhelper.log
-/emacs-common.docs
-/emacs-common.links
-/emacs-common.lintian-overrides
-/emacs-common.postinst
-/emacs-common.prerm
-/emacs-common.substvars
-/emacs-el
-/emacs-el.debhelper.log
-/emacs-el.prerm
-/emacs-el.substvars
-/emacs-lucid
-/emacs-lucid.README.Debian
-/emacs-lucid.debhelper.log
-/emacs-lucid.desktop
-/emacs-lucid.lintian-overrides
-/emacs-lucid.menu
-/emacs-lucid.postinst
-/emacs-lucid.postinst.debhelper
-/emacs-lucid.postrm.debhelper
-/emacs-lucid.prerm
-/emacs-lucid.substvars
-/emacs-nox
-/emacs-nox.README.Debian
-/emacs-nox.debhelper.log
-/emacs-nox.desktop
-/emacs-nox.links
-/emacs-nox.lintian-overrides
-/emacs-nox.menu
-/emacs-nox.postinst
-/emacs-nox.postinst.debhelper
-/emacs-nox.postrm
-/emacs-nox.postrm.debhelper
-/emacs-nox.prerm
-/emacs-nox.substvars
-/emacs-gtk.README.Debian
-/emacs-gtk.debhelper.log
-/emacs-gtk.desktop
-/emacs-gtk.links
-/emacs-gtk.lintian-overrides
-/emacs-gtk.menu
-/emacs-gtk.postinst
-/emacs-gtk.postinst.debhelper
-/emacs-gtk.postrm
-/emacs-gtk.postrm.debhelper
-/emacs-gtk.prerm
-/emacs-gtk.substvars
-/emacs-common.README.00
-/emacs-common.README.01
-/files
-/tmp-alt-list
-\#*\#
diff -Nru emacs-26.1+1/debian/changelog emacs-26.1+1/debian/changelog
--- emacs-26.1+1/debian/changelog	2019-02-03 08:42:30.0 -0600
+++ emacs-26.1+1/debian/changelog	2019-09-04 21:35:24.0 -0500
@@ -1,3 +1,13 @@
+emacs (1:26.1+1-3.2+deb10u1) buster; urgency=medium
+
+  * Update the EPLA packaging key (previous key expires 2019-09-23) via
+the upstream commit f16785d361097df9fddfcc0b60ae6f0d92e7e911.  Add the
+old and new keyrings to debian/ and debian/source/include-binaries
+since debian/patches/ can't handle git binary diffs.  Thanks to Stefan
+Monnier for reporting the problem and providing the patch.
+
+ -- Rob Browning   Wed, 04 Sep 2019 21:35:24 -0500
+
 emacs (1:26.1+1-3.2) unstable; urgency=medium
 
   * Non-maintainer upload.
Binary files /tmp/SPAXT75_oS/emacs-26.1+1/debian/etc-package-keyring-new.gpg and /tmp/SOba52Hexv/emacs-26.1+1/debian/etc-package-keyring-new.gpg differ
Binary files /tmp/SPAXT75_oS/emacs-26.1+1/debian/etc-package-keyring-old.gpg and /tmp/SOba52Hexv/emacs-26.1+1/debian/etc-package-keyring-old.gpg differ
diff -Nru emacs-26.1+1/debian/rules emacs-26.1+1/debian/rules
--- emacs-26.1+1/debian/rules	2019-02-03 08:42:30.0 -0600
+++ emacs-26.1+1/debian/rules	2019-09-04 21:27:51.0 -0500
@@ -314,7 +314,15 @@
 override_dh_auto_configure:
 
 debian/stamp-configured: $(autogen_build_files)
-# If the deps for this target change, start over
+# If the deps for this target change, start over.
+# When the "new" keyring is obsolete, update
+# debian/source/include-binaries.
+	if test "$$(sha1sum etc/package-keyring.gpg | cut -f 1 -d ' ')" \
+	  != 5eda21f010a2d246359efc6450830ac3d500760e; then \
+	  echo 'Unexpected keyring hash - is it obsolete?'; \
+	  false; \
+	fi
+	cp -a debian/etc-package-keyring-new.gpg etc/package-keyring.gpg
 	rm -rf debian/build-src debian/build-gtk debian/build-lucid debian/build-nox
 	mkdir debian/build-src
 	cp -a $$(ls -A | egrep -v '^(\.git|\.pc|debian)$$') debian/build-src
@@ -559,6 +567,8 @@
 
 override_dh_clean: $(persistent_autogen_files)
 	dh_clean
+	cp -a debian/etc-package-keyring-old.gpg \
+	  etc/package-keyring.gpg
 	rm -rf \
 	  debian/stamp-* \
 	  debian/build-lucid \
diff -Nru emacs-26.1+1/debian/source/include-binaries emacs-26.1+1/debian/source/include-binaries
--- emacs-26.1+1/debian/source/include-binaries	1969-12-31 18:00:00.0 -0600
+++ emacs-26.1+1/debian/source/include-binaries	2019-09-04 21:26:12.0 -0500
@@ -0,0 +1,2 @@
+debian/etc-package-keyring-new.gpg
+debian/etc-package-keyring-old.gpg

Thanks
-- 
Rob Browning
rlb @defaultvalue.org

Bug#929950: unblock: guile-2.2/2.2.4+1-2

[Rob Browning]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package guile-2.2

See the two bugs mentioned in the changelog.  Recent builds (tests) have
started failing on additional architectures, including amd64 (locally
too) due to the popen.test issue, and the motivation for the
"alternatives" related change is described in bug 926182.

The changes proposed are the first 5 commits here:
https://salsa.debian.org/rlb/deb-guile/commits/02b16a15a8459b2fe12bb925c1d639149c75c0ce

i.e.:

diff --git a/debian/.git-dpm b/debian/.git-dpm
index 2d64dcbe1..d47d6bf93 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-59d9bcd468aab0d97d763595fd4e934044dc7590
-59d9bcd468aab0d97d763595fd4e934044dc7590
+c17d093ff083f4f8ba604d7ea60d76282fd31daf
+c17d093ff083f4f8ba604d7ea60d76282fd31daf
 4d0be7303dd8f27e1e15478751a9daa2c680a677
 4d0be7303dd8f27e1e15478751a9daa2c680a677
 guile-2.2_2.2.4+1.orig.tar.xz
diff --git a/debian/changelog b/debian/changelog
index ca83af872..3cf949776 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,32 @@
-guile-2.2 (2.2.4+1-1~1.gbpc776ff) UNRELEASED; urgency=medium
+guile-2.2 (2.2.4+1-2) unstable; urgency=medium
 
-  ** SNAPSHOT build @c776ff77c289f2a3775a99f0d9ca9b33bcd5c6ae **
+  * Backport upstream fix for after-gc-hook test failures.  Replace
+0006-gc.test-after-gc-hook-mark-unresolved-on-failure-for.patch that
+marked the failure as unresolved on mips(el) (a failure which has been
+seen since on at least sparc64 and amd64) with
+0006-Fix-gc.test-after-gc-hook-gets-called-failures.patch which
+addresses the underlying problem. (Closes: 900652)
 
-  * UNRELEASED
+  * Handle guile-config/guile-snarf/guild as alternatives.  Arrange for
+guile-config, guile-snarf, guild (and guile-tools) to be handled via
+update-alternatives with all of the other tools dependent on
+guile-config.  Configure with "--program-suffix -2.2" which gives the
+binaries the correct names from the start, so that we don't have to
+manually change them in debian/rules.  This also arranges for
+guile-config, etc. to refer to the versioned guile in their #! lines,
+which is what we should have been doing all along.
 
- -- Rob Browning   Sat, 28 Jul 2018 15:05:31 -0500
+Thanks to Ahmed El-Mahmoudy and Norbert Preining for reporting the
+problem, Kari Pahula and Vagrant Cascadian for help devising the fix,
+and Thibaut Paumard for help testing. (Closes: 926182)
+
+ -- Rob Browning   Sun, 02 Jun 2019 11:17:15 -0500
+
+guile-2.2 (2.2.4+1-1) unstable; urgency=medium
+
+  * Upgrade to 2.2.4.
+
+ -- Rob Browning   Sat, 28 Jul 2018 15:10:51 -0500
 
 guile-2.2 (2.2.3+1-6) unstable; urgency=medium
 
diff --git a/debian/guile-dev.install b/debian/guile-dev.install
index d73d1164f..8c10f5018 100644
--- a/debian/guile-dev.install
+++ b/debian/guile-dev.install
@@ -1,7 +1,7 @@
-debian/tmp/usr/bin/guild
-debian/tmp/usr/bin/guile-config
-debian/tmp/usr/bin/guile-snarf
-debian/tmp/usr/bin/guile-tools
+debian/tmp/usr/bin/guild-@DEB_SRC_EFF_VER@
+debian/tmp/usr/bin/guile-config-@DEB_SRC_EFF_VER@
+debian/tmp/usr/bin/guile-snarf-@DEB_SRC_EFF_VER@
+debian/tmp/usr/bin/guile-tools-@DEB_SRC_EFF_VER@
 debian/tmp/usr/include/*
 debian/tmp/usr/lib/*/*.a
 debian/tmp/usr/lib/*/libguile-@DEB_SRC_EFF_VER@.so
diff --git a/debian/guile-dev.postinst b/debian/guile-dev.postinst
new file mode 100644
index 0..afee5e43a
--- /dev/null
+++ b/debian/guile-dev.postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+update-alternatives \
+--install /usr/bin/guile-config guile-config \
+  /usr/bin/guile-config-@DEB_SRC_EFF_VER@ @DEB_ALT_PRIORITY@ \
+--slave /usr/bin/guile-snarf guile-snarf \
+/usr/bin/guile-snarf-@DEB_SRC_EFF_VER@ \
+--slave /usr/bin/guild guile-guild \
+/usr/bin/guild-@DEB_SRC_EFF_VER@ \
+--slave /usr/bin/guile-tools guile-tools \
+/usr/bin/guile-tools-@DEB_SRC_EFF_VER@
+
+#DEBHELPER#
diff --git a/debian/guile-dev.prerm b/debian/guile-dev.prerm
new file mode 100644
index 0..95ce087e0
--- /dev/null
+++ b/debian/guile-dev.prerm
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" != upgrade ]
+then
+update-alternatives --verbose \
+--remove guile-config \
+/usr/bin/guile-config-@DEB_SRC_EFF_VER@
+fi
+
+#DEBHELPER#
diff --git a/debian/guile-libs.install b/debian/guile-libs.install
index 5dca45303..a2335c3f1 100644
--- a/debian/guile-libs.install
+++ b/debian/guile-libs.install
@@ -1,4 +1,4 @@
-debian/tmp/usr/bin/guile /usr/lib/@MARCH@guile-@DEB_SRC_EFF_VER@/bin
+debian/tmp/usr/bin/guile /usr/lib/@MARCH@guile/@DEB_SRC_EFF_VER@/bin
 debian/tmp/usr/lib/*/guile/@DEB_SRC_EFF_VER@/ccache/*
 debian/tmp/usr/lib/*/libguile-@DEB_SRC_EFF_VER@.so.*
 debian/tmp/usr/lib/*/guile/@DEB_SRC_EFF_VER@/extensions/guile-readline.so*
d

Bug#861491: unblock: emacs24/24.5+1-11

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs24

This upload is intended to fix two dependency problems and the ppc64(el)
memory exhaustion issue.

diff -Nru emacs24-24.5+1/debian/.git-dpm emacs24-24.5+1/debian/.git-dpm
--- emacs24-24.5+1/debian/.git-dpm	2017-04-22 12:32:14.0 -0500
+++ emacs24-24.5+1/debian/.git-dpm	2017-04-29 10:23:13.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-088b2e039897fcf9e2eea00f580a2c5d87eba781
-088b2e039897fcf9e2eea00f580a2c5d87eba781
+d1daaa0d464b4610e0f74553c5a91d1e5193c2ab
+d1daaa0d464b4610e0f74553c5a91d1e5193c2ab
 62bc68f777c532a970566625e315d68bf0ab4eee
 62bc68f777c532a970566625e315d68bf0ab4eee
 emacs24_24.5+1.orig.tar.bz2
diff -Nru emacs24-24.5+1/debian/changelog emacs24-24.5+1/debian/changelog
--- emacs24-24.5+1/debian/changelog	2017-04-22 12:33:05.0 -0500
+++ emacs24-24.5+1/debian/changelog	2017-04-29 10:23:47.0 -0500
@@ -1,3 +1,24 @@
+emacs24 (24.5+1-11) unstable; urgency=medium
+
+  * emacs-common: add "Breaks: mell (<= 1.0.0-7)".  Apparently it was
+removed from the archive in 2011 and can no longer install.
+Thanks to Andreas Beckmann for reporting the problem.
+(Closes: 860858)
+
+  * emacs-common: add "Breaks: prom-mew (<= 2.00+3.2am01-1)".
+Apparently it was removed from the archive in 2009 and can no
+longer install.  Thanks to Andreas Beckmann for reporting the
+problem. (Closes: 851604)
+
+  * Add additional fix for memory exhaustion on ppc64el.  Add
+0030-Emacs-should-really-work-with-glibc-2.24-on-ppc64.patch to
+augment the previous fix for memory exhaustion on ppc64(el).
+Thanks to Adrian Bunk and Iain Lane for reporting the problem and
+Iain Lane for backporting and providing the fix.
+(Closes: 854799, 861032)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sat, 29 Apr 2017 10:23:47 -0500
+
 emacs24 (24.5+1-10) unstable; urgency=medium
 
   * Don't segfault if gcc expects -nopie instead of -no-pie.
diff -Nru emacs24-24.5+1/debian/control emacs24-24.5+1/debian/control
--- emacs24-24.5+1/debian/control	2017-04-22 12:33:05.0 -0500
+++ emacs24-24.5+1/debian/control	2017-04-29 10:23:47.0 -0500
@@ -105,7 +105,9 @@
 Suggests: emacs24-el, emacs24-common-non-dfsg, ncurses-term
 Conflicts: emacs24-el (<< ${source:Version}), cedet, eieio, speedbar, gnus-bonus-el
 Breaks: apel (<< 10.8+0.20120427-4),
-oneliner-el (<= 0.3.6-7.1)
+mell (<= 1.0.0-7),
+oneliner-el (<= 0.3.6-7.1),
+prom-mew (<= 2.00+3.2am01-1)
 Description: GNU Emacs editor's shared, architecture independent infrastructure
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture independent infrastructure
diff -Nru emacs24-24.5+1/debian/control.in emacs24-24.5+1/debian/control.in
--- emacs24-24.5+1/debian/control.in	2017-04-22 12:32:11.0 -0500
+++ emacs24-24.5+1/debian/control.in	2017-04-29 10:23:13.0 -0500
@@ -105,7 +105,9 @@
 Suggests: @DEB_FLAVOR@-el, @DEB_FLAVOR@-common-non-dfsg, ncurses-term
 Conflicts: @DEB_FLAVOR@-el (<< ${source:Version}), cedet, eieio, speedbar, gnus-bonus-el
 Breaks: apel (<< 10.8+0.20120427-4),
-oneliner-el (<= 0.3.6-7.1)
+mell (<= 1.0.0-7),
+oneliner-el (<= 0.3.6-7.1),
+prom-mew (<= 2.00+3.2am01-1)
 Description: GNU Emacs editor's shared, architecture independent infrastructure
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture independent infrastructure
diff -Nru emacs24-24.5+1/debian/patches/0030-Emacs-should-really-work-with-glibc-2.24-on-ppc64.patch emacs24-24.5+1/debian/patches/0030-Emacs-should-really-work-with-glibc-2.24-on-ppc64.patch
--- emacs24-24.5+1/debian/patches/0030-Emacs-should-really-work-with-glibc-2.24-on-ppc64.patch	1969-12-31 18:00:00.0 -0600
+++ emacs24-24.5+1/debian/patches/0030-Emacs-should-really-work-with-glibc-2.24-on-ppc64.patch	2017-04-29 10:23:13.0 -0500
@@ -0,0 +1,59 @@
+From d1daaa0d464b4610e0f74553c5a91d1e5193c2ab Mon Sep 17 00:00:00 2001
+From: Paul Eggert <egg...@cs.ucla.edu>
+Date: Tue, 19 Jul 2016 15:23:14 +0200
+Subject: Emacs should (really) work with glibc 2.24 on ppc64
+
+Apparently the earlier fix in 3a838494fc769f1ae39adf20325869331f0c300d
+("Emacs should work with glibc 2.24 on ppc64") was incomplete.
+
+This patch, backported to Debian/Ubuntu by Iain Lane
+<iain.l...@canonical.com>, has been added to address a remaining
+memory exhaustion problem:
+
+  Backport from master (Bug#24033).
+  Inspired by a suggestion by Florian Weimer in:
+  https://sourceware.org/ml/libc-alpha/2016-07/msg00425.html
+  * src/emacs.c (main) [__PPC64__]:
+  Special case for __PPC64__, which needs ASLR disabled in
+  dumped Emacs too.
+
+Origin: backport, commit:

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

"Adam D. Barratt" <a...@adam-barratt.org.uk> writes:

> For the record, I retried the build this evening with an explicit
> dependency on the new glibc version (as otherwise it won't get
> automagically upgraded in the chroot) and it built successfully.

Excellent.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

"Adam D. Barratt" <a...@adam-barratt.org.uk> writes:

> That glibc version got accepted last night, so hopefully we'll be in a
> position to retry the guile-2.0 build later on.

Great.  Please let me know if I can help further.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

Rob Browning <r...@defaultvalue.org> writes:

> I'll try to get some time this week to run the tests on a porterbox --
> see if I can reproduce the problem there.

I was able to reproduce the problem on partch, and then poked around a
bit.  It looks like this might be a glibc bug that's addressed in
2.19-18+deb8u8: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855606

I tested a trivial C program in jessie and sid chroots that just prints
sqrt(2.0) and pow(2.0, 0.5) to 70 decimal places.

jessie (glibc 2.19-18+deb8u7):
  1.41421356237309492343001693370752036571502685546875
  1.414213562373095145474621858738828450441360473632812500

sid (glibc 2.24-10):
  1.414213562373095145474621858738828450441360473632812500
  1.414213562373095145474621858738828450441360473632812500

Then I grabbed the 2.19-18+deb8u8 deb, unpacked it, and

  (jessie_powerpc-dchroot)rlb@partch:~/guile-2.0-2.0.11+1$ 
LD_LIBRARY_PATH=/home/rlb/libc6_2.19-18+deb8u8/lib/powerpc-linux-gnu 
./check-guile fractions.test
  Testing /home/rlb/guile-2.0-2.0.11+1/meta/guile ... fractions.test
  with GUILE_LOAD_PATH=/home/rlb/guile-2.0-2.0.11+1/test-suite
  Running fractions.test

  Totals for this test run:
  passes: 349
  failures:   0
  unexpected passes:  0
  expected failures:  0
  unresolved test cases:  0
  untested test cases:0
  unsupported test cases: 0
  errors: 0

Given that, I suspect that the buildd didn't have that version of libc,
and if/when they do, the test will be fine.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#861017: unblock: emacs25/25.1+1-4

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs25.  This upload is intended to fix the
openssl s_client issue, just fixed in emacs24/stretch.

diff -Nru emacs25-25.1+1/debian/.git-dpm emacs25-25.1+1/debian/.git-dpm
--- emacs25-25.1+1/debian/.git-dpm	2016-11-27 13:11:23.0 -0600
+++ emacs25-25.1+1/debian/.git-dpm	2017-04-23 11:24:57.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 emacs25_25.1+1.orig.tar.xz
diff -Nru emacs25-25.1+1/debian/changelog emacs25-25.1+1/debian/changelog
--- emacs25-25.1+1/debian/changelog	2016-11-30 18:15:33.0 -0600
+++ emacs25-25.1+1/debian/changelog	2017-04-23 11:49:52.0 -0500
@@ -1,3 +1,15 @@
+emacs25 (25.1+1-4) unstable; urgency=medium
+
+  * Don't offer/use openssl s_client by default: "s_client is a debug
+tool, it does not set up a secure connection, it ignores all
+errors and just continues.  It also doesn't do checks it should be
+doing.  This is all documented behaviour." -- Kurt Roeckx
+Add 0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch to
+fix the problem.  Thanks to Kurt Roeckx for reporting the issue.
+(Closes: 766397)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sun, 23 Apr 2017 11:49:52 -0500
+
 emacs25 (25.1+1-3) unstable; urgency=medium
 
   * Configure with REL_ALLOC=no to fix crashes.  Thanks to Santiago
diff -Nru emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch
--- emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2016-11-26 13:02:18.0 -0600
+++ emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2017-04-23 11:24:57.0 -0500
@@ -13,7 +13,7 @@
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lisp/info.el b/lisp/info.el
-index 6426cfc..d8a7f72 100644
+index 6426cfcf9ed..d8a7f72e5dc 100644
 --- a/lisp/info.el
 +++ b/lisp/info.el
 @@ -218,7 +218,8 @@ Info-default-directory-list
diff -Nru emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
--- emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2016-11-26 13:02:18.0 -0600
+++ emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2017-04-23 11:24:57.0 -0500
@@ -16,7 +16,7 @@
  1 file changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/lisp/startup.el b/lisp/startup.el
-index 761e69e..ffd58fd 100644
+index 761e69e03b1..ffd58fd5f6d 100644
 --- a/lisp/startup.el
 +++ b/lisp/startup.el
 @@ -438,6 +438,10 @@ tutorial-directory
diff -Nru emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
--- emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2016-11-26 13:02:18.0 -0600
+++ emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2017-04-23 11:24:57.0 -0500
@@ -30,7 +30,7 @@
  5 files changed, 39 insertions(+), 79 deletions(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index b212c91..89584ed 100644
+index b212c914e56..89584ed6166 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -161,7 +161,9 @@ man1dir=$(mandir)/man1
@@ -120,7 +120,7 @@
  
  $(UNINSTALL_DOC):
 diff --git a/admin/update_autogen b/admin/update_autogen
-index 82ad622..7bca0d6 100755
+index 82ad622c64e..7bca0d67e0d 100755
 --- a/admin/update_autogen
 +++ b/admin/update_autogen
 @@ -269,8 +269,7 @@ info_dir ()
@@ -134,7 +134,7 @@
  ## FIXME do not ignore w32 if OS is w32.
  case $file in
 diff --git a/configure.ac b/configure.ac
-index cd4d1c0..eeaa79d 100644
+index cd4d1c0f8e0..eeaa79d1788 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -5389,11 +5389,11 @@ dnl This will work, but you get a config.status that is not quite right
@@ -173,7 +173,7 @@
  dnl If we give this the more natural name, etc/refcards/emacsver.texi,
  dnl then a directory etc/refcards is created in the build directory,
 diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in
-index 4dffeaf..9d144cc 100644
+index 4dffeafb1d2..9d144cc4528 100644
 --- a/doc/misc/Makefile.in
 +++ b/doc/misc/Makefile.in
 @@ -61,18 +61,14 @@ INSTALL_DATA = @INSTALL_DATA@
@@ -257,7 +257,7 @@
  .PHONY: mostlyclean clean distclean bootstrap-clean maintainer-clean
  
 diff --git a/lisp/help.el b/lisp/help.e

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

Rob Browning <r...@defaultvalue.org> writes:

> Rob Browning <r...@defaultvalue.org> writes:
>
>> "Adam D. Barratt" <a...@adam-barratt.org.uk> writes:
>>
>>> On Sun, 2017-01-29 at 22:06 +, Adam D. Barratt wrote:
>>>> On Sat, 2017-01-28 at 11:48 +, Adam D. Barratt wrote:
>>>> > Uploaded and flagged for acceptance.
>>>> 
>>>> Unfortunately the powerpc build FTBFS in the "check-guile" test.
>>>> 
>>>> The build log for the most recent attempt can be found at
>>>> https://buildd.debian.org/status/fetch.php?pkg=guile-2.0=powerpc=2.0.11%2B1-9%2Bdeb8u1=1485708200=0
>>>>  
>>>
>>> Ping?
>>
>> Just uploaded to jessie (please shout if I did that wrong).
>
> Ugh - ignore this upload completely (already rejected).  I got confused
> about where we were.

This looks like the problem:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20017 and so I've reported
our failure there.  I'll also see about reproducing the problem manually
on a porterbox.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

Rob Browning <r...@defaultvalue.org> writes:

> "Adam D. Barratt" <a...@adam-barratt.org.uk> writes:
>
>> On Sun, 2017-01-29 at 22:06 +, Adam D. Barratt wrote:
>>> On Sat, 2017-01-28 at 11:48 +, Adam D. Barratt wrote:
>>> > Uploaded and flagged for acceptance.
>>> 
>>> Unfortunately the powerpc build FTBFS in the "check-guile" test.
>>> 
>>> The build log for the most recent attempt can be found at
>>> https://buildd.debian.org/status/fetch.php?pkg=guile-2.0=powerpc=2.0.11%2B1-9%2Bdeb8u1=1485708200=0
>>>  
>>
>> Ping?
>
> Just uploaded to jessie (please shout if I did that wrong).

Ugh - ignore this upload completely (already rejected).  I got confused
about where we were.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

"Adam D. Barratt" <a...@adam-barratt.org.uk> writes:

> On Sun, 2017-01-29 at 22:06 +, Adam D. Barratt wrote:
>> On Sat, 2017-01-28 at 11:48 +, Adam D. Barratt wrote:
>> > Uploaded and flagged for acceptance.
>> 
>> Unfortunately the powerpc build FTBFS in the "check-guile" test.
>> 
>> The build log for the most recent attempt can be found at
>> https://buildd.debian.org/status/fetch.php?pkg=guile-2.0=powerpc=2.0.11%2B1-9%2Bdeb8u1=1485708200=0
>>  
>
> Ping?

Just uploaded to jessie (please shout if I did that wrong).

I built new packages, and here's the debdiff against current jessie:

diff -Nru guile-2.0-2.0.11+1/debian/.git-dpm guile-2.0-2.0.11+1/debian/.git-dpm
--- guile-2.0-2.0.11+1/debian/.git-dpm	2014-10-06 10:07:49.0 -0500
+++ guile-2.0-2.0.11+1/debian/.git-dpm	2017-04-22 19:15:24.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 guile-2.0_2.0.11+1.orig.tar.bz2
diff -Nru guile-2.0-2.0.11+1/debian/changelog guile-2.0-2.0.11+1/debian/changelog
--- guile-2.0-2.0.11+1/debian/changelog	2014-10-07 14:49:51.0 -0500
+++ guile-2.0-2.0.11+1/debian/changelog	2017-04-22 19:24:21.0 -0500
@@ -1,3 +1,19 @@
+guile-2.0 (2.0.11+1-9+deb8u1) jessie; urgency=medium
+
+  * Fix REPL server vulnerability (CVE-2016-8606).  Add
+0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch to
+incorporate the fix.  See that file for further information.
+(Closes: 840555)
+
+  * Fix mkdir umask-related vulnerability (CVE-2016-8605).  Previously,
+whenever the second argument to mkdir was omitted, it would
+temporarily change the umask to 0, a change which would also affect
+any concurrent threads.  Add
+0018-Remove-umask-calls-from-mkdir.patch to incorporate the fix.
+See that file for further information. (Closes: 840556)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sat, 22 Apr 2017 19:24:21 -0500
+
 guile-2.0 (2.0.11+1-9) unstable; urgency=medium
 
   * Always use "gcc" in guile-snarf.  Avoid the gcc-4.8 CC override that
diff -Nru guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch
--- guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	1969-12-31 18:00:00.0 -0600
+++ guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	2017-04-22 19:15:24.0 -0500
@@ -0,0 +1,337 @@
+From 9de478809f909986c725294d1dc03a317eafa3ff Mon Sep 17 00:00:00 2001
+From: Mark H Weaver <m...@netris.org>
+Date: Fri, 9 Sep 2016 07:36:52 -0400
+Subject: REPL Server: Guard against HTTP inter-protocol exploitation attacks.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by Christopher Allan Webber <cweb...@dustycloud.org>
+Co-authored-by: Ludovic Courtès <l...@gnu.org>
+
+This commit adds protection to Guile's REPL servers against HTTP
+inter-protocol exploitation attacks, a scenario whereby an attacker can,
+via an HTML page, cause a web browser to send data to TCP servers
+listening on a loopback interface or private network.  See
+<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
+<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
+Attack (2001) by Tochen Topf <joc...@remote.org>.
+
+Here we add a procedure to 'before-read-hook' that looks for a possible
+HTTP request-line in the first line of input from the client socket.  If
+present, the socket is drained and closed, and a loud warning is written
+to stderr (POSIX file descriptor 2).
+
+* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
+to 'before-read-hook' when this module is loaded.
+(with-temporary-port-encoding, with-saved-port-line+column)
+(drain-input-and-close, permissive-http-request-line?)
+(check-for-http-request, guard-against-http-request)
+(maybe-check-for-http-request): New procedures.
+(serve-client): Use 'guard-against-http-request'.
+* module/system/repl/coop-server.scm (start-repl-client): Use
+'guard-against-http-request'.
+* doc/ref/guile-invoke.texi (Command-line Options): In the description
+of the --listen option, make the security warning more prominent.
+Mention the new protection added here.  Recommend using UNIX domain
+sockets for REPL servers.  "a path to" => "the file name of".
+
+Origin: upstream, http://git.savannah.gnu.org/cgit/guile.git/commit/?id=08c021916dbd3a235a9f9cc33df4c418c0724e03
+Bug-Debian: http://bug

Bug#860965: unblock: emacs24/24.5+1-10

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs24

This upload is intended to fix the openssl s_client issue, and to
address intermittent build failures that may be related to the
-no-pie/-nopie issue already addressed in emacs25.

diff -Nru emacs24-24.5+1/debian/.git-dpm emacs24-24.5+1/debian/.git-dpm
--- emacs24-24.5+1/debian/.git-dpm	2017-04-10 18:30:21.0 -0500
+++ emacs24-24.5+1/debian/.git-dpm	2017-04-22 12:32:14.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-d715dfdb5101dfbd1a83b2958ced6f3bd757ab92
-d715dfdb5101dfbd1a83b2958ced6f3bd757ab92
+088b2e039897fcf9e2eea00f580a2c5d87eba781
+088b2e039897fcf9e2eea00f580a2c5d87eba781
 62bc68f777c532a970566625e315d68bf0ab4eee
 62bc68f777c532a970566625e315d68bf0ab4eee
 emacs24_24.5+1.orig.tar.bz2
diff -Nru emacs24-24.5+1/debian/changelog emacs24-24.5+1/debian/changelog
--- emacs24-24.5+1/debian/changelog	2017-04-16 10:07:37.0 -0500
+++ emacs24-24.5+1/debian/changelog	2017-04-22 12:33:05.0 -0500
@@ -1,3 +1,22 @@
+emacs24 (24.5+1-10) unstable; urgency=medium
+
+  * Don't segfault if gcc expects -nopie instead of -no-pie.
+Add 0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch, a
+backport from emacs25 (that closed #841551) to fix the problem.
+Thanks to Lucas Nussbaum and Aaron M. Ucko for reporting the
+problem, and Sven Joachim for tracking down the upstream patch.
+
+  * Don't offer/use openssl s_client by default: "s_client is a debug
+tool, it does not set up a secure connection, it ignores all
+errors and just continues.  It also doesn't do checks it should be
+doing.  This is all documented behaviour." -- Kurt Roeckx
+Add these patches to fix the problem:
+  0028-IMAP-connections-no-longer-use-openssl-s_client.patch
+  0029-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
+Thanks to Kurt Roeckx for reporting the issue. (Closes: #766397)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sat, 22 Apr 2017 12:33:05 -0500
+
 emacs24 (24.5+1-9) unstable; urgency=medium
 
   * Improve gnutls security.  Remove --insecure and specify a trustfile.
diff -Nru emacs24-24.5+1/debian/patches/0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch emacs24-24.5+1/debian/patches/0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
--- emacs24-24.5+1/debian/patches/0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	1969-12-31 18:00:00.0 -0600
+++ emacs24-24.5+1/debian/patches/0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	2017-04-22 12:32:11.0 -0500
@@ -0,0 +1,56 @@
+From c91f2fca460e04c1d47ec1b5db1ca3b8130b95f8 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <egg...@cs.ucla.edu>
+Date: Sun, 16 Oct 2016 16:25:47 -0700
+Subject: Emacs shouldn't segfault when gcc expects -nopie
+
+This upstream patch has been added:
+
+  Port to Ubuntu 16.10, which needs gcc -nopie
+
+  * configure.ac (emacs_cv_prog_cc_no_pie): Rename from
+  emacs_cv_prog_cc_nopie.  All usages changed.  Check for -no-pie in
+  preference to -nopie (Bug#24682).  Backport from master.
+
+Origin: upstream, commit: 99892eeec8990884ef38601f14038ec6dc227741
+Bug: https://debbugs.gnu.org/24682
+Bug-Debian: https://bugs.debian.org/841551
+---
+ configure.ac | 25 +
+ 1 file changed, 25 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 18387d84ec5..222b195a828 100644
+--- a/configure.ac
 b/configure.ac
+@@ -4918,6 +4918,31 @@ case "$opsys" in
+   *) LD_SWITCH_SYSTEM_TEMACS= ;;
+ esac
+ 
++# -no-pie or -nopie fixes a temacs segfault on Gentoo, OpenBSD,
++# Ubuntu, and other systems with "hardened" GCC configurations for
++# some reason (Bug#18784).  We don't know why this works, but not
++# segfaulting is better than segfaulting.  Use ac_c_werror_flag=yes
++# when trying the option, otherwise clang keeps warning that it does
++# not understand it, and pre-4.6 GCC has a similar problem
++# (Bug#20338).  Prefer -no-pie to -nopie, as -no-pie is the
++# spelling used by GCC 6.1.0 and later (Bug#24682).
++AC_CACHE_CHECK(
++  [for $CC option to disable position independent executables],
++  [emacs_cv_prog_cc_no_pie],
++  [emacs_save_c_werror_flag=$ac_c_werror_flag
++   emacs_save_LDFLAGS=$LDFLAGS
++   ac_c_werror_flag=yes
++   for emacs_cv_prog_cc_no_pie in -no-pie -nopie no; do
++ test $emacs_cv_prog_cc_no_pie = no && break
++ LDFLAGS="$emacs_save_LDFLAGS $emacs_cv_prog_cc_no_pie"
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [break])
++   done
++   ac_c_werror_flag=$emacs_save_c_werror_flag
++   LDFLAGS=$emacs_save_LDFLAGS])
++if test "$emacs_cv_prog_cc_no_pie" != no; then
++  LD_SWITCH_SYSTEM_TEMACS="$LD_SWITCH_SYSTEM_TEMACS $emacs_cv_prog_cc_no_pie"
++fi
++
+ if test x$ac_enable_profiling != x ; then
+   case $opsys in
+ *freebsd | gnu-linux) ;;
dif

Bug#860425: unblock: emacs24/24.5+1-9

[Rob Browning]

Niels Thykier <ni...@thykier.net> writes:

> Rob Browning:

> Ok.  Is there any easy way to figure this out?  I am ready to consider
> additionally targeted fixes for non-deterministic build failures.

I suspect both of those fixes may be appropriate.  I'll see what I can
come up with.

> If it is just a question of moving two insecure commands from one list
> (auto-try) to another (manual request) or even just removing them, then
> I am quite happy to accept it for stretch.
>
> The stretch-can-defer/stretch-ignore means we won't stall the release
> for that bug, but often we are still happy to accept a targeted fix for
> it. :)

Understood.  What's the proper procedure there, i.e. presumably I'd need
to upload new packages to unstable, and then would I send an incremental
debdiff, and an additional unblock request, or would I send a full
debdiff...?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#860425: unblock: emacs24/24.5+1-9

[Rob Browning]

Niels Thykier <ni...@thykier.net> writes:

> I have two comments/questions:
>
>  1) There is a "Maybe-Failed" FTBFS on ppc64el for emacs24.  At first
> glance, I don't see a reason why it should be related to these
> changes. However, it must be resolved for an unblock to have any
> effect.

Hmm, looks like it may have succeeded?  Though given the earlier error,
I wonder if emacs24 might now need some of the adjustments that we made
to emacs25 to address glibc changes, i.e. #842728 (memory exhaustion
iirc) and maybe #841551 (segfaults).  Though I haven't delved.

> Does that mean emacs 24 will try gnutls-cli first.  If that fails, then
> with --protocols ssl3 and if that fails as well, fall back to openssl
> s_client?

I'm not certain, but that sounds correct.

> As I understand it, ssl2 and ssl3 is not considered "secure" any more,
> so if it the above is correctly analysed, I think we should remove the
> latter two options and move them to the "only if explicitly requested" list.

Moreover, it's been stated that s_client should just not be used.
Directly related I think:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766397#141

(And see Kurt's earlier message(s) in the report.)  Though in my patch
there I hadn't removed the gnutls-cli ssl3 invocations too.

I'd wondered about proposing an unblock request for that bug next,
assuming the fix ended up being plausible, but wasn't sure, since it's
already been marked for deferral for stretch.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#860425: unblock: emacs24/24.5+1-9

[Rob Browning]

Rob Browning <r...@defaultvalue.org> writes:

> and then run
>
>   emacs24 -Q -l test-ssl.el

Or noninteractively:

  emacs24 -Q --batch -l test-ssl.el

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#860425: unblock: emacs24/24.5+1-9

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package emacs24

This upload is intended to fix the SSL problems detailed in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063

One way to see the difference is to save this code (from the bug report)
to a file test-ssl.el:

  (require 'cl)

  (let ((bad-hosts
 (cl-loop for bad
   in `("https://wrong.host.badssl.com/;
"https://self-signed.badssl.com/;)
   if (condition-case e
  (url-retrieve bad (lambda (retrieved) t))
(error nil))
   collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
   bad-hosts))
  (url-retrieve "https://badssl.com;
(lambda (retrieved) t

and then run

  emacs24 -Q -l test-ssl.el

with -8 and then -9.  You should see "tls misconfigured; retrieved
... ok" without the fix.

diff -Nru emacs24-24.5+1/debian/.git-dpm emacs24-24.5+1/debian/.git-dpm
--- emacs24-24.5+1/debian/.git-dpm	2017-01-22 14:32:37.0 -0600
+++ emacs24-24.5+1/debian/.git-dpm	2017-04-10 18:30:21.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-95bb76711c2b6fa889d47d59b4173949e9a57200
-95bb76711c2b6fa889d47d59b4173949e9a57200
+d715dfdb5101dfbd1a83b2958ced6f3bd757ab92
+d715dfdb5101dfbd1a83b2958ced6f3bd757ab92
 62bc68f777c532a970566625e315d68bf0ab4eee
 62bc68f777c532a970566625e315d68bf0ab4eee
 emacs24_24.5+1.orig.tar.bz2
diff -Nru emacs24-24.5+1/debian/changelog emacs24-24.5+1/debian/changelog
--- emacs24-24.5+1/debian/changelog	2017-01-22 14:32:37.0 -0600
+++ emacs24-24.5+1/debian/changelog	2017-04-16 10:07:37.0 -0500
@@ -1,3 +1,21 @@
+emacs24 (24.5+1-9) unstable; urgency=medium
+
+  * Improve gnutls security.  Remove --insecure and specify a trustfile.
+Add these upstream patches to fix the problem:
+  0024-Remove-insecure-from-gnutls-cli-invocation.patch
+  0025-Refactor-out-gnutls-trustfiles.patch
+  0026-Make-tls.el-use-trustfiles-by-default.patch
+Partially addresses #816063.
+
+  * Stop using libgnutls.  Add a dependency on gnutls-cli, configure
+--without-gnutls, and remove the corresponding build dependency so
+the patches that were just added to improve SSL security will take
+effect by default.  Thanks to Nathaniel Smith for reporting the
+problem and Antoine Beaupre for providing code to reproduce
+    it. (Closes: 816063)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sun, 16 Apr 2017 10:07:37 -0500
+
 emacs24 (24.5+1-8) unstable; urgency=medium
 
   * Configure with REL_ALLOC=no to fix crashes.  Thanks to Santiago
diff -Nru emacs24-24.5+1/debian/control emacs24-24.5+1/debian/control
--- emacs24-24.5+1/debian/control	2017-01-22 14:32:37.0 -0600
+++ emacs24-24.5+1/debian/control	2017-04-16 10:07:37.0 -0500
@@ -10,7 +10,7 @@
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev (>> 1.10.0), quilt (>= 0.42),
  debhelper (>= 9), libxaw7-dev, sharutils, imagemagick, libgtk-3-dev,
- libgnutls28-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
+ libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
  libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64],
  libacl1-dev,
  zlib1g-dev
@@ -92,6 +92,7 @@
 Package: emacs24-bin-common
 Architecture: any
 Depends: emacs24-common (= ${source:Version}), ${shlibs:Depends}, ${misc:Depends}
+  gnutls-bin
 Description: GNU Emacs editor's shared, architecture dependent files
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture dependent infrastructure
diff -Nru emacs24-24.5+1/debian/control.in emacs24-24.5+1/debian/control.in
--- emacs24-24.5+1/debian/control.in	2017-01-22 14:32:37.0 -0600
+++ emacs24-24.5+1/debian/control.in	2017-04-16 10:06:33.0 -0500
@@ -10,7 +10,7 @@
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev (>> 1.10.0), quilt (>= 0.42),
  debhelper (>= 9), libxaw7-dev, sharutils, imagemagick, libgtk-3-dev,
- libgnutls28-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
+ libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
  libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64],
  libacl1-dev,
  zlib1g-dev
@@ -92,6 +92,7 @@
 Package: @DEB_FLAVOR@-bin-common
 Architecture: any
 Depends: @DEB_FLAVOR@-common (= ${source:Version}), ${shlibs:Depends}, ${misc:Depends}
+  gnutls-bin
 Description: GNU Emacs editor's shared, architecture dependent files
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture dependent infrastructure
diff -Nru emacs24-24.5+1/debian/patches/0001-Prefer-usr-share-info-emacs-24-over-usr-share-info.patch emacs24-24.5+1/

Bug#851823: Changing default emacs to 25 to allow emacs24 removal -- RoM

[Rob Browning]

Julien Cristau <jcris...@debian.org> writes:

> It seems extremely late to be making this change and be confident we're
> not breaking the world.  3 or 4 months ago would have been more
> feasible.

Certainly my preference as well, but we weren't able to stabilize
emacs25 until fairly recently[1].  So we're left balancing the cost of a
more rushed transition against having to maintain both emacs24 and
emacs25 for years.  I don't think it's an easy choice, but won't argue
against the assertion that it'd be safer to leave things as they are.

By the way, were you commenting on the removal of emacs24 or the switch
of emacs-defaults to emacs25 (or both)?

[1] Now I'm going to try to fix what I think is the same issue in
emacs24, i.e. changes to libc/malloc that caused emacs to start crashing
frequently.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#851823: (Changing default emacs to 25 to allow emacs24 removal -- RoM)

[Rob Browning]

Jiri Palecek <jpale...@web.de> writes:

> I noticed you are pursuing a switch from emacs24 to emacs25 in debian,
> however, there are still packages that need to be updated not to
> require specifically emacs24 which aren't on your list of packages
> needing update and reverse-dependencies.

Well that's frustrating.  "dak rm -Rn" obviously must not do what I
thought it did.

Though as Sean points out, this information is perhaps more directly
applicable to the emacs24 removal bug that we haven't filed yet (and
which may now be improbable for stretch).

It still makes sense to consider changing the emacs-defaults version to
Emacs 25.

Thanks for the help
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#851823: Changing default emacs to 25 to allow emacs24 removal -- RoM

[Rob Browning]

Package: release.debian.org

We want to remove emacs24 from stretch, and we think we've managed to
fix all of the affected packages[1].  We're consulting you because we
thought this might be considered a transition, though perhaps a minor
one relative to others.

At this point, we believe we only need to upload a version of
emacs-defaults that switches the emacs and emacs-nox metapackages from
24 to 25.

Would that be acceptable?  If so, we'll upload, and then file the
ftp.debian.org RM emacs24 bug.

According to "dak rm -Rn emacs24", the emacs and emacs-nox metapackages
are indeed the only broken depends.

[1] https://wiki.debian.org/Emacs25InStretch

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

Salvatore Bonaccorso <car...@debian.org> writes:

> Any news on that upload?

I should be able to handle it before Tuesday, but let me make sure I
understand what's desired.  We're talking about the 2.0.11+1-9+deb8u1
changes I initially proposed?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: Wondering about possibility of removing emacs24 from stretch

[Rob Browning]

At this point, I think we're ready to proceed if the release team
approves.

The short answer is that there doesn't appear to be much difficulty,
much risk, or much work required.  We'd need to change a few package
dependencies and change emacs-defaults to pull in emacs25 instead of
emacs24.

Summary of our findings: https://wiki.debian.org/Emacs25InStretch

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: bup 0.29 in stretch

[Rob Browning]

Niels Thykier <ni...@thykier.net> writes:

> The bup 0.29 release is unaffected by the soft freeze as bup is already
> in testing at this time.  As long as you upload in time and ensures it
> migrates before 5th of February, it will make it for stretch.

Oh, that's great, and sorry for the distraction.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: Wondering about possibility of removing emacs24 from stretch

[Rob Browning]

OK, we're now down to these outstanding issues:

  - automake: can't yet sbuild; known sbuild issues (could try porterbox next)

  - doxymacs: appears fine; need to test resulting deb behavior.
  This package is orphaned, so we should be relatively free to fix it.

  - gnuplot: builds fine; need to see if there's anything to test in pkgs

  - egg: needs evaluation

  - libphptools: needs evaluation

  - proofgeneral: needs evaluation

Everything else appears fine, plus or minus some minor changes
documented here: https://wiki.debian.org/Emacs25InStretch

I suspect we'll be able to handle most of the rest by Sunday.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

bup 0.29 in stretch

[Rob Browning]

I suspect it might be too late, but 0.29 has just been uploaded to sid,
and at least speaking from the upstream perspective (I'm one of the
developers there), we'd certainly be happy to see it stretch.

I think we're probably about 2 days past the 10-day migration window,
but I didn't know whether exceptions might be possible.

If it matters, we'll be willing and available upstream to help with any
issues that arise during the freeze, and 0.29 should fix the mipsel64el
build failure, among various other things.

However, if it's just too late, no worries, and in that case, I think we
should be able to get the mips64el fix backported to 0.28.1.

Thanks for all your work on the release
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Re: Wondering about possibility of removing emacs24 from stretch

[Rob Browning]

Rob Browning <r...@defaultvalue.org> writes:

> And at the moment, we have:
>
>   First category:
> - two packages that are likely fine once the deps are broadened
> - five still to evaluate
>

Update regarding the second category:

   - ten packages that appear fine (plus or minus a couple of trivial patches)

   - one that's probably fine, but requires a bit more testing (doxymacs)
   - one that has known sbuild issues delaying evaluation (automake)
   - one that should be fixed soon (magit)
   - one under evauation
   - one still to evaluate

The wiki page has updated details.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Wondering about possibility of removing emacs24 from stretch

[Rob Browning]

We've been hoping (#debian-emacs and I) for a while that we might be
able to remove emacs24 from stretch, and while there was some initial
trouble with emacs25's stability, we finally got that sorted, and we've
been trying to nudge maintainers to adjust their package deps to not
depend solely on emacs24.

But there are a few packages that still have either (1) a dependency on
emacs24 or (2) on the emacs/emacs-nox metapackages, which still point at
emacs24.

Packages in the first category require at least a trivial change to
broaden their deps, assuming they work fine with emacs25, i.e. to say:

  emacs25-nox | emacs25 | emacs24

Packages in the second category require no changes as long as they work
with emacs25 since they'll be unaffected by the eventual upload of
metapackages pointing to emacs25 instead of emacs24.


To date, we've contacted the maintainers of all of the affected
packages, filed bugs against the packages in the first category (and
have been helping fix them), and are in the process of testing all of
the packages in the second category using the emacs-defaults in
experimental (which points to emacs25), sbuild, and evaluating the
resulting debs with emacs25.

We've been documenting our progress here:

   https://wiki.debian.org/Emacs25InStretch

And at the moment, we have:

  First category:
- two packages that are likely fine once the deps are broadened
- five still to evaluate

  Second category:
- four packages that appear fine
- one that's probably fine, but requires a bit more testing (doxymacs)
- one that has known sbuild issues delaying evaluation (automake)
- one that should be fixed soon (magit)
- six still to evaluate

For what it's worth, we've been managing to evaluate a few packages a
day lately, and I expect that pace to continue for at least the next
5-10 days.

Our intent was to continue with this work until we either had everything
sorted out, or we found some issue that made it clear removing emacs24
wasn't going to be feasible right now -- and of course one such issue
would be us already being too late with respect to the release schedule,
hence this message.

If we aren't too late, we suspect that many of the required changes will
be trivial and might be handled reasonably via NMUs, or (as mentioned)
no changes will be required at all.

Of course if after testing, that doesn't appear to be the case, then we
can just leave things as-is, but I think we'd all be substantially
better off if we can avoid having to support both emacs24 and emacs25
for the lifetime of stretch.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

"Adam D. Barratt" <a...@adam-barratt.org.uk> writes:

> Control: tags -1 + moreinfo
> Control: severity -1 normal
>
> On Sat, 2016-10-22 at 13:10 -0500, Rob Browning wrote:
>> I'd like to propose an update for jessie as described by the attached
>> debdiff.  Though the final upload/diff might be slightly different
>> (i.e. the dpm hashes).
>> 
>> Both of the changes (patches) have been cherry-picked from upstream as
>> described in the patch headers.
>
> The security tracker indicates that both issues - CVE-2016-8605 and
> CVE-2016-8606 - still affect the guile-2.0 packages in unstable. Is that
> correct? If so then that would be a prerequisite to applying the fixes
> in stable.

Hmm, well I'm also preparing 2.0.13+1-1 packages for unstable that include
(upstream) both fixes.  Should I upload those first?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#841724: jessie-pu: package guile-2.0/2.0.11+1-9

[Rob Browning]

Package: release.debian.org
Severity: important
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I'd like to propose an update for jessie as described by the attached
debdiff.  Though the final upload/diff might be slightly different
(i.e. the dpm hashes).

Both of the changes (patches) have been cherry-picked from upstream as
described in the patch headers.

diff -Nru guile-2.0-2.0.11+1/debian/.git-dpm guile-2.0-2.0.11+1/debian/.git-dpm
--- guile-2.0-2.0.11+1/debian/.git-dpm	2014-10-06 10:07:49.0 -0500
+++ guile-2.0-2.0.11+1/debian/.git-dpm	2016-10-14 00:08:24.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
-fdc2c9e00af5f2721c4e70180d30f45c15adc65a
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
+6f697cf7a887fcb4163bef810536bb55cf3b11d3
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 972fb41f0ce124d97f5cf64bde1075510cd21e18
 guile-2.0_2.0.11+1.orig.tar.bz2
diff -Nru guile-2.0-2.0.11+1/debian/changelog guile-2.0-2.0.11+1/debian/changelog
--- guile-2.0-2.0.11+1/debian/changelog	2014-10-07 14:49:51.0 -0500
+++ guile-2.0-2.0.11+1/debian/changelog	2016-10-22 11:36:24.0 -0500
@@ -1,3 +1,19 @@
+guile-2.0 (2.0.11+1-9+deb8u1) jessie; urgency=high
+
+  * Fix REPL server vulnerability (CVE-2016-8606).  Add
+0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch to
+incorporate the fix.  See that file for further information.
+(Closes: 840555)
+
+  * Fix mkdir umask-related vulnerability (CVE-2016-8605).  Previously,
+whenever the second argument to mkdir was omitted, it would
+temporarily change the umask to 0, a change which would also affect
+any concurrent threads.  Add
+0018-Remove-umask-calls-from-mkdir.patch to incorporate the fix.
+See that file for further information. (Closes: 840556)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sat, 22 Oct 2016 11:36:24 -0500
+
 guile-2.0 (2.0.11+1-9) unstable; urgency=medium
 
   * Always use "gcc" in guile-snarf.  Avoid the gcc-4.8 CC override that
diff -Nru guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch
--- guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	1969-12-31 18:00:00.0 -0600
+++ guile-2.0-2.0.11+1/debian/patches/0017-REPL-Server-Guard-against-HTTP-inter-protocol-exploi.patch	2016-10-14 00:08:23.0 -0500
@@ -0,0 +1,337 @@
+From 9de478809f909986c725294d1dc03a317eafa3ff Mon Sep 17 00:00:00 2001
+From: Mark H Weaver <m...@netris.org>
+Date: Fri, 9 Sep 2016 07:36:52 -0400
+Subject: REPL Server: Guard against HTTP inter-protocol exploitation attacks.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by Christopher Allan Webber <cweb...@dustycloud.org>
+Co-authored-by: Ludovic Courtès <l...@gnu.org>
+
+This commit adds protection to Guile's REPL servers against HTTP
+inter-protocol exploitation attacks, a scenario whereby an attacker can,
+via an HTML page, cause a web browser to send data to TCP servers
+listening on a loopback interface or private network.  See
+<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
+<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
+Attack (2001) by Tochen Topf <joc...@remote.org>.
+
+Here we add a procedure to 'before-read-hook' that looks for a possible
+HTTP request-line in the first line of input from the client socket.  If
+present, the socket is drained and closed, and a loud warning is written
+to stderr (POSIX file descriptor 2).
+
+* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
+to 'before-read-hook' when this module is loaded.
+(with-temporary-port-encoding, with-saved-port-line+column)
+(drain-input-and-close, permissive-http-request-line?)
+(check-for-http-request, guard-against-http-request)
+(maybe-check-for-http-request): New procedures.
+(serve-client): Use 'guard-against-http-request'.
+* module/system/repl/coop-server.scm (start-repl-client): Use
+'guard-against-http-request'.
+* doc/ref/guile-invoke.texi (Command-line Options): In the description
+of the --listen option, make the security warning more prominent.
+Mention the new protection added here.  Recommend using UNIX domain
+sockets for REPL servers.  "a path to" => "the file name of".
+
+Origin: upstream, http://git.savannah.gnu.org/cgit/guile.git/commit/?id=08c021916dbd3a235a9f9cc33df4c418c0724e03
+Bug-Debian: http://bugs.debian.org/840555
+---
+ doc/ref/guile-invoke.texi  |  20 +++-
+ module/system/repl/coop-server.scm |   7 +-
+ module/system/repl/server.scm  | 182 -
+ 3 files changed, 201 insertions(+), 8 deletions(-)
+
+diff --git a/doc/ref/guile-invoke.texi b/doc/ref/guile-invoke.

Bug#813272: RM: guile-1.8/1.8.8+1-10

[Rob Browning]

Mattia Rizzolo <mat...@debian.org> writes:

> Package: release.debian.org
> X-Debbugs-Cc: guile-...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: rm
>
>
> According to the maintainer (and several other people) guile-1.8 should
> not be release in Stretch, and it's already too much it ended up in
> Jessie.  See #760986
>
> Please remove it from stretch now, it's not being autoremoved because
> it's in key_packages (for it's popcon, apparently…).
> After the removal #783684 should prevent it's coming back.
>
> A clean solution (according to my tests with dak rm) would be
>
> remove guile-1.8/1.8.8+1-10 lilypond/2.18.2-4.1 denemo/2.0.0-0.1 
> songwrite/0.14-10 frescobaldi/2.18.1+ds1-3

I just fixed trackballs, but we're still waiting on at least lilypond.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Bug#780042: unblock: emacs24/24.4+1-5

[Rob Browning]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please consider emacs24 24.4.1+1-5 for jessie.  As compared to the
current 4.1 version, this release should fix two bugs.

  * Add a Breaks for an older version of apel that newer versions of
Emacs can't compile:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775564

  * Add a Conflicts for an obsolete package that was breaking newer
Gnus:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767949

This version also adjusts the 4.1 NMU patch (to startup.el) to match the
other patches (including the Debian NEWS header, etc).  The content
should be identical.

The changelog entry:

  emacs24 (24.4+1-5) unstable; urgency=medium

* emacs24-common: conflict with obsolete gnus-bonus-el package.
  Thanks to Hilko Bengen for reporting the problem. (Closes: 767949)

* Add Breaks: apel ( 10.8+0.20120427-4) to emacs24-common to fix
  a byte-compilation problem with older versions of the package.
  Thanks to Łukasz Stelmach for the report and Sébastien Villemot
  for tracking down the correct version. (Closes: 775564)

   -- Rob Browning r...@defaultvalue.org  Sat, 07 Mar 2015 13:25:57 -0600

And the debdiff (which excludes the automatically generated
debian/control):

diff -Nru emacs24-24.4+1/debian/.git-dpm emacs24-24.4+1/debian/.git-dpm
--- emacs24-24.4+1/debian/.git-dpm	2014-10-25 14:40:41.0 -0500
+++ emacs24-24.4+1/debian/.git-dpm	2015-03-07 13:33:35.0 -0600
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-ab7f768c51efc79f100d01ce4f3d6c5bad12be32
-ab7f768c51efc79f100d01ce4f3d6c5bad12be32
+be3e084c88ddd5292f485fd59216d016fec6ba99
+be3e084c88ddd5292f485fd59216d016fec6ba99
 fa54b24bfb46d6799598ccd7639c5ad7c02df252
 fa54b24bfb46d6799598ccd7639c5ad7c02df252
 emacs24_24.4+1.orig.tar.bz2
diff -Nru emacs24-24.4+1/debian/changelog emacs24-24.4+1/debian/changelog
--- emacs24-24.4+1/debian/changelog	2014-12-09 09:25:45.0 -0600
+++ emacs24-24.4+1/debian/changelog	2015-03-07 13:33:35.0 -0600
@@ -1,3 +1,15 @@
+emacs24 (24.4+1-5) unstable; urgency=medium
+
+  * emacs24-common: conflict with obsolete gnus-bonus-el package.
+Thanks to Hilko Bengen for reporting the problem. (Closes: 767949)
+
+  * Add Breaks: apel ( 10.8+0.20120427-4) to emacs24-common to fix
+a byte-compilation problem with older versions of the package.
+Thanks to Łukasz Stelmach for the report and Sébastien Villemot
+for tracking down the correct version. (Closes: 775564)
+
+ -- Rob Browning r...@defaultvalue.org  Sat, 07 Mar 2015 13:25:57 -0600
+
 emacs24 (24.4+1-4.1) unstable; urgency=medium
 
   * Non-maintainer upload.
--- emacs24-24.4+1/debian/control.in	2014-10-25 14:41:42.0 -0500
+++ emacs24-24.4+1/debian/control.in	2015-03-07 13:33:35.0 -0600
@@ -99,7 +99,8 @@
 Architecture: all
 Depends: emacsen-common (= 2.0.8), dpkg (= 1.15.4) | install-info, ${shlibs:Depends}, ${misc:Depends}
 Suggests: @DEB_FLAVOR@-el, @DEB_FLAVOR@-common-non-dfsg
-Conflicts: @DEB_FLAVOR@-el ( ${Source-Version}), cedet, eieio, speedbar
+Conflicts: @DEB_FLAVOR@-el ( ${Source-Version}), cedet, eieio, speedbar, gnus-bonus-el
+Breaks: apel ( 10.8+0.20120427-4)
 Description: GNU Emacs editor's shared, architecture independent infrastructure
  GNU Emacs is the extensible self-documenting text editor.
  This package contains the architecture independent infrastructure
diff -Nru emacs24-24.4+1/debian/patches/0009-Nil-load-path-elements-shouldn-t-crash-Emacs.patch emacs24-24.4+1/debian/patches/0009-Nil-load-path-elements-shouldn-t-crash-Emacs.patch
--- emacs24-24.4+1/debian/patches/0009-Nil-load-path-elements-shouldn-t-crash-Emacs.patch	1969-12-31 18:00:00.0 -0600
+++ emacs24-24.4+1/debian/patches/0009-Nil-load-path-elements-shouldn-t-crash-Emacs.patch	2015-03-07 13:33:35.0 -0600
@@ -0,0 +1,41 @@
+From be3e084c88ddd5292f485fd59216d016fec6ba99 Mon Sep 17 00:00:00 2001
+From: Glenn Morris r...@gnu.org
+Date: Sun, 9 Nov 2014 23:12:37 -0800
+Subject: Nil load-path elements shouldn't crash Emacs
+
+This upstream patches has been added:
+
+  * lisp/startup.el (command-line): Handle nil elements in load-path.
+
+Origin: upstream, http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=edfdb22f674312389ccf5d5e37efa4d3f1516994
+Bug-Debian: http://bugs/debian.org/768751
+Added-by: Rob Browning r...@defaultvalue.org
+---
+ lisp/ChangeLog  | 4 
+ lisp/startup.el | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/lisp/ChangeLog b/lisp/ChangeLog
+index 781b3ab..b162ebc 100644
+--- a/lisp/ChangeLog
 b/lisp/ChangeLog
+@@ -1,3 +1,7 @@
++2014-11-10  Glenn Morris  r...@gnu.org
++
++	* startup.el (command-line): Handle nil elements in load-path.
++
+ 2014-10-20  Glenn Morris  r...@gnu.org
+ 
+ 	* Version 24.4 released.
+diff --git a/lisp/startup.el b/lisp/startup.el
+index c4f9f79..1ef2556 100644
+--- a/lisp/startup.el
 b/lisp/startup.el
+@@ -1336,6

Re: [Pkg-electronics-devel] Bug#746003: Bug#760986: RM: guile-1.8 -- ROM; replaced by guile-2.0

[Rob Browning]

أحمد المحمودي aelmahmo...@users.sourceforge.net writes:

 [1] It has been in git 
 (https://anonscm.debian.org/cgit/collab-maint/g-wrap.git) since 8 months 
 ago, yet Hideki Yamane forgot to upload for some reason, hopefully he 
 will upload it soon.

I'm skeptical about uploading a major new upstream version when there's
effectively no Debian maintainer for it.

Assuming we do end up keeping Guile 1.8 in jessie (which we may, perhaps
for lilypond, if nothing else), then I suppose we'll have to decide
which is worse: leaving the existing unmaintained 1.8-based packages(s)
alone, or making major upstream release NMUs, with no active maintainers
to back them up.

Of course the alternative is to just remove the relevant 1.8-based
packages from Debian, which is what the Guile upstream has requested --
i.e. they'd prefer that when possible we just remove any packages from
Debian that have Guile 2.0 support upstream, but not in Debian.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87mw8eij9p@trouble.defaultvalue.org

Re: [Pkg-electronics-devel] Bug#746003: Bug#760986: RM: guile-1.8 -- ROM; replaced by guile-2.0

[Rob Browning]

أحمد المحمودي aelmahmo...@users.sourceforge.net writes:

   It's not a new upstream version.

Ahh, apologies -- I was thinking of a different package.

But in any case, the experimental g-wrap hasn't actually built
everywhere, so someone still has to handle that first:

  https://buildd.debian.org/status/package.php?p=g-wrapsuite=experimental

Afterward, and once we're sure the new g-wrap actually works correctly
(or at least reasonably) with guile-2.0, we'll have to deal with the
rdepends, i.e. guile-cairo and guile-gnome-platform.  Both will have to
be updated for 2.0, tested, and then migrate in tandem with the new
g-wrap.

Hence my feeling that we need active maintainers for whichever of these
are to remain in Debian.  I might considering helping with that
eventually, but probably not in the short term.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87h9ymi0z9@trouble.defaultvalue.org

Inclusion or exclusion of Emacs 24.4 (jessie)

[Rob Browning]

I've uploaded emacs24 24.4+1-1 to experimental, and it seems fine on the
buildds now (at least the ones that have taken it):

  https://buildd.debian.org/status/package.php?p=emacs24suite=experimental

And I suspect 24.4 may be easier to support, including the facility of
upstream help.  For what it's worth, they're quite responsive, and I
believe are in favor of inclusion.

But it does represent a large change right up against the freeze
migration threshold deadline (tomorrow?).

Thoughts?
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87ioj9l6us@trouble.defaultvalue.org

Re: Bug#760986: RM: guile-1.8 -- ROM; replaced by guile-2.0

[Rob Browning]

Jonathan Wiltshire j...@debian.org writes:

 On 2014-10-13 03:51, Rob Browning wrote:
 Luca Falavigna dktrkr...@debian.org writes:

 g-wrap [1]
 guile-gnome-platform [1]
 guile-cairo

Leaving these alone for the moment, since as mentioned I *might* attempt
to handle one or more of them myself (with some help from upstream).

But I may well not, so again, if anyone's interested, please go ahead.

 beast
 freetalk
 anubis

Filed removal requests.

I was tempted to file a removal request for trackballs, but perhaps I'll
wait for now.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87a94x41bw@trouble.defaultvalue.org

Re: Bug#760986: RM: guile-1.8 -- ROM; replaced by guile-2.0

[Rob Browning]

Jonathan Wiltshire j...@debian.org writes:

 Some personal observations.

 On 2014-10-13 03:51, Rob Browning wrote:

 I've also been told that drgeo no longer uses Guile upstream.

 Is there any way to tell for sure?

It looks like the current download available here http://www.drgeo.eu/
may be Smalltalk now.

 ftp-masters will be able to confirm, but I *think* swig2.0 version 
 2.0.11-1.1 (with its build-depends on guile-1.8-dev) is being kept 
 around for sparc, where the new version does not yet build because of a 
 missing build-dep on ruby2.1. Thus dak rightly complains when asked to 
 remove it.

OK, I think that rings a bell.

Thanks for the help.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87vbnogj7c@trouble.defaultvalue.org

Re: Bug#760986: RM: guile-1.8 -- ROM; replaced by guile-2.0

[Rob Browning]

Luca Falavigna dktrkr...@debian.org writes:

 These are the reverse dependencies to be fixed before removing this
 package:

Right -- I was hoping to try to reach a decision this week with respect
to jessie.

Here's what I hope is a reasonably accurate summary of the situation.

As a general comment, people on #guile (including one of the upstream
Guile maintainers) have said that at this point, they would prefer that
we remove packages from jessie that support Guile 2.0 upstream, but
still depend on 1.8 in Debian (though we might or might not keep them in
unstable).  This was mentioned in particular, with respect to g-wrap,
guile-cairo, and guile-gnome-platform.

As an overall summary:

  - There are a few packages that we might want to remove from jessie
for now (but they're likely to return later if/when they have an
active maintainer -- guile-cairo, etc.[1]).

  - There's at least one package that has an active maintainer, and is
actively being ported upstream, but that probably won't be ready for
jessie (lilypond).

  - There are a number of packages that are more or less unmaintained,
or may otherwise be unsuitable for continued inclusion in Debian.

  - Guile 1.8 is no longer maintained upstream, and hasn't been since
2010.

[1] Though apparently g-wrap, guile-cairo, and guile-gnome-platform may
be easy to NMU for 2.0 -- if I get enough time *immediately*, I
might try to help there.  Anyone else interested should talk to Mark
(cc'ed above).

In the end, the question is whether or not, on balance, we're better off
with or without guile-1.8 in jessie.

 anubis

No response wrt 2.0: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745989
Last non-NMU: 2009-09

 beast

No response wrt 2.0: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745991
Last non-NMU: 2013-02 

 drgeo

Some response from the maintainer in May, but nothing since:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707903

Last non-NMU appears to be 2012-05

I've also been told that drgeo no longer uses Guile upstream.

 freetalk

No response wrt 2.0: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745997
Last non-NMU: 2012-06

 g-wrap [1]

Only response wrt 2.0 is a mention of an upload that's been in
experimental for two years, but no response from the maintainer:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761210

Last non-experimental upload: 2012-05

 guile-cairo [1]

Looks like this may just be waiting on a testing transition, which may
have been blocked by a (now fixed) problem with guile-2.0 on arm*.  If
so, it should just need a rebuild on arm*.

Though #guile warned that this NMU may or may not play nice with the
current guile-gnome-platform (below), depending on exactly how the NMU
was handled,

 guile-gnome-platform [1]

No response wrt 2.0: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761211

Last non-NMU: 2012-06

 gwave

This may be dependent on the guile-cairo update.

 lilypond

Upgrade to 2.0 won't be ready upstream in time for jessie, so removing
guile-1.8 would imply removing lilypond.

 texmacs

Last information was that upstream doesn't support 2.0 yet

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731787

but texmacs may also not be currently suitable for Debian for other
reasons?

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711383

 trackballs

No response wrt 2.0: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746011

Last non-NMU: 2007-12

 swig2.0

I'm probably just missing something obvious, but I'm not sure why this
is still listed -- 2.0.12-1 appears to be in testing, and it is supposed
to have migrated to guile-2.0.  Looking in the control file I also don't
see any obvious guile-1.8 deps...

 graphviz

Hmm, dak ... -s testing -Rn guile-1.8 doesn't list it, but maybe -s
testing isn't working right?  In any case, I imagine it's the swig dep
above.

 guile-1.8-non-dfsg/non-free

Should be removed iff guile-1.8 is.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4skhecf@trouble.defaultvalue.org

Re: emacsen-common 2.0.4 - acceptable for wheezy?

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 Thanks for the review. Rob - please feel free to go ahead.

emacsen-common 2.0.5 has been uploaded to unstable.  Please let me know
if you have any trouble.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87txqpag9y@trouble.defaultvalue.org

Re: emacsen-common 2.0.4 - acceptable for wheezy?

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 On Sun, 2012-12-09 at 17:03 -0600, Rob Browning wrote:
 And when I submit 2.0.5 here, should I include the debdiff against
 2.0.4, or the full debdiff against what's currently in wheezy (i.e
 including the 2.0.4 and 2.0.5 diffs)?

 We'd like at least the latter for review purposes; feel free to include
 an incremental debdiff as well if you think it'd help / be useful.

OK, so here's the new version (2.0.5).  Note that the new (2.0.5
specific) changes have also been examined and tested by Sébastien
Villemot, which you can see at the end of the bug thread here:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693472

Please let me know if I you think I should proceed with an upload to
unstable (for wheezy).

diff -Nru emacsen-common-2.0.3/debian/changelog emacsen-common-2.0.5/debian/changelog
--- emacsen-common-2.0.3/debian/changelog	2012-05-22 22:55:35.0 -0500
+++ emacsen-common-2.0.5/debian/changelog	2012-12-12 20:21:04.0 -0600
@@ -1,3 +1,42 @@
+emacsen-common (2.0.5) unstable; urgency=low
+
+  * Don't ignore dependency install scripts in emacs-package-install.  The
+previous code didn't actually update the script name properly in the
+loop where it was trying to install all of an add-on package's
+dependencies.  As a result, none of the dependencies' install scripts
+were actually invoked. Thanks to Sébastien Villemot
+sebast...@debian.org for tracking down the problem, and providing
+the patch. (closes: #693472)
+
+  * Invoke each add-on install script correctly as new-style or old-style.
+Previously, emacs-package-install would invoke all of the add-on
+install scripts in a dependency chain as either old-style or
+new-style, based solely on whether or not the package that triggered
+the install was old-style or new-style.  Now it should invoke each
+package's install script based on whether or not the package itself is
+new-style or old-style, as determined by the presence or absence of
+the policy-required /usr/lib/emacsen-common/packages/compat/PACAKGE
+file.  Thanks to Sébastien Villemot sebast...@debian.org for the
+report.  (closes: #693472)
+
+ -- Rob Browning r...@defaultvalue.org  Wed, 12 Dec 2012 20:15:05 -0600
+
+emacsen-common (2.0.4) unstable; urgency=low
+
+  * Don't use the obsolete calc package as a policy example.
+Thanks to A. N. Other a.n.other.deb...@gmail.com for the report.
+(closes: #674181)
+
+  * Don't override /usr/local/* load-path entries in debian-run-directories.
+Previously, debian-run-directories would prepend all of the add-on
+package paths to load-path, which meant that (in violation of Debian
+policy) /usr/local wouldn't preceed the other entries.
+Thanks to Hendrik Tews hend...@askra.de for the report and Kevin
+Ryde use...@zip.com.au for an initial suggested patch -- posted to
+#454778. (closes: #676424)
+
+ -- Rob Browning r...@defaultvalue.org  Sun, 02 Dec 2012 16:03:18 -0600
+
 emacsen-common (2.0.3) unstable; urgency=low
 
   * Move #DEBHEPLER# up in the postinst to avoid an emacs complaint about
diff -Nru emacsen-common-2.0.3/debian-emacs-policy emacsen-common-2.0.5/debian-emacs-policy
--- emacsen-common-2.0.3/debian-emacs-policy	2012-05-14 19:00:38.0 -0500
+++ emacsen-common-2.0.5/debian-emacs-policy	2012-05-27 12:20:49.0 -0500
@@ -312,11 +312,9 @@
 
It's been suggested, and is probably a good idea that maintainers
switch to using autoload rather than load when possible in their
-   site-start.d files.
-
-   For example, instead of (load some-package), you should use
-   autoloads for all the top level, user visible functions.  Currently
-   the calc package has a good example of this.
+   site-start.d files.  For example, instead of (load some-package),
+   you should use autoloads for all the top level, user visible
+   functions.
 
 
 
diff -Nru emacsen-common-2.0.3/debian-startup.el emacsen-common-2.0.5/debian-startup.el
--- emacsen-common-2.0.3/debian-startup.el	2012-02-11 16:06:54.0 -0600
+++ emacsen-common-2.0.5/debian-startup.el	2012-12-02 19:20:28.0 -0600
@@ -73,14 +73,14 @@
 (nreverse result)))
 
 (defun debian-run-directories (rest dirs)
-
   Load each file of the form XXfilename.el or XXfilename.elc in any
 of the dirs, where XX must be a number.  The files will be run in
 alphabetical order.  If a file appears in more than one of the dirs,
 then the earlier dir takes precedence, and a .elc file always
 supercedes a .el file of the same name.
 
-  (let* ((paths dirs)
+  (let* ((paths (mapcar 'copy-sequence dirs)) ; Ensure we have unique objects.
+
  ;; Get a list of all the files in all the specified
  ;; directories that match the pattern.
  (files
@@ -89,10 +89,9 @@
   (lambda (dir) 
 (directory-files dir nil ^[0-9][0-9].*\\.elc?$ t))
   paths

Re: emacsen-common 2.0.4 - acceptable for wheezy?

[Rob Browning]

(Release team: please see the end of this message in particular...)

intrigeri intrig...@debian.org writes:

 I removed a bit of the dust accumulated on my elisp skills and
 reviewed the proposed changes. They look sane.
 (Disclaimer: I'm not a release team member.)

 I've tested the proposed patch with emacs24 on Wheezy, and the diff
 between the resulting load-path's (patched vs. unpatched) looks good:
 /etc/emacs and /usr/local are now indeed listed before the add-ons
 directories.

That's great -- thanks.

 It still looks like magic to me how the add-ons directories end up in
 load-path at all, given it looks like we remove them in
 debian-run-directories, immediately after letting the startup hooks
 add them, but still, they do end up where they should, so I guess I'm
 missing some bits of the Emacs startup big picture and I don't worry
 about it :)

Right.  I believe newer versions of Emacs automatically add directories
in some situations.  As I recently mentioned elsewhere, I think it might
be worth taking some time to review the way we handle the load-path in
light of those changes, but that probably can (and should) wait until
after Wheezy.

 +Thanks to Hendrik Tews hend...@askra.de for the report and Kevin
 +Ryde use...@zip.com.au for an initial suggested patch -- posted to
 +#454778. (closes: #676424)

 Shouldn't #454778 be closed by this upload too, then?

Possibly.  Also...


Release team: at this point, please hold off on 2.0.4 -- another bug has
been discovered that should probably also be included in wheezy:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693472

I'm waiting to see if Sébastien has time to review my fix, and then I'll
generate a 2.0.5 and resubmit.

And when I submit 2.0.5 here, should I include the debdiff against
2.0.4, or the full debdiff against what's currently in wheezy (i.e
including the 2.0.4 and 2.0.5 diffs)?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87r4mybzg0@trouble.defaultvalue.org

Re: lockfile-progs 0.1.17 might be candidate for wheezy

[Rob Browning]

Julien Cristau jcris...@debian.org writes:

 On Sun, Dec  2, 2012 at 11:55:53 -0600, Rob Browning wrote:

 
 Please feel free to ignore this, but there were a few bugfixes in
 lockfile-progs 0.1.17 (just uploaded to sid) that I thought might make
 it appropriate for consideration for wheezy:
 
 Unblocked.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/874nk2ae21@trouble.defaultvalue.org

lockfile-progs 0.1.17 might be candidate for wheezy

[Rob Browning]

Please feel free to ignore this, but there were a few bugfixes in
lockfile-progs 0.1.17 (just uploaded to sid) that I thought might make
it appropriate for consideration for wheezy:

  1) No longer (unintentionally) includes .git* in the source package.

  2) Fixes cross-build problem. (Closes: #694842)

  3) No longer documents -p, but then ignores it. (Closes: #686057)

The latter fix means that -p (--use-pid) will actually work.
Previously, the lockfile-progs would just accept and ignore -p, which
means that you would think that --use-pid was in effect, when it wasn't.

   -p, --use-pid
   Write the parent process id (PPID) to the lockfile whenever a  lock‐
   file  is  created, and use that pid when checking a lock's validity.
   See the  lockfile_create(3)  manpage  for  more  information.   This
   option  applies  to  lockfile-create and lockfile-check.  NOTE: this
   option will not work correctly between machines sharing  a  filesys‐
   tem.

Below should be the precise changes (ignoring the removal of .git*) from
0.0.16.

Thanks, and let me know if you'd like any further information.

diff -Nru --exclude .git --exclude .gitignore 
lockfile-progs-0.1.16/debian/changelog lockfile-progs-0.1.17/debian/changelog
--- lockfile-progs-0.1.16/debian/changelog  2011-09-25 10:28:48.0 
-0500
+++ lockfile-progs-0.1.17/debian/changelog  2012-12-01 12:17:33.0 
-0600
@@ -1,3 +1,18 @@
+lockfile-progs (0.1.17) unstable; urgency=low
+
+  * Add p to getopt_long()'s short options so the -p arg will actually 
work.
+As the manpage states, -p was intended to be the short argument for
+--use-pid, but since p wasn't added to the getopt_long()
+optstring, it didn't actually work.  Fix it.
+Thanks to Michael Deegan b...@wibble.darktech.org for the report.
+(Closes: #686057)
+
+  * Fix cross-builds; use the cross-compiler when cross-building.
+Thanks to Colin Watson cjwat...@ubuntu.com for the report and the
+patch. (Closes: #694842)
+
+ -- Rob Browning r...@defaultvalue.org  Sat, 01 Dec 2012 12:16:09 -0600
+
 lockfile-progs (0.1.16) unstable; urgency=low
 
   * Remove unused rc variable in chk() to silence gcc warning.
diff -Nru --exclude .git --exclude .gitignore 
lockfile-progs-0.1.16/debian/rules lockfile-progs-0.1.17/debian/rules
--- lockfile-progs-0.1.16/debian/rules  2010-06-12 12:40:56.0 -0500
+++ lockfile-progs-0.1.17/debian/rules  2012-12-01 11:58:50.0 -0600
@@ -1,7 +1,14 @@
 #!/usr/bin/make -f
-# Copyright 1998 Rob Browning r...@defaultvalue.org
+# Copyright 1998-2012 Rob Browning r...@defaultvalue.org
 # This file is covered under the terms of the Gnu Public License.
 
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+export CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
 export CFLAGS := -DDEBIAN -O2 -g
 export LDFLAGS := -g
 
diff -Nru --exclude .git --exclude .gitignore 
lockfile-progs-0.1.16/lockfile-progs.c lockfile-progs-0.1.17/lockfile-progs.c
--- lockfile-progs-0.1.16/lockfile-progs.c  2011-08-21 18:28:53.0 
-0500
+++ lockfile-progs-0.1.17/lockfile-progs.c  2012-12-01 11:34:13.0 
-0600
@@ -122,7 +122,7 @@
 
   int usage_error = 0;
   int opt_result;
-  const char *short_opts = r:olqv;
+  const char *short_opts = r:oplqv;
   struct option long_opts[] = {
 { retry, required_argument, NULL, 'r' },
 { oneshot, no_argument, NULL, 'o' },
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8738zowd7a@trouble.defaultvalue.org

Bug#687108: Request freeze exception for emacs23 23.4+1-4 and emacs-defaults 45.0

[Rob Browning]

Package: release.debian.org

As discussed previously, I've finished and uploaded the packages to fix
the emacs{23,24} binary metapackage problem.  I've dropped the emacs
binary package from emacs{23,24}, and created a new gcc-defaults-style
emacs-defaults metapackage to provide it.

The emacs23 23.4+1-4 package also includes a fix for CVE-2012-3479.
Please consider both packages for inclusion in wheezy, and let me know
if you need me to fix anything.

Here's the emacs23 debdiff:

diff -Nru emacs23-23.4+1/debian/.git-dpm emacs23-23.4+1/debian/.git-dpm
--- emacs23-23.4+1/debian/.git-dpm	2012-04-07 14:34:57.0 -0500
+++ emacs23-23.4+1/debian/.git-dpm	2012-09-08 14:58:21.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-c566c20428a35fb0d29960819ef0034808f4cd12
-c566c20428a35fb0d29960819ef0034808f4cd12
+e53a987370a1ea362b4247d4a621257c28f35f52
+e53a987370a1ea362b4247d4a621257c28f35f52
 4edc7f7569f39278c30a9a64da6e0b313bbed458
 4edc7f7569f39278c30a9a64da6e0b313bbed458
 emacs23_23.4+1.orig.tar.bz2
diff -Nru emacs23-23.4+1/debian/changelog emacs23-23.4+1/debian/changelog
--- emacs23-23.4+1/debian/changelog	2012-04-07 14:36:04.0 -0500
+++ emacs23-23.4+1/debian/changelog	2012-09-08 15:01:04.0 -0500
@@ -1,3 +1,20 @@
+emacs23 (23.4+1-4) unstable; urgency=high
+
+  * Add 0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch.
+Don't eval code when enable-local-variables is :safe.  Previously,
+Emacs might eval forms in file-local variable sections even when
+the Emacs user option `enable-local-variables' was set to :safe
+(CVE-2012-3479).  Please see the patch for additional details.
+Thanks to Henri Salo he...@nerv.fi for the report.
+(Closes: #684695)
+
+  * Stop producing the emacs binary metapackage.  Move the emacs
+binary metapackage to its own source package (emacs-defaults,
+cf. gcc-defaults).  This will prevent emacs23 and emacs24 from
+producing the same binary package.
+
+ -- Rob Browning r...@defaultvalue.org  Sat, 08 Sep 2012 14:59:52 -0500
+
 emacs23 (23.4+1-3) unstable; urgency=low
 
   * Add 0017-Initialize-xgselect-in-function-xg_select-when-gfds_.patch.
diff -Nru emacs23-23.4+1/debian/control emacs23-23.4+1/debian/control
--- emacs23-23.4+1/debian/control	2012-04-07 14:36:40.0 -0500
+++ emacs23-23.4+1/debian/control	2012-09-08 15:04:44.0 -0500
@@ -12,15 +12,6 @@
 Homepage: http://www.gnu.org/software/emacs/
 Standards-Version: 3.7.2
 
-Package: emacs
-Architecture: all
-Depends: emacs23 | emacs23-lucid | emacs23-nox, ${misc:Depends}
-Provides: emacsen, editor, mail-reader, news-reader
-Description: The GNU Emacs editor (metapackage)
- GNU Emacs is the extensible self-documenting text editor.
- This is a metapackage which will always depend on the latest Emacs
- release.
-
 Package: emacs23-lucid
 Architecture: any
 Depends: emacs23-bin-common (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
diff -Nru emacs23-23.4+1/debian/control.in emacs23-23.4+1/debian/control.in
--- emacs23-23.4+1/debian/control.in	2012-04-07 14:34:56.0 -0500
+++ emacs23-23.4+1/debian/control.in	2012-09-08 14:59:26.0 -0500
@@ -12,15 +12,6 @@
 Homepage: http://www.gnu.org/software/emacs/
 Standards-Version: 3.7.2
 
-Package: emacs
-Architecture: all
-Depends: @DEB_FLAVOR@ | @DEB_FLAVOR@-lucid | @DEB_FLAVOR@-nox, ${misc:Depends}
-Provides: emacsen, editor, mail-reader, news-reader
-Description: The GNU Emacs editor (metapackage)
- GNU Emacs is the extensible self-documenting text editor.
- This is a metapackage which will always depend on the latest Emacs
- release.
-
 Package: @DEB_FLAVOR@-lucid
 Architecture: any
 Depends: @DEB_FLAVOR@-bin-common (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
diff -Nru emacs23-23.4+1/debian/patches/0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch emacs23-23.4+1/debian/patches/0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch
--- emacs23-23.4+1/debian/patches/0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch	1969-12-31 18:00:00.0 -0600
+++ emacs23-23.4+1/debian/patches/0018-Don-t-eval-code-when-enable-local-variables-is-safe.patch	2012-09-08 14:58:21.0 -0500
@@ -0,0 +1,63 @@
+From e53a987370a1ea362b4247d4a621257c28f35f52 Mon Sep 17 00:00:00 2001
+From: Glenn Morris r...@gnu.org
+Date: Tue, 7 Aug 2012 14:41:39 -0400
+Subject: Don't eval code when enable-local-variables is :safe.
+
+Emacs should no longer eval code when enable-local-variables is :safe.
+
+Previously, Emacs might eval forms in file-local variable sections
+even when the Emacs user option `enable-local-variables' was set to
+:safe.  This patch fixes CVE-2012-3479:
+
+  http://security-tracker.debian.org/tracker/CVE-2012-3479
+
+Origin: upstream, commit: 108092 (90c310d22c6f06332257c816253c642fd2bf90aa)
+Added-by: Rob Browning r...@defaultvalue.org
+Provided-By: Glenn Morris  r...@gnu.org
+Bug: http://debbugs.gnu.org/cgi/bugreport.cgi?bug

Re: Fixing mess involving emacs23, emacs24, and the emacs metapackage

[Rob Browning]

Julien Cristau jcris...@debian.org writes:

 Really shouldn't use the emacs version as epoch.  That's also not what
 gcc does.

Right -- not going to do that.  I'm just going to use a sufficiently
large native version, i.e. 45.0.

So now it looks like I need to upload two changes for emacs23 for
wheezy: this change to remove the emacs binary package, and a CVE fix
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684695).  So first
question -- do you want both changes in the same upload?

Second -- do I recall correctly that you'd like to see the
emacs-defaults package first, then the emacs23 src package that removes
the emacs binary package?

Just want to make sure I don't handle things in an order that actually
slows you down.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ipc6x5p2@trouble.defaultvalue.org

Re: Fixing mess involving emacs23, emacs24, and the emacs metapackage

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 [Added Rob to recipients, as I assumed he's not subscribed]

(Thanks, I'm not.)


 On 01.08.2012 13:04, Axel Beckert wrote:
 Rob Browning wrote:

 ... a bit of discussion on IRC produced a plan that I'd like to vet
 here:

   - Upload a new emacs23 to for wheezy that doesn't provide the
 emacs binary.
   - Upload a new emacs-defaults for wheezy that provides the emacs
 binary.
   - Upload a new emacs24 to unstable that doesn't provide the emacs
 binary.

 With providing binary, do you mean building a binary package or
 containing a compiled binary file as in /usr/bin/emacs?

 The latter would likely break update-alternatives and non-trivial to
 package, so I suspect you think of the emacs binary-_package_ being
 built by the new emacs-defaults source-package.

 That's what was discussed on IRC, yes.  emacs-defaults would be a new
 source package building a single arch:all binary package named
 emacs, with the same semantics as the existing package of that name
 produced from emacs2{3,4}.

Hmm, (thinking it through...) at least in the most naive approach, the
emacs binary package wouldn't actually contain /usr/bin/emacs, it would
just depend on (for example) emacs23 | emacs23-nox | emacs23-lucid,
and would leave it up to all of the installed emacs??{,-nox,-lucid}
packages to determine what /usr/bin/emacs actually is (via
update-alternatives).

So if the user had emacs23, emacs24, and emacs installed, /usr/bin/emacs
would be set to /usr/bin/emacs24 because that option has the highest
priority.

Though I suppose there are a number of other variations wrt how the new
emacs package could work, each with different semantics, and I don't
think what's described above is how gcc-defaults works.

 With regards to the version of the emacs-defaults source package (or
 at least the new emacs binary-package, AFAICS it'll need an epoch
 added to go down from 24 to 23 again, i.e. use 1:23.$something.

 Well, 1:23 would seem to work fine as well, given that it would
 presumably be a native package.

At first, I wondered why the version would matter as long as it's higher
than whatever's currently available in the archive wrt Package: emacs,
but I suppose it might be aesthetically more pleasing if the emacs
package version matched the emacs version it's recommending.

I suppose we could do what gcc-defaults does, i.e. 4:4.7.1-1, or in this
case 23:*.  That might be reasonable.

 Rob - as no-one has raised any objections or other suggestions, I
 think we should move forward with this.  Assuming it matches the plan
 as above, please feel free to go ahead with the upload of
 emacs-defaults and let us know once it hits NEW so that we can smile
 nicely at the ftp-team.  I'd suggest we get that step sorted out
 before the uploads of emacs2{3,4} dropping the meta-package.

OK, will do, and feel free to shout if I'm doing something wrong, or if
you realize that I should do something differently.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/871ujhrmon@trouble.defaultvalue.org

Fixing mess involving emacs23, emacs24, and the emacs metapackage

[Rob Browning]

I made a bit of a mess with respect to the emacs metapackage in unstable
and wheezy that I'd like to fix.

The problem is that both emacs23 and emacs24 provide the emacs
metapackage, and of course, at DebConf, Adam pointed out that as soon as
we need updates to emacs23, we'll have a problem.

One plausible solution would be to just move the emacs metapackage to
its own emacs-defaults source package (a la gcc-defaults), and so a bit
of discussion on IRC produced a plan that I'd like to vet here:

  - Upload a new emacs23 to for wheezy that doesn't provide the emacs binary.
  - Upload a new emacs-defaults for wheezy that provides the emacs binary.
  - Upload a new emacs24 to unstable that doesn't provide the emacs binary.

This would require two freeze exceptions, one for the updated emacs23
package, and one for the new (trivial) emacs-defaults package.

Please let me know if that sounds reasonable, or if you have some other
way you'd rather handle the problem.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ipd7vfrk@trouble.defaultvalue.org

Bug#682908: Freeze exception request: emacs24/24.1+1-4

[Rob Browning]

Philipp Kern pk...@debian.org writes:

 Is emacs23 in good shape for the release? 

I don't think there's a lot of RC work, but I need to check a few things
there (and with emacsen-common).

 PS: Your efforts fixing it up are appreciated, but it's just way too late to
 add a new package at this point that might cause other packages to need
 modifications.

Understandable, and no problem.

Just to double-check, do I need to do anything to have emacs24 pulled
from testing (or is that documented somewhere I should read)?

Thanks for the help.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87fw8dgshe@trouble.defaultvalue.org

Bug#682908: Freeze exception request: emacs24/24.1+1-4

[Rob Browning]

Julien Cristau jcris...@debian.org writes:

 On Fri, Jul 27, 2012 at 09:59:25 -0500, Rob Browning wrote:

 Just to double-check, do I need to do anything to have emacs24 pulled
 from testing (or is that documented somewhere I should read)?
 
 It's not in testing, and has never been there.

Oh, OK.  I must have just misunderstood the initial circumstances for
-1.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87vch9f8bs@trouble.defaultvalue.org

Bug#682908: Freeze exception request: emacs24/24.1+1-4

[Rob Browning]

Package: release.debian.org
Severity: normal

Emacs 24.1 was recently released upstream, and emacs24 24.1+1-1 made it
for the freeze, but just barely.

Then it turned out there were some arch-specific FTBS problems that I
managed to track down, with help, during DebConf.  So now I wanted to
see if you thought that emacs24 might still be appropriate for Wheezy,
or if it just needs to be withdrawn.

I uploaded the last FTBS fix last week:

  https://buildd.debian.org/status/package.php?p=emacs24suite=sid

and since the original 24.4+1-1, there have been three changes:

  * Restrict libselinux1-dev build dependency to [linux-any] (#679679).
  * Don't check errno after fabs() -- fixes i386 builds. (upstream patch).
  * Use -O1 on ia64 (fix FTBS) -- this is a reversion to the emacs23 behavior.

Here are the significant bits of the -1 to -4 diff:

--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Build-Depends: bsd-mailx | mailx, libncurses5-dev, texinfo, liblockfile-dev, lib
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42),
  debhelper (= 7.0.50~), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev,
- libgnutls-dev, libxml2-dev, libselinux1-dev, libmagick++-dev,
+ libgnutls-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
  libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
 Homepage: http://www.gnu.org/software/emacs/
 Standards-Version: 3.7.2
--- a/debian/rules
+++ b/debian/rules
@@ -105,10 +105,12 @@ CFLAGS += -Wall
 LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
 
-LDFLAGS   += -g
-
 ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS += -O2
+  ifneq (,$(filter $(DEB_HOST_ARCH),ia64))
+# Fix a problem with newer versions of gcc on ia64.
+# See bugs #582439 and #679986.
+CFLAGS += -O1
+  endif # eq ia64
 endif
 
 joblimit := $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2012-07-17  Paul Eggert  egg...@cs.ucla.edu
+
+	* floatfns.c (Fabs): Do not wrap fabs inside IN_FLOAT (Bug#11913).
+	Unlike the other wrapped functions, fabs has an unspecified
+	effect on errno.
+
 2012-06-01  Chong Yidong  c...@gnu.org
 
 	* Version 24.1 released.
--- a/src/floatfns.c
+++ b/src/floatfns.c
@@ -676,7 +676,7 @@ DEFUN (abs, Fabs, Sabs, 1, 1, 0,
   CHECK_NUMBER_OR_FLOAT (arg);
 
   if (FLOATP (arg))
-IN_FLOAT (arg = make_float (fabs (XFLOAT_DATA (arg))), abs, arg);
+arg = make_float (fabs (XFLOAT_DATA (arg)));
   else if (XINT (arg)  0)
 XSETINT (arg, - XINT (arg));
 

and here's the full debdiff:

diff -Nru emacs24-24.1+1/debian/.git-dpm emacs24-24.1+1/debian/.git-dpm
--- emacs24-24.1+1/debian/.git-dpm	2012-06-27 21:41:01.0 -0500
+++ emacs24-24.1+1/debian/.git-dpm	2012-07-17 19:23:17.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-c29cccb1d825523faf484808a699959766d71348
-c29cccb1d825523faf484808a699959766d71348
+6ac9d5dbfded9610d8208378a3be49b1ccd8fe9a
+6ac9d5dbfded9610d8208378a3be49b1ccd8fe9a
 dccb7aff653035782f95e87102338cabcd318122
 dccb7aff653035782f95e87102338cabcd318122
 emacs24_24.1+1.orig.tar.bz2
diff -Nru emacs24-24.1+1/debian/changelog emacs24-24.1+1/debian/changelog
--- emacs24-24.1+1/debian/changelog	2012-06-29 16:16:58.0 -0500
+++ emacs24-24.1+1/debian/changelog	2012-07-20 12:51:38.0 -0500
@@ -1,3 +1,27 @@
+emacs24 (24.1+1-4) unstable; urgency=low
+
+  * Fix FTBS on ia64 with -O1.  Remove redundant LDFLAGS+=-g and
+CFLAGS+=-O2.  See also: #582439. (Closes: #679986)
+
+ -- Rob Browning r...@defaultvalue.org  Fri, 20 Jul 2012 12:51:32 -0500
+
+emacs24 (24.1+1-3) unstable; urgency=low
+
+  * Add 0011-Don-t-use-IN_FLOAT-when-calling-fabs-since-it-may-cl.patch.
+Fix FTBS on i386 by adding an upstream patch to skip fabs() errno
+checking.  Since fabs() has no error conditions, it doesn't guarantee
+that it won't clobber errno.
+
+ -- Rob Browning r...@defaultvalue.org  Tue, 17 Jul 2012 19:25:59 -0500
+
+emacs24 (24.1+1-2) unstable; urgency=low
+
+  * Restrict libselinux1-dev build dependency to [linux-any].
+Thanks to James McCoy james...@debian.org for the report.
+(Closes: #679679)
+
+ -- Rob Browning r...@defaultvalue.org  Wed, 04 Jul 2012 19:16:00 -0500
+
 emacs24 (24.1+1-1) unstable; urgency=low
 
   * Upgrade to upstream version 24.1.
diff -Nru emacs24-24.1+1/debian/control emacs24-24.1+1/debian/control
--- emacs24-24.1+1/debian/control	2012-06-29 16:18:17.0 -0500
+++ emacs24-24.1+1/debian/control	2012-07-20 12:53:48.0 -0500
@@ -8,7 +8,7 @@
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42),
  debhelper (= 7.0.50~), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev,
- libgnutls-dev, libxml2-dev, libselinux1-dev, libmagick++-dev,
+ libgnutls-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 In any case, the fix is trivial, and I'll upload a -3 shortly that
 includes it.  After that, I'll foward a diff between -1 and -3 to
 debian-release, and then you can decide what you'd like to do.

I suppose it's probably time to consider whether or not emacs24 should
be included in wheezy.

I uploaded the last FTBS fix yesterday, and following 24.4+1-1, there
have been three changes:

  * Restrict libselinux1-dev build dependency to [linux-any] (#679679).
  * Don't check errno after fabs() -- fixes i386 builds. (upstream patch).
  * Use -O1 on ia64 (fix FTBS) -- this is a reversion to the emacs23 behavior.

Here are the significant bits:

--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Build-Depends: bsd-mailx | mailx, libncurses5-dev, texinfo, liblockfile-dev, lib
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42),
  debhelper (= 7.0.50~), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev,
- libgnutls-dev, libxml2-dev, libselinux1-dev, libmagick++-dev,
+ libgnutls-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
  libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
 Homepage: http://www.gnu.org/software/emacs/
 Standards-Version: 3.7.2
--- a/debian/rules
+++ b/debian/rules
@@ -105,10 +105,12 @@ CFLAGS += -Wall
 LDFLAGS = `dpkg-buildflags --get LDFLAGS`
 CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
 
-LDFLAGS   += -g
-
 ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS += -O2
+  ifneq (,$(filter $(DEB_HOST_ARCH),ia64))
+# Fix a problem with newer versions of gcc on ia64.
+# See bugs #582439 and #679986.
+CFLAGS += -O1
+  endif # eq ia64
 endif
 
 joblimit := $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2012-07-17  Paul Eggert  egg...@cs.ucla.edu
+
+	* floatfns.c (Fabs): Do not wrap fabs inside IN_FLOAT (Bug#11913).
+	Unlike the other wrapped functions, fabs has an unspecified
+	effect on errno.
+
 2012-06-01  Chong Yidong  c...@gnu.org
 
 	* Version 24.1 released.
--- a/src/floatfns.c
+++ b/src/floatfns.c
@@ -676,7 +676,7 @@ DEFUN (abs, Fabs, Sabs, 1, 1, 0,
   CHECK_NUMBER_OR_FLOAT (arg);
 
   if (FLOATP (arg))
-IN_FLOAT (arg = make_float (fabs (XFLOAT_DATA (arg))), abs, arg);
+arg = make_float (fabs (XFLOAT_DATA (arg)));
   else if (XINT (arg)  0)
 XSETINT (arg, - XINT (arg));
 

and here's the full debdiff:

diff -Nru emacs24-24.1+1/debian/.git-dpm emacs24-24.1+1/debian/.git-dpm
--- emacs24-24.1+1/debian/.git-dpm	2012-06-27 21:41:01.0 -0500
+++ emacs24-24.1+1/debian/.git-dpm	2012-07-17 19:23:17.0 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-c29cccb1d825523faf484808a699959766d71348
-c29cccb1d825523faf484808a699959766d71348
+6ac9d5dbfded9610d8208378a3be49b1ccd8fe9a
+6ac9d5dbfded9610d8208378a3be49b1ccd8fe9a
 dccb7aff653035782f95e87102338cabcd318122
 dccb7aff653035782f95e87102338cabcd318122
 emacs24_24.1+1.orig.tar.bz2
diff -Nru emacs24-24.1+1/debian/changelog emacs24-24.1+1/debian/changelog
--- emacs24-24.1+1/debian/changelog	2012-06-29 16:16:58.0 -0500
+++ emacs24-24.1+1/debian/changelog	2012-07-20 12:51:38.0 -0500
@@ -1,3 +1,27 @@
+emacs24 (24.1+1-4) unstable; urgency=low
+
+  * Fix FTBS on ia64 with -O1.  Remove redundant LDFLAGS+=-g and
+CFLAGS+=-O2.  See also: #582439. (Closes: #679986)
+
+ -- Rob Browning r...@defaultvalue.org  Fri, 20 Jul 2012 12:51:32 -0500
+
+emacs24 (24.1+1-3) unstable; urgency=low
+
+  * Add 0011-Don-t-use-IN_FLOAT-when-calling-fabs-since-it-may-cl.patch.
+Fix FTBS on i386 by adding an upstream patch to skip fabs() errno
+checking.  Since fabs() has no error conditions, it doesn't guarantee
+that it won't clobber errno.
+
+ -- Rob Browning r...@defaultvalue.org  Tue, 17 Jul 2012 19:25:59 -0500
+
+emacs24 (24.1+1-2) unstable; urgency=low
+
+  * Restrict libselinux1-dev build dependency to [linux-any].
+Thanks to James McCoy james...@debian.org for the report.
+(Closes: #679679)
+
+ -- Rob Browning r...@defaultvalue.org  Wed, 04 Jul 2012 19:16:00 -0500
+
 emacs24 (24.1+1-1) unstable; urgency=low
 
   * Upgrade to upstream version 24.1.
diff -Nru emacs24-24.1+1/debian/control emacs24-24.1+1/debian/control
--- emacs24-24.1+1/debian/control	2012-06-29 16:18:17.0 -0500
+++ emacs24-24.1+1/debian/control	2012-07-20 12:53:48.0 -0500
@@ -8,7 +8,7 @@
  libgpm-dev [linux-any], libdbus-1-dev,
  autoconf, automake, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42),
  debhelper (= 7.0.50~), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev,
- libgnutls-dev, libxml2-dev, libselinux1-dev, libmagick++-dev,
+ libgnutls-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
  libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
 Homepage: http://www.gnu.org/software/emacs/
 Standards-Version: 3.7.2
diff -Nru emacs24

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 It would work, but it's not exactly ideal for future updates,
 particularly in stable...

Right.  During debconf, with some help, I was able to track down the
problem.  It turns out that Emacs was checking errno after a number of
floating point operations, including fabs(), but because fabs() doesn't
have any error conditions, it's not guaranteed to leave errno alone --
and as you might imagine, on murphy, it wasn't.

In any case, the fix is trivial, and I'll upload a -3 shortly that
includes it.  After that, I'll foward a diff between -1 and -3 to
debian-release, and then you can decide what you'd like to do.

It will be a very small diff, just the addition of [linux-any] to the
libselinux1-dev build-dep, and this fabs/errno adjustment.

Thanks for the help
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ipdmj6ke@trouble.defaultvalue.org

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 On 10.07.2012 21:27, Moritz Mühlenhoff wrote:
 Du schriebst in gmane.linux.debian.devel.release:

 RMs, can you give-back emacs/24.1+1-2 so that it's build on biber?

 The best we (release team) could do is keep giving it back /until/
 it's built on biber; that'll work, but it's not really ideal longer
 term.

Also not ideal, but if it's allowed, I could just upload both amd64 and
i386 (or just i386).  So far murphy's the only place we seem to have
this problem.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87fw8zpb7s@trouble.defaultvalue.org

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Moritz Mühlenhoff j...@inutil.org writes:

 I've made a test build in a i386 system and it builds fine there. I
 suppose that's some kind of broken buildd environment?

I didn't have any trouble in a fresh wheezy i386 kvm vm either, but now
I'm testing a suggestion by Adam that the problem might be related to
murphy's older host dist/kernel (i.e. the host is running something
squeeze-ish).

So I have a squeeze i386 kvm vm set up, with a current wheezy schroot,
and I'm waiting to see if that fails.  If it doesn't, then I'd be happy
to hear any other suggestions.

Thanks for the help
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87sjczpbeo@trouble.defaultvalue.org

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 Also not ideal, but if it's allowed, I could just upload both amd64 and
 i386 (or just i386).  So far murphy's the only place we seem to have
 this problem.

So the build in the wheezy chroot, running on the i386 squeeze vm didn't
fail.  The host kernel there was linux-image-2.6.32-5-686-bigmem
(2.6.32-45).  Whether or not that was close enough to murphy's kernel, I
don't know.  (From the murphy build log: Kernel: Linux
2.6.32-5-686-bigmem i386 (i686).)

At this point, I'm not sure what I should try next.  Suggestions?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/878vernsr1@trouble.defaultvalue.org

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Cyril Brulebois k...@debian.org writes:

 Apparently emacs24 isn't quite in testing yet, since it got uploaded
 again:
   http://packages.qa.debian.org/e/emacs24/news/20120705T013216Z.html

True, though the only change was to fix builds on non-linux systems.  I
added a [linux-any] to the libselinux1-dev build-dep:

  --- a/debian/control
  +++ b/debian/control
  @@ -8,7 +8,7 @@ Build-Depends: bsd-mailx | mailx, libncurses5-dev, texinfo, 
liblockfile-dev, lib
libgpm-dev [linux-any], libdbus-1-dev,
autoconf, automake, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42),
debhelper (= 7.0.50~), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev,
  - libgnutls-dev, libxml2-dev, libselinux1-dev, libmagick++-dev,
  + libgnutls-dev, libxml2-dev, libselinux1-dev [linux-any], libmagick++-dev,
libgconf2-dev, libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
   Homepage: http://www.gnu.org/software/emacs/
   Standards-Version: 3.7.2

 And there are strange things happening, even on i386:
   https://buildd.debian.org/status/logs.php?pkg=emacs24arch=i386

Right, that one I can't explain.  So far, only murphy hates the package
(both revisions).  It builds fine on biber, and also here in a wheezy
i386 chroot.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87bojp7svq@trouble.defaultvalue.org

Re: emacs24 got freeze exception, what happens to emacs add-ons?

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 Right, that one I can't explain.  So far, only murphy hates the package
 (both revisions).  It builds fine on biber, and also here in a wheezy
 i386 chroot.

It looks like one difference between biber and murphy is that the former
is amd64 while the latter is strictly i386.  So I'll see about digging
up an actual i386 host for testing.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/878vet6d1w@trouble.defaultvalue.org

Re: emacs23 23.2+1-7 suitable for squeeze?

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

 As a side note, because -6 was never uploaded, -7 should have been built
 using dpkg-buildpackage -v, so that the .changes for -7 included the
 stanza from -6.  This is to ensure that the BTS knows that the emacs23
 package now in unstable includes the fix for #600826; I've just fixed
 the version information, but as things were the BTS believed that the
 bug had been re-introduced in -6.

Ahh, OK.  Sorry I overlooked that.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ei9m8nfh@raven.defaultvalue.org

emacs23 23.2+1-7 suitable for squeeze?

[Rob Browning]

I've just uploaded emacs23 23.2+1-7 and wanted to see if it might be
suitable for squeeze.  It includes the changes from the 5.1 NMU, along
with two other fairly simple upstream patches.  Here's the relevant part
of the changelog:

emacs23 (23.2+1-7) unstable; urgency=low

  * Don't initialize the terminal twice.  Previously a console-mode
Emacs would send the escape sequence to switch to the alternate
screen twice. At a minimum, this caused problems with screen.
Thanks to Courtney Bane debian-bugs-5...@cbane.org for the
report and the patch. (closes: #599463)

  * Fix the value for RIPEMD-160 in epg-digest-algorithm-alist
according to RFC 4880.  Thanks to Daniel Kahn Gillmor
d...@fifthhorseman.net for the report and the fix.
(closes: #594510)

 -- Rob Browning r...@defaultvalue.org  Sat, 11 Dec 2010 11:00:07 -0600

emacs23 (23.2+1-6) unstable; urgency=low

  * Build-depend on bsd-mailx | mailx rather than just mailx since
the latter is a virtual package.  Thanks to Cyril Brulebois
k...@debian.org for the report, and thanks to Mehdi Dogguy
me...@debian.org for the 23.2+1-5.1 NMU. (closes: #600826)

 -- Rob Browning r...@defaultvalue.org  Fri, 26 Nov 2010 11:34:32 -0600

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/878vzwfbmq@raven.defaultvalue.org

Re: emacsen-common: bugfix for squeeze

[Rob Browning]

Mehdi Dogguy me...@dogguy.org writes:

 Well, the .git directory is still there (but is also in testing's
 version) and the changelog does contain a typo s/Closes: 27757/Closes:
 427757/.

Ugh.  Sorry about that.  I just uploaded 1.4.22 with another bug fix,
and hopefully without a .git dir this time.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/871v60x1xz@raven.defaultvalue.org

Re: emacsen-common: bugfix for squeeze

[Rob Browning]

Mehdi Dogguy me...@dogguy.org writes:

 On 11/30/2010 05:12 AM, Rob Browning wrote:
 
 I've just uploaded emacsen-common 1.4.20 which should fix RC bug 
 #604164.
 

 Could you please remove the .git directory that got added to the
 source package?

Yes.  I should upload a new version later tonight.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87zksqcslj@raven.defaultvalue.org

Re: emacsen-common: bugfix for squeeze

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 Mehdi Dogguy me...@dogguy.org writes:

 On 11/30/2010 05:12 AM, Rob Browning wrote:
 
 I've just uploaded emacsen-common 1.4.20 which should fix RC bug 
 #604164.
 

 Could you please remove the .git directory that got added to the
 source package?

 Yes.  I should upload a new version later tonight.

I forget, will just uploading another copy work, or must I bump the
version?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87tyiycqxe@raven.defaultvalue.org

Re: emacsen-common: bugfix for squeeze

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 I forget, will just uploading another copy work, or must I bump the
 version?

Nevermind, I'm going to fix another minor bug while I'm at it.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87mxoqcqmw@raven.defaultvalue.org

Re: emacsen-common: bugfix for squeeze

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 Rob Browning r...@defaultvalue.org writes:

 I forget, will just uploading another copy work, or must I bump the
 version?

 Nevermind, I'm going to fix another minor bug while I'm at it.

OK, I've uploaded 1.4.21.  Please let me know if there are further
problems.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87eia2cq6f@raven.defaultvalue.org

emacsen-common: bugfix for squeeze

[Rob Browning]

I've just uploaded emacsen-common 1.4.20 which should fix RC bug
#604164.

Thanks, and thanks to Mehdi Dogguy me...@dogguy.org for the previous
DELAYED NMU.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87eia3h2kx@raven.defaultvalue.org

Re: emacs23: bugfix suitable for squeeze?

[Rob Browning]

Julien Cristau jcris...@debian.org writes:

 On Fri, Oct 15, 2010 at 20:42:10 -0500, Rob Browning wrote:

 Could you give me an opinion about this one?
 
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397757
 
 I'm tempted to consider including the fix since it's causing people
 trouble, and upstream, our gnus package, and Romain's snapshot package
 all behave differently.  The fix would mean dropping this patch and
 reverting to the upstream behavior:

 Sounds ok.

OK, I've just uploaded emacs23 23.2+1-5.  Please consider it as a
candidate for squeeze.

emacs23 (23.2+1-5) unstable; urgency=low

  * Apply upstream patches to prevent the string and unibyte-string
functions from overflowing the stack
(prevent-string-stack-overflow.diff,
prevent-let-eval-apply-stack-overflow.diff, and
use-safe-alloca-lisp-in-let-eval-apply-apply_lambda.diff).  Thanks
to Carl Worth cwo...@debian.org and Sven Joachim
svenj...@gmx.de for finding the patches (closes: #586459).

  * Apply upstream patch to prevent mail destined for
mail-archive-file-name from being lost
(fix-gnus-output-to-mail-with-live-rmail-buffers.diff).  Thanks to
Jeroen Nijhof jer...@nijhof.uklinux.net for the report and Sven
Joachim svenj...@gmx.de for tracking down the patch.
(closes: #597255)

  * Remove debian-adjust-mail-from-addresses-patch.diff to stop
adjusting the message-sendmail-f-is-evil default.  Match the
behavior of the Debian gnus package, Emacs upstream, and
emacs-snapshot.  Thanks to Artem Chuprina r...@wizzle.ran.pp.ru
for the report. (closes: #397757)

  * Apply upstream patch to fix the computation of the width of
dual-width fonts (fix-fc-dual-font-width-calculation.diff).
Thanks to mizuno hajime hajime.miz...@gmail.com for the report
and Sven Joachim svenj...@gmx.de for tracking down the
patch. (closes: #588808)

 -- Rob Browning r...@defaultvalue.org  Mon, 18 Oct 2010 00:17:56 -0500

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87zkua8zpm@raven.defaultvalue.org

Re: emacs23: bugfix suitable for squeeze?

[Rob Browning]

Julien Cristau jcris...@debian.org writes:

 On Wed, Aug 18, 2010 at 21:51:42 -0500, Rob Browning wrote:

 
 Would this fix be appropriate for squeeze, or should I hold off?
 
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586459
 
 The bug's probably not important since the circumstances involved are
 likely to be rare, but the consequences are fairly severe.
 
 Looks ok at first glance, though I don't know what the various macros it
 uses do.

OK, I have this fix prepared, but not uploaded yet.

Could you give me an opinion about this one?

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397757

I'm tempted to consider including the fix since it's causing people
trouble, and upstream, our gnus package, and Romain's snapshot package
all behave differently.  The fix would mean dropping this patch and
reverting to the upstream behavior:

--- a/lisp/gnus/message.el
+++ b/lisp/gnus/message.el
@@ -825,9 +825,14 @@
 (const never)
 (const ask)))
 
-(defcustom message-sendmail-f-is-evil nil
-  *Non-nil means don't add \-f username\ to the sendmail command line.
-Doing so would be even more evil than leaving it out.
+;; message-sendmail-f-is-evil is nil here in the upstream source, but
+;; sendmail works right under Debian Linux, so we want t. [was
+;; orignally reported for emacs 19 as debian#7051]
+(defcustom message-sendmail-f-is-evil t
+  *Non-nil means don't add \-f username\ to the sendmail command
+line, because adding it would be more evil than leaving it out.  Under
+Debian/GNU/Linux, sendmail works right, so it should be safe for this
+to be set to true.
   :group 'message-sending
   :link '(custom-manual (message)Mail Variables)
   :type 'boolean)
 
Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877hhirk0d@raven.defaultvalue.org

emacs23: bugfix suitable for squeeze?

[Rob Browning]

Would this fix be appropriate for squeeze, or should I hold off?

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586459

The bug's probably not important since the circumstances involved are
likely to be rare, but the consequences are fairly severe.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87iq37jow1@raven.defaultvalue.org

emacs23: proposed squeeze update (23.2+1-3)

[Rob Browning]

I just uploaded emacs23 23.2+1-3 to unstable, and I'd like to include it
in squeeze if possible.  It contains all of the relevant changes from
the current 23.2+1-2.1 NMU (already in squeeze), one minor build fix,
and a patch for the GNU/kFreeBSD startup hang (#559392, serious).

Here are the new changelog entries.  These are the new changes:

  * Don't try to mkdir $(infodir) in doc/*/Makefile.in.

  * Fix startup hang on GNU/kFreeBSD (fix-kfreebsd-startup.diff).
Thanks to antoine beaupre anar...@anarcat.ath.cx for the report
and Petr Salinger petr.salin...@seznam.cz for the patch.
(closes: #559392)

and these are the entries that were incorporated from the previous NMU:

  * Use -O1 rather than -O2 on ia64.  Fixes a build failure (looks
like a broken byte compiler) with newer versions of gcc
(c.f. #207580).  Thanks to Sven Joachim svenj...@gmx.de for the
report and thanks to Stéphane Glondu glo...@debian.org for the
23.2+1-2.1 NMU. (closes: 582439)

  * Remove deprecated Encoding field from emacsVER.desktop.  Thanks to
Stéphane Glondu glo...@debian.org for the 23.2+1-2.1
NMU.

  * Use set -e rather than /bin/sh -e in emacsVER-common.postinst
and emacsVER-bin-common.postinst.  Thanks to Stéphane Glondu
glo...@debian.org for the 23.2+1-2.1 NMU.

  * Add a Homepage field to debian/control.in.  Thanks to Stéphane
Glondu glo...@debian.org for the 23.2+1-2.1 NMU.

  * Remove redundant Section and Priority fields from binary packages
in debian/control.in.  Thanks to Stéphane Glondu
glo...@debian.org for the 23.2+1-2.1 NMU.

  * Change quilt Build-Depends from (= 0.42-1) to (= 0.42).  Thanks
to Stéphane Glondu glo...@debian.org for the 23.2+1-2.1 NMU.

  * Change debhelper Build-Depends from (=4) to (= 7.0.50~) to
support rules overrides.  Thanks to Sven Joachim
svenj...@gmx.de, and thanks to Stéphane Glondu
glo...@debian.org for the 23.2+1-2.1 NMU.

  * Add ${misc:Depends} to debian/control for debhelper.  Thanks to
Stéphane Glondu glo...@debian.org for the 23.2+1-2.1 NMU.

diff -Nru emacs23-23.2+1/debian/changelog emacs23-23.2+1/debian/changelog
--- emacs23-23.2+1/debian/changelog	2010-08-03 18:53:18.0 -0500
+++ emacs23-23.2+1/debian/changelog	2010-08-14 11:57:49.0 -0500
@@ -1,16 +1,45 @@
-emacs23 (23.2+1-2.1) unstable; urgency=low
+emacs23 (23.2+1-3) unstable; urgency=low
 
-  * Non-maintainer upload.
-  * Compile with -O1 on ia64 (Closes: #582439)
-  * Fix various Lintian warnings:
-- debian/control:
-  + add missing ${misc:Depends}
-  + add Homepage field
-  + remove duplicate Section/Priority fields
-- call explicitly set -e in maintainer scripts
-- remove Encoding field from .desktop file
+  * Don't try to mkdir $(infodir) in doc/*/Makefile.in.
 
- -- Stéphane Glondu glo...@debian.org  Wed, 04 Aug 2010 01:53:18 +0200
+  * Use -O1 rather than -O2 on ia64.  Fixes a build failure (looks
+like a broken byte compiler) with newer versions of gcc
+(c.f. #207580).  Thanks to Sven Joachim svenj...@gmx.de for the
+report and thanks to Stéphane Glondu glo...@debian.org for the
+23.2+1-2.1 NMU. (closes: 582439)
+
+  * Remove deprecated Encoding field from emacsVER.desktop.  Thanks to
+Stéphane Glondu glo...@debian.org for the 23.2+1-2.1
+NMU.
+
+  * Use set -e rather than /bin/sh -e in emacsVER-common.postinst
+and emacsVER-bin-common.postinst.  Thanks to Stéphane Glondu
+glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Add a Homepage field to debian/control.in.  Thanks to Stéphane
+Glondu glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Remove redundant Section and Priority fields from binary packages
+in debian/control.in.  Thanks to Stéphane Glondu
+glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Change quilt Build-Depends from (= 0.42-1) to (= 0.42).  Thanks
+to Stéphane Glondu glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Change debhelper Build-Depends from (=4) to (= 7.0.50~) to
+support rules overrides.  Thanks to Sven Joachim
+svenj...@gmx.de, and thanks to Stéphane Glondu
+glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Add ${misc:Depends} to debian/control for debhelper.  Thanks to
+Stéphane Glondu glo...@debian.org for the 23.2+1-2.1 NMU.
+
+  * Fix startup hang on GNU/kFreeBSD (fix-kfreebsd-startup.diff).
+Thanks to antoine beaupre anar...@anarcat.ath.cx for the report
+and Petr Salinger petr.salin...@seznam.cz for the patch.
+(closes: #559392)
+
+ -- Rob Browning r...@defaultvalue.org  Sat, 14 Aug 2010 11:57:17 -0500
 
 emacs23 (23.2+1-2) unstable; urgency=low
 
diff -Nru emacs23-23.2+1/debian/control emacs23-23.2+1/debian/control
--- emacs23-23.2+1/debian/control	2010-08-03 18:56:39.0 -0500
+++ emacs23-23.2+1/debian/control	2010-08-14 11:58:20.0 -0500
@@ -2,9 +2,15 @@
 Section: editors
 Priority: optional
 Maintainer: Rob Browning r...@defaultvalue.org
-Build-Depends: mailx, libncurses5-dev

Re: emacs23: proposed squeeze update (23.2+1-3)

[Rob Browning]

Adam D. Barratt a...@adam-barratt.org.uk writes:

   * Don't try to mkdir $(infodir) in doc/*/Makefile.in.

 That was already listed as being fixed in the NMU, fwiw.

Oh, right.  I overlooked that (I already had the fix in my tree here
too).

 +Standards-Version: 3.7.2

 which isn't mentioned in the changelog and seems an unusual thing to
 add. :)

I don't think that's actually an addition, the lines are just in a
different order.

 There's also a couple of build-dependency changes between the NMU (and
 possibly earlier uploads, I only checked the diff against the NMU as I'd
 already unblocked that) and the new upload; were they intentional?

Yes and no.

 quilt (= 0.42-1~) -  quilt (= 0.42)

Sven recommended 0.42 instead of 0.42-1~ since either will work, and
that seemed fine.

 debhelper (= 7) - debhelper (= 7.0.50~)

This is a mistake.  I'll fix it and upload a -4.

 It's more conventional here to include the NMU changelog (so the
 changelog contains -2, -2.1, -3 in that order).  This avoids the large
 diff but also means that the BTS automatically knows that any bugs
 marked as fixed in -2.1 are fixed in -3 without them having to be
 mentioned again in -3.

Hmm, I thought about that, but I didn't because I didn't actually
include exactly the same changes as 2.1, and I wanted to include more
detail in the changelog entries for each change.  I also wanted to keep
the changelog entries consistent (wrt format).

Thanks for the help.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87aaoovqhk@raven.defaultvalue.org

Re: emacs23: proposed squeeze update (23.2+1-3)

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 There's also a couple of build-dependency changes between the NMU (and
 possibly earlier uploads, I only checked the diff against the NMU as I'd
 already unblocked that) and the new upload; were they intentional?

 Yes and no.

 quilt (= 0.42-1~) -  quilt (= 0.42)

 Sven recommended 0.42 instead of 0.42-1~ since either will work, and
 that seemed fine.

 debhelper (= 7) - debhelper (= 7.0.50~)

 This is a mistake.  I'll fix it and upload a -4.

Wait.  This isn't a bug either -- I misread what you were saying.

I changed the dependency to 7.0.50~ because Sven also mentioned that
debhelper (= 7.0.50~) is required for the override targets in
debian/rules.

In addition, he just reported an FTBS caused by an upstream problem with
parallel builds, so I'll need to disable that for now and include it in
-4.

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592992

Thanks again.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87sk2gubjh@raven.defaultvalue.org

Re: emacs23: proposed squeeze update (23.2+1-3)

[Rob Browning]

Rob Browning r...@defaultvalue.org writes:

 In addition, he just reported an FTBS caused by an upstream problem with
 parallel builds, so I'll need to disable that for now and include it in
 -4.

   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592992

OK, I've just uploaded emacs23 23.2+1-4 with a fix.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87vd7cqwv2@raven.defaultvalue.org

Bug#573486: RM: emacs22/22.3+1-1.2

[Rob Browning]

Sven Joachim svenj...@gmx.de writes:

 It's not so easy since there are a few packages which would be broken:

 wnn7egg (contrib)
 ecasound-el
 elserv
 gnus
 hyperlatex
 wysihtml-el
 yc-el

I've just filed bugs against all of these that still appear to require
emacs22.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4



-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8739z1zne4@raven.defaultvalue.org

Re: emacs22 22.2+2-5

[Rob Browning]

Martin Schulze [EMAIL PROTECTED] writes:

 Rob Browning wrote:
 
 I've uploaded emacs22 22.2+2-5 unstable which contains two bug fixes
 that I believe should be considered for Lenny.  Please let me know if
 you would like me to do anything further.

 *sigh*

 Still no updated version of tramp included, so the current version in
 Debian still fills up /tmp with temporary files that are not deleted.
 Not even in sid.  See Bug#482760.

While I'd be willing to include a patch that specifically deals with
the tmp files, I'm a bit hesitant to include a whole new tramp
version, one that doesn't match what was shipped with 22.2.

Of course, that's assuming I understand the situation correctly.

In any case, if I get some time I may look in to the patch myself.  I
will also probably be working on a 22.3 upload (presumably not for
Lenny) soon.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

emacs22 22.2+2-5

[Rob Browning]

I've uploaded emacs22 22.2+2-5 unstable which contains two bug fixes
that I believe should be considered for Lenny.  Please let me know if
you would like me to do anything further.

The first change fixes a bug that was affecting other packages.
Debian's Emacs would signal an error if /usr/bin/mail wasn't an
executable, even if it was never used.  The change effectively delays
the error until the mailer is actually used, while still making sure
that the user will see the error.

The second fix makes Debian's Emacs more consistent across the various
architectures.  Previously, the i386 emacs22 was compiled against
libasound2 and had sound support, but most of the other architectures
probably didn't.  This package adds a build dependency on
libasound2-dev for all the Debian architectures except those based on
the Hurd or Freebsd.

Thanks for the help.

diff --git a/changelog b/changelog
index 9d63899..0ab32ac 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,18 @@
+emacs22 (22.2+2-5) unstable; urgency=low
+
+  * Add a build dependency on libasound2-dev which emacs22 is already
+linked against on i386.  This change just makes things consistent
+across all the relevant platforms. Thanks to Sven Joachim
+[EMAIL PROTECTED] for the fix. (closes: #503054)
+
+  * Set mail-interactive to t if /usr/bin/mail is not an executable and
+fakemail is chosen.  This should still help avoid silent mail loss,
+but won't signal an error if the mailer is never invoked.  Thanks to
+Ralf Resack [EMAIL PROTECTED] for proposing the
+fix. (closes: #429059)
+
+ -- Rob Browning [EMAIL PROTECTED]  Sun, 09 Nov 2008 12:05:33 -0800
+
 emacs22 (22.2+2-4) unstable; urgency=medium
 
   * Fix a security problem related to the invocation of python
diff --git a/control b/control
index e3500bd..b15aa41 100644
--- a/control
+++ b/control
@@ -3,7 +3,7 @@ Section: editors
 Priority: optional
 Maintainer: Rob Browning [EMAIL PROTECTED]
 Uploaders: Jerome Marant [EMAIL PROTECTED]
-Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libgif-dev | 
libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng12-dev, 
libjpeg62-dev, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42-1), 
debhelper (= 4), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev
+Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libgif-dev | 
libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng12-dev, 
libjpeg62-dev, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42-1), 
debhelper (= 4), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev, 
libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
 Standards-Version: 3.7.2
 
 Package: emacs
diff --git a/control.in b/control.in
index 8fb667f..8e49e6e 100644
--- a/control.in
+++ b/control.in
@@ -3,7 +3,7 @@ Section: editors
 Priority: optional
 Maintainer: Rob Browning [EMAIL PROTECTED]
 Uploaders: Jerome Marant [EMAIL PROTECTED]
-Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libgif-dev | 
libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng12-dev, 
libjpeg62-dev, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42-1), 
debhelper (= 4), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev
+Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libgif-dev | 
libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng12-dev, 
libjpeg62-dev, autotools-dev, dpkg-dev ( 1.10.0), quilt (= 0.42-1), 
debhelper (= 4), libxaw7-dev, sharutils, imagemagick, libgtk2.0-dev, 
libasound2-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
 Standards-Version: 3.7.2
 
 Package: emacs
diff --git a/patches/avoid-fakemail-mail-loss.diff 
b/patches/avoid-fakemail-mail-loss.diff
index d8f2e99..b3f9857 100644
--- a/patches/avoid-fakemail-mail-loss.diff
+++ b/patches/avoid-fakemail-mail-loss.diff
@@ -12,15 +12,18 @@
 
   For now, Debian sets fakemail's MAIL_PROGRAM_NAME to /usr/bin/mail
   (which is the correct value for Debian systems) rather than
-  /bin/mail.  Debian also adjusts Emacs to test for the existence of
-  /usr/bin/mail before trying to run fakemail.  This is not an ideal
-  solution, but it should be an improvement.
+  /bin/mail.  Debian also adjusts Emacs to test whether or not
+  /usr/bin/mail exists and is executable.  If either of these tests
+  fail, then mail-interactive is set to t.  That should ensure that a
+  user will actually see an error if they attempt to use the broken
+  fakemail.
 
-  Note that Debian forces the value to /usr/bin/mail.  The build will
-  fail if any other value is specified.  This is done to ensure that
-  MAIL_PROGRAM_NAME isn't accidentally set to some other value during
-  the build process.  If this is undesirable for some reason, just
-  commment out avoid-fakemail-loss.diff in debian/patches/series.
+  Note that Debian actually forces the MAIL_PROGRAM_NAME value to
+  /usr/bin/mail.  The build will fail if any other value is specified.
+  This is done to ensure that MAIL_PROGRAM_NAME isn't accidentally set

emacs22 22.2+2-4

[Rob Browning]

I've uploaded emacs22 22.2+2-4 unstable, which includes a CVE fix
along with two other fixes that involved minor changes.  Please
consider this for lenny, and please let me know if I need to do
anything further.

Below are the debian/ diffs followed by the new debian/patches files.
The debian/patches files are separated from each other by pairs of
lines of equal signs.  I included the patch files directly, so that
you wouldn't have to read a diff of a diff.

The xmlstarlet patch fixes a Debian specific problem (different binary
name), and the other two patches have already been incorporated
upstream.

Thanks for the help.

--- a/changelog
+++ b/changelog
@@ -1,8 +1,26 @@
+emacs22 (22.2+2-4) unstable; urgency=medium
+
+  * Fix a security problem related to the invocation of python
+(CVE-2008-3949).  Avoid including the current directory in the module
+lookup path when invoking python from python.el.  Thanks to Sven
+Joachim [EMAIL PROTECTED] and Michael Berg [EMAIL PROTECTED].
+(closes: #499568)
+
+  * Invoke xmlstarlet from flymake as xmlstarlet rather than xml.  Thanks
+to Jussi Judin [EMAIL PROTECTED]. (closes: #447378)
+
+  * Fix vc-mode's handling of internal temporary buffers.  This should
+avoid failures when trying to open files under monotone version
+control.  Thanks to Sven Joachim [EMAIL PROTECTED] and Michael Berg
+[EMAIL PROTECTED]. (closes: #476108)
+
+ -- Rob Browning [EMAIL PROTECTED]  Tue, 14 Oct 2008 21:28:47 -0700
+
 emacs22 (22.2+2-3) unstable; urgency=medium
 
   * Fix an insecurity related to fast-lock-cache-directories
-(CVE-2008-2142).  Thanks to   Provided-by: Sven Joachim [EMAIL PROTECTED]
-and Morten Welinder [EMAIL PROTECTED]. (closes: #480885)
+(CVE-2008-2142).  Thanks to Sven Joachim [EMAIL PROTECTED] and Morten
+Welinder [EMAIL PROTECTED]. (closes: #480885)
 
   * Don't remove /usr/local/share/emacs/site-lisp in emacs22-common.
 Leave that up to emacsen-common.  Thanks to Sven Joachim
diff --git a/patches/series b/patches/series
index 232839f..4f7d095 100644
--- a/patches/series
+++ b/patches/series
@@ -12,4 +12,7 @@ make-fast-lock-cache-directories-risky-cve-2008-2142.diff
 fix-mule-select-safe-coding.diff
 look-for-news-to-find-etc.diff
 fix-woman2-th.diff
+fix-python-module-handling-cve-2008-3949.diff
+fix-flymake-xmlstarlet-invocation.diff
+do-not-show-vc-internal-tmp-buffers.diff
 autofiles.diff


Here are the new debian/patches files separated by line pairs like this:
===
===
* A problem with vc mode's handling of temporary buffers has been fixed.
  Patch: do-not-show-vc-internal-tmp-buffers.diff
  Provided-by: Sven Joachim [EMAIL PROTECTED]
  Originally-reported-by: Michael Berg [EMAIL PROTECTED]
  Date: Mon, 14 Apr 2008 14:36:05 UTC
  Added-by: Rob Browning [EMAIL PROTECTED]
  Status: incorporated upstream
  Bug: 476108

  Emacs should no longer fail when trying to open files under monotone
  version control.

  From the upstream ChangeLog:

2008-03-29  Stefan Monnier  [EMAIL PROTECTED]

* vc.el (vc-do-command): Don't show internal temp buffers.

Index: sid/lisp/vc.el
===
--- sid.orig/lisp/vc.el
+++ sid/lisp/vc.el
@@ -1047,9 +1047,14 @@
  (when (and (not (eq t okstatus))
  (or (not (integerp status))
  (and okstatus ( okstatus status
-   (pop-to-buffer (current-buffer))
-   (goto-char (point-min))
-   (shrink-window-if-larger-than-buffer)
+;; Don't show internal temp buffers.  Especially since, together
+;; with with-temp-buffer and pop-up-frames, this can result in
+;; bugs where with-temp-buffer ends up not preserving
+;; current-buffer (because kill-buffer doesn't preserve it).
+(unless (eq ?\s (aref (buffer-name (current-buffer)) 0))
+  (pop-to-buffer (current-buffer))
+  (goto-char (point-min))
+  (shrink-window-if-larger-than-buffer))
(error Running %s...FAILED (%s) command
   (if (integerp status) (format status %d status) status
(if vc-command-messages
===
===
* Emacs now invokes the correct xmlstarlet executable on Debian systems.
  Patch: fix-flymake-xmlstarlet-invocation.diff
  Provided-by: Jussi Judin [EMAIL PROTECTED]
  Date: Sat, 20 Oct 2007 14:42:02 UTC
  Added-by: Rob Browning [EMAIL PROTECTED]
  Status: Debian specific
  Bug: 447378

  Emacs invokes xmlstarlet rather than xml, which is the correct
  executable name on Debian systems.

Index: sid/lisp/progmodes/flymake.el
===
--- sid.orig/lisp

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Luk Claes [EMAIL PROTECTED] writes:

 Rob Browning [EMAIL PROTECTED] writes:

 Should I upload a new version that changes the relevant packages to
 Architecture: any or adds ia64 to their Architectures lists, or is
 that unnecessary/undesirable?

 Yes, you should.

OK, thanks.  I've uploaded 1.8.5+1-4 to unstable, which includes the
following changes.  Please let me know if I need to do anything
further.

--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+guile-1.8 (1.8.5+1-4) unstable; urgency=medium
+
+  * Change Architectures back to any where appropriate (i.e. include
+ia64).  (closes: #495209)
+
+ -- Rob Browning [EMAIL PROTECTED]  Tue, 26 Aug 2008 22:58:14 -0700
+
 guile-1.8 (1.8.5+1-3) unstable; urgency=medium
 
   * Fix the stack direction check again in order to fix builds on hppa.
--- a/control
+++ b/control
@@ -8,7 +8,7 @@ Standards-Version: 3.7.2
 
 Package: guile-1.8
 Section: interpreters
-Architecture: alpha amd64 arm armel hppa i386 m68k mips mipsel powerpc s390 
sparc kfreebsd-i386 kfreebsd-amd64
+Architecture: any
 Provides: guile
 Conflicts: libguile-dev (= 1:1.4-24)
 Depends: ${shlibs:Depends}
@@ -22,7 +22,7 @@ Description: The GNU extension language and Scheme interpreter
 
 Package: guile-1.8-dev
 Section: devel
-Architecture: alpha amd64 arm armel hppa i386 m68k mips mipsel powerpc s390 
sparc kfreebsd-i386 kfreebsd-amd64
+Architecture: any
 Provides: libguile-dev
 Conflicts: libguile-dev, guile-1.6 ( 1.6.8-5)
 Depends: ${shlibs:Depends}, guile-1.8, libc6-dev, libncurses5-dev, 
libreadline5-dev, libltdl3-dev, libgmp3-dev
@@ -53,7 +53,7 @@ Description: Documentation for Guile 1.8
 
 Package: guile-1.8-libs
 Section: libs
-Architecture: alpha amd64 arm armel hppa i386 m68k mips mipsel powerpc s390 
sparc kfreebsd-i386 kfreebsd-amd64
+Architecture: any
 Depends: ${shlibs:Depends}
 Description: Main Guile libraries
  Guile is a Scheme implementation designed for real world programming,

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Marc 'HE' Brockschmidt [EMAIL PROTECTED] writes:

 Rob Browning [EMAIL PROTECTED] writes:
 So Marc, what do you think about this?  I'd be tempted to go with the
 upstream code, and add support ia64, but I could also understand
 taking the more conservative approach, taking out the patch, and
 leaving ia64 support for unstable.

 Nah, let's try this. Unblocked.

Should I upload a new version that changes the relevant packages to
Architecture: any or adds ia64 to their Architectures lists, or is
that unnecessary/undesirable?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

So Marc, what do you think about this?  I'd be tempted to go with the
upstream code, and add support ia64, but I could also understand
taking the more conservative approach, taking out the patch, and
leaving ia64 support for unstable.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Marc 'HE' Brockschmidt [EMAIL PROTECTED] writes:

 Rob Browning [EMAIL PROTECTED] writes:

 I just uploaded a new version, 1.8.5+1-3, which I hope will fix the
 remaining issues.  This version may also fix the long-standing
 problem with support for ia64.

 I'm a bit uneasy about this, as the new patch for the ia64 issues
 touches some code in libguile/continuations.c for all
 architectures. Is that a mistake?

I think it's probably not, but I'm cc'ing Neil for further comment.  I
believe the patch is probably OK, and is the current upstream code.

Neil, presuming you know, is there any reason to think that the ia64
patch might be likely to cause trouble elsewhere, and conversely, if
we were to leave it out, should there be any affects other than
(re)breaking ia64?

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Marc 'HE' Brockschmidt [EMAIL PROTECTED] writes:

 Rob Browning [EMAIL PROTECTED] writes:
 Hopefully, this should fix the one remaining RC bug for lenny.  The
 other RC bug was fixed by the previous upload (1.8.5+1-1).  I believe
 this release should be included in lenny, if at all possible.

 Unblocked.

I just uploaded a new version, 1.8.5+1-3, which I hope will fix the
remaining issues.  This version may also fix the long-standing problem
with support for ia64.

For now, I've still left ia64 out of the architectures list, but if
the fix works, we may be able to change the packages to all.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Marc 'HE' Brockschmidt [EMAIL PROTECTED] writes:

 Rob Browning [EMAIL PROTECTED] writes:
 Hopefully, this should fix the one remaining RC bug for lenny.  The
 other RC bug was fixed by the previous upload (1.8.5+1-1).  I believe
 this release should be included in lenny, if at all possible.

 Unblocked.

Thanks.  Though I believe the buildds just discovered a bit more
trouble.  I should have a new upload in a day or so.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

guile-1.8 (1.8.5+1-2) recommended for lenny

[Rob Browning]

Hopefully, this should fix the one remaining RC bug for lenny.  The
other RC bug was fixed by the previous upload (1.8.5+1-1).  I believe
this release should be included in lenny, if at all possible.

This particular release just includes the two upstream patches from
Neil that are listed at the end of the #481378 log.

Please let me know if you need any more information.

guile-1.8 (1.8.5+1-2) unstable; urgency=medium

  * Fix the stack direction check on a number of architectures, and the
mips gc definitions.  Thanks to Thiemo Seufer [EMAIL PROTECTED] for
the initial report and Neil Jerram [EMAIL PROTECTED] for the
final patches. (closes: #481378)

 -- Rob Browning [EMAIL PROTECTED]  Sun, 03 Aug 2008 16:35:39 -0700

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Preparing the Release / Freezing potato

[Rob Browning]

Martin Schulze [EMAIL PROTECTED] writes:

  . Our boot-floppies are not ready yet.  Freezing the distribution
without working boot-floppies will extend the freeze time which
would be a very bad idea.  Adam di Carlo today told me that he
doesn't believe that our boot-floppies will be read before
January.  (Since I haven't been able to work on them I can't say
anything about that.)

To me it makes no sense to bother freezing until we have working
boot-floppies.  If we don't, then the freeze should wait.

  . I still haven't seen an announcement what to do with the FHS
transition and which policy versions should be used for potato
packages.  Additionaly when I have asked other developers they
could only shrug their head.
 
There *is* confusion wether to use /usr/share/man or /usr/man,
/usr/share/info or /usr/info and /usr/share/doc or /usr/doc, also
where, if and when to add softlinks somewhere.

Same here.  I have no idea what's been decided.

FWIW.

-- 
Rob Browning [EMAIL PROTECTED] PGP=E80E0D04F521A094 532B97F5D64E3930