Re: Lots of postgresql packages FTBFS in trixie (debian/control needs updating from debian/control.in)

[Santiago Vila]

Thanks for the hints. It seems postgresql-common will finally propagate
to testing this night:

https://tracker.debian.org/pkg/postgresql-common

[ For the curious: I still do archive rebuilds mostly in testing, but I always
double-check in unstable before reporting, so these anomalies are some kind
of "false-positives" in my setup. Will look at current transitions first
if a similar case arises ].

Thanks.

Lots of postgresql packages FTBFS in trixie (debian/control needs updating from debian/control.in)

[Santiago Vila]

Hello.

As the subject says, many postgresql-related packages FTBFS in this way:
(I'm taking postgresql-unit as an example)

make[1]: Leaving directory '/<>'
   dh_clean
   pg_buildext checkcontrol
--- debian/control  2024-09-15 11:58:15.0 +
+++ debian/control.VFAeRh   2024-09-19 05:00:18.737341291 +
@@ -14,7 +14,7 @@
 Vcs-Browser: https://github.com/df7cb/postgresql-unit
 Homepage: https://github.com/df7cb/postgresql-unit
 
-Package: postgresql-17-unit

+Package: postgresql-16-unit
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}, ${postgresql:Depends}
 Description: SI Units for PostgreSQL
Error: debian/control needs updating from debian/control.in. Run 'pg_buildext 
updatecontrol'.
If you are seeing this message in a buildd log, a sourceful upload is required.
make: *** [debian/rules:10: clean] Error 1 shuffle=2080555641
dpkg-buildpackage: error: debian/rules clean subprocess returned exit status 2


Is this really normal/expected, or is there a bug somewhere? (like, for example,
a missing build-dependency which propagated to testing prematurely).

I'm concerned about this because even if this is the kind of bug which
end up being fixed over time, if we were to release trixie as stable today,
we would ship many FTBFS bugs like those, so this is apparently something
that we should avoid to happen.

Thanks.

Bug#1079313: bullseye-pu: package mlpost/0.8.2-4+deb11u1

[Santiago Vila]

[ I would restore the metadata here, but the commands
  I issued before didn't work... ]

El 22/8/24 a las 20:06, Adam D. Barratt escribió:

Control: tags -1 + confirmed

On Thu, 2024-08-22 at 14:28 +0200, Santiago Vila wrote:

This upload fixes FTBFS bug #991060, which is probably the last
remaining build failure due to a new imagemagick version which
was introduced late during the development stage of bullseye.


Please go ahead.


I made this additional small change:

 override_dh_auto_install:
 ifneq (,$(findstring libmlpost-ocaml-doc,$(shell dh_listpackages)))
-   $(MAKE) doc
+   $(MAKE) doc HOME=$(shell mktemp -d)
 endif

and then it worked (with sbuild), so I finally did the upload.

Thanks.

Bug#1079313: bullseye-pu: package mlpost/0.8.2-4+deb11u1

[Santiago Vila]

tags -1 - confirmed
tags -1 + moreinfo
thanks

El 22/8/24 a las 20:06, Adam D. Barratt escribió:

Control: tags -1 + confirmed

On Thu, 2024-08-22 at 14:28 +0200, Santiago Vila wrote:

This upload fixes FTBFS bug #991060, which is probably the last
remaining build failure due to a new imagemagick version which
was introduced late during the development stage of bullseye.


Please go ahead.


Hmm, sorry. The fixed package does not build ok yet with sbuild. Don't know
how this happened. Probably I tried dpkg-buildpackage but not sbuild with the 
.dsc.

I see if I can fix this in a day. If not, I'll ask to be closed without upload.

Thanks.

Bug#1079313: bullseye-pu: package mlpost/0.8.2-4+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mlp...@packages.debian.org, debian-ocaml-ma...@lists.debian.org, 
glo...@debian.org, sanv...@debian.org
Control: affects -1 + src:mlpost

[ Reason ]
This upload fixes FTBFS bug #991060, which is probably the last
remaining build failure due to a new imagemagick version which
was introduced late during the development stage of bullseye.

[ Impact ]
Without this upload, package will continue to FTBFS in bullseye.

[ Tests ]
I've checked that the package builds again and its contents (debdiff)
has not changed.

[ Risks ]
Low risk, the changes affect the way an image is converted during the build.

There is only a funny change in the Provides of libmlpost-ocaml-dev,
as detected by debdiff:

Provides: [-libmlpost-ocaml-dev-38o49-] {+libmlpost-ocaml-dev-qovj6+}

This is clearly generated automatically, and no Debian package has a reference
to such virtual package name. The worst thing that may happen is that anybody
privately relying on such virtual package name would have to rebuild it, but 
compared
to us not honoring the DFSG by providing a package which does not build from
source, we should probably not worry about that.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Fix FTBFS bug by applying patch from Dennis Filder to override ImageMagick 
policy.

[ Other info ]
I'll wait 24h-48h at most before upload just in case the maintainers would like
to put this in salsa and become the (formal) author of the changes.diff -Nru mlpost-0.8.2/debian/changelog mlpost-0.8.2/debian/changelog
--- mlpost-0.8.2/debian/changelog   2020-07-28 10:43:05.0 +0200
+++ mlpost-0.8.2/debian/changelog   2024-08-22 14:00:00.0 +0200
@@ -1,3 +1,11 @@
+mlpost (0.8.2-4+deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch by Dennis Filder to override ImageMagick policy.
+Closes: #991060.
+
+ -- Santiago Vila   Thu, 22 Aug 2024 14:00:00 +0200
+
 mlpost (0.8.2-4) unstable; urgency=medium
 
   * Add empty dh_dwz override to fix FTBFS
diff -Nru mlpost-0.8.2/debian/patches/0009-Override-ImageMagick-policy.patch 
mlpost-0.8.2/debian/patches/0009-Override-ImageMagick-policy.patch
--- mlpost-0.8.2/debian/patches/0009-Override-ImageMagick-policy.patch  
1970-01-01 01:00:00.0 +0100
+++ mlpost-0.8.2/debian/patches/0009-Override-ImageMagick-policy.patch  
2024-08-22 13:58:50.0 +0200
@@ -0,0 +1,27 @@
+Description: Override ImageMagick policy
+ Derive an appropriate policy from the too strict default one.
+Author: Dennis Filder 
+Last-Update: 2021-07-16
+Bug-Debian: https://bugs.debian.org/991060
+
+--- a/ocamlbuild.Makefile
 b/ocamlbuild.Makefile
+@@ -44,6 +44,7 @@
+ EXTDLL = .so
+ DLL := backend/dllmlpost_ft$(EXTDLL) backend/libmlpost_ft.a
+ 
++POLFILE = "/etc/$(shell convert -version|sed -n '/^Version: /s@Version: 
ImageMagick \([[:digit:]]\+\)\..*@ImageMagick-\1@p')"/policy.xml
+ 
+ ifeq "$(OCAMLBEST)" "opt"
+ all:
+@@ -195,7 +196,10 @@
+ .PHONY: doc
+ doc:
+   rm -f doc
++  test -d $(HOME)/.magick || mkdir -p $(HOME)/.magick
++  sed -e '//s@"none"@"read|write"@' $(POLFILE) > $(HOME)/.magick/policy.xml
+   $(OCAMLBUILD) doc/index.html
++  rm -Rf $(HOME)/.magick
+   ln -s _build/doc doc
+ 
+ # clean
diff -Nru mlpost-0.8.2/debian/patches/series mlpost-0.8.2/debian/patches/series
--- mlpost-0.8.2/debian/patches/series  2020-07-28 10:43:05.0 +0200
+++ mlpost-0.8.2/debian/patches/series  2024-08-22 13:58:50.0 +0200
@@ -6,3 +6,4 @@
 0006-Bitstring-now-uses-str.patch
 0007-Adjust-myocamlbuild-to-use-cppo-and-ppx.patch
 0008-The-bitstring-library-now-needs-str.patch
+0009-Override-ImageMagick-policy.patch

Bug#1079291: bullseye-pu: package healpix-java/3.60+ds-4+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: healpix-j...@packages.debian.org, leo.sin...@ligo.org, 
debian-astro-maintain...@lists.alioth.debian.org, sanv...@debian.org
Control: affects -1 + src:healpix-java

[ Reason ]
This upload fixes FTBFS bug #1022373 in bullseye.

[ Impact ]
Without this change the package will continue to FTBFS in bullseye.

[ Tests ]
I've checked that the package builds again, and also that it's essentially the 
same
as the current one in the archive (using diffoscope). The -doc package has a few
additional files, but that's the result of using more recent helper tools.

[ Risks ]
Low, given the above.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Change "rm -r" to "rm -rf" in debian/rules to fix FTBFS bug.

[ Other info ]
I'm not uploading the package yet.
I've requested membership to debian astro team in salsa.
If accepted in time (say 24h-48h), this would be a team upload instead of NMU.diff -Nru healpix-java-3.60+ds/debian/changelog 
healpix-java-3.60+ds/debian/changelog
--- healpix-java-3.60+ds/debian/changelog   2021-05-24 03:23:28.0 
+0200
+++ healpix-java-3.60+ds/debian/changelog   2024-08-22 12:05:00.0 
+0200
@@ -1,3 +1,10 @@
+healpix-java (3.60+ds-4+deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS bug: rm: cannot remove 'images'. Closes: #1022373.
+
+ -- Santiago Vila   Thu, 22 Aug 2024 12:05:00 +0200
+
 healpix-java (3.60+ds-4) unstable; urgency=medium
 
   * Replace deprecated ADTTMP variable with AUTOPKGTEST_TMP.
diff -Nru healpix-java-3.60+ds/debian/rules healpix-java-3.60+ds/debian/rules
--- healpix-java-3.60+ds/debian/rules   2021-05-20 02:57:06.0 +0200
+++ healpix-java-3.60+ds/debian/rules   2024-08-22 12:05:00.0 +0200
@@ -10,7 +10,7 @@
jh_build
cd debian/_jh_build.javadoc/api/jquery && \
rm *.css *.js && \
-   rm -r external images && \
+   rm -rf external images && \
(for filename in /usr/share/javascript/jquery/* 
/usr/share/javascript/jquery-ui/*; do ln -s $$filename; done)
 
 override_dh_installchangelogs:

Bug#1079271: bullseye-pu: package trinity/1.9+git20200331.4d2343bd18c7b-2+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: trin...@packages.debian.org, sanv...@debian.org, g...@zumbi.com.ar
Control: affects -1 + src:trinity

[ Reason ]
This upload fixes FTBFS bug #1028795.

[ Impact ]
Without this change the package would continue to FTBFS in bullseye.

[ Tests ]
I've checked that the package builds again.

[ Risks ]
Low. The patch has been taken verbatim from the upstream git repo,
and it's also included in the version in stable.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Drop decnet support to fix FTBFS bug.

[ Other info ]
I'll wait for approval before upload.

Also: I would prefer this to be a sponsored upload instead of a NMU.
Gustavo: If you put the changes in salsa, I could take them from there
for the final upload.diff -Nru trinity-1.9+git20200331.4d2343bd18c7b/debian/changelog 
trinity-1.9+git20200331.4d2343bd18c7b/debian/changelog
--- trinity-1.9+git20200331.4d2343bd18c7b/debian/changelog  2020-10-29 
22:12:17.0 +0100
+++ trinity-1.9+git20200331.4d2343bd18c7b/debian/changelog  2024-08-22 
03:32:00.0 +0200
@@ -1,3 +1,10 @@
+trinity (1.9+git20200331.4d2343bd18c7b-2+deb11u1) bullseye; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop decnet support to fix FTBFS bug. Closes: #1028795.
+
+ -- Santiago Vila   Thu, 22 Aug 2024 03:32:00 +0200
+
 trinity (1.9+git20200331.4d2343bd18c7b-2) unstable; urgency=medium
 
   * [c24aa6] Make the build verbose by default.
diff -Nru 
trinity-1.9+git20200331.4d2343bd18c7b/debian/patches/drop-decnet.patch 
trinity-1.9+git20200331.4d2343bd18c7b/debian/patches/drop-decnet.patch
--- trinity-1.9+git20200331.4d2343bd18c7b/debian/patches/drop-decnet.patch  
1970-01-01 01:00:00.0 +0100
+++ trinity-1.9+git20200331.4d2343bd18c7b/debian/patches/drop-decnet.patch  
2024-08-20 22:25:47.0 +0200
@@ -0,0 +1,111 @@
+commit 99a1822383a676e0bacfe1cd8ff0e2e2dfb8ba76
+Author: Fabrice Fontaine 
+Date:   Sun Jan 8 20:50:18 2023 +0100
+
+drop decnet
+
+Drop decnet as it has been removed since kernel 6.1 and
+
https://github.com/torvalds/linux/commit/1202cdd665315c525b5237e96e0bedc76d7e754f
+resulting in the following build failure:
+
+net/proto-decnet.c:5:10: fatal error: linux/dn.h: No such file or directory
+5 | #include 
+  |  ^~~~
+
+Fixes:
+ - 
http://autobuild.buildroot.org/results/47e0a5e0b6fcf33ab4f9848d5d8c2be9e5283950
+
+Signed-off-by: Fabrice Fontaine 
+
+--- a/include/net.h
 b/include/net.h
+@@ -80,7 +80,6 @@
+ extern const struct netproto proto_atmsvc;
+ extern const struct netproto proto_x25;
+ extern const struct netproto proto_rose;
+-extern const struct netproto proto_decnet;
+ extern const struct netproto proto_llc;
+ extern const struct netproto proto_netlink;
+ extern const struct netproto proto_packet;
+--- a/net/proto-decnet.c
 /dev/null
+@@ -1,59 +0,0 @@
+-#include 
+-#include 
+-#include 
+-#include 
+-#include 
+-#include 
+-#include "net.h"
+-#include "random.h"
+-#include "utils.h"// RAND_ARRAY
+-#include "compat.h"
+-
+-static void decnet_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
+-{
+-  struct sockaddr_dn *dn;
+-  unsigned int i;
+-
+-  dn = zmalloc(sizeof(struct sockaddr_dn));
+-
+-  dn->sdn_family = PF_DECnet;
+-  dn->sdn_flags = rnd();
+-  dn->sdn_objnum = rnd();
+-  dn->sdn_objnamel = rnd() % 16;
+-  for (i = 0; i < dn->sdn_objnamel; i++)
+-  dn->sdn_objname[i] = rnd();
+-  dn->sdn_add.a_len = RAND_BOOL();
+-  dn->sdn_add.a_addr[0] = rnd();
+-  dn->sdn_add.a_addr[1] = rnd();
+-  *addr = (struct sockaddr *) dn;
+-  *addrlen = sizeof(struct sockaddr_dn);
+-}
+-
+-static const unsigned int decnet_opts[] = {
+-  SO_CONDATA, SO_CONACCESS, SO_PROXYUSR, SO_LINKINFO,
+-  DSO_CONDATA, DSO_DISDATA, DSO_CONACCESS, DSO_ACCEPTMODE,
+-  DSO_CONACCEPT, DSO_CONREJECT, DSO_LINKINFO, DSO_STREAM,
+-  DSO_SEQPACKET, DSO_MAXWINDOW, DSO_NODELAY, DSO_CORK,
+-  DSO_SERVICES, DSO_INFO
+-};
+-
+-static void decnet_setsockopt(struct sockopt *so, __unused__ struct 
socket_triplet *triplet)
+-{
+-  so->level = SOL_DECNET;
+-  so->optname = RAND_ARRAY(decnet_opts);
+-
+-  // TODO: set optlen correctly
+-}
+-
+-static struct socket_triplet decnet_triplets[] = {
+-  { .family = PF_DECnet, .protocol = DNPROTO_NSP, .type = SOCK_SEQPACKET 
},
+-  { .family = PF_DECnet, .protocol = DNPROTO_NSP, .type = SOCK_STREAM },
+-};
+-
+-const struct netproto proto_decnet = {
+-  .name = "decnet",
+-  .setsockopt = decn

Bug#1079217: bullseye-pu: package net-tools/1.60+git20181103.0eebece-1+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: net-to...@packages.debian.org, Martina Ferrari , Utkarsh 
Gupta , net-tools Team , 
sanv...@debian.org
Control: affects -1 + src:net-tools

[ Reason ]
This upload is required to be able to remove dnprogs from bullseye,
which we should because it's obsolete and it does not build from source.

[ Impact ]
If this is not approved, we would be shipping bullseye with a package which
does not build from source (dnprogs).

[ Tests ]
I've compared the build with and without the build-depends using diffoscope,
and the package is the same. This means the build-dependency is not even used.

[ Risks ]
Low risk, given the above.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Drop libdnet-dev from build-depends.

[ Other info ]
- I'll wait for approval before upload.
- This has the form of a sponsored upload because I offered to file this bug
and care about the related bureaucracy. Maintainer (Martina) has already put
the changes in salsa, from where I extracted the dendiff.--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+net-tools (1.60+git20181103.0eebece-1+deb11u1) bullseye; urgency=medium
+
+  * Drop build-dependency on libdnet-dev. Closes: #1024730.
+This is required to be able to remove dnprogs from bullseye,
+since it's obsolete and it does not build from source.
+    Thanks to Santiago Vila for preparing this.
+
+ -- Martina Ferrari   Mon, 19 Aug 2024 16:30:00 +0200
+
 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium
 
   * New upstream version 1.60+git20181103.0eebece
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,6 @@ Section: net
 Priority: important
 Build-Depends: debhelper-compat (= 12),
gettext,
-   libdnet-dev,
libselinux1-dev,
 Standards-Version: 4.5.0
 Vcs-Browser: https://salsa.debian.org/debian/net-tools

Re: [Pkg-openssl-devel] openssl-provider-legacy has become build-essential

[Santiago Vila]

El 21/8/24 a las 17:54, Sebastian Andrzej Siewior escribió:

Is this some kind of problem or just a check?


This is mainly a check. I keep track of the list of packages
in the build-essential set (as a side outcome of archive rebuilds),
so whenever I find a new package in the set, that's an anomaly
and I like to be sure that it's intended.

Thanks.

Re: openssl-provider-legacy has become build-essential

[Santiago Vila]

Sorry, I see there is a discussion here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965041

Apparently this is intended to prevent greater problems, I just wanted to be 
sure.

Thanks.

openssl-provider-legacy has become build-essential

[Santiago Vila]

Hello.

I've just noticed about this new build-essential package.

In sid, coreutils depends on libssl3t64 which in turn depends on 
openssl-provider-legacy.
Is this really ok and intended?

[ Cc to relevant parties ].

Thanks.

Bug#1079021: RM: dnprogs/2.65

[Santiago Vila]

Note: I've unarchived this bug and proposed a trivial patch:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024730

Hopefully there will be another release.debian.org request
soon for net-tools to complement this one.

Thanks.

Bug#1079021: RM: dnprogs/2.65

[Santiago Vila]

Unfortunately it's not that simple:

Checking reverse dependencies...
# Broken Build-Depends:
net-tools: libdnet-dev


Hi. Additional tests indicate that such build-dependency
is not really used to build the package.

When I build the package with and without it, the resulting .deb
packages are essentially the same (i.e. modulo changelog)
according to diffoscope.

I'll file a bug against net-tools.

Thanks.

Bug#1079021: RM: dnprogs/2.65

[Santiago Vila]

El 19/8/24 a las 7:39, Adam D. Barratt escribió:

Control: tags -1 +moreinfo

On Mon, 2024-08-19 at 02:25 +0200, Santiago Vila wrote:

I believe this package (dnprogs) should be removed from bullseye
in the next (and last) upcoming point release.

- Main reason: Packages in bullseye must build in bullseye.

This package does not build from source, and there is
no workaround (the error is a compiler error, not a test
failure).

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070960


Unfortunately it's not that simple:

Checking reverse dependencies...
# Broken Build-Depends:
net-tools: libdnet-dev


Ok, but net-tools (I've just checked) may be built without libdnet-dev.
I think we should try to do that, because otherwise we would be
ditributing an unbuildable package.

Thanks.

Bug#1079021: RM: dnprogs/2.65

[Santiago Vila]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: sanv...@debian.org

Dear Release Managers:

I believe this package (dnprogs) should be removed from bullseye
in the next (and last) upcoming point release.

- Main reason: Packages in bullseye must build in bullseye.

This package does not build from source, and there is
no workaround (the error is a compiler error, not a test
failure).

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070960

- When it was removed from unstable, it was already considered obsolete:

https://tracker.debian.org/news/1391977/removed-265-from-unstable/

- The exact same version (2.65) exists in oldoldstable, so anybody
who really needs the package (most probably using a non-standard kernel)
can take it from there.

Thanks.

Bug#1077803: transition: recode

[Santiago Vila]

El 5/8/24 a las 15:20, Adrian Bunk escribió:

...
dh_auto_configure -- \
--libexecdir=\${prefix}/lib \
--with-librecode \
...
checking for recode_new_outer in librecode... no
...
   Features:
...
 GNU recode library interface:no
...


Looking at config.log, this is one of the cases of silent feature
loss due to -Wimplicit-function-declaration now being an error:


Well spotted. I'll file a separate bug for that.

Thanks.

Bug#1077803: transition: recode

[Santiago Vila]

El 2/8/24 a las 17:15, Santiago Vila escribió:

enca
   -> will need binNMU


Note: I've just realized that this one was in the list
because I made a list of source packages having a build-depends
on librecode-dev.

But the binary packages themselves do not have a Depends on librecode.

So the binNMU could be probably avoided, but on the other side
I believe it's harmless.

Cc:ing the maintainer of "enca" here, in case he can answer: It is ok
that this package has a build-dependency on librecode-dev but none
of its binary packages have a dependency on librecode?

Thanks.

Bug#1077803: transition: recode

[Santiago Vila]

- How are binNMUs handled? Is the maintainer (me in this case) in charge
of requesting them (at appropriate times), or maybe there is some automated
procedure to trigger them?


It's documented on the wiki (linked from the transition page): 
https://wiki.debian.org/Teams/ReleaseTeam/Transitions (under "How transitions work 
in general")
TL;DR: the RT takes care.


Great, thanks. I actually had the above wiki page in a firefox tab but somehow 
I missed it:

[RT]: Schedules binNMUs for reverse dependencies that just need a rebuild

While we are at it, is the wording of this item ok?

[MTL]: Bumps all blocking bugs to RC.

Bug #1077768 is non-blocking because package is not in testing,
but now the affected package will FTBFS, so the bug also needs to be
raised to RC, which I will do after recode is built for all archs.

Thanks a lot.

Bug#1077803: transition: recode

[Santiago Vila]

I'd like to request a transition slot to upload recode for unstable
and start this transition.


Please go ahead


Done.

Some minor questions:

- How are binNMUs handled? Is the maintainer (me in this case) in charge
of requesting them (at appropriate times), or maybe there is some automated
procedure to trigger them?

- The only package which FTBFS (ui-utilcpp, filed as #1077768) is not currently
in testing. Does this mean that in this case the FTBFS bug should
not block the transition bug?

Thanks a lot.

Bug#1077803: transition: recode

[Santiago Vila]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: rec...@packages.debian.org, sanv...@debian.org, 
ui-util...@packages.debian.org
Control: affects -1 + src:recode

Dear Release Managers:

I'd like to request a transition slot to upload recode for unstable
and start this transition. I already did a test rebuild of
affected packages and this is the result:

enca
  -> will need binNMU
fortune-mod
  -> will need binNMU
units-filter
  -> will need binNMU
ui-utilcpp
  -> this one FTBFS and will need a new source upload
  The maintainer, who is also upstream, is aware via Bug #1077768.
  Also: The package is currently *not* in testing,
  I guess this simplifies things.

This is the Ben file generated by reportbug, which seems equivalent
to the one autogenerated in the transition page:

title = "recode";
is_affected = .depends ~ "librecode0" | .depends ~ "librecode3";
is_good = .depends ~ "librecode3";
is_bad = .depends ~ "librecode0";

The only caveat is that the package in experimental has not been built
for s390x yet, but I have checked that the package builds ok in
such architecture using zelenka.debian.org (s390x porter box).

Thanks.

Bug#1074142: bullseye-pu: package indent/2.2.12-1+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent

[ Reason ]
Fix several memory handling bugs, already fixed in stable.

[ Impact ]
Without those fixes, indent crashes with several real-life inputs.

[ Tests ]
I've tested the resulting package and it fixes the reported problems.

[ Risks ]
Quite low, the fixes have been in stable and testing for a long time.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
This release is essentially the same as 2.2.12-1 currently in bullseye,
but adding the following patches taken verbatim from 2.2.12-4+deb12u3
currently in bookworm:

02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
03-fix-an-out-of-buffer-read.patch
04-fix-a-heap-buffer-overwrite.patch
05-fix-a-heap-buffer-underread-in-set-buf-break.patch

Therefore, this upload will make the bullseye version to be functionally
equivalent to the bookworm version.

[ Other info ]
I've already made the upload.diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog  2019-01-27 22:35:20.0 +0100
+++ indent-2.2.12/debian/changelog  2024-06-23 18:25:00.0 +0200
@@ -1,3 +1,19 @@
+indent (2.2.12-1+deb11u1) bullseye; urgency=low
+
+  * Restore the ROUND_UP macro and adjust the initial buffer size.
+Patch from the author, backported from 2.2.13.
+Fix memory handling problem. Closes: #1036851.
+  * Apply two patches by Petr Písař .
+  - Fix an out-of-buffer read in search_brace()/lexi() on an condition
+without parentheses followed with an overlong comment.
+  - Fix a heap buffer overwrite in search_brace(). Closes: #1049366.
+This one is CVE-2023-40305.
+  * Fix a heap buffer underread in set_buf_break(). Closes: #1061543.
+Patch by Petr Písař .
+This is CVE-2024-0911.
+
+ -- Santiago Vila   Sun, 23 Jun 2024 18:25:00 +0200
+
 indent (2.2.12-1) unstable; urgency=low
 
   * New upstream release. Closes: #916199.
diff -Nru 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
--- 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 1970-01-01 01:00:00.0 +0100
+++ 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 2024-06-23 17:01:00.0 +0200
@@ -0,0 +1,59 @@
+From: Andrej Shadura 
+Subject: Restore the ROUND_UP macro and adjust the initial buffer size.
+Bug-Debian: https://bugs.debian.org/1036851
+
+When need_chars was moved from "handletoken.h" to "handletoken.c",
+the ROUND_UP macro was removed, but the replacement was incorrect.
+
+This caused the program to exit with a "Virtual memory exhausted"
+error when it tried to reallocate 0 bytes (thus freeing the memory).
+It reallocated to 0 bytes because the initial buffer size was less
+than 1024, and the size calculation rounds down instead of up.
+
+Bug: #56644
+Fixes: c89d32a
+---
+ src/handletoken.c | 2 +-
+ src/indent.h  | 8 
+ src/parse.c   | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/src/handletoken.c
 b/src/handletoken.c
+@@ -85,7 +85,7 @@
+ 
+ if (current_size + needed >= (size_t)bp->size)
+ {
+-bp->size = ((current_size + needed) & (size_t)~1023);
++bp->size = ROUND_UP (current_size + needed, 1024);
+ bp->ptr = xrealloc(bp->ptr, bp->size);
+ if (bp->ptr == NULL)
+ {
+--- a/src/indent.h
 b/src/indent.h
+@@ -66,6 +66,14 @@
+ 
+ #include "lexi.h"
+ 
++/**
++ * Round up P to be a multiple of SIZE.
++ */
++
++#ifndef ROUND_UP
++#define ROUND_UP(p, size) (((unsigned long) (p) + (size) - 1) & ~((size) - 1))
++#endif
++
+ /** Values that `indent' can return for exit status.
+  *
+  *  `total_success' means no errors or warnings were found during a successful
+--- a/src/parse.c
 b/src/parse.c
+@@ -53,7 +53,7 @@
+ 
+ parser_state_ty *parser_state_tos = NULL;
+ 
+-#define INITIAL_BUFFER_SIZE 1000
++#define INITIAL_BUFFER_SIZE 1024
+ #define INITIAL_STACK_SIZE 2
+ 
+ /**
diff -Nru indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
--- indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
1970-01-01 01:00:00.0 +0100
+++ indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
2024-06-23 17:02:00.0 +0200
@@ -0,0 +1,17 @@
+From: Petr Písař 
+Subject: Fix an out-of-buffer read in search_brace()/l

Bug#1074128: bullseye-pu: package python-stdnum/1.16-1+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-std...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python-stdnum

[ Reason ]
Fix FTBFS bug due to failing test (#1022311).

[ Impact ]
Anybody trying to build the package from source will get that
the package unexpectedly fails to build.

[ Tests ]
I've tested that the fixed package builds ok again.

[ Risks ]
Very low. It's just a minor change in a test, which was taken from upstream.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
See changelog.

[ Other info ]
I'm going to upload the package after sending this report.diff -Nru python-stdnum-1.16/debian/changelog 
python-stdnum-1.16/debian/changelog
--- python-stdnum-1.16/debian/changelog 2021-02-06 17:52:07.0 +0100
+++ python-stdnum-1.16/debian/changelog 2024-06-23 15:35:00.0 +0200
@@ -1,3 +1,11 @@
+python-stdnum (1.16-1+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  [ Arthur de Jong ]
+  * Update Fødselsnummer test case for date in future. Closes: #1022311.
+
+ -- Santiago Vila   Sun, 23 Jun 2024 15:35:00 +0200
+
 python-stdnum (1.16-1) unstable; urgency=medium
 
   * New upstream release:
diff -Nru python-stdnum-1.16/debian/patches/series 
python-stdnum-1.16/debian/patches/series
--- python-stdnum-1.16/debian/patches/series1970-01-01 01:00:00.0 
+0100
+++ python-stdnum-1.16/debian/patches/series2024-06-23 15:28:38.0 
+0200
@@ -0,0 +1 @@
+update-fodselsnummer-test-case.patch
diff -Nru 
python-stdnum-1.16/debian/patches/update-fodselsnummer-test-case.patch 
python-stdnum-1.16/debian/patches/update-fodselsnummer-test-case.patch
--- python-stdnum-1.16/debian/patches/update-fodselsnummer-test-case.patch  
1970-01-01 01:00:00.0 +0100
+++ python-stdnum-1.16/debian/patches/update-fodselsnummer-test-case.patch  
2024-06-23 15:35:00.0 +0200
@@ -0,0 +1,26 @@
+From: Arthur de Jong 
+Subject: Update Fødselsnummer test case for date in future
+Origin: upstream, 
https://arthurdejong.org/git/python-stdnum/patch/?id=1003033fa0e97726d92f47231f96cf02fb35869a
+Bug-Debian: https://bugs.debian.org/1022311
+Last-Update: 2024-06-23
+Forwarded: not-needed
+
+The future was now. This problem was pushed forwards to October 2039.
+---
+ tests/test_no_fodselsnummer.doctest | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/tests/test_no_fodselsnummer.doctest
 b/tests/test_no_fodselsnummer.doctest
+@@ -91,9 +91,9 @@
+ Traceback (most recent call last):
+   ...
+ InvalidComponent: This number is an FH-number, and does not contain birth 
date information by design.
+->>> fodselsnummer.validate('19102270846')
++>>> fodselsnummer.validate('18103970861')
+ Traceback (most recent call last):
+-  ...
++  ...
+ InvalidComponent: The birth date information is valid, but this person has 
not been born yet.
+ 
+ 

Bug#1051237: transition: move files from / to /usr to finalize /usr-merge

[Santiago Vila]

El 3/6/24 a las 23:10, Helmut Grohne escribió:

On Wed, May 29, 2024 at 03:14:59PM +0200, Helmut Grohne wrote:

Since noble includes these changes and I'd get this done sooner rather
than later, how about moving forward with June 5th after 22:30 UTC (such
that all buildds have regenerated their chroots before the upload)?


I got vaguely positive feedback from Paul Gevers on this date. Hence, I
plan to upload after the June 5th mirror push and allocate time for
handling unexpected fallout.

dash, base-files and bash are fully migrated at the time of this
writing. glibc migrated -11 and -12 still has 5 autopkgtest regressions.
util-linux migrated -6, -7 has a piuparts regression and -8 hopefully
gets tested soon. I hope that both migrate before the planned upload and
will consult with the release team on whether to bump back or go ahead.

I have rebased and retested the patches in
https://salsa.debian.org/helmutg/bootstrap-usrmerge-demo.

Andrew, Aurelien, Chris, Matthias, Santiago: Any objections?


For base-files, please use branch "wip-202406" here:

git clone https://salsa.debian.org/sanvila/base-files-not-yet/

(I've just made such branch the default) and upload as is.

This will avoid sending signed files.

Thanks.

Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1

[Santiago Vila]

Nevermind. I see that the upload was already accepted, and what is
missing is a binary-only upload matching the already existing source.



Yes, sorry if I wasn't clear enough about that.


No problem. I've now done the additional binary-only upload.

Thanks a lot.

Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1

[Santiago Vila]

As bart-cuda build-depends on nvidia-cuda-toolkit, which is in non-
free, bart-cuda is not buildable on the buildd network, so this will
also need a binary upload to be performed.


Ok, what's the best way to solve this? Can you reject the upload
so that I do it again including .debs?


Nevermind. I see that the upload was already accepted, and what is missing
is a binary-only upload matching the already existing source.

I'll make the missing binary upload.

Thanks.

Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1

[Santiago Vila]

El 14/5/24 a las 20:24, Adam D. Barratt escribió:

On Wed, 2024-05-08 at 17:18 +0200, Santiago Vila wrote:

This upload fixes Bug #1070757 FTBFS in bullseye.
Note: A similar request for a similar bug has been made for package
"bart".

[ Impact ]
Anybody who try to build the package from source may find
that the package FTBFS unexpectedly.


As bart-cuda build-depends on nvidia-cuda-toolkit, which is in non-
free, bart-cuda is not buildable on the buildd network, so this will
also need a binary upload to be performed.


Ok, what's the best way to solve this? Can you reject the upload
so that I do it again including .debs?

Thanks.

Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: bart-c...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:bart-cuda

[ Reason ]
This upload fixes Bug #1070757 FTBFS in bullseye.
Note: A similar request for a similar bug has been made for package "bart".

[ Impact ]
Anybody who try to build the package from source may find
that the package FTBFS unexpectedly.

[ Tests ]
I've tested the fixed package in the AWS instances where it
used to fail, and it does not fail anymore.

[ Risks ]
Very low risk, as the change merely increases the tolerance for
a floating point comparison in the tests. The program itself
does not really change.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
See debdiff.

[ Other info ]
I'm going to upload the package after sending this report,
but I'll wait for approval before pushing changes to salsa.diff -Nru bart-cuda-0.6.00/debian/changelog bart-cuda-0.6.00/debian/changelog
--- bart-cuda-0.6.00/debian/changelog   2020-12-18 21:23:31.0 +0100
+++ bart-cuda-0.6.00/debian/changelog   2024-05-08 16:40:00.0 +0200
@@ -1,3 +1,11 @@
+bart-cuda (0.6.00-1+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * Cherry-pick relax-failing-unit-test.patch from release 0.7.00-1.
+Fixes FTBFS bug. Closes: #1070757.
+
+ -- Santiago Vila   Wed, 08 May 2024 16:40:00 +0200
+
 bart-cuda (0.6.00-1) unstable; urgency=medium
 
   * Initial upload of this cuda enabled bart version
diff -Nru bart-cuda-0.6.00/debian/patches/0005-relax-failing-unit-test.patch 
bart-cuda-0.6.00/debian/patches/0005-relax-failing-unit-test.patch
--- bart-cuda-0.6.00/debian/patches/0005-relax-failing-unit-test.patch  
1970-01-01 01:00:00.0 +0100
+++ bart-cuda-0.6.00/debian/patches/0005-relax-failing-unit-test.patch  
2024-05-08 16:40:00.0 +0200
@@ -0,0 +1,19 @@
+From: Martin Uecker 
+Date: Mon, 25 Oct 2021 18:59:03 +0200
+Subject: relax failing unit test
+
+---
+ utests/test_nufft.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/utests/test_nufft.c
 b/utests/test_nufft.c
+@@ -114,7 +114,7 @@
+ 
+   debug_printf(DP_DEBUG1, "adjoint diff: %f\n", diff);
+ 
+-  bool ret = (diff < 1.E-6f);
++  bool ret = (diff < 1.E-5f);
+ 
+   linop_free(op);
+ 
diff -Nru bart-cuda-0.6.00/debian/patches/series 
bart-cuda-0.6.00/debian/patches/series
--- bart-cuda-0.6.00/debian/patches/series  2020-12-18 21:23:31.0 
+0100
+++ bart-cuda-0.6.00/debian/patches/series  2024-05-08 16:40:00.0 
+0200
@@ -2,3 +2,4 @@
 0002-remove-empty-directory.patch
 0003-deactivate-ode-unit-tests.patch
 0004-change-cuda-library.patch
+0005-relax-failing-unit-test.patch

Bug#1070723: bullseye-pu: package bart/0.6.00-3+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: b...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:bart

[ Reason ]
This upload fixes Bug #1026061 FTBFS randomly in bullseye.

[ Impact ]
Anybody who try to build the package from source may find
that the package FTBFS unexpectedly.

[ Tests ]
I've tested the fixed package in the AWS instances where it
used to fail, and it does not fail anymore.

[ Risks ]
Very low risk, as the change merely increases the tolerance for
a floating point comparison in the tests. The program itself
does not really change.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
See debdiff.

[ Other info ]
I'm going to upload the package after sending this report,
but I'll wait for approval before pushing changes to salsa.diff -Nru bart-0.6.00/debian/changelog bart-0.6.00/debian/changelog
--- bart-0.6.00/debian/changelog2020-09-21 16:16:16.0 +0200
+++ bart-0.6.00/debian/changelog2024-05-07 23:05:00.0 +0200
@@ -1,3 +1,11 @@
+bart (0.6.00-3+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * Cherry-pick 0004-relax-failing-unit-test.patch from
+release 0.7.00-1. Fixes FTBFS bug. Closes: #1026061.
+
+ -- Santiago Vila   Tue, 07 May 2024 23:05:00 +0200
+
 bart (0.6.00-3) unstable; urgency=medium
 
   * Team upload
diff -Nru bart-0.6.00/debian/patches/0004-relax-failing-unit-test.patch 
bart-0.6.00/debian/patches/0004-relax-failing-unit-test.patch
--- bart-0.6.00/debian/patches/0004-relax-failing-unit-test.patch   
1970-01-01 01:00:00.0 +0100
+++ bart-0.6.00/debian/patches/0004-relax-failing-unit-test.patch   
2024-05-07 23:05:00.0 +0200
@@ -0,0 +1,21 @@
+From: Martin Uecker 
+Date: Mon, 25 Oct 2021 18:59:03 +0200
+Subject: relax failing unit test
+
+---
+ utests/test_nufft.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utests/test_nufft.c b/utests/test_nufft.c
+index ec02762..95b65c5 100644
+--- a/utests/test_nufft.c
 b/utests/test_nufft.c
+@@ -114,7 +114,7 @@ static bool test_nufft_adjoint(void)
+ 
+   debug_printf(DP_DEBUG1, "adjoint diff: %f\n", diff);
+ 
+-  bool ret = (diff < 1.E-6f);
++  bool ret = (diff < 1.E-5f);
+ 
+   linop_free(op);
+ 
diff -Nru bart-0.6.00/debian/patches/series bart-0.6.00/debian/patches/series
--- bart-0.6.00/debian/patches/series   2020-09-21 16:16:16.0 +0200
+++ bart-0.6.00/debian/patches/series   2024-05-07 23:05:00.0 +0200
@@ -1,3 +1,4 @@
 0001-makefile-change-for-compatibility-with-debian.patch
 0002-remove-empty-directory.patch
 0003-deactivate-ode-unit-tests.patch
+0004-relax-failing-unit-test.patch

Bug#1069802: bullseye-pu: package galera-4 26.4.18-0+deb11u1

[Santiago Vila]

Dear Release Managers:

Since I reported bug #1053334, I'd like to emphasize on this item:


   * New upstream release includes multiple Debian build and post-build test
 failure fixes:
 - Generate keys and certificates for SSL tests (Closes: #1053334)


This is a FTBFS bug due to expiring certificates and the main reason
I requested Otto for an update. Without this update, anybody trying to rebuild
galera-4 from sources will see how the build unexpectedly fails.

Thanks.

Bug#1068654: bookworm-pu: package bioawk/1.0-4+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: bio...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:bioawk

[ Reason ]
Fix random FTBFS bug (#1068341).

[ Impact ]
Any user who tries to build from source using more than one CPU
may find that the package unexpectedly FTBFS in a random way.

[ Tests ]
I've built the package in unstable a lot of times, and it does
no longer FTBFS randomly.

[ Risks ]
Very low, given that the fix is to add --no-parallel to dh invocation.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Add --no-parallel to dh invocation.

[ Other info ]
I'm going to make the upload now, but will wait for confirmation before
pushing to salsa.diff -Nru bioawk-1.0/debian/changelog bioawk-1.0/debian/changelog
--- bioawk-1.0/debian/changelog 2021-03-17 17:53:42.0 +0100
+++ bioawk-1.0/debian/changelog 2024-04-08 19:40:00.0 +0200
@@ -1,3 +1,11 @@
+bioawk (1.0-4+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * debian/rules: Add --no-parallel to avoid the effects of a Makefile bug 
which
+makes the package to FTBFS randomly. Closes: #1068341.
+
+ -- Santiago Vila   Mon, 08 Apr 2024 19:40:00 +0200
+
 bioawk (1.0-4) unstable; urgency=medium
 
   * d/p/cross.patch: Fix non-cross buildability
diff -Nru bioawk-1.0/debian/rules bioawk-1.0/debian/rules
--- bioawk-1.0/debian/rules 2021-03-17 17:53:42.0 +0100
+++ bioawk-1.0/debian/rules 2024-04-08 19:39:55.0 +0200
@@ -5,7 +5,7 @@
 include /usr/share/dpkg/buildtools.mk
 
 %:
-   dh $@
+   dh $@ --no-parallel
 
 override_dh_auto_configure:
 

Bug#1054386: bookworm-pu: package fssync/1.6-1.1+deb12u1

[Santiago Vila]

Hello.

I was going to sponsor this upload and we were waiting for approval before 
upload,
but given that 12.5 is approaching and I believe that rejecting an incorrect
upload is relatively easy, I've decided to go ahead and make the upload.

Please consider for 12.5.

Thanks.

Bug#1062435: bookworm-pu: package indent/2.2.12-4+deb12u3

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent

[ Reason ]
This upload fixes CVE-2024-0911.

[ Impact ]
We remain vulnerable if the update is not approved.

[ Tests ]
I've tested that the bug is fixed.

[ Risks ]
Low risk. The patch has been already accepted upstream.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
See changelog.

[ Other info ]
I've already uploaded the package.

Bug#1058623: bullseye-pu: package pyzoltan/1.0.1-2+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pyzol...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:pyzoltan

[ Reason ]
This upload fixes Bug #1055625. FTBFS on single-cpu systems.

[ Impact ]
Anybody trying to build the package on a single cpu system
will get an unexpected build failure.

[ Tests ]
I've checked that the package builds again on such systems,
and also that it still builds on multi-core systems.

[ Risks ]
Very low. No real code changes. Only the way the tests are ran.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Set NPROC=1 in debian/rules so that the tests are not executed
in parallel.

[ Other info ]
The package is already uploaded.
A similar upload with a similar fix was already approved for bookworm.diff -Nru pyzoltan-1.0.1/debian/changelog pyzoltan-1.0.1/debian/changelog
--- pyzoltan-1.0.1/debian/changelog 2020-04-22 21:54:56.0 +0200
+++ pyzoltan-1.0.1/debian/changelog 2023-12-13 18:40:00.0 +0100
@@ -1,3 +1,11 @@
+pyzoltan (1.0.1-2+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * debian/rules: Set NPROC to 1 so that the package may be
+built on systems with a single core. Closes: #1055625.
+
+ -- Santiago Vila   Wed, 13 Dec 2023 18:40:00 +0100
+
 pyzoltan (1.0.1-2) unstable; urgency=medium
 
   * [3a7ac5f] Set Standards-Verstion to 4.5.0. No changes
diff -Nru pyzoltan-1.0.1/debian/gbp.conf pyzoltan-1.0.1/debian/gbp.conf
--- pyzoltan-1.0.1/debian/gbp.conf  2020-03-02 21:56:35.0 +0100
+++ pyzoltan-1.0.1/debian/gbp.conf  2023-12-13 18:40:00.0 +0100
@@ -6,7 +6,7 @@
 
 # The default name for the Debian branch is "master".
 # Change it if the name is different (for instance, "debian/unstable").
-debian-branch = master
+debian-branch = bullseye
 
 # git-import-orig uses the following names for the upstream tags.
 # Change the value if you are not using git-import-orig
diff -Nru pyzoltan-1.0.1/debian/rules pyzoltan-1.0.1/debian/rules
--- pyzoltan-1.0.1/debian/rules 2020-04-22 21:54:40.0 +0200
+++ pyzoltan-1.0.1/debian/rules 2023-12-13 18:40:00.0 +0100
@@ -4,7 +4,7 @@
 export USE_TRILINOS=1
 export ZOLTAN_INCLUDE=/usr/include/trilinos
 export ZOLTAN_LIBRARY=/usr/lib
-export NPROCS=2
+export NPROCS=1
 
 export PYBUILD_NAME=pyzoltan
 

Bug#1058586: bullseye-pu: package python-cogent/2020.12.21a+dfsg-4+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-cog...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python-cogent

[ Reason ]
This upload fixes Bug #1030885: FTBFS on single-CPU systems.

[ Impact ]
Anybody trying to build the package using a single-CPU system
will see that the build will fail unexpectedly.

[ Tests ]
I've checked that the fixed package builds again on single-CPU
systems and also that it still builds ok on multi-core systems.

[ Risks ]
Low risk. No real code changes. The only change is that
some tests are skipped when we know that they would fail.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Skip parallel tests when the build machine has only one CPU.

[ Other info ]
The package is already uploaded.diff -Nru python-cogent-2020.12.21a+dfsg/debian/changelog 
python-cogent-2020.12.21a+dfsg/debian/changelog
--- python-cogent-2020.12.21a+dfsg/debian/changelog 2021-02-09 
14:42:13.0 +0100
+++ python-cogent-2020.12.21a+dfsg/debian/changelog 2023-12-13 
12:30:00.0 +0100
@@ -1,3 +1,10 @@
+python-cogent (2020.12.21a+dfsg-4+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * Skip parallel tests on single-CPU systems. Closes: #1030885.
+
+ -- Santiago Vila   Wed, 13 Dec 2023 12:30:00 +0100
+
 python-cogent (2020.12.21a+dfsg-4) unstable; urgency=high
 
   * Team upload.
diff -Nru python-cogent-2020.12.21a+dfsg/debian/patches/series 
python-cogent-2020.12.21a+dfsg/debian/patches/series
--- python-cogent-2020.12.21a+dfsg/debian/patches/series2021-02-07 
17:23:21.0 +0100
+++ python-cogent-2020.12.21a+dfsg/debian/patches/series2023-12-13 
12:30:00.0 +0100
@@ -1,3 +1,4 @@
 sphinx.patch
 fix_interpreter.patch
 py39_union_dict
+skip-parallel-tests-on-single-cpu-systems.patch
diff -Nru 
python-cogent-2020.12.21a+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
 
python-cogent-2020.12.21a+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
--- 
python-cogent-2020.12.21a+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-cogent-2020.12.21a+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
   2023-12-13 12:30:00.0 +0100
@@ -0,0 +1,73 @@
+Author: Santiago Vila 
+Last-Update: 2023-12-13
+Bug-Debian: https://bugs.debian.org/1030885
+Description: Skip parallel tests on single-cpu systems
+
+--- a/tests/test_app/test_evo.py
 b/tests/test_app/test_evo.py
+@@ -1,5 +1,7 @@
++import multiprocessing
++
+ from os.path import dirname, join
+-from unittest import TestCase, main
++from unittest import TestCase, main, skipIf
+ from unittest.mock import MagicMock
+ 
+ from numpy.testing import assert_allclose, assert_raises
+@@ -670,6 +672,7 @@
+ got = deserialise_object(json)
+ self.assertIsInstance(got, evo_app.bootstrap_result)
+ 
++@skipIf(multiprocessing.cpu_count() == 1, "Does not work on single-cpu 
systems")
+ def test_bstrap_parallel(self):
+ """exercising bootstrap with parallel"""
+ aln = load_aligned_seqs(join(data_dir, "brca1.fasta"), moltype="dna")
+--- a/tests/test_app/test_io.py
 b/tests/test_app/test_io.py
+@@ -3,10 +3,11 @@
+ import pathlib
+ import shutil
+ import zipfile
++import multiprocessing
+ 
+ from os.path import basename, join
+ from tempfile import TemporaryDirectory
+-from unittest import TestCase, main
++from unittest import TestCase, main, skipIf
+ from unittest.mock import Mock, patch
+ 
+ import numpy
+@@ -532,6 +533,7 @@
+ w = io_app.write_db(outdir, create=True, if_exists="skip")
+ w.data_store.close()
+ 
++@skipIf(multiprocessing.cpu_count() == 1, "Does not work on single-cpu 
systems")
+ def test_write_db_parallel(self):
+ """writing with overwrite in parallel should reset db"""
+ dstore = io_app.get_data_store(self.basedir, suffix="fasta")
+--- a/tests/test_util/test_parallel.py
 b/tests/test_util/test_parallel.py
+@@ -35,6 +35,7 @@
+ 
+ 
+ class ParallelTests(TestCase):
++@skipIf(multiprocessing.cpu_count() == 1, "Does not work on single-cpu 
systems")
+ def test_create_processes(self):
+ """Procressor pool should create multiple distingue processes"""
+ max_worker_count = multiprocessing.cpu_count() - 1
+@@ -45,6 +46,7 @@
+ self.assertEqual(sorted(list(result_values)), index)
+ self.assertEqual(len(set(result_processes)), max_worker_count)
+ 
++@skipIf(multiprocessing.cpu_count() == 1, &quo

Bug#1058562: bullseye-pu: package python-django-imagekit/4.0.2-3+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-django-image...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python-django-imagekit

[ Reason ]
This release fixes Bug #991650 FTBFS because of failing tests.

[ Impact ]
Anybody trying to build the package from source will get a build error.

[ Tests ]
I've checked that the package builds again after the fix.

[ Risks ]
Low risk. The patch was already tested in the unstable of the time.
There are no real code changes in the program itself, only
in one of the tests.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Minor change to tests/test_sourcegroups.py so that it works again.

[ Other info ]
I've already made the upload.diff -Nru python-django-imagekit-4.0.2/debian/changelog 
python-django-imagekit-4.0.2/debian/changelog
--- python-django-imagekit-4.0.2/debian/changelog   2020-02-23 
16:33:44.0 +0100
+++ python-django-imagekit-4.0.2/debian/changelog   2023-12-12 
23:00:00.0 +0100
@@ -1,3 +1,12 @@
+python-django-imagekit (4.0.2-3+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  [ Michael Fladischer ]
+  * Add patch to avoid triggering path traversal detection in tests.
+Closes: #991650.
+
+ -- Santiago Vila   Tue, 12 Dec 2023 23:00:00 +0100
+
 python-django-imagekit (4.0.2-3) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru python-django-imagekit-4.0.2/debian/gbp.conf 
python-django-imagekit-4.0.2/debian/gbp.conf
--- python-django-imagekit-4.0.2/debian/gbp.conf2020-02-23 
16:33:44.0 +0100
+++ python-django-imagekit-4.0.2/debian/gbp.conf2023-12-12 
22:53:34.0 +0100
@@ -1,2 +1,2 @@
 [DEFAULT]
-debian-branch=debian/master
+debian-branch=debian/bullseye
diff -Nru 
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
 
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
--- 
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
 1970-01-01 01:00:00.0 +0100
+++ 
python-django-imagekit-4.0.2/debian/patches/0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch
 2023-12-12 22:55:32.0 +0100
@@ -0,0 +1,29 @@
+From: Michael Fladischer 
+Date: Sun, 31 Oct 2021 20:48:19 +
+Subject: Set filename in tests to avoid path traversal detection (Closes:
+ #991650).
+
+---
+ tests/test_sourcegroups.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_sourcegroups.py b/tests/test_sourcegroups.py
+index c69b11f..416b964 100644
+--- a/tests/test_sourcegroups.py
 b/tests/test_sourcegroups.py
+@@ -23,7 +23,7 @@ def test_source_saved_signal():
+ source_group = ImageFieldSourceGroup(ImageModel, 'image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+-ImageModel.objects.create(image=File(get_image_file()))
++ImageModel.objects.create(image=File(get_image_file(), 
name='reference.png'))
+ eq_(receiver.count, 1)
+ 
+ 
+@@ -51,5 +51,5 @@ def test_abstract_model_signals():
+ source_group = ImageFieldSourceGroup(AbstractImageModel, 'original_image')
+ receiver = make_counting_receiver(source_group)
+ source_saved.connect(receiver)
+-ConcreteImageModel.objects.create(original_image=File(get_image_file()))
++ConcreteImageModel.objects.create(original_image=File(get_image_file(), 
name='reference.png'))
+ eq_(receiver.count, 1)
diff -Nru python-django-imagekit-4.0.2/debian/patches/series 
python-django-imagekit-4.0.2/debian/patches/series
--- python-django-imagekit-4.0.2/debian/patches/series  2020-02-23 
16:33:44.0 +0100
+++ python-django-imagekit-4.0.2/debian/patches/series  2023-12-12 
22:55:32.0 +0100
@@ -2,3 +2,4 @@
 0002-Disable-usage-of-nose-progressive-as-it-has-not-been.patch
 0003-Disable-build-status-image-to-prevent-privacy-breach.patch
 0004-Do-not-check-for-existence-if-name-is-None-Closes-95.patch
+0005-Set-filename-in-tests-to-avoid-path-traversal-detect.patch

Bug#1058559: bullseye-pu: package vlfeat/0.9.21+dfsg0-6+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: vlf...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:vlfeat

[ Reason ]
This release fixes Bug #991066: FTBFS with new imagemagick.
The bug was bullseye-ignored to avoid the package being removed,
but this upload for bullseye was still missing.

[ Impact ]
Anybody trying to build the package from source will get a build error.

[ Tests ]
I've checked that the package builds again after the fix.

[ Risks ]
Low risk. The patch was already tested in the unstable of the time.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Minor change to debian/rules so that the package builds again.

[ Other info ]
I've already made the upload.diff -Nru vlfeat-0.9.21+dfsg0/debian/changelog 
vlfeat-0.9.21+dfsg0/debian/changelog
--- vlfeat-0.9.21+dfsg0/debian/changelog2020-02-08 06:39:32.0 
+0100
+++ vlfeat-0.9.21+dfsg0/debian/changelog2023-12-12 21:30:00.0 
+0100
@@ -1,3 +1,10 @@
+vlfeat (0.9.21+dfsg0-6+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * Apply patch by Dennis Filder to fix build error. Closes: #991066.
+
+ -- Santiago Vila   Tue, 12 Dec 2023 21:30:00 +0100
+
 vlfeat (0.9.21+dfsg0-6) unstable; urgency=medium
 
   * Team upload.
diff -Nru vlfeat-0.9.21+dfsg0/debian/rules vlfeat-0.9.21+dfsg0/debian/rules
--- vlfeat-0.9.21+dfsg0/debian/rules2020-02-08 06:39:32.0 +0100
+++ vlfeat-0.9.21+dfsg0/debian/rules2023-12-12 21:26:17.0 +0100
@@ -10,12 +10,16 @@
 # grab the API version from the library SONAME
 API_VERSION = $(shell objdump -p bin/*/libvl.so | perl -ne 
'if(/^\s+SONAME\s+libvl.so./p) {print $${^POSTMATCH}; exit;}')
 
+IMAGEMAGICK_POLICY := /etc/$(shell convert -version|sed -n '/^Version: 
/s@Version: ImageMagick \([[:digit:]]\+\)\..*@ImageMagick-\1@p')/policy.xml
+
 %:
dh $@
 
 override_dh_auto_build:
-   make PYTHON=python3 MKOCTFILE=`which mkoctfile` VERB=1 CFLAGS+=-g all 
doc
-
+   mkdir -p debian/tmp/ImageMagick
+   sed -e '//s@"none"@"read|write"@' "$(IMAGEMAGICK_POLICY)" > 
debian/tmp/ImageMagick/policy.xml
+   make XDG_CONFIG_HOME="$(shell pwd)/debian/tmp" PYTHON=python3 
MKOCTFILE=`which mkoctfile` VERB=1 CFLAGS+=-g all doc
+   rm -Rf debian/tmp/ImageMagick
 
 override_dh_auto_install: $(addprefix install/,data $(wildcard toolbox/*))
cp bin/*/libvl.so libvl.so.$(VERSION)

Bug#1056330: bookworm-pu: package toil/5.9.2-2+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:toil

[ Reason ]
This upload fixes Bug#1031192. FTBFS on single-cpu systems.

[ Impact ]
Anybody trying to build the package from source in stable on a single-cpu
system will see that the package unexpectedly FTBFS.

[ Tests ]
I've tested that the updated package builds ok in all systems.

[ Risks ]
There are no actual code changes in the program, only in the
way the tests are executed.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Backport patch from unstable to run the tests using
a single CPU.

[ Other info ]
The package is already uploaded.diff -Nru toil-5.9.2/debian/changelog toil-5.9.2/debian/changelog
--- toil-5.9.2/debian/changelog 2023-02-06 19:04:14.0 +0100
+++ toil-5.9.2/debian/changelog 2023-11-21 00:35:00.0 +0100
@@ -1,3 +1,11 @@
+toil (5.9.2-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Apply patch by Michael R. Crusoe to request a single core
+in the tests. Closes: #1031192.
+
+ -- Santiago Vila   Tue, 21 Nov 2023 00:35:00 +0100
+
 toil (5.9.2-2) unstable; urgency=medium
 
   * Add patch to handle errors when testing on ec2.
diff -Nru toil-5.9.2/debian/patches/fewer_cores 
toil-5.9.2/debian/patches/fewer_cores
--- toil-5.9.2/debian/patches/fewer_cores   1970-01-01 01:00:00.0 
+0100
+++ toil-5.9.2/debian/patches/fewer_cores   2023-11-21 00:34:08.0 
+0100
@@ -0,0 +1,37 @@
+From: Michael R. Crusoe 
+Subject: Tests: only request a single core
+Bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031192
+
+--- a/src/toil/test/src/helloWorldTest.py
 b/src/toil/test/src/helloWorldTest.py
+@@ -24,7 +24,7 @@
+ 
+ class HelloWorld(Job):
+ def __init__(self):
+-Job.__init__(self,  memory=10, cores=2, disk="3G")
++Job.__init__(self,  memory=10, cores=1, disk="3G")
+ 
+ def run(self, fileStore):
+ fileID = self.addChildJobFn(childFn, cores=1, memory="1M", 
disk="3G").rv()
+--- a/src/toil/test/src/realtimeLoggerTest.py
 b/src/toil/test/src/realtimeLoggerTest.py
+@@ -57,7 +57,7 @@
+ 
+ class LogTest(Job):
+ def __init__(self):
+-Job.__init__(self, memory=10, cores=2, disk='3G')
++Job.__init__(self, memory=10, cores=1, disk='3G')
+ 
+ def run(self, fileStore):
+ RealtimeLogger.info('This should be logged at info level')
+--- a/src/toil/test/src/userDefinedJobArgTypeTest.py
 b/src/toil/test/src/userDefinedJobArgTypeTest.py
+@@ -59,7 +59,7 @@
+ 
+ class JobClass(Job):
+ def __init__(self, level, foo):
+-Job.__init__(self, memory=10, cores=2, disk="300M")
++Job.__init__(self, memory=10, cores=1, disk="300M")
+ self.level = level
+ self.foo = foo
+ 
diff -Nru toil-5.9.2/debian/patches/series toil-5.9.2/debian/patches/series
--- toil-5.9.2/debian/patches/series2023-02-06 19:01:55.0 +0100
+++ toil-5.9.2/debian/patches/series2023-11-21 00:34:08.0 +0100
@@ -10,3 +10,4 @@
 atomic_copy_as_alternative.patch
 python3_in_doc.patch
 avoid_boto
+fewer_cores

Bug#1056194: bookworm-pu: package python3-onelogin-saml2/1.12.0-2+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python3-onelogin-sa...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python3-onelogin-saml2

[ Reason ]
This upload fixes Bug #1036255: FTBFS due to expired certificates in the tests

[ Impact ]
Anybody trying to build the package from source in bookworm will
get a build error.

[ Tests ]
I've verified that the package builds from source again.

[ Risks ]
Low risk. There are no real code changes, just the tests.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
I've cherry-picked three commits from upstream repository,
required to fix the tests.

[ Other info ]
I've already uploaded the package.

Bug#1056123: bullseye-pu: package conda-package-handling/1.7.2-2+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: conda-package-handl...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:conda-package-handling

[ Reason ]
This upload fixes Bug #976506: FTBFS due to flaky test.

Upstream added a time condition to skip the failing test,
but that just moved the problem to a future which has already arrived.

This upload removes the condition and skip the test without conditions,
as it was done already in unstable.

[ Impact ]
Anybody trying to build the package from source may get the error:

https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/conda-package-handling.html

[ Tests ]
There are no code changes. I've verified that the package
now builds from source.

[ Risks ]
Very low. No code changes. Patch is trivial.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The attached patch is in git diff format, which is
a little bit clearer than debdiff because the existing
patch has been renamed.

[ Other info ]
The package is already uploaded.diff --git a/debian/changelog b/debian/changelog
index 306c900..c06fada 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+conda-package-handling (1.7.2-2+deb11u1) bullseye; urgency=medium
+
+  * Team upload.
+  * Disable flaky test. Closes: #976506.
+
+ -- Santiago Vila   Fri, 17 Nov 2023 11:30:00 +0100
+
 conda-package-handling (1.7.2-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/series b/debian/patches/series
index 3d1dca5..b36fda0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,4 @@
 fix_linking.patch
 fix_test.patch
 fix-out-dir.patch
-extend-test-datetime-to-dec-2021.patch
+skip-test-timeline.patch
diff --git a/debian/patches/extend-test-datetime-to-dec-2021.patch 
b/debian/patches/skip-test-timeline.patch
similarity index 71%
rename from debian/patches/extend-test-datetime-to-dec-2021.patch
rename to debian/patches/skip-test-timeline.patch
index 4b22288..78aee74 100644
--- a/debian/patches/extend-test-datetime-to-dec-2021.patch
+++ b/debian/patches/skip-test-timeline.patch
@@ -1,9 +1,10 @@
-Description: Extend datetime to Dec 1, 2021 in 
test_secure_refusal_to_extract_abs_paths to prevent failing tests in arm64.
+Description: Stop extending datetime in 
test_secure_refusal_to_extract_abs_paths to prevent failing tests in arm64.
 Upstream has confirmed this here: 
https://github.com/conda/conda-package-handling/issues/74#issuecomment-739349646
 Author: Nilesh Patra 
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976506
 Forwarded: https://github.com/conda/conda-package-handling/pull/75
-Last-Update: 2020-12-06
+Last-Update: 2023-11-17
+
 --- a/tests/test_api.py
 +++ b/tests/test_api.py
 @@ -183,7 +183,7 @@
@@ -11,7 +12,7 @@ Last-Update: 2020-12-06
  
  
 -@pytest.mark.skipif(datetime.now() <= datetime(2020, 12, 1), reason="Don't 
understand why this doesn't behave.  Punt.")
-+@pytest.mark.skipif(datetime.now() <= datetime(2021, 12, 1), reason="Don't 
understand why this doesn't behave.  Punt.")
++@pytest.mark.skip(reason="Don't understand why this doesn't behave.  Punt.")
  def test_secure_refusal_to_extract_abs_paths(testing_workdir):
  with tarfile.open('pinkie.tar.bz2', 'w:bz2') as tf:
  open('thebrain', 'w').close()

Bug#1019096: bullseye-pu: package cifs-utils/2:6.11-3.1+deb11u2

[Santiago Vila]

El 25/7/23 a las 23:32, Jonathan Wiltshire escribió:

This request was approved but not uploaded in time for the previous point
release (11.7). Should it be included in 11.8 or should this request be
abandoned and closed?


Hi. Since the debdiff was already approved by you (RMs), I've just uploaded
(as if it was a "sponsored upload") the package which matches exactly the 
debdiff
provided by Michael in the bug report, since that was the intent.

Please include it in the next point release of bullseye (whenever that will be),
I'm trying to keep stable and oldstable free of FTBFS bugs like this one.

Thanks.

Bug#1055859: bookworm-pu: package pyzoltan/1.0.1-5+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pyzol...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:pyzoltan

[ Reason ]
This upload fixes Bug#1055625 FTBFS on single-cpu systems.

[ Impact ]
Anybody trying to build the package using a single-cpu
system will get an unexpected build error.

[ Tests ]
There are no real code changes. The package builds the same.

[ Risks ]
Very low risk.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The only change has been to change NPROCS=2 to NPROCS=1
in debian/rules.

[ Other info ]
The package is already uploaded.diff -Nru pyzoltan-1.0.1/debian/changelog pyzoltan-1.0.1/debian/changelog
--- pyzoltan-1.0.1/debian/changelog 2022-10-31 08:07:44.0 +0100
+++ pyzoltan-1.0.1/debian/changelog 2023-11-12 23:25:00.0 +0100
@@ -1,3 +1,11 @@
+pyzoltan (1.0.1-5+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * debian/rules: Set NPROC to 1 so that the package may be
+built on systems with a single core. Closes: #1055625.
+
+ -- Santiago Vila   Sun, 12 Nov 2023 23:25:00 +0100
+
 pyzoltan (1.0.1-5) unstable; urgency=medium
 
   * Standards version bumped to 4.6.1 (non changes).
diff -Nru pyzoltan-1.0.1/debian/rules pyzoltan-1.0.1/debian/rules
--- pyzoltan-1.0.1/debian/rules 2022-10-31 08:07:44.0 +0100
+++ pyzoltan-1.0.1/debian/rules 2023-11-12 23:20:43.0 +0100
@@ -4,7 +4,7 @@
 export USE_TRILINOS=1
 export ZOLTAN_INCLUDE=/usr/include/trilinos
 export ZOLTAN_LIBRARY=/usr/lib
-export NPROCS=2
+export NPROCS=1
 
 export PYBUILD_NAME=pyzoltan
 

Bug#1055611: bookworm-pu: package oscrypto/1.3.0-1+deb12u1

[Santiago Vila]

Note: I should also include some changes in debian/salsa-ci.yml and gbp.conf.
The final debdiff may differ slightly in that minor detail only.

Thanks.

Bug#1055611: bookworm-pu: package oscrypto/1.3.0-1+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: oscry...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:oscrypto

[ Reason ]
This upload fixes FTBFS bug #1033822 in stable.
It fixes also the autopkgtests, which are currently broken in stable.

[ Impact ]
The package currently fails to build in stable.

[ Tests ]
I've verified that the package builds again with the changes.
The fixed autopkgtests are already working ok in trixie/sid.

[ Risks ]
Risk is low, the patches are taken from upstream.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Fix OpenSSL version parsing.
Fix autopkgtests by switching to autopkgtest-pkg-pybuild.

[ Other info ]
- I'll await for approval before upload.
- These changes would actually make 1.3.0-1+deb12u1
identical to version 1.3.0-4 currently in trixie/sid,
except for the Standards-Version control field.diff -Nru oscrypto-1.3.0/debian/changelog oscrypto-1.3.0/debian/changelog
--- oscrypto-1.3.0/debian/changelog 2022-07-04 08:53:23.0 +0200
+++ oscrypto-1.3.0/debian/changelog 2023-11-08 21:38:44.0 +0100
@@ -1,3 +1,15 @@
+oscrypto (1.3.0-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  [ Jochen Sprickerhof ]
+  * Fix autopkgtest by switching to autopkgtest-pkg-pybuild. Closes: #1033822.
+  [ Bastian Germann ]
+  * Fix OpenSSL version parsing, take 1.
+  [ Arnaud Rebillout ]
+  * Fix OpenSSL version parsing, take 2. Closes: #1055598.
+
+ -- Santiago Vila   Wed, 08 Nov 2023 21:38:44 +0100
+
 oscrypto (1.3.0-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru oscrypto-1.3.0/debian/control oscrypto-1.3.0/debian/control
--- oscrypto-1.3.0/debian/control   2022-07-04 08:53:23.0 +0200
+++ oscrypto-1.3.0/debian/control   2023-11-08 21:36:27.0 +0100
@@ -17,6 +17,7 @@
 Vcs-Browser: https://salsa.debian.org/python-team/packages/oscrypto
 Vcs-Git: https://salsa.debian.org/python-team/packages/oscrypto.git
 Rules-Requires-Root: no
+Testsuite: autopkgtest-pkg-pybuild
 
 Package: python3-oscrypto
 Architecture: all
diff -Nru oscrypto-1.3.0/debian/patches/libcrypto_ctypes_regex.patch 
oscrypto-1.3.0/debian/patches/libcrypto_ctypes_regex.patch
--- oscrypto-1.3.0/debian/patches/libcrypto_ctypes_regex.patch  1970-01-01 
01:00:00.0 +0100
+++ oscrypto-1.3.0/debian/patches/libcrypto_ctypes_regex.patch  2023-11-08 
21:36:39.0 +0100
@@ -0,0 +1,22 @@
+Origin: https://github.com/wbond/oscrypto/pull/76
+From: Martin Journois 
+Date: Thu, 10 Aug 2023 13:58:14 +0200
+Subject: MJ: Add fix suggested by @vcunat on _libcrypto_ctypes regex
+
+---
+ oscrypto/_openssl/_libcrypto_ctypes.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/oscrypto/_openssl/_libcrypto_ctypes.py 
b/oscrypto/_openssl/_libcrypto_ctypes.py
+index e33ebbc..9cb294a 100644
+--- a/oscrypto/_openssl/_libcrypto_ctypes.py
 b/oscrypto/_openssl/_libcrypto_ctypes.py
+@@ -40,7 +40,7 @@
+ 
+ is_libressl = 'LibreSSL' in version_string
+ 
+-version_match = re.search('\\b(\\d\\.\\d\\.\\d[a-z]*)\\b', version_string)
++version_match = re.search('\\b(\\d\\.\\d\\.\\d+[a-z]*)\\b', version_string)
+ if not version_match:
+ version_match = re.search('(?<=LibreSSL )(\\d\\.\\d(\\.\\d)?)\\b', 
version_string)
+ if not version_match:
diff -Nru 
oscrypto-1.3.0/debian/patches/Make_OpenSSL_version_regexes_more_robust.patch 
oscrypto-1.3.0/debian/patches/Make_OpenSSL_version_regexes_more_robust.patch
--- 
oscrypto-1.3.0/debian/patches/Make_OpenSSL_version_regexes_more_robust.patch
1970-01-01 01:00:00.0 +0100
+++ 
oscrypto-1.3.0/debian/patches/Make_OpenSSL_version_regexes_more_robust.patch
2023-11-08 21:36:39.0 +0100
@@ -0,0 +1,52 @@
+Origin: 
https://github.com/wbond/oscrypto/commit/d5f3437ed24257895ae1edd9e503cfb352e635a8
+From: wbond 
+Date: Thu, 17 Aug 2023 07:06:19 -0400
+Subject: Make OpenSSL version regexes more robust
+
+---
+ oscrypto/_openssl/_libcrypto_cffi.py   | 6 +++---
+ oscrypto/_openssl/_libcrypto_ctypes.py | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/oscrypto/_openssl/_libcrypto_cffi.py 
b/oscrypto/_openssl/_libcrypto_cffi.py
+index 14eb576..6f901ea 100644
+--- a/oscrypto/_openssl/_libcrypto_cffi.py
 b/oscrypto/_openssl/_libcrypto_cffi.py
+@@ -37,13 +37,13 @@
+ 
+ is_libressl = 'LibreSSL' in version_string
+ 
+-version_match = re.search('\\b(\\d\\.\\d\\.\\d+[a-z]*)\\b', version_string)
++version_match = re.search('\\b(\\d+\\.\\d+\\.\\d+[a-z]*)\\b', version_string)
+ if not version_match:
+-version_match = re.search('(?<=LibreSSL )(\\d\\.\\d(\\.\\d)?)\\b', 
version_string)
++version_match

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

El 29/10/23 a las 20:11, Adam D. Barratt escribió:

Flagged for rejection.


Thank you!


Continuing to use this bug is fine, but please send an updated debdiff
to it matching what you upload.


Ok, I'm attaching the updated debdiff here.

Everything is explained in the changelog.

Thanks.diff -Nru python-cogent-2023.2.12a1+dfsg/debian/changelog 
python-cogent-2023.2.12a1+dfsg/debian/changelog
--- python-cogent-2023.2.12a1+dfsg/debian/changelog 2023-02-24 
14:18:01.0 +0100
+++ python-cogent-2023.2.12a1+dfsg/debian/changelog 2023-10-29 
21:45:00.0 +0100
@@ -1,3 +1,14 @@
+python-cogent (2023.2.12a1+dfsg-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Drop old patch fix-build-on-single-cpu-systems.patch, as it was
+disabling the affected tests for everybody.
+  * Add new patch skip-parallel-tests-on-single-cpu-systems.patch,
+where the tests are only skipped when the system has a single CPU.
+Closes: #1030885.
+
+ -- Santiago Vila   Sun, 29 Oct 2023 21:45:00 +0100
+
 python-cogent (2023.2.12a1+dfsg-2) unstable; urgency=medium
 
   * Restrict to 64 bit architectures
diff -Nru 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
--- 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 2023-02-24 14:18:01.0 +0100
+++ 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 1970-01-01 01:00:00.0 +0100
@@ -1,59 +0,0 @@
-Author:: Santiago Vila 
-Last-Upate: Wed, 8 Feb 2023 19:40:13 +0100
-Bug-Debian: https://bugs.debian.org/1030885
-Description: Skip tests that are failing on single-cpu systems
-
 a/tests/test_app/test_evo.py
-+++ b/tests/test_app/test_evo.py
-@@ -2,7 +2,7 @@ import pathlib
- 
- from os.path import dirname, join
- from tempfile import TemporaryDirectory
--from unittest import TestCase, main
-+from unittest import TestCase, main, skip
- from unittest.mock import MagicMock
- 
- from numpy.testing import assert_allclose, assert_raises
-@@ -854,6 +854,7 @@ class TestBootstrap(TestCase):
- # correct message being relayed
- self.assertTrue("ValueError: '-' at" in result.message)
- 
-+@skip("Does not work on single-cpu systems")
- def test_bstrap_parallel(self):
- """exercising bootstrap with parallel"""
- aln = load_aligned_seqs(join(data_dir, "brca1.fasta"), moltype="dna")
 a/tests/test_util/test_parallel.py
-+++ b/tests/test_util/test_parallel.py
-@@ -2,7 +2,7 @@ import multiprocessing
- import sys
- import time
- 
--from unittest import TestCase, main, skipIf
-+from unittest import TestCase, main, skipIf, skip
- 
- import numpy
- 
-@@ -35,6 +35,7 @@ def check_is_master_process(n):
- 
- 
- class ParallelTests(TestCase):
-+@skip("Does not work on single-cpu systems")
- def test_create_processes(self):
- """Procressor pool should create multiple distingue processes"""
- max_worker_count = multiprocessing.cpu_count() - 1
-@@ -45,6 +46,7 @@ class ParallelTests(TestCase):
- self.assertEqual(sorted(list(result_values)), index)
- self.assertEqual(len(set(result_processes)), max_worker_count)
- 
-+@skip("Does not work on single-cpu systems")
- def test_random_seeding(self):
- """Random seed should be set every function call"""
- # On Windows process ids are not guaranteed to be 
sequential(1,2,3,4...)
-@@ -56,6 +58,7 @@ class ParallelTests(TestCase):
- self.assertEqual(result1[0], result2[0])
- self.assertNotEqual(result1, result2)
- 
-+@skip("Does not work on single-cpu systems")
- @skipIf(sys.version_info[1] < 7, "method exclusive to Python 3.7 and 
above")
- def test_is_master_process(self):
- """
diff -Nru python-cogent-2023.2.12a1+dfsg/debian/patches/series 
python-cogent-2023.2.12a1+dfsg/debian/patches/series
--- python-cogent-2023.2.12a1+dfsg/debian/patches/series2023-02-24 
14:18:01.0 +0100
+++ python-cogent-2023.2.12a1+dfsg/debian/patches/series2023-10-29 
21:45:00.0 +0100
@@ -2,4 +2,4 @@
 fix_interpreter.patch
 remove-jupyter-sphinx.patch
 ignore_tests_accessing_network.patch
-fix-build-on-single-cpu-systems.patch
+skip-parallel-tests-on-single-cpu-systems.patch
diff -Nru 
python-cogent-2023.2.12a1+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
 
python-cogent-2023.2.12a1+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
--- 
python-cogent-2023.2.12a1+dfsg/debian/patches/skip-parallel-tests-on-single-cpu-systems.patch
   1970-01-01 01:00:00.0 +0100
+++ 
python-cogent-2023.2.12a1+dfsg/debian/patches/skip-parallel-tests-on-single-cp

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

Dear Release Managers:

Please reject the upload I made for bookworm.

Following the suggestion from Holger, I've fixed this issue
in the optimal way in unstable:

https://tracker.debian.org/news/1474401/accepted-python-cogent-2023212a1dfsg-4-source-into-unstable/

and now I'd like to upload the same fix for bookworm
using the "+deb12u1" version string.

(Not sure if this release.debian.org bug should then be closed so that
I submit it again, or it's better that we keep it open for the
new upload, please do what is more convenient for you).

Thanks.

Bug#1054470: bookworm-pu: package wormhole-william/1.0.6-2+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: wormhole-will...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:wormhole-william

[ Reason ]
This upload fixes "Bug #1031063 FTBFS randomly because of failing tests".

[ Impact ]
Without this update, the package fails to build randomly in stable
because of flaky tests (in some systems, with high probability).

[ Tests ]
There are no real code changes, only some tests are disabled.

[ Risks ]
Low risk. The program is the same as before. After this was fixed
in unstable, the package reached reproducible status in the
reproducible-builds framework.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Three flaky tests have been disabled. Such change is the same
that was applied in unstable two months ago.

[ Other info ]
The package has been uploaded.diff -Nru wormhole-william-1.0.6/debian/changelog 
wormhole-william-1.0.6/debian/changelog
--- wormhole-william-1.0.6/debian/changelog 2022-10-10 18:19:50.0 
+0200
+++ wormhole-william-1.0.6/debian/changelog 2023-10-24 09:50:00.0 
+0200
@@ -1,3 +1,10 @@
+wormhole-william (1.0.6-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Disable flaky tests. Closes: #1031063.
+
+ -- Santiago Vila   Tue, 24 Oct 2023 09:50:00 +0200
+
 wormhole-william (1.0.6-2) unstable; urgency=medium
 
   * Don't run help2man at build time, instead generate man page
diff -Nru wormhole-william-1.0.6/debian/gbp.conf 
wormhole-william-1.0.6/debian/gbp.conf
--- wormhole-william-1.0.6/debian/gbp.conf  2022-10-10 18:19:50.0 
+0200
+++ wormhole-william-1.0.6/debian/gbp.conf  2023-10-24 09:50:00.0 
+0200
@@ -1,3 +1,3 @@
 [DEFAULT]
-debian-branch = debian/sid
+debian-branch = debian/bookworm
 dist = DEP14
diff -Nru wormhole-william-1.0.6/debian/patches/disable-flaky-tests.patch 
wormhole-william-1.0.6/debian/patches/disable-flaky-tests.patch
--- wormhole-william-1.0.6/debian/patches/disable-flaky-tests.patch 
1970-01-01 01:00:00.0 +0100
+++ wormhole-william-1.0.6/debian/patches/disable-flaky-tests.patch 
2023-10-24 09:50:00.0 +0200
@@ -0,0 +1,34 @@
+Description: Disable some flaky tests
+  These tests are flaky on the upstream CI as well but it doesn't appear to
+  impact the program when it runs
+Author: Stephen Gelman 
+Last-Update: 2023-08-14
+Forwarded: no
+
+-- 
+--- a/wormhole/wormhole_test.go
 b/wormhole/wormhole_test.go
+@@ -155,6 +155,7 @@
+ }
+ 
+ func TestVerifierAbort(t *testing.T) {
++  t.Skip()
+   ctx := context.Background()
+ 
+   rs := rendezvousservertest.NewServer()
+@@ -409,6 +410,7 @@
+ }
+ 
+ func TestWormholeFileTransportSendMidStreamCancel(t *testing.T) {
++  t.Skip()
+   ctx := context.Background()
+ 
+   rs := rendezvousservertest.NewServer()
+@@ -627,6 +629,7 @@
+ }
+ 
+ func TestWormholeDirectoryTransportSendRecvDirect(t *testing.T) {
++  t.Skip()
+   ctx := context.Background()
+ 
+   rs := rendezvousservertest.NewServer()
diff -Nru wormhole-william-1.0.6/debian/patches/series 
wormhole-william-1.0.6/debian/patches/series
--- wormhole-william-1.0.6/debian/patches/series1970-01-01 
01:00:00.0 +0100
+++ wormhole-william-1.0.6/debian/patches/series2023-10-24 
09:50:00.0 +0200
@@ -0,0 +1 @@
+disable-flaky-tests.patch

Lots of buggy packages propagated to trixie today (?)

[Santiago Vila]

Hello.

It is just me, or lots of packages that were autoremoved
from testing have propagated to testing again this night?

Example: "broker" has #1037597, however:

$ rmadison  broker
broker | 1.4.0+ds1-1   | oldstable  | source
broker | 1.4.0+ds1-1   | stable | source
broker | 1.4.0+ds1-1   | testing| source
broker | 1.4.0+ds1-1   | unstable   | source
broker | 1.4.0+ds1-1   | unstable-debug | source

Thanks.

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

El 21/10/23 a las 12:31, Holger Levsen escribió:

Santiago,

I don't object to fixing fails to build on a single core bugs, I just
object to fixing them by disabling tests *unconditionally*. A fix
disabling the tests on single core system *only* I would not object.


Ah, ok. Sorry for the misunderstanding.

You are of course welcome to propose a better patch which works everywhere,
but in the meantime the current patch solves a Policy 4.2 violation
and it's a lot better than nothing. I'd say that this is something
that should be done after accepting the bookworm-proposal.

Thanks.

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

El 21/10/23 a las 11:33, Holger Levsen escribió:

Am Fri, Oct 20, 2023 at 07:40:55PM +0200 schrieb Santiago Vila:

+  * Update fix-build-on-single-cpu-systems.patch to skip
+"test_write_db_parallel" again. Closes: #1030885.


fwiw, I find it wrong to disable tests to make sure a package builds
on a single core system.


Well, I find it wrong that you find it wrong, because build-essential
does not imply multi-core.
 

I'd much rather have the package have more tests on systems which are
the default since 15y, then have less tests and also build on a rather
theoretical or very uncommon setup.


I don't see what "default" is that you are talking about. The buildds are 
multi-core,
yes, but that does not make multi-core a required thing. The end user must be 
able to
build packages as well, and we don't specify anywhere (for example via a new 
Build-CPU
control field) that more than one CPU is required for build.

It's also completely false that single-cpu is theoretical or very uncommon, 
because
the cloud has made single-cpu systems more affordable than ever. But even if it 
was
uncommon, we don't deprecate things just because they are uncommon. If we did 
that
we would have already deprecated all architectures but amd64.

I have already explained why all those arguments you are trying to make are 
bogus
in Bug #932795, where the TC finally declared that bugs like this one are 
undoubtedly a bug.

Thanks.

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

Sorry, forgot the debdiff. Here it is.

Thanks.diff -Nru python-cogent-2023.2.12a1+dfsg/debian/changelog 
python-cogent-2023.2.12a1+dfsg/debian/changelog
--- python-cogent-2023.2.12a1+dfsg/debian/changelog 2023-02-24 
14:18:01.0 +0100
+++ python-cogent-2023.2.12a1+dfsg/debian/changelog 2023-10-20 
19:04:00.0 +0200
@@ -1,3 +1,11 @@
+python-cogent (2023.2.12a1+dfsg-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload.
+  * Update fix-build-on-single-cpu-systems.patch to skip
+"test_write_db_parallel" again. Closes: #1030885.
+
+ -- Santiago Vila   Fri, 20 Oct 2023 19:04:00 +0200
+
 python-cogent (2023.2.12a1+dfsg-2) unstable; urgency=medium
 
   * Restrict to 64 bit architectures
diff -Nru 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
--- 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 2023-02-24 14:18:01.0 +0100
+++ 
python-cogent-2023.2.12a1+dfsg/debian/patches/fix-build-on-single-cpu-systems.patch
 2023-10-20 19:03:12.0 +0200
@@ -1,11 +1,11 @@
-Author:: Santiago Vila 
-Last-Upate: Wed, 8 Feb 2023 19:40:13 +0100
+Author: Santiago Vila 
+Last-Update: 2023-10-20
 Bug-Debian: https://bugs.debian.org/1030885
 Description: Skip tests that are failing on single-cpu systems
 
 --- a/tests/test_app/test_evo.py
 +++ b/tests/test_app/test_evo.py
-@@ -2,7 +2,7 @@ import pathlib
+@@ -2,7 +2,7 @@
  
  from os.path import dirname, join
  from tempfile import TemporaryDirectory
@@ -14,7 +14,7 @@
  from unittest.mock import MagicMock
  
  from numpy.testing import assert_allclose, assert_raises
-@@ -854,6 +854,7 @@ class TestBootstrap(TestCase):
+@@ -854,6 +854,7 @@
  # correct message being relayed
  self.assertTrue("ValueError: '-' at" in result.message)
  
@@ -24,7 +24,7 @@
  aln = load_aligned_seqs(join(data_dir, "brca1.fasta"), moltype="dna")
 --- a/tests/test_util/test_parallel.py
 +++ b/tests/test_util/test_parallel.py
-@@ -2,7 +2,7 @@ import multiprocessing
+@@ -2,7 +2,7 @@
  import sys
  import time
  
@@ -33,7 +33,7 @@
  
  import numpy
  
-@@ -35,6 +35,7 @@ def check_is_master_process(n):
+@@ -35,6 +35,7 @@
  
  
  class ParallelTests(TestCase):
@@ -41,7 +41,7 @@
  def test_create_processes(self):
  """Procressor pool should create multiple distingue processes"""
  max_worker_count = multiprocessing.cpu_count() - 1
-@@ -45,6 +46,7 @@ class ParallelTests(TestCase):
+@@ -45,6 +46,7 @@
  self.assertEqual(sorted(list(result_values)), index)
  self.assertEqual(len(set(result_processes)), max_worker_count)
  
@@ -49,7 +49,7 @@
  def test_random_seeding(self):
  """Random seed should be set every function call"""
  # On Windows process ids are not guaranteed to be 
sequential(1,2,3,4...)
-@@ -56,6 +58,7 @@ class ParallelTests(TestCase):
+@@ -56,6 +58,7 @@
  self.assertEqual(result1[0], result2[0])
  self.assertNotEqual(result1, result2)
  
@@ -57,3 +57,21 @@
  @skipIf(sys.version_info[1] < 7, "method exclusive to Python 3.7 and 
above")
  def test_is_master_process(self):
  """
+--- a/tests/test_app/test_io_new.py
 b/tests/test_app/test_io_new.py
+@@ -6,6 +6,7 @@
+ import pickle
+ 
+ from pathlib import Path
++from unittest import skip
+ 
+ import numpy
+ import pytest
+@@ -479,6 +480,7 @@
+ assert isinstance(writer.data_store.summary_not_completed, Table)
+ 
+ 
++@skip("Does not work on single-cpu systems")
+ def test_write_db_parallel(tmp_dir, fasta_dir):
+ """writing with overwrite in parallel should reset db"""
+ dstore = open_data_store(fasta_dir, suffix="fasta")

Bug#1054286: bookworm-pu: package python-cogent/2023.2.12a1+dfsg-2+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-cog...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:python-cogent

[ Reason ]
This upload fixes #1030885. FTBFS on single-CPU systems.

[ Impact ]
Users who try to build the package from source on a single-cpu system
will see that the build fails unexpectedly.

[ Tests ]
I've tested that the fixed package builds ok on a single-cpu system.

[ Risks ]
Risk is minimal because the package builds the same. The only difference
is that a test which required more than one cpu to work is now disabled.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The only change has been to disable a test in the test suite.

[ Other info ]
I'm going to upload the package shortly after submitting this report.

Re: severity of bugs that FTBFS because of missing B-D

[Santiago Vila]

Hello Holger et al.

I was trying hard not to reply in this thread, but there are some things
that I'd like to point out and clarify.

El 10/10/23 a las 16:54, Holger Levsen escribió:

but why?


As Johannes has already replied, and I agree, there will be always
somebody annoyed, and we don't have an "annoyometer" to decide
who should be annoyed and who should not.


also because technically it's the right decision from the release team.
these bugs are *currently*, in real life, merely cosmetic.


People forget easily that debootstrap is not the only tool to create chroots.

As Johannes has pointed out in other threads (maybe not here), there are
several different tools which need to implement "build-essential packages"
in some way or another. And debootstrap was the only one who implemented
this differently. *That's* what I would call annoying, not Debian Policy.

But we are not driven by annoyance (or we should not), we are driven by
policies and procedures, which represent, in theory, past discussions
and the consensus that derived from them. It has been quite unfortunate
for people working on QA that at this point people wanted to dispute
something as fundamental as "packages must not have missing build-depends".

You say this was "the right decision", but it was in fact a step backwards,
because this was already declared "ok to be serious" by another Release Manager
a long time ago:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836940#185

and this was already used by Lucas Nussbaum in the past to report
"missing BD:tzdata" bugs as serious.

Fortunately and hopefully debootstrap will be fixed soon and we can
all stop worrying about this issue.

However, at the very minimum, I would have expected this to be made
not-RC by using the established procedure for that at the time, namely
the bookworm-ignore tag:

  Further to this, certain issues may be exempted from being considered
  release critical for bookworm by a release manager. This is expressed
  by tagging the report "bookworm-ignore"

I would still like some Release Manager (not necessarily Sebastian)
to acknowledge this.


policy is not a stick to hit with.


I could agree with that, but only if we also agree on this one:

"policy is not a stick to hit with" is not a stick to hit with

In particular, I see several people in this project hitting people
with "it does not happen in the buildds" as an excuse to downgrade
perfectly valid FTBFS bugs.

I invite you to take a look at what is probably the weirdest FTBFS bug
I've ever reported:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028163

(TLDR: The test suite was using the "ssh" command without BD on
openssh-client and it was also using the ssh service from the
machine hosting the chroot!)

Does somebody (other than the DD who tried to downgrade it)
really think the package was suitable for release in such state
just because it did not fail in the buildds? The debci infrastructure
usually keeps packages from entering testing for much less.

Thanks.

Bug#1050697: bookworm-pu: package indent/2.2.12-4+deb12u2

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent

[ Reason ]
These are two related memory-handling bugs, one of them having a CVE number.
According to Salvatore, from the security team, there will be no DSA for this,
so we have to update the package using proposed-updates.

[ Impact ]
Without this update the package in stable would remain vulnerable.

[ Tests ]
I've checked that valgrind does no longer complain on the test cases provided
by the patch author.

[ Risks ]
Very low chance of breaking anything, as the patches are very simple.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Explained in the changelog.

[ Other info ]
I've already made the upload.diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog  2023-07-14 13:40:00.0 +0200
+++ indent-2.2.12/debian/changelog  2023-08-28 12:55:00.0 +0200
@@ -1,3 +1,13 @@
+indent (2.2.12-4+deb12u2) bookworm; urgency=medium
+
+  * Apply two patches by Petr Písař .
+  - Fix an out-of-buffer read in search_brace()/lexi() on an condition
+without parentheses followed with an overlong comment.
+  - Fix a heap buffer overwrite in search_brace(). Closes: #1049366.
+This one is CVE-2023-40305.
+
+ -- Santiago Vila   Mon, 28 Aug 2023 12:55:00 +0200
+
 indent (2.2.12-4+deb12u1) bookworm; urgency=medium
 
   * Restore the ROUND_UP macro and adjust the initial buffer size.
diff -Nru indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
--- indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
1970-01-01 01:00:00.0 +0100
+++ indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch 
2023-08-28 11:03:00.0 +0200
@@ -0,0 +1,17 @@
+From: Petr Písař 
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
 b/src/indent.c
+@@ -145,8 +145,8 @@
+ parser_state_tos->search_brace = false;
+ bp_save = buf_ptr;
+ be_save = buf_end;
+-buf_ptr = save_com.ptr;
+ need_chars (&save_com, 1);
++buf_ptr = save_com.ptr;
+ buf_end = save_com.end;
+ save_com.end = save_com.ptr;/* make save_com empty */
+ }
diff -Nru indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch 
indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
--- indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch   
1970-01-01 01:00:00.0 +0100
+++ indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch   
2023-08-28 11:04:00.0 +0200
@@ -0,0 +1,15 @@
+From: Petr Písař 
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
 b/src/indent.c
+@@ -228,6 +228,7 @@
+  * a `dump_line' call, thus ensuring that the brace
+  * will go into the right column. */
+ 
++need_chars (&save_com, 2);
+ *save_com.end++ = EOL;
+ *save_com.end++ = '{';
+ save_com.len += 2;
diff -Nru indent-2.2.12/debian/patches/series 
indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series 2023-07-14 12:00:00.0 +0200
+++ indent-2.2.12/debian/patches/series 2023-08-28 11:00:00.0 +0200
@@ -1,2 +1,4 @@
 01-add-missing-shebang.patch
 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
+03-fix-an-out-of-buffer-read.patch
+04-fix-a-heap-buffer-overwrite.patch

Bug#1042805: base-files: removal of VERSION_ID from /etc/os-release broke zoom screen sharing, please restore

[Santiago Vila]

El 1/8/23 a las 6:14, Kipp Cannon escribió:

Package: base-files
Version: 13
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

Version 13 of base-files removed VERSION_ID from /etc/os-release.  As reported
in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008735 the absence of
this field breaks screen sharing with Zoom.  It uses that field to test if
minimum system requirements have been met.


This is not a bug in base-files. The relevant standard is here:

https://www.freedesktop.org/software/systemd/man/os-release.html

VERSION_ID=

A lower-case string [...] => This field is optional. <=

Debian follows here a long tradition where development releases (testing, 
unstable)
do not have any version at all as far as they are not stable yet, they only have
a codename.

This tradition probably originated from the faulty Debian "1.0" release, where
a CD vendor took the development version of Debian and released it on CDs before
it was ready for release.

The Debian base-files package implements this idea by only adding the VERSION_ID
field in os-release a few months before stable releases (so that we can 
properly test
how the system will behave when it has a VERSION_ID).

So, yes, this is a bug in the zoom application. When VERSION_ID is optional, 
it's
a mistake to take it for granted and assume blindly that it will always exist.

If they believe that the desired feature will work on trixie and later, they
could still check for VERSION_CODENAME, which is now always present.

I have reassigned this report to both base-files and release.debian.org just in 
case the
Release Managers have anything to say about this, but as far as I know this has 
been
the official Debian policy for decades and I believe it's very unlikely that we
want to change it just to make a piece of proprietary software to work.

Thanks.

Re: base-files: removal of VERSION_ID from /etc/os-release broke zoom screen sharing, please restore

[Santiago Vila]

reassign 1042805 base-files,release.debian.org
thanks

Note: I'm going to close this bug with a detailed explanation.

I'm doing a reassign first because it's something for which the
Release Managers have usually the last word.

Thanks.

Bug#1041045: bookworm-pu: package indent/2.2.12-4+deb12u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent

[ Reason ]
This upload fixes Bug #1036851, where indent crashes with the following message
on a real file from the gstreamer project:

indent: Virtual memory exhausted.
free(): double free detected in tcache 2

[ Impact ]
Currently users of stable can't use indent with certain inputs,
as it crashes.

[ Tests ]
The upstream package has a test suite, which still passes.

[ Risks ]
The patch is already part of indent 2.2.13 and it's taken directly
from the git repository, and it fixes the memory handling problem
and nothing else.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Add 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch.
No other changes.

[ Other info ]
The package is already uploaded.diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog  2023-01-25 19:35:00.0 +0100
+++ indent-2.2.12/debian/changelog  2023-07-14 13:40:00.0 +0200
@@ -1,3 +1,11 @@
+indent (2.2.12-4+deb12u1) bookworm; urgency=medium
+
+  * Restore the ROUND_UP macro and adjust the initial buffer size.
+Patch from the author, backported from 2.2.13.
+Fix memory handling problem. Closes: #1036851.
+
+ -- Santiago Vila   Fri, 14 Jul 2023 13:40:00 +0200
+
 indent (2.2.12-4) unstable; urgency=medium
 
   [ Helge Deller ]
diff -Nru 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
--- 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 1970-01-01 01:00:00.0 +0100
+++ 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 2023-07-14 12:02:00.0 +0200
@@ -0,0 +1,59 @@
+From: Andrej Shadura 
+Subject: Restore the ROUND_UP macro and adjust the initial buffer size.
+Bug-Debian: https://bugs.debian.org/1036851
+
+When need_chars was moved from "handletoken.h" to "handletoken.c",
+the ROUND_UP macro was removed, but the replacement was incorrect.
+
+This caused the program to exit with a "Virtual memory exhausted"
+error when it tried to reallocate 0 bytes (thus freeing the memory).
+It reallocated to 0 bytes because the initial buffer size was less
+than 1024, and the size calculation rounds down instead of up.
+
+Bug: #56644
+Fixes: c89d32a
+---
+ src/handletoken.c | 2 +-
+ src/indent.h  | 8 
+ src/parse.c   | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/src/handletoken.c
 b/src/handletoken.c
+@@ -85,7 +85,7 @@
+ 
+ if (current_size + needed >= (size_t)bp->size)
+ {
+-bp->size = ((current_size + needed) & (size_t)~1023);
++bp->size = ROUND_UP (current_size + needed, 1024);
+ bp->ptr = xrealloc(bp->ptr, bp->size);
+ if (bp->ptr == NULL)
+ {
+--- a/src/indent.h
 b/src/indent.h
+@@ -66,6 +66,14 @@
+ 
+ #include "lexi.h"
+ 
++/**
++ * Round up P to be a multiple of SIZE.
++ */
++
++#ifndef ROUND_UP
++#define ROUND_UP(p, size) (((unsigned long) (p) + (size) - 1) & ~((size) - 1))
++#endif
++
+ /** Values that `indent' can return for exit status.
+  *
+  *  `total_success' means no errors or warnings were found during a successful
+--- a/src/parse.c
 b/src/parse.c
+@@ -53,7 +53,7 @@
+ 
+ parser_state_ty *parser_state_tos = NULL;
+ 
+-#define INITIAL_BUFFER_SIZE 1000
++#define INITIAL_BUFFER_SIZE 1024
+ #define INITIAL_STACK_SIZE 2
+ 
+ /**
diff -Nru indent-2.2.12/debian/patches/series 
indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series 2023-01-25 18:00:00.0 +0100
+++ indent-2.2.12/debian/patches/series 2023-07-14 12:00:00.0 +0200
@@ -1 +1,2 @@
 01-add-missing-shebang.patch
+02-restore-round-up-macro-and-adjust-initial-buffer-size.patch

Bug#1025654: bullseye-pu: package x4d-icons/1.2-2+deb11u1

[Santiago Vila]

El 1/4/23 a las 21:58, Adam D. Barratt escribió:

Have you confirmed via a binary debdiff that there are no changes to
the resulting packages?


The package contents is the expected one:

$ debdiff x4d-icons_1.2-2_all.deb x4d-icons_1.2-2+deb11u1_all.deb
File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Installed-Size: [-1188-] {+1187+}
Version: [-1.2-2-] {+1.2-2+deb11u1+}


The icons themselves are not bit-for-bit identical, but I think
they can't really be expected to be, considering that the old package
was built in 2019-03-12 with possibly different libraries.

They look certainly the same to the eye when using a png/gif viewer
or a eps viewer, so I believe everything is ok.

Thanks.

Bug#1025703: bullseye-pu: package libexplain/1.4.D001-11+deb11u1

[Santiago Vila]

Hello. I'm providing the same information in "reportbug format", just
in case not having doing so in the initial report may have contributed
for this report not to be processed yet.

[ Reason ]
This upload fixes FTBFS Bug #997222 (failure to build with newer kernel).

[ Impact ]
Without this update the package would continue to FTBFS in bullseye.

[ Tests ]
I've checked that the package fixes the FTBFS problem.

[ Risks ]
The upload fixes actually two FTBFS problems, one of them happens already
with the kernel in bullseye, the other only happens when building the
package with the kernel in bookworm, but it's also desirable to be applied
(I asked the patch author about this).

So, the only risk I can think of is that somebody could still want
the obsolete kernel interface of the second fix to be still documented
in bullseye, but I believe the ability to build this package under bookworm
(or even with bullseye and a new kernel) outweighs whatever value
documenting an obsolete kernel interface might have.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The upload is a backport of the fixes which were already applied in bookworm.

[ Other info ]
I've updated the upload date (since I'm waiting for approval),
so I'm including the debdiff again.


Thanks.diff -Nru libexplain-1.4.D001/debian/changelog 
libexplain-1.4.D001/debian/changelog
--- libexplain-1.4.D001/debian/changelog2021-06-09 22:23:28.0 
+0200
+++ libexplain-1.4.D001/debian/changelog2023-03-21 14:20:00.0 
+0100
@@ -1,3 +1,12 @@
+libexplain (1.4.D001-11+deb11u1) bullseye; urgency=medium
+
+  * QA upload.
+  * Apply two patches from bookworm to build with newer kernels:
+  - Patch: Linux 5.11 no longer has if_frad.h, from Ubuntu. Closes: #997222
+  - Patch: termiox removed since kernel 5.12, from ALT Linux.
+
+ -- Santiago Vila   Tue, 21 Mar 2023 14:20:00 +0100
+
 libexplain (1.4.D001-11) unstable; urgency=medium
 
   * QA upload.
diff -Nru libexplain-1.4.D001/debian/patches/linux5.11.patch 
libexplain-1.4.D001/debian/patches/linux5.11.patch
--- libexplain-1.4.D001/debian/patches/linux5.11.patch  1970-01-01 
01:00:00.0 +0100
+++ libexplain-1.4.D001/debian/patches/linux5.11.patch  2023-03-21 
14:13:09.0 +0100
@@ -0,0 +1,33 @@
+From: Graham Inggs 
+Date: Tue, 16 Nov 2021 20:09:45 +0100
+Subject: Linux 5.11 no longer has if_frad.h
+
+Bug-Debian: https://bugs.debian.org/997222
+Last-Update: 2021-06-20
+---
+ libexplain/iocontrol/siocadddlci.c | 2 +-
+ libexplain/iocontrol/siocdeldlci.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/libexplain/iocontrol/siocadddlci.c
 b/libexplain/iocontrol/siocadddlci.c
+@@ -25,7 +25,7 @@
+ #include 
+ 
+ 
+-#ifdef SIOCADDDLCI
++#if defined(SIOCADDDLCI) && defined(HAVE_LINUX_IF_FRAD_H)
+ 
+ static void
+ print_data(const explain_iocontrol_t *p, explain_string_buffer_t *sb,
+--- a/libexplain/iocontrol/siocdeldlci.c
 b/libexplain/iocontrol/siocdeldlci.c
+@@ -26,7 +26,7 @@
+ #include 
+ 
+ 
+-#ifdef SIOCDELDLCI
++#if defined(SIOCDELDLCI) && defined(HAVE_LINUX_IF_FRAD_H)
+ 
+ static void
+ print_data(const explain_iocontrol_t *p, explain_string_buffer_t *sb,
diff -Nru libexplain-1.4.D001/debian/patches/series 
libexplain-1.4.D001/debian/patches/series
--- libexplain-1.4.D001/debian/patches/series   2021-06-09 22:03:05.0 
+0200
+++ libexplain-1.4.D001/debian/patches/series   2023-03-21 14:13:09.0 
+0100
@@ -11,3 +11,5 @@
 sanitize-bison.patch
 gcc-10.patch
 typos.patch
+linux5.11.patch
+termiox-no-more-exists-since-kernel-5.12.patch
diff -Nru 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
--- 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
   1970-01-01 01:00:00.0 +0100
+++ 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
   2023-03-21 14:13:09.0 +0100
@@ -0,0 +1,26 @@
+From: Håvard Flaget Aasen 
+Date: Tue, 16 Nov 2021 20:12:31 +0100
+Subject: termiox no more exists since kernel 5.12
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.12&id=c762a2b846b619c0f92f23e2e8e16f70d20df800
+
+Origin: 
https://packages.altlinux.org/en/sisyphus/srpms/libexplain/patches/libexplain-1.4-remove-termiox.patch
+---
+ libexplain/buffer/termiox.h | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/libexplain/buffer/termiox.h
 b/libexplain/buffer/termiox.h
+@@ -21,7 +21,11 @@
+ 
+ #include 
+ 
+-struct termiox; /* forward */
++/* make termiox empty
++   no more defined in Linux kernel since 5.12:
++   
https://git.kernel.org/pu

Bug#1025654: bullseye-pu: package x4d-icons/1.2-2+deb11u1

[Santiago Vila]

Hello. I'm providing the same information in "reportbug format", just
in case not having doing so in the initial report may have contributed
for this report not to be processed yet.

[ Reason ]
This upload fixes FTBFS Bug #991067 (an imagemagick update which was
done in bullseye late in the release cycle made several packages not
to build anymore from source).

[ Impact ]
Without this update the package would continue to FTBFS in bullseye.

[ Tests ]
I've checked that both the package builds again from source and also
I've carefully checked that the package contents is what it should be.

[ Risks ]
There is a small risk related with raising debhelper compat level.
I've decided to do that as the preferred technical solution because
it allows to reuse the same fix which was already done in bookworm,
and also because the package is simple enough that it was easy to check
that a debhelper bump does not have undesired effects.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
The change is just a backport of the fix already applied in bookworm
three months ago.

[ Other info ]
I've reworded the changelog a little bit and updated the upload date
(since I'm waiting for approval), so I'm including the debdiff again.

Thanks.diff -Nru x4d-icons-1.2/debian/changelog x4d-icons-1.2/debian/changelog
--- x4d-icons-1.2/debian/changelog  2019-03-12 05:38:09.0 +0100
+++ x4d-icons-1.2/debian/changelog  2023-03-21 13:50:00.0 +0100
@@ -1,3 +1,12 @@
+x4d-icons (1.2-2+deb11u1) bullseye; urgency=medium
+
+  * QA upload.
+  * Fix FTBFS problem with new imagemagick. The fix is the same which was
+already applied in bookworm. Closes: #991067.
+  * The above patch requires raising debhelper compatibility level to 13.
+
+ -- Santiago Vila   Tue, 21 Mar 2023 13:50:00 +0100
+
 x4d-icons (1.2-2) unstable; urgency=medium
 
   * QA upload.
diff -Nru x4d-icons-1.2/debian/compat x4d-icons-1.2/debian/compat
--- x4d-icons-1.2/debian/compat 2014-05-03 07:01:56.0 +0200
+++ x4d-icons-1.2/debian/compat 1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-9
diff -Nru x4d-icons-1.2/debian/control x4d-icons-1.2/debian/control
--- x4d-icons-1.2/debian/control2019-03-12 05:37:54.0 +0100
+++ x4d-icons-1.2/debian/control2023-03-21 13:48:49.0 +0100
@@ -2,7 +2,7 @@
 Section: graphics
 Priority: optional
 Maintainer: Debian QA Group 
-Build-Depends: debhelper (>= 9), imagemagick, faketime, librsvg2-bin, 
fonts-dejavu-core
+Build-Depends: debhelper-compat (= 13), imagemagick, faketime, librsvg2-bin, 
fonts-dejavu-core
 Standards-Version: 3.9.5
 Homepage: http://x4d.surgut.co.uk
 Vcs-Git: https://github.com/xnox/x4d.git
diff -Nru x4d-icons-1.2/debian/patches/020_fix_policy.patch 
x4d-icons-1.2/debian/patches/020_fix_policy.patch
--- x4d-icons-1.2/debian/patches/020_fix_policy.patch   1970-01-01 
01:00:00.0 +0100
+++ x4d-icons-1.2/debian/patches/020_fix_policy.patch   2023-03-21 
13:48:49.0 +0100
@@ -0,0 +1,29 @@
+Description: Override overly strict ImageMagick coder policy (#987504)
+ This creates a more permissive version of
+ /etc/ImageMagick-6/policy.xml and ensures it gets loaded after the
+ one from /etc.
+ .
+ It is done by means of a patch to make use of the debhelper-provided
+ $HOME visible by dh_auto_*.
+ .
+ The relevant code is at:
+ 
https://sources.debian.org/src/imagemagick/8:6.9.11.60+dfsg-1.3/magick/configure.c/#L860
+Author: Dennis Filder 
+Last-Updated: 2022-12-06
+
+--- a/generate.sh
 b/generate.sh
+@@ -33,6 +33,13 @@
+ generate XML '1.0' xml10
+ generate XML '1.1' xml11
+ 
++# this relies on debhelper providing a $HOME directory for us to write to
++imversion=$(convert -version|sed -n '/^Version: /s@Version: ImageMagick 
\([[:digit:]]\+\)\..*@ImageMagick-\1@p')
++polfile="/etc/${imversion}/policy.xml"
++mkdir "$HOME"/.magick
++sed -e '//s@"none"@"read|write"@' "$polfile" \
++> "$HOME"/.magick/policy.xml
++
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}.png
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}.gif
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}-v.eps
diff -Nru x4d-icons-1.2/debian/patches/series 
x4d-icons-1.2/debian/patches/series
--- x4d-icons-1.2/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ x4d-icons-1.2/debian/patches/series 2023-03-21 13:48:49.0 +0100
@@ -0,0 +1 @@
+020_fix_policy.patch

Bug#1033080: unblock: base-files/12.4

[Santiago Vila]

Closing as duplicate the one which has a greater bug number.

Sorry for the noise.

Bug#1033080: unblock: base-files/12.4

[Santiago Vila]

t release)
+  - Change PRETTY_NAME in /usr/lib/os-release, adding 12 as version number
+and "(bookworm)" as codename. Add also VERSION_ID and VERSION.
+(never expected to change)
+  - Variable VERSION_CODENAME was already defined as "bookworm".
+  - Update README (bookworm -> trixie).
+  * Refresh GFDL-1.2, GFDL-1.3, GPL-3, LGPL-2 and LGPL-3 from their
+canonical place at https://ftp.gnu.org/gnu/Licenses/ as they have
+minor editorial changes like trimming spaces, https, etc.
+  * Drop debian/current-md5sums-obsolete. Closes: #1009358.
+  * Ship a real debian/copyright file in source package instead of
+generating it at build time.
+  * Call dh_installchangelogs using --no-trim option.
+Add versioned build-dependency on debhelper for the above.
+  * Update lintian-overrides to new format.
+  * Rules-Requires-Root: binary-targets.
+  * Update standards version to 4.6.2.
+
+ -- Santiago Vila   Thu, 02 Mar 2023 14:55:00 +0100
+
 base-files (12.3) unstable; urgency=high
 
   * Add VERSION_CODENAME to /etc/os-release. Closes: #1008735.
diff --git a/debian/clean b/debian/clean
index 977e85d..ccba3ce 100644
--- a/debian/clean
+++ b/debian/clean
@@ -1,2 +1 @@
 debian/postinst
-debian/copyright
diff --git a/debian/control b/debian/control
index 960c5d4..d4bad8a 100644
--- a/debian/control
+++ b/debian/control
@@ -2,8 +2,9 @@ Source: base-files
 Section: admin
 Priority: required
 Maintainer: Santiago Vila 
-Standards-Version: 4.1.3
-Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.6.2
+Build-Depends: debhelper-compat (= 13), debhelper (>= 13.10~)
+Rules-Requires-Root: binary-targets
 
 Package: base-files
 Provides: base
diff --git a/debian/copyright.in b/debian/copyright
similarity index 88%
rename from debian/copyright.in
rename to debian/copyright
index 1d905d5..3f5ed9b 100644
--- a/debian/copyright.in
+++ b/debian/copyright
@@ -1,4 +1,4 @@
-This is the Debian #OSNAME# prepackaged version of the Debian Base System
+This is the Debian prepackaged version of the Debian Base System
 Miscellaneous files. These files were written by Ian Murdock
  and Bruce Perens .
 
@@ -24,5 +24,5 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
-On Debian #OSNAME# systems, the complete text of the GNU General
+On Debian systems, the complete text of the GNU General
 Public License can be found in `/usr/share/common-licenses/GPL'.
diff --git a/debian/current-md5sums-obsolete b/debian/current-md5sums-obsolete
deleted file mode 100755
index 5236dc4..000
--- a/debian/current-md5sums-obsolete
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-sed -e "s&#OSNAME#&GNU/Linux&" etc/motd | awk 'NR > 2' | md5sum
-sed -e "s&#OSNAME#&GNU/Hurd&"  etc/motd | awk 'NR > 2' | md5sum
diff --git a/debian/rules b/debian/rules
index 88db04b..4c0497b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,7 +16,6 @@ DESTDIR = debian/base-files
 
 override_dh_auto_build:
sh debian/check-md5sum-etc profile
-   sed -e "s&#OSNAME#&$(OSNAME)&g" debian/copyright.in > debian/copyright
sed -e "s/#VENDORFILE#/$(VENDORFILE)/g" debian/postinst.in > 
debian/postinst
 
 override_dh_auto_install:
@@ -36,6 +35,9 @@ endif
mv $(DESTDIR)/etc/os-release $(DESTDIR)/usr/lib/os-release
ln -s ../usr/lib/os-release $(DESTDIR)/etc/os-release
 
+override_dh_installchangelogs:
+   dh_installchangelogs --no-trim
+
 override_dh_link:
dh_link -X os-release
 
diff --git a/etc/debian_version b/etc/debian_version
index a82f56a..d7213f3 100644
--- a/etc/debian_version
+++ b/etc/debian_version
@@ -1 +1 @@
-bookworm/sid
+12.0
diff --git a/etc/issue b/etc/issue
index 9b1bb4a..b7788db 100644
--- a/etc/issue
+++ b/etc/issue
@@ -1,2 +1,2 @@
-Debian #OSNAME# bookworm/sid \n \l
+Debian #OSNAME# 12 \n \l
 
diff --git a/etc/issue.net b/etc/issue.net
index c2b4111..b0e76bc 100644
--- a/etc/issue.net
+++ b/etc/issue.net
@@ -1 +1 @@
-Debian #OSNAME# bookworm/sid
+Debian #OSNAME# 12
diff --git a/etc/os-release b/etc/os-release
index d42b0a1..281e4fd 100644
--- a/etc/os-release
+++ b/etc/os-release
@@ -1,5 +1,7 @@
-PRETTY_NAME="Debian #OSNAME# bookworm/sid"
+PRETTY_NAME="Debian #OSNAME# 12 (bookworm)"
 NAME="Debian #OSNAME#"
+VERSION_ID="12"
+VERSION="12 (bookworm)"
 VERSION_CODENAME=bookworm
 ID=debian
 HOME_URL="https://www.debian.org/";
diff --git a/licenses/GFDL-1.2 b/licenses/GFDL-1.2
index a988da5..68d93f4 100644
--- a/licenses/GFDL-1.2
+++ b/licenses/GFDL-1.2
@@ -355,7 +355,7 @@ The Free Software Foundation may publish new, revised 
versions
 of the GNU Free Documentation License from time to time.  Such new
 versions will be similar in spirit to the present version, but may
 differ in detail to addr

Bug#1033074: unblock: base-files/12.4

[Santiago Vila]

t release)
+  - Change PRETTY_NAME in /usr/lib/os-release, adding 12 as version number
+and "(bookworm)" as codename. Add also VERSION_ID and VERSION.
+(never expected to change)
+  - Variable VERSION_CODENAME was already defined as "bookworm".
+  - Update README (bookworm -> trixie).
+  * Refresh GFDL-1.2, GFDL-1.3, GPL-3, LGPL-2 and LGPL-3 from their
+canonical place at https://ftp.gnu.org/gnu/Licenses/ as they have
+minor editorial changes like trimming spaces, https, etc.
+  * Drop debian/current-md5sums-obsolete. Closes: #1009358.
+  * Ship a real debian/copyright file in source package instead of
+generating it at build time.
+  * Call dh_installchangelogs using --no-trim option.
+Add versioned build-dependency on debhelper for the above.
+  * Update lintian-overrides to new format.
+  * Rules-Requires-Root: binary-targets.
+  * Update standards version to 4.6.2.
+
+ -- Santiago Vila   Thu, 02 Mar 2023 14:55:00 +0100
+
 base-files (12.3) unstable; urgency=high
 
   * Add VERSION_CODENAME to /etc/os-release. Closes: #1008735.
diff --git a/debian/clean b/debian/clean
index 977e85d..ccba3ce 100644
--- a/debian/clean
+++ b/debian/clean
@@ -1,2 +1 @@
 debian/postinst
-debian/copyright
diff --git a/debian/control b/debian/control
index 960c5d4..d4bad8a 100644
--- a/debian/control
+++ b/debian/control
@@ -2,8 +2,9 @@ Source: base-files
 Section: admin
 Priority: required
 Maintainer: Santiago Vila 
-Standards-Version: 4.1.3
-Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.6.2
+Build-Depends: debhelper-compat (= 13), debhelper (>= 13.10~)
+Rules-Requires-Root: binary-targets
 
 Package: base-files
 Provides: base
diff --git a/debian/copyright.in b/debian/copyright
similarity index 88%
rename from debian/copyright.in
rename to debian/copyright
index 1d905d5..3f5ed9b 100644
--- a/debian/copyright.in
+++ b/debian/copyright
@@ -1,4 +1,4 @@
-This is the Debian #OSNAME# prepackaged version of the Debian Base System
+This is the Debian prepackaged version of the Debian Base System
 Miscellaneous files. These files were written by Ian Murdock
  and Bruce Perens .
 
@@ -24,5 +24,5 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
-On Debian #OSNAME# systems, the complete text of the GNU General
+On Debian systems, the complete text of the GNU General
 Public License can be found in `/usr/share/common-licenses/GPL'.
diff --git a/debian/current-md5sums-obsolete b/debian/current-md5sums-obsolete
deleted file mode 100755
index 5236dc4..000
--- a/debian/current-md5sums-obsolete
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-sed -e "s&#OSNAME#&GNU/Linux&" etc/motd | awk 'NR > 2' | md5sum
-sed -e "s&#OSNAME#&GNU/Hurd&"  etc/motd | awk 'NR > 2' | md5sum
diff --git a/debian/rules b/debian/rules
index 88db04b..4c0497b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,7 +16,6 @@ DESTDIR = debian/base-files
 
 override_dh_auto_build:
sh debian/check-md5sum-etc profile
-   sed -e "s&#OSNAME#&$(OSNAME)&g" debian/copyright.in > debian/copyright
sed -e "s/#VENDORFILE#/$(VENDORFILE)/g" debian/postinst.in > 
debian/postinst
 
 override_dh_auto_install:
@@ -36,6 +35,9 @@ endif
mv $(DESTDIR)/etc/os-release $(DESTDIR)/usr/lib/os-release
ln -s ../usr/lib/os-release $(DESTDIR)/etc/os-release
 
+override_dh_installchangelogs:
+   dh_installchangelogs --no-trim
+
 override_dh_link:
dh_link -X os-release
 
diff --git a/etc/debian_version b/etc/debian_version
index a82f56a..d7213f3 100644
--- a/etc/debian_version
+++ b/etc/debian_version
@@ -1 +1 @@
-bookworm/sid
+12.0
diff --git a/etc/issue b/etc/issue
index 9b1bb4a..b7788db 100644
--- a/etc/issue
+++ b/etc/issue
@@ -1,2 +1,2 @@
-Debian #OSNAME# bookworm/sid \n \l
+Debian #OSNAME# 12 \n \l
 
diff --git a/etc/issue.net b/etc/issue.net
index c2b4111..b0e76bc 100644
--- a/etc/issue.net
+++ b/etc/issue.net
@@ -1 +1 @@
-Debian #OSNAME# bookworm/sid
+Debian #OSNAME# 12
diff --git a/etc/os-release b/etc/os-release
index d42b0a1..281e4fd 100644
--- a/etc/os-release
+++ b/etc/os-release
@@ -1,5 +1,7 @@
-PRETTY_NAME="Debian #OSNAME# bookworm/sid"
+PRETTY_NAME="Debian #OSNAME# 12 (bookworm)"
 NAME="Debian #OSNAME#"
+VERSION_ID="12"
+VERSION="12 (bookworm)"
 VERSION_CODENAME=bookworm
 ID=debian
 HOME_URL="https://www.debian.org/";
diff --git a/licenses/GFDL-1.2 b/licenses/GFDL-1.2
index a988da5..68d93f4 100644
--- a/licenses/GFDL-1.2
+++ b/licenses/GFDL-1.2
@@ -355,7 +355,7 @@ The Free Software Foundation may publish new, revised 
versions
 of the GNU Free Documentation License from time to time.  Such new
 versions will be similar in spirit to the present version, but may
 differ in detail to addr

Bug#1031376: tzdata 2022g-3 removed /etc/timezone without a proper transition, breaking multiple packages

[Santiago Vila]

El 16/2/23 a las 12:34, Daniel Leidert escribió:

Am Donnerstag, dem 16.02.2023 um 08:41 +0100 schrieb Paul Gevers:

Control: tags -1 moreinfo
Control: severity -1 normal

Hi Daniel,

On 16-02-2023 01:11, Daniel Leidert wrote:

I ask you to
find a reasonable approach to deal with this for the Bookworm
release.


That's not how we normally work. Please come with concrete proposals and
we can evaluate them.


Note for Daniel:

I'm a mere lurker here, but I believe that what Paul means here
by "concrete proposals" is a patch created by you and proposed
to tzdata maintainer which reverts the problematic changes
and only the problematic changes.

This is also how the TC works, they do not implement any solution
by themselves, they only choose between several options, but we
have to know very precisely what those options are, preferably in
the form of a patch.

Thanks.

Bug#1020413: nmu: bind-dyndb-ldap_11.6-3

[Santiago Vila]

El 21/9/22 a las 13:47, Ondřej Surý escribió:

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

nmu bind-dyndb-ldap_11.6-3 . ANY . bullseye . -m "rebuild for 
bind9_9.16.33-1~deb11u1"

Hi,

after the bind9_9.16.33-1~deb11u1 is release to bullseye-security, the
bind-dyndb-ldap plugin will require binNMU.


Hi. The bind9_9.16.33-1~deb11u1 package is already in bullseye after the
last point release, and now bind-dyndb-ldap fails to build from source:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027825

Because a binary nmu will not fix that, I believe this report is obsolete
and should be closed. Instead, we should fix Bug #1027825.

Thanks.

Bug#1020413: nmu: bind-dyndb-ldap_11.6-3

[Santiago Vila]

El 23/9/22 a las 10:21, Timo Aaltonen escribió:

Paul Gevers kirjoitti 22.9.2022 klo 22.26:

So, Timo, is the package in bullseye broken with the security update and does 
it need a fix, or is it fine?


It needs a rebuild, [...]


I think it's really broken:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027825

Thanks.

Bug#1025703: bullseye-pu: package libexplain/1.4.D001-11+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers:

I'd like to make this QA upload to fix FTBFS bug #997222 in bullseye, 
plus allow compilation with kernels slightly newer than the one in 
bullseye (for example bullseye-backports).


The two patches are taken verbatim from bookworm/sid, where this was 
fixed one year ago.


debdiff attached

Thanks.diff -Nru libexplain-1.4.D001/debian/changelog 
libexplain-1.4.D001/debian/changelog
--- libexplain-1.4.D001/debian/changelog2021-06-09 22:23:28.0 
+0200
+++ libexplain-1.4.D001/debian/changelog2022-12-07 19:10:00.0 
+0100
@@ -1,3 +1,12 @@
+libexplain (1.4.D001-11+deb11u1) bullseye; urgency=medium
+
+  * QA upload.
+  * Apply two patches from bookworm to build with newer kernels:
+  - Patch: Linux 5.11 no longer has if_frad.h, from Ubuntu. Closes: #997222
+  - Patch: termiox removed since kernel 5.12, from ALT Linux.
+
+ -- Santiago Vila   Wed, 07 Dec 2022 19:10:00 +0100
+
 libexplain (1.4.D001-11) unstable; urgency=medium
 
   * QA upload.
diff -Nru libexplain-1.4.D001/debian/patches/linux5.11.patch 
libexplain-1.4.D001/debian/patches/linux5.11.patch
--- libexplain-1.4.D001/debian/patches/linux5.11.patch  1970-01-01 
01:00:00.0 +0100
+++ libexplain-1.4.D001/debian/patches/linux5.11.patch  2022-12-06 
01:00:47.0 +0100
@@ -0,0 +1,33 @@
+From: Graham Inggs 
+Date: Tue, 16 Nov 2021 20:09:45 +0100
+Subject: Linux 5.11 no longer has if_frad.h
+
+Bug-Debian: https://bugs.debian.org/997222
+Last-Update: 2021-06-20
+---
+ libexplain/iocontrol/siocadddlci.c | 2 +-
+ libexplain/iocontrol/siocdeldlci.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/libexplain/iocontrol/siocadddlci.c
 b/libexplain/iocontrol/siocadddlci.c
+@@ -25,7 +25,7 @@
+ #include 
+ 
+ 
+-#ifdef SIOCADDDLCI
++#if defined(SIOCADDDLCI) && defined(HAVE_LINUX_IF_FRAD_H)
+ 
+ static void
+ print_data(const explain_iocontrol_t *p, explain_string_buffer_t *sb,
+--- a/libexplain/iocontrol/siocdeldlci.c
 b/libexplain/iocontrol/siocdeldlci.c
+@@ -26,7 +26,7 @@
+ #include 
+ 
+ 
+-#ifdef SIOCDELDLCI
++#if defined(SIOCDELDLCI) && defined(HAVE_LINUX_IF_FRAD_H)
+ 
+ static void
+ print_data(const explain_iocontrol_t *p, explain_string_buffer_t *sb,
diff -Nru libexplain-1.4.D001/debian/patches/series 
libexplain-1.4.D001/debian/patches/series
--- libexplain-1.4.D001/debian/patches/series   2021-06-09 22:03:05.0 
+0200
+++ libexplain-1.4.D001/debian/patches/series   2022-12-06 01:00:52.0 
+0100
@@ -11,3 +11,5 @@
 sanitize-bison.patch
 gcc-10.patch
 typos.patch
+linux5.11.patch
+termiox-no-more-exists-since-kernel-5.12.patch
diff -Nru 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
--- 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
   1970-01-01 01:00:00.0 +0100
+++ 
libexplain-1.4.D001/debian/patches/termiox-no-more-exists-since-kernel-5.12.patch
   2022-12-06 01:00:52.0 +0100
@@ -0,0 +1,26 @@
+From: Håvard Flaget Aasen 
+Date: Tue, 16 Nov 2021 20:12:31 +0100
+Subject: termiox no more exists since kernel 5.12
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.12&id=c762a2b846b619c0f92f23e2e8e16f70d20df800
+
+Origin: 
https://packages.altlinux.org/en/sisyphus/srpms/libexplain/patches/libexplain-1.4-remove-termiox.patch
+---
+ libexplain/buffer/termiox.h | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/libexplain/buffer/termiox.h
 b/libexplain/buffer/termiox.h
+@@ -21,7 +21,11 @@
+ 
+ #include 
+ 
+-struct termiox; /* forward */
++/* make termiox empty
++   no more defined in Linux kernel since 5.12:
++   
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.12&id=c762a2b846b619c0f92f23e2e8e16f70d20df800
++ */
++struct termiox {};
+ 
+ /**
+   * The explain_buffer_termiox function may be used

Bug#1025654: bullseye-pu: package x4d-icons/1.2-2+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers:

I'd like to fix FTBFS bug #991067 in stable using the attached debdiff 
(not uploaded yet).


The way the FTBFS is fixed is the same I used in upload 1.2-5 which I 
did today for unstable (this upload replaces a previous workaround which 
merely fixed the ftbfs problem by dropping the eps files and thus losing 
functionality).


You will notice that I have decided to raise debhelper compatibility 
level. I am well aware that this should not be done lightly and without 
a good reason.


In this case I'm using the debhelper feature which (during build) 
creates a temporary $HOME directory in which we need to write a config 
file for imagemagick which overrides the one in /etc. This feature 
allows to fix the problem in a simple and effective way, so I believe 
this is justified (to be frank, I don't know how could it be fixed 
easily without this debhelper feature, so the ftbfs bug would probably 
remain unfixed in stable).


Thanks.diff -Nru x4d-icons-1.2/debian/changelog x4d-icons-1.2/debian/changelog
--- x4d-icons-1.2/debian/changelog  2019-03-12 05:38:09.0 +0100
+++ x4d-icons-1.2/debian/changelog  2022-12-06 17:50:00.0 +0100
@@ -1,3 +1,12 @@
+x4d-icons (1.2-2+deb11u1) bullseye; urgency=medium
+
+  * QA upload.
+  * Fix FTBFS problem with new imagemagick. Closes: #991067.
+  * The above patch requires raising debhelper compatibility level to 13,
+which should not be a problem because debhelper 13 is in bullseye.
+
+ -- Santiago Vila   Tue, 06 Dec 2022 17:50:00 +0100
+
 x4d-icons (1.2-2) unstable; urgency=medium
 
   * QA upload.
diff -Nru x4d-icons-1.2/debian/compat x4d-icons-1.2/debian/compat
--- x4d-icons-1.2/debian/compat 2014-05-03 07:01:56.0 +0200
+++ x4d-icons-1.2/debian/compat 1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-9
diff -Nru x4d-icons-1.2/debian/control x4d-icons-1.2/debian/control
--- x4d-icons-1.2/debian/control2019-03-12 05:37:54.0 +0100
+++ x4d-icons-1.2/debian/control2022-12-06 17:50:00.0 +0100
@@ -2,7 +2,7 @@
 Section: graphics
 Priority: optional
 Maintainer: Debian QA Group 
-Build-Depends: debhelper (>= 9), imagemagick, faketime, librsvg2-bin, 
fonts-dejavu-core
+Build-Depends: debhelper-compat (= 13), imagemagick, faketime, librsvg2-bin, 
fonts-dejavu-core
 Standards-Version: 3.9.5
 Homepage: http://x4d.surgut.co.uk
 Vcs-Git: https://github.com/xnox/x4d.git
diff -Nru x4d-icons-1.2/debian/patches/020_fix_policy.patch 
x4d-icons-1.2/debian/patches/020_fix_policy.patch
--- x4d-icons-1.2/debian/patches/020_fix_policy.patch   1970-01-01 
01:00:00.0 +0100
+++ x4d-icons-1.2/debian/patches/020_fix_policy.patch   2022-12-06 
17:50:00.0 +0100
@@ -0,0 +1,29 @@
+Description: Override overly strict ImageMagick coder policy (#987504)
+ This creates a more permissive version of
+ /etc/ImageMagick-6/policy.xml and ensures it gets loaded after the
+ one from /etc.
+ .
+ It is done by means of a patch to make use of the debhelper-provided
+ $HOME visible by dh_auto_*.
+ .
+ The relevant code is at:
+ 
https://sources.debian.org/src/imagemagick/8:6.9.11.60+dfsg-1.3/magick/configure.c/#L860
+Author: Dennis Filder 
+Last-Updated: 2022-12-06
+
+--- a/generate.sh
 b/generate.sh
+@@ -33,6 +33,13 @@
+ generate XML '1.0' xml10
+ generate XML '1.1' xml11
+ 
++# this relies on debhelper providing a $HOME directory for us to write to
++imversion=$(convert -version|sed -n '/^Version: /s@Version: ImageMagick 
\([[:digit:]]\+\)\..*@ImageMagick-\1@p')
++polfile="/etc/${imversion}/policy.xml"
++mkdir "$HOME"/.magick
++sed -e '//s@"none"@"read|write"@' "$polfile" \
++> "$HOME"/.magick/policy.xml
++
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}.png
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}.gif
+ /bin/ls Icons/*.svg | sed 's/-v\.svg//' | xargs -L1 -I{} convert -background 
none {}-v.svg {}-v.eps
diff -Nru x4d-icons-1.2/debian/patches/series 
x4d-icons-1.2/debian/patches/series
--- x4d-icons-1.2/debian/patches/series 1970-01-01 01:00:00.0 +0100
+++ x4d-icons-1.2/debian/patches/series 2022-12-06 17:50:00.0 +0100
@@ -0,0 +1 @@
+020_fix_policy.patch

Bug#1016439: buster-pu: package procmail/3.22-26+deb10u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sanv...@debian.org

Dear release managers:

I've applied this small procmail fix to buster as well, hopefully to be 
part of the next point release, whenever it will be.


This was done to bullseye previously:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014221

As in the bullseye case, this is the type of bug I don't want to see in
stable or oldstable.

The debdiff is attached.

Thanks.diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog  2017-11-16 23:42:36.0 +0100
+++ procmail-3.22/debian/changelog  2022-07-31 20:10:00.0 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb10u1) buster; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+Reported by Jakub Wilk using American Fuzzy Lop.
+Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila   Sun, 31 Jul 2022 20:10:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31 1970-01-01 01:00:00.0 +0100
+++ procmail-3.22/debian/patches/31 2022-07-31 19:32:00.0 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg 
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
 b/src/from.c
+@@ -117,7 +117,10 @@
+ themail.p[extra]='\0';  /* terminate it for strchr */
+   }
+  while(!(rstart=strchr(themail.p,'\n')));
+- extra=rstart?extra-(++rstart-themail.p):0;
++ if (rstart)
++   extra -= ++rstart - themail.p;
++ else
++   extra = 0, rstart = themail.p;
+}
+   else
+{ size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series 
procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series 2017-11-16 23:41:45.0 +0100
+++ procmail-3.22/debian/patches/series 2022-07-31 19:00:00.0 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1

[Santiago Vila]

Note: Sorry for the confusion. The debdiff is really the one attached 
now. (The distribution is "bullseye").


Thanks.diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog  2017-11-16 23:42:36.0 +0100
+++ procmail-3.22/debian/changelog  2022-07-02 13:20:00.0 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb11u1) bullseye; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+Reported by Jakub Wilk using American Fuzzy Lop.
+Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila   Sat, 02 Jul 2022 13:20:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31 1970-01-01 01:00:00.0 +0100
+++ procmail-3.22/debian/patches/31 2022-07-02 12:32:00.0 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg 
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
 b/src/from.c
+@@ -117,7 +117,10 @@
+ themail.p[extra]='\0';  /* terminate it for strchr */
+   }
+  while(!(rstart=strchr(themail.p,'\n')));
+- extra=rstart?extra-(++rstart-themail.p):0;
++ if (rstart)
++   extra -= ++rstart - themail.p;
++ else
++   extra = 0, rstart = themail.p;
+}
+   else
+{ size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series 
procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series 2017-11-16 23:41:45.0 +0100
+++ procmail-3.22/debian/patches/series 2022-07-02 12:00:00.0 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

Dear release managers: There was a NULL pointer dereference fix in 
procmail which I've just applied to bullseye as well. There is no CVE 
for this, but nevertheless it's the type of bug I don't want to see in 
stable.


The patch was taken from the author's git repository and it has been 
working in testing/unstable for several months now.


The debdiff is attached.

(I will also try to upload for buster before its final release)

Thanks.diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog  2017-11-16 23:42:36.0 +0100
+++ procmail-3.22/debian/changelog  2022-07-02 13:20:00.0 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb11u1) unstable; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+Reported by Jakub Wilk using American Fuzzy Lop.
+Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila   Sat, 02 Jul 2022 13:20:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31 1970-01-01 01:00:00.0 +0100
+++ procmail-3.22/debian/patches/31 2022-07-02 12:32:00.0 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg 
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
 b/src/from.c
+@@ -117,7 +117,10 @@
+ themail.p[extra]='\0';  /* terminate it for strchr */
+   }
+  while(!(rstart=strchr(themail.p,'\n')));
+- extra=rstart?extra-(++rstart-themail.p):0;
++ if (rstart)
++   extra -= ++rstart - themail.p;
++ else
++   extra = 0, rstart = themail.p;
+}
+   else
+{ size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series 
procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series 2017-11-16 23:41:45.0 +0100
+++ procmail-3.22/debian/patches/series 2022-07-02 12:00:00.0 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Bug#988276: unblock: base-files/11.1

[Santiago Vila]

On Fri, May 14, 2021 at 10:21:31PM +0200, Paul Gevers wrote:

>  Priority: required
>  Maintainer: Santiago Vila 
>  Standards-Version: 4.1.3
> -Build-Depends: debhelper (>= 9)
> +Build-Depends: debhelper-compat (= 13)
> 
> Please revert that [1] or show with diffoscope that it doesn't change
> anything in the resulting binaries (by building twice, once with the
> current set and once with the debhelper bump reverted).

It is indeed harmless.

To be sure, I added debian/compat again and set "debhelper (>= 9)"
in debian/control, plus a new changelog entry (with same date to not
trigger lots of spurious date-related changes).

Attached source debdiff and diffoscope output, where the only changes
are the expected ones: Version and changelog.gz size.

Thanks.
diff -Nru base-files-11.1/debian/changelog base-files-11.2/debian/changelog
--- base-files-11.1/debian/changelog2021-04-10 22:15:00.0 +0200
+++ base-files-11.2/debian/changelog2021-04-10 22:15:00.0 +0200
@@ -1,3 +1,9 @@
+base-files (11.2) unstable; urgency=medium
+
+  * Undo debhelper bump to check that it's harmless.
+
+ -- Santiago Vila   Sat, 10 Apr 2021 22:15:00 +0200
+
 base-files (11.1) unstable; urgency=medium
 
   * Use https where appropriate, namely, origins/debian (currently used)
diff -Nru base-files-11.1/debian/compat base-files-11.2/debian/compat
--- base-files-11.1/debian/compat   1970-01-01 01:00:00.0 +0100
+++ base-files-11.2/debian/compat   2021-04-10 22:15:00.0 +0200
@@ -0,0 +1 @@
+9
diff -Nru base-files-11.1/debian/control base-files-11.2/debian/control
--- base-files-11.1/debian/control  2021-04-10 22:15:00.0 +0200
+++ base-files-11.2/debian/control  2021-04-10 22:15:00.0 +0200
@@ -3,7 +3,7 @@
 Priority: required
 Maintainer: Santiago Vila 
 Standards-Version: 4.1.3
-Build-Depends: debhelper-compat (= 13)
+Build-Depends: debhelper (>= 9)
 
 Package: base-files
 Provides: base
--- base-files_11.1_amd64.deb
+++ base-files_11.2_amd64.deb
├── file list
│ @@ -1,3 +1,3 @@
│  -rw-r--r--   0004 2021-04-10 20:15:00.00 
debian-binary
│ --rw-r--r--   000 2352 2021-04-10 20:15:00.00 
control.tar.xz
│ --rw-r--r--   00067448 2021-04-10 20:15:00.00 
data.tar.xz
│ +-rw-r--r--   000 2348 2021-04-10 20:15:00.00 
control.tar.xz
│ +-rw-r--r--   00067484 2021-04-10 20:15:00.00 
data.tar.xz
├── control.tar.xz
│ ├── control.tar
│ │ ├── ./control
│ │ │ @@ -1,9 +1,9 @@
│ │ │  Package: base-files
│ │ │ -Version: 11.1
│ │ │ +Version: 11.2
│ │ │  Architecture: amd64
│ │ │  Essential: yes
│ │ │  Maintainer: Santiago Vila 
│ │ │  Installed-Size: 340
│ │ │  Pre-Depends: awk
│ │ │  Breaks: debian-security-support (<< 2019.04.25), initscripts (<< 
2.88dsf-13.3), sendfile (<< 2.1b.20080616-5.2~)
│ │ │  Replaces: base, dpkg (<= 1.15.0), miscutils
│ │ ├── ./md5sums
│ │ │ ├── ./md5sums
│ │ │ │┄ Files differ
├── data.tar.xz
│ ├── data.tar
│ │ ├── file list
│ │ │ @@ -56,15 +56,15 @@
│ │ │  -rw-r--r--   0 root (0) root (0)25755 2017-04-03 
11:00:00.00 ./usr/share/common-licenses/MPL-1.1
│ │ │  -rw-r--r--   0 root (0) root (0)16726 2017-04-03 
20:00:00.00 ./usr/share/common-licenses/MPL-2.0
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/dict/
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/doc/
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/doc/base-files/
│ │ │  -rw-r--r--   0 root (0) root (0) 4690 2021-04-10 
20:15:00.00 ./usr/share/doc/base-files/README
│ │ │  -rw-r--r--   0 root (0) root (0) 1153 2019-07-09 
09:00:00.00 ./usr/share/doc/base-files/README.FHS
│ │ │ --rw-r--r--   0 root (0) root (0)17266 2021-04-10 
20:15:00.00 ./usr/share/doc/base-files/changelog.gz
│ │ │ +-rw-r--r--   0 root (0) root (0)17296 2021-04-10 
20:15:00.00 ./usr/share/doc/base-files/changelog.gz
│ │ │  -rw-r--r--   0 root (0) root (0) 1228 2021-04-10 
20:15:00.00 ./usr/share/doc/base-files/copyright
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/info/
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/lintian/
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/lintian/overrides/
│ │ │  -rw-r--r--   0 root (0) root (0)  985 2019-07-09 
09:00:00.00 ./usr/share/lintian/overrides/base-files
│ │ │  drwxr-xr-x   0 root (0) root (0)0 2021-04-10 
20:15:00.00 ./usr/share/man/
│ │ │

Bug#988276: unblock: base-files/11.1

[Santiago Vila]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock base-files 11.1. Debdiff is attached.

The changes are of two types:

a) Changes for standards compliance and bugs which are trivial to fix
(at the top of changelog) and

b) The "branding" changes which always happen before a stable release
(at the bottom of the changelog).

Thanks.diff -Nru base-files-11/debian/changelog base-files-11.1/debian/changelog
--- base-files-11/debian/changelog  2019-07-09 12:05:50.0 +0200
+++ base-files-11.1/debian/changelog2021-04-10 22:15:00.0 +0200
@@ -1,3 +1,26 @@
+base-files (11.1) unstable; urgency=medium
+
+  * Use https where appropriate, namely, origins/debian (currently used)
+and share/staff-group-for-usr-local (not anymore). Closes: #959470.
+  * Gracefully handle /usr/share/info not existing. Closes: #977113.
+  * Use $() instead of `` where appropriate, namely, the default files
+for /etc/profile and /root/.bashrc. Closes: #982687.
+  * Update share/profile.md5sums as the default file has changed.
+  * Update build-dependency on debhelper.
+  * Release candidate for bullseye as stable:
+  - Use "11" as version in /etc/issue and /etc/issue.net.
+(never expected to change after buster is released)
+  - Use 11.0 as version in /etc/debian_version.
+(expected to change at every point release)
+  - Change PRETTY_NAME in /usr/lib/os-release, adding 11 as version number
+and "(bullseye)" as codename. Add also VERSION_ID and VERSION.
+(never expected to change)
+  - Add VERSION_CODENAME to os-release.
+(only expected on stable releases)
+  - Update README (bullseye -> bookworm).
+
+ -- Santiago Vila   Sat, 10 Apr 2021 22:15:00 +0200
+
 base-files (11) unstable; urgency=medium
 
   * Change issue, issue.net, debian_version and os-release to read
diff -Nru base-files-11/debian/compat base-files-11.1/debian/compat
--- base-files-11/debian/compat 2019-07-09 11:00:00.0 +0200
+++ base-files-11.1/debian/compat   1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-9
diff -Nru base-files-11/debian/control base-files-11.1/debian/control
--- base-files-11/debian/control2019-07-09 11:00:00.0 +0200
+++ base-files-11.1/debian/control  2021-04-10 22:15:00.0 +0200
@@ -3,7 +3,7 @@
 Priority: required
 Maintainer: Santiago Vila 
 Standards-Version: 4.1.3
-Build-Depends: debhelper (>= 9)
+Build-Depends: debhelper-compat (= 13)
 
 Package: base-files
 Provides: base
diff -Nru base-files-11/debian/postinst.in base-files-11.1/debian/postinst.in
--- base-files-11/debian/postinst.in2019-07-09 11:00:00.0 +0200
+++ base-files-11.1/debian/postinst.in  2021-04-10 22:15:00.0 +0200
@@ -108,7 +108,7 @@
   chmod 644 /var/lib/dpkg/status
 fi
 
-if [ ! -f /usr/info/dir ] && [ ! -f /usr/share/info/dir ]; then
+if [ -d /usr/share/info ] && [ ! -f /usr/info/dir ] && [ ! -f 
/usr/share/info/dir ]; then
   install_from_default info.dir /usr/share/info/dir
   chmod 644 /usr/share/info/dir
 fi
diff -Nru base-files-11/debian/README base-files-11.1/debian/README
--- base-files-11/debian/README 2019-07-09 11:00:00.0 +0200
+++ base-files-11.1/debian/README   2021-04-10 22:15:00.0 +0200
@@ -4,10 +4,10 @@
 * Questions about /etc/issue and /etc/debian_version:
 
 Q. I upgraded my system to the testing distribution and now my /etc/issue
-says "bullseye/sid". Should it not read "bullseye" or "testing"?
+says "bookworm/sid". Should it not read "bookworm" or "testing"?
 
 Q. I upgraded my system to the unstable distribution and now my /etc/issue
-says "bullseye/sid". Should it not read "sid" or "unstable"?
+says "bookworm/sid". Should it not read "sid" or "unstable"?
 
 A. That would be nice, but it is not possible because of the way the
 testing distribution works. Packages uploaded for unstable reach
@@ -17,9 +17,9 @@
 two sides of the same coin. Since the base-files package in testing
 was initially uploaded for unstable, the only sensible /etc/issue to
 have is one that is both valid for testing and unstable, hence
-"bullseye/sid" (or whatever is appropriate).
+"bookworm/sid" (or whatever is appropriate).
 
-Q. Why "bullseye/sid" and not "testing/unstable" as it used to be?
+Q. Why "bookworm/sid" and not "testing/unstable" as it used to be?
 
 A. The codename is a little bit more informative, as the meaning of
 "testing" changes over time.
diff -Nru base-files-11/etc/debian_version base-files-11.1/etc/debian_version
--- base-files-11/etc/debian_version2019-07-09 12:00:00.0 +0200
+++ base-files-11.1/etc/debian_version  2021-04-10 22:00:00.0 +0200
@@ -1 +1 @@
-bullseye/sid
+11.0
diff -Nru base-files-11

Re: Bug#931003: Bug#931003: Removed package(s) from unstable

[Santiago Vila]

On Tue, May 04, 2021 at 11:48:09AM +0100, peter green wrote:
> > This was automatically closed by ftpmaster because the package was
> > removed from unstable, but this still does not fix the FTBFS problem
> > in stable.
> 
> Unfortunately I don't think a proper fix will be forthcoming, upstream
> has abandoned the crate in question.

It does not need to be a perfect fix. It is enough that dpkg-buildpackage
exits with status 0. If the tests are no longer valid, disabling them
should be much better than nothing, because packages in stable must
build in stable.

> > There are already 74 packages which FTBFS in stable (by my count),
> 
> Do you have a list?

Last time I tried this is what I found:

https://people.debian.org/~sanvila/ftbfs-in-buster/

Among those packages there is even a GPL violation in gcc-8-cross,
as the FTBFS problem happens because the Makefile is buggy (the GPL
says packages must be distributed with a working Makefile).

> Are the stable release managers open to patches fixing such issues?

In my experience, usually yes, because packages in stable must build
in stable.

Thanks.

Bug#944351: Providing minor version somewhere in /etc/os-release in buster

[Santiago Vila]

On Thu, Nov 14, 2019 at 07:10:08PM +0100, Julien Cristau wrote:
> On Fri, Nov 08, 2019 at 01:17:20PM +0100, Santiago Vila wrote:
> > I received this bug from one of the ansible upstream authors:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931197
> > 
> > asking to include information about minor version somewhere in 
> > /etc/os-release.
> > 
> What I'm missing from that bug is the actual use case.  The minor
> version seems to me to be pretty meaningless.  What problem does
> including it actually fix?

I would call it marginally useful, but not meaningless.

If it was really meaningless, we would not be providing such info in
/etc/debian_version to begin with.

In this case we would be allowing ansible maintainers for a cleaner
implementation of something which they have already decided to
implement because some users consider it useful.

As far as we don't break any standard, does a feature need to be
useful for everybody to be implemented, or does it suffice that some
people consider it useful? (for whatever reason).

Should I ask your question to Sam Doran in the referenced bug?

In my opinion, /etc/debian_version is deprecated in favour of
/etc/os-release. Not losing information (no matter how useful such
information might be) in the switch seems a reasonable goal to me.

Thanks.

Bug#944351: Providing minor version somewhere in /etc/os-release in buster

[Santiago Vila]

tags 944351 - moreinfo
thanks

Note: I have finally the ok from both lsb-release and ansible people.

To answer the question: Yes, the change would be limited to VERSION_ID only.

That would be enough for the minor version to be shown by
"lsb_release -r" or "lsb_release -a", and also enough for ansible
people to implement {{ ansible_distribution_minor_version }}
without having to use ugly hacks.

So, to summarize: I believe putting minor version in VERSION_ID would
be useful, and I also think that we could do this in buster as far as
we do it "soon" in the stable cycle, i.e 10.x where x is still small
(for example, 10.3).

I am of course aware that some setups might break because of this but
on the other side we can reasonably hope that whatever breakage
(in hand-made scripts, for example) should be easy to fix.

(In fact, this change in base-files would fix a not-yet-fixed breakage
in lsb-release).

On Sun, Nov 10, 2019 at 01:14:12PM +, Holger Levsen wrote:
> On Sun, Nov 10, 2019 at 01:24:42PM +0100, Santiago Vila wrote:
> > Ok, I have just uploaded base-files as usual, but if possible I'd like
> > this to be sorted-out for 10.3 (in particular, I still would like to
> > hear from the ansible maintainers).
>  
> I wondering if change should have wider exposure. I suspect not only
> ansible users will be affected. I'd say this warrants a mail to d-d-a or
> at least -devel.

Hmm, what kind of exposure do you have in mind and for what purpose?

(I can think of two different purposes, not all of them desirable,
but would like to know yours first :-)

Thanks.

Bug#944351: Providing minor version somewhere in /etc/os-release in buster

[Santiago Vila]

On Sat, Nov 09, 2019 at 03:33:26PM +, Adam D. Barratt wrote:
> On Sat, 2019-11-09 at 16:09 +0100, Santiago Vila wrote:
> > (If we can't sort this out for 10.2 I'll have to upload base-files
> > for 10.2 as usual. What's the real deadline for that? This weekend?)
> 
> Yep.

Ok, I have just uploaded base-files as usual, but if possible I'd like
this to be sorted-out for 10.3 (in particular, I still would like to
hear from the ansible maintainers).

(I assume and hope that keeping this bug open until we have all the
info should not be a problem).

Thanks.

Bug#944351: Providing minor version somewhere in /etc/os-release in buster

[Santiago Vila]

On Sat, Nov 09, 2019 at 02:10:45PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Fri, 2019-11-08 at 13:17 +0100, Santiago Vila wrote:
> > I received this bug from one of the ansible upstream authors:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931197
> > 
> > asking to include information about minor version somewhere in
> > /etc/os-release.
> > 
> > I first said "not yet" because we were very close to the release of
> > buster and the behaviour of /etc/debian_version and /etc/os-release
> > was already "documented" or "announced" in base-files changelog, as
> > usual. My plan was to consider that for bullseye.
> > 
> > However, there is a glitch in lsb-release:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939733
> > 
> > We could revert the change in lsb-release so that it looks at
> > /etc/debian_version again, but we could also do the change
> > in base-files now and fix this glitch in the most standard way.
> > 
> > So: Would you approve that base-files 10.3+deb10u2 for Debian 10.2
> > has VERSION_ID="10.2" in /etc/os-release (and 10.x from now on)
> > instead of "10"?
> 
> To confirm, is the proposal to end up with:
> 
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10.2"
> VERSION="10 (buster)"
> 
> ?

That's what I would like to be but unfortunately, I'm not 100% sure.
I'm awaiting for reply from the ansible maintainer who contacted me
and also from the LSB maintainers.

The complain in Bug #939733 is that "lsb_release -d" does not show the
point release (and that would not be "fixed" by updating VERSION_ID),
but according to Simon McVittie in Bug#914287.

  lsb_release -d

os-release PRETTY_NAME looks suitable for this. It can include the
OS vendor, version number and/or codename. One difference is that
stretch has PRETTY_NAME="Debian GNU/Linux 9 (stretch)", without
the 9.6; but I don't think that's a very important distinction, so
it might make most sense for $(lsb_release -ds) in the buster
release to be "Debian GNU/Linux 10 (buster)" across all point
releases.


So I think we could change VERSION_ID and nothing else and interpret
Bug #939733 in the sense that the minor version should be in
/etc/os-release just "somewhere". I also would like to think that this
should be enough for ansible to implement {{ ansible_distribution_minor_version 
}}
without being too much hackish.

Cc:ing interested parties again.

(If we can't sort this out for 10.2 I'll have to upload base-files for
10.2 as usual. What's the real deadline for that? This weekend?)

Thanks.

Bug#944351: Providing minor version somewhere in /etc/os-release in buster

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers:

I received this bug from one of the ansible upstream authors:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931197

asking to include information about minor version somewhere in /etc/os-release.

I first said "not yet" because we were very close to the release of buster
and the behaviour of /etc/debian_version and /etc/os-release was
already "documented" or "announced" in base-files changelog, as usual.
My plan was to consider that for bullseye.

However, there is a glitch in lsb-release:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939733

We could revert the change in lsb-release so that it looks at
/etc/debian_version again, but we could also do the change
in base-files now and fix this glitch in the most standard way.

So: Would you approve that base-files 10.3+deb10u2 for Debian 10.2 has
VERSION_ID="10.2" in /etc/os-release (and 10.x from now on) instead of
"10"?

My only problem with this is how we would explain the change
after having promised (sort of) that the file would not
change in such way in 10.x.

On the other hand, people who use constructs like
{{ ansible_distribution_major_version }}, which is probably a lot
better than parsing the file by hand, would not be affected at all.

Thanks.

Bug#938997: stretch-pu: package gettext/0.19.8.1-2+deb9u1

[Santiago Vila]

Package: release.debian.org
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers:

I'd like to have this bug fixed in stretch, as it has practical
implications for some people (as opposed to other crashes which
may only happen with specially crafted files).

I was requested to do this here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891347#30

and the request makes sense to me.

The debdiff is below and the changelog is self-explanatoty.

Thanks.

diff -Nru gettext-0.19.8.1/debian/changelog gettext-0.19.8.1/debian/changelog
--- gettext-0.19.8.1/debian/changelog   2017-01-23 23:11:50.0 +0100
+++ gettext-0.19.8.1/debian/changelog   2019-08-31 01:30:22.0 +0200
@@ -1,3 +1,12 @@
+gettext (0.19.8.1-2+deb9u1) stretch; urgency=medium
+
+  * Stop xgettext() from crashing when run with --its=FILE option.
+Patch taken from Debian 10, which in turn was extracted from
+upstream git. Should help the inkscape project. Closes: #891347.
+See https://gitlab.com/inkscape/inkscape/issues/271 for details.
+
+ -- Santiago Vila   Sat, 31 Aug 2019 01:30:22 +0200
+
 gettext (0.19.8.1-2) unstable; urgency=medium
 
   * Use debhelper more.
diff -Nru gettext-0.19.8.1/debian/patches/05-fix-crash-xgettext-with-its.patch 
gettext-0.19.8.1/debian/patches/05-fix-crash-xgettext-with-its.patch
--- gettext-0.19.8.1/debian/patches/05-fix-crash-xgettext-with-its.patch
1970-01-01 01:00:00.0 +0100
+++ gettext-0.19.8.1/debian/patches/05-fix-crash-xgettext-with-its.patch
2019-08-31 00:02:00.0 +0200
@@ -0,0 +1,33 @@
+From: Bruno Haible 
+Subject: Fix crash of xgettext with --its option.
+Origin: 
https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff_plain;h=a0cab23332a254e3500cac2a3a984472d02180e5
+Bug-Debian: https://bugs.debian.org/891347
+X-Debian-version: 0.19.8.1-5
+
+--- a/gettext-tools/src/xgettext.c
 b/gettext-tools/src/xgettext.c
+@@ -330,7 +330,7 @@
+   bool sort_by_msgid = false;
+   bool sort_by_filepos = false;
+   char **dirs;
+-  char **its_dirs;
++  char **its_dirs = NULL;
+   char *explicit_its_filename = NULL;
+   const char *file_name;
+   const char *files_from = NULL;
+@@ -1016,9 +1016,12 @@
+   if (its_locating_rules)
+ locating_rule_list_free (its_locating_rules);
+ 
+-  for (i = 0; its_dirs[i] != NULL; i++)
+-free (its_dirs[i]);
+-  free (its_dirs);
++  if (its_dirs != NULL)
++{
++  for (i = 0; its_dirs[i] != NULL; i++)
++free (its_dirs[i]);
++  free (its_dirs);
++}
+ 
+   exit (EXIT_SUCCESS);
+ }
diff -Nru gettext-0.19.8.1/debian/patches/series 
gettext-0.19.8.1/debian/patches/series
--- gettext-0.19.8.1/debian/patches/series  2017-01-23 22:00:00.0 
+0100
+++ gettext-0.19.8.1/debian/patches/series  2019-08-31 00:00:00.0 
+0200
@@ -1 +1,2 @@
 01-do-not-use-java-in-urlget
+05-fix-crash-xgettext-with-its.patch

Bug#938926: stretch-pu: package base-files/9.9+deb9u10

[Santiago Vila]

Package: release.debian.org
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Managers:

With the base-files upload for the next Debian 9 point release, I'd
like to introduce CODENAME_VERSION in stretch as it was already done
in buster.

This is an optional field according to the specs, so there should be
no impact for people following the specs.

This would be the full debdiff. Waiting for approval before upload.

Thanks.

diff -Nru base-files-9.9+deb9u9/debian/changelog 
base-files-9.9+deb9u10/debian/changelog
--- base-files-9.9+deb9u9/debian/changelog  2019-03-28 10:12:44.0 
+0100
+++ base-files-9.9+deb9u10/debian/changelog 2019-08-30 10:45:44.0 
+0200
@@ -1,3 +1,11 @@
+base-files (9.9+deb9u10) stretch; urgency=medium
+
+  * Change /etc/debian_version to 9.10, for Debian 9.10 point release.
+  * Add VERSION_CODENAME to os-release. Closes: #829245. Please note
+that this is only for stable releases.
+
+ -- Santiago Vila   Fri, 30 Aug 2019 10:45:44 +0200
+
 base-files (9.9+deb9u9) stretch; urgency=medium
 
   * Change /etc/debian_version to 9.9, for Debian 9.9 point release.
diff -Nru base-files-9.9+deb9u9/etc/debian_version 
base-files-9.9+deb9u10/etc/debian_version
--- base-files-9.9+deb9u9/etc/debian_version2019-03-28 10:12:44.0 
+0100
+++ base-files-9.9+deb9u10/etc/debian_version   2019-08-30 09:00:00.0 
+0200
@@ -1 +1 @@
-9.9
+9.10
diff -Nru base-files-9.9+deb9u9/etc/os-release 
base-files-9.9+deb9u10/etc/os-release
--- base-files-9.9+deb9u9/etc/os-release2017-01-15 23:00:00.0 
+0100
+++ base-files-9.9+deb9u10/etc/os-release   2019-08-30 10:45:44.0 
+0200
@@ -2,6 +2,7 @@
 NAME="Debian #OSNAME#"
 VERSION_ID="9"
 VERSION="9 (stretch)"
+VERSION_CODENAME=stretch
 ID=debian
 HOME_URL="https://www.debian.org/";
 SUPPORT_URL="https://www.debian.org/support";

Bug#931245: unblock: encoding-rs/0.8.15-2

[Santiago Vila]

Hi.

I'm still tracking FTBFS bugs in buster. Am I right to think that this
upload for stable (when accepted) will fix Bugs #931002 and #931003 in
rust-coresimd and rust-simd, making them buildable again?

(Those bugs have been closed automatically by FTPmaster, but the automatic
script does not know that the bugs still have to be fixed in buster).

Thanks.

Bug#933970: stretch-pu: package unzip/6.0-21+deb9u2

[Santiago Vila]

Package: release.debian.org
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello. I've just uploaded this to fix CVE-2019-13232 by applying the
three available patches from Mark Adler, plus a trivial one-liner in
fileio.c which is also fixed in buster and sid.

Debdiff below.

Thanks.

diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog  2019-04-17 21:23:40.0 +0200
+++ unzip-6.0/debian/changelog  2019-08-05 18:10:06.0 +0200
@@ -1,3 +1,15 @@
+unzip (6.0-21+deb9u2) stretch; urgency=medium
+
+  * Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502.
+  * Apply three patches by Mark Adler to fix CVE-2019-13232.
+  - Fix bug in undefer_input() that misplaced the input state.
+  - Detect and reject a zip bomb using overlapped entries.
+Bug discovered by David Fifield. Closes: #931433.
+  - Do not raise a zip bomb alert for a misplaced central directory.
+Reported by Peter Green. Closes: #932404.
+
+ -- Santiago Vila   Mon, 05 Aug 2019 18:10:06 +0200
+
 unzip (6.0-21+deb9u1) stretch; urgency=medium
 
   * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
diff -Nru unzip-6.0/debian/patches/21-fix-warning-messages-on-big-files.patch 
unzip-6.0/debian/patches/21-fix-warning-messages-on-big-files.patch
--- unzip-6.0/debian/patches/21-fix-warning-messages-on-big-files.patch 
1970-01-01 01:00:00.0 +0100
+++ unzip-6.0/debian/patches/21-fix-warning-messages-on-big-files.patch 
2019-08-05 17:21:00.0 +0200
@@ -0,0 +1,15 @@
+From: "Steven M. Schweda" 
+Subject: Fix lame code in fileio.c
+Bug-Debian: https://bugs.debian.org/929502
+X-Debian-version: 6.0-23
+
+--- a/fileio.c
 b/fileio.c
+@@ -2477,6 +2477,7 @@
+  */
+ return (((zusz_t)sig[7]) << 56)
+ + (((zusz_t)sig[6]) << 48)
+++ (((zusz_t)sig[5]) << 40)
+ + (((zusz_t)sig[4]) << 32)
+ + (zusz_t)ulg)sig[3]) << 24)
+  + (((ulg)sig[2]) << 16)
diff -Nru 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch
--- unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
1970-01-01 01:00:00.0 +0100
+++ unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
2019-08-05 17:22:00.0 +0200
@@ -0,0 +1,22 @@
+From: Mark Adler 
+Subject: Fix bug in undefer_input() that misplaced the input state.
+Origin: 
https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Fix bug in undefer_input() that misplaced the input state.
+
+--- a/fileio.c
 b/fileio.c
+@@ -532,8 +532,10 @@
+  * This condition was checked when G.incnt_leftover was set > 0 in
+  * defer_leftover_input(), and it is NOT allowed to touch G.csize
+  * before calling undefer_input() when (G.incnt_leftover > 0)
+- * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++ * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+  */
++if (G.csize < 0L)
++G.csize = 0L;
+ G.incnt = G.incnt_leftover + (int)G.csize;
+ G.inptr = G.inptr_leftover - (int)G.csize;
+ G.incnt_leftover = 0;
diff -Nru 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
--- 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   1970-01-01 01:00:00.0 +0100
+++ 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   2019-08-05 17:23:00.0 +0200
@@ -0,0 +1,335 @@
+From: Mark Adler 
+Subject: Detect and reject a zip bomb using overlapped entries.
+Origin: 
https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is

Bug#932318: buster-pu: package unzip/6.0-23+deb10u1

[Santiago Vila]

On Sat, Jul 27, 2019 at 01:38:46PM -0300, Adam D. Barratt wrote:
> On 2019-07-27 13:18, Santiago Vila wrote:
> > tags 932318 - moreinfo
> > thanks
> > 
> > Hello.
> > 
> > The problem with Firefox should now be fixed, and it was unzip's fault.
> > 
> > If possible, I'd like this upload I did 6.0-23+deb10u1 to be rejected so
> > that
> > I can reuse the +deb10u1 version with all the fixes included.
> 
> Done, pending dak actually processing the request.

Fine. I reuploaded unzip, this is the new debdiff, and this time
I believe it should be suitable for stable.

Thanks.

diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog  2019-05-29 00:24:08.0 +0200
+++ unzip-6.0/debian/changelog  2019-07-30 22:26:10.0 +0200
@@ -1,3 +1,14 @@
+unzip (6.0-23+deb10u1) buster; urgency=medium
+
+  * Apply three patches by Mark Adler to fix CVE-2019-13232.
+  - Fix bug in undefer_input() that misplaced the input state.
+  - Detect and reject a zip bomb using overlapped entries.
+Bug discovered by David Fifield. Closes: #931433.
+  - Do not raise a zip bomb alert for a misplaced central directory.
+Reported by Peter Green. Closes: #932404.
+
+ -- Santiago Vila   Tue, 30 Jul 2019 22:26:10 +0200
+
 unzip (6.0-23) unstable; urgency=medium
 
   * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
diff -Nru 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch
--- unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
1970-01-01 01:00:00.0 +0100
+++ unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
2019-07-30 21:22:00.0 +0200
@@ -0,0 +1,22 @@
+From: Mark Adler 
+Subject: Fix bug in undefer_input() that misplaced the input state.
+Origin: 
https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Fix bug in undefer_input() that misplaced the input state.
+
+--- a/fileio.c
 b/fileio.c
+@@ -532,8 +532,10 @@
+  * This condition was checked when G.incnt_leftover was set > 0 in
+  * defer_leftover_input(), and it is NOT allowed to touch G.csize
+  * before calling undefer_input() when (G.incnt_leftover > 0)
+- * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++ * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+  */
++if (G.csize < 0L)
++G.csize = 0L;
+ G.incnt = G.incnt_leftover + (int)G.csize;
+ G.inptr = G.inptr_leftover - (int)G.csize;
+ G.incnt_leftover = 0;
diff -Nru 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
--- 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   1970-01-01 01:00:00.0 +0100
+++ 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   2019-07-30 21:23:00.0 +0200
@@ -0,0 +1,335 @@
+From: Mark Adler 
+Subject: Detect and reject a zip bomb using overlapped entries.
+Origin: 
https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is considered covered. When a new entry is about to
+be processed, its initial offset is checked to see if it is
+contained by a covered span. If so, the zip file is rejected as
+invalid.
+
+This commit depends on a preceding commit: "Fix bug in
+undefer_input() that misplaced the input state."
+
+--- a/extract.c
 b/extract.c
+@@ -321,6 +321,125 @@
+   "\nerror:  unsupported extra-field compression type (%u)--skipping\n";
+ static ZCONST char Far BadExtraFieldCRC[] =
+   "error [%s]:  bad extra-field CRC %08lx (should be %08lx)\n";
++static ZCONST cha

Bug#932318: buster-pu: package unzip/6.0-23+deb10u1

[Santiago Vila]

tags 932318 - moreinfo
thanks

Hello.

The problem with Firefox should now be fixed, and it was unzip's fault.

If possible, I'd like this upload I did 6.0-23+deb10u1 to be rejected so that
I can reuse the +deb10u1 version with all the fixes included.

Thanks.

Bug#932318: buster-pu: package unzip/6.0-23+deb10u1

[Santiago Vila]

Dear Release Managers:

Please leave this package unapproved for now.

It has some side-effects (like firefox FTBFS) which need to be
investigated:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932404

I have the feeling that this will be another case of buggy zipfile,
like this one:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931895

but we don't know for sure yet.

Thanks.

Bug#932318: buster-pu: package unzip/6.0-23+deb10u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello.

I've just uploaded this for buster-proposed-updates, hopefully to be
part of Debian 10.1. Salvatore tells me it does not deserve a DSA.

Thanks.

diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog  2019-05-29 00:24:08.0 +0200
+++ unzip-6.0/debian/changelog  2019-07-17 16:35:30.0 +0200
@@ -1,3 +1,12 @@
+unzip (6.0-23+deb10u1) buster; urgency=medium
+
+  * Apply two patches by Mark Adler:
+  - Fix bug in undefer_input() that misplaced the input state.
+  - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
+Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
+
+ -- Santiago Vila   Wed, 17 Jul 2019 16:35:30 +0200
+
 unzip (6.0-23) unstable; urgency=medium
 
   * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
diff -Nru 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch 
unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch
--- unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
1970-01-01 01:00:00.0 +0100
+++ unzip-6.0/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch   
2019-07-17 15:22:00.0 +0200
@@ -0,0 +1,22 @@
+From: Mark Adler 
+Subject: Fix bug in undefer_input() that misplaced the input state.
+Origin: 
https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Fix bug in undefer_input() that misplaced the input state.
+
+--- a/fileio.c
 b/fileio.c
+@@ -532,8 +532,10 @@
+  * This condition was checked when G.incnt_leftover was set > 0 in
+  * defer_leftover_input(), and it is NOT allowed to touch G.csize
+  * before calling undefer_input() when (G.incnt_leftover > 0)
+- * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++ * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+  */
++if (G.csize < 0L)
++G.csize = 0L;
+ G.incnt = G.incnt_leftover + (int)G.csize;
+ G.inptr = G.inptr_leftover - (int)G.csize;
+ G.incnt_leftover = 0;
diff -Nru 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
--- 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   1970-01-01 01:00:00.0 +0100
+++ 
unzip-6.0/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
   2019-07-17 15:23:00.0 +0200
@@ -0,0 +1,335 @@
+From: Mark Adler 
+Subject: Detect and reject a zip bomb using overlapped entries.
+Origin: 
https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+Detect and reject a zip bomb using overlapped entries.
+
+This detects an invalid zip file that has at least one entry that
+overlaps with another entry or with the central directory to the
+end of the file. A Fifield zip bomb uses overlapped local entries
+to vastly increase the potential inflation ratio. Such an invalid
+zip file is rejected.
+
+See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
+analysis, construction, and examples of such zip bombs.
+
+The detection maintains a list of covered spans of the zip files
+so far, where the central directory to the end of the file and any
+bytes preceding the first entry at zip file offset zero are
+considered covered initially. Then as each entry is decompressed
+or tested, it is considered covered. When a new entry is about to
+be processed, its initial offset is checked to see if it is
+contained by a covered span. If so, the zip file is rejected as
+invalid.
+
+This commit depends on a preceding commit: "Fix bug in
+undefer_input() that misplaced the input state."
+
+--- a/extract.c
 b/extract.c
+@@ -321,6 +321,125 @@
+   "\nerror:  unsupported extra-field compression type (%u)--skipping\n";
+ static ZCONST char Far BadExtraFieldCRC[] =
+   "error [%s]:  bad extra-field CRC %08lx (should be %08lx)\n";
++static ZCONST char Far NotEnoughMemCover[] =
++  "error: not enough memory for bomb detection\n";
++static ZCONST char Far OverlappedComponents[] =
++  "error: invalid zip file with overlapped components (possible zip bomb)\n";
++
++
++
++
++
++/* A growable list of spans. */
++typedef zoff_t bound_t;
++typedef struct {
++bound_t beg;/* start of the span */
++bound_t end;/* one past the end of the span */
++} span_t;
++typedef struct {
++span_

Bug#929082: unblock: razor/1:2.85-4.2

[Santiago Vila]

On Fri, May 17, 2019 at 10:00:17PM +0200, Paul Gevers wrote:
> Hi,
> 
> On 16-05-2019 22:03, Holger Levsen wrote:
> > On Thu, May 16, 2019 at 09:52:45PM +0200, Paul Gevers wrote:
> >> Well, if they are maintained by the QA group, there are at least around
> >> 90 people notified of stuff.
> > 
> > no. noone is notified about bugs in packages maintained by the QA group.
> > (or maybe some poor soul is, but noone is reading those notices *if*
> > someone receives them.)
> 
> I have just added an unblock hint. Santiago, could I kindly ask you to
> at least monitor the package (e.g. via tracker.d.o) until a new
> maintainer steps up?

Ok, I have just subscribed to razor using tracker.

> Don't hesitate to upload a version with the maintainer set to the QA
> group *after* the release of buster, despite of the fact that Holger
> confirmed my fears.

Ok.

Thanks a lot.

Bug#929082: unblock: razor/1:2.85-4.2

[Santiago Vila]

On Thu, May 16, 2019 at 07:43:09PM +0200, Paul Gevers wrote:

> The reason why it got removed, is that nobody was looking after razor.
> Otherwise, preventing removal would have been easy.

Indeed. If I had known that it was going to be removed, I would have
downgraded the severity of the bug before the autoremoval happened.

> > I'm filing this only as a DD and long-time user of razor because the
> > package is currently orphaned (#866833). IMO dropping razor from
> > buster does not really help our users.
> 
> So my concern here is the lack of maintainers. Who will step up to
> maintain razor?

I don't know. It's currently orphaned, so someone will pick it
sooner or later, as it happens with every other orphaned package.

In my opinion, the software is useful "as is" even if the last
maintainer is not active anymore.

We have a lot of packages maintained by "Debian QA" and we don't
remove them from Debian just because they don't have a proper
maintainer. We just keep them because they are useful.

So, if it helps, I would be willing to make an upload to officially
orphan it (using "Debian QA" as the Maintainer field) to be on par
with every other QA-maintained package. Personally, I don't think it
would change things a lot but if it's the difference between keeping
razor in or out of buster, I will be happy to make an upload for that.

(And if that's not enough, I would even be willing to put my name in
the maintainer field, only until we find another maintainer, but in
such case I would feel that we are being more strict with this package
than any other QA-maintained package).

Thanks.

Bug#929082: unblock: razor/1:2.85-4.2

[Santiago Vila]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please allow razor back in testing, as a freeze exception.

It was autoremoved because there was a RC bug in the BTS, but the
real problem was not in the package itself but in the razor servers
by cloudmark (for which the razor package acts as a client).

The problem is already solved. Details about this in Bug #924583.

I'm filing this only as a DD and long-time user of razor because the
package is currently orphaned (#866833). IMO dropping razor from
buster does not really help our users.

(No debdiff to attach because the problem was solved in the razor
servers, not in the razor package).

Thanks.

Bug#929012: unblock: base-files/10.3

[Santiago Vila]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock base-files. Debdiff is below.

Note: It would be good to unblock debian-security-support first (#928972),
or at the same time, because base-files Breaks the version currently
in testing.

Thanks.

diff -Nru base-files-10.1/debian/changelog base-files-10.3/debian/changelog
--- base-files-10.1/debian/changelog2018-01-14 00:36:34.0 +0100
+++ base-files-10.3/debian/changelog2019-05-13 22:25:32.0 +0200
@@ -1,3 +1,28 @@
+base-files (10.3) unstable; urgency=medium
+
+  * Add Breaks: debian-security-support (<< 2019.04.25). Closes: #928172.
+This is the first version of debian-security-support which does not break
+when /etc/debian_version contains a string in the form "10.x".
+
+ -- Santiago Vila   Mon, 13 May 2019 22:25:32 +0200
+
+base-files (10.2) unstable; urgency=medium
+
+  * Release candidate for buster as stable:
+  - Use "10" as version in /etc/issue and /etc/issue.net.
+(never expected to change after buster is released)
+  - Use 10.0 as version in /etc/debian_version.
+(expected to change at every point release)
+  - Change PRETTY_NAME in /usr/lib/os-release, adding 10 as version number
+and "(buster)" as codename. Add also VERSION_ID and VERSION.
+(never expected to change)
+  - Add VERSION_CODENAME to os-release. Closes: #829245. This is optional
+according to the specs but some people find it useful. Please note that
+for now this is only expected to be present on stable releases.
+  - Update README (buster -> bullseye).
+
+ -- Santiago Vila   Fri, 19 Apr 2019 13:05:00 +0200
+
 base-files (10.1) unstable; urgency=medium
 
   * Add CC0-1.0 to common-licenses. Closes: #859649, #882628.
diff -Nru base-files-10.1/debian/control base-files-10.3/debian/control
--- base-files-10.1/debian/control  2018-01-13 23:00:00.0 +0100
+++ base-files-10.3/debian/control  2019-05-13 21:00:00.0 +0200
@@ -13,7 +13,7 @@
 Essential: yes
 Priority: required
 Replaces: base, miscutils, dpkg (<= 1.15.0)
-Breaks: initscripts (<< 2.88dsf-13.3), sendfile (<< 2.1b.20080616-5.2~)
+Breaks: debian-security-support (<< 2019.04.25), initscripts (<< 
2.88dsf-13.3), sendfile (<< 2.1b.20080616-5.2~)
 Multi-Arch: foreign
 Description: Debian base system miscellaneous files
  This package contains the basic filesystem hierarchy of a Debian system, and
diff -Nru base-files-10.1/debian/README base-files-10.3/debian/README
--- base-files-10.1/debian/README   2018-01-13 23:00:00.0 +0100
+++ base-files-10.3/debian/README   2019-05-13 21:00:00.0 +0200
@@ -4,10 +4,10 @@
 * Questions about /etc/issue and /etc/debian_version:
 
 Q. I upgraded my system to the testing distribution and now my /etc/issue
-says "buster/sid". Should it not read "buster" or "testing"?
+says "bullseye/sid". Should it not read "bullseye" or "testing"?
 
 Q. I upgraded my system to the unstable distribution and now my /etc/issue
-says "buster/sid". Should it not read "sid" or "unstable"?
+says "bullseye/sid". Should it not read "sid" or "unstable"?
 
 A. That would be nice, but it is not possible because of the way the
 testing distribution works. Packages uploaded for unstable reach
@@ -17,9 +17,9 @@
 two sides of the same coin. Since the base-files package in testing
 was initially uploaded for unstable, the only sensible /etc/issue to
 have is one that is both valid for testing and unstable, hence
-"buster/sid" (or whatever is appropriate).
+"bullseye/sid" (or whatever is appropriate).
 
-Q. Why "buster/sid" and not "testing/unstable" as it used to be?
+Q. Why "bullseye/sid" and not "testing/unstable" as it used to be?
 
 A. The codename is a little bit more informative, as the meaning of
 "testing" changes over time.
@@ -31,7 +31,7 @@
 your /etc/apt/sources.list file is probably a much better way.
 
 Q. There is a new point release and I've just upgraded my system.
-The /etc/debian_version file now says 8.x but /etc/issue still says 8.
+The /etc/debian_version file now says 10.x but /etc/issue still says 10.
 Is this ok?
 
 A. Yes. The release managers asked me not to touch /etc/issue, as that's
diff -Nru base-files-10.1/etc/debian_version base-files-10.3/etc/debian_version
--- base-files-10.1/etc/debian_version  2017-06-26 00:18:00.0 +0200
+++ base-files-10.3/etc/debian_version  2019-04-19 13:00:00.0 +0200
@@ -1 +1 @@
-buster/sid
+10.0
diff -Nru base-files-10.1/etc/issue base-files-10.3/etc/issue
--- base-files-10.1/etc/issue   2017-06-26 00:18:00.0 +0200
+++ base-files-10.3/etc/issue   2019-04-19 13:00:00.0 +0200
@@ -1,2 +1,2 @@
-Debian #OSNAME# buster/sid \n 

Bug#928939: unblock: hello/2.10-2

[Santiago Vila]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello. I'm asked to make a release of hello to fix the version skew
created by the test security upload for stretch. Since this package
serves as example, there are several things that I could fix as well,
but I consider "safe enough" the ones in this debdiff.

This is not uploaded yet. Waiting for approval.

Thanks.

diff -Nru hello-2.10/debian/changelog hello-2.10/debian/changelog
--- hello-2.10/debian/changelog 2015-03-22 11:56:16.0 +0100
+++ hello-2.10/debian/changelog 2019-05-12 22:26:59.0 +0200
@@ -1,3 +1,12 @@
+hello (2.10-2) unstable; urgency=medium
+
+  * Fix version skew. Closes: #928887.
+  * Drop debian/compat and use new syntax to specify compat level.
+  * Standards-Version: 4.3.0 (no changes for this).
+  * Rules-Requires-Root: no
+
+ -- Santiago Vila   Sun, 12 May 2019 20:26:59 +
+
 hello (2.10-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru hello-2.10/debian/compat hello-2.10/debian/compat
--- hello-2.10/debian/compat2015-03-22 11:00:00.0 +0100
+++ hello-2.10/debian/compat1970-01-01 01:00:00.0 +0100
@@ -1 +0,0 @@
-9
diff -Nru hello-2.10/debian/control hello-2.10/debian/control
--- hello-2.10/debian/control   2015-03-22 11:00:00.0 +0100
+++ hello-2.10/debian/control   2019-05-12 22:26:59.0 +0200
@@ -2,9 +2,10 @@
 Section: devel
 Priority: optional
 Maintainer: Santiago Vila 
-Standards-Version: 3.9.6
-Build-Depends: debhelper (>= 9.20120311)
+Standards-Version: 4.3.0
+Build-Depends: debhelper-compat (= 9)
 Homepage: http://www.gnu.org/software/hello/
+Rules-Requires-Root: no
 
 Package: hello
 Architecture: any

Re: Please verify that buster related suites are functional

[Santiago Vila]

On Mon, Apr 15, 2019 at 07:57:20AM +0200, Salvatore Bonaccorso wrote:
> Hi Niels, release team and ftp-masters,
> 
> [dropping backports list for this reply, adding ftp-masters]
> 
> On Sun, Apr 14, 2019 at 09:02:00PM +, Niels Thykier wrote:
> > Hi Security team and backports team,
> > 
> > According to the release team's checklist we have the following TODO for
> > you:
> > 
> > """
> > Check with security team and backports team that it is possible to build
> > uploads for -security and -backports
> > """
> > 
> > To our knowledge, the relevant suites have already been created
> > (#917537) and ask that you kindly smoke test them to ensure they work as
> > intended.
> > 
> >  * Please let us know when you have verified these relevant suites or if
> >you have any issues with them.
> 
> The easiest thing is still to do as in previous releases and prepare a
> src:hello as follows (which have done locally):
> 
>  hello (2.10-1+deb10u1) buster-security; urgency=high
>  .
>* Non-maintainer upload by the Security Team.
>* No-change test upload for buster-security
> 
> upload it, verify it get's correctly processed into the embargoed
> queues, buildd's pick it up for build on all supported architectures.
> 
> Then the next step was to actually dak install it  and verify it
> correctly land in the security archive.
> 
> But after that we have a hello/2.10-1+deb10u1 in the security archive.
> Question to FTP master, can we just after this test dak remove the
> package again and let forget the test version?
> 
> I'm asking  because Santiago, maintainer of src:hello raised concern
> that we should not use src:hello for this final infrastructure test.
> Obviously we otherwise can just fork it. But as package it has nice
> characteristics as testpackage.

Exactly. Leaving aside the fact that we are highly skilled people
that could use all sort of sandboxes to test things and not the real
thing, if you absolutely must use a real package, for all means
use one that either:

a) Has a real security problem.
b) Has a real security history that will surely make subsequent security
uploads to supersede the "fake" one, for example, the linux package.

If this is not possible, I offered Salvatore and Security People to
upload base-files in a way that leaves no traces after the test has
been made. I still have to upload base-files_10.2 for buster with the
final changes, if you can upload base-files_10.1+deb1 and we can have
any assurance that this will not prevent base-files_10.2 from
propagating from unstable to testing, that would be a lot better than
a fake upload of src:hello.

Thanks.

Bug#926645: unblock: diffutils_1:3.7-3

[Santiago Vila]

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock diffutils. It fixes a random FTBFS problem which
has already happened on a release architecture but it could in theory
happen anywhere (for now I've decided to disable the test, there will
be plenty of time in buster+1 to fix the test).

unblock diffutils/1:3.7-3

Thanks.

diff -Nru diffutils-3.7/debian/changelog diffutils-3.7/debian/changelog
--- diffutils-3.7/debian/changelog  2019-02-18 14:03:30.0 +0100
+++ diffutils-3.7/debian/changelog  2019-04-08 14:04:00.0 +0200
@@ -1,3 +1,9 @@
+diffutils (1:3.7-3) unstable; urgency=medium
+
+  * Disable tests/colors completely for buster. Closes: #922552.
+
+ -- Santiago Vila   Mon, 08 Apr 2019 14:04:00 +0200
+
 diffutils (1:3.7-2) unstable; urgency=low
 
   * Increase sleeping time from 1 to 5 seconds in tests/colors for ppc64el.
diff -Nru diffutils-3.7/debian/patches/02-disable-colors-test.patch 
diffutils-3.7/debian/patches/02-disable-colors-test.patch
--- diffutils-3.7/debian/patches/02-disable-colors-test.patch   1970-01-01 
01:00:00.0 +0100
+++ diffutils-3.7/debian/patches/02-disable-colors-test.patch   2019-04-08 
13:02:00.0 +0200
@@ -0,0 +1,12 @@
+From: Santiago Vila 
+Subject: Disable tests/colors completely
+
+--- a/tests/colors
 b/tests/colors
+@@ -1,4 +1,6 @@
+ #!/bin/sh
++# Disable test. See #922552 for details.
++exit 0
+ 
+ . "${srcdir=.}/init.sh"; path_prepend_ ../src
+ 
diff -Nru diffutils-3.7/debian/patches/series 
diffutils-3.7/debian/patches/series
--- diffutils-3.7/debian/patches/series 2019-02-18 13:00:00.0 +0100
+++ diffutils-3.7/debian/patches/series 2019-04-08 13:00:00.0 +0200
@@ -1 +1,2 @@
 01-fix-race-condition-in-colors-test.patch
+02-disable-colors-test.patch

Bug#921977: stretch-pu: package unzip/6.0-21+deb9u1

[Santiago Vila]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello. Security team tells me this does not deserve a DSA but it's ok
for stable-proposed-updates.

(I know it's a little bit late for 9.8. Sorry for that, and no problem
if this is for 9.9 instead).

Debdiff below.

Thanks.

diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog  2016-12-11 21:03:30.0 +0100
+++ unzip-6.0/debian/changelog  2019-02-10 20:53:00.0 +0100
@@ -1,3 +1,10 @@
+unzip (6.0-21+deb9u1) stretch; urgency=medium
+
+  * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
+Patch borrowed from SUSE. For reference, this is CVE-2018-135.
+
+ -- Santiago Vila   Sun, 10 Feb 2019 20:53:00 +0100
+
 unzip (6.0-21) unstable; urgency=medium
 
   * Rename all debian/patches/* to have .patch ending.
diff -Nru 
unzip-6.0/debian/patches/20-cve-2018-135-unzip-buffer-overflow.patch 
unzip-6.0/debian/patches/20-cve-2018-135-unzip-buffer-overflow.patch
--- unzip-6.0/debian/patches/20-cve-2018-135-unzip-buffer-overflow.patch
1970-01-01 01:00:00.0 +0100
+++ unzip-6.0/debian/patches/20-cve-2018-135-unzip-buffer-overflow.patch
2019-02-10 20:53:00.0 +0100
@@ -0,0 +1,35 @@
+From: Karol Babioch 
+Subject: Fix buffer overflow in password protected zip archives
+Bug-Debian: https://bugs.debian.org/889838
+Origin: https://bugzilla.novell.com/attachment.cgi?id=759406
+
+--- a/fileio.c
 b/fileio.c
+@@ -1582,6 +1582,10 @@
+ int r = IZ_PW_ENTERED;
+ char *m;
+ char *prompt;
++char *zfnf;
++char *efnf;
++size_t zfnfl;
++int isOverflow;
+ 
+ #ifndef REENTRANT
+ /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,7 +1594,15 @@
+ 
+ if (*rcnt == 0) {   /* First call for current entry */
+ *rcnt = 2;
+-if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
++zfnf = FnFilter1(zfn);
++efnf = FnFilter2(efn);
++zfnfl = strlen(zfnf);
++isOverflow = TRUE;
++if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
++{
++  isOverflow = FALSE;
++}
++if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 
15)) != (char *)NULL)) {
+ sprintf(prompt, LoadFarString(PasswPrompt),
+ FnFilter1(zfn), FnFilter2(efn));
+ m = prompt;
diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series
--- unzip-6.0/debian/patches/series 2016-12-11 20:00:00.0 +0100
+++ unzip-6.0/debian/patches/series 2019-02-10 20:51:54.0 +0100
@@ -17,3 +17,4 @@
 17-restore-unix-timestamps-accurately.patch
 18-cve-2014-9913-unzip-buffer-overflow.patch
 19-cve-2016-9844-zipinfo-buffer-overflow.patch
+20-cve-2018-135-unzip-buffer-overflow.patch

Bug#903211: release.debian.org: How to handle unbuildable packages in buster

[Santiago Vila]

> I wish I could say unconditionally yes, but I am not sure we are ready
> for it yet.  If your testing can trivially say which relation in
> Build-Depends/Build-Depends-Arch is broken, you could cross reference it
> with the [excuses] and see if they are permanently rejected due (and why).
> 
> I am not sure how feasible that is for you, but it might enable you to
> file RC bugs for a subset of the issues already now.

What I have is a bunch of build logs made by sbuild.

Those build logs always have a line at the end like this one:

E: Package build dependencies not satisfied; skipping

I could of course use grep and extract some information, but I don't
see how that would reduce the number of reports.

Let's take "diffoscope" as an example. In the build log we can see this:

The following packages have unmet dependencies:
 sbuild-build-depends-diffoscope-dummy : Depends: apktool but it is not 
installable
 Depends: oggvideotools but it is not 
installable

and later, this:
   
report:
 -
  package: sbuild-build-depends-diffoscope-dummy
  version: 0.invalid.0
  architecture: amd64
  status: broken
  reasons:
   -
missing:
 pkg:
  package: sbuild-build-depends-diffoscope-dummy
  version: 0.invalid.0
  architecture: amd64
  unsat-dependency: apktool:amd64


In which cases an unbuildable package like this one would not force us
to remove the package from buster immediately if we were to release
buster as stable tomorrow?

[ I fear that if I'm required to investigate all the issues myself,
then I will probably not report anything at all because of lack of
time. In this example, the diffoscope maintainers should be in a much
better position to investigate the issue than me ].

Would be ok, for example, to report any package which has been
unbuildable for more than one week? (or some other sensible amount of
time)

Thanks.

Bug#903211: release.debian.org: How to handle unbuildable packages in buster

[Santiago Vila]

Package: release.debian.org
Severity: wishlist

Dear Release Managers:

I'm looking for guidance and advice here.

I'm reporting FTBFS bugs in testing, but I'm skipping bugs of type
"unmet build-depends" because I've heard somewhere that Britney takes
care of that.

However, I don't see the procedure is working 100% correctly (maybe
because of transitive build-dependencies/dependencies).

The question: It is still ok to submit FTBFS bugs so that the rule
"package in buster must be buildable in buster" is met?

Thanks.

Bug#864506: unblock: ruby-benchmark-suite/1.0.0+git.20130122.5bded6-2

[Santiago Vila]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear Release Managers: I wish this package to be unblocked:

unblock ruby-benchmark-suite/1.0.0+git.20130122.5bded6-2


It was removed from testing because of a FTBFS bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840572

But the bug was really only "random" so I recategorized it as
"important" to be in line with most other random FTBFS bugs:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=sanv...@debian.org;tag=ftbfs-randomly

The diff is empty because no new upload was required.

I am well aware that release policy says "packages are not allowed in
testing after they are removed", but that's precisely why we call
exceptions to these requests.

Thanks.

Bug#844264: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Fri, Feb 17, 2017 at 06:59:00PM +, Niels Thykier wrote:
> Santiago Vila:
> > On Fri, Feb 17, 2017 at 06:23:00AM +, Niels Thykier wrote:
> > 
> >> Santiago already brought it up in #844264.  I believe my answer in
> >> comment 70 is still relevant (other than I incorrectly used "after the
> >> freeze" when I meant "after the release").
> > 
> > Well, but when I said "Ok, will do" in Bug #844264, it was a reply to
> > your request to postpone this after the freeze, not after the release.
> > 
> 
> I obviously wrote the wrong thing

Actually, it was not obvious for me at all, this is what you wrote:

>  But I do not think we have capacity for that talk right now in the
>  release team (between an incomplete openssl transition and the BTS
>  breaking causing britney to migrate tons of packages despite RC
>  bugs).

You mentioned here two things: openssl transition and the BTS glitch
that made buggy packages to propagate to testing. Those were the
"issues of the day" at the time, and are now mostly in the past.

This, and the fact that no other Release Manager fixed your mistake,
is the reason why I believed you meant "freeze" when you wrote "freeze".

> and I am sorry for creating that misunderstanding.

Ok, but please let us face the consequences: I downgraded all those
bugs to important because I expected you, Release Managers, to give
some guidelines about how to handle them *before* the release.

If this is not going to happen, I'll have to raise those bugs to
serious again, following your own guideline (see Message #35 from
Julien Cristau) that the bugs are serious as a general rule (because
no other guideline was given so far).

If we really want to skip this issue for stretch, then we should use
stretch-ignore, not severity important.

Do I have your permission to use stretch-ignore here?

[ I would do that on any FTBFS-randomly bug present or future, except
  those packages failing more than 50% of the time, because IMO that
  would be completely absurd ].

Thanks.

Bug#851664: nmu: pcp_3.11.7

[Santiago Vila]

On Sun, Jan 22, 2017 at 04:41:59PM -0500, Nathan Scott wrote:

> > This is happening again and again (see bugs 776440 and 847149).  The fix
> > here is to get rid of the package until the maintainer catches up, not
> > to work around him time and time again, IMO.
> 
> I'm planning to start source-only uploads from the next pcp upload, so
> this class of problem should go away.

Please consider fixing Bug #805955 as well (FTBFS with dpkg-buildpackage -A),
otherwise the package will not be released with stretch.

(The package migrated to testing on 2016-12-29, but that was really
an accident).

Thanks.

Bug#850094: Please do not remove packages which FTBFS randomly yet

[Santiago Vila]

On Wed, 4 Jan 2017, Santiago Vila wrote:

> Please help me to ensure that we are not removing (yet!) any package
> from stretch because of any of such bugs (I think this mass-severity-setting
> should yield such effect, but I'm not 100% sure).
> 
> In particular, please let any such package propagate to testing again
> (temporarily!) if it was autoremoved because of any of such bugs.

I've checked and it seems there is only one package affected by this.

Could you please reallow "src:uncertainties" in stretch?

I downgraded #844571 to important in the mass-downgrading
but forgot to downgrade #844572 as well (which I have just done).

As a result, the package was autoremoved.

If the plan is to consider RC-ness based on probability of failure,
this package has a lot more reason to stay in stretch than some
packages which FTBFS a lot more often.

Thanks.