Bug#1070425: bookworm-pu: package numpy/1:1.24.2-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: nu...@packages.debian.org
Control: affects -1 + src:numpy
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
[ Reason ]
python3-numpy has an undeclared file conflict on /usr/bin/f2py with
python-numpy. Even though python-numpy is gone, it is possible to have that
package linger on systems, which will affect the upgrade to bookworm
(#1053649).
Note that python3-numpy in bullseye did *not* yet with the conflicting file,
so it possible for python-numpy to coexist on a fully upgraded bullseye
installation, only triggering this issue with the upgrade to bookworm.
[ Impact ]
Users who upgrade to bookworm and still have python-numpy installed will
experience an unpack error during the upgrade.
[ Tests ]
I did not test the upgrade scenario because I consider the change trivial and
the regression risk non-existent.
[ Risks ]
The fix declares a package conflict with a package that is no longer part of
bookworm (or bullseye, for that matter), so it will have no effect on new or
existing bookworm installs.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[ ] the issue is verified as fixed in unstable
[ Changes ]
The binary package python3-numpy will now declare a conflict on python-numpy.
This will ensure that python-numpy is uninstalled during the bookworm upgrade.
[ Other info ]
Regarding a potential fix for unstable:
As the python-numpy package is no longer shipped, it cannot be reintroduced
after a proper upgrade to bookworm, which is why I decided to not declare the
conflict in trixie/sid.
There is a remote possibility that another package will gain a new dependency
on python3-numpy going from bookworm to trixie, so technically, a python-numpy
package could survive the bookworm upgrade and then conflict with the trixie
upgrade. If that is a concern, I will add the conflict in trixie/sid as well.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEmwPruYMA35fCsSO/zIxr3RQD9MoFAmY3Q7oACgkQzIxr3RQD
9Mr3nxAAycMncFSAnDkiqT/Cu1AWs5RtECLt94UZ862GUi3WkkhSBMEbkxpI5ums
2CvpfA2CRAp2FkoaNY23YmL+yo8JpN5iAHHEvVKsabvNytV+PDkM4bXLe58O9llp
87TIxohuMUAjsW7huizYRJlvNTqPcwSYLDaM/V6Cr2tbeV8cSFdoUfCIoR+10F6q
B9Whp9x+kJaXiNMJ6tIG3uvK0C2FsHMArqNUBVrqDXOakjFgBajwJcuh9fs6/cLQ
Ur2ZlW8clTbIdltZGGmU+pc3Syg5QTUTHQ7JQP59MrLs7AqqqN1N7VssEetOJikS
bnjc9oiVlYzCQVKCabaYJWm/2qw0fUESSyBxH47RAZqTZ5U/NvSgRyWVnumDBYpT
3tkgVcRDJQwksKH07IdCBlOXjlGsm6awa7O45j1Gz0UMXLR7/zhBX3STm4+cF/78
Jk+tNREQ/UGZkjxwhWC910/JcdxsSN4iUXZKWhdMipJSqmBHeAKdBILB4A7ShFuH
dSneIl2vTOo/kC8dhdXSXN2Gzs1t4JuNrQRAs5hKLtj9ABwFwea9FzEDiWJHnygs
MK+o+ILto3c6DS/p24DgkyoGrxw7NlHAxl0Jl1WBnFv4YeuOtJoCVLNHbY4pSbyt
jOklCDgF81Ib2o7nxUXw5I8euRCq/NSpfEgXhGhEFFnUCt/lowI=
=IcBC
-END PGP SIGNATURE-
diff --git a/debian/changelog b/debian/changelog
index 9953311b..776d076f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+numpy (1:1.24.2-1+deb12u1) bookworm; urgency=medium
+
+ * Declare conflict with python-numpy due to f2py (Closes: #1053649)
+
+ -- Timo Röhling Sun, 05 May 2024 09:56:59 +0200
+
numpy (1:1.24.2-1) unstable; urgency=medium
* New upstream release
diff --git a/debian/control b/debian/control
index 6d723b4a..92fd0f24 100644
--- a/debian/control
+++ b/debian/control
@@ -37,6 +37,7 @@ Provides: dh-sequence-numpy3,
python3-numpy-dev,
${numpy3:Provides},
${python3:Provides},
+Conflicts: python-numpy
Description: Fast array facility to the Python 3 language
Numpy contains a powerful N-dimensional array object, sophisticated
(broadcasting) functions, tools for integrating C/C++ and Fortran
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index ..69a939b5
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = bookworm
+upstream-branch =
+
Bug#1061061: transition: astc-encoder
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: astc-enco...@packages.debian.org Control: affects -1 + src:astc-encoder -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition astc-encoder after a SONAME bump. There is only one reverse dependency (filament), which builds fine against the new version. The Ben file is good: https://release.debian.org/transitions/html/auto-astc-encoder.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmWnjM4ACgkQ+C8H+466 LVkI7wv/fx0B5AFI3EvuddCxwTHbie6pC5KnS0LdYlhGyl4FgEH1YDr6ZlJ8cATC XKlf0zWyQQM6jic4gJmkMbkBEyRjR916ZMn+KDCGJbSPbr+t8CG7S5pyuwaiNj7a lVboovIx0ZbgcYlA9TvsI9sY+5d7sYZM7lUgGBF8zvE2iGG1z8DggOH5+7YwfNSO 3E7AO5UBzy1YmWmQLJxdGCdNk8Jk7JfVAcye0b9Rq7bevSJUzfNWMYKt3CCCaX97 W0sEWHqWHW7clPH4psFkfov/kr96rBnnehIMFj2sti5HfdJ3by/JlPX77lOJ29Me 6H2uAbFWN2wmFDdwumMizKCNNyNj8dlPWpKCL5i6nr149xACKOn4zHO4q3zsGQKN JH4zBVdSgwMtQDx9Y3LCAe2c4FeWVG8STPVut04IbuoNzDu6oGiVHwvSxs3TcGwJ Ok+7Xqn9UsGei2qvsNbfWrn9PRITDmRXbEuLUIQojWmMGhuqH+uWm1mSULPQ3nhI 00zsZHum =t361 -END PGP SIGNATURE-
Bug#1057304: nmu: ros2-performance-test-fixture_0.2.0-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: ros2-performance-test-fixt...@packages.debian.org, team+robot...@tracker.debian.org Control: affects -1 + src:ros2-performance-test-fixture -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nmu ros2-performance-test-fixture_0.2.0-1 . ANY . unstable . -m "Rebuild against benchmark (Closes: #1054676)" benchmark 1.8.3 apparently dropped an exported symbol, which causes an undefined reference to `benchmark::internal::Benchmark::Benchmark(char const*)' when linking against ros2-performance-test-fixture. A binNMU seems to be the simplest fix for that. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmVruXkACgkQ+C8H+466 LVn5WAv/WyQ9BfZxjG9e6vDx2lGKvkTUSE0WnZ/V2wvwZXn1qytJDdKlsRuMuGTZ 9BE5usD35IKv2yuPnPjYNxB8cRfKZX2O5iDTVNf3WZ9puRpe7X5f2ydQevfsW7j0 foq+VZ5/dkWyNHskrOUXCZHewI59XNkrILgpRIel6A3aa0Nb13d6pn00775df244 zSrgB9eGzLH9fbZNI4TE63/re/CJAWBjS316qO5og7aAimELHldhxK2/RP+mZ2Av O0BGXl9d6j69L8CvpG0mSSH1iQ9ucbANM/4eUB5dKHMv24dLw+WV24Cy2J67scta B2ZJCnlSnxQ2l+MNCLPtakPHURuqEdDhMsVld3vcSiR6OawfAtG9v5W5AdVwGFRs abBLuUd+UaVS4zFBzQMKGoPXvvD5NVZWjj53Et5QziF37HkHuf9uw+V0MeVrNUfu 8ZiuOgk+BXZ2bF/oplASBqkr8aqtVWBMXkON15UXSrKLoUnL0Fmwk0HUL2B7fByH mX/9FT/J =g67D -END PGP SIGNATURE-
Bug#1053800: transition: libgit2
Hi Sebastian, * Sebastian Ramacher [2023-12-01 22:17]: Hoping that there are some good news regarding the bindings. What's the current status? 50% progress :) The Go Team replied that their one reverse dependency no longer depends on the libgit2 bindings, and suggested I bump the bug to serious (which I did) and proceed with the transition. The Rust Team did not react. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1053800: transition: libgit2
Hi Sebastian, * Sebastian Ramacher [2023-11-01 12:14]: There are no replies on the bug report. Are there any news regarding the rust bindings? No, nothing yet. All uploads in the past two years came from Peter Michael Green, so I am going to ping him directly. golang-github-libgit2-git2go upstream has fallen behind and Same as above. Are there any news here? No. I was prepared to ignore the Go bindings completely after they got removed from trixie, but Mohammed Bilal did an upload to fix the RC bug, presumably because they are a build dependency of gitlab. I'll ping him, too. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1053800: transition: libgit2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: libg...@packages.debian.org Control: affects -1 + src:libgit2 Control: block -1 by 1051877 Control: block -1 by 1053799 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition libgit2 to its latest upstream release, which requires coordinated updates of its bindings for some other languages: python-pygit2 is maintained by me. ruby-rugged has been uploaded to experimental awaiting the transition. rust-libgit2-sys needs to be updated, I filed a bug for that [1]. That package is also missing from the Ben tracker. golang-github-libgit2-git2go upstream has fallen behind and cannot be updated right now, although it is possible that the bindings are actually compatible and only break because of a strict version dependency. I asked the maintainer to look into it [2]. The non-Rust reverse dependencies seem to build fine with the new libgit2. Ben tracker: https://release.debian.org/transitions/html/auto-libgit2.html Cheers Timo [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051877 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053799 -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmUmqaQACgkQ+C8H+466 LVn/zAwAlD5A9DlxS6qXL4hXZy+laa76LxIt8pD811r+UHV1YKHgNVGg6CcKT0fE voTO1/qD9Xi8s7SpuO7Nm6NPPEnw9dtV6k94jl5Xnd3ge7DHb7gJsQUpul56vu+w KfboMNzD6E/lpPgiuVeaIj+IahV4crsU9WuNwbz3XPH26rbpUZCIuAbYoKKnBKde SJ+L/ep5kGPNKdMNghgJd6JbVhJJlU/wreOWfqAVMaV48TxAiH07M2Q2pg2XlOrD 3A3fUAPlW7jkaqrIbXRGR2x6g0oZlrRG6KGV+fDKwOSpbaOunOAKUnM2kOztdWNY HSMG1Pu75MDPCY8lSoOdmUq3UJfVQZu2InmxGlvDRoA34I22jOk/r2I6RFjYduSZ vRDBSfjPt/RxbKSvZjK3rFACWzumFnxTu3ahH8Xa20HqMW6RSBAb346i4BxHN1qR VaJTNyeoTGknLnU2U3awTbXUG46T4PcqeV3zeEFZwuVVNed/TUFIrCxNW8pR2HCv 9ZS0Dgh/ =2/Ps -END PGP SIGNATURE-
Bug#1051297: transition: tinygltf
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: tinyg...@packages.debian.org Control: affects -1 + src:tinygltf -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition tinygltf after a SONAME bump. I verified that Open3D still builds successfully on amd64 unstable. The ben tracker is good: https://release.debian.org/transitions/html/auto-tinygltf.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmT3oIEACgkQ+C8H+466 LVkf2wv7Bfaz42w+wjxOJ9Lgq/VcwLRYPpyW5qp4zq47xqgA3zY6QQ1457wFuSRg vmjXm3XZDTWV3tAAKItOlkoaVI6sFW46FcDBpNhVShY9EmVCSf3alCh2M87frEd7 CyqaznFRmkn8FiQscFXN/tiUjp8AMNP3GiYsUb7R0ppVnv2H9O4WcraPw4Nt6edH iAmPOTp4DZ8Uvh/GvQIQY1FoBmIKUKtP40Nj1KaFOnwcSRVTRKx8gOrYsYZ8Xe4V oT7dHtwwGYXUIwI6NjOi443J13EkZlEmhTLOKewnI/mEIuJ2rqGVVpbe4xkkSoSo d5q9sMrdp99DQRdwBej8J/M0eUrqxWh8QPbSlYfTcZ0hEut34g8chjkdNOf/RzdU bbfQmosDr2dynPtUoQsW6hD47EOtfuP+PfxjbOsKnfrKr8YlrWUR4dSfRwr2pttu 6nI5chXe/JCmy6fYKL1U2yTs5mNpbwwBzQl67wp9EMZQLc2eOU5NTTRpdmf1Dhyj lYwQL5ZW =5/Wo -END PGP SIGNATURE-
Bug#1039106: transition: tinygltf
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: tinyg...@packages.debian.org Control: affects -1 + src:tinygltf -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I want to transition tinygltf after a SONAME bump. I confirmed that Open3D builds with the new release on amd64. The Ben tracker is good: https://release.debian.org/transitions/html/auto-tinygltf.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmSYhTcACgkQ+C8H+466 LVlRrgv/YwCR/B5Z73XK09kHIrI+WrsOmA1Sjegx16OYAqkLhFJsUeJuXmkl6UO7 c/lXZw6OOcpiN0aiJOzmetzAGomdHFylXrDop5X1Z/1T/1PaTMIasxrk/uAmxVy9 vfDfAIgZ9geBfY+ni0pCFsP5ZApuvp8eEMVv8fbZRyt9uBCt2brg8qu0kYuO0KSZ WDix8208Vq03HwQbvacMoUbamK1EpzjgxAb9MTZKPhojRYyMOfiSYenmILDkU6Lz Lg0p/uW13w6Q+EQMNTcua4gGeEknmMWKuyNk0N5tadcuMQ+IECL+sLGpR/2a8vAZ apajqlPdg0DDCNWbICx5+btfAe6xMMTPZuxPHlr0ic/qeHNjfpqX6ccMlBrpdNoj oIh56y24+Hii2A4KHLYjT4xzpdUONNcuQ6CF3eKI79paWkKuHLpfx6Xd/8lqX05V yxBPPCZrRxIHtrsTpmKOr5Q1VgCVkJLP8T+J7o59VWg9X7Frg78YhyM9fdqeu3bm 58kRNFB9 =TeRm -END PGP SIGNATURE-
Bug#1039104: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: dr...@packages.debian.org Control: affects -1 + src:draco -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I want to transition draco after a SONAME bump. AFAICT the new version builds fine with the reverse dependencies. The Ben tracker looks good, too: https://release.debian.org/transitions/html/auto-draco.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmSYgdoACgkQ+C8H+466 LVkFDwwA0QTML+UwUCCo21sQ9kdO0orbo0CHQR4vL1KmtsOE7BQ7/hQDo36nK6Vk 7CwEYn6GglGiNiBGsikFtQCmcWeHn60pFXgvnDVTizq+vm0g1R9iNPUetnqZ+J6d jeCh3Mo3HA2vlkhIsudvwNRN6cVtLGUp/6glui9OQ8jJJToSzpNAKoiGVX7urJXF MJUqagDACOiuX3EJTHcxL8rF3rVB1s+PYvmp5oKnMYqbN2CBYbMHWWbKApkwAtgy ZBgqHQMZS6/mqEL4R1+v/j94ObsTfmRnX/8LlwsqaQmXnZLTu2IWXABCGbex8OFE sdmCQKYQdOI/j2Sa28mY93aRgZj2LX1B4GMSMBo9mUjeKXpRW8Wl+wOBTdk5Ofru yQIEXIYzLXNdjzQ11Gst414OFhkNT80Td63+DRT9hrvFqLO7JW6Di1zdGGe4FhaT eAAz97k1NAe8cz1bF0lZrsdMoV1cA+wcwlGE8MDmt8jDqo+Ez/xxZ1Zr8Dxda3hK w3+HwyuO =J0xZ -END PGP SIGNATURE-
Bug#1027967: transition: tinygltf
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: tinyg...@packages.debian.org Control: affects -1 + src:tinygltf -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to squeeze in this tiny transition (pun intended). It affects Open3D only, which I successfully rebuilt on amd64 as usual. Theoretically, this could be combined with the binNMU for the Python 3.11 transition if that is not scheduled already. The ben tracker at https://release.debian.org/transitions/html/auto-tinygltf.html is okay. I realize that draco links tinygltf statically, so draco does not appear in the transition tracker, but I'd rather fix this in the draco package itself. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmO2rSEACgkQ+C8H+466 LVk3twwA7UBUkvUyFjDHsaGEnd6eeLDB7pz+zBU2W60xk8djA1KMAM9ocO2snBaH 1Gwsor2pQuHekRvT21aOOl5nvamvgTE9IfUdO9bPme9QDzO+19NHGaqsNWzgJEWU 82CcdQORRC9XGB2PRBEgFGbde+4CuhrOjZCuD2Zrx3c6IJ4lb/Hfl5664Jvh10pj TUCUqrkAtpS3UwMdn2C0RgIs+ISS+LTqjNZVdFkuy9/GoieDelmOcUKgejtd44WT CbQ0L4gi1kTOYt9aZAmXx3DMwrwujdv8j0+mDZu3g4ocDOJngQbeWb1/iJm+fVzg mGkTiacne8XViQN/MseYGHxijdk5pBKnEQhr/AmcYzkOxhR8XaJAvcwHTRl+oY1H TjFZKFpubZCsH1uWimo43O0wfM7HUPYnJB5nyjl0uQbbW4OP4GivsfTNvzF1uMCA JeiUldGlgvxVvU33jwd0j8/l8NgCQFMgYFFauHh2nW+V2JycEDRFiozhfbF1knk6 u6NblzGY =h0Us -END PGP SIGNATURE-
Re: Python 3.11 for bookworm?
* Stefano Rivera [2022-12-22 12:44]: There have been rebuilds in Ubuntu that give us some idea of how much work remains. I think it's tractable, but also will have some package casualties. I have some spare time right now, and I am happy to help work on problematic cases, so hopefully nobody will feel left out in the cold with their favorite packages. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1008495: transition: tinyobjloader
Hi Sebastian, * Sebastian Ramacher [2022-12-18 13:07]: Sorry, this transition was completely missed. Please go ahead. Thanks. I'm going to push rc10 through exp/NEW first, which has been released in the mean time. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1023919: transition: astc-encoder
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition astc-encoder after a SONAME bump. The only reverse dependency, filament, has an unrelated FTBFS due to a changed struct in glslang-dev 11.12.0. As I am maintainer for both packages, I suggest I make two appropriately timed sourceful uploads to deal with the transition and the FTBFS together. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmNvlBwACgkQ+C8H+466 LVnnhwv/QV/sf2LirUH85oYd56X9uKKTuoT7O815tF6xKlierLwVRGTyIzOaYuMf g6KtJXzvw1sDmEpye2rT1ps0GC9yd5hd3qaJaxUTT1vFjnZGo8wbWmuYeGGBeQDu BT4PRQki9jrM247BW1bPJXVPFmQl6s8i2MeseoM7UNApOjKwXol8swg0BCYarcuX W3LGtBptN5ZqquT2vxTiAl4T4wIoICW9tNYtKPM0SZ7qcSGENAe2PMPFsbthgdhT JOJIgOi8EF8o5z2awsWZ5uXW8fY20NcRa0k+eTUPKeAMtgs5Sk5gXGaBoHLLR9pX Xud1SHFWv/pnfEOl3Anzypu9PrEAKKJ7jgpiWqZTiLqW4z+OF903BkBK15jLM8Sq U/Jpqsb5YX0ABYz91DyvrlkM9F8IC4b3hYEqnyjbBTJhPEYgI+8Qo+orbU9zrQis 0NouZJttG2mk5QHDDCYsXXdyAdUSMPMQtSpMHZeZ9VLuUhg2JZqZcnWVpXEZEOYa PpVov7H7 =aKqg -END PGP SIGNATURE-
Bug#1023352: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition draco after the new release had a SONAME bump. All reverse-dependencies build successfully on amd64. The auto-generated Ben tracker is good: https://release.debian.org/transitions/html/auto-draco.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmNiu6IACgkQ+C8H+466 LVmGZQwAy2aK0AW9028jDsgsshbQbnDwJKLRp/D8cy+MFBXwEeOJg55gzUieJN5i VUzFfZ2kdzu/4y2MSsxuizPbGYyKmQLQYWo0Pf81X+Co1PA1o7dI9D0sfD9xIXq/ ZtzHRmpxZPVLr+O+nI7blkssZVgd069SMViTZncv51miGtD6cJd7J4DHAqZZuy3k lEt8UabTogWYxHkx9qOihJrDpqb2cA74a021J9jZAFwy0eetZWRTV7AxhtZfjTMw C5ZQxNcKibwnX3xnjtUptay9h+LG0g0tQwRy4xBOog67OmSColI/0YAq45OTS6eA Kq0bqR49v6LIaeg7GoDnXEuY/dPljrnFcJOhhceopmPY+S2Ob/2QvhL4jfmUk6mT c58rDhq2zNeb6CLMyFhJuiTJowy/m7PQ/wHQb8a1pge00kjM2N0TxnOXamdbii+F DPcLxIag6fxFA+6474dJOvH3lpYapGydMvMCsOKLk2xKPkdD1D2phJdG7okUDQwe Pehe/JdK =SuIz -END PGP SIGNATURE-
Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
* Adam D. Barratt [2022-10-14 13:04]: Assuming the diff would be similar to that initially proposed, you can simply prepare and upload 1.0.0+dfsg-1+deb11u1 and we can sort things out from there. It is, so I uploaded the correct version now. Sorry for the screw-up, I should have noticed that before I even proposed the update. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
* Adam D. Barratt [2022-10-14 12:53]: On Fri, 2022-10-14 at 11:53 +0100, Adam D. Barratt wrote: Control: tags -1 + confirmed On Sun, 2022-10-02 at 19:38 +0200, Timo Röhling wrote: > The update fixes two vulnerabilities with low priority, i.e. > the security team has decided not to issue a DSA. > > [ Impact ] > CVE-2022-34300: Heap overflow in DecodePixelData > CVE-2022-38529: Heap overflow in rleUncompress > + * Fix low-priority vulnerabilities I'm not sure I'd use that wording in a changelog personally - more likely just "fix security issues" or "backport fixes" or similar - but it's up to you. Hmmm. The debdiff you've uploaded is rather larger than I was expecting, or was proposed. That appears to be (which I should have spotted earlier) because stable has 1.0.0+dfsg-1 and your upload is based on 1.0.*1*+dfsg-1. Is there something we can do about this? Should I prepare a new upload with 1.0.1+really1.0.0, for instance? Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1021130: bullseye-pu: package tinyexr/1.0.1+dfsg-1+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear release team,
I'd like to update tinyexr in bullseye
[ Reason ]
The update fixes two vulnerabilities with low priority, i.e.
the security team has decided not to issue a DSA.
[ Impact ]
CVE-2022-34300: Heap overflow in DecodePixelData
CVE-2022-38529: Heap overflow in rleUncompress
[ Tests ]
I have verified that the changes fix the aforementioned vulnerabilities
and do not cause regressions in the package test suite.
[ Risks ]
tinyexr is a low popcon package with two reverse dependencies
(both of which I maintain).
Both code fixes are localized and unlikely to cause further issues.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The update patches two statements in two functions
Cheers
Timo
-BEGIN PGP SIGNATURE-
iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmM5zIAACgkQ+C8H+466
LVnfmAv7BCTx2RPhA8gGGRGpHjQGY9o8gwWoTfKocWmPfJgEz3KLt3HntP7jo3fn
x6QooHIYCJ8iveUPD1J0zK5wgr//22Z9iER1Uuk/48SVAVKXDbuvak3wJer5ssDl
pAwluYXdMNREfOcu49sJ0cs5WmaPFsv7Kt1LLWfsTBRru3ekLwYI4AkHrCFpSfy0
SVEm4zF/99athm4Pd/teV1znvXcmhAW64UxoypsSJpdJm46kyZ2fHZPxMOVkaQGe
Vz4mROOoAMA60stDL0ot/iFjiUCen/dUlR/K8VP3h3l3NI6/hgLiGW7QvrVom07j
J0knQxnnMn+RVJGQRxaWFm/Qculk9xvY8H/uekvgZglWMxoW2FmJCvTnlizETCB6
MxIf0aHQRDgY+0g1VbAGsOZ12xjkTV5BhsKADN+eOHI0hfwiNJEkjMLVOnUNdnhC
qHYZILTfH4sTXs/xNlGJ49KJlFYmizsNwEIL0CTi6eVf062whzUFiRmDN/JYMvax
+/SrWuWb
=WbEi
-END PGP SIGNATURE-
diff -Nru tinyexr-1.0.1+dfsg/debian/changelog
tinyexr-1.0.1+dfsg/debian/changelog
--- tinyexr-1.0.1+dfsg/debian/changelog 2021-08-29 20:43:34.0 +0200
+++ tinyexr-1.0.1+dfsg/debian/changelog 2022-10-01 23:13:34.0 +0200
@@ -1,3 +1,11 @@
+tinyexr (1.0.1+dfsg-1+deb11u1) bullseye; urgency=medium
+
+ * Fix low-priority vulnerabilities
+- CVE-2022-34300: Heap overflow in DecodePixelData
+- CVE-2022-38529: Heap overflow in rleUncompress
+
+ -- Timo Röhling Sat, 01 Oct 2022 23:13:34 +0200
+
tinyexr (1.0.1+dfsg-1) unstable; urgency=medium
* New upstream version 1.0.1+dfsg
diff -Nru tinyexr-1.0.1+dfsg/debian/patches/0005-CVE-2022-38529.patch
tinyexr-1.0.1+dfsg/debian/patches/0005-CVE-2022-38529.patch
--- tinyexr-1.0.1+dfsg/debian/patches/0005-CVE-2022-38529.patch 1970-01-01
01:00:00.0 +0100
+++ tinyexr-1.0.1+dfsg/debian/patches/0005-CVE-2022-38529.patch 2022-10-01
23:13:34.0 +0200
@@ -0,0 +1,25 @@
+From: =?utf-8?q?Timo_R=C3=B6hling?=
+Date: Thu, 8 Sep 2022 19:31:26 +0200
+Subject: CVE-2022-38529
+
+Fix heap buffer overflow in rleUncompress.
+Backported from upstream commit cc1b199dd17b700c3130a53866ea462ab88e7f82
+
+Forwarded: not-needed
+---
+ tinyexr.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tinyexr.h b/tinyexr.h
+index eb5e5c0..ba05fdf 100644
+--- a/tinyexr.h
b/tinyexr.h
+@@ -1480,7 +1480,7 @@ static int rleUncompress(int inLength, int maxLength,
const signed char in[],
+ int count = *in++;
+ inLength -= 2;
+
+- if (0 > (maxLength -= count + 1)) return 0;
++ if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
+
+ memset(out, *reinterpret_cast(in), count + 1);
+ out += count + 1;
diff -Nru tinyexr-1.0.1+dfsg/debian/patches/0006-CVE-2022-34300.patch
tinyexr-1.0.1+dfsg/debian/patches/0006-CVE-2022-34300.patch
--- tinyexr-1.0.1+dfsg/debian/patches/0006-CVE-2022-34300.patch 1970-01-01
01:00:00.0 +0100
+++ tinyexr-1.0.1+dfsg/debian/patches/0006-CVE-2022-34300.patch 2022-10-01
23:13:34.0 +0200
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Timo_R=C3=B6hling?=
+Date: Thu, 8 Sep 2022 20:38:54 +0200
+Subject: CVE-2022-34300
+
+Fix heap buffer overflow in DecodePixelData.
+
+Forwarded: https://github.com/syoyo/tinyexr/pull/175
+---
+ tinyexr.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tinyexr.h b/tinyexr.h
+index ba05fdf..c36e6ec 100644
+--- a/tinyexr.h
b/tinyexr.h
+@@ -3568,8 +3568,8 @@ static bool DecodePixelData(/* out */ unsigned char
**out_images,
+ assert(requested_pixel_types[c] == TINYEXR_PIXELTYPE_FLOAT);
+ for (size_t v = 0; v < static_cast(num_lines); v++) {
+ const float *line_ptr = reinterpret_cast((
+- v * pixel_data_size * static_cast(x_stride) +
+- channel_offset_list[c] * static_cast(x_stride)));
++ v * pixel_data_size * static_cast(width) +
++ channel_offset_list[c] * static_cast(width)));
+ for (size_t u = 0; u < static_cast(width); u++) {
+ float val;
+ // val = line_ptr[u];
diff -Nru tinyexr-1.0.1+dfsg/debian/patches/series
tinyexr-1.0.1+dfsg/debian/patches/series
--- tinyexr-1.0.1+dfsg/debian/patches/serie
Bug#1021093: transition: ros2-rcutils
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition ros2-rcutils after a SONAME bump. I could rebuild all reverse dependencies on amd64 successfully. The Ben tracker at https://release.debian.org/transitions/html/auto-ros2-rcutils.html looks mostly fine, even though I would have expected ros-ros-comm in dependency level 2. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmM4v40ACgkQ+C8H+466 LVlD2Qv/dVq3i6htTlnsWKjM3fmiAhGvQG2SE2u3tIU7Yajo3BTGBeiRNBto5QCm yup2Z33g1VEGsOGNiwUwuxAhop8zsTQUwrgcqh8A8ZIHvSnKs2laTWe/V2JQzmwU ehaDC2d8mI1lnK6oA68dU8kwYgxFfelTh4long3qS+SqnaTaRf7f/ACn+C+Vm0jk gVQNLu3RFhAWD4SZ5ReU+UO0EeHbi/aAOsVlZhmhxQ5c/Qxa1EDxHRx4+rk7/jen TeTI3yZ9qGrCygM7ivbxBQ7fGWFB3nEehgLcabsA0ywtugQ1T9Wcz8g3iEeBHPbi UF4nA344L22rx6taWUi2on86a/BgZ2sNwuFNC++o4LM7y9kE1mx8vMz2tdQPMbpb jSNPuW0F1RYCV0HRSaNXrKXZ9eD4ZAHc8m2bLqKIvRzkp1I90YOJDzJczKrWhASh pjepRKgkEbE56qeGoDq1RO5K3+pt1O6/G5sdEBL6JLbIJ67lowkDUVMqmasbdUZ6 hYyn2Ow/ =BT9t -END PGP SIGNATURE-
Bug#1021092: transition: libgit2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition libgit2 after a SONAME bump. I've rebuilt most of the reverse dependencies successfully, some dependencies need special attention though: python3-pygit2 needs to be updated to be compatible with libgit2 1.5; as I am the maintainer I got this covered. ruby-rugged also needs to be updated; I have filed bug #1020632 for this. The Rust toolchain looks a bit weird in the Ben tracker at https://release.debian.org/transitions/html/auto-libgit2.html and I've had some issues rebuilding stuff following the dependency levels. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmM4vdoACgkQ+C8H+466 LVkwkwwA732Uf+Y/RX8Haou/QRcSA8kLFnKYANuoPATslY4ak5qbwC6b7JWTpaoj 6KB1oyHsWtOp4+52AHA3AQwEh+Ri5xZ2EkwMkxPgcGaV94YSaOfmFjt8TptXrUX9 WxPFkDAZGkvbKQL7ywzUAlDfQ0jOnEwOXDRL1gEmMtxWh29rBSmdPLYoYgUhQ3aC Bbjh7fvXMfy1UY04aLdo8oVxkU8SnsRkj/bRygIBI3lAuf+Dr8k2QsKkyREEhmYg nIlMVezZHXtkjqylxTfjKnE9Jl1aTCZhVn9neVqVz+5rNckiZWOxEwXxbPw4+IYa mcvUhE4iuNpDZnCHOMYMtW6jJwI9T0vC1j2NIOC0a56OLzhI8U431dd+uA/nNQZk /ib3y2Inx8c7SRlTJLd26RItEAOwmE5+y0hLXwZQvS4WgTQ0AwWy4nam0kngtZ7x 0C93cO6sqGzDye7I4LldTwLohQcc6AxlKq/EEmfuE/gtWuSBzBh4EJPdsoPHjGKB XLN1qQj5 =lLrw -END PGP SIGNATURE-
Bug#1017740: transition: draco
Hi Paul, * Paul Gevers [2022-09-05 21:31]: Do I understand correctly that you think this is a test-only issue? In other words, they can migrate together without breaking tests, but if somebody would do a partial upgrade (either one of the two), there is no issue? In even other words, there is no *versioned* relation (Depends/Breaks) missing? Given that assimp was specifically binNMU-rebuilt for the new draco version, I would assume they should migrate together. Do you have a scenario in mind where this would not work? Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1017740: transition: draco
Hi Sebastian, the draco transition looks stuck because of the failing autopkgtest with assimp from testing and draco from unstable. That failure is caused by the renamed CMake target for the draco library (now "draco::draco" instead of "draco_shared"). The target name is hardcoded in the assimp CMake config at package build time and exposed to library users, because it is a public dependency. This means the autopkgtest uses the wrong target name if it tries to build a test program with testing assimp and unstable draco (or vice versa). Unless I'm missing something, this also means that both packages can simply be migrated together to resolve the transition. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1017740: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition draco after its SONAME bump. The ben file looks good: https://release.debian.org/transitions/html/auto-draco.html All reverse dependencies build sucessfully on amd64. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmL/20sACgkQ+C8H+466 LVluVwv/ZqAVTnKQPAl3V9qwU+9IilDYOuyUhDySmZVwXq79LlIWxTOgCpSHrxAX 4WxOVBUrfCSG7ZkOYvyJ/Do9B/mSI8K5kZ8P+gj8ot5vF+95aq3QftDw5csa3eEH yEGzdugc42qsKSA1wtNYE1cdC2n8UBTPCePY0OB86/6QHEXFUzhHaz+gGQooKNHd k8hsW3Z4941KespUyqWB+Qdc//E1BeTVAtzQ52yfTw0GKVMI83iPh2q0B4Umuqts 1Y0KlzijgBfCEUdoU7gqDZ6tYASFiDf7SxKeOPdaaX2o+ugKZO09M4fEAo5pjVKg j0JkLtjNCplNSm09mFVZXJsT0wv1/IrlJ4G1YYyY/cseB8wKgi5J7LfK8Bn1dT4L 0b3r2ldaq4y7ukyZg/d2Im10m3nOrv7kl8Y6xOTrRLgWpMfq7GkCLGM6g84+skKd /nCp0pPrd3YzDD/Nt1heUFAyFtmAakh1eV6flqIEuyQjqkSfU6YzN3+jd2mM/Vau tcstoFPF =X4pv -END PGP SIGNATURE-
Bug#1017705: transition: benchmark
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition benchmark after upstream broke ABI compatibility with their latest release. The tracker at https://release.debian.org/transitions/html/auto-benchmark.html looks good. My test rebuilds on amd64 had the following outcomes: - - openrct2 has an unrelated FTBFS [1] but builds OK if worked around the issue by dropping -Werror - - ros2-performance-text-fixture builds OK - - pytorch fails to build, but is RC-buggy and not in testing Most packages depend on benchmark for build tests only and do not ship any binaries linked against it. I did a few random rebuilds without issues, but did not test the archive comprehensively. Cheers Timo [1] https://bugs.debian.org/1017596 -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmL/RrIACgkQ+C8H+466 LVkn7AwAwhU1yxPb1cVlUtKpP51yaLBuxDP79tkW+XCMorfUeQ52R0Rnllhr83uy WyVAQ5R7J8ItvBvq2n8ZzfI8zhxO/2itRMw0FO8/M6ol4ZUhI7ZIMGhRgajD6TFm WWWt50cDBRBflNH9gDlzdhEoBfMgaLFYaR3dsKBkHUnVarTIlX+sy7Cz4DuSPXU6 wdCNhyeSB04R9ow8oZJKwsbfszvBTl3r+aijFzb3KXIejbZIRFolAakzS1xihyF8 DLgjYNnB4/Aiyg4j+uZ3skVw+MZfSc5DrDzFxTf3QnRy1Ee4Zl9xPuJDL59smuEY K2yglx3mc+L093MJIQjRfq2LGsW8dQ1zveJ781Cl2WR+3Sb54jQSYrhyQAIoZhP6 w5orDpERbf0uOZpmBszIHayDoyMovnSnM/PXtsgPwxEjVtscUwmGUPEqDJIhDDdF lwBSFQCmfvcIyDWn7UnR8SVe5/mt6h+wdtM9uQC6MV+Z49bJkh0B9cViwjnOqLPf +IJFNlWX =bEYb -END PGP SIGNATURE-
Bug#1016763: transition: foonathan-memory
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition foonathan-memory after a SONAME bump. Its reverse dependency fastdds builds fine on amd64. The auto-generated transition https://release.debian.org/transitions/html/auto-foonathan-memory.html also looks good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmLuvOwACgkQ+C8H+466 LVlFbwwAosyY9Z0G7/xVe79e6W551tnOsVnPgtFEKNartcJxdxKW5lBmqAhmIV9o xrRA4CJFiuSqO2vFUtpQQpQlcKL+agtJVFBTtxcxV/xphecyetTuaJSNkWSqo7Gs u189sdFXulmFfxob5nElIhwEQ/PTBl580Qqy//urpsiCAvZsIk9aF8yooXHouygN s1W8uDOm6kaeehGjaDJKN3PF8msUXps8HRFT24VG+CNu3g+NqEYvd5DmeCAL8rKm F+3rSaFuJQ9GVL62cO29h7EAgO36eJ25tBqjr76dp7yTgKExTXMrwmMZA2Lu+9/6 Z8lvOBKccCEjAURKpPg+bVWnokIYYZOcYwysnS3LQoeA+mrlCfWKWRIDoLTnBefi xianUvlaXJ9lUMAFWY4H0B4SfLTbnXkkq9U2qXpWduBFt88Xqk3tvQemvisJ1IQP 9x6cNalXALuZHhWVa3lPFWGUco7AjeSPu4tRX3mGdfbIHPrNhkcbQfrD4cq7qiJr TlSO1sd2 =oEaE -END PGP SIGNATURE-
Bug#1016756: transition: meshoptimizer
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I'd like to transition meshoptimizer after a SONAME bump. The only reverse dependency, filament, builds fine on amd64. The auto-generated transition https://release.debian.org/transitions/html/auto-meshoptimizer.html also looks good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmLumN8ACgkQ+C8H+466 LVkKeQv/Vb0+mfmqH9Ex5++1vxoY3m4TcsvEOX7n6RHMGBV464XesvSl1SnneH+D +/7sqNDZz1kCbA/CW09D4SV1/VN2E9nS7xDiZjxAUiSB6ggzdFsZOuFpFAtG2T5Z V+6LAiLJDLGsjkqmN3sDUgErh7eFpREYNz2E2En3zk0XsJ9WXDqkZCEB14lv5DtK hqWcAg5jC5PFjKw2BkrL3XvW9Gv2TvXufx+smgRpj9QId2NZ+sJDgBYq+6A878Ao KYp6tmxYEHvC5mRKwT4YdowJPQQ2bULUJeY666dKAhikSuee1IGWEc2TzqehflhD qRlxufy0raIsu+zob+wHe7kkJUu4bZ9M73pDGHDFn5BNwD5zlkiFme3rwz9Nq9Na oAh3ZMUKL7BodGc8FgDaOs7iCA35sDs8E6ZXpCOlEYyCzpP1XjdnYBfQjDdTmGGV QABHAJBI2rAzk7zK7cPTBhcnZOreosORNP+Cu16MZikCiYDfgYJLGW9CZgyW/Y++ dn8NRlU/ =HMqu -END PGP SIGNATURE-
Bug#1008495: transition: tinyobjloader
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition tinyobjloader for its new soname. Technically, this is a simple transition, the reverse dependencies build fine. However, the transition is unusual as it is not an official release, so allow me to explain my reasons. The initial upload was with 2.0.0~rc5 around April 2020, because it was required by Open3D at that time. Upstream assured me that a final 2.0 release would be happening in early 2021. Some development occurred (which broke ABI backwards compatibility) and some bugs were fixed, among them CVE-2020-28589; however, the final release never materialized. Now, almost two years later, I find myself with an "in-between" ABI version that is no longer .so.1 but likely not .so.2 yet (the TODO still includes some "API polishing"). It is impossible to predict when upstream will find the time to finish the 2.0 release, and I would like to have the bugfixes in Debian at some point. Given that this is only a minor package with few reverse depends, I felt it was fine to have this "in-between" transition now and the proper one with .so.2 whenever the final release happens. Let me know what you think. Cheers Timo PS. https://release.debian.org/transitions/html/auto-tinyobjloader.html looks good -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmJAnnYACgkQ+C8H+466 LVk67AwAo6qohyBPGDq36lxSFbEW/E6qZHNWBr239hVMGNT63DzhvRqRO4KOdt9C xoQYSRrFXP5oQRKXh6EosmHK/uHxVNAH1IG8xyWpe7pdD6QvzKhnVGpZiKQviGEe iixw92dqWx0R72fuBUzojqeAT1v680t+upshDYm0SlrJWZGym5emJUBs+6LRcx5o F6l9z3teuIacHeUyt/L1J9aoWHS9GKmFyoIgZMYWFMC+D0t03osvUuikDawc3v6P JGrDpDU9pDpLIPUwcT9R/YP8vYq12PfTJnKgWDjCCk5vOADdYbOCgpbu7GkqZFcQ eQBpS45aULq539W+oKpuaeMtXPMkZvFkBExdlvnVmyQ5fX4V16wRyrTci7C+vrwA VXG4TaUF2MBmO6pNnbjCASzblz7A2IJiEdMWeXjej7XA5ZZZ7bGjJe8WcTHpXG9n yRmP7AjJvEtID6oQbTRkJeqpz8sVxyfvqLYMjqECA/pzyX2lCtXOI/Qv16g6wHyk pWesoHlP =rcmR -END PGP SIGNATURE-
Bug#1006814: transition: astc-encoder
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition astc-encoder after some backwards-incompatible changes to a user-visible struct. I verified that filament, the only reverse dependency, still builds on amd64. The ben tracker at https://release.debian.org/transitions/html/auto-astc-encoder.html is fine. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmIjpgYACgkQ+C8H+466 LVmTaAv/dz08edid89bdSTXYokXlE5KDItHVfzZvj6OQ3G2fBje5yavaeD75ISMK TnMO5HS5eMoSCrHSjDY7nNyB1tfOg2zjSf0/ZXTIiPtJmREohklv6+qIx7BD8oUL 8uP5fqKkWD8vsfqgZOO17Cn3jH84U0sj/MHQPAbEyhA9OsXNFmKD6ZOzRkYWqDZk 38HA8V4k4F8+W0mk4s1Fl0KyQB5Iraql0ahUGS61M0WOqc0FcLG2xl6IhbpisOs/ MQtcZmb66VuBMXp81Yd1XUPMrblu74MqacgWcvrWWlcAbs3Qme8Bn/sEApc6RzwU TGCSSN5jg2m4RmMOC3BPx63vJaxe7VSDl7qMYyxMlN4z6ckQP7GEdWEWSdmJp/2b jJ/1oqDPXVmRhZWujdkpKuXQflQ1jugYntDkz0IHy0Ox97ZEsCHD4Q34aD1LDclP tzpQGkbRoJPvhikIAKOK4Ja32b5vL5wRTtvbl+btbW9C06cpqkjDd+2DsgiWwj+I jvcXD96X =Tpkl -END PGP SIGNATURE-
Bug#1006000: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I would like to transition draco for its new SONAME. The Ben tracker at https://release.debian.org/transitions/html/auto-draco.html looks fine. I rebuilt all reverse dependencies on amd64 successfully. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmIP7igACgkQ+C8H+466 LVmh9gwAwzoncl2MZpdYBiMAmFo2PyIUWLEDaDaVw92lmSr4+j7tm2ziycneToWF aby8OMO2uaYuN1F2U6w1pasL8iG7/pSAb3H41y0Hk15rVre2872JWbxZjuiUzqoi 2Cgfq9duyurIissI/LbQUWwSaftZWMvh0D47yS2KHBb0riyW6qLz31UWoWruTIch BCHZd/rAcoMqleTCS7yyHwU2zzcqHVxiZO/h09Ca8TiLLpRSWV/+CENXYpWjddy/ 7XK//jk2Ho/J+TrZ6L87vJnjAj7dqHN4BHC2NmgjnXdGZqM5GtjjWLbLa4gZkc8W xMRsXOx9O9OOMLee3rrsz/zcDM+NsCVdxFC/gMXFCQwyLpQYJyBMastmutFLqj31 jlZcs94uNLe1pna52SdyuHaCA1ySXTUSTiT+7OUQUsSjKypwPer31WiVGc+GzWFu SWP9ggdOgqFIO5V5PJ8Fg1R+J8YOG/I8xaiP9S8HHM35qiikpboSzdGwE1+Cl6Lu QgsJNY/r =KDXa -END PGP SIGNATURE-
Bug#1001865: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Release Team, I would like to transition draco 1.5.0, which has a proper upstream SONAME again. I verified that the reverse dependencies, pdal and assimp, build successfully on amd64. The autogenerated Ben tracker looks good: https://release.debian.org/transitions/html/auto-draco.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmG9FM8ACgkQ+C8H+466 LVlWxwwA8W/NOK4OI+pIvsAkAzTq1WtxJfIQ5bzP+Ixaf5gXMzRvivWzoJVr8Tsk xbKVFok1zF+7pjcj2iQZSnjhJaLc8zK5cObCMfp7FeKqDdM4QWXc37JZF8QM8Iky sylhVg2uSFpxnpBijnJ1qHqi11P2iWqg2Gqx7iwmetQUSm5tylGM5/KtP5vPXY9P gST6LzsA+kdVFqpZLqmqQJ8cG+FGKTGT1joxNSe1QMcThUXa3IU5DFu7LMtA5NTA BNpzDJ+PiEn7e6S6FsXTRo5Rv7qzJX6/8DTq2nIHlfbAM1/YXUagHlVPaKBOTGK+ c3HiAgES+LVSMFsn7cF+mKB6KkxT+v/K25gCA9S3ubUzMwmtWIwCFwzrCi9NyOzV 5gpAGd3uHa+vL2KoOq0O572VMxWO8jyy8NC6QhVQ6GK0WIE2J63HwGK2eTcw09xr NCM05PRYzdG6hf95AWumQ5qjF+TdcvYrF02xzGo00VACm9uy0DLQVUDhrmf0/CaK CxyVTf4s =sxgs -END PGP SIGNATURE-
Bug#1000374: transition: opencv
Hi, * Sebastian Ramacher [2021-11-22 20:34]: Why does the name of the -java package get changed? For the Java ABI nothing changes in this case. If you compare the produced class files, the only difference is that libopencv_java454d.so is loaded instead of libopencv_java454.so. I gave it some more thought (and discussed it with Jochen), and I ended up reverting that rename, back to libopencv4.5-java, for 4.5.4+dfsg-5 in experimental. Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄ ╰╯ signature.asc Description: PGP signature
Bug#1000374: transition: opencv
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I would like to transition OpenCV with a bumped SOVERSION after an ABI breakage by upstream [1]. The Ben file [2] looks good. Cheers Timo [1] https://github.com/opencv/opencv/issues/20878 [2] https://release.debian.org/transitions/html/auto-opencv.html -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmGbYlAACgkQ+C8H+466 LVnDaAwA2GMci6RR2G1ohT8zhA3MA/lHmsKO6fyuqriKz5Up4LkiR4NlYogpcdOq JhsqUAmMrPyY9bI3dnHkFxG5AKFDiiPuvsA5eOz/ZwwuUmv9JBX7fisA01xirhiW LRzeNvIwdSLSsXa35OsH7hIALKbjSUJ2z3xZVdxR+NTfka9wl9MVnP0AHAIOGq5W lbbkL4zigwWqYy4exzkgBRpHFkP5t0HfKZUjGcoQTGeRQlFVZXCA1QV9v2P/aMuI yISn0o2KBJZnLzGJqMuGocyIycqUvXl8CO0vO6TX+A5wd3wuMzM0uymPUs/IMIaj D5R9LQqD49ayYsGUCwK6w0GLWaJjTKDk4/v3VnpkJCeYGUz0nZ/qfb5mvgqeZfcN kSlo7H+g0PdSc/XferClh27ozNjthn6LuUr3C8g5rJ9Y+dPTCID+NZWtcKOH7TmX waSGU2zVvN3IJmuz2X34e38rs4b6/i6JnWqCn1KgaQUHRDbCRzViIcCPb4pC3mFI pHVAygIm =8Q2P -END PGP SIGNATURE-
Bug#999770: transition: libjsoncpp
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I woud like to transition libjsoncpp after an ABI version bump. I rebuilt CMake successfully and I don't expect any FTBFS issues, as the diff on the public headers shows mostly added "noexpect" and "const" qualifiers, which will not break existing source code. One hacky "volatile" qualifier has been removed from the SecureAllocator::deallocate() signature in json/allocator.h, but codesearch.debian.net tells me that header is not directly used by reverse dependencies anyway. The Ben file at https://release.debian.org/transitions/html/auto-libjsoncpp.html is good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmGTqUYACgkQ+C8H+466 LVmBAwwAkXJS3XQgdwR4JyN6idMw/K3KrPpYLde68q5+lHOKjLUCOgcvs1gPDOfh gDI0sCOyjOocYVYy/08CHhDitOXbZxPDuYU5LLoqoORgFyaycIPMmM5zmgZnQvWA sYCe/DeLbgKSZEdvyZEurLx2T1S0QmudR96garFiIti0J9WsM6KWNDCzK6m7PVZt ZhOZ+UMBCDFzjeejTo+Nl8HQ4punVUNGmRmu4xjF5OafFmzKfPclJx2EIJOXJMyp NMV4aoqDhic+4eBSk6Epogo5bEHFQry9H2+AJtt+0MBEV7wG5tDE0eVCOSdd3TXy qdLWlfIF1vkQM8J2M6Z4eESnSeRVQK7615fFkzaZSpS6us6NaF2AJsP/acgNqJTi vIJkj8NBP/tBOR6+tkXWLy2HQCokTdbqBKtAS2YipWZNO4g9LmUFhGxeOeRCKbSS oarHOuz8YfnR8D9YGZqb7mo3UrnNRJZuivq2kYmr6hZC6aP/6v7HQlH+yvOcXrD7 fe+lvyli =oOjg -END PGP SIGNATURE-
Bug#997695: transition: draco
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: roehl...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, the draco library needs a transition after an ABI break due to a refactored class in a public header. I notified upstream that they forgot to bump the SOVERSION, but they did not react yet. Fortunately, none of the reverse dependencies (PDAL and the filament library waiting in NEW) uses that refactored class, so the transition should run smoothly, and my local rebuild on amd64 was successful at least. The auto-generated ben file is good. Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmF1LFoACgkQ+C8H+466 LVmFkgwAqAfVlDMCoa6XBfCBPnzUqv1oHnrPHMTKx09keKTWsxAAYaQULy1ieLhm e3lSm+yJHx8UJW0O1poWQiYGslWceQ8iF83SCF8PWpudvoX1T3j8giuRIO1aY+a9 XhP92QSW7iNt/QqHrg2tImsECTsqfnYSJ/BJNUI2wm+oUm5zdy4wByqk5AWRBFot tgONw2hyVKjGSPmd+KnmQsm8zixKdYa6uY+1tKLSvMUnQeP7sD4ViqAVcLlPMAae QYcD2dk+O6ZlwgsAhW1INrlmcjcOjXmMGFEJNnTKRG7fV6xF9qwwnGOf+/aoU8DK 9fp8y7iFtnnnlC0ZWXoE2wEhuhLl3VVFRvJjgENE3aNEdjJwMk3+nMgA0R1HpToa RiJOLWjxUvoZmrdJnbOlYkp6pn9WscLenLiETPjpdXzkd+flBRfrh34SL93KCS7y kLdABmI6jwjwYbcnMCbH8fQZNP0Hes/mUXD/gUo6gQyzQIpM8AaN7Ar18vSQEBhm JGnN4K7X =//07 -END PGP SIGNATURE-
Bug#996283: bullseye-pu: package open3d/0.9.0+ds-5+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: roehl...@debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
[ Reason ]
Fixes RC bug #993622 in bullseye
[ Impact ]
The user must manually install python3-numpy as required dependency for
python3-open3d
[ Tests ]
I verified manually that python3-numpy is now listed as dependency
[ Risks ]
The risk is fairly low, especially considering that open3d is a leaf
package with no reverse dependencies in bullseye.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
numpy is added as install dependency to setup.py, d/rules is
adjusted to run the dh_numpy3 helper, and python3-numpy has become an
unconditional build-depend.
-BEGIN PGP SIGNATURE-
iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmFl8psACgkQ+C8H+466
LVmewAwAsGQFskpQYz+YAZSn2m3G8qphhZKiwaW9RTXFTU9yyxFvYs1bpb40IH4Q
baYSfAmCrxuQQcA4GG8O5Q77lX+DlnnNUZ6h80Psrm3GYOWlcWWb+xOgZ3NV5SI8
VDevp7I/6bwQJq+y9mDNyDh1yczv5927yswRZ3L/O14eU8s888PTWlbTNtZect78
Tnl0tLJCKYvrJqqGKx0tub6P3HxayC7mTwyfs8l1KDYfs+asWz70wQ+77RNsA0am
JG5hnXML18IJOX6f17nV6eJG6x01QyndSqgcgb+zK3xxnS+4NQSKkWQ2v1qCPqrT
TY3TDFuRYooW8bDMsgI/1CN1WDqp9XVgYDPMe8eWTAJ0bytlD0wnl1NI3pOp4PwS
bhXMF8peaqH/CmZkfmeB4/rEGAYhYUobZcqOm1j8NS8M3zKUEfoSe2DiAJlLOFmQ
2f5p8vIH921eHqC1tHvmlNOnoNgovwYtPNjgM18qadg7VKCmlBRoULEteyWAuC9O
ZBXx/fdN
=NOHb
-END PGP SIGNATURE-
diff -Nru open3d-0.9.0+ds-5/debian/changelog
open3d-0.9.0+ds-5+deb11u1/debian/changelog
--- open3d-0.9.0+ds-5/debian/changelog
+++ open3d-0.9.0+ds-5+deb11u1/debian/changelog
@@ -1,3 +1,9 @@
+open3d (0.9.0+ds-5+deb11u1) bullseye; urgency=medium
+
+ * Ensure that python3-open3d depends on python3-numpy (Closes: #993622)
+
+ -- Timo Röhling Tue, 12 Oct 2021 22:23:10 +0200
+
open3d (0.9.0+ds-5) unstable; urgency=medium
* Bump Standards-Version to 4.5.1
diff -Nru open3d-0.9.0+ds-5/debian/control
open3d-0.9.0+ds-5+deb11u1/debian/control
--- open3d-0.9.0+ds-5/debian/control
+++ open3d-0.9.0+ds-5+deb11u1/debian/control
@@ -18,10 +18,11 @@ Build-Depends: debhelper-compat (= 13),
libtinygltf-dev,
libtinyobjloader-dev,
dh-python, python3-all-dev, python3-setuptools, pybind11-dev (>= 2.2),
+python3-numpy,
googletest ,
doxygen ,
jdupes ,
-python3-sphinx , python3-sphinx-rtd-theme , python3-numpy
+python3-sphinx , python3-sphinx-rtd-theme
Homepage: http://www.open3d.org
Standards-Version: 4.5.1
Rules-Requires-Root: no
diff -Nru open3d-0.9.0+ds-5/debian/gbp.conf
open3d-0.9.0+ds-5+deb11u1/debian/gbp.conf
--- open3d-0.9.0+ds-5/debian/gbp.conf
+++ open3d-0.9.0+ds-5+deb11u1/debian/gbp.conf
@@ -1,3 +1,4 @@
[DEFAULT]
component = ["PoissonRecon"]
+debian-branch = bullseye
diff -Nru open3d-0.9.0+ds-5/debian/python/setup.py.in
open3d-0.9.0+ds-5+deb11u1/debian/python/setup.py.in
--- open3d-0.9.0+ds-5/debian/python/setup.py.in
+++ open3d-0.9.0+ds-5+deb11u1/debian/python/setup.py.in
@@ -74,7 +74,7 @@ setup(
description=[
"Open3D is an open-source library that supports rapid development of
software that deals with 3D data."
],
-install_requires=[],
+install_requires=["numpy"],
keywords="3D reconstruction point cloud mesh RGB-D visualization",
license="MIT",
long_description=open('@TOPDIR@/src/Python/README.rst').read(),
diff -Nru open3d-0.9.0+ds-5/debian/rules open3d-0.9.0+ds-5+deb11u1/debian/rules
--- open3d-0.9.0+ds-5/debian/rules
+++ open3d-0.9.0+ds-5+deb11u1/debian/rules
@@ -15,7 +15,7 @@ export DEB_CXXFLAGS_MAINT_APPEND = -faligned-new -Wno-psabi
BUILD_UNIT_TESTS = $(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON)
%:
- dh $@ --with=python3,sphinxdoc,pkgkde_symbolshelper
+ dh $@ --with=python3,sphinxdoc,numpy3,pkgkde_symbolshelper
override_dh_auto_clean:
dh_auto_clean -Scmake -Bobj
Bug#994809: transition: foonathan-memory
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: roehl...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, I'd like to transition foonathan-memory because of an SONAME bump after some ABI breakage. It's a very simple transition with a single reverse dependency, and I verified that fastdds rebuilds with the new foonathan-memory version. The auto-generated Ben file is fine: https://release.debian.org/transitions/html/auto-foonathan-memory.html Cheers Timo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmFJoBEACgkQ+C8H+466 LVnOGwwAka+LUL8A7BHD6afk7boEZKYXJrAomlWIdfOC0b9fDBsuSumlIdamyNX1 o2qtAeAaGtK9B+qPayYGgFi9BkE4T23xlaBC1suVb1QntMxDDODGqLm0VcFQjYmT tgNoQzW2LsarRQsEpcb9EfjhwaHPga5Xf0PVxGCtltWUQn7MbDMGZELsvFOv/4fa 95CvvcpS2aGMtnNr22ZLP8ePl457djIFrRReBzFlP4/ZrOI96i9Yp1vEIC/jBGaV M37SJvc8HFHAa2k9Oq1E7GjYn9HFMFwMPq+zq8QufsDPOAEbl5TIqvlPLs4y1QrT J7c9eSF5Wmmx6P5fpHKTsRMYsR2d3t4jXVGKhHua8LmB4EK+rm/JOiNpHFdl+x/7 SvGiWyuR+FAR9R/xknEbhVoUV1/WZB+By2qVGkWNzA+eyIxgWnsfiE2IRPZRGCqR 3vxDMdgAzcqOH9N76D82MyULxzLFdvLC9N87MFv0+AkAQB4xuEtm/XJfKiJXs+fK oiG2I2iU =jDzR -END PGP SIGNATURE-
Bug#994393: bullseye-pu: package cmake/3.18.4-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: roehl...@debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear release team,
I'd like to update the cmake package in Bullseye.
[ Reason ]
The update fixes bug #990623 which prevented CMake from finding the
headers and libraries of postgresql-server-dev-13, also shipped in
bullseye.
[ Impact ]
Users who try to compile and link code against PostgreSQL with CMake
will receive an error that PostgreSQL could not be found. The required
workaround would be to specify version 13 explicitly, but this is
completely counter-intuitive, because CMake actually *does* find version
13.3 (and even says so), it just fails to find some headers in
/usr/include/postgresql/13, because 13 is not in the list of checked
version numbers.
Besides, any user can and should reasonably expect that packages shipped
in the same distribution are not "too new" to be detectable.
[ Tests ]
I verified manually that the attached debdiff fixes the issue.
[ Risks ]
The update only affects PostgreSQL detection and will not change CMake
behavior beyond that.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The code change is a very simple addition to the list of versions which
will be looked for.
Cheers
Timo
-BEGIN PGP SIGNATURE-
iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmFB70cACgkQ+C8H+466
LVmKiAwAj0xb+RIsYDFqFbY84WJAISuZyM2kND7yeWn9TxUFig1cWE8C9zB1duCG
pHkbm+We1LuA4ABAj6+LD996Ia9PAKdat/zIjX7Ku47hIQ9h45OpoCeVYBNQfHmE
ZpW1iP183gqOHYv3FeBR/Z+JxwFeiKVE8ZcvF3yUte5ZaS22BO1PRmK80mDPbNUe
hKfje3hENGQVBHs3K2fBURKNMpYMtrwc0CTWpqpURMNpclS/4oPtElGeVaje25M+
JjiLkzdQcLaOJHEagxYo4j1vRvWdQy37ZvUr54zbhmK9L+pfthRIlzNTxk0soJiX
Xclmi0qMJqrw1Mv25/1wwHSrnseD4XqB2vxJIjRwHJl0pvAXPOcZcWoFXctwkiSc
VHsos67N0CEzIZX6DQo5kczEkJQmb6UFeZJ6u8HeUWncTe0Kzn/c/1s44eTvaG4r
xmT6HFI8Jm3xupCYApjG15cm6qFI6BHPIhSdsDKbtwaNbiVOzfHaRuoS7FoVLxYt
Jk7G6mOU
=2vh4
-END PGP SIGNATURE-
diff -Nru cmake-3.18.4/debian/changelog cmake-3.18.4/debian/changelog
--- cmake-3.18.4/debian/changelog 2021-02-07 10:23:34.0 +0100
+++ cmake-3.18.4/debian/changelog 2021-09-14 00:08:52.0 +0200
@@ -1,3 +1,10 @@
+cmake (3.18.4-2+deb11u1) bullseye; urgency=medium
+
+ * Team upload.
+ * Add PostgreSQL 13 to known versions (Closes: #990623)
+
+ -- Timo Röhling Tue, 14 Sep 2021 00:08:52 +0200
+
cmake (3.18.4-2) unstable; urgency=medium
[ Helmut Grohne ]
diff -Nru cmake-3.18.4/debian/patches/add_postgresql_13_to_known_versions.patch
cmake-3.18.4/debian/patches/add_postgresql_13_to_known_versions.patch
--- cmake-3.18.4/debian/patches/add_postgresql_13_to_known_versions.patch
1970-01-01 01:00:00.0 +0100
+++ cmake-3.18.4/debian/patches/add_postgresql_13_to_known_versions.patch
2021-09-14 00:08:52.0 +0200
@@ -0,0 +1,20 @@
+From: =?utf-8?q?Timo_R=C3=B6hling?=
+Date: Mon, 13 Sep 2021 18:05:56 +0200
+Subject: Add PostgreSQL 13 to known versions
+
+---
+ Modules/FindPostgreSQL.cmake | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Modules/FindPostgreSQL.cmake b/Modules/FindPostgreSQL.cmake
+index 1927aa4..46679c3 100644
+--- a/Modules/FindPostgreSQL.cmake
b/Modules/FindPostgreSQL.cmake
+@@ -87,6 +87,7 @@ set(PostgreSQL_ROOT_DIR_MESSAGE "Set the PostgreSQL_ROOT
system variable to wher
+
+
+ set(PostgreSQL_KNOWN_VERSIONS ${PostgreSQL_ADDITIONAL_VERSIONS}
++"13"
+ "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3"
"8.2" "8.1" "8.0")
+
+ # Define additional search paths for root directories.
diff -Nru cmake-3.18.4/debian/patches/series cmake-3.18.4/debian/patches/series
--- cmake-3.18.4/debian/patches/series 2020-10-15 21:23:57.0 +0200
+++ cmake-3.18.4/debian/patches/series 2021-09-14 00:08:52.0 +0200
@@ -1,2 +1,3 @@
disable_fileapi_json_extra_test.patch
Compile_with_FILE_OFFSET_BITS_64_on_32-bit_Linux.patch
+add_postgresql_13_to_known_versions.patch
Bug#990182: buster-pu: package hg-git/0.8.12-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: roehl...@debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear release team, this is an proposed update for buster. [ Reason ] This update fixes the RC stable bug #933100 (broken test suite) that was caused by a change in the git command output after the initial upload of version 0.8.12-1. [ Impact ] The issue makes the autopkgtest suite fail and thus affects updates to buster which involve hg-git. There is no user-visible change. [ Tests ] I verified that the change actually fixes the test suite with a rebuild in a buster chroot. [ Risks ] There is no functional change in the binary package, this update affects the build itself only. If this update is considered inappropriate, the severity of bug #933100 could be downgraded instead. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] tests/test-illegal-contents.t is patched with the minimal changes from upstream to fix the test suite. [ Other Info ] The change in d/gbp.conf tells git-buildpackage that the proposed update lives in a different branch and has zero impact on the package itself. -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmDRllAACgkQ+C8H+466 LVkKsgv/Wit7oJnTht1N/a13lxNlBQYJhLsTHrZsgM6GL6R0bWmxanbAxPYei9b2 uPmjlyJgl+xSepHrWrHB2CavogjoCCZY9vR93vQ/slAdipRRv4SlagjPgpcUA6IL aOOIg95Kg6qZbMgmqg/nHpe0Y76JZ5RCTlZ5JMK30CT2HKCL8i9TVtDbFzSLZKWE qHQulq1KM2+ZzDCzwe7yCE1eppkFVkKMqmD0C8CFxWYZzd5WUzW4DGwTjiqSIpRu R84yU7K3b0BrX5ORfx6an9YbmAfa9bm1fvDnXe1SxPAC65RgfceCbfbhtiazuBSG pwVARdoI9ZzB4bydCjKRn0AxzhDolkq7iOmbH1EGGmc3Q5JVTbXS0Chof4k95roq x6vbalRkg4e0jtUa4TUbwtkC4FwDP22UtGFrgS0gwqhpPPECvS68kr5N2/2DCjXS M60d0y3c/4EY2t5NWZM6m044fZfBeXgV73xzWSxcQ79sfHIyb3WsEkuJdBweRh1W p6k/IFZY =BIAh -END PGP SIGNATURE- diff -Nru hg-git-0.8.12/debian/changelog hg-git-0.8.12/debian/changelog --- hg-git-0.8.12/debian/changelog 2019-01-10 15:26:54.0 +0100 +++ hg-git-0.8.12/debian/changelog 2021-06-22 09:23:36.0 +0200 @@ -1,3 +1,10 @@ +hg-git (0.8.12-1+deb10u1) buster; urgency=medium + + * Team upload. + * Cherry-pick relaxed output check in test suite (Closes: #933100) + + -- Timo Röhling Tue, 22 Jun 2021 09:23:36 +0200 + hg-git (0.8.12-1) unstable; urgency=medium * Team upload diff -Nru hg-git-0.8.12/debian/gbp.conf hg-git-0.8.12/debian/gbp.conf --- hg-git-0.8.12/debian/gbp.conf 2019-01-10 15:26:54.0 +0100 +++ hg-git-0.8.12/debian/gbp.conf 2021-06-22 09:06:19.0 +0200 @@ -1,2 +1,2 @@ [DEFAULT] -debian-branch=debian/master +debian-branch=debian/buster diff -Nru hg-git-0.8.12/debian/patches/0005-Relax-output-check-in-test-suite.patch hg-git-0.8.12/debian/patches/0005-Relax-output-check-in-test-suite.patch --- hg-git-0.8.12/debian/patches/0005-Relax-output-check-in-test-suite.patch 1970-01-01 01:00:00.0 +0100 +++ hg-git-0.8.12/debian/patches/0005-Relax-output-check-in-test-suite.patch 2021-06-22 09:15:54.0 +0200 @@ -0,0 +1,30 @@ +From: =?utf-8?q?Timo_R=C3=B6hling?= +Date: Tue, 22 Jun 2021 09:15:45 +0200 +Subject: Relax output check in test suite + +--- + tests/test-illegal-contents.t | 9 +++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tests/test-illegal-contents.t b/tests/test-illegal-contents.t +index 98c8ee6..312c1df 100644 +--- a/tests/test-illegal-contents.t b/tests/test-illegal-contents.t +@@ -45,10 +45,15 @@ We can override if needed: + It may not be legal to check out in Git. + It may also be rejected by some git server configurations. + $ cd .. +- $ git clone hg/.hg/git git ++ $ git clone hg/.hg/git git || true + Cloning into 'git'... + done. +- error: Invalid path 'nested/.git/hooks/post-update' ++ error: [Ii]nvalid path 'nested/.git/hooks/post-update' (re) ++ fatal: unable to checkout working tree (?) ++ warning: Clone succeeded, but checkout failed. (?) ++ You can inspect what was checked out with 'git status' (?) ++ and retry( the checkout)? with '.*' (re) (?) ++ (?) + + Now check something that case-folds to .git, which might let you own + Mac users: diff -Nru hg-git-0.8.12/debian/patches/series hg-git-0.8.12/debian/patches/series --- hg-git-0.8.12/debian/patches/series 2019-01-10 15:26:54.0 +0100 +++ hg-git-0.8.12/debian/patches/series 2021-06-22 09:15:54.0 +0200 @@ -2,3 +2,4 @@ ae6b1ba7482963bc9de51f299891e99005794e4e.patch 143b7511eadbea7507d847c805241a6db290ffe7.patch 8d00fde45adbc6c3c0ccab8e362b5f5c36c171e6.patch +0005-Relax-output-check-in-test-suite.patch
Bug#989538: unblock: ssl-cert/1.1.0+nmu1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: roehl...@debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please unblock package ssl-cert
[ Reason ]
Fixes #988310
[ Impact ]
It is impossible to create certificates with make-ssl-cert in manual mode
without clobbering the OpenSSL template file.
[ Tests ]
I verified that the NMU'd version works as intended by manually creating a
local certicate.
[ Risks ]
The risk is very low as it is a one-line change in a code path that is
only exercised for the manual mode. The automated snakeoil certifcate
generation is unaffected.
[ Other info ]
I have attached the nmudiff from the original bugreport for convenience.
unblock ssl-cert/1.1.0+nmu1
-BEGIN PGP SIGNATURE-
iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmC9RWAACgkQ+C8H+466
LVkvbAwA0AF/Z2bBU1rfdQS4E85kJ4gF292Z2VLtKI7GM+YFYEkRnPi3zO8fao2n
7+ly8iaHiiPABwidZtgUPglHwVsDWhVGurL7/m2wJzF6c0cLsq93HITCoUfw05EZ
xA1PducdJUb4Hr6VelBZ6YolTDwRUoZf51F5uORBLA+CP9MCAvZDAF8pr1U81sSo
obxvlcOLtS+Eraye6JsYqRNwKT8BdUm2V20sU6jIOdKfwNNAZwLHo0wRSISn+RWd
J27q9pPmkYZg4+Spqy/DKZHyiZUxVhHTOPKdIDRqaMzpvmrO/71vty/sUAfNEJeQ
CrBFgLgE7ileRx5gj0fj6FtZBugDY2509mRQROPmZcHDNLgx47/Myw74uUbWlrww
CP3hD0B+lSU7OO+/DsJKjQ0JtV8yu1g9NOips88szRBHnFKrn3QOLX3xFu+f+Thh
pY6xNrAc1K0a9W2yDoKe3NeoZSV/5U4+aCouMVLESPt0Ej5NreVKEbT2crPFwZKA
28ClgtsI
=qZ7f
-END PGP SIGNATURE-
diff -Nru ssl-cert-1.1.0/debian/changelog ssl-cert-1.1.0+nmu1/debian/changelog
--- ssl-cert-1.1.0/debian/changelog 2020-12-28 15:20:52.0 +0100
+++ ssl-cert-1.1.0+nmu1/debian/changelog2021-06-06 23:02:49.0
+0200
@@ -1,3 +1,10 @@
+ssl-cert (1.1.0+nmu1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use correct argument for output file (Closes: #988310)
+
+ -- Timo Röhling Sun, 06 Jun 2021 23:02:49 +0200
+
ssl-cert (1.1.0) unstable; urgency=medium
[ Stefan Fritsch ]
diff -Nru ssl-cert-1.1.0/make-ssl-cert ssl-cert-1.1.0+nmu1/make-ssl-cert
--- ssl-cert-1.1.0/make-ssl-cert2020-12-28 15:20:52.0 +0100
+++ ssl-cert-1.1.0+nmu1/make-ssl-cert 2021-06-06 23:02:49.0 +0200
@@ -173,7 +173,7 @@
# Takes two arguments, the base layout and the output cert.
if [ "${subcommand}" = "manual" ]; then
-output="${1}"
+output="${2}"
[ -n "${template}" ] || usage 1
[ -n "${output}" ] || usage 1
Bug#962707: transition: qhull
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-CC: jspri...@debian.org Dear release team, I would like to transition qhull 2020.1, which has a properly bumped upstream SONAME now. The ben tracker is good: https://release.debian.org/transitions/html/auto-qhull.html The API has had a few additions but no incompatible changes or removals since 2019.1, and all reverse dependencies build fine on amd64, so I don't expect any trouble. Cheers Timo
Bug#956467: transition: qhull
On 29.04.20 10:02, Emilio Pozuelo Monfort wrote: > If upstream broke the ABI > without bumping the SONAME that's probably the correct solution, but it'd be > good if you can convince them to bump it in the next version I agree, and I did submit a bugreport [1], but no reply so far. > In any case you can go ahead with this. Thanks. [1] https://github.com/qhull/qhull/issues/58
Bug#956467: transition: qhull
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Control: block -1 by 956460 956461 956462 Dear release team, I would like to transition qhull 2019.1 after some ABI breaking changes in upstream. API seems mostly unaffected, except for a deprecated include path that has been removed. This affects three packages (see below). The ben tracker looks good to me: https://release.debian.org/transitions/html/auto-qhull.html I rebuilt all reverse dependencies (on amd64): 3depict: FTBFS (tracked in bug #956460) gdal: OK getfem++: OK meshlab: OK octave: OK pcl: OK plplot: OK pymca: FTBFS (tracked in #956462) ros-geometric-shapes: OK saga: FTBFS (tracked in #956461) Thank you, Timo
