Bug#1061603: openturns: FTBFS with Python 3.12 as default

[Pierre Gruet]

Control: tags -1 fixed-in-experimental
Control: fixed -1 1.22-1

Hi,

The issue is fixed in version 1.22-1 in experimental. It will have to 
wait there a little bit as there are a lot of transitions of 
dependencies going on due to the 64 bit time_t transition.


Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1062715: FTBFS against openturns 1.22-1 in experimental

[Pierre Gruet]

Source: persalys
Version: 15.0+ds-3
Severity: important
Tags: ftbfs

Hi,

persalys FTBFS against openturns/1.22-1 which is in experimental, waiting for a
transition. I am almost sure updating persalys to newest upstream version will
solve this. I will care for it soon.

-- 
Pierre

Bug#1064928: FTBFS everywhere

[Pierre Gruet]

Source: openturns
Version: 1.21.1-4
Severity: serious
Tags: ftbfs fixed-in-experimental pending

Hi,

Since latest swig upstream version was uploaded to unstable, openturns FTBFS on
all architectures. This can be fixed by applying

https://github.com/openturns/openturns/commit/ff713c2520d5874b9a8a02cd313b95156bc3ec72
or alternatively by just waiting version 1.22 enters unstable, as it currently
lies in experimental and incorporates this fix. We have to wait for the 64bit
time_t transition and also for a proper transition slot for openturns.

Best,

-- 
Pierre

Bug#1076227: misses copyright holders in d/copyright

[Pierre Gruet]

Package: simple-scan
Version: 46.0-1
Severity: normal

Dear Maintainer,

debian/copyright misses information about several copyright holders, for
instance Alexander Shopov, Bartłomiej Maryńczak or Alexander Vogt are not 
listed there.

Also several files should be listed in d/copyright, e.g. all the .po ones.
Admittedly listing them is somehow cumbersome, but there are many similarities
among them.

Thanks for maintaining simple-scan!

Best,

-- 
Pierre

Bug#1076633: transition: dlib

[Pierre Gruet]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: d...@packages.debian.org
Control: affects -1 + src:dlib
User: release.debian@packages.debian.org
Usertags: transition

Hi Release team,

I would like to request a transition slot for dlib. Currently the candidate
sits in experimental and builds correctly. There are reverse dependencies,
which I tested:
- openturns OK
- plastimatch FTBFS for other reasons, patch available (I will make the source
  team upload)
- vienna-rna FTBFS, bug with important severity filled, fix tested locally (I 
will
  make the source team upload)

The auto-generated Ben file at
https://release.debian.org/transitions/html/auto-dlib.html
is OK.

Thanks for your help,

-- 
Pierre

Bug#1075793: plastimatch FTBFS with DCMTK 3.6.8

[Pierre Gruet]

Control: tags -1 pending

Hi Greg,

On Thu, 11 Jul 2024 22:59:28 + (UTC) Gregory Sharp 
 wrote:

> Thank you Adrian,
>
> Yes this is the correct patch. I'm inclined to make a new upstream 
release instead of patching, but let me know.

>

Thanks for proposing to fix it upstream! Still, I will have to make an 
upload with the Debian-specific patch right now, because I am 
transitioning dlib and plastimatch build-depends on it. I need to 
achieve this transition but for sure the patch will go away when one 
packages the upcoming upstream version!


Cheers,

--
Pierre

> Greg Sharp
> gregsh...@geocities.com
>


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1075170: libgdchart-gd2: ftbfs with GCC-14

[Pierre Gruet]

Control: tags -1 patch

Dear Maintainer,

On Wed, 03 Jul 2024 12:33:17 + Matthias Klose  wrote:
> Package: src:libgdchart-gd2
> Version: 0.11.5-12
> Severity: important
> Tags: sid trixie
> User: debian-...@lists.debian.org
> Usertags: ftbfs-gcc-14
>
> [This bug is targeted to the upcoming trixie release]
>
> Please keep this issue open in the bug tracker for the package it
> was filed for. If a fix in another package is required, please
> file a bug for the other package (or clone), and add a block in this
> package. Please keep the issue open until the package can be built in
> a follow-up test rebuild.
>
> The package fails to build in a test rebuild on at least amd64 with
> gcc-14/g++-14, but succeeds to build with gcc-13/g++-13. The
> severity of this report will be raised before the trixie release.
>
> The full build log can be found at:
> 
http://qa-logs.debian.net/2024/07/01/libgdchart-gd2_0.11.5-12_unstable_gccexp.log

> The last lines of the build log are at the end of this report.
>
> To build with GCC 14, either set CC=gcc-14 CXX=g++-14 explicitly,
> or install the gcc, g++, gfortran, ... packages from experimental.
>
> apt-get -t=experimental install g++
>
> Common build failures are new warnings resulting in build failures with
> -Werror turned on, or new/dropped symbols in Debian symbols files.
> For other C/C++ related build failures see the porting guide at
> http://gcc.gnu.org/gcc-14/porting_to.html
>
> [...]
> APT_CONFIG=/var/lib/sbuild/apt.conf
> HOME=/sbuild-nonexistent
> LANG=C.UTF-8
> LC_ALL=C.UTF-8
> LOGNAME=user42
> 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

> SCHROOT_ALIAS_NAME=unstable
> SCHROOT_CHROOT_NAME=sid-amd64-sbuild
> SCHROOT_COMMAND=env
> SCHROOT_GID=1001
> SCHROOT_GROUP=user42
> SCHROOT_SESSION_ID=sid-amd64-sbuild-b08d883a-0162-46e2-b2eb-b6ac47798835
> SCHROOT_UID=1001
> SCHROOT_USER=user42
> SHELL=/bin/sh
> USER=user42
>
> dpkg-buildpackage
> -
>
> Command: dpkg-buildpackage --sanitize-env -us -uc -b -rfakeroot
> dpkg-buildpackage: info: source package libgdchart-gd2
> dpkg-buildpackage: info: source version 0.11.5-12
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Michael R. Crusoe 


> dpkg-source --before-build .

I fixed this bug, and I have just uploaded it to DELAYED/5 (see source 
debdiff enclosed).

I would happily delay it longer or cancel it upon request from you.

Best wishes,

--
Pierre
diff -Nru libgdchart-gd2-0.11.5/debian/changelog libgdchart-gd2-0.11.5/debian/changelog
--- libgdchart-gd2-0.11.5/debian/changelog	2024-03-21 13:02:15.0 +0100
+++ libgdchart-gd2-0.11.5/debian/changelog	2024-07-27 14:30:47.00000 +0200
@@ -1,3 +1,10 @@
+libgdchart-gd2 (0.11.5-12.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fixing build with GCC-14 (Closes: #1075170)
+
+ -- Pierre Gruet   Sat, 27 Jul 2024 14:30:47 +0200
+
 libgdchart-gd2 (0.11.5-12) unstable; urgency=medium
 
   * Team upload.
diff -Nru libgdchart-gd2-0.11.5/debian/patches/gcc14.patch libgdchart-gd2-0.11.5/debian/patches/gcc14.patch
--- libgdchart-gd2-0.11.5/debian/patches/gcc14.patch	1970-01-01 01:00:00.0 +0100
+++ libgdchart-gd2-0.11.5/debian/patches/gcc14.patch	2024-07-27 14:30:47.0 +0200
@@ -0,0 +1,32 @@
+Description: adding an intermediate function with suitable type and casting to
+ build against GCC-14
+Author: Pierre Gruet 
+Bug-Debian: https://bugs.debian.org/1075170
+Forwarded: no
+Last-Update: 2024-07-27
+
+--- a/gdc_pie.c
 b/gdc_pie.c
+@@ -103,6 +103,13 @@
+ 	return 0;
+ }
+ 
++static int
++ocmpr_void(const void *a,
++	   const void *b )
++{
++return ocmpr((struct tmp_slice_t *)(a), (struct tmp_slice_t *)(b));
++}
++
+ /* === *\ 
+  * PIE
+  * 
+@@ -476,7 +483,7 @@
+ 	}
+ }
+ 
+-		qsort( tmp_slice, num_slice_angles, sizeof(struct tmp_slice_t), ocmpr );
++		qsort( tmp_slice, num_slice_angles, sizeof(struct tmp_slice_t), ocmpr_void );
+ 		for( t=0; t

OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1077264: FTBFS: embossupdate.o: undefined reference to symbol 'zlibVersion'

[Pierre Gruet]

Source: emboss
Version: 6.6.0+dfsg-16
Severity: serious
Tags: ftbfs

Dear Maintainer,

emboss FTBFS on amd64, relevant part of the build log:

/bin/bash ../libtool  --tag=CC   --mode=link gcc-g -O2 
-Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection  -lexpat -L/usr/lib/x86_64-linux-gnu/ 
-lmariadb -lpq -Wl,-z,relro -Wl,-z,now -o embossupdate embossupdate.o 
../nucleus/libnucleus.la ../ajax/acd/libacd.la ../ajax/ajaxdb/libajaxdb.la 
../ajax/ensembl/libensembl.la ../ajax/graphics/libajaxg.la 
../ajax/core/libajax.la  ../ajax/pcre/libepcre.la ../plplot/libeplplot.la -lX11 
 -lm  -lhpdf
libtool: link: gcc -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<>=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
-Wl,-z -Wl,relro -Wl,-z -Wl,now -o .libs/einverted einverted.o  -lexpat 
-L/usr/lib/x86_64-linux-gnu/ -lmariadb -lpq ../nucleus/.libs/libnucleus.so 
../ajax/acd/.libs/libacd.so ../ajax/ajaxdb/.libs/libajaxdb.so 
../ajax/ensembl/.libs/libensembl.so ../ajax/graphics/.libs/libajaxg.so 
../ajax/core/.libs/libajax.so ../ajax/pcre/.libs/libepcre.so 
../plplot/.libs/libeplplot.so -lX11 -lm -lhpdf -Wl,-rpath 
-Wl,/usr/lib/emboss/lib
/bin/bash ../libtool  --tag=CC   --mode=link gcc-g -O2 
-Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection  -lexpat -L/usr/lib/x86_64-linux-gnu/ 
-lmariadb -lpq -Wl,-z,relro -Wl,-z,now -o embossversion embossversion.o 
../nucleus/libnucleus.la ../ajax/acd/libacd.la ../ajax/ajaxdb/libajaxdb.la 
../ajax/ensembl/libensembl.la ../ajax/graphics/libajaxg.la 
../ajax/core/libajax.la  ../ajax/pcre/libepcre.la ../plplot/libeplplot.la -lX11 
 -lm  -lhpdf
/bin/bash ../libtool  --tag=CC   --mode=link gcc-g -O2 
-Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection  -lexpat -L/usr/lib/x86_64-linux-gnu/ 
-lmariadb -lpq -Wl,-z,relro -Wl,-z,now -o emma emma.o ../nucleus/libnucleus.la 
../ajax/acd/libacd.la ../ajax/ajaxdb/libajaxdb.la ../ajax/ensembl/libensembl.la 
../ajax/graphics/libajaxg.la ../ajax/core/libajax.la  ../ajax/pcre/libepcre.la 
../plplot/libeplplot.la -lX11  -lm  -lhpdf
libtool: link: gcc -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<>=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
-Wl,-z -Wl,relro -Wl,-z -Wl,now -o .libs/embossdata embossdata.o  -lexpat 
-L/usr/lib/x86_64-linux-gnu/ -lmariadb -lpq ../nucleus/.libs/libnucleus.so 
../ajax/acd/.libs/libacd.so ../ajax/ajaxdb/.libs/libajaxdb.so 
../ajax/ensembl/.libs/libensembl.so ../ajax/graphics/.libs/libajaxg.so 
../ajax/core/.libs/libajax.so ../ajax/pcre/.libs/libepcre.so 
../plplot/.libs/libeplplot.so -lX11 -lm -lhpdf -Wl,-rpath 
-Wl,/usr/lib/emboss/lib
libtool: link: gcc -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/<>=. -fstack-protector-strong 
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection 
-Wl,-z -Wl,relro -Wl,-z -Wl,now -o .libs/embossupdate embossupdate.o  -lexpat 
-L/usr/lib/x86_64-linux-gnu/ -lmariadb -lpq ../nucleus/.libs/libnucleus.so 
../ajax/acd/.libs/libacd.so ../ajax/ajaxdb/.libs/libajaxdb.so 
../ajax/ensembl/.libs/libensembl.so ../ajax/graphics/.libs/libajaxg.so 
../ajax/core/.libs/libajax.so ../ajax/pcre/.libs/libepcre.so 
../plplot/.libs/libeplplot.so -lX11 -lm -lhpdf -Wl,-rpath 
-Wl,/usr/lib/emboss/lib
/bin/bash ../libtool  --tag=CC   --mode=link gcc-g -O2 
-Werror=implicit-function-declaration -ffile-prefix-map=/<>=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection  -lexpat -L/usr/lib/x86_64-linux-gnu/ 
-lmariadb -lpq -Wl,-z,relro -Wl,-z,now -o emowse emowse.o 
../nucleus/libnucleus.la ../ajax/acd/libacd.la ../ajax/ajaxdb/libajaxdb.la 
../ajax/ensembl/libensembl.la ../ajax/graphics/libajaxg.la 
../ajax/core/libajax.la  ../ajax/pcre/libepcre.la ../plplot/libeplplot.la -lX11 
 -lm  -lhpdf
/usr/bin/ld: embossupdate.o: undefined reference to symbol 'zlibVersion'
/usr/bin/ld: /lib/x86_64-linux-gnu/libz.so.1: error adding symbols: DSO missing 
from command line
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:4241: embossupdate] Error 1

Best,

-- 
Pierre

Bug#988426: scilab,scilab-cli,scilab-test: metapackages uninstallable on 32-bit architectures

[Pierre Gruet]

Control: severity -1 wishlist
Control: tags -1 wontfix

Hi,

I am afraid I am missing the point here: it does not hurt anyone if the 
metapackages are not installable because their dependencies are not.


Additionally scilab-test is huge and it makes no sense to make it 
Architecture: any and duplicate it for every arch.


Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1053055: Additional information

[Pierre Gruet]

Control: tags -1 confirmed


Hello Vladimir,

On Thu, 23 Nov 2023 11:32:20 +1300 Vladimir Petko 
 wrote:

> Dear Maintainers,
>
> Would it be possible to consider a merge request[1] that addresses this
> issue?

I am grateful you submitted this merge request, I will look at it shortly!

>
> Best Regards,
> Vladimir.
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053055

Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1073247: transition: openturns

[Pierre Gruet]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: opentu...@packages.debian.org
Control: affects -1 + src:openturns
User: release.debian@packages.debian.org
Usertags: transition

Dear Release team,

I would like to request a transition slot for openturns. It has been accepted
to experimental and builds fine.

This is a small transition with only one other package involved: persalys.
persalys in unstable FTBFS against new openturns (BUg with severity important
has been filled), persalys in experimental builds fine agains new openturns and
just has to be uploaded to unstable after the transition starts.

The Ben file at
https://release.debian.org/transitions/html/auto-openturns.html
is fine.

Thanks a lot,

-- 
Pierre

Bug#1058683: FTBFS against htsjdk/4.0.2+dfsg-1 now in unstable

[Pierre Gruet]

Source: igv
Version: 2.16.2+dfsg-1
Severity: serious
Tags: patch

Hello,

igv fails to build against new htsjdk/4.0.2+dfsg-1:

/<>/src/main/java/org/broad/igv/track/TribbleFeatureSource.java:352:
 error: reference to NamedFeature is ambiguous
if (f instanceof NamedFeature) 
FeatureDB.addFeature((NamedFeature) f, genome);
 ^
  both interface org.broad.igv.feature.NamedFeature in org.broad.igv.feature 
and interface htsjdk.tribble.NamedFeature in htsjdk.tribble match
/<>/src/main/java/org/broad/igv/track/TribbleFeatureSource.java:352:
 error: reference to NamedFeature is ambiguous
if (f instanceof NamedFeature) 
FeatureDB.addFeature((NamedFeature) f, genome);
 ^
  both interface org.broad.igv.feature.NamedFeature in org.broad.igv.feature 
and interface htsjdk.tribble.NamedFeature in htsjdk.tribble match

There is some ambiguity to be removed, which is solved by the enclosed patch.

Best,

-- 
Pierre
Description: solving an ambiguity in the tests due to a new class in
 htsjdk/4.0.2+dfsg
Author: Pierre Gruet 
Forwarded: no
Last-Update: 2023-12-14

--- a/src/main/java/org/broad/igv/track/TribbleFeatureSource.java
+++ b/src/main/java/org/broad/igv/track/TribbleFeatureSource.java
@@ -349,7 +349,7 @@
 featureMap.put(igvChr, featureList);
 }
 featureList.add(f);
-if (f instanceof NamedFeature) 
FeatureDB.addFeature((NamedFeature) f, genome);
+if (f instanceof org.broad.igv.feature.NamedFeature) 
FeatureDB.addFeature((org.broad.igv.feature.NamedFeature) f, genome);
 
 if (this.isVCF && f instanceof Variant) {
 Variant v = (Variant) f;

Bug#1059562: contributors.debian.org: some contributors are missing

[Pierre Gruet]

Package: nm.debian.org
Severity: normal
X-Debbugs-Cc: raf...@debian.org

Hi,

I feel some contributors are missing from the page [0]. For instance, I (Pierre
Gruet ) have never been on it although I have contributed on a regular
basis since 2020.
I have no idea of the number of missing people.

I feel pointing this out now is relevant as we are currently [1] discussing
figures based on the contents of [0].

Best,

-- 
Pierre

[0] https://contributors.debian.org/
[1] https://lists.debian.org/debian-project/2023/12/msg00012.html

Bug#1059562: contributors.debian.org: some contributors are missing

[Pierre Gruet]

Hi,

Le 28/12/2023 à 20:47, Jonathan McDowell a écrit :

On Thu, Dec 28, 2023 at 02:07:25PM +0100, Pierre Gruet wrote:

I feel some contributors are missing from the page [0]. For instance, I (Pierre
Gruet ) have never been on it although I have contributed on a regular
basis since 2020.
I have no idea of the number of missing people.

I feel pointing this out now is relevant as we are currently [1] discussing
figures based on the contents of [0].


If I look at https://contributors.debian.org/contributor/pgt/ there are
no identifiers listed for you, but does know how to map your username to
your real name. Compare this to my page,
https://contributors.debian.org/contributor/noodles/, which lists email
addresses, fingerprints + logins. Have you tried adding some
associations there (and if you can't login, would you like me to?) -
without any listed it won't be able to match up incoming data.


Thanks for having looked at this bug report!

I have been able to follow your suggestions and indeed got added to the 
list of contributors.


I am now wondering whether we could be missing people (DD or not) as it 
seems the manipulations you described are needed in some cases. This is 
the sense of this bug report.




J.



Again, thanks a lot,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1071082: FTBFS against jgit/6.7.0-1 in unstable

[Pierre Gruet]

Source: plm
Version: 2.9.2-1
Severity: serious
Tags: ftbfs patch

Dear Maintainer,

I have just uploaded jgit/6.7.0 to unstable, in order to fix a security issue.
However, plm fails to build against it because some -- previously -- deprecated
methods have been removed.

The enclosed patch will allow you to build plm again.

Best,

-- 
Pierre
diff -Nru plm-2.9.2/debian/control plm-2.9.2/debian/control
--- plm-2.9.2/debian/control2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/control2024-05-03 16:00:26.0 +0200
@@ -4,7 +4,7 @@
 Maintainer: Martin Quinson 
 Build-Depends: debhelper-compat (= 12), javahelper (>= 0.32), ant, quilt
 Build-Depends-Indep: default-jdk, scala, libmiglayout-java, 
librsyntaxtextarea-java,
-  junit4, libgettext-commons-java, libjson-simple-java, libhttpclient-java, 
libhttpmime-java, libjgit-java,
+  junit4, libgettext-commons-java, libjson-simple-java, libhttpclient-java, 
libhttpmime-java, libjgit-java (>= 6.7.0),
   jython, libgettext-ant-tasks-java, imagemagick,
   libmockito-java
 Standards-Version: 4.5.0
diff -Nru plm-2.9.2/debian/patches/jgit_6.7.0.patch 
plm-2.9.2/debian/patches/jgit_6.7.0.patch
--- plm-2.9.2/debian/patches/jgit_6.7.0.patch   1970-01-01 01:00:00.0 
+0100
+++ plm-2.9.2/debian/patches/jgit_6.7.0.patch   2024-05-03 16:00:26.0 
+0200
@@ -0,0 +1,26 @@
+Description: replacing methods removed in jgit 6.7.0
+ The method getRef in Repository had been deprecated in previous versions, and
+ is now removed.
+Author: Pierre Gruet 
+Forwarded: no
+Last-Update: 2024-05-03
+
+--- a/src/plm/core/model/tracking/GitUtils.java
 b/src/plm/core/model/tracking/GitUtils.java
+@@ -126,7 +126,7 @@
+   
+   public void mergeRemoteIntoLocalBranch(String userBranchHash) throws 
Exception {
+   try {
+-  MergeResult res = 
git.merge().setCommit(true).setFastForward(MergeCommand.FastForwardMode.FF).setStrategy(MergeStrategy.RECURSIVE).include(git.getRepository().getRef("refs/remotes/origin/"+userBranchHash)).call();
++  MergeResult res = 
git.merge().setCommit(true).setFastForward(MergeCommand.FastForwardMode.FF).setStrategy(MergeStrategy.RECURSIVE).include(git.getRepository().findRef("refs/remotes/origin/"+userBranchHash)).call();
+   
+   if(res.getMergeStatus() == 
MergeResult.MergeStatus.FAST_FORWARD) {
+   System.out.println(Game.i18n.tr("last session 
data successfully retrieved"));
+@@ -376,6 +376,6 @@
+   }
+   
+   public Ref getRepoRef(String branch) throws IOException {
+-  return git.getRepository().getRef(branch);
++  return git.getRepository().findRef(branch);
+   }
+ }
diff -Nru plm-2.9.2/debian/patches/series plm-2.9.2/debian/patches/series
--- plm-2.9.2/debian/patches/series 2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/patches/series 2024-05-03 15:59:24.0 +0200
@@ -4,3 +4,4 @@
 jython-fixes
 json-simple-3.patch
 
+jgit_6.7.0.patch

Bug#1048703: plm: Fails to build source after successful build

[Pierre Gruet]

Source: plm
Version: 2.9.2-1
Followup-For: Bug #1048703
Control: tags -1 patch

Dear Maintainer,

The enclosed patch will allow you to solve this bug.

Cheers,

-- 
Pierre
diff -Nru plm-2.9.2/debian/rules plm-2.9.2/debian/rules
--- plm-2.9.2/debian/rules  2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/rules  2024-05-13 22:03:35.0 +0200
@@ -26,11 +26,28 @@
 %:
dh $@   --with javahelper
 
+execute_before_dh_auto_configure:
+   # Making backups of files that will be altered during the build
+   for F in $$(find l10n/engine -name "*.po" -o -name "*.pot") 
lib/resources/plm.configuration.properties; do \
+   cp $$F $${F}.save ;\
+   done
+
 override_dh_auto_clean:
dh_auto_clean
find . -type f -name \*.java.json-simple \
  -exec sh -c 'file={} && mv $$file $${file%.json-simple}' \; -print
 
+override_dh_clean:
+   dh_clean
+   # Removing files left there by the build system.
+   find . -name "*.jar" -delete
+   -rm dist/*.tar.bz2
+   -rm errors-*.txt
+   # Restoring files that were altered during the build
+   for F in $$(find . -name "*.save") ; do \
+   mv $$F $${F%.save} ;\
+   done
+
 override_dh_auto_build:
find . -type f -name \*.java -exec grep -q 'import 
@JSON_SIMPLE_PACKAGE@' {} \; \
  -exec sed -i.json-simple \

Bug#1071082: NMU pushed to DELAYED/10

[Pierre Gruet]

Dear Maintainer,

I have just uploaded fixes for bugs 1048703 and 1071082 to DELAYED/10.
This is to prevent testing autoremoval of plm on June, 11th.

Enclosed is the source debdiff of this NMU. It is strictly based upon 
the patches I submitted in the two bug logs.


Please tell me if I should delay or cancel the foreseen NMU.

Best wishes,

--
Pierre
diff -Nru plm-2.9.2/debian/changelog plm-2.9.2/debian/changelog
--- plm-2.9.2/debian/changelog	2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/changelog	2024-05-22 21:50:25.0 +0200
@@ -1,3 +1,11 @@
+plm (2.9.2-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Solving FTBFS against jgit/6.7.0 (Closes: #1071082)
+  * Allowing source package to be built twice in a row (Closes: #1048703)
+
+ -- Pierre Gruet   Wed, 22 May 2024 21:50:25 +0200
+
 plm (2.9.2-1) unstable; urgency=medium
 
   * New upstream release: The Portuguese release (new complete translation)
diff -Nru plm-2.9.2/debian/control plm-2.9.2/debian/control
--- plm-2.9.2/debian/control	2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/control	2024-05-22 21:49:05.0 +0200
@@ -4,7 +4,7 @@
 Maintainer: Martin Quinson 
 Build-Depends: debhelper-compat (= 12), javahelper (>= 0.32), ant, quilt
 Build-Depends-Indep: default-jdk, scala, libmiglayout-java, librsyntaxtextarea-java,
-  junit4, libgettext-commons-java, libjson-simple-java, libhttpclient-java, libhttpmime-java, libjgit-java,
+  junit4, libgettext-commons-java, libjson-simple-java, libhttpclient-java, libhttpmime-java, libjgit-java (>= 6.7.0),
   jython, libgettext-ant-tasks-java, imagemagick,
   libmockito-java
 Standards-Version: 4.5.0
diff -Nru plm-2.9.2/debian/patches/jgit_6.7.0.patch plm-2.9.2/debian/patches/jgit_6.7.0.patch
--- plm-2.9.2/debian/patches/jgit_6.7.0.patch	1970-01-01 01:00:00.0 +0100
+++ plm-2.9.2/debian/patches/jgit_6.7.0.patch	2024-05-22 21:50:16.0 +0200
@@ -0,0 +1,26 @@
+Description: replacing methods removed in jgit 6.7.0
+ The method getRef in Repository had been deprecated in previous versions, and
+ is now removed.
+Author: Pierre Gruet 
+Forwarded: no
+Last-Update: 2024-05-03
+
+--- a/src/plm/core/model/tracking/GitUtils.java
 b/src/plm/core/model/tracking/GitUtils.java
+@@ -126,7 +126,7 @@
+ 	
+ 	public void mergeRemoteIntoLocalBranch(String userBranchHash) throws Exception {
+ 		try {
+-			MergeResult res = git.merge().setCommit(true).setFastForward(MergeCommand.FastForwardMode.FF).setStrategy(MergeStrategy.RECURSIVE).include(git.getRepository().getRef("refs/remotes/origin/"+userBranchHash)).call();
++			MergeResult res = git.merge().setCommit(true).setFastForward(MergeCommand.FastForwardMode.FF).setStrategy(MergeStrategy.RECURSIVE).include(git.getRepository().findRef("refs/remotes/origin/"+userBranchHash)).call();
+ 			
+ 			if(res.getMergeStatus() == MergeResult.MergeStatus.FAST_FORWARD) {
+ System.out.println(Game.i18n.tr("last session data successfully retrieved"));
+@@ -376,6 +376,6 @@
+ 	}
+ 	
+ 	public Ref getRepoRef(String branch) throws IOException {
+-		return git.getRepository().getRef(branch);
++		return git.getRepository().findRef(branch);
+ 	}
+ }
diff -Nru plm-2.9.2/debian/patches/series plm-2.9.2/debian/patches/series
--- plm-2.9.2/debian/patches/series	2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/patches/series	2024-05-22 21:49:40.0 +0200
@@ -3,4 +3,4 @@
 no-github
 jython-fixes
 json-simple-3.patch
-
+jgit_6.7.0.patch
diff -Nru plm-2.9.2/debian/rules plm-2.9.2/debian/rules
--- plm-2.9.2/debian/rules	2020-10-11 21:54:58.0 +0200
+++ plm-2.9.2/debian/rules	2024-05-22 21:48:32.0 +0200
@@ -26,11 +26,28 @@
 %:
 	dh $@   --with javahelper
 
+execute_before_dh_auto_configure:
+	# Making backups of files that will be altered during the build
+	for F in $$(find l10n/engine -name "*.po" -o -name "*.pot") lib/resources/plm.configuration.properties; do \
+	cp $$F $${F}.save ;\
+	done
+
 override_dh_auto_clean:
 	dh_auto_clean
 	find . -type f -name \*.java.json-simple \
 	  -exec sh -c 'file={} && mv $$file $${file%.json-simple}' \; -print
 
+override_dh_clean:
+	dh_clean
+	# Removing files left there by the build system.
+	find . -name "*.jar" -delete
+	-rm dist/*.tar.bz2
+	-rm errors-*.txt
+	# Restoring files that were altered during the build
+	for F in $$(find . -name "*.save") ; do \
+	mv $$F $${F%.save} ;\
+	done
+
 override_dh_auto_build:
 	find . -type f -name \*.java -exec grep -q 'import @JSON_SIMPLE_PACKAGE@' {} \; \
 	  -exec sed -i.json-simple \


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1069970: ITP: libeddsa-java -- implementation of EdDSA in Java

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Debian-Java team 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-j...@lists.debian.org

* Package name: libeddsa-java
  Version : 0.3.0
  Upstream Contact: str4d
* URL : https://github.com/str4d/ed25519-java
* License : CC0-1.0
  Programming Lang: Java
  Description : implementation of EdDSA in Java

This package is needed as a dependency of libmina-sshd-java and of new upstream
versions of jgit. I plan to maintain it in the Debian-Java team and to be its
first uploader.


This implementation of EdDSA is based on the ref10 implementation in SUPERCOP.

There are two internal implementations:
- A port of the radix-2^51 operations in ref10 - fast and constant-time, but
  only useful for Ed25519;
- A generic version using BigIntegers for calculation - a bit slower and not
  constant-time, but compatible with any EdDSA parameter specification.

Bug#1074554: RFS: simple-scan/46.0-1 -- Simple Scanning Utility

[Pierre Gruet]

Hi,

Le 01/07/2024 à 02:36, Phil Wyett a écrit :

Hi Jörg,

Preamble...

Thanks for taking time to create this package and your contribution to Debian.

The below review is for assistance. It is offered to help submitters of
packages to Debian mentors improve their packages prior to possible
sponsorship into Debian. There is no obligation on behalf of the subitter to
make any alterations based upon information provided in the review.

Review...

1. Build: Good

2. Lintian: Issue

I: simple-scan: arch-dep-package-has-big-usr-share 4772kB 90%
N:
N:   The package has a significant amount of architecture-independent data
N:   (over 4MB, or over 2MB and more than 50% of the package) in /usr/share but
N:   is an architecture-dependent package. This is wasteful of mirror space and
N:   bandwidth since it means distributing multiple copies of this data, one
N:   for each architecture.
N:
N:   If the data in /usr/share is not architecture-independent, this is a
N:   Policy violation that should be fixed by moving the data elsewhere
N:   (usually /usr/lib).
N:
N:   Please refer to Section 6.7.5 of the Debian Developer's Reference for
N:   details.
N:
N:   Visibility: info
N:   Show-Always: no
N:   Check: huge-usr-share

Something to possibly investigate at a later date for action/upload.

3. Licenses: Good

4. Build Twice (sudo pbuilder build --twice .dsc): Good

5. Reproducible builds (reporotest)[1]: Good

6. Install (No previous installs): Good

7. Upgrade (Over previous installs if any): Good

Summary...

I believe simple-scan is ready for sponsorship/upload. Could a Debian Developer 
(DD) with available
free time, please review this package and upload if you feel it is ready.

[1] https://wiki.debian.org/ReproducibleBuilds/Howto#Newer_method


And also thanks for the work on simple-scan.

In addition to the review made by Phil, I have some points:
- the changelog should mention this upload closes Bug #1064939
- quite some copyright holders are missing in d/copyright
- while you are at it, raise the Standards version to latest one
- although not mandatory for my sponsorship, it would be great if the 
package was hosted in Salsa (the repo exists! The last commit there was 
5 years ago, pointing Vcs-* fields to this repo).





Regards

Phil



Thanks again,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1011549: openrocket needs newer jogl

[Pierre Gruet]

Hi tony,

On Sun, 12 Feb 2023 10:15:35 -0800 tony mancill  wrote:
>
> Okay, first the good news. There are upstream tags for 2.4.0. I have
> started working on adapting the sequence of debian/patches against the
> new release.
>
> But in addition to not yet being done with that, it didn't seem prudent
> to try to push this into bookwork at the last minute, and that wouldn't
> have given the reverse dependencies any time to react anyway. So I am
> going to work towards an upload to experimental soon, and then we can
> aim for getting this into unstable/testing after the freeze.

I fully understand your position. However I recently looked at scilab, a 
rdep of jogl, and saw it is severely broken -- although a key package, 
so it will be shipped in Bookworm anyway. Scilab cannot be run in GUI 
mode, only in command-line mode with plots not working (after some 
tweaking I am working on).


Locally I tried to update jogl to version 2.4.0 (I had not seen you were 
working on it, sorry), and to do so I also had to update its dependency 
gluegen2 to version 2.4.0 (possibly you have already seen it), and then 
the command-line mode would allow one to make plots.


Given the Hard freeze begins in two days, I will only touch scilab and 
not jogl nor gluegen2 right now.


It you want, I can upload my changes to gluegen2 and jogl2 to 
experimental in the upcoming days. But if you prefer doing it yourself, 
please tell me and do so when you are ready :)


Warm regards,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1032855: unblock: scilab/6.1.1+dfsg2-5

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sci...@packages.debian.org
Control: affects -1 + src:scilab

Dear Release Team,

Could you please unblock the key package scilab/6.1.1+dfsg2-5?

[ Reason ]
- scilab/6.1.1+dfsg2-4 is absolutely unusable as it cannot even start.
- It FTBFS.
- It looks for versioned artifacts so it breaks everytime a dependency is
  updated.

[ Impact ] Staying with version 6.1.1+dfsg2-4 does not allow one to use scilab
even in the naked CLI flavor.

[ Tests ]
I installed the version 6.1.1+dfsg2-5 on a Bookworm system:
- scilab-cli and scilab-adv-cli work plainly, except for plots (bugs in
  dependencies);
- the GUI scilab does not work. Blockers: bugs in dependency libjogl2-java and
  others still to investigate, as log messages are terse.

[ Risks ]
The changes are simple, can be easily grasped through the documented patches I
added. scilab has only one reverse dependency which is not a Blends
metapackage: cantor-backend-scilab, which is already broken as
scilab/6.1.1+dfsg2-4 does not start.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock scilab/6.1.1+dfsg2-5

Best,

-- 
Pierre
diff -Nru scilab-6.1.1+dfsg2/debian/changelog 
scilab-6.1.1+dfsg2/debian/changelog
--- scilab-6.1.1+dfsg2/debian/changelog 2022-08-16 11:55:44.0 +0200
+++ scilab-6.1.1+dfsg2/debian/changelog 2023-03-11 16:23:07.0 +0100
@@ -1,3 +1,25 @@
+scilab (6.1.1+dfsg2-5) unstable; urgency=medium
+
+  * Team upload
+  * Raising Standards version to 4.6.2 (no change)
+  * Adding missing dependencies on libfreehep-graphicsio-java and
+libfreehep-util-java
+  * Fixing the FTBFS occurring during the doc build
+  * Enabling starting with OpenJDK 17 (Closes: #1012099)
+  * Selecting unversioned jars instead of versioned ones in the configure phase
+(Closes: #1030205)
+  * Refreshing patches
+  * Removing unneeded older-than versioned dependencies
+  * Update lintian override info to new format:
++ debian/source/lintian-overrides: line 2, 4
++ debian/scilab-minimal-bin.lintian-overrides: line 4
+  * debian/copyright: use spaces rather than tabs to start continuation lines.
+  * Update renamed lintian tag names in lintian overrides.
+  * Set upstream metadata fields: Repository-Browse.
+  * Fix day-of-week for changelog entry 5.0.3-1.
+
+ -- Pierre Gruet   Sat, 11 Mar 2023 16:23:07 +0100
+
 scilab (6.1.1+dfsg2-4) unstable; urgency=medium
 
   * Add patch to disambiguate pause (Closes: #1017283).
@@ -1348,7 +1370,7 @@
   * Package moved to main since Scilab is free (CeCILL license)
   * modelicac, intersci and scilab manpages added
 
- -- Sylvestre Ledru   Fri, 1 Oct 2008 13:37:08 +0200
+ -- Sylvestre Ledru   Wed, 01 Oct 2008 13:37:08 +0200
 
 scilab (4.1.2-6) unstable; urgency=low
 
diff -Nru scilab-6.1.1+dfsg2/debian/control scilab-6.1.1+dfsg2/debian/control
--- scilab-6.1.1+dfsg2/debian/control   2022-08-16 11:55:44.0 +0200
+++ scilab-6.1.1+dfsg2/debian/control   2023-03-10 23:21:05.0 +0100
@@ -3,38 +3,36 @@
 Priority: optional
 Maintainer: Debian Science Team 

 Uploaders: Julien Puydt 
-Build-Depends: debhelper-compat (= 13), gfortran, time,
- default-jdk, chrpath, ocaml-nox (>= 3.11.2-3), libnum-ocaml-dev, fakeroot,
- tcl-dev, tk-dev, libxml2-dev, libpcre3-dev, libcurl4-openssl-dev,
- gettext, libreadline-dev, pkg-config, procps, dpkg-dev (>= 1.16.0),
+Build-Depends: debhelper-compat (= 13), gfortran, time, default-jdk, chrpath,
+ ocaml-nox, libnum-ocaml-dev, fakeroot, tcl-dev, tk-dev, libxml2-dev,
+ libpcre3-dev, libcurl4-openssl-dev, gettext, libreadline-dev, pkg-config,
+ procps, dpkg-dev,
 # numerical libraries
  libblas-dev | librefblas3-dev | libatlas-base-dev, liblapack-dev,
- libarpack2-dev (>= 3.0), libeigen3-dev,
+ libarpack2-dev, libeigen3-dev,
 # Java deps
- default-jre-headless, libflexdock-java (>= 1.2.3), libjogl2-java (>= 2.3.2),
- libgl1-mesa-dev, libjrosetta-java (>= 1.0.1), ant, libjgoodies-looks-java,
- libskinlf-java, liblucene4.10-java, libactivation-java, libjaxb-java,
+ default-jre-headless, libflexdock-java, libjogl2-java, libgl1-mesa-dev,
+ libjrosetta-java, ant, libjgoodies-looks-java, libskinlf-java,
+ liblucene4.10-java, libactivation-java, libjaxb-java,
 # graphic
- libfreehep-graphics2d-java, libfreehep-graphicsio-java, 
libfreehep-graphicsio-emf-java,
- libfreehep-util-java,
+ libfreehep-graphics2d-java, libfreehep-graphicsio-java,
+ libfreehep-graphicsio-emf-java, libfreehep-util-java,
 # Documentation
- libjeuclid-core-java (>= 3.1.3), libbatik-java (>= 1.7), fop (>= 0.95),
- javahelp2, libsaxon-java, libavalon-framework-java, docbook-xsl,
- libxml-commons-external-java,
+ libjeuclid-core-java, libbatik-java, fop, javahelp2, libsaxon-java,
+ libavalon-framework-java, docbook-xsl, libxml-commons-external-java,

Bug#1006532: libjogl2-java: Profile GL4bc is not available on X11GraphicsDevice

[Pierre Gruet]

Control: affects -1 + scilab

Hi,

Such error message also shows up in the debug logs when one tries to 
plot something using scilab.


I did a quick-and-dirty try and I think version 2.4.0 of jogl2 fixes 
this. Anyway, I will tweak it in experimental shortly to figure it out.


Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1013156: gdcm: vtk[6,7] removal

[Pierre Gruet]

Hi,

Le 26/10/2022 à 10:35, Andreas Tille a écrit :

Hi Mathieu,

Am Wed, Oct 26, 2022 at 08:10:42AM +0200 schrieb Mathieu Malaterre:

On Wed, Oct 26, 2022 at 7:53 AM Andreas Tille  wrote:


Hi,

in the bug log there is some discussion to drop C# and Java VTK
bindings.  This would mean to drop the packages libvtkgdcm-cil and
libvtkgdcm-java.  I'm perfectly fine with this and I just pushed
a change in d/control where I replaced s/vtk7/vtk9/ globally.  The
build[1] is currently failing at a probably simple Java issue:

/usr/lib/jvm/default-java/include/jni.h:45:10: fatal error: jni_md.h: No such 
file or directory
45 | #include "jni_md.h"
   |  ^~
compilation terminated.

I have no idea whether we might keep on supporting the Java bindings if
this can be solved.  But I'm pretty sure we should act on droping
what needs to be droped in a timely manner to make sure gdcm will
remain in testing.

Any help is welcome.


See my original work at:

https://salsa.debian.org/med-team/gdcm/-/commits/debian/experimental/


Ups, sorry for missing this.  I've merged your changes into master but the
said problem remains[1].

Kind regards
 Andreas.

[1] https://salsa.debian.org/med-team/gdcm/-/jobs/3427720



This is really just a missing include dir, as the problematic header is 
in  /usr/lib/jvm/default-java/include/linux/ . I will be having a look 
shortly, we should be able to handle this and keep the Java packages if 
this is the only Java-related issue.


Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1013156: gdcm: vtk[6,7] removal

[Pierre Gruet]

Hi Andreas,

Le 26/10/2022 à 11:24, Andreas Tille a écrit :

Hi Pierre,

Am Wed, Oct 26, 2022 at 10:41:51AM +0200 schrieb Pierre Gruet:

[1] https://salsa.debian.org/med-team/gdcm/-/jobs/3427720


This is really just a missing include dir, as the problematic header is in
/usr/lib/jvm/default-java/include/linux/ . I will be having a look shortly,
we should be able to handle this and keep the Java packages if this is the
only Java-related issue.


Please see the hint of Mathieu.  To be clear about this: We'll keep the
general Java support libgdcm-java but it seems we need to remove
libvtkgdcm-java which is way less frequently used.  (For sure if you see
any chance to fix this feel free to re-add what was removed in Git - but
I guess this is some issue that needs to be fixed upstream.)

Kind regards
Andreas.



Yes, it is likely I overlooked the whole frame of the issue. Will look 
again later... this Java point seems not to be the most urgent thing.


Best regards,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1023553: uses option --illegal-access=permit, which was removed in OpenJDK17

[Pierre Gruet]

Package: gradle
Version: 4.4.1-16
Severity: minor

Hello,

/usr/bin/gradle invokes a gradle build with, among others,
--illegal-access=permit
Support for --illegal-access has been removed in OpenJDK17.

There is a warning message about it in the build logs of Debian packages every
time gradle is invoked.

Cheers,

-- 
Pierre

Bug#1012106: libreflectasm-java: FTBFS with OpenJDK 17 due to test failures

[Pierre Gruet]

Package: libreflectasm-java
Version: 1.11.9+dfsg-1
Control: forwarded -1 https://github.com/EsotericSoftware/reflectasm/issues/89

Hello,

I tried to dig a bit and found some changes in class loaders in the tests, I
tried to summarize my findings in the Github issue I created [0].

Best,

-- 
Pierre

[0] https://github.com/EsotericSoftware/reflectasm/issues/89

Bug#1012093: ciftools-java: FTBFS with OpenJDK 17 due to test failures

[Pierre Gruet]

Source: ciftools-java
Version: 4.0.3-1
Followup-For: Bug #1012093
X-Debbugs-Cc: mer...@debian.org
Control: forwarded -1 https://github.com/rcsb/ciftools-java/issues/12

Hello,

I investigated the test failure a bit and saw tiny differences between a
generated gzip file and a reference one. This reminded me of one similar and
innocuous issue [0] so that I filled an issue upstream [1]. Let's see.

Best,

-- 
Pierre

[0] https://github.com/broadinstitute/picard/issues/1840
[1] https://github.com/rcsb/ciftools-java/issues/12

Bug#1012093: ciftools-java: FTBFS with OpenJDK 17 due to test failures

[Pierre Gruet]

Source: ciftools-java
Version: 4.0.3-1
Control: tags -1 pending

After discussing with upstream on the issue the present bug was reported to, it
appears the issue is innocuous and I am going to upload the package with the
fix they suggested.

Cheers,

-- 
Pierre

Bug#1039521: requires unpackaged j2objc artifacts through pom.xml

[Pierre Gruet]

Package: libprotobuf-java
Version: 3.21.12-3
Severity: important
Tags: patch

Dear Maintainer,

I am in the progress of updating one of my packages, genomicsdb. While doing
so, I stumbled upon an issue in the file

/usr/share/maven-repo/com/google/protobuf/protobuf-java-util/3.21.12/protobuf-java-util-debian.pom
that is shipped by libprotobuf-java. It requires the j2objc-annotations
artifact as one of its dependencies, although this is not available in Debian.
I suggest to enrich a bit the dedicated patch you wrote for src:protobuf in
order to move this dependency out of the way. Right now, the new upstream
version of genomicsdb cannot be built.

The enclosed patch does this.

I will be happy to give more information if needed.

Thanks for considering,

-- 
Pierre
diff -Nru protobuf-3.21.12/debian/patches/no_j2objc.patch 
protobuf-3.21.12/debian/patches/no_j2objc.patch
--- protobuf-3.21.12/debian/patches/no_j2objc.patch 2022-03-11 
01:28:07.0 +0100
+++ protobuf-3.21.12/debian/patches/no_j2objc.patch 2023-06-26 
20:52:50.0 +0200
@@ -8,7 +8,7 @@
 
 --- a/java/util/src/main/java/com/google/protobuf/util/Timestamps.java
 +++ b/java/util/src/main/java/com/google/protobuf/util/Timestamps.java
-@@ -38,7 +38,7 @@ import static com.google.common.math.Lon
+@@ -38,7 +38,7 @@
  
  //import com.google.errorprone.annotations.CanIgnoreReturnValue;
  //import com.google.errorprone.annotations.CompileTimeConstant;
@@ -17,7 +17,7 @@
  import com.google.protobuf.Duration;
  import com.google.protobuf.Timestamp;
  import java.io.Serializable;
-@@ -338,7 +338,6 @@ public final class Timestamps {
+@@ -338,7 +338,6 @@
 * @throws IllegalArgumentException if the year is before 1 CE or after 
 CE
 */
@SuppressWarnings("GoodTime") // this is a legacy conversion API
@@ -25,3 +25,19 @@
public static Timestamp fromDate(Date date) {
  if (date instanceof java.sql.Timestamp) {
java.sql.Timestamp sqlTimestamp = (java.sql.Timestamp) date;
+--- a/java/util/pom.xml
 b/java/util/pom.xml
+@@ -27,11 +27,11 @@
+   error_prone_annotations
+   2.5.1
+ 
+-
++
+ 
+   com.google.code.findbugs
+   jsr305

Bug#1039521: Also caring for junit:junit

[Pierre Gruet]

Hello again,

Sorry, it seems I sent the bug report too early. There should be another 
change in java/util.pom.xml : the junit artifact misses the "test" 
scope. Precisely, we should change the junit stanza to



junit
junit
test


Else, junit would be needed during the build of rdeps even when one 
would not run any test (DEB_BUILD_OPTIONS=nocheck e.g.).


Thanks again,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039521: Summarizing my proposed changes about the Java part of protobuf

[Pierre Gruet]

Control: retitle -1 please rewrite the Java packaging to build rdeps
Control: affects -1 src:genomicsdb

Hello,

This is a summary email for this bug thread as I tested locally some 
changes to the packaging, so that rdeps relying on the 
/usr/share/java/protobuf-util.jar can build and run.


These changes amount to:
- using javahelper during the build to provide a suitable classpath for 
protobuf-util.jar (touching d/control, d/libprotobuf-java.classpath, 
d/rules);
- removing j2objc from the pom.xml so that rdeps don't look for this 
Debian-unpackaged artifact (touches d/p/no_j2objc.patch);
- adding a "test" scope for junit in the pom.xml so that no rdep looks 
for junit while building (touches d/p/series, 
d/p/test_scope_for_junit.patch).


All this is in the attached patch, which allows one to build the new 
upstream version of genomicsdb. This package is thus affected by the 
present bug.


I would be pleased to provide more information or to help with uploading 
the proposed fix if you wish.


Best,

--
Pierre
diff -Nru protobuf-3.21.12/debian/control protobuf-3.21.12/debian/control
--- protobuf-3.21.12/debian/control	2022-12-04 13:49:06.0 +0100
+++ protobuf-3.21.12/debian/control	2023-06-27 06:42:22.0 +0200
@@ -29,6 +29,7 @@
 # Java
ant
  , default-jdk
+ , javahelper
  , maven-repo-helper
  , libguava-java
  , libgoogle-gson-java
diff -Nru protobuf-3.21.12/debian/libprotobuf-java.classpath protobuf-3.21.12/debian/libprotobuf-java.classpath
--- protobuf-3.21.12/debian/libprotobuf-java.classpath	1970-01-01 01:00:00.0 +0100
+++ protobuf-3.21.12/debian/libprotobuf-java.classpath	2023-06-27 06:42:22.0 +0200
@@ -0,0 +1 @@
+usr/share/java/protobuf-util.jar /usr/share/java/gson.jar /usr/share/java/guava.jar /usr/share/java/protobuf.jar
diff -Nru protobuf-3.21.12/debian/patches/no_j2objc.patch protobuf-3.21.12/debian/patches/no_j2objc.patch
--- protobuf-3.21.12/debian/patches/no_j2objc.patch	2022-03-11 01:28:07.0 +0100
+++ protobuf-3.21.12/debian/patches/no_j2objc.patch	2023-06-27 06:41:32.0 +0200
@@ -8,7 +8,7 @@
 
 --- a/java/util/src/main/java/com/google/protobuf/util/Timestamps.java
 +++ b/java/util/src/main/java/com/google/protobuf/util/Timestamps.java
-@@ -38,7 +38,7 @@ import static com.google.common.math.Lon
+@@ -38,7 +38,7 @@
  
  //import com.google.errorprone.annotations.CanIgnoreReturnValue;
  //import com.google.errorprone.annotations.CompileTimeConstant;
@@ -17,7 +17,7 @@
  import com.google.protobuf.Duration;
  import com.google.protobuf.Timestamp;
  import java.io.Serializable;
-@@ -338,7 +338,6 @@ public final class Timestamps {
+@@ -338,7 +338,6 @@
 * @throws IllegalArgumentException if the year is before 1 CE or after  CE
 */
@SuppressWarnings("GoodTime") // this is a legacy conversion API
@@ -25,3 +25,19 @@
public static Timestamp fromDate(Date date) {
  if (date instanceof java.sql.Timestamp) {
java.sql.Timestamp sqlTimestamp = (java.sql.Timestamp) date;
+--- a/java/util/pom.xml
 b/java/util/pom.xml
+@@ -27,11 +27,11 @@
+   error_prone_annotations
+   2.5.1
+ 
+-
++
+ 
+   com.google.code.findbugs
+   jsr305
diff -Nru protobuf-3.21.12/debian/patches/series protobuf-3.21.12/debian/patches/series
--- protobuf-3.21.12/debian/patches/series	2023-04-07 20:12:46.0 +0200
+++ protobuf-3.21.12/debian/patches/series	2023-06-27 06:41:55.0 +0200
@@ -16,3 +16,4 @@
 build_32_bit_tests.patch
 fix_C++_32bit_tests.patch
 fix_Python_32bit_tests.patch
+test_scope_for_junit.patch
diff -Nru protobuf-3.21.12/debian/patches/test_scope_for_junit.patch protobuf-3.21.12/debian/patches/test_scope_for_junit.patch
--- protobuf-3.21.12/debian/patches/test_scope_for_junit.patch	1970-01-01 01:00:00.0 +0100
+++ protobuf-3.21.12/debian/patches/test_scope_for_junit.patch	2023-06-27 06:42:19.0 +0200
@@ -0,0 +1,10 @@
+--- a/java/util/pom.xml
 b/java/util/pom.xml
+@@ -50,6 +50,7 @@
+ 
+   junit
+   junit
++  test
+ 
+ 
+   org.mockito
diff -Nru protobuf-3.21.12/debian/rules protobuf-3.21.12/debian/rules
--- protobuf-3.21.12/debian/rules	2023-04-09 07:50:55.0 +0200
+++ protobuf-3.21.12/debian/rules	2023-06-27 06:42:22.0 +0200
@@ -20,9 +20,9 @@
 
 %:
 ifneq (,$(filter $(DEB_HOST_ARCH), amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x hppa ppc64 riscv64 sh4 sparc64 x32))
-	dh $@ --with autoreconf,elpa
+	dh $@ --with autoreconf,elpa,javahelper
 else
-	dh $@ --with autoreconf -Nelpa-protobuf-mode
+	dh $@ --with autoreconf,javahelper -Nelpa-protobuf-mode
 endif
 
 ifneq ($(DEB_BUILD_ARCH),$(DEB_HOST_ARCH))


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039521: Summarizing my proposed changes about the Java part of protobuf

[Pierre Gruet]

Hi Laszlo,

Thanks for looking at my proposal, I am glad you consider it fit!

Le 29/06/2023 à 18:41, László Böszörményi (GCS) a écrit :

Hi Pierre,

On Wed, Jun 28, 2023 at 4:39 PM Pierre Gruet  wrote:

- removing j2objc from the pom.xml so that rdeps don't look for this
Debian-unpackaged artifact (touches d/p/no_j2objc.patch);

  Thanks for all of your work on this! I see you added this as a patch,
but not included in the series file. Meaning it will not be applied.
It's just an oversight I guess. Other than that it looks good.


Sorry, indeed I provided you with an excerpt of a source debdiff, which 
might not be the most suitable way to do it.



Do you have your proposed package somewhere? I would also like to
check it with the updated protobuf package before uploading.



You can find it in the public repo
https://salsa.debian.org/pgt/protobuf
I initiated it with version 3.21.12-3 that is currently packaged, and 
made commits for each change I listed in my previous email. Hopefully 
this is more handy!
Despite what is in d/changelog, I did not intend to NMU, it was only a 
changelog entry to get a consistent package in order to run my tests 
locally.



Thanks,
Laszlo/GCS


Please tell me if I may do something else for you here.

Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1039521: Summarizing my proposed changes about the Java part of protobuf

[Pierre Gruet]

Hello again,

Le 29/06/2023 à 21:22, László Böszörményi (GCS) a écrit :

On Thu, Jun 29, 2023 at 9:15 PM Pierre Gruet  wrote:

Le 29/06/2023 à 18:41, László Böszörményi (GCS) a écrit :

Do you have your proposed package somewhere? I would also like to
check it with the updated protobuf package before uploading.

You can find it in the public repo
 https://salsa.debian.org/pgt/protobuf

  Your package = genomicsdb but I guess it's in the med-team repo [1].

Cheers,
Laszlo/GCS
[1] https://salsa.debian.org/med-team/genomicsdb


Sorry, obviously I misread your request. Yes this is genomicsdb, located 
at [1]. You may get it and build it against protobuf with the changes I 
proposed and it should be OK!


Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1021894: openjfx: FTBFS on arm64 and armhf

[Pierre Gruet]

Control: affects -1 src:libjogl2-java src:beast2-mcmc
Control: severity -1 serious

Hi,

I am restoring the severity of this FTBFS bug, which has concrete 
consequences on several packages.


Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040694: Segfault in CbcModel::initialSolve

[Pierre Gruet]

Source: coinor-cbc
Version: 2.10.10+ds1-1
Severity: important
X-Debbugs-Cc: schuel...@phimeca.com

Dear Maintainer,

Starting from version 2.10.10+ds1-1 (2.10.8+ds1-1 was OK), one of the
build-time tests of openturns started to fail: t_Bonmin_std. Running it with
gdb I get:

--->8

(gdb) run
Starting program: 
/build/openturns-eQ5lBV/openturns-1.20/builddir/lib/test/t_Bonmin_std
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
class=Bonmin
algorithm=B-BB
options=
mu_oracle=loqo


Program received signal SIGSEGV, Segmentation fault.
0x71ce1347 in CbcModel::initialSolve() () from 
/usr/lib/x86_64-linux-gnu/libCbc.so.3
(gdb) bt
#0  0x71ce1347 in CbcModel::initialSolve() () from 
/usr/lib/x86_64-linux-gnu/libCbc.so.3
#1  0x748a2705 in Bonmin::Bab::branchAndBound(Bonmin::BabSetupBase&) () 
from /usr/lib/x86_64-linux-gnu/libbonmin.so.4
#2  0x7755b48e in OT::Bonmin::run (this=this@entry=0x7fffe440) at 
./lib/src/Base/Optim/Bonmin.cxx:174
#3  0xf285 in main () at ./lib/test/t_Bonmin_std.cxx:131

--->8 

which indicates a problem in coinor-cbc.
The above backtrace is somewhat reminiscent of the one of the issue
https://github.com/coin-or/Cbc/issues/591
which has been fixed in upstream version 2.10.10. I suspect a close issue is
showing up here.

Thanks a lot for your help,

-- 
Pierre

Bug#1040694: Package has to go through a proper transition process

[Pierre Gruet]

Control: severity -1 serious
Control: retitle -1 Package has to go through a proper transition process

Hi,

After the discussions in
https://lists.debian.org/debian-mentors/2023/07/msg00057.html
it appears the package should have undergone a transition process
and a SONAME bump between versions 2.10.8+ds1-1 and 2.10.10+ds1-1 as
there are ABI breakages.

I suggest we revert the upstream version to 2.10.8 using a +really
version number and then lead the transition itself.

But feel free to handle this bug report differently if you wish.

Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1030430: Reassigning to biojava6-live

[Pierre Gruet]

Control: reassign -1 biojava6-live

Hello,

This is a bug in biojava6-live which makes its biojava-structure 
artifact require unneeded log4j jars.


Best,

--
Pierre



OpenPGP_signature
Description: OpenPGP digital signature

Bug#1030445: Reassigning to biojava6-live

[Pierre Gruet]

Control: reassign -1 biojava6-live

Hello,

This is a bug in biojava6-live which makes its biojava-structure 
artifact require unneeded log4j jars.


Best,

--
Pierre




OpenPGP_signature
Description: OpenPGP digital signature

Bug#1021200: wrong build-dependency libservlet-api-ava

[Pierre Gruet]

Package: groovy
Version: 2.4.21-3
Severity: important

Hello,

The version 2.4.21-3 of groovy that was uploaded yesterday wrongly includes
libservlet-api-ava
as a build-dependency. This mispelled package name has been introduced in an
attempt to solve Bug #1020429.

Build dependencies of groovy and of its rdeps cannot be satisfied.

Cheers,

-- 
Pierre

Bug#1021485: no version information is shipped in the POMs for the plexus- dependencies

[Pierre Gruet]

Package: libplexus-interactivity-api-java
Version: 1.1-1
Severity: normal

Hello,

Currently no version information is provided in the shipped POMs for plexus-*,
this is because this information is missing in all POMs in the source although
the child POMs both declare a dependency on two plexus- artifacts.

This leads to errors about "dependencies.dependency.version" being missing when
one attempts to build a software depending on plexus-interactivity, e.g. using
maven-javadoc-plugin which depends on it.

I will make an upload solving this soon.

Best,

-- 
Pierre

Bug#1021899: wrongly reports a typo for rule execute_before_mh_install

[Pierre Gruet]

Package: lintian-brush
Version: 0.132
Severity: normal

Dear Maintainer,

In the debian/rules file of the source package jmol, I have a rule called
execute_before_mh_install
and lintian-brush reports a typo-in-debhelper-override-target and changes it to
execute_before_dh_install
although mh_install is a valid sequence brought up by maven_repo_helper, which
one uses to add Maven coordinates for Java projects.

Do you think this might get fixed?

Best,

-- 
Pierre

Bug#1021934: ITP: biojava6-live -- Java API to biological data and applications (version 6)

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Debian-med team 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: biojava6-live
  Version : 6.0.5
  Upstream Author : BioJava Developers 
* URL : https://biojava.org
* License : LGPL-2.1
  Programming Lang: Java
  Description : Java API to biological data and applications (version 6)

This package presents the Open Source Java API to biological databases
and a series of mostly sequence-based algorithms.

BioJava is an open-source project dedicated to providing a Java framework
for processing biological data. It includes objects for manipulating
sequences, file parsers, server support, access to BioSQL
and Ensembl databases, and powerful analysis and statistical routines
including a dynamic programming toolkit.


Important changes in the API at each major version have made it necesssary to
have a new source package for every major version of the library. In the
Debian-med team, we have already started seeing packages depending on biojava 6
and it would be a very valuable addition to have it into Debian.

The package will be team-maintained by the Debian-med team.

Bug#1022258: ITP: libmjson-java -- lean JSON Library for Java with a compact API

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Debian-med team 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: libmjson-java
  Version : 1.4.0
  Upstream Author : Miami-Dade County
* URL : https://bolerio.github.io/mjson/
* License : Apache-2.0
  Programming Lang: Java
  Description : lean JSON Library for Java with a compact API

mJson is an extremely lightweight Java JSON library with a very concise API.
Unlike other JSON libraries, it focuses on manipulating JSON structures in
Java without necessarily mapping them to/from strongly typed Java objects.
Because of its tiny size, it is well-suited for any application aiming at a
small footprint such as mobile applications.

mjson is needed as a dependency of htsjdk, which is an important software in
the Debian-med ecosystem.

Bug#765906: ITP: coinor-bonmin -- mixed-integer nonlinear optimization solver

[Pierre Gruet]

Control: retitle -1 ITP: coinor-bonmin -- mixed-integer nonlinear optimization 
solver
Control: owner -1 !

Hi,

I am willing to package bonmin as it is a (optional) dependency of openturns, 
which I maintain.

Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1025829: prints an exception message at startup

[Pierre Gruet]

Package: beast2-mcmc
Version: 2.7.2+dfsg-1
Severity: normal

Hi,

When launching
$ beast2-mcmc
I get an exception message

java.lang.NullPointerException: Cannot invoke "java.io.InputStream.close()" 
because "" is null
at beast.pkgmgmt.launcher.BeastLauncher.copyFileUsingStream(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.createBeastPackage(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.installBEASTPackage(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.getPath(Unknown Source)
at beast.pkgmgmt.launcher.BeastLauncher.main(Unknown Source)
java.lang.NullPointerException: Cannot invoke "java.io.InputStream.close()" 
because "" is null
at beast.pkgmgmt.launcher.BeastLauncher.copyFileUsingStream(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.createBeastPackage(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.installBEASTPackage(Unknown 
Source)
at beast.pkgmgmt.launcher.BeastLauncher.getPath(Unknown Source)
at beast.pkgmgmt.launcher.BeastLauncher.main(Unknown Source)

There is an ongoing discussion in
https://github.com/CompEvol/beast2/issues/1060
but I guess the issue is on the Debian packaging side. I shall look at it soon
but nevertheless drop this bug so that it does not get forgotten.

Cheers,

-- 
Pierre


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-5-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages beast2-mcmc depends on:
ii  default-jre 2:1.17-73
ii  libantlr4-runtime-java  4.7.2-5
ii  libcolt-free-java   1.2.0+dfsg-7
ii  libhmsbeagle-java   3.1.2+dfsg-12+b1
ii  libopenjfx-java 11.0.11+0-1.1
ii  openjfx 11.0.11+0-1.1

beast2-mcmc recommends no packages.

beast2-mcmc suggests no packages.

-- no debconf information

Bug#1025830: beauti2 fails to start

[Pierre Gruet]

Package: beast2-mcmc
Version: 2.7.2+dfsg-1
Severity: important

Hi,

When launching
$ beauti2
I get the exception message discussed in bug #1025829, then a window from the
beast package manager, then the program terminates.
In the console I have

Graphics Device initialization failed for :  es2, sw
Error initializing QuantumRenderer: no suitable pipeline found
java.lang.RuntimeException: java.lang.RuntimeException: Error initializing 
QuantumRenderer: no suitable pipeline found
at 
com.sun.javafx.tk.quantum.QuantumRenderer.getInstance(QuantumRenderer.java:280)
at 
com.sun.javafx.tk.quantum.QuantumToolkit.init(QuantumToolkit.java:222)
at com.sun.javafx.tk.Toolkit.getToolkit(Toolkit.java:261)
at 
com.sun.javafx.application.PlatformImpl.startup(PlatformImpl.java:267)
at 
com.sun.javafx.application.PlatformImpl.startup(PlatformImpl.java:158)
at 
com.sun.javafx.application.LauncherImpl.startToolkit(LauncherImpl.java:658)
at 
com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:678)
at 
com.sun.javafx.application.LauncherImpl.lambda$launchApplication$2(LauncherImpl.java:195)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.RuntimeException: Error initializing QuantumRenderer: no 
suitable pipeline found
at 
com.sun.javafx.tk.quantum.QuantumRenderer$PipelineRunnable.init(QuantumRenderer.java:94)
at 
com.sun.javafx.tk.quantum.QuantumRenderer$PipelineRunnable.run(QuantumRenderer.java:124)
... 1 more
java.lang.reflect.InvocationTargetException
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at beast.pkgmgmt.launcher.BeastLauncher.run(Unknown Source)
at beast.pkgmgmt.launcher.BeautiLauncher.main(Unknown Source)
Caused by: java.lang.RuntimeException: No toolkit found
at com.sun.javafx.tk.Toolkit.getToolkit(Toolkit.java:273)
at 
com.sun.javafx.application.PlatformImpl.startup(PlatformImpl.java:267)
at 
com.sun.javafx.application.PlatformImpl.startup(PlatformImpl.java:158)
at 
com.sun.javafx.application.LauncherImpl.startToolkit(LauncherImpl.java:658)
at 
com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:678)
at 
com.sun.javafx.application.LauncherImpl.lambda$launchApplication$2(LauncherImpl.java:195)
at java.base/java.lang.Thread.run(Thread.java:833)

so probably there is an issue when loading openjfx. I whall investigate shortly
but nevertheless drop this bug so that it does not get forgotten.

Cheers,

-- 
Pierre


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-5-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages beast2-mcmc depends on:
ii  default-jre 2:1.17-73
ii  libantlr4-runtime-java  4.7.2-5
ii  libcolt-free-java   1.2.0+dfsg-7
ii  libhmsbeagle-java   3.1.2+dfsg-12+b1
ii  libopenjfx-java 11.0.11+0-1.1
ii  openjfx 11.0.11+0-1.1

beast2-mcmc recommends no packages.

beast2-mcmc suggests no packages.

-- no debconf information

Bug#1025894: breaks the autopkgtest of nipype

[Pierre Gruet]

Source: python3-nibabel
Version: 4.0.2-1
Severity: serious

Hi,

It seems the module nibabel.trackvis is not shipped anymore with nibabel 4.0.2,
which breaks the autopkgtest of nipype. See for instance
https://ci.debian.net/packages/n/nipype/testing/amd64/

Cheers,

-- 
Pierre

Bug#1025953: beast-mcmc: only usable with OpenCL

[Pierre Gruet]

Control: forwarded -1 https://github.com/CompEvol/beast2/issues/1069

Hi,

Le 12/12/2022 à 17:08, Andreas Tille a écrit :

Hi Andrius,

Am Mon, Dec 12, 2022 at 04:06:40PM +0200 schrieb Andrius Merkys:

When launched on a system without OpenCL, beast-mcmc executable dies:

$ beast-mcmc -help
OpenCL error: CL_DEVICE_NOT_FOUND from file , line
122.

 From a quick glance this seems to be happening due to beast-mcmc using
OpenCL version of libhmsbeagle1v5 (the line cited in the error message is in
libhmsbeagle source). However, beast-mcmc seems to support CLI options to
switch to libhmsbeagle1v5 CPU instance (see 'beagle_CPU' in
src/dr/app/beast/BeastMain.java). Maybe it is possible to make CPU mode the
default to avoid loading OpenCL-dependent libraries.


Thanks a lot for the hint.  I've tried -beagle_CPU which fails and even
-beagle_off[1] which fails as well[2].

Any hint would be welcome


It turns out I am meeting the same issue on beast2-mcmc (although not 
when typing only $ beast2-mcmc -help) and I am currently in touch with 
upstream for some packaging issues.


I just opened the issue referenced on top of this email to get some 
help, which will also help for beast-mcmc.



  Andreas.

[1] 
https://salsa.debian.org/med-team/beast-mcmc/-/blob/master/debian/tests/run-unit-test#L12-13
[2] https://salsa.debian.org/med-team/beast-mcmc/-/jobs/3648046#L367



Best regards,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1026131: Merging and marking as closed

[Pierre Gruet]

Control: forcemerge 1025838 -1

Hello,

This is the same as #1025838, which version 1.11.9+dfsg-3 properly closes.

Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1025953: Reassigning to libhmsbeagle

[Pierre Gruet]

Control: reassign -1 libhmsbeagle 3.1.2+dfsg-12
Control: affects -1 beast-mcmc beast2-mcmc
Control: tags -1 pending

Hi,

Thanks to Remco Bouckaert, the author of beast2, I could find the issue 
is in libhmsbeagle. Passing --without-opencl to the configure step of 
libhmsbeagle allows one to avoid errors such as the one you reported.


This change does not seem to affect the other reverse dependency of 
libhmsbeagle, so I am endorsing it.


Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1025830: beauti2 fails to start

[Pierre Gruet]

Control: tags -1 help

Hello,

I tried to investigate further, I feel a window should appear and the 
action of the user is expected, yet I don't see anything except the 
initial "Initializing BEAUti..." GUI.

My knowledge of jdb did not allow me to understand further what is going on.

Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1023948: transition: hmat-oss

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear Release team,

There is a need for a transition of hmat-oss after a change in the ABI. The new
package has been uploaded to experimental and can build on all architectures,
either on buildds or on porterboxes. Thus I am asking for a transition slot.

There are two reverse dependencies, of which I am also the uploader: openturns
and persalys. They can also build against the new hmat-oss package.

Finally, the Ben file at
https://release.debian.org/transitions/html/auto-hmat-oss.html
is fine.

Cheers,

-- 
Pierre

Bug#1024039: Current default JDK should be updated in Lintian

[Pierre Gruet]

Package: lintian
Version: 2.115.3
Severity: normal

Dear Maintainer,

Recently, java-common was updated in unstable and then in testing, it changes
the default JDK in Debian from OpenJDK11 to OpenJDK17. Thus I think the line 21
in data/java/constants should be changed from
default-bytecode-version = 56
to
default-bytecode-version = 61
in order to avoid warnings like

--8<--
W: beast2-mcmc: incompatible-java-bytecode-format Java17 version (Class format: 
61)
N: 
N:   The package contains Java class files with a minimum requirement on the
N:   listed Java version. This Java version is not supported by the default JVM
N:   in Debian and is therefore likely to be a mistake.
N: 
N:   Please refer to Bug#673276 for details.
N: 
N:   Visibility: warning
N:   Show-Always: no
N:   Check: languages/java
N: 
--8<--

which I got with beast2-mcmc 2.7.1+dfsg-1. The package was successfully built
using OpenJDK17 and is now in unstable.
I also just got a similar warning with libjgraph-java, which should hit
unstable within a couple of hours.

Thanks for all the work on Lintian!

Cheers,

-- 
Pierre

Bug#1024675: transition: openturns

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Dear Release Team,

I would like to do the transition of openturns due to ABI changes. The new
version is in experimental and builds on all relevant architectures. There is
one rdep, persalys, which also builds well.

The autogenerated ben file is fine.

So I am ready to proceed when you tell me.

Cheers,

-- 
Pierre Gruet

Bug#1029186: RFS: libcommons-validator-java/1:1.7-1 [Team] -- ease and speed development and maintenance of validation rules

[Pierre Gruet]

Control: tags -1 moreinfo

Hi,

On Thu, 19 Jan 2023 07:44:05 + min sun  wrote:
>
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "libcommons-validator-java":
>
> * Package name : libcommons-validator-java
> Version : 1:1.7-1
> Upstream contact : http://commons.apache.org/validator/
> * URL : https://commons.apache.org/proper/commons-validator/
> * License : Apache-2.0
> * Vcs : https://salsa.debian.org/java-team/libcommons-validator-java
> Section : java
>
> The source builds the following binary packages:
>
> libcommons-validator-java - ease and speed development and 
maintenance of validation rules

> libcommons-validator-java-doc - API documentation for Commons Validator
>
> To access further information about this package, please visit the 
following URL:

>
> https://mentors.debian.net/package/libcommons-validator-java/
>
> Alternatively, you can download the package with 'dget' using this 
command:

>
> dget -x 
https://mentors.debian.net/debian/pool/main/libc/libcommons-validator-java/libcommons-validator-java_1.7-1.dsc

>
> Changes since the last upload:
>
> libcommons-validator-java (1:1.7-1) UNRELEASED; urgency=medium
> .
> * Team upload.
> * New upstream release.
> * Add commons-csv-java as new dependency.
> * Skip running the tests.
>

There seems to be something wrong at the tip of the master branch, as it 
contains files (e.g. PROPOSAL.html) which are not in the upstream 
tarball I get by running uscan from the source dir. Could you please fix it?
Also I see there was no commit on the pristine-tar branch related to 
this new version, please handle the relevant pristine-tar option when 
using git-buildpackage.


>
> This new version needs a test dependency called junit-clptr which is 
not ported to debian currently, I don’t know how to handle this issue 
and just ignore it,and have to skip the test.

>
> I tried to enable the test and build locally with bellow command:
> dpkg-buildpackage -us -uc
>
> The test results shows that :
>
> [WARNING] Tests run: 25, Failures: 0, Errors: 0, Skipped: 1, Time 
elapsed: 0.025 s - in 
org.apache.commons.validator.routines.EmailValidatorTest

>
> [WARNING] Tests run: 576, Failures: 0, Errors: 0, Skipped: 1
>
> I think it is harmless to disable the test for now.

It is fine to ignore the tests that need junit-clptr (which is the case 
only in one class as I can see), but if I understand correctly what you 
write, all other tests are successful? If so, one should only skip the 
problematic class by patching pom.xml (see third answer in [0] with the 
maven-surefire-plugin configuration) instead of skipping all the tests.

Also keep what you changed in debian/maven.ignoreRules, that's OK.

>
> I’m not familiar with java packaging and any suggestion or advice is 
welcome.


I hope this helps :)

>
> Regards,
> --
> sun min
>

Cheers,

--
Pierre

[0] 
https://stackoverflow.com/questions/835705/is-there-a-way-to-skip-only-a-single-test-in-maven


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1052323: RM: biojava5-live -- ROM; superseded by biojava6-live

[Pierre Gruet]

Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: biojava5-l...@packages.debian.org
Control: affects -1 + src:biojava5-live

Hello,

On behalf of Debian-med team, I am asking you to please remove biojava5-live
from unstable. biojava6-live can be used instead and there is no rdep for
biojava5-live, so that it can be safely removed and only causes maintenance
burden if it remains there.

Thanks a lot,

-- 
Pierre

Bug#1031123: RFS: libcommons-collections4-java/4.4-1 [Team] -- Apache Commons Collections - Extended Collections API for Java

[Pierre Gruet]

Hello min sun,

Le 13/02/2023 à 10:27, min sun a écrit :

Hi, Hilmar Preuße, and tony:

Thanks for you guide!

I will keep the distribution tag "UNRELEASED" as it is for the sponsor.


which I also support. Some teams have put such practice in their 
policies, like in

https://science-team.pages.debian.net/policy/#idm56




The debian/watch was modified to direct to apache archive site ,because:

1.Tag names from github are not well defined[1].

2.Some github release even introduces nonexisted files[2].

I think the apache site will do a little more strict check before archiving.

I uploaded again, please refer to mentors.debian.(Upload #2.)


I have just had a look. I am almost ready to upload, I just ask you to 
address the following, which can be read on [3]:

- insecure-copyright-format-uri
- silent-on-rules-requiring-root (add the related line in debian/control)
- uses-debhelper-compat-file (i.e. drop debian/compat and depend on 
debhelper-compat (= 13) instead)
- also you could really drop debian/README.source and 
debian/maven.cleanIgnoreRules




[1]https://github.com/apache/commons-collections/tags

[2]https://lists.debian.org/debian-java/2023/01/msg00029.html

[3]https://mentors.debian.net/package/libcommons-collections4-java/

I think it is really fine to care for this package now, but as we are in 
the soft freeze period, I would upload to experimental: I used 
japi-compliance-checker to see the differences between the jars in 
version 4.2-1 and in (your candidate) 4.4-1, and there has been a small 
number of (upstream) return types changes. The number of 
reverse-dependencies is too large to be tested with ratt at home.


Tell us/me once you are done.

Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1031123: reply: Bug#1031123: RFS: libcommons-collections4-java/4.4-1 [Team] -- Apache Commons Collections - Extended Collections API for Java

[Pierre Gruet]

Hi min sun,

Le 20/02/2023 à 04:23, min sun a écrit :

   Hi, Pierre Gruet:

   Thanks for your kind advice.


And thanks for your work on this package!
I have just uploaded as is to experimental. I will try to remember 
uploading it to unstable after the release of Bookworm, but please drop 
an email if I fail to do so.





I think it is really fine to care for this package now, but as we are in



the soft freeze period, I would upload to experimental: I used



japi-compliance-checker to see the differences between the jars in



version 4.2-1 and in (your candidate) 4.4-1, and there has been a small



number of (upstream) return types changes. The number of



reverse-dependencies is too large to be tested with ratt at home.


All the warnings are solved and please see Upload #3.

But for the ratt, it’s really a headache for me too.

Could I leave it for the Debian CI ?


Definitely we won't handle this individually with ratt. Still, within a 
few hours the package will be installed in experimental so it is 
feasible to manually rebuild the direct (i.e. non transitive) 
reverse-dependencies while adding the experimental repository.




Please tell me if there are any issues still need to be fixed.

Best !



Thanks again,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1006532: libjogl2-java: Profile GL4bc is not available on X11GraphicsDevice

[Pierre Gruet]

Control: tags -1 fixed-in-experimental
Control: fixed -1 2.4.0+dfsg-1~exp1

Hello,

This bug should not show up anymore with the version 2.4.0+dfsg-1~exp1 
currently in experimental. As we are in the freeze process for Bookworm, 
one should wait the release happens as scilab also needs to be rebuilt 
agaings this new jogl2 version.


Best,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#959732: Reassigning to libjogl2-java

[Pierre Gruet]

Control: reassign -1 libjogl2-java
Control: merge 1006532 -1

Hello,

This is a bug in libjogl2-java, which is fixed in 
libjogl2-java/2.4.0+dfsg-1~exp1 currently in experimental.


Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034716: the count of processes on hold for an AM is not decreased when a process on hold is closed

[Pierre Gruet]

Package: nm.debian.org
Severity: normal

Hello,

When an application manager puts an application on hold, the number of
processes on hold on
https://nm.debian.org/public/managers/
increases by one unit for this AM, fine.

Now, if this process is closed, I trust the "on hold" counter for the AM should
decrease by one unit, which is not the case. As of today, for instance, AM pgt
appears as having 1 process on hold on
https://nm.debian.org/public/managers/
although this is not the case, he was an AM for a process on hold that got
closed afterwards.

Thanks,

-- 
Pierre

Bug#1034752: embeds non-free headers

[Pierre Gruet]

Source: gluegen2
Version: 2.3.2-9
Severity: serious
Tags: fixed-in-experimental

Dear Maintainer,

Non-free header files are present in the source of gluegen2, see for instance
in make/stub_includes/jni/jni.h:
 *   Copyright 2006 Sun Microsystems, Inc. All rights reserved.
 *   SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

Removing these headers and using these of the jdk instead requires some extra
work in the rdep libjogl2-java, but it is done in experimental.

Best,

-- 
Pierre

Bug#1034757: unblock (pre-approval): scilab/6.1.1+dfsg2-5 libjogl2-java/2.3.2+dfsg-10 gluegen2/2.3.2-9

[Pierre Gruet]

Control: tags -1 - moreinfo

Hi Paul,

Le 27/04/2023 à 11:38, Paul Gevers a écrit :

Control: tags -1 moreinfo

Hi Pierre,

On Sun, 23 Apr 2023 17:27:30 +0200 Pierre Gruet  wrote:
This unblock would lead to new upstream versions (with some packaging 
work more
complex than just refreshing patches) of gluegen2 and libjogl2 shipped 
into
Bookworm, which I trust to be OK as they have only one rdep, king, 
which works

well with them.


Are targeted fixes an option? We're well past new upstreams being 
acceptable [1] unless they are targeted fixes themselves.


Thanks for looking at my proposal. I understand well this is not 
feasible as is. Indeed the fixes I proposed are quite important as they 
require a new upstream version of 2 packages. Also, working around RC 
bug #1034752 in src:gluegen2 requires quite a lot of Debian-specific 
changes.


So I now propose to do something simpler, in order to have Scilab be 
able to start and work plainly except for plotting (which was also the 
case in Bullseye anyway), fixing RC bug #1033496.


In order to get a pre-approval, I only did the change locally (source 
debdiff attached), will upload to unstable if granted.


Below is my proposal:

[ Reason ]

Currently, the key package scilab/6.1.1+dfsg2-5 in sid/testing does not 
start since we have openjdk-17 as default Java machine, see grave bug 
#1033496: it is unusable right now.


[ Impact ]

If the unblock is not granted, scilab will remain unusable in Bookworm.
If it is granted, then it will be working except for plotting.

[ Tests ]

I changed one line in the source, built it in a clean chroot, installed 
in on my machine running Bookworm and could use all of Scilab features 
(plotting aside).


[ Risks ]

No risk, as we would not change the biinaries but only the shell wrapper 
that invokes them with the correct environment variables.


[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes (did them myself) and I approve them
  [X] attach debdiffs of the locally built package against the package
  in testing



Paul
PS: your message didn't reach our list, which is a bad sign about the 
size of the changes.



That's right...!

Best,

--
Pierre
diff -Nru scilab-6.1.1+dfsg2/debian/changelog scilab-6.1.1+dfsg2/debian/changelog
--- scilab-6.1.1+dfsg2/debian/changelog	2023-03-11 16:23:07.0 +0100
+++ scilab-6.1.1+dfsg2/debian/changelog	2023-04-27 12:37:49.0 +0200
@@ -1,3 +1,11 @@
+scilab (6.1.1+dfsg2-6) UNRELEASED; urgency=medium
+
+  * Team upload
+  * Adding another --add-opens clause to the scilab invocation to avoid the
+Exception at GUI start (Closes: #1033496)
+
+ -- Pierre Gruet   Thu, 27 Apr 2023 12:37:49 +0200
+
 scilab (6.1.1+dfsg2-5) unstable; urgency=medium
 
   * Team upload
diff -Nru scilab-6.1.1+dfsg2/debian/patches/populating_java_options_by_default.patch scilab-6.1.1+dfsg2/debian/patches/populating_java_options_by_default.patch
--- scilab-6.1.1+dfsg2/debian/patches/populating_java_options_by_default.patch	2023-03-11 14:13:54.0 +0100
+++ scilab-6.1.1+dfsg2/debian/patches/populating_java_options_by_default.patch	2023-04-27 12:36:03.0 +0200
@@ -14,7 +14,7 @@
 +# We initialize _JAVA_OPTIONS so that the right paths are looked into and we
 +# add the needed --add-opens to work with OpenJDK 17.
 +if ! echo "${_JAVA_OPTIONS}" | grep -q "java\.library\.path" ; then
-+_JAVA_OPTIONS="${_JAVA_OPTIONS} -Djava.library.path=/usr/lib/jni:/usr/lib/scilab --add-opens=java.desktop/sun.awt.X11=ALL-UNNAMED --add-opens=java.desktop/sun.java2d.opengl=ALL-UNNAMED"
++_JAVA_OPTIONS="${_JAVA_OPTIONS} -Djava.library.path=/usr/lib/jni:/usr/lib/scilab --add-opens=java.desktop/sun.awt.X11=ALL-UNNAMED --add-opens=java.desktop/sun.java2d.opengl=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED"
 +fi
 +
  if test ! -z "$SCIVERBOSE"; then


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1049904: O: dicelab -- tool to compute the statistical distribution of dice rolls

[Pierre Gruet]

Package: wnpp
Severity: normal
X-Debbugs-Cc: dice...@packages.debian.org
Control: affects -1 + src:dicelab

I intend to orphan the dicelab package because of a lack of interest and
apparently a poor number of users. Upstream seems to be inactive as the orig
website has been unreachable for many months.

The package description is:
 With dicelab you can express most dice rolls (and similar things) in a
 functional language, and then either roll the expression, or evaluate the
 statistical distribution. In the latter case you can choose whether you want to
 simply roll and tally many times, or actually compute the distribution (which
 is more precise, but takes a long time in some obscure cases).

The package is in good shape, although it is affected by #1049747 related to
the clean target.

Cheers,

-- 
Pierre

Bug#1050170: ITP: libconcurrentunit-java -- simple toolkit for testing multi-threaded Java code

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Debian Java Maintainers 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libconcurrentunit-java
  Version : 0.4.6
  Upstream Contact: Jonathan Halterman 
* URL : https://github.com/jhalterman/concurrentunit
* License : Apache-2.0
  Programming Lang: Java
  Description : simple toolkit for testing multi-threaded Java code

ConcurrentUnit was created to help developers test multi-threaded or
asynchronous code. It allows one to perform assertions and wait for operations
in any thread, with failures being properly reported back to the main test
thread. If an assertion fails, the test fails, regardless of which thread the
assertion came from.

This package is needed as a (transitive) dependency of nextflow. It will be
team-maintained by the Debian-Java team.

Bug#1029202: snippy: Error when using snpeff 5.1

[Pierre Gruet]

Hi Andreas,

Le 24/08/2023 à 11:21, Andreas Tille a écrit :

Hi Pierre,

I just noticed that snpeff upstream has tagged a new release.  I've
injected the new tarball into Salsa Git but did not yet worked on the
quilt patches that need to be adapted.  If you throw an ENOTIME error
I could see how far I might come with the changes.  If you find some
spare time for this issue I'd leave further changes to you.


I found some time :-D
Upstream changed the location of the build-time tests, putting them in a 
more canonical place. I updated the patches and d/rules accordingly. 
This is all pushed to the Salsa repo.


However, the script you provided in the bug report [0] is still not 
working with this newly packaged version 5.1+f+dfsg (tested locally), so 
probably we should do as you suggested there [1] and provide 
5.1+d+dfsg-really5.0+f in unstable, as the script is working with 
version 5.0+f.


Admittedly this is a step back for the library, but as least one would 
have the use case of your colleagues working. If you still think this is 
a good idea, I offer to finalize this step back.




Kind regards
 Andreas.



Best,

--
Pierre

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029202#5
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029202#37


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1050537: bookworm-pu: package batik/1.16+dfsg-1+deb12u1

[Pierre Gruet]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ba...@packages.debian.org
Control: affects -1 + src:batik

Dear Release Team,

I would like to propose an upload of batik in the next point release.

[ Reason ]
CVE-2022-44729 and CVE-2022-44730 have been filed against batik. They are fixed
in sid (and soon trixie). I discussed with Security team, they said a DSA is
not needed but suggested to fix the CVE in bookworm in a point release.

The two CVE are corrected by backporting upstream changes.

[ Impact ]
The two CVE would remain:
``A malicious SVG can probe user profile / data and send it directly as
parameter to a URL.''
and
``A malicious SVG could trigger loading external resources by default, causing
resource consumption or in some cases even information disclosure.''

[ Tests ]
The rdepss using the classes touched by upstream corrections were rebuilt in a 
bookworm chroot. No additional tests were made.

[ Risks ]
Code is quite trivial and it is a direct backport of changes made in version
1.17, currently in sid. Risks due to the changes in the code are quite limited
in my opinion, but batik has many rdeps so you might consider the security
risks are not important enough to deserve an update in a point release.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Changes are in 7 files and consist in:
- Blocking loading external resource by default
http://svn.apache.org/viewvc?view=revision&revision=1905049
- Switching to empty whitelist of packages for the class RhinoClassShutter
https://svn.apache.org/viewvc?view=revision&revision=1905011

Thanks for your attention,

-- 
Pierre
diff -Nru batik-1.16+dfsg/debian/changelog batik-1.16+dfsg/debian/changelog
--- batik-1.16+dfsg/debian/changelog2022-10-27 18:27:37.0 +0200
+++ batik-1.16+dfsg/debian/changelog2023-08-24 21:28:00.0 +0200
@@ -1,3 +1,9 @@
+batik (1.16+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Fixing CVE-2022-44729 and CVE-2022-44730
+
+ -- Pierre Gruet   Thu, 24 Aug 2023 21:28:00 +0200
+
 batik (1.16+dfsg-1) unstable; urgency=medium
 
   * New upstream version 1.16+dfsg, fixing security issues:
diff -Nru batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch 
batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch
--- batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch 1970-01-01 
01:00:00.0 +0100
+++ batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch 2023-08-24 
21:27:27.0 +0200
@@ -0,0 +1,208 @@
+Description: fixing CVE-2022-44729 and CVE-2022-44730
+ by applying the file changes of upstream commits fixing the CVE
+Author: Pierre Gruet 
+Origin: upstream, https://issues.apache.org/jira/browse/BATIK-1347 and 
https://issues.apache.org/jira/browse/BATIK-1349
+Forwarded: not-needed
+Last-Update: 2023-08-24
+
+--- 
a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
 
b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
+@@ -77,6 +77,9 @@
+ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
++if (DATA_PROTOCOL.equals(externalResourceURL.getProtocol())) {
++return;
++}
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+--- 
a/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
 
b/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
+@@ -21,6 +21,7 @@
+ import org.mozilla.javascript.ClassShutter;
+ 
+ import java.util.Arrays;
++import java.util.ArrayList;
+ import java.util.List;
+ 
+ /**
+@@ -30,7 +31,7 @@
+  * @version $Id: RhinoClassShutter.java 1904565 2022-10-13 11:05:28Z ssteiner 
$
+  */
+ public class RhinoClassShutter implements ClassShutter {
+-private static final List WHITELIST = 
Arrays.asList("java.io.PrintStream", "java.lang.System", "java.net.URL");
++ public static final List WHITELIST = new ArrayList<>();
+ 
+ /*
+ public RhinoClassShutter() {
+@@ -59,56 +60,12 @@
+  * Returns whether the given class is visible to scripts.
+  */
+ public boolean visibleToScripts(String fullClassName) {
+-if (!WHITELIST.contains(fullClassName) && 
!fullClassName.endsWith("Permission") && !fullClassName.startsWith("org.")) {
+-return false;
+-}
+-
+-// Don't let them mess with script engine's internals.
+-if (fullClassName.startsWith("org.mozilla.javascript"))
+-return

Bug#1050538: bullseye-pu: package batik/1.12-4+deb11u2

[Pierre Gruet]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ba...@packages.debian.org
Control: affects -1 + src:batik

Dear Release Team,

I would like to propose an upload of batik in the next point release.

[ Reason ]
CVE-2022-44729 and CVE-2022-44730 have been filed against batik. They are fixed
in sid (and soon trixie). I discussed with Security team, they said a DSA is
not needed but suggested to fix the CVE in bullseye in a point release.

The two CVE are corrected by backporting upstream changes.

[ Impact ]
The two CVE would remain:
``A malicious SVG can probe user profile / data and send it directly as
parameter to a URL.''
and
``A malicious SVG could trigger loading external resources by default, causing
resource consumption or in some cases even information disclosure.''

[ Tests ]
The rdeps using the classes touched by upstream corrections were rebuilt in a 
bullseye chroot. No additional tests were made.

[ Risks ]
Code is quite trivial and it is a direct backport of changes made in version
1.17, currently in sid. Risks due to the changes in the code are quite limited
in my opinion, but batik has many rdeps so you might consider the security
risks are not important enough to deserve an update in a point release.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in oldstable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Changes are in 7 files and consist in:
- Blocking loading external resource by default
http://svn.apache.org/viewvc?view=revision&revision=1905049
- Switching to empty whitelist of packages for the class RhinoClassShutter
https://svn.apache.org/viewvc?view=revision&revision=1905011

Thanks for your attention,

-- 
Pierre
diff -Nru batik-1.12/debian/changelog batik-1.12/debian/changelog
--- batik-1.12/debian/changelog 2022-10-29 16:22:11.0 +0200
+++ batik-1.12/debian/changelog 2023-08-25 11:07:07.0 +0200
@@ -1,3 +1,10 @@
+batik (1.12-4+deb11u2) bullseye; urgency=medium
+
+  * Team upload.
+  * Fixing CVE-2022-44729 and CVE-2022-44730
+
+ -- Pierre Gruet   Fri, 25 Aug 2023 11:07:07 +0200
+
 batik (1.12-4+deb11u1) bullseye-security; urgency=high
 
   * Team upload.
diff -Nru batik-1.12/debian/patches/CVE-2022-447xx.patch 
batik-1.12/debian/patches/CVE-2022-447xx.patch
--- batik-1.12/debian/patches/CVE-2022-447xx.patch  1970-01-01 
01:00:00.0 +0100
+++ batik-1.12/debian/patches/CVE-2022-447xx.patch  2023-08-25 
11:06:23.0 +0200
@@ -0,0 +1,199 @@
+Description: fixing CVE-2022-44729 and CVE-2022-44730
+ by applying the file changes of upstream commits fixing the CVE
+Author: Pierre Gruet 
+Origin: upstream, https://issues.apache.org/jira/browse/BATIK-1347 and 
https://issues.apache.org/jira/browse/BATIK-1349
+Forwarded: not-needed
+Last-Update: 2023-08-24
+
+--- 
a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
 
b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
+@@ -74,6 +74,9 @@
+ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
++if (DATA_PROTOCOL.equals(externalResourceURL.getProtocol())) {
++return;
++}
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+--- 
a/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
 
b/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
+@@ -20,6 +20,7 @@
+ 
+ import org.mozilla.javascript.ClassShutter;
+ import java.util.Arrays;
++import java.util.ArrayList;
+ import java.util.List;
+ 
+ /**
+@@ -29,7 +30,7 @@
+  * @version $Id: RhinoClassShutter.java 1733416 2016-03-03 07:07:13Z gadams $
+  */
+ public class RhinoClassShutter implements ClassShutter {
+-private static final List WHITELIST = 
Arrays.asList("java.io.PrintStream", "java.lang.System", "java.net.URL");
++ public static final List WHITELIST = new ArrayList<>();
+ 
+ /*
+ public RhinoClassShutter() {
+@@ -58,56 +59,12 @@
+  * Returns whether the given class is visible to scripts.
+  */
+ public boolean visibleToScripts(String fullClassName) {
+-if (fullClassName.startsWith("java.") && 
!WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission")) {
+-return false;
+-}
+-
+-// Don't let them mess with script engine's internals.
+-if (fullClassName.startsWith("org.mozilla.javascript"))
+-return false;
+-
+-if (fullClassName.startsWith("org.

Bug#1050556: ITP: libfailsafe-java -- fault tolerance and resilience patterns Java library

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Debian Java Maintainers 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libfailsafe-java
  Version : 3.3.2
  Upstream Contact: Jonathan Halterman 
* URL : Jonathan Halterman 
* License : Apache-2.0
  Programming Lang: Java
  Description : fault tolerance and resilience patterns Java library

Failsafe is a lightweight, zero-dependency library for handling failures in
Java 8+, with a concise API for handling everyday use cases and the
flexibility to handle everything else. It works by wrapping executable logic
with one or more resilience policies, which can be combined and composed as
needed.
Policies include Retry, CircuitBreaker, RateLimiter, Timeout, Bulkhead, and
Fallback. Additional modules include OkHttp.

This package is needed as a dependency of nextflow. It will be team-maintained
by the Debian-Java team.

Bug#1055050: FTBFS against openturns/1.21.1-2 currently in experimental

[Pierre Gruet]

Source: persalys
Version: 13.1.1+ds-1
Severity: important

Dear Maintainer (whom I am),

openturns will soon undergo a library transition and currently persalys FTBFS
against the version of openturns in experimental. Upgrading persalys to its new
upstream version solves the issue.

Best,

-- 
Pierre

Bug#1054555: Fixed in experimental

[Pierre Gruet]

Source: openturns
Followup-For: Bug #1054555
Control: tags -1 fixed-in-experimental

Hello,

Now the version 1.21.1-2 of the package, currently in experimental, builds
successfully against ceres-solver/2.2.0+dfsg-2.

Cheers,

-- 
Pierre

Bug#1054556: Raising severity to serious, ceres-solver has reached unstable

[Pierre Gruet]

Source: colmap
Version: 3.8-1
Followup-For: Bug #1054556
Control: severity -1 serious

Hi,

ceres-solver/2.2.0+dfsg-3 has reached unstable, thus I am raising the severity
of this bug to RC.

Best,

-- 
Pierre

Bug#1055194: transition: openturns

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: opentu...@packages.debian.org
Control: affects -1 + src:openturns

Dear Release Team,

I would like to request a transition slot for openturns. It has been accepted
to experimental after a SONAME bump as some symbols changed in a not
backward-compatible way. It builds correctly.

There is only one rdep, persalys, which FTBFS against the new openturns, but
the new upstream version of persalys builds correctly in experimental (upstream
is the same). I have filled an Important bug anyway, #1055050.

The auto-generated Ben file in the transition tracker looks good.

Thanks a lot,

-- 
Pierre

Bug#1055237: does not conform to the standards for library packaging

[Pierre Gruet]

Source: catch2
Version: 3.4.0-1
Severity: serious

Dear Maintainer,

Recently catch2/3.4.0-1 was uploaded to Debian, great. Yet the binary packages
do not follow the layout for libraries that is described in Policy Section 8.
For instance I think we should provide a shared library and if there are enough
reasons not to do so (see Policy 8.3), at least the binary package name should
be changed to libcatch2-dev.

Also this is not a header-only library anymore, the description of the package
should be changed.

As a side note, the upload of the major version 3.x came out with many breaking
interface changes giving rise to RC bugs in e.g. genomicsdb, netgen, spdlog,
therion just to name a few, also to failing autopkgtests in many rdeps. I would
have been more comfortable with such a huge version change being advertised and
more prepared, with some kind of a library transition process for instance.

In any case, thanks for your work on catch2,

Best regards,

-- 
Pierre

Bug#1055237: does not conform to the standards for library packaging

[Pierre Gruet]

Control: severity -1 important

Hi,

Thanks Andrius for the advice given here.

On Wed, 8 Nov 2023 09:44:58 +0200 Andrius Merkys  wrote:
> Hello,
>
> On Thu, 02 Nov 2023 18:10:19 +0100 Pierre Gruet  wrote:
> > Recently catch2/3.4.0-1 was uploaded to Debian, great. Yet the 
binary packages
> > do not follow the layout for libraries that is described in Policy 
Section 8.
> > For instance I think we should provide a shared library and if 
there are enough
> > reasons not to do so (see Policy 8.3), at least the binary package 
name should

> > be changed to libcatch2-dev.
> >
> > Also this is not a header-only library anymore, the description of 
the package

> > should be changed.
>
> I agree, binary package could be renamed and descriptions should be
> adapted as well. I am not sure about shared library, though.
>
> First, upstream uses full source package version for soversion. This
> means a transition for even a patch level upstream release. I maintain a
> couple of packages like this and it is tiring.
>
> Second, I do not expect any real binary package depending on catch2
> shared library as only test objects are linked with it. But I may be
> wrong here.

This seems like a good reason to keep a static library, at least for the 
moment.


If there remains only the renaming of the package and its description to 
be changed, then downgrading the severity looks sensible.


>
> > As a side note, the upload of the major version 3.x came out with 
many breaking
> > interface changes giving rise to RC bugs in e.g. genomicsdb, 
netgen, spdlog,
> > therion just to name a few, also to failing autopkgtests in many 
rdeps. I would
> > have been more comfortable with such a huge version change being 
advertised and
> > more prepared, with some kind of a library transition process for 
instance.

>
> Right. Such changes should be announced beforehand since catch2 is used
> widely in the archive. Transition would have been nice indeed.

If you, Mathieu, have some insight into the best ways to transition 
reverse dependencies, I think giving it in the related bug reports would 
be very helpful.


>
> > In any case, thanks for your work on catch2,
>
> Seconded - thanks for maintaining this package.
>
> Best wishes,
> Andrius
>
>

Have a great day,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1043161: i2p: CVE-2023-36325

[Pierre Gruet]

Hi Salvatore,

I am doing some QA overseeeing, I am not the maintainer of i2p. I NMUed 
it one year and a half ago, nothing has happened since then.


On Sun, 06 Aug 2023 21:26:51 +0200 Salvatore Bonaccorso 
 wrote:

> Source: i2p
> Version: 0.9.48-1.1
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: car...@debian.org, Debian Security Team 


>
> Hi,
>
> The following vulnerability was published for i2p.
>
> CVE-2023-36325[0]:
> | Attackers can de-anonymize i2p hidden services with a message replay
> | attack
>
> Should i2p be removed from unstable?

- I feel fixing the CVE would require packaging last upstream version 
(which fixed it), Debian version is far behind it, upstream has changed 
its build system so a simple NMU is not the solution;
- I don't feel the maintainer still has interest into this package, 
which he has not touched for 3 years;
- There is another RC bug #1031817 needing being worked on, upstream has 
not addressed it yet;

- i2p has not been in a Debian release since buster;
- its popcon is quickly decreasing;
- there is only one rdep, syndie, with the same maintainer, it has not 
seen an upload in 4 years and has a near-zero popcon.


I would indeed suggest removing the package and syndie (RoQA) after 
letting some time to the maintainer to respond. Keeping these two 
packages in unstable seems only harmful right now.


What do you think?

>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2023-36325
> https://www.cve.org/CVERecord?id=CVE-2023-36325
> [1] https://xeiaso.net/blog/CVE-2023-36325
>
> Regards,
> Salvatore
>
>

Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1043161: i2p: CVE-2023-36325

[Pierre Gruet]

Hi again,

Just for the sake of clarity: below I suggested a path to removal but I 
want to make it clear I don't intend to undertake such action, 
disrespecting the maintainer. Debian processes have to be respected.


Best,

--
Pierre

Le 10/11/2023 à 10:05, Pierre Gruet a écrit :

Hi Salvatore,

I am doing some QA overseeeing, I am not the maintainer of i2p. I NMUed 
it one year and a half ago, nothing has happened since then.


On Sun, 06 Aug 2023 21:26:51 +0200 Salvatore Bonaccorso 
 wrote:

 > Source: i2p
 > Version: 0.9.48-1.1
 > Tags: security upstream
 > Justification: user security hole
 > X-Debbugs-Cc: car...@debian.org, Debian Security Team 


 >
 > Hi,
 >
 > The following vulnerability was published for i2p.
 >
 > CVE-2023-36325[0]:
 > | Attackers can de-anonymize i2p hidden services with a message replay
 > | attack
 >
 > Should i2p be removed from unstable?

- I feel fixing the CVE would require packaging last upstream version 
(which fixed it), Debian version is far behind it, upstream has changed 
its build system so a simple NMU is not the solution;
- I don't feel the maintainer still has interest into this package, 
which he has not touched for 3 years;
- There is another RC bug #1031817 needing being worked on, upstream has 
not addressed it yet;

- i2p has not been in a Debian release since buster;
- its popcon is quickly decreasing;
- there is only one rdep, syndie, with the same maintainer, it has not 
seen an upload in 4 years and has a near-zero popcon.


I would indeed suggest removing the package and syndie (RoQA) after 
letting some time to the maintainer to respond. Keeping these two 
packages in unstable seems only harmful right now.


What do you think?

 >
 > If you fix the vulnerability please also make sure to include the
 > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
 >
 > For further information see:
 >
 > [0] https://security-tracker.debian.org/tracker/CVE-2023-36325
 > https://www.cve.org/CVERecord?id=CVE-2023-36325
 > [1] https://xeiaso.net/blog/CVE-2023-36325
 >
 > Regards,
 > Salvatore
 >
 >

Best,



OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1019393: hdf5 breaks libsis-jhdf5-java autopkgtest: Could not initialize class

[Pierre Gruet]

Control: tags -1 + confirmed

Hello,

The issue showing up in the tests is the native library cannot be loaded 
properly. Some symbols (at least HDfprintf) cannot be found. I can 
investigate next week.


Surprisingly, using sbuild and working in the chroot after the failure 
of the tests, running

debian/rules override_dh_auto_build
debian/rules override_dh_auto_test
leads to all the tests passing...

Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1040694: Proposing a way to solve #1040694

[Pierre Gruet]

Hello Julien,

I am writing to you in addition to the sole bug report as you are the 
uploader of coinor-cbc.


Because we saw an ABI breakage between versions 2.10.8 and 2.10.10 which 
affects rdeps, I propose to:
- Revert the version in unstable to 2.10.8, with upstream version number 
being 2.10.10+really2.10.8+ds1;
- Upload 2.10.10+really2.10.10+ds1 (containing upstream 2.10.10) to 
experimental with a SOVERSION raised to 3.1 and renaming the shared lib 
package to coinor-libcbc3.1, hereby using a SOVERSION higher than the 
upstream one but still being lower than the "4" they could adopt in the 
future;

- Lead a classic library transition so that rdeps are rebuilt.

I volunteer to do this if you want, as this is a blocker for my workflows.

Please kindly raise concerns if you need to :)

Cheers,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1041841: transition: pagmo

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: pa...@packages.debian.org
Control: affects -1 + src:pagmo

Dear Release Team,

I would like to ask for a transition slot for pagmo. libpagmo9 has been 
accepted in experimental, it builds correctly on all the architectures where it 
built before, and its only rdep openturns builds successfully against it.

The auto-generated Ben file is good.

Thanks a lot,

Cheers,

-- 
Pierre

Bug#1042016: transition: coinor-cbc

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: coinor-...@packages.debian.org
Control: affects -1 + src:coinor-cbc

Dear Release Team,

I would like to ask for a transition slot for coinor-cbc. The package has
undergone ABI changes for which a SONAME bump was necessary.

The new package has been accepted into experimental and builds correctly on all 
architectures.

The auto-generated Ben file on [0] is fine.

The reverse dependencies all build correctly against the new library package.

Best regards,

-- 
Pierre

[0] https://release.debian.org/transitions/html/auto-coinor-cbc.html

Bug#1035959: unblock: jmol/14.32.83+dfsg-1

[Pierre Gruet]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: j...@packages.debian.org
Control: affects -1 + src:jmol

Dear Release Team,

I would like to ask for an unblock of package jmol.

[ Reason ]

I fixed RC bug #1035484 which was just a dangling symlink causing piuparts
errors. This was done by removing a line in debian/jmol.links.

[ Impact ]

No impact for the user, only piuparts is affected.

[ Tests ]

I did no test as I only removed a symlink, of which target has not been in the
package for many months.

[ Risks ]

No risk, as no rdep is using the deleted symlink.

[ Checklist ]

  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]

If the unblock is not granted, the users won't notice anything as there would
only be a void symlink shipped in the package. I would also be fine with it.

Thanks a lot in any case,

-- 
Pierre

unblock jmol/14.32.83+dfsg-1
diff -Nru jmol-14.32.83+dfsg/debian/changelog 
jmol-14.32.83+dfsg/debian/changelog
--- jmol-14.32.83+dfsg/debian/changelog 2023-02-02 16:43:13.0 +0100
+++ jmol-14.32.83+dfsg/debian/changelog 2023-05-04 14:24:33.0 +0200
@@ -1,3 +1,10 @@
+jmol (14.32.83+dfsg-2) unstable; urgency=medium
+
+  * Removing symlink to non-existing /usr/share/java/JSpecView.jar
+(Closes: #1035484)
+
+ -- Pierre Gruet   Thu, 04 May 2023 14:24:33 +0200
+
 jmol (14.32.83+dfsg-1) unstable; urgency=medium
 
   * New upstream version 14.32.83+dfsg
diff -Nru jmol-14.32.83+dfsg/debian/jmol.links 
jmol-14.32.83+dfsg/debian/jmol.links
--- jmol-14.32.83+dfsg/debian/jmol.links2022-10-15 22:47:37.0 
+0200
+++ jmol-14.32.83+dfsg/debian/jmol.links2023-05-04 14:23:08.0 
+0200
@@ -1,6 +1,5 @@
 /usr/share/jmol/icon.png/usr/share/pixmaps/jmol-icon.png
 /usr/share/java/Jmol.jar/usr/share/jmol/Jmol.jar
 /usr/share/java/JmolData.jar/usr/share/jmol/JmolData.jar
-/usr/share/java/JSpecView.jar   /usr/share/jmol/JSpecView.jar
 /usr/share/java/Jvxl.jar/usr/share/jmol/Jvxl.jar
 /usr/bin/jmol   /usr/share/jmol/jmol

Bug#1036872: net.sourceforge.jeuclid.MathMLParserSupport fails to parse XML strings

[Pierre Gruet]

Package: libjeuclid-core-java
Version: 3.1.9-5
Severity: normal

Dear Maintainer,

While running scilab, I met an issue with MathML labels for axes, that were not
showing up. After digging into this, I saw this was a bug in
libjeuclid-core-java and I built the following minimal non-working example:

8<--

import java.io.IOException;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;
import net.sourceforge.jeuclid.MathMLParserSupport;

public class Main {
public static void main(String[] args) throws IOException, 
ParserConfigurationException, SAXException {
String str = new 
String("dydx=1y2");
System.out.println(MathMLParserSupport.parseString(str));
}
}

8<--

The output is:

8<--
[#document: null]
8<--

Thanks a lot for your help on this,

Cheers,

-- 
Pierre

- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (90, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libjeuclid-core-java depends on:
ii  libbatik-java1.16+dfsg-1
ii  libcommons-logging-java  1.2-3
ii  libxmlgraphics-commons-java  2.8-2

libjeuclid-core-java recommends no packages.

libjeuclid-core-java suggests no packages.

-- no debconf information

Bug#808839: How does it affect scilab?

[Pierre Gruet]

Control: affects -1 - src:scilab

Hi Julien,

On Thu, 30 Apr 2020 09:41:03 +0200 Julien Puydt  
wrote:

> Hi,
>
> can I know how it affects scilab?

It does not affect scilab, at least not anymore! This can be seen in the 
version of scilab currently in experimental: 6.1.1+dfsg2-7~exp0.


The various examples in the "Math rendering in Scilab graphics" page of 
help can all be run (there are only some issues with mathml, but there 
is Bug #1036872 for it).


>
> Cheers,
>
> JP
>

Best regards,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1037155: misses dependency on libboost-json1.81-dev

[Pierre Gruet]

Package: libboost1.81-all-dev
Version: 1.81.0-5
Severity: normal

Dear Maintainer,

The version of libboost1.81-all-dev currently in unstable and testing does not
depend on one of the -dev packages, namely libboost-json1.81-dev, although it
should.

Best regards,

-- 
Pierre

Bug#712781: src:scilab: please use SLICOT Debian package instead of embedded copy

[Pierre Gruet]

Control: forwarded -1 https://gitlab.com/scilab/scilab/-/issues/13151
Control: tags -1 - moreinfo

Hi Sébastien,

Le 28/05/2023 à 17:46, Sébastien Villemot a écrit :

Hi Pierre,


[...]


The Debian package src:slicot contains a pre-release of version 5.0 of
Slicot, which was the last version distributed by upstream under the
GPL (later versions are proprietary).

However at some point upstream changed their mind and decided to stop
distributing the 5.0 release under the GPL, so they removed it from
their website. The website now has only has version 4.5 under the GPL.
We kept 5.0 in Debian because there is nothing that prevents us from
doing so from a legal point of view. Other projects (e.g. the “control”
package for Octave) do the same.

But it looks like the version of Slicot embedded in Scilab is even
older than 4.5, and corresponds to version 4.0. My guess is that the
missing symbols that you get correspond to functions that were removed
between 4.0 and 5.0.

Unfortunately this probably means that fixing the present bug requires
more work than just patching the build system (i.e. Scilab upstream
needs to move to a more recent Slicot).



Thanks a lot for your help on understand the issue. Admittedly there is 
quite a lot of work to do here :)


I am updating the Forwarded-to URI, this issue is still open upstream.



Best wishes,



Same to you,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1037200: please consider backporting valijson to Bullseye

[Pierre Gruet]

Source: valijson
Severity: wishlist

Dear Maintainer,

I would be interested in having a backport of valijson in Bullseye, not only
for me but also for other users I know.

I would happily do it myself if you wish (I am a DD).

Best wishes,

-- 
Pierre

Bug#1037212: Please consider backporting picojson to Bullseye

[Pierre Gruet]

Source: picojson
Severity: wishlist

Dear Maintainer,

I would be interested in having picojson backported to Bullseye, for myself but
also for people working with me.

If you want, I would be pleased to do it for you (I am a DD).

Best,

-- 
Pierre

Bug#1037200: please consider backporting valijson to Bullseye

[Pierre Gruet]

Control: block -1 by 1037212


Hello,

Le 07/06/2023 à 20:34, Dima Kogan a écrit :

Hi. I'll gladly accept help on this. If you can do this yourself, that
would be great!

Thanks


Thanks for your quick answer; fine then, I will do so :)

I could build it in a Bullseye chroot by having also picojson 
backported, I will ask its maintainer as well, and proceed afterwards.


Best wishes,

--
Pierre


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1037542: bookworm-pu: package xerial-sqlite-jdbc/3.40.1.0+dfsg-1+deb12u1

[Pierre Gruet]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: xerial-sqlite-j...@packages.debian.org
Control: affects -1 + src:xerial-sqlite-jdbc

Dear Release team,

I would like to upload xerial-sqlite-jdbc to stable-proposed-updates.

[ Reason ]
Grave bug #1036706 has been filled a few days before the release of Bookworm.
This is a security bug associated to CVE-2023-32697. Although it has been
marked no-dsa by the security team, we exchanged a few emails and our
conclusion was the fix of this bug, which amounts to cherry-pick one commit of
upstream, should land in Bookworm during a point release.

[ Impact ]
CVE-2023-32697 would remain. The Debian-packaged reverse dependencies of the
package are mainly used in a single-user environment, but possibly it is also
used in a network environment by some users for their own programs, and this is
where there might be some hazard.

[ Tests ]
The package was built in a Bookworm chroot and its autopkgtest is passing.

[ Risks ]
Code is very simple, only 2 lines are changed. Upstream has published it
three weeks ago and it has issued new upstream versions since then.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Cherry-picking commit edb4b8adc2447bc04e05b9b908195a4bc7926242 from upstream,
which uses a random UUID instead of the hash of some fixed address in order to
define the DB file name.



Thanks for your help,

Best,

-- 
Pierre
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog 
xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog   2023-02-04 
14:24:45.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog   2023-06-13 
23:19:59.0 +0200
@@ -1,3 +1,9 @@
+xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm)
+
+ -- Pierre Gruet   Tue, 13 Jun 2023 23:19:59 +0200
+
 xerial-sqlite-jdbc (3.40.1.0+dfsg-1) unstable; urgency=medium
 
   * New upstream version 3.40.1.0+dfsg
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch 
xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch
1970-01-01 01:00:00.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch
2023-06-13 23:17:23.0 +0200
@@ -0,0 +1,28 @@
+Description: fixing CVE-2023-32697
+Author: Pierre Gruet 
+Origin: upstream, 
https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242
+Bug: 
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
+Bug-Debian: https://bugs.debian.org/1036706
+Forwarded: not-needed
+Applied-Upstream: edb4b8adc2447bc04e05b9b908195a4bc7926242
+Last-Update: 2023-06-13
+
+--- a/src/main/java/org/sqlite/SQLiteConnection.java
 b/src/main/java/org/sqlite/SQLiteConnection.java
+@@ -13,6 +13,7 @@
+ import java.sql.ResultSet;
+ import java.sql.SQLException;
+ import java.util.Properties;
++import java.util.UUID;
+ import java.util.concurrent.Executor;
+ import org.sqlite.SQLiteConfig.TransactionMode;
+ import org.sqlite.core.CoreDatabaseMetaData;
+@@ -303,7 +304,7 @@
+ }
+ 
+ String tempFolder = new 
File(System.getProperty("java.io.tmpdir")).getAbsolutePath();
+-String dbFileName = String.format("sqlite-jdbc-tmp-%d.db", 
resourceAddr.hashCode());
++String dbFileName = String.format("sqlite-jdbc-tmp-%s.db", 
UUID.randomUUID());
+ File dbFile = new File(tempFolder, dbFileName);
+ 
+ if (dbFile.exists()) {
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series 
xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series  2023-02-02 
17:16:53.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series  2023-06-13 
23:10:58.0 +0200
@@ -7,3 +7,4 @@
 skip_OSInfoTest.patch
 tests_without_archunit-junit5_and_some_assertions.patch
 junit-jupiter-params_artifact.patch
+CVE-2023-32697.patch

Bug#1037542: bookworm-pu: package xerial-sqlite-jdbc/3.40.1.0+dfsg-1+deb12u1

[Pierre Gruet]

Hi Salvatore,

Le 15/06/2023 à 07:21, Salvatore Bonaccorso a écrit :

Hi Pierre,

On Wed, Jun 14, 2023 at 12:01:18AM +0200, Pierre Gruet wrote:

[...]



diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog 
xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog   2023-02-04 
14:24:45.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog   2023-06-13 
23:19:59.0 +0200
@@ -1,3 +1,9 @@
+xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm)
+
+ -- Pierre Gruet   Tue, 13 Jun 2023 23:19:59 +0200


Can you as well add the Debian bug closer for #1036706 here?


Thanks for looking at my diff. I admit I had not considered closing the 
bug here since it has already been declared as closed by the upload to 
unstable, I would have issued a BTS command after this proposal hits 
bookworm.

Anyway, thanks for educating me on this.

Enclosed is the new source debdiff, everything else in the original 
message of this bug thread remains unchanged.




Regards,
Salvatore


Best,

--
Pierre
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog	2023-02-04 14:24:45.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/changelog	2023-06-13 23:19:59.0 +0200
@@ -1,3 +1,10 @@
+xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm,
+Closes: #1036706)
+
+ -- Pierre Gruet   Tue, 13 Jun 2023 23:19:59 +0200
+
 xerial-sqlite-jdbc (3.40.1.0+dfsg-1) unstable; urgency=medium
 
   * New upstream version 3.40.1.0+dfsg
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch	1970-01-01 01:00:00.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/CVE-2023-32697.patch	2023-06-13 23:17:23.0 +0200
@@ -0,0 +1,28 @@
+Description: fixing CVE-2023-32697
+Author: Pierre Gruet 
+Origin: upstream, https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242
+Bug: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2
+Bug-Debian: https://bugs.debian.org/1036706
+Forwarded: not-needed
+Applied-Upstream: edb4b8adc2447bc04e05b9b908195a4bc7926242
+Last-Update: 2023-06-13
+
+--- a/src/main/java/org/sqlite/SQLiteConnection.java
 b/src/main/java/org/sqlite/SQLiteConnection.java
+@@ -13,6 +13,7 @@
+ import java.sql.ResultSet;
+ import java.sql.SQLException;
+ import java.util.Properties;
++import java.util.UUID;
+ import java.util.concurrent.Executor;
+ import org.sqlite.SQLiteConfig.TransactionMode;
+ import org.sqlite.core.CoreDatabaseMetaData;
+@@ -303,7 +304,7 @@
+ }
+ 
+ String tempFolder = new File(System.getProperty("java.io.tmpdir")).getAbsolutePath();
+-String dbFileName = String.format("sqlite-jdbc-tmp-%d.db", resourceAddr.hashCode());
++String dbFileName = String.format("sqlite-jdbc-tmp-%s.db", UUID.randomUUID());
+ File dbFile = new File(tempFolder, dbFileName);
+ 
+ if (dbFile.exists()) {
diff -Nru xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series
--- xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series	2023-02-02 17:16:53.0 +0100
+++ xerial-sqlite-jdbc-3.40.1.0+dfsg/debian/patches/series	2023-06-13 23:10:58.0 +0200
@@ -7,3 +7,4 @@
 skip_OSInfoTest.patch
 tests_without_archunit-junit5_and_some_assertions.patch
 junit-jupiter-params_artifact.patch
+CVE-2023-32697.patch


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1066187: lacks dependency on libblaspp-dev

[Pierre Gruet]

Package: liblapackpp-dev
Version: 2023.11.05-1
Severity: normal

Dear Maintainer,

liblapackpp-dev lacks a dependency on libblaspp-dev.

The latter is needed as
/usr/lib//cmake/lapackpp/lapackConfig.cmake
has a ``find_dependency(blaspp)'' command.

Cheers,

-- 
Pierre


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (90, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#1079341: ITP: itkadaptivedenoising -- Insight Toolkit module for image denoising

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Pierre Gruet 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: itkadaptivedenoising
  Version : 0.0+git20240619.005bd0e
  Upstream Contact: Nick Tustison 
* URL : https://github.com/ntustison/ITKAdaptiveDenoising/
* License : Apache-2.0
  Programming Lang: C++
  Description : Insight Toolkit module for image denoising


This module of Insight Toolkit allows one to denoise an image using a
spatially adaptive filter.


The package is needed as a dependency of ants, which is maintained by the
Debian-med team. It will be team-maintained inside this team.

Bug#1079340: ITP: itkgenericlabelinterpolator -- Insight Toolkit module to interpolate label images

[Pierre Gruet]

Package: wnpp
Severity: wishlist
Owner: Pierre Gruet 
X-Debbugs-Cc: debian-de...@lists.debian.org, debian-...@lists.debian.org

* Package name: itkgenericlabelinterpolator
  Version : 1.2.1
  Upstream Contact: 
https://github.com/InsightSoftwareConsortium/ITKGenericLabelInterpolator/
* URL : 
https://github.com/InsightSoftwareConsortium/ITKGenericLabelInterpolator/
* License : Apache-2.0
  Programming Lang: C++
  Description : Insight Toolkit module to interpolate label images


This module for the Insight Toolkit (ITK) provides a generic interpolator for
label images to interpolate each label with an ordinary image interpolator, and
return the label with the highest value.

This is the idea used by the itk::LabelImageGaussianInterpolateImageFunction
interpolator. Unfortunately, this class is currently limited to Gaussian
interpolation. Using generic programming, the proposed interpolator extends
this idea to any image interpolator. Combined with linear interpolation, this
results in similar or better accuracy and much improved computation speeds on
a test image.


The package is needed as a dependency of ants, which is maintained by the
Debian-med team. It will be team-maintained inside this team.

Bug#1079541: SyntaxWarning while setting up the package: invalid escape sequence '\S'

[Pierre Gruet]

Source: vtk9
Version: 9.3.0+dfsg1-1
Severity: minor

Dear Maintainer,

While setting up the python3-vtk9 package in unstable or testing, one gets the
following message at the "Setting up" phase:

Setting up python3-vtk9 (9.3.0+dfsg1-1+b2) ...
/usr/lib/python3/dist-packages/vtkmodules/util/vtkMethodParser.py:304: 
SyntaxWarning: invalid escape sequence '\S'
  patn = re.compile ("  \S")

Cheers,

-- 
Pierre

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (90, 'unstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.4-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1071019: openturns: please add support for loong64

[Pierre Gruet]

Dear Wuruilong,

On Wed, 14 Aug 2024 06:19:17 + wuruilong  wrote:
> Source: openturns
> Version: 1.23-4
> Followup-For: Bug #1071019
> X-Debbugs-Cc: wuruil...@loongson.cn
>
> Dear Maintainer,
>
> Local verification of the openturns software after the patch is 
merged in does still compile incorrectly. After analyzing and creating a 
patch on the latest software, the error was solved. And also verified on 
another machine, if there is any problem please feel free to contact me.

>
> wuruilong

Thanks a lot for digging further into this matter. I have just uploaded 
openturns with this change!


Best wishes,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1080442: RM: ants [i386] -- ROM; Not buildable on i386 anymore

[Pierre Gruet]

Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@packages.debian.org
Control: affects -1 + src:ants
User: ftp.debian@packages.debian.org
Usertags: remove

Dear FTP team,

As the maintainer of ants, I would like to ask for its removal from unstable
for the i386 architecture.
I uploaded a new upstream version of this package yesterday, and its dependency
insighttoolkit5 is available only on amd64.

Many thanks and best wishes,

-- 
Pierre

Bug#1081033: Please consider switching to the com.github.mwiede:jsch fork

[Pierre Gruet]

Source: jsch
Severity: wishlist

Dear Maintainer,

When working on a rdep of jsch, I stumbled upon
https://github.com/apache/mina-sshd/pull/475
which is an (accepted) pull request of this rdep to switch from the historical,
motionless jsch to an active fork com.github.mwiede:jsch.
Should we in Debian to that move too?

The rdep libmina-sshd-java of jsch began relying on the fork and I patched its
code to have it build against the historical jsch.

Best regards,

-- 
Pierre

Bug#1081033: Please consider switching to the com.github.mwiede:jsch fork

[Pierre Gruet]

Hi tony,

Le 07/09/2024 à 19:19, tony mancill a écrit :

Hi Pierre,

On Sat, Sep 07, 2024 at 12:12:28PM +0200, Pierre Gruet wrote:

Source: jsch
Severity: wishlist

Dear Maintainer,

When working on a rdep of jsch, I stumbled upon
 https://github.com/apache/mina-sshd/pull/475
which is an (accepted) pull request of this rdep to switch from the historical,
motionless jsch to an active fork com.github.mwiede:jsch.
Should we in Debian to that move too?

The rdep libmina-sshd-java of jsch began relying on the fork and I patched its
code to have it build against the historical jsch.


I think we should migrate to the maintained fork, particuarly since it
is a relatively popular package.  Thank you for filing the bug!


And thanks for your comments! :)



Based on the number of rdeps, we might want to treat it as a transition
(of sorts) and start with an upload to experimental.  Do you think we
should provide the com.jcraft:jsch maven coordinates in the new package,
in addition to com.github.mwiede:jsch?  It would probably make the
transition easier.


I agree, both for the passage through experimental and the former Maven 
coordinates in the package.




There are potentially breaking changes in behavior at runtime [1]
related to use of deprecated crypto algorithms, so the sooner the better
if we are aiming to complete this for trixie.


I offer to make the package and send it to experimental (no epoch 
needed!) so that we can check the rdeps. I will do so within a few days 
if you also find it convenient!




Cheers,
tony

[1] 
https://github.com/mwiede/jsch?tab=readme-ov-file#is-this-fork-100-compatible-with-original-jsch-because-the-connection-to-my-server-does-not-work-any-more


All the best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#1079015: Breaks other packages' build: Malformed jar [eclipse-jdt-core-3.35.0.jar] found on classpath

[Pierre Gruet]

Control: reassign -1 libeclipse-jdt-core-compiler-batch-java
Control: retitle -1 Breaks other packages' build: Malformed jar 
[eclipse-jdt-core-3.35.0.jar] found on classpath
Control: affects -1 src:libsis-jhdf5-java
Control: tags -1 - ftbfs

Dear Maintainer,

The latest upload of eclipse-jdt-core causes other packages to ftbfs.
For instance libsis-jhdf5-java builds fine in trixie but not in sid,
and one gets the error message in the build log attached to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079015#5

It seems there is something wrong with the jar file shipped in
libeclipse-jdt-core-compiler-batch-java.

Best,

--
Pierre


OpenPGP_signature.asc
Description: OpenPGP digital signature