Bug#901915: monero: Incomplete debian/copyright?
Quoting Chris Lamb (2018-06-20 10:07:57) > I just ACCEPTed monero from NEW but noticed it was missing attribution > in debian/copyright for at least the gtest code copy and what (looks > like at a quick glance) some imported code under src/ringct/. Thanks, for accepting but also for spotting these licensing issues! gtest code copy I simply forgot to list: Wanted to strip it from source tarball but decided to postpone that cleanup till later, and forgot to then mention it in debian/changelog until then. Done now in git. I fail to locate any omission under src/ringct/. If you mean the references to Sarang Noether then I believe that is mentioned only as author (not copyright holder), and besides seems seems part of copyright holder The Monero Project. If you mean the references to Cryptonote developers then I believe that copyright holder is already properly included in initial Files section. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#901915: monero: Incomplete debian/copyright?
Quoting Chris Lamb (2018-06-20 16:33:17) >> I fail to locate any omission under src/ringct/. If you mean the >> references to Sarang Noether then I believe that is […] > > I'm afraid I can't recall exactly what it was but if there is any > ambiguity whatsoever please clarify this in debian/copyright. > > After all, there was probably /some/ reason why I didn't immediately > understand what was going on and we should fix that in the packaging > (and not document it on bugs like this where it will get lost). I agree that any ambiguity should be reflected in debian/copyright. I am unaware of any ambiguity now (after adding the gtest part), however, and consider this bugreport solved. If you recall/rediscover more info, please do share it here. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#903587: src:linux: FTBFS on arm64: of_mdio module in two packages
Package: src:linux Version: 4.18~rc3-1~exp1 Severity: serious Justification: fails to build from source (but built successfully in the past) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 of_mdio module in two packages on amd64 Hi, buildlogs for experimental¹ hints that amd64 package failed to build: > some modules are in more than one package > debian/nic-usb-modules-4.18.0-rc3-arm64-di > lib/modules/4.18.0-rc3-arm64/kernel/drivers/of/of_mdio.ko > debian/nic-modules-4.18.0-rc3-arm64-di > lib/modules/4.18.0-rc3-arm64/kernel/drivers/of/of_mdio.ko https://buildd.debian.org/status/package.php?p=linux&suite=experimental - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAltGHeEACgkQLHwxRsGg ASEi4hAAmSyghQBrvT1OM08YR91h1YQitcBuQj4uOX8CW0lEwkYvrcjU5zYfzDja e5TUAxfilyrjaaUFLS63xbKZC9hCU+y8/hW7unxqlJpLd2DkENzUGi/H/e/nG1PY cdpGnayOhWErQqiiuvdBAMPM3HhrJZhheAvI9SkDDyPFDjXwKFnT8faB8Cldr7Al i0yHTmkaZphjNvhb+OOLkesfntctPMDMk8chZVCpRrDGRWeQvri1vEuDo36rWl5r /S1eoKq/6mwEwwtGQmDjga2rmo+4f5i2M9v+eBJwN1irYyh8sa3GFeEMnV2Ka4KB ubFtfHXiChjra5vGEG7fO+YokugPs8gIjPBKK7m0YlJY4EMiPZGQpMh0Kq5S50bg +Pz4V8fkv6zL5kDS9NeEIJJ+2NA4jaTR7/NZd0bJHPjR/QmQABaetSKKt9BWHskI tc8dinjIXifnEVG09cHxyrSp9LHfinzS17wXK3Ujq5P3oo1LaI8TfzvFqrUIyW4b U1fDH96AyzjyUghITn3eUoeVI6Ra7PKexqmIYTVH+sMQEMCViHOut2cnLycBlpT5 uhRygYl3RdgtnIFtiU0kVtAYp3kbkeLzZXGZFBvt5btrC8p1VITsamo/K4UB9XhG kno5N65tqeCyGg6MnRUZ4IqOaVsXZQXIN/ac7oF1PRcI6J5Ou7c= =E0Ql -END PGP SIGNATURE-
Bug#908122: fzf: talks about non-documentation use of /usr/share/doc data
Package: fzf Version: 0.17.4-1 Severity: serious -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Long description instructs the user to rely on example files below /usr/share/doc. That is a violation of Debian Policy §12.3: > Packages must not require the existence of any files in > "/usr/share/doc/" in order to function. [6] Any files that are used > or read by programs but are also useful as stand alone documentation > should be installed elsewhere, such as under "/usr/share/package/", > and then included via symbolic links in "/usr/share/doc/package". If files are intended not only as examples, then please ship them below /usr/share/fzf (and adapt the instructions accordingly), or change instructions to include copying the files to somewhere below $HOME. Also, please ship such usage instruction in /usr/share/doc/README, and remove it from long description, as defined in §3.4: > Instructions for configuring or using the package should not be > included (that is what installation scripts, manual pages, info files, > etc., are for). Copyright statements and other administrivia should > not be included either (that is what the copyright file is for). Thanks, - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAluRFaYACgkQLHwxRsGg ASEz5Q/+LuDOguZGfl0ArlXlBi1lNE3hABysVD5EQTNDyai1s3LcEVBhitjYUJ22 YmdTUNb5lMzp96YfICRvem3U8ZtUNdgmrqz/UUuFGISZ/KmG4VPR07R5jxk6vcJs 3fjT1spJm/leFEa3qQWWIljxKG2FLEACwK7aw/sYKpwMeTTJcpY2hLTTbkatiEBk pCb42tsIqjOnVuhZVn8qO9A/AbqY+U2v6vjv/JNJeS0nVY0uwCrEKv78XFTtUyKi er+HVx/6aXfe8JHVQCTnZJCLLWy4RqQQhuC58Vub0pPHFxnmA7I9cMb2A/Hphr5z SYwaGzAGWhbTz4g1G/QwbLdCbDstwtnjNLsTJxeS8dqqdvXY5lMQQtvbotBAScAJ /7vhBTesX3S3oBOz0OuP7p0mPX0r4g/EgoWnn1aStpaJb8/YeSyO0kEgiiYnf6Wx oPZmwXQcwg4X/YwWZE/EF6KkKe3ynAD2tFGZufqV47xnUJuPXrrJ3aELdsHNNJro wafXOcUncRF73n6D00tyh/31Ptrh0CIjN94Ozx3NiIG0BkG4Ljk3hToRaJXHDEWj tTVJ6b4hffjqTZ1xxAPHLOcsZQ6nRcbFZRUEmSs2guWSHT9hpbBqtbz0IYOjPZ6V jAxEoXygX2GbNVX6EPLLUXu4KDKYJy49LdaDAlm3wYRi44qQPZA= =ZOwq -END PGP SIGNATURE-
Bug#876608: [Pkg-sass-devel] Bug#876608: ruby-compass (build) depends on ruby-sass (< 3.5), but 3.5.1-2 is in unstable
Hi Steve, Quoting Steve Langasek (2018-09-11 01:25:28) > > This is unlikely to change, since ruby-compass is dead upstream and > > ruby-sass has moved on. :-( > > So, should the maintainer turn this bug into an archive removal > request? I am fine with killing it. Reverse dependencies exist, however, which I believe need either removal or patching first. See bug#908544. Several reverse recommendations exist too, which I will take care of patching. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#908567: libssl 1.1.1 TLS_MAX_VERSION ABI breakage
Jan-Marek Glogowski wrote: > Qt5 is just the first breaking package - I have no idea, how many > packages use TLS_MAX_VERSION in their code. According to https://codesearch.debian.net/search?q=TLS_MAX_VERSION the following packages mention TLS_MAX_VERSION in source code: * fetchmail * musescore * qtbase-opensource-src * shim * ncrack * globus-gssapi-gsi * openssl * openssl1.0 - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#908735: colord: need to build-depend on argyll
Package: colord Version: 1.4.3-2 Severity: serious Tags: ftbfs -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Build-daemons all fail with a buildlog indicating that "spotread" is missing. That command is provided by the package argyll. Please build-depend on argyll. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAluaMmgACgkQLHwxRsGg ASEyThAAm1PA1pH3xmNKqlsgmTlLDUG2XmPaSrmzm8L8vkOCpqa4mBNQGE6AA8gs deVtovq6OuC/5oGcP45MSEXJOsdJ17UPBen/omKcae3Wb7NY8g9OYF2u9vyHyKL5 BRimQmZo8qvPpl9ns89nycpLjxG34EPvGu1ApHo0NhTU0RQaq9PJRBCtnDtok7Jd Lk29VsfKzGdNLTsRiGZxT4Hf1z4wFN1ckXLAuIWm4dwRZ2rTQpV8iPs1XWbKy+2x BSFeq/ERSzVdnokj2tLwkIEmef21hKM/3ukfWMcEz2gb9hKDkj9rWyY9SDO42KPO bi9+JrguiCK04hXu/Ls+Y0mDf/2/IFocGwtKvI6+TZYvj3bLBc/Iiq/J+HhYs6RL hxmUrbTFZVLDKPNfHabZE2k2ZfRMbshA7tZCMsQ1GwfWKPv0Z3AyCzQcIdP+uMxr H9+yA9Y0qPXa2ZgLMhRH84UGz5xxsa1xz5mzjZL51e4ps+BdyK5TomZaw7sf5nAM q0U2GHngcd2GrVyu7WgJEICciZ5hwKf73J1XaiIinN5jL1NR6VS3yO8A5lO+HZlq nL0tuHr9aWi+EUwoq8QIPvH1ybhYjTNL58dIPYtjaXpTEn+d2Wb9uR1DNlynVuK1 Ys9MB/jQFXGjVpnpIxy6OBxsGcUQnkKlA3yGu2orn4bbiO+W8sw= =haGi -END PGP SIGNATURE-
Bug#907493: Timeout in autopkgtest also in Ubuntu Cosmic with Ghostscript 9.24
Quoting Till Kamppeter (2018-09-14 14:52:28) > On Ubuntu the timeouts in the CUPS autopkgtest do not happen any more > with Ghostscript 9.25 which got released yesterday and is highly > recommended by upstream to fix the regressions in 9.24. Thanks Till, quite helpful! I am working on Ghostscript 9.25, expecting a release later today. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#895320: ps2pdf crashes
A new release of ghostscript is now in experimental. Could you please help test if that succeeds? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Jonas Smedegaard (2018-08-31 01:25:24) > Quoting Paul Gevers (2018-08-29 20:24:49) > > Control: tags -1 moreinfo > > > > Hi, > > > > On 29-08-18 20:20, Jonas Smedegaard wrote: > > > Thanks - that is indeed helpful, but provides only the _cups_ commands. > > > > > > Inside those are some Ghostscript command (and some data) which I would > > > need to check if/what fails with Ghostscript. > > > > Both of them are "ELF 64-bit LSB shared object" so it would help if the > > cups maintainers could help here. > > Do the freshly released experimental Ghostscript release help anything? Another release of Ghostscript is now in experimental. Can someone please test if those autopkgtests still fail? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Paul Gevers (2018-09-15 07:41:54) > On 14-09-18 22:26, Jonas Smedegaard wrote: > > Another release of Ghostscript is now in experimental. Can someone > > please test if those autopkgtests still fail? > > 9.25~dfsg-1~exp1 passed the cups test. > > https://ci.debian.net/data/autopkgtest/testing/amd64/c/cups/994233/log.gz Great! I'll make a release for unstable now. Thanks for all the help to everyone involved! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#895320: ps2pdf crashes
Quoting Jonas Smedegaard (2018-09-14 22:33:14) > A new release of ghostscript is now in experimental. > > Could you please help test if that succeeds? Didn't help. But neither do downgrading to 9.22~dfsg-2.1 in unstable since 2018-04-20. Seems the cause of this is somewhere else than ghostscript. texlive, perhaps? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#718272: [Pkg-bitcoin-devel] Bug#718272: Bitcoin still not ready for stable release in Debian
Quoting Luke Dashjr (2017-11-03 11:25:23) > On Friday 03 November 2017 9:10:37 AM you wrote: >> I believe Bitcoin is now stable enough for stable release. > > Things have only gotten less stable upstream since 2013... Please provide references supporting that. > What is the plan for getting security and protocol change updates > backported to Debian stable? Debian standard procedures for updating stable packages. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#881241: iceweasel-l10n-sl: should recommend hunspell-sl (not transitional myspell-sl)
Package: iceweasel-l10n-sl Version: 52.4.0esr-2 Severity: serious -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 firefox-esr-l10n-sl currently recommends myspell-sl, which is a transitional package pending removal. Please instead recommend hunspell-sl. Severity raised, to match that of affected bug#881235. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAloEFlQACgkQLHwxRsGg ASG8KxAAqKWgBVCifYMbjvY4TiMaHIA4R/DWuY5007PQc20CmPZKBCzTB5971hrH NrJAj2f/hDYpHJO6LfvAQBm7plY1PtYJzkOxt2ojisaLWrNsvQ8idhUvtpw5ty8P W29kwNK/fMn7rFDL3FdywkdyT+zFVkwNqTwTMjrYRfxmhVSnuvU+iBwR4LdnmTXE ah5zjN8g2TWysTUE+YeFz2Mo4DIdWH+FR7Mi1XctnDRTV5XVwkwdWQAJn76mirTa jAGgUcTfJz12keLgURhbNo+Nu91ol1sZ/S1G/6uO44BmU0IWEvS5rhfdVbFw0MbZ dVd+AnOMRlE9SLexHAKDbQe20HI+V4oSv/jJC0KOTJU0IvYbQJPS0quBfCdEtJoK NZd4ucJRt7C5yMQge+ttVFascjxpjqPIoxpuW/Rd0rRp+Caelu6TqsDiJB00uALX YVTTAb5oWZEFoU71yctTkvvq/lebG8FFUdfmUnTkKlMCrUVDFSReZ7wQyKSxejmy FxkjLx/2NGVWmwW3+GICfsmbOXIfrR33MCCcZVEw6zmvJs5YGTXtsGyFvHsTZtyU u9Cu4kJnWswA+JsxgajZtLMuTkQWrkIJ/utOfm6+8+GTuZeerky6Nb7Usgxr/x/8 /01pRL9st41ZDewgwM/IPVuO/QyaFcsnwQaPQM5wWvFC18r68KY= =PJIf -END PGP SIGNATURE-
Bug#874295: clementine: installs non-free plugin at runtime
Quoting Anthony DeRobertis (2017-11-20 21:08:18) > [resending just to -submitter, sorry I messed up the address the first > time.] > > (from Jonas Smedegaard via the bug): > >> One of several functions of Clementine is to stream audio from cloud >> service Spotify. Initially selecting that function triggers a >> routine where Clementine (asks for concent and then) downloads and >> installs a non-free binary driver. >> >> Policy 2.2.1 states that "None of the packages in the main archive >> area require software outside of that area to function." >> >> Clementine should either be moved to contrib, or the Spotify function >> be removed. > > I suggest this isn't a Policy violation. Clementine functions without > the Spotify plugin; e.g., it'll happily play local music files, or > from any of the non-Spotify streaming sources. Yes, and this bugreport is only about the Spotify option: As I wrote just above this bug is resolved if the Spotify function is removed. > Compare to, for example, all web browsers except lynx (and similar). > They all happily and automatically download and execute non-free code > (JavaScript), without any warning whatsoever. And if you turn off > JavaScript, they lose quite a bit more functionality than Clementine > does (I'd go so far as to say they become fairly useless — quite a bit > of the web doesn't work w/o JavaScript). None of our geeral-purpose web browsers "require software outside of [the main archive] to function" as general-purpose web browsers. > Many of them have their own plugin services (at least both Firefox and > Chromium do) that happily install and execute non-free code, again > without any warning (the only warnings they give are about access to > data, browsing history, etc., nothing about freedom). I agree that some web browser addons are problematic too. But the mechanism in the browsers is not specific to non-free code and therefore do not "_require_ software outside [the main archive] to function". > Further, Debian understands software broadly (including, e.g., > data—basically, "not hardware"), not just executables. If this bug > report's reading of policy were correct, Clementine would need to > disable most of streaming music services as the music they provide > doesn't follow DFSG. (And even lynx would have to be removed.) Protocols only able to access non-free services would indeed need to be removed, I believe. But protocols able to access either free or non-free resources are fine. Existence of additional DFSG violations is not an argument that this is not a DFSG violation. > I think it'd be reasonable to make the confirmation dialog explicitly > say that the plugin is not free software. But other than that, which > does not warrant severity: serious, I think this bug should be closed > as not a bug. I disagree. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#845058: [Pkg-fonts-devel] Bug#845058: fonts-noto: Installing the package freezes all graphical applications.
Hi Valentin, Quoting Valentin Lorentz (2016-11-19 23:58:44) > Installing fonts-noto on my computer leads to *all* of my graphic > applications to enter an infinite loop, using all my CPU cores, and > blocking aptitude. This persists until I stop aptitude and remove > fonts-noto. [...] > Running strace on one of the affected processes (mousepad) shows it is > in a loop reading > /usr/share/fonts/opentype/noto/NotoSansCJK-DemiLight.ttc. fonts-noto-cjk is a separate package than the main fonts-noto fonts, and is extremely big - more than 100MB. Could you please try two things: * Give it more time (or tell how much time you gave it already) * Install all but -cjk parts - e.g. using this command: aptitude install fonts-noto fonts-noto-cjk- - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#845058: [Pkg-fonts-devel] Bug#845058: fonts-noto: Installing the package freezes all graphical applications.
Quoting Jonas Smedegaard (2016-11-20 11:06:26) > Quoting Valentin Lorentz (2016-11-19 23:58:44) > > Installing fonts-noto on my computer leads to *all* of my graphic > > applications to enter an infinite loop, using all my CPU cores, and > > blocking aptitude. This persists until I stop aptitude and remove > > fonts-noto. > [...] > > Running strace on one of the affected processes (mousepad) shows it is > > in a loop reading > > /usr/share/fonts/opentype/noto/NotoSansCJK-DemiLight.ttc. > > fonts-noto-cjk is a separate package than the main fonts-noto fonts, and > is extremely big - more than 100MB. > > Could you please try two things: > > * Give it more time (or tell how much time you gave it already) > * Install all but -cjk parts - e.g. using this command: > aptitude install fonts-noto fonts-noto-cjk- Could you please look into the above, Valentian. I now reassigned this bug to fonts-noto-cjk, as that is more likely to be the cause of this than fonts-noto. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#845568: alsaplayer-esd: no audio - apparently emits audio to stdout
Package: alsaplayer-esd Version: 0.99.81-1+b1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 aplsaplayer-esd apears to connect properly with pulseaudio but is silent and emits massive noise (the raw audio?) to stdout. - Jonas - -- System Information: Debian Release: stretch/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJYNyt7AAoJECx8MUbBoAEha4MP/2ft9MKPo7LPgyUHarFOsi8U KcRPzy8uVPW8QbaB6+IciN8qXg+WoiMCKDO3lpg0JCcxebv58uxIXy8e/h/yIqlx CNQDMnqZXN6/c3ZkgG7/3Bs4bJZzbo6tC/qTtL3hty2g4PPwxkLvumrqBvcU1Nic ck4WPBxvEnod76ddnlTnUhp7Su1KpA6lE5/wpBOlfbl5qxj9nXP7NpjW5/Y0dRPd PDfDee4C1846gozVkw4tukDafRQqnPeow9XNyGta1CP/zng+DKT7F88ZzZhXJoMG xhREnIW3wTIhEYNUC5QAJLRnxIWQYAb3pcVU+NNs5/EIDpoDFVdrN0x2UPK7xPk+ 63gLW9YoaZemWPDYoFfUH7PkKLwtYn15NOFbMKt/FYzZxwlftYmWP1KtWKNfInWq DzjvRGkUTm6EcdrptRnjDT4rXt9Zf5MHWBK62iLTcggDzr6Yw+gw96Z/v3Fsfi3w GXn4tmNjeIT31tm+BLL0dmzXTp3UFG/n0HMoFfvWcFCVZ/D/rB/DtY3kxwK2RiIM WHwuChNAlwI6opV6Fuyy0JunAOyX+S+zTcKNwemB1hE/hF2RoOdnjn0Bh8CcuglD xCEP6FrSOmMB+x+HfAQo+4x6+8HvUjQfFUp03BeaB4gmRHkHXzarbRiQiqkGNclI 3D2Wb8ZoZfaXtPrBxWYC =nxJd -END PGP SIGNATURE-
Bug#845568: alsaplayer-esd: no audio - apparently emits audio to stdout
Quoting Jonas Smedegaard (2016-11-24 19:03:41) > aplsaplayer-esd apears to connect properly with pulseaudio but is > silent and emits massive noise (the raw audio?) to stdout. NB! Bug is specific to the -esd package: alsaplayer-alsa works fine. Perhaps the bug really is in libesd or pulseaudio-esound-compat? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable
Control: tags -1 help Quoting Moritz Muehlenhoff (2019-02-10 14:47:49) > None of the security bugs filed in the BTS has seen any maintainer > followup (dating back to 2017 in some cases), and that's just the tip > of the iceberg, the security tracker lists many more. > > Unless someone steps forward and commits to properly maintain it > during the lifetime of a stable release, let's not include it in > buster. Thanks for raising this concern. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#919373: kannel: FTBFS with mariadb-10.3: gwlib/utils.c:602:14:
Quoting Faustin Lammler (2019-01-17 22:17:07) > Control: forwarded -1 https://redmine.kannel.org/issues/795 > > Hi, > This seems to be a bug (see > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919395#36): > > > error: 'MYSQL_SERVER_VERSION' undeclared > > > > this looks like a bug. MYSQL_SERVER_VERSION is documented here: > > https://dev.mysql.com/doc/refman/5.5/en/c-api-server-client-versions.html Thanks, Andreas and Faustin. In case others get confused same as me: This seems to be a but not in kannel but in mariadb, in that it fails to implement the MySQL spec. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#922878: Bug #922878 in librdf-ns-perl marked as pending
Control: tag -1 pending Hello, Bug #922878 in librdf-ns-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/librdf-ns-perl/commit/395cbcad3844b88ae83fa277adae0cd3426e993c Add patch 1001 to fix allow example namespace. Closes: Bug#922878. Thanks to Gregor Herrmann. (this message was generated automatically) -- Greetings https://bugs.debian.org/922878
Bug#922457: [Pkg-fonts-devel] Bug#922457: fonts-roboto-hinted: update broke reverse-dependencies without notice
Quoting Andrej Shadura (2019-02-21 18:58:22) > Hi, > > On Sat, 16 Feb 2019 12:53:58 +0100 Markus Koschany wrote: > > Dear maintainer, > > > > the recent upload of fonts-roboto broke reverse-dependencies like > > renpy because you removed or renamed previously installed files in > > fonts-roboto-hinted. I find that less than optimal given that we have > > entered the soft freeze for Debian 10. Please revert this change or > > provide the missing files again. > > I’m sorry to have caused this. Could you please be more specific about > where and how those files are used? > > Unfortunately, the upstream no longer provides hinted files, and even in > the previous release the hints were outdated, so anything depending on > the presence of those files should stop depending on them and instead > depend on the unhinted fonts. This seems to indicate that several packages now have broken symlinks due to the change: https://codesearch.debian.net/search?q=roboto%2Fhinted I believe that either all of those packages should have an RC bug filed against them, or (simpler, this late in freeze) fonts-roboto-hinted should provide symlinks to corresponding unhinted files. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#919373: kannel: FTBFS with mariadb-10.3: gwlib/utils.c:602:14:
control: reassign -1 libmariadb-dev-compat control: affects -1 kannel control: retitle -1 libmariadb-dev-compat: lacks MYSQL_SERVER_VERSION causing FTBFS Quoting Jonas Smedegaard (2019-02-18 20:54:04) > Quoting Faustin Lammler (2019-01-17 22:17:07) > > Control: forwarded -1 https://redmine.kannel.org/issues/795 > > > > Hi, > > This seems to be a bug (see > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919395#36): > > > > > error: 'MYSQL_SERVER_VERSION' undeclared > > > > > > this looks like a bug. MYSQL_SERVER_VERSION is documented here: > > > https://dev.mysql.com/doc/refman/5.5/en/c-api-server-client-versions.html > > Thanks, Andreas and Faustin. > > In case others get confused same as me: This seems to be a but not in > kannel but in mariadb, in that it fails to implement the MySQL spec. ...and therefore reassigning to libmariadb-dev-compat. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#923042: node-handlebars: Prototype Pollution allowing an attacker to execute arbitrary code
Source: node-handlebars Version: 3:4.0.10-5 Severity: grave Tags: security upstream -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 At https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 this is reported: > Affected versions of this package are vulnerable to Prototype Pollution. > Templates may alter an Objects' prototype, thus allowing an attacker to > execute arbitrary code on the server. All releases of handlebars older than 4.0.13 should be affected. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxxVXoACgkQLHwxRsGg ASGoEA/+NGvVunzYs3SvvZRC8SaGuV8s3I9BolYz9w5/HA2jks61I0QPKL+NioOC Ky9+4X0nIQcsotu3eOJe3q7abbRrSdILO00RmvFsoHlHeSBYqQB+FoAG439QyNmb vzPaJ0cU2h+WujuCZxRI2kl0xcUzchHq2iEqJW2aueEuxhdOAPCrykzDWo6bL8FU mknTpLeukJ7Ownj7H3XbT8z2pFZ1Pv2sq4UsMEcu6FljGec9qWm1Ohn0qq9WQYrP a2zhQpF77QhDDUEBVP/HeQTx4In8RetM4Iim3XH93KG5j1VY8R+2pVbynbMWbk6c C6h1vm6hezmtiuJtw6p5oy5Kda1/waxFaIUfCHIF9DhdTV2ZY74MapdC2e8HAD9g iKq9Eq2P+OYMBkGRbcAvOcUQgpX4dJWihelv1DJQJWYbYCJaG+hTUd+S0cHakfLa +IdiZ3h4dVUmIuWKV1fmUhUBWnr7mHTPLe4tiIQqqD3T51zIUO1xMu953L0xprH2 UdESnJG4ySryK06SKaljtfXRz3WlsPrPGTJu2LYN9Y6xEugu+dm3heqdxnv8Ek4A P2rrPWlULbUI9Rk8lkcFiNLNeS7zzHflcp2qY02CLN8zSGkaBIVf/RKnhSO624pA lV0BTfNiEk2tGAYV8vN/TOcZQb1gQRdT0qoFgU63bQaVvDS7gig= =JfmR -END PGP SIGNATURE-
Bug#923042: node-handlebars: Prototype Pollution allowing an attacker to execute arbitrary code
Quoting Jonas Smedegaard (2019-02-23 15:15:25) > All releases of handlebars older than 4.0.13 should be affected. Possibly only 4.x versions are affected - according to this: https://github.com/wycats/handlebars.js/issues/1495 - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#923358: libdist-inkt-perl: Stuffs full path into tarball
Package: libdist-inkt-perl Version: 0.024-4 Severity: grave Tags: upstream Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The command distinkt-dist is completely useless: Produces tarballs containing full path (not paths relative to build dir), and then fails. Upstream bug: https://github.com/tobyink/p5-dist-inkt/issues/3 - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlx1smkACgkQLHwxRsGg ASEZZQ//bezI9dlU6dqAp9wJyDw9yc1gDyy6k0VMqs61Ku28PPC5642BE+5HqZu4 69KFGTJVL8zU7lL29PJYBnoonKNWAVXJ0b0fGjcs5MpJXq+fU3dCoALCbThPxLzP ccfVzcdj+UkI7NZ8C3nVOfvEGBQn+20AFhX6uPKEMhSyC8AUHoAvKInbiy1VpIc6 ZUg9UyQhfTqNmO0y++bcxNMdu1lALnRZXlxXnAuqH7pTB+DSTYwOGsjLSZ8tY4IO thKo8y6vXiqW5pvM4+lJjnKkcCHdM36FhHB3/UwHIjacNgIQf5rAzduHYP0SwBlA 0JyFW08Nc7sLfuUqmJia+mTOX+wnPgn5bSM5ew9HsyiBBbM2aKo/WSD+98DMAKCT 2vWVFgD67Bz2R71vZB1ZAo3x5g2FZUgbE5UXB64/++M89yEZpdnspcLrOSZdZHRt uCwc3ej8Gv/zAMPHe/fx106IlE/9FbHLb0W929+JHtBCH+kTKn0crTpPyVnd7tV3 QFnXWan3D6pFBLkhTkrYEbs47pseFf1MdNC00SLSacYUa0GV3kWT0a0RSYivN+nt X3zyX8I1KfJ6fHeB428A2RNgyNzAJTaZT0rJbeMV3/FiwSagjVG3CXVaVaJkGvkx ZB0HHTLTKGujDlK06c+R+d6cWN6w7CgprWt619VnrRi8lHoZ6F8= =jYh7 -END PGP SIGNATURE-
Bug#923558: [Parl-devel] Bug#923558: debian-parl: FTBFS (Not a blessed reference)
Quoting Santiago Vila (2019-03-02 09:53:24) > On Sat, Mar 02, 2019 at 03:06:30AM +0100, Jonas Smedegaard wrote: > > Version: 1.9.18 > > Hello Jonas. I built such version this morning and this is what I got: > > Can't locate List/MoreUtils.pm in @INC (you may need to install the > List::MoreUtils module) Ouch! That's a new bug that crept in. Fixed now in release 1.3.0-2 of boxer - new releases of debian-parl and debian-design will follow... Thanks! > which matches what happened in reproducible-builds.org: > > https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/debian-parl_1.9.18.rbuild.log.gz > > How did you manage such error not to happen here? > > https://buildd.debian.org/status/package.php?p=debian%2dparl It is a build daemon run by Debian. I didn't "manage" it. I did test before I uploaded - but evidently this bug was missed by that testing. Yes I built in a clean root locally and inspected the result before uploading to Debian, if that's what you really meant to ask here. > Are there extra packages in the chroot that should not be there? > (If yes, can you tell whoever is responsible to clean the chroot?) Try ask those questions to the buildd admin. Should be advertised somewhere on the website you pointed to who that is. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#923558: [Parl-devel] Bug#923558: debian-parl: FTBFS (Not a blessed reference)
Quoting Jonas Smedegaard (2019-03-02 10:40:20) > Quoting Santiago Vila (2019-03-02 09:53:24) > > On Sat, Mar 02, 2019 at 03:06:30AM +0100, Jonas Smedegaard wrote: > > > Version: 1.9.18 > > > > Hello Jonas. I built such version this morning and this is what I got: > > > > Can't locate List/MoreUtils.pm in @INC (you may need to install the > > List::MoreUtils module) > > Ouch! That's a new bug that crept in. Fixed now in release 1.3.0-2 of > boxer - new releases of debian-parl and debian-design will follow... Seems no action is needed for debian-parl and debian-design after all, for this new bug. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#923358: libdist-inkt-perl: Stuffs full path into tarball
reassign -1 perl retitle -1 perl: breaks libdist-inkt-perl thanks Quoting Jonas Smedegaard (2019-02-26 22:41:00) > The command distinkt-dist is completely useless: Produces tarballs > containing full path (not paths relative to build dir), and then > fails. > > Upstream bug: https://github.com/tobyink/p5-dist-inkt/issues/3 Seems to be a bug not in libdist-inkt-perl but in recent perl - or one of the libraries upgraded in lockstep with perl. Testsuite does not reveal the bug (it is quite minimal). The following, however, should prove that the bug is not in libdist-inkt-perl itself, as it succeeds on stretch but fails on buster: apt install libfile-chdir-perl libpath-finddev-perl libmoose-perl liblist-moreutils-perl libtype-tiny-perl libtypes-path-tiny-perl libpath-iterator-rule-perl libnamespace-autoclean-perl libdata-dump-perl libsoftware-license-perl libmodule-cpanfile-perl libtext-sprintfn-perl libcpan-changes-perl librdf-doap-lite-perl dget http://deb.debian.org/debian/pool/main/libd/libdist-inkt-perl/libdist-inkt-perl_0.024-4.dsc cd libdist-inkt-perl-0.024/examples/p5-acme-example-dist/ PERL5LIB=../../lib perl ../../script/distinkt-dist - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#923358: libdist-inkt-perl: Stuffs full path into tarball
Quoting Niko Tyni (2019-03-02 14:44:38)
> On Sat, Mar 02, 2019 at 01:45:19PM +0100, Jonas Smedegaard wrote:
> > reassign -1 perl
> > retitle -1 perl: breaks libdist-inkt-perl
> > thanks
>
> I don't think this worked. Presumably you forgot to bcc
> control@bdo.
Yes.
> But never mind that, I think it's libdist-inkt-perl that needs
> to change. See below.
Oh, ok. I'll cancel my composing a "bts" command, then :-)
> > Quoting Jonas Smedegaard (2019-02-26 22:41:00)
> > > The command distinkt-dist is completely useless: Produces tarballs
> > > containing full path (not paths relative to build dir), and then
> > > fails.
> > >
> > > Upstream bug: https://github.com/tobyink/p5-dist-inkt/issues/3
> >
> > Seems to be a bug not in libdist-inkt-perl but in recent perl - or one
> > of the libraries upgraded in lockstep with perl.
> >
> > Testsuite does not reveal the bug (it is quite minimal). The following,
> > however, should prove that the bug is not in libdist-inkt-perl itself,
> > as it succeeds on stretch but fails on buster:
> >
> > apt install libfile-chdir-perl libpath-finddev-perl libmoose-perl
> > liblist-moreutils-perl libtype-tiny-perl libtypes-path-tiny-perl
> > libpath-iterator-rule-perl libnamespace-autoclean-perl libdata-dump-perl
> > libsoftware-license-perl libmodule-cpanfile-perl libtext-sprintfn-perl
> > libcpan-changes-perl librdf-doap-lite-perl
> > dget
> > http://deb.debian.org/debian/pool/main/libd/libdist-inkt-perl/libdist-inkt-perl_0.024-4.dsc
> > cd libdist-inkt-perl-0.024/examples/p5-acme-example-dist/
> > PERL5LIB=../../lib perl ../../script/distinkt-dist
>
> It looks like this is due to this Archive-Tar change:
>
> 2.28 08/06/2018 (madroach, ARC, OCBNET, ppisar)
> - allow archiving with absolute pathnames - fixes 97748
Yes, that matches my finding that Dist::Inkt breaks with the commit
https://github.com/jib/archive-tar-new/commit/a00e0 which landed in 2.28
and has a commit messages smelling like it is above change indeed.
> Dist::Inkt::BuildTarball() puts absolute file names in the generated
> archive, then renames them to relative ones.
>
> $tar->add_files($abs);
> $tar->rename(substr("$abs", 1), "$pfx/".$abs->relative($root));
>
> This is relying on Archive::Tar having removed the first slash,
> which is no longer a valid assumption.
>
> I expect Dist::Inkt needs to adapt. Once that is done, we should
> probably add a Breaks on the perl side for older versions. Please
> file a separate bug about that.
Thanks for the very helpful hints.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
Bug#923358: Bug #923358 in libdist-inkt-perl marked as pending
Control: tag -1 pending Hello, Bug #923358 in libdist-inkt-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/libdist-inkt-perl/commit/5ee3933b44fb856925d70d2d5ce409cfa9ee09af Add patch 2001 to fix avoid absolute paths with Archive::Tar 2.28 and newer. Closes: Bug#923358. Thanks to Kjetil Kjernsmoe and Niko Tyni. (Build-)depend on recent perl providing Archive::Tar 2.28 or newer. (this message was generated automatically) -- Greetings https://bugs.debian.org/923358
Bug#854535: uwsgi: dpkg-buildpackage fails due to open with O_TMPFILE
Quoting Jonas Smedegaard (2017-02-12 21:30:32) > Hi Nobuhiro, > > Quoting Nobuhiro Iwamatsu (2017-02-09 05:09:39) > >>> This error is caused by updated libc6. > >>> The changelog in libc6(2.19-18+deb8u6) says as follows. > >>> > >>> - Fix open and openat functions with O_TMPFILE. Closes: #832521. > >>> > >>> I found a fix to this issue in upstream. > >>> > >>> https://github.com/unbit/uwsgi/commit/f6e5db93d8344d7f09ee5304394136d6f5cd7a38 > >> > >> Thanks a lot both for reporting this and locating upstream fix for > >> it. > >> > >> This was fixed in Debian with the release of 2.0.10-1. Closing > >> accordingly. > >> > >> - Jonas > > > > Thanks for your work, but we want to fix this bug with *stable*. > > Could you fix this bug and upload to stable as 2.0.7-1+deb8u1? > > I tried - before closing - to follow the procedure to get a fix to > stable. But seems the bugreport I filed about that got lost. > > I don't have time to look into it now - please go ahead, anyone. Ah, my attempt at following procedure _did_ succeed, and now had a bit of progress: See bug#854621. I will act on this. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#854535: [pkg-uWSGI-devel] Bug#854535: uwsgi: dpkg-buildpackage fails due to open with O_TMPFILE
Quoting Nobuhiro Iwamatsu (2017-02-20 17:33:14) > Hi, > > 2017-02-20 5:58 GMT+09:00 Jonas Smedegaard : > > Quoting Jonas Smedegaard (2017-02-12 21:30:32) > >> Hi Nobuhiro, > >> > >> Quoting Nobuhiro Iwamatsu (2017-02-09 05:09:39) > >> >>> This error is caused by updated libc6. > >> >>> The changelog in libc6(2.19-18+deb8u6) says as follows. > >> >>> > >> >>> - Fix open and openat functions with O_TMPFILE. Closes: #832521. > >> >>> > >> >>> I found a fix to this issue in upstream. > >> >>> > >> >>> https://github.com/unbit/uwsgi/commit/f6e5db93d8344d7f09ee5304394136d6f5cd7a38 > >> >> > >> >> Thanks a lot both for reporting this and locating upstream fix for > >> >> it. > >> >> > >> >> This was fixed in Debian with the release of 2.0.10-1. Closing > >> >> accordingly. > >> >> > >> >> - Jonas > >> > > >> > Thanks for your work, but we want to fix this bug with *stable*. > >> > Could you fix this bug and upload to stable as 2.0.7-1+deb8u1? > >> > >> I tried - before closing - to follow the procedure to get a fix to > >> stable. But seems the bugreport I filed about that got lost. > >> > >> I don't have time to look into it now - please go ahead, anyone. > > > > Ah, my attempt at following procedure _did_ succeed, and now had a bit > > of progress: See bug#854621. > > > > I will act on this. > > Thanks for your great work! Thanks. Your feedback is much appreciated - as is your original bugreport! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#855846: repo: requires software outside of the distribution to function
Package: repo Version: 1.12.37-1 Severity: serious Justification: Policy 2.2 From the package description: > repo is an unusual tool because it downloads all of its own Python > modules using GPG-signed git tags, and stores those files as part of > the project that it is working with. So this package just provides > the wrapper script, which provides the GPG signing keys for verifying > that the correct Python code was downloaded. Debian Policy § 2.2.1 says: > [...] must not require or recommend a package outside of _main_ for > compilation or execution Debian Policy § 2.2.2 says: > The _contrib_ archive area contains supplemental packages intended to > work with the Debian distribution, but which require software outside > of the distribution to either build or function. I can only read this as repo (in its current form) belongs in contrib, not main. - Jonas
Bug#855846: [Android-tools-devel] Bug#855846: repo: requires software outside of the distribution to function
Quoting Hans-Christoph Steiner (2017-02-22 16:49:03) > Its more vague than that. repo clones a git repo for each source repo > that it manages, so it becomes something like the stuff in the .git/ > subdir for git repos. That functionality comes entirely from what's > packaged in Debian. If you say that the code packaged for Debian does _not_ download code, then I guess this bug can be transformed into a minor bug about long description being wrong (it should reflect the _package_ not upstream, if those differ). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#828726: [Build-common-hackers] Bug#828726: cdbs: Please readd DEB_PYTHON(3)_MODULE_PACKAGES variable
Quoting Laurent Bigonville (2017-02-23 17:44:21) > On Fri, 15 Jul 2016 18:06:26 +0200 Jonas Smedegaard wrote: >> Please include as a minimum the *symptoms* when reporting a bug. >> Suggestions for a fix (or workaround) is appreciated too, but don't >> forget to define the bug. :-) >> >> (I could be wrong: If so then please reopen - and point me to some >> actual breakage) > > I forgot to reply to this bug. > > The system-config-printer package is using DEB_PYTHON3_MODULE_PACKAGES > to tell cdbs to call dh_python3 on packages that are not starting by > python3-* and this is definitely not working anymore. > > This seems to be a behavior change of cdbs that breaks at least one > package. You point out "definitive" breakage while I ask for _actual_ breakage. If system-config-printer fails to build from source then please file a severe bugreport against system-config-printer *with* *build-log* and tag it as depending on this bug. Then we have something concrete to work with. Looking briefly it seems system-config-printer wrongly declare DEB_PYTHON3_MODULE_PACKAGES _after_ including the CDBS snippets. I'd be surprised if that ever worked as intended. When DEB_PYTHON3_MODULE_PACKAGES was introduced with cdbs 0.4.90 in december 2010, it came with the following note: > NB! override needs to be done _before_ including this file! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#856024: molly-guard: causes failure to update systemd-sysv
Package: molly-guard Version: 0.6.4 Severity: serious On an ARM system bootstrapped from Stretch yesterday, today failed to update systemd-sysv: Setting up systemd (232-18) ... addgroup: The group `systemd-journal' already exists as a system group. Exiting. (Reading database ... 40888 files and directories currently installed.) Preparing to unpack .../systemd-sysv_232-18_armhf.deb ... Unpacking systemd-sysv (232-18) over (232-15) ... dpkg: error processing archive /var/cache/apt/archives/systemd-sysv_232-18_armhf.deb (--unpack): trying to overwrite '/sbin/halt', which is also in package molly-guard 0.6.4 Errors were encountered while processing: /var/cache/apt/archives/systemd-sysv_232-18_armhf.deb This seems quite similar to bug#837928. Filing separately as I believe this (instance of a common) issue is so severe that in my opinion it is better to release _without_ molly-guard than status quo. - Jonas
Bug#858195: compass-bootstrap-sass-plugin: Wrong install path, and code not registered with Compass
Package: compass-bootstrap-sass-plugin Version: 3.3.5.1-3 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The most basic way to initialize a Compass project using this library should be using the following command: $ compass create --using bootstrap That fails, however: No such framework: "bootstrap" Inspecting package contents it turns out that Sass files are shipped twice, none of them below /usr/share/doc/compass-bootstrap-sass-plugin as explected: * compass-bootstrap-sass-plugin includes them below /usr/share/compass/frameworks/bootstrap-sass * ruby-bootstrap-sass ships them below /usr/share/ruby-bootstrap-sass/assets The correct path would be /usr/share/compass/frameworks/bootstrap - i.e. without the -sass suffix. Adapting the simplest Compass command for the renamed project path gets further but still fails: directory fonts/bootstrap/ directory javascripts/ directory javascripts/bootstrap/ directory sass/ directory stylesheets/ create config.rb create sass/styles.scss create sass/_bootstrap-variables.scss create javascripts/bootstrap.js create javascripts/bootstrap.min.js create javascripts/bootstrap-sprockets.js create javascripts/bootstrap/carousel.js create javascripts/bootstrap/popover.js create javascripts/bootstrap/scrollspy.js create javascripts/bootstrap/modal.js create javascripts/bootstrap/transition.js create javascripts/bootstrap/button.js create javascripts/bootstrap/alert.js create javascripts/bootstrap/collapse.js create javascripts/bootstrap/tab.js create javascripts/bootstrap/tooltip.js create javascripts/bootstrap/dropdown.js create javascripts/bootstrap/affix.js create fonts/bootstrap/glyphicons-halflings-regular.svg create fonts/bootstrap/glyphicons-halflings-regular.eot create fonts/bootstrap/glyphicons-halflings-regular.woff create fonts/bootstrap/glyphicons-halflings-regular.woff2 create fonts/bootstrap/glyphicons-halflings-regular.ttf error sass/styles.scss (Line 2: File to import not found or unreadable: bootstrap-compass. Load paths: Compass::SpriteImporter /usr/local/src/COUCH/omni/styling./sass /usr/share/compass/frameworks/compass/stylesheets /usr/share/compass/frameworks/blend-modes/stylesheets /usr/share/compass/frameworks/blueprint/stylesheets /usr/share/compass/frameworks/bootstrap-sass/stylesheets /usr/share/compass/frameworks/breakpoint/stylesheets /usr/share/compass/frameworks/color-schemer/stylesheets /usr/share/compass/frameworks/fancy-buttons/stylesheets /usr/share/compass/frameworks/h5bp/stylesheets /usr/share/compass/frameworks/layoutgala/stylesheets /usr/share/compass/frameworks/normalize-scss/stylesheets /usr/share/compass/frameworks/sassy-maps/stylesheets /usr/share/compass/frameworks/singularitygs/stylesheets /usr/share/compass/frameworks/slickmap/stylesheets /usr/share/compass/frameworks/susy/stylesheets /usr/share/compass/frameworks/toolkit/stylesheets /usr/share/compass/frameworks/yui/stylesheets) Compilation failed in 1 files. This next failure is due to the ruby code is not registering the path with Compass, requiring to do that explicitly: $ compass create --using bootstrap-sass --require bootstrap-sass That works. In short, this Compass library is installed in the wrong path, and its ruby code is not registered with Compass. - Jonas - -- System Information: Debian Release: 9.0 APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages compass-bootstrap-sass-plugin depends on: ii ruby 1:2.3.3 ii ruby-bootstrap-sass 3.3.5.1-3 ii ruby-compass 1.0.3~dfsg-4 ii ruby-sass3.4.23-1 Versions of packages compass-bootstrap-sass-plugin recommends: ii ruby-compass 1.0.3~dfsg-4 compass-bootstrap-sass-plugin suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- iQIyBAEBCAAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAljOvB8ACgkQLHwxRsGg ASHPXg/4pCgZCtjXnF5SmdLYvPOhAQs11cx/tHiqtqgOHJakrALAQynPXI/BZ1n6 xFVJnHjQLaHRyO1AppdNOr5uGmxCmXssbypLqn4KmmrYernCRMgeNntuKNt2auY5 ztjLL9UTcguswzoC7xSkN/ZGzwD+XQiBLL4d0icPjL+45uqYu09WEDq2rmO4se7e urM0FzUztPTUUu+zA+Vb6WScKuYUXHbM4SycBtCgQk51NPi7rgZW1nFDV2T0TJW1 YqvUCOJ/SOxS0vvMSLZIgeWHMqYSIqWq1LbAJYUMkkQ9UoBwNs+UWjdz3na8Pp/Y 9HXSkpqFpLDrEoWPlYMnzzzSLfzLAvkaJuiQ15oP8Uh0P+vmabh1HxF1HsKj3HYk 7l5xNihUcfk0OvZyOTLAtCH0uuW/8JhmqDqoB6O05uKhaG41DPzmcDKQmCYaJgTB pFX+ek/iz4lBCbcxe8cw0bkN4sArIQ3utxiN50b10XqXqAKt7YipnHza/G9LQH+T q4ie1Yfvs0JHKKmXr10UCdHt88zFoAleCbzWBD+AzGpzA5zEKBH7S5PNqj/haHVl 5pC3uhkt2q0mpGffX9oKYhqm0/olJeUi7ngAMn1jccbBqyVmUMKSkh4llpNNX/dD qMzuxQTzQ8+tq/hyNDquzpuIVb24Q
Bug#905844: git-remote-hg: crash with recent mercurial: argument must be a string or a number, not 'changectx'
Package: git-remote-hg Version: 0.3-2 Severity: grave Tags: upstream Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After a recent update to mercurial, attempts at syncing fails: LC_ALL=C git fetch upstream-git searching for changes no changes found ERROR: int() argument must be a string or a number, not 'changectx' fatal: stream ends early fast-import: dumping crash report to .git/fast_import_crash_12488 fatal: Error while running fast-import It seems to be this upstream issue: https://github.com/felipec/git-remote-hg/issues/72 - Jonas - -- System Information: Debian Release: buster/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8), LANGUAGE=da_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages git-remote-hg depends on: ii git1:2.18.0-1 ii mercurial 4.7-1 ii python 2.7.15-3 git-remote-hg recommends no packages. Versions of packages git-remote-hg suggests: pn git-doc - -- no debconf information -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlttn7oACgkQLHwxRsGg ASF7uA//baOG8EdUMmM/TsBbSCBzCdYvsKo5PY29MeTyvhMWRhKGzKVwwoKs2C20 TCchG9J18T1U4fo1YE4igISAbwXhDlbm6JENFx1PnDwW+gZUkHSDs9awGfppnVMI eJAY762m/KW6ZaXdnkyUERJU+wT7jBtD1kbWoLdOcBev1zlzJ28cIUDUFtnOEEx3 +vw9gu6wv4VhTLPIx5i4OFiXYepDz3I/ClG6NU6ol7o94v8e72myo0J1QomxnssO 8/FOd2OqZk/JU9TOlH8QSu2D50hV06UmlBYr+NDmwS9L+B/9Tx9RHn7fvW4/Joce N63ISPQ6OiiK3HBRWhL1ULD1/jkgclbaEcYYQ0qJxWGZiE36PBu66hMYWtq95rxv QKfwbg3oamyYb4YaGkeYRgJROKtLR7vrqDbxAzX/ByaYYZX21cprHS8i2BUN4RI4 pe2ifG/mQFij/RG7df6igUBrz0MGGJC7FjNnk9t1U6NBqDMEjx7p8R2nJerVC5En qicsiRbCoTN9xZ7ulnIobKXuPMwSofz00hcFMUgVif22Q+g+Cu0FQ7Z665MakLHK Jm+SFvJfXcSYMzF2ridwrhjsBaoOPWku6/VsN4g5JgcdNb1LE2NgD491GvkF/LZL 8HoJ3dPqQq6XjKXEbARVCYlzMfaAWeYh7D35gpvKoyy5R88K7X0= =rT1r -END PGP SIGNATURE-
Bug#906036: r-cran-webshot: should depend on phantomjs
Package: r-cran-webshot Version: 0.5.0-1 Severity: serious Justification: Policy 3.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - From upstream README.md: > Webshot also requires the external program PhantomJS. > You may either download PhantomJS from its website, > or use the function `webshot::install_phantomjs()` > to install it automatically. The package should either depend on phantomjs, or (because then relying on external code) be moved to contrib. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAltxhwsACgkQLHwxRsGg ASGdTA/+MVlQzhGaqBorjE5zjijH8ZArjNnRXv8x8LYf9Vabi1XsznpSX7i5yQGm 5PvGalYBK8VA04ftZuswmDV6yShzvRf4PWhTPm2I91OPKstsLc9Q6/RPU8GrkOnG M+lSUbylnW2gG8CCNPIbxb2ATh3yi684wDbThzBxAs3UNdroKrhO/SCJ4baD6+m0 Qsnhy+FW/zoo7qCo0B2kgKukcpGjGh7N5s3/1BL112w/g5co3oBWfyLTtOW8Xk9R xwJ4QcY+LTM08ZZzyeP3qjqO/6HAZyRu/2XgmWodGRI8BOjaTFsNe2XPYLwY39tW 2jIrO2fGZO57phLlWsI5e5B/Kmdiq6HOsqxP+4RExpDtutJ0MGbHwiHE9svdkItr jV/E9t4wmLCuripr8ihSGKQTWMzqAAJE6TOTU0oqTUSABaYQLaeZAfSMVvXh9eZr OgASDjWczTLgHNAE8iDdIPD8jreeXUXTUisv12PZBHBxgEfZWAee4VWcj+DLgMiK AeNR11X0WZZo4EZMqE2NnnquKvxh6olPacOZrIn2IAjJO6WkFi4hHq8z7IU37K74 gIg4iGHGbr15iZgKvJITPjhLX+Dbo8Rr86gL/YwNu6FJbjstguxiT8hWb3aJV7EI RxpLiRIlp89ZwuGLIGV6dk0GD3BGMFEIXAxgEq8PR6oL3fBROM0= =OUBx -END PGP SIGNATURE-
Bug#873747: astroid segfault on startup when config is available
Hi Abhijit, Can you please test if this issue still persist with 0.13? Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907332: ghostscript has a new code execution issue, even when used with -dSAFER
Quoting Salvatore Bonaccorso (2018-08-26 21:55:14)
> Hi,
>
> On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> > Tavis Ormandy disclosed a new ghoscript security issue, leading directly to
> > code
> > execution: http://openwall.com/lists/oss-security/2018/08/21/2
>
> There are actually several issues, see the whole thread. For now since
> you filled this bug will track all those with this bug entry. Proper
> evaluation though is still pending (and Moritz is taking care of
> strech, adding this note to dsa-needed file ("needs some research on
> issues found by Tavis").
>
> See
>
> https://www.kb.cert.org/vuls/id/332928
>
> the current set of fixes:
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
Also http://git.ghostscript.com/?p=ghostpdl.git;h=0b6cd19
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Control: tags -1 + moreinfo Quoting Graham Inggs (2018-08-29 00:56:49) > Control: severity -1 serious > Control: found -1 ghostscript/9.22~dfsg-3 > > Hi Jonas > > I'm bumping the severity of this bug to prevent ghostscript from > migrating until the cups autopkgtest regression has been investigated. Thanks for reporting, Paul, and for blocking, Graham. It would be most helpful if someone could dig out from that convoluted ci-in-cups test the actual ghostscript command causing cups to hang. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Paul Gevers (2018-08-29 19:58:37) > Control: tags -1 - moreinfo > > On Wed, 29 Aug 2018 09:41:37 +0200 Jonas Smedegaard wrote: > > It would be most helpful if someone could dig out from that convoluted > > ci-in-cups test the actual ghostscript command causing cups to hang. > > Looking here: > https://sources.debian.org/src/cups/2.2.8-5/debian/tests/cups/ > > it runs: > /usr/share/cups/test-drivers > > As the log ends with: > * Driver drv:///sample.drv/dymo.ppd > - Create test printer: done. > - Print test job with /usr/share/cups/data/topsecret.pdf: > > I guess it successfully runs this command > /usr/sbin/lpadmin -p $DUMMY_PRINTER_NAME -E -m $driver -v > file:///dev/null > and fails with this command: > rid=$(/usr/bin/lp -d $DUMMY_PRINTER_NAME $file | sed -e > 's/^.*request id is \(.*\) (.*)$/\1/g') > > where > DUMMY_PRINTER_NAME=test-printer0 > driver=drv:///sample.drv/dymo.ppd > file=/usr/share/cups/data/topsecret.pdf > > Is that enough for you to continue? Thanks - that is indeed helpful, but provides only the _cups_ commands. Inside those are some Ghostscript command (and some data) which I would need to check if/what fails with Ghostscript. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Paul Gevers (2018-08-29 20:24:49) > Control: tags -1 moreinfo > > Hi, > > On 29-08-18 20:20, Jonas Smedegaard wrote: > > Thanks - that is indeed helpful, but provides only the _cups_ commands. > > > > Inside those are some Ghostscript command (and some data) which I would > > need to check if/what fails with Ghostscript. > > Both of them are "ELF 64-bit LSB shared object" so it would help if the > cups maintainers could help here. Do the freshly released experimental Ghostscript release help anything? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Didier 'OdyX' Raboud (2018-08-31 15:36:09) > Le vendredi, 31 août 2018, 01.25:24 h CEST Jonas Smedegaard a écrit : > > Do the freshly released experimental Ghostscript release help anything? > > It doesn't seem to, unfortunately. :-( > > To reproduce the issue; just run this as root: > /usr/share/cups/test-drivers > > Surprisingly; it will fail when testing the _second_ printer, always. > Also, it doesn't seem to get fixed with the ghostscript from testing. > > There's something fishy here, but I can't say with certainty that it's > ghostscript's fault :-( Uhm, if the ghostscript in _testing_ causes that test to fail, then this bug should *not* block the ghostscript in unstable to enter testing!!! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#907493: ghostscript breaks cups autopkgtest: test times out
Quoting Jonas Smedegaard (2018-08-31 15:43:28) > Quoting Didier 'OdyX' Raboud (2018-08-31 15:36:09) > > Le vendredi, 31 août 2018, 01.25:24 h CEST Jonas Smedegaard a écrit : > > > Do the freshly released experimental Ghostscript release help anything? > > > > It doesn't seem to, unfortunately. :-( > > > > To reproduce the issue; just run this as root: > > /usr/share/cups/test-drivers > > > > Surprisingly; it will fail when testing the _second_ printer, always. > > Also, it doesn't seem to get fixed with the ghostscript from testing. > > > > There's something fishy here, but I can't say with certainty that it's > > ghostscript's fault :-( > > Uhm, if the ghostscript in _testing_ causes that test to fail, then this > bug should *not* block the ghostscript in unstable to enter testing!!! Let me try again - I see that my previous message could easily be perceived as aggressive: Not intended at all. Sorry! Thanks, Odyx, for checking against the various versions of Ghostscript. Currently¹ I cannot (easily) setup a CUPS testing environment, so would appreciate if someone else can confirm if the version now in testing _also_ causes this same failure - and if so then please help ensure that this issue does not block the security fix now in unstable to enter testing. - Jonas ¹ I am at MMMfest, a week long festival near Paris. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#915426: git breaks git-remote-hg autopkgtest
I can do yet another NMU to fix this, but am hesitating as I worry if that will masquerade a lack of responsive maintenance. Please tell if it is sensible that I take over maintenance of this package, or join as co-maintainer, or however is appreciated. Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#910292: transition: libsrtp0-rm
Quoting Bernhard Schmidt (2019-01-03 19:12:38) > Hi, > > > Considering that your rdep is indirectly kde-standard, you should imho > > ask for removal from testing only once kopete is fixed… > > FTR, kopete is fixed and I've filed Bug#918136 for the removal of > src:srtp from testing. Great! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#918456: [Pkg-javascript-devel] Bug#918456: marked as done (nodejs: Buffer deprecation warning to stderr makes many tests fail)
Control: reopen -1 Control: severity -1 important Quoting Debian Bug Tracking System (2019-01-06 11:39:09) >* Patch to silence buffer deprecations. Closes: #918456. > This patch is meant to ease migration to testing, and to be > removed as soon as possible. > It avoids printing to stderr deprecation warning about > calling Buffer as a constructor without the new operator. Let's reopen but lower severity, as arguably this is only a temporariy workaround and should (as indicated in above changelog entry) soon be addressed properly. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#918652: Bug #918652 in leaflet marked as pending
Control: tag -1 pending Hello, Bug #918652 in leaflet reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/leaflet/commit/9f5dd593796d24b063f9fa7ff4d1c5dd3071ccb2 Fix clean temporary directory. Closes: Bug#918652. Thanks to Andreas Beckmann. (this message was generated automatically) -- Greetings https://bugs.debian.org/918652
Bug#873016: [Pkg-javascript-devel] Bug#873016: node-lodash-packages: not preferred form for source: Should be built from node-lodash
Quoting Ivo De Decker (2019-01-12 17:18:02) > On Wed, Aug 23, 2017 at 11:41:28PM +0530, Pirate Praveen wrote: > > On ബുധന് 23 ആഗസ്റ്റ് 2017 11:33 വൈകു, Jonas Smedegaard wrote: > > > Package: node-lodash-packages > > > Severity: serious > > > Justification: Policy 2.1 > > > > I do not think the root issue is serious, but only important. > > > > > The source package node-lodash-packages does not contain the > > > source form preferred for editing by upstream. Instead, upstream > > > documents how the contents of that code is generated from the > > > sources included in Debian in the source package node-lodash. > > > > Adding a build dependency on node-lodash would be enough for the > > policy requirement. > > No it wouldn't. You need to actually generate the code instead of > shipping the pregenerated code from upstream. Not doing that is a > serious bug. If you think this is easy to fix, please do so. If not, > this package should be removed from testing. Relevant part of Debian Policy §2.1: The program must include source code Build-depending on another package while using prebuilt code is argually permitted (but then discourage in other sections, with less strong words than "must"), but only if ensuring that in fact the distributed code was once built from this exact version of code in the build-depended on package. I find it disgusting that you try find loopholes in policy, Praveen, instead of following the spirit of Debian Policy which is to distribute source, and build only from that distributed source (avoid distributing pre-built/pre-miified/pre-whatever code). Please fix this properly! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#919523: Bug #919523 in libmodule-install-readmefrompod-perl marked as pending
Control: tag -1 pending Hello, Bug #919523 in libmodule-install-readmefrompod-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/libmodule-install-readmefrompod-perl/commit/3fafad886e0d6610d5da4d8ef3610760326d6371 Add patch 1001 to avoid bogusly testing if PDF file contains only unix newlines. Closes: Bug#919523. Thanks to Santiago Vila. (this message was generated automatically) -- Greetings https://bugs.debian.org/919523
Bug#919595: zsnapd: must be in contrib as it depends on contrib package
Package: zsnapd Version: 0.5.2-1 Severity: serious Justification: Policy 2.2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 zsnapd depends on zfsutils-linux, which is in contrib. Debian Policy § 2.2.1 says: > In addition, the packages in *main* > > * must not require or recommend a package outside of *main* for > compilation or execution (thus, the package must not declare a "Pre- > Depends", "Depends", "Recommends", "Build-Depends", "Build-Depends- > Indep", or "Build-Depends-Arch" relationship on a non-*main* package > unless that package is only listed as a non-default alternative for > a package in *main*), Please move zsnapd to contrib. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxAxMoACgkQLHwxRsGg ASHgJxAAgY68xpUJvi+9DjRLnUM7H9jt+x5/lhamaa2Del1YEakhIk9m4yctYAWm 3YI+aODptqAlY21kBDDB+ekRxjIBQCYSpBUp7bXdWCCMjGDMYIWpFq/T8BixsLmq LB08YTuvbP5xc3xTjngeP9pGe+51nmRlCliUE/dkjhgSNDp21dKzNrHnuMjaYzI6 pPPsDiRWpusVKEgFRBrrx4IICQk0Q6zyDdXfy0ZBwyvm7x9cxikohYK76PZ7vOVJ 0XijHJC9dtDDumIIOxqsRvdRtumh7VRErnAoG73HW/7/ERvZDoGlfGAB/xvsaW0U foxxJkK/P7vNCEVCNpQ67/SD+U4OkCXk2oaB+E/BcVC5EF2KGpP0O7syisXM3MBE pNc0+l7GgqD6CChT+RAMuhU1nWxpTNfv8xL6w/Y6rewZT/uEtNF3sNGp+Gj/OtXP e8nZyDS9C2XS5jWtjy0dwdkw0zO2kd2W4mECpXzgORpBDATE7cI4ApkUlltb1Wo6 5w9EP/yx/OU1ItNbS+ijOtwtQNkBv0guawL1FE1NI5IIQWCUA1OUjC7UUSoRz1+2 YBDgCehnvOmFFGQYb7UOAW9MhiYk9urK/fduDIgMYZZOOzroqyknHnGsnZK+IEJ9 dl713UH3oJLnMH2DGWfGhiVnYQiiIU0ZLQ9jxmjyWKI1tK8t3ms= =8DoW -END PGP SIGNATURE-
Bug#919650: Bug #919650 in libmoops-perl marked as pending
Control: tag -1 pending Hello, Bug #919650 in libmoops-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/libmoops-perl/commit/2d70ea8be7eaac0e8749e300faf5780be0e2a351 (Build-)depend on libperlx-defines-perl libstrictures-perl. Closes: Bug#919650. Thanks to Andreas Beckmann. (this message was generated automatically) -- Greetings https://bugs.debian.org/919650
Bug#919651: Bug #919651 in libperlx-define-perl marked as pending
Control: tag -1 pending Hello, Bug #919651 in libperlx-define-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/libperlx-define-perl/commit/b45cd0917d90357741f27b51c3eba090d262be60 Fix break and replace older libmoops-perl. Closes: Bug#919651. Thanks to Andreas Beckmann. (this message was generated automatically) -- Greetings https://bugs.debian.org/919651
Bug#919732: Bug #919732 in node-es6-shim marked as pending
Control: tag -1 pending Hello, Bug #919732 in node-es6-shim reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-es6-shim/commit/2647da59dac3ce5002e02f606376c7787d39f0e2 Fix build-depend on node-uglify (not uglifyjs). Closes: Bug#919732. Thanks to Santiago Vila. (this message was generated automatically) -- Greetings https://bugs.debian.org/919732
Bug#919651: libperlx-define-perl: missing Breaks+Replaces: libmoops-perl (<= 0.034-1)
Quoting Andreas Beckmann (2019-01-19 17:55:40) > you added B+R against non-existing libmoops instead of libmoops-perl. Oh my - thanks for persisting! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#919651: Bug #919651 in libperlx-define-perl marked as pending
Control: tag -1 pending Hello, Bug #919651 in libperlx-define-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/libperlx-define-perl/commit/3d694342803a044d7378dbd61a8a467328bafb49 Really fix break and replace older libmoops-perl (not bogus libmoose). Closes: Bug#919651. Thanks to Andreas Beckmann. (this message was generated automatically) -- Greetings https://bugs.debian.org/919651
Bug#920188: broken: required library Popper.js missing
Package: libjs-bootstrap4 Version: 4.2.1+dfsg-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Bootstrap4 requires Popper.js, but package libjs-bootstrap4 is built with it. Solution is to package node-poppler.js and have libjs-bootstrap4 be compiled with that library embedded. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxHJ4MACgkQLHwxRsGg ASFTEA//blmuivBYm/arNvdICF6JcWpAJZoIGnptUSSrhL64WuekXGEPhz1WAc6V CFOpoTjP/GjrYqWJ2xvNdYX/IlN2rIhaB2Y0Eb6IbZyKbDawokT7HanPIKlBDrEL lp6Bh42qozgF6gyPHZYbD2I/3j9692uHdYWOasYPKblSaZv7pwfiFJ00IrTNkZOU z8XkecQ6yYPXHIkvdkL3GaW3aA8+/vv9l/g6kvVY/JXN3pPZJh8I9T58TrXsVp8u TdIUNOO3XcXl51J4vhg2xktN4pvp81/fhbOffHUhmZaICb3yF88IDYqIuQMoRSyb ZA6Nj+m9X15rDVD4m0RXC0OypSOt5SCZwDe9ZCLFxU1UDjG+t0pEvkgycVvbHocC aU4D4U6gHrxYs58rn7P8h45FqYMOy8NIRalJ8x97+qtghmciQ6pKEQavk/WdKt7j L0KUJWHXzZUAjeuuvKac2XEEkWg6dwJefEZi5aTIg00iiUYGYLM3kT6DowRWDGSE 0HLFB2ZJHK/YUbDwaOtUy/av/4daUhopPPJz21eHGdgX5x/NIlT+l87fSv5oz/yK ADIVwZLG+2NaiO6huwETIMj6uzA7R3hPBBcN6zDVaLUtqjBzmi/BTZnfkZ0EqVH3 HbK+vpkfpXrThmVCg7npyf7zHSqsIK/45ah0PTwhnUVI84IsMso= =J6Tc -END PGP SIGNATURE-
Bug#916921: radicale: upgrade to 2.x breaks compatibility with 1.x without any prior warning
control: tags -1 help Quoting Jonas Smedegaard (2018-12-20 17:03:46) > Quoting Bernard Massot (2018-12-20 15:02:12) > > On Debian unstable, Radicale was just upgraded from 1.x to 2.x. Only > > after upgrading did I realize that my calendars were not available > > any more. > > > > As stated on https://radicale.org/1to2/, upgrade to 2.x forces you > > to use Python 3, and thus to upgrade mod_wsgi as well. I was using > > Python 2 version of mod_wsgi only because it was the default version > > and it wasn't causing any problem (Radicale was my only WSGI > > application). Moreover, Radicale 2.x can't even use 1.x data files. > > You must export your files *before* upgrading. > > > > The Debian package silently ignores all these issues. I think there > > should be warning messages and a ad hoc prerm kind of script. > > A NEWS entry was intended to be in place, but evidently was missed. > > Raising severity to not enter testing without that in place. Thanks! I worry that a NEWS entry is (certainly needed but) not enough, since the result of missing that note may render user data practically inaccessible. My plan is therefore to add a mechanism like the one in mailman package which checks in preinst script and warns if stale queue files exist, with the option on aborting the install or continuing regardless. Time is running out, however, and I could dearly use some help isolating and adapting that mechanism (preferrably with limited changes to user-facing texts to limit the burden on translators). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#915426: git breaks git-remote-hg autopkgtest
Hi Jonathan (cc Jeremy and the bugreport), Quoting Jonathan McCrohan (2019-01-25 02:02:37) > Jeremy, Jonas, > > Please accept my apologies for the tardy response on this. I've been afk > for a couple of months due to life events. > > On Wed, Jan 23, 2019 at 07:28:55PM -0500, Jeremy Bicha wrote: > > Could you please reply to Jonas' message? The deadline for > > git-remote-hg to re-enter Testing to be in this year's Debian 10 > > "Buster" release is February 12. > > > > Wed, 02 Jan 2019 13:50:54 +0100 > > > I can do yet another NMU to fix this, but am hesitating as I worry > > > if that will masquerade a lack of responsive maintenance. > > > > > > Please tell if it is sensible that I take over maintenance of this > > > package, or join as co-maintainer, or however is appreciated. > > Thanks for the previous NMU. I am happy to work on fixing up the > FTBFS, but because I am not a DD, I would need a sponsor to upload for > me. > > Given the circumstances, and the impending freeze, it might make more > sense for you to take over as maintainer if you are willing to do so. > > Let me know what you think. First of all, great to hear from you. Life is certainly more important than anything happening in Debian! I hope all is fine on that front, and if you ever need a shoulder or an ear from a stranger then please don't hesitate to grab hold of me privately. Seriously, you are welcome, day and night - my contact info is below if needed! As for package maintenance, my preference would be that I add myself as Uploader and we maintain the package in collaboration - meaning we each work on it as much as we like and find time for (don't stress!), and nudge the other when/if needing a review or an upload. Personally I find this better than sponsoring, and hope you agree. Concretely, would you like to have a go at preparing a package release now, or do you prefer that I do that? If fine with you, then I would prefer that you do as much as possible, because I have involved myself in quite a few places, now fighting for attention here close to freeze :-) I am really happy that you responded, Jonathan, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#886664: [Pkg-javascript-devel] Bug#886664: fixed in node-d3-timer 1.0.7-4
Quoting Xavier (2019-01-25 18:14:38) > Le 25/01/2019 à 17:39, Santiago Vila a écrit : > > found 886664 1.0.7-4 > > thanks > > > >>[ Xavier Guimard ] > >>* Remove timeout based tests (Closes: #886664) > > > > Hi. Sorry for the reopening but this does not seem fixed: > > > > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/armhf/node-d3-timer.html > > > > Thanks. > > Hello, > > Javascript is an asynchronous language, so many tests are timeout > based, but deb machines are so slow that we have to patch many > packages to increase delays... How do you mean they are "timeout-based"? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#920749: popper.js: contains generated code uncertain if fully included as source
Source: popper.js Version: 1.14.6+ds-1 Severity: serious Justification: Policy 2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Source package contains several files (seemingly all of them) below which does not excist in upstream version tracking and therefore are not in the form preferred upstream, and more importantly may include other code than the actual source below . - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxPP8IACgkQLHwxRsGg ASFK1hAAriXMDCIrGsMdyAicI0pRWZ5nWGeeQa0Sn5WLev+PFE9GcuykxDVQtdv5 0tVfziLSg9l66YNjc0nzxsPMChX0emu2LmJXXJltpX816NkrmwZUBg0xuJleZ3zl 2DTTBmmE3rvS9WJ+qjtcTM8r/YtosWwXXqooTe+MVaKaD9mQWC63iak8NYUc27pW rduq11FOzalZHW4jOcLorYA1PrfaUr67JGNWNPZCkcKm9KPAN0Z9sjhofmkEqKXP A+06IwxVgfK9PiijScSSWKzQSVfCi1RF5nMJciDWMJmUePDu7+9vSyxaJJcsQcBt aWau9Hy/Akb0J/SRdMV6fS8mhTo2xF5SDEDjxxp7X3AZ8vn9EdnQFvdFrbsIoj5d 4TinMiZfgexMy8Asve2tGRUOszDsyVEMziNopI40yslSIq3RYXrlSAu/Mh0mt/l4 fmdZXcqlsnS8XtT5iNHBxjQ+e/wliIxATz7qztBhjoV1uHkUmO8YvzJyFJu38aVv AEu2LXHf2vpGHcwUKaqXnen+PDeCOGg+j5OsAI6g/NfSlaxTid6ZUojZUK+mVCw9 2v1rQyR3BHGatNabaE31tXnRSZO5EOFG4nTs5rQDgxQIpWFgwWgwPFSysPBNE8Fh OwDSFkfX/gfCXebygXRTbQP2MQ+M9WrDxkZ5JJfIybgGhNXu6j8= =Ndgg -END PGP SIGNATURE-
Bug#920749: [Pkg-javascript-devel] Bug#920749: popper.js: contains generated code uncertain if fully included as source
Quoting Xavier (2019-01-29 07:41:40) > Le 28/01/2019 à 18:45, Jonas Smedegaard a écrit : > > Source: popper.js > > Version: 1.14.6+ds-1 > > Severity: serious > > Justification: Policy 2.1 > > > > Source package contains several files (seemingly all of them) below > > which does not exist in upstream version tracking and therefore > > are not in the form preferred upstream, and more importantly may include > > other code than the actual source below . > > > > - Jonas > > Upstream author does provide dist/* files in release commits (example: > https://github.com/FezVrasta/popper.js/commit/b1144cdbcb5b5ab20d281a6083ecdce475a54af1) > > and remove them from master at next commit. Yes, upstream ships pre-generated code. Sorry that I was sloppy and my initial email could be read as "this bug is that upstream did not at all commit those files to git" - what I meant to say is "this bug is that upstream seems to not intend for those files to be their preferred form for their own source editing". > This generated files are readable javascript files, unminified and > well commented (a sort of webpack of packages/* files). Yes, pre-generated code is readable (a.k.a. beautified not minified). Readability of pre-generated code is irrelevant for this bug. What is relevant is that source is provided for everything we distribute. Simplest way to ensure that is to not include pre-generated code with source. There are other ways too, but looking for loopholes is _more_ complex and _easier to do wrong. > To reproduce build, many dependencies are needed. So the choices are: > - doing nothing, twitter-bootstrap4 will be removed from buster with >all its reverse dependencies > - package many new modules (I've no time to do this) > - decrease this severity issue Yes, reproducing upstream build is likely too complex. There are other options, however: - stitch things together in a creative new way - roll back to an earlier release with less complex build routines > NB: upstream build can be reproduce only using yarnpkg, failed with npm: > $ yarnpkg install > $ yarnpkg build I fail to see how it is relevant for this bug: We use deb _instead_ of either of those packaging systems! (a _helper_ tool like npm2deb might have been handy and might fail here, but that is unrelated to this bug) - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#920858: twitter-bootstrap4: contains generated code not included as source
Source: twitter-bootstrap4 Version: 4.2.1+dfsg1-1 Severity: serious Justification: Policy 2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Source package contains below several files embedding code from external project fileOverview Kickass, without source included. Thanks to Xavier for noticing (although only as comment in copyright file). - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxQws0ACgkQLHwxRsGg ASHW+A//ZeD9o9J69NnfOMBYLDRmX7LLSFrzcBpN9UUjIpjL0gcUuvzYBBVftXea LQKrAYwspymsSOaA9yUImVB3U812zsuZOLcB7wXOJcuMAEIRs1NM8+vkQM0n28Sp xu1WmADBmUKOoWpwstlwYwiTAr2T82Fb1zUSDgiw/zUiOZnVZZIGBN6ei9HJBKpx QwICTAuIVO1vovpGnrFNas4kbi0xvEQOUW5tFxo28R9gXSukEOEJWrU6EXjD4njb xc8mxH49774VL8lmKpo/vA+aWQ29xrw4uMT1uuSIY/0LP6nU/cpYh5OBSbSrDZxo BqLMpZIfx+sVhomP/sbCalKGJ8fsyl2bNn+nGXioXp5gTG1CUrDtHc8TT/3EI7z+ YN2tL5hnMeUvsI+sxeY0/SXB0Q5vHHPrR2FOmULdFVf52yAVivTjvyzrwOkAnTeR RTi+K866ayM9A6bkV3n5yVaOqa9DO/WIa20LApRCZ7QDz5IpkBNKvcz92ZlaZzpG iTy7pdxop+ynjp2bme493gdW4pxzuOw7M0OhK2h+8VX7gD9Yr9GcCozJoccHp28T SMTS6L4NgOEWAPWYicxWwYdRRAmE90PZx7QrJWmCna0OlZJIHhv70rfxGNIHdxkK j6uzLVcMq4X12klIh5BQlIXkGYMFJdn07Gi7AdO6KTT80Vyv8BM= =7bXE -END PGP SIGNATURE-
Bug#920858: [Pkg-javascript-devel] Bug#920858: twitter-bootstrap4: contains generated code not included as source
Quoting Xavier (2019-01-30 22:26:57) > Le 29/01/2019 à 22:17, Jonas Smedegaard a écrit : > > Source: twitter-bootstrap4 > > Version: 4.2.1+dfsg1-1 > > Severity: serious > > Justification: Policy 2.1 > > > > Source package contains below several files embedding code from > > external project fileOverview Kickass, without source included. > > > > Thanks to Xavier for noticing (although only as comment in copyright > > file). > > > > > > - Jonas > > I succeed to build source, but this needs: [snip] This bugreport tracks twitter-bootstrap4 violating Policy in shipping code without source. For discussing packaging of that source in a separate package, please file an ITP bugreport (or an RFP bugreport if you don't intent on doing the work yourself), and let's discuss packaging issues there. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#920858: [Pkg-javascript-devel] Bug#920858: twitter-bootstrap4: contains generated code not included as source
Quoting Xavier (2019-01-30 22:54:53) > Le 30/01/2019 à 22:34, Jonas Smedegaard a écrit : > > Quoting Xavier (2019-01-30 22:26:57) > >> Le 29/01/2019 à 22:17, Jonas Smedegaard a écrit : > >>> Source package contains below several files embedding code > >>> from external project fileOverview Kickass, without source > >>> included. Just a clarification: Name of external project is Popper.js: "fileOverview" is just a marker, and "Kickass" is first word of Popper.js short description. > >> I succeed to build source, but this needs: > > [snip] > > > > This bugreport tracks twitter-bootstrap4 violating Policy in > > shipping code without source. > > > > For discussing packaging of that source in a separate package, > > please file an ITP bugreport (or an RFP bugreport if you don't > > intent on doing the work yourself), and let's discuss packaging > > issues there. > Also is it OK if I remove dist/bootstrap.bundle.* in Files-Excluded ? Sorry, I don't understand your question. What do you mean by "also"? Did I miss some previous conversation that this is an addition of? Are you asking if it is ok to violate Debian Policy here? Or is your question a different one? Please try rephrase... > Note that "fileOverview Kickass" is provided by popper.js It seems it _is_ Popper.js - see above. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#888903: [Pkg-javascript-devel] Bug#888903: Bug#888903: jsbeautifier, node-js-beautify: both ship /usr/bin/js-beautify
Quoting Paolo Greppi (2019-01-31 09:19:59) > Il 31/01/19 01:15, Jérémy Lal ha scritto: > Currently they have the same homepage, but different upstream tarballs. > python-jsbeautifier watches pypi: > https://salsa.debian.org/debian/python-jsbeautifier/blob/debian/master/debian/watch > whereas we watch github: > https://salsa.debian.org/js-team/node-js-beautify/blob/master/debian/watch It is one upstream _project_ with one upstream _source_ - but upstream distributes that source via the language-centric _distributions_ pypi and npm. We are an OS-wide distribution and should therefore hook onto upstream _source_ but use upstream source _tarballs only when sensible - e.g. if they provide multiple almost-sources conflicting with each other then we should untangle that mess (just as we may need to untangle other mess like inclusion of third-party sources, inclusion of pre-generated code, too tight relationships, etc.) - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#888903: [Pkg-javascript-devel] Bug#888903: 888903
Quoting Sébastien Delafond (2019-01-31 09:08:38) > To me the straightforward solution here is not dpkg-alternative, but > what Ivo recommended, since it only involves modifying *one* package. The underlying issue is that the "js" in python-jsbeautifier stands for JavaScript, and python-jsbeautifier fail to properly expose the JavaScript part of the project as a shared library! The straightforward solution is for python-jsbeautifier to also build libjs-beautify and node-beautify! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#920858: [Pkg-javascript-devel] Bug#920858: twitter-bootstrap4: contains generated code not included as source
Quoting Xavier (2019-01-31 08:27:57) > Le 30/01/2019 à 23:47, Jonas Smedegaard a écrit : > > Quoting Xavier (2019-01-30 22:54:53) > >> Le 30/01/2019 à 22:34, Jonas Smedegaard a écrit : > >>> Quoting Xavier (2019-01-30 22:26:57) > >>>> Le 29/01/2019 à 22:17, Jonas Smedegaard a écrit : > >>>>> Source package contains below several files embedding code > >>>>> from external project fileOverview Kickass, without source > >>>>> included. > > > > Just a clarification: Name of external project is Popper.js: > > "fileOverview" is just a marker, and "Kickass" is first word of > > Popper.js short description. > > > > > >>>> I succeed to build source, but this needs: > >>> [snip] > >>> > >>> This bugreport tracks twitter-bootstrap4 violating Policy in > >>> shipping code without source. > >>> > >>> For discussing packaging of that source in a separate package, > >>> please file an ITP bugreport (or an RFP bugreport if you don't > >>> intent on doing the work yourself), and let's discuss packaging > >>> issues there. > > > >> Also is it OK if I remove dist/bootstrap.bundle.* in Files-Excluded ? > > > > Sorry, I don't understand your question. > > > > What do you mean by "also"? Did I miss some previous conversation that > > this is an addition of? > > > > Are you asking if it is ok to violate Debian Policy here? Or is your > > question a different one? Please try rephrase... > > That's not what I said. Sorry for putting words in your mouth. What did you (mean to) say? > Anyway Jérémy found a way to patch this "grave policy violation". Yes, and that is great. I am still interested in understanding what you intended to say above. > In the same way, should you open a similar bug to any of the packages > which embeds bootstrap? Yes. I should, you should, we all should. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#888903: [Pkg-javascript-devel] Bug#888903: 888903
Quoting Sébastien Delafond (2019-01-31 12:25:05) > On Jan/31, Jonas Smedegaard wrote: > > The underlying issue is that the "js" in python-jsbeautifier stands > > for JavaScript, and python-jsbeautifier fail to properly expose the > > JavaScript part of the project as a shared library! > > > > The straightforward solution is for python-jsbeautifier to also build > > libjs-beautify and node-beautify! > > I unfortunately do not have the available bandwidth to work on that, and > I'm not also not particularly interested in maintaining any node-* > stuff. > > I'm however totally fine with someone taking over python-jsbeautifier > and doing just that. Fair enough. I have no problem handling the Python parts of this project. We can have the source package node-js-beautify provide the Python parts, then! @Sébastien: You are of course more than welcome to help out in any way you want with the (upcoming) Python part of that node-js-beautify! I suggest this way forward: 1) Release node-js-beautify to unstable with no executable at all 2) Release node-js-beautify to experimental adding python package 3) Release node-js-beautify to unstable when 1) is in testing I am quite busy elsewhere today, so if others can handle 1) it would be great! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#918283: Bug #918283 in librdf-query-client-perl marked as pending
Control: tag -1 pending Hello, Bug #918283 in librdf-query-client-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/librdf-query-client-perl/commit/431ef56b42bbedbc373b9e915d1396ba633258dc Stop build-depend on, and suggest (not recommend) libhttp-lrdd-perl. Closes: Bug#918283. Thanks to Adrian Bunk. (this message was generated automatically) -- Greetings https://bugs.debian.org/918283
Bug#918284: Bug #918284 in librdf-trine-serializer-rdfa-perl marked as pending
Control: tag -1 pending Hello, Bug #918284 in librdf-trine-serializer-rdfa-perl reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/perl-team/modules/packages/librdf-trine-serializer-rdfa-perl/commit/44ba0b752e41beb44efe3bdd3b1f9af3ee00d9de Add patch 2001 to avoid RDF::RDFa::Parser unfit for stable release. Stop build-depend on librdf-rdfa-parser-perl. Closes: Bug#918284. Thanks to Adrian Bunk. (this message was generated automatically) -- Greetings https://bugs.debian.org/918284
Bug#791250: Do you need any help for pugixml
Quoting Andreas Tille (2015-08-16 13:15:53) > On Sat, Aug 15, 2015 at 11:04:31PM +0530, Vasudev Kamath wrote: >>> do you see any chance to fix this soonish or do you need help. I'd >>> volunteer to inject a fix into collab-maint git or upload NMU if you >>> want me to. >> >> If you can that would be great!. I'm already working on ctpp2 so I'm >> not sure if I would manage pugixml this week itself. (I can get free >> time for Debian mostly on weekends.) > > Could some of you (ping Jonas?) please double check what I commited to > Git? I think it fixed things up to debian/control.in but I have no > idea by what magic you create debian/control. It is not created when > trying > > $ debian/rules debian/control > sed -e 's/__LIBPKGNAME__/libpugixml1/g' -e > 's/__LIBPKGNAMEv5__/libpugixml1v5/g' debian/control.in > > Please either enlighten me how to create debian/control or may be you > simply create it and the result should work. Please read README.source. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#791250: Do you need any help for pugixml
Quoting Andreas Tille (2015-08-16 14:46:04) > On Sun, Aug 16, 2015 at 02:20:08PM +0200, Jonas Smedegaard wrote: >>> >>> $ debian/rules debian/control >>> sed -e 's/__LIBPKGNAME__/libpugixml1/g' -e >>> 's/__LIBPKGNAMEv5__/libpugixml1v5/g' >> >debian/control.in >>> >>> Please either enlighten me how to create debian/control or may be >>> you simply create it and the result should work. >> >> Please read README.source. > > Sorry this does not explain how to create d/control. Yes it does (after the part about you not needing to care about CDBS). > (If not I'll leave the package as is for its real Maintainer who > probably knows.) Thanks for your help so far. This discussion is less helpful, so we take it from here. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#791250: Do you need any help for pugixml
Quoting Andreas Tille (2015-08-17 10:23:19) > > > On Mon, Aug 17, 2015 at 12:30:23PM +0530, Vasudev Kamath wrote: > > > > DEB_MAINTAINER_MODE=1 fakeroot debian/rules debian/control > > Very halpful - so I added this to README.source and uploaded a > fixed package. Your change to README.source is not helpful in my opinion, so I have reverted that. You uploaded to unstable, but I believe this should go to experimental first. I am now building a non-NMU targeted experimental. Thanks for your help, Andreas - but please cancel the NMU. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#791250: Do you need any help for pugixml
Quoting Jonas Smedegaard (2015-08-17 11:24:42) > You uploaded to unstable, but I believe this should go to experimental > first. I just learned (in bug#791305) that upload directly to unstable was perfectly fine. Sorry - no need for you to cancel that anyway. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#795758: libmessage-passing-perl: FTBFS under some locales (eg. fr_CH.UTF-8)
retitle 795758 libmessage-passing-perl: occationally fails t/role_connectionmanager.t tests 12-13 severity 795758 important thanks Quoting Chris Lamb (2015-08-18 22:19:35) > > Are you sure it's a locale issue? I can't reproduce it here. > > Ah, damn. I "reproduced" it by switching locale and back but, of course, > I could have magically hit the timing issue. > > Thanks for looking into this. Thanks for reporting! I have now tried fixing but failed - and asked upstream for help. Seems this only happens sporadically so I have taken the liberty of lowering severity. Please do comment if you think that is wrong. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#850688: ruby-pdf-reader: contains non-free Adobe AFM fonts
Package: ruby-pdf-reader Version: 1.4.0-1 Severity: serious Tags: upstream Justification: Policy 2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The ruby-pdf-reader package includes fonts not freely licensed. E.g. /usr/lib/ruby/vendor_ruby/pdf/reader/afm/Times-Bold.afm - Jonas -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJYc4QzAAoJECx8MUbBoAEhUNMP/3rsWbK5jQonSv+wbCS6vFeq WgyaPiikPkJ0wD2DWRD0gzXD+xgYyXPB9G7cJLpj4g+/KMa2UY74PzzHNgpXYUJ5 AneS2GYGCdoFt4KyLaqR9/lCbOKvNeGcPfDtKI/J8zEXfesurX9AiDdHVnplbtZP f4zNUyb1NuvS6zxlMu2q/pzy238gNU4sIPHZxbo496WPxldI4vbYWoSRhdDawLRp Yo1GoZC6XnUjQAm92JLzyI1z7YxaqRxPSlc/9VLx7+OflX8eARY3SpN8LRqZU8Bs lKQPIvzuLMucKfbdyNDDT2NYcmUUM/h2kFf0kHURxkxjTbANloZd+2PGuxmNrSyq xGBqmvwj89wRzsH+kVnjVkwHximdQZmdALehEdJQfnS9038kdAZTY5C3dxTzWXGO 1t54R6BbF9dTntp7Y26QysQY+iiZlc4K3bC0QQ2oTlrUFumtJ4NT2Z9c9aYaYAB1 ENXrfJR9OkhtiQpUgjkn/52vtGekAyntMUpMUUo+iPg8wn0OF4VtUyJNue1NSduT ojnygolpK2mWLrbDJ8kuEpX9dRteJWtL+FfmYKtRR/0lYeLxA9zHn/zsK4mVhahn ggBCxHYKO+dYAnusNJWt73zOkB7l8eIcEkJS6ISimIY2duniwgdEOdDuzzsOH3RL m7YaTaVvvRHXVeoyCpfQ =pMTf -END PGP SIGNATURE-
Bug#850725: flickcurl: New upstream release, fixing overflows
Source: flickcurl Version: 1.25-3 Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 A new upstream release of libflickr is available. Upstream changelog mentions seemingly security-related bugfixes: > Multiple error path allocation fixes, several memory leak fixes and a > few overflows found via Coverity. I am unable to determine if those are truly security-related, so severity inflated to be on the safe side: Please adjust as appropriate. - Jonas -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJYc8oGAAoJECx8MUbBoAEh67QP/14maf4BTKvQNI+GPTOyVMTZ 1kJZeQBIvU++S+yv4P8GAJgMCmqNgUuSzbNgCQkio/1CYTkcKHXwKb3t+/IzN9jE s1vlE56iP82k4TIQk50NmzMuCAdXThTQIeVT5VyeDcaEuvzW2gxNNW//1xbmNmz0 6hV7ms/zzord8YEVB4uGPcc31KgETCziDl3Yt6Y6cYdQ/wyjOga8e3X+ALz1Dq7n ludjB4IB7iOfsxPDWj3RL1Xa8HBoo+Z1NnuMgQOUlV9nw0BeAqKoL/PeijX6n29V 90tyizFlO6wF3ZAFKJXP6TmO07D/RSEZ4cEUxeETQq2ccV8x/TH1LPYYjsmtKYQS T9HhOITHuivJGLH4uuKOw9DgaPYk//9cpSO1wXomTdTmKkPHIMnXcs7DKgQGbTcP IG1pFeGGbZqYzLwwffZPoDZtqc8N8vuttwwO7DaMNoPTmfSSbI49BlaZKK3be9Ih FoklI0+2egZykx1Q/Mpf49swFCv10IHciUtwATh+U1kWWrb84sZQiLJATAJR09wz EU7UwZKNgm7SWbD3321nGUQHwAiJIPTmnNpRtjteUStm5tMHDBS1f9xHcjlgezJo +gCoZ1GI4QvXE5CuRVxSS6TEVYCJsB31tjYr0WJdDUQzihgY0qzZhWt2FcRS4KlR 65PZwEmSv+swuR8y/SGq =m7cZ -END PGP SIGNATURE-
Bug#850840: raptor: Please don't release this package with Stretch: Abandoned and unused
Source: raptor Severity: serious -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Raptor 1.x has not had an upstream release in 6 years, is superceded by Raptor 2.x, and since earlier today no other package depend on it. Therefore, let's leave this package out of the upcoming stable release, and since drop it altogether. Severity set to a release-critical level. Simply lower (or close) if someone disagrees with this. - Jonas -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJYdRNtAAoJECx8MUbBoAEhcbkP+wfZ/xrqwdA8+0BGuzpbEumt wvnkQ2gqz7/WuBVF2mvdpuOv7DKxxgxqHnUL4BDblzkcdtTHp5fFEUaNyx/FcXv2 WL98JPCU+mjHcKQqm9HbA0IWn94t6dgU8welVgPdLmE2mXKFgkKjVVhJ1fac3LSK wvJIo19/fQSr1ldTp704edFimlckl+HQeHvpPnRCPIYCbmdpy43mayBmo++5xGTu QN9Br/H3WJN928iEuYlrTemf4yURzwh4MyraikGMo3Wb05jdnTHnH3lR9rMtj5// AEIORwfnUuPR/n15Z4aFmrWMU+3CJZKSUI+azPJoo79NClcxG34pNoor+Cyr8d7D tr4cMYc0Ra738KUoaLqoPGRNT38yfF0ehEgsptgaS8lM9SXkWPfo8eEMwvtCBHFm GeCgGNG2SRjyCUqEjKofbevXrcNYVzxtnKUdepDJeBcoTC/pgLmv1xBUlvoKc2wh VlFtjH8HRJ199a9RjD4kjfGn1o3UtzwDi6A8+6NOqRy8cB7y7gV8e+mLdsbTFUMg dmy/cX3CSo66baAloQTj42oZ7C1LuNvxvyR0zEF0k+YTaFzxKo2rgPFf0mDY/kc6 G1Cn6mj8ENFn7W979/OO+yxGbYaEEm3aglRQtqT/AzMC/+7ruEku72YYiPRCCbkE o6q+O6PTbLPLGBPjcU/c =wSFn -END PGP SIGNATURE-
Bug#850948: needrestart,piuparts: needrestart hangs -> piupart fails -> debian-design blocked
Package: needrestart,piuparts Severity: serious This bugreport is tracking debian-design not entering testing. Background: a) needrestart sometimes hangs during install. b) Needrestart hanging is caught by piuparts and treated as a failure. c) debian-design depends on needrestart and is blocked from testing. Issue a) is tracked as bug#826044, but as severity important. This bugreport is tracking the combined issue of a) + b) + c). Please therefore reassign and/or merge as appropriate, but only as long as the severity reflects the actual treatment of debian-design. - Jonas
Bug#850948: needrestart, piuparts: needrestart hangs -> piupart fails -> debian-design blocked
Quoting Andreas Beckmann (2017-01-11 16:30:50) > On 2017-01-11 15:25, Jonas Smedegaard wrote: > >> This bugreport is tracking debian-design not entering testing. > > I filed an unblock request for you, since that seems to be fallout > from britney evaluationg piuparts results, #850950 > > I now managed to get the piuparts test to finish after removing > timeout from the command line ... strange ... > > after installing all the dependencies, we are finally installing > design-desktop: That is great news. All of it. Thanks a lot for your help here! > I'm not sure whether needrestart does the right thing here ... > * it should adhere to policy-rc.d > * it should not run missing binaries > * it should be aware of being run in a chroot > (right now it enumerates all shells running in the host system ...) Sounds suspect indeed. I didn't dig deep - only reasoned from your earlier list of hanging process that it smells like policy-rc.d issue. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#850948: [Piuparts-devel] Bug#850948: needrestart, piuparts: needrestart hangs -> piupart fails -> debian-design blocked
Quoting Holger Levsen (2017-01-11 17:16:08) > control: reassign -1 needrestart > control: merge -1 826044 > thanks > > On Wed, Jan 11, 2017 at 03:25:10PM +0100, Jonas Smedegaard wrote: >> Package: needrestart,piuparts >> Severity: serious > > no. this is definitly not a serious bug in piuparts. then the bug is somewhere else - merging ruins ability to track where. >> This bugreport is tracking debian-design not entering testing. > > then this bug report would be more appropriate against release.d.o but > Andreas already filed this bug :) I believe I stated quite clearly the scope of this bug. I fail to understand how merging with another (related) bug of different severity helps track the issue I reported? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#850948: [Piuparts-devel] Bug#850948: needrestart, piuparts: needrestart hangs -> piupart fails -> debian-design blocked
Quoting Holger Levsen (2017-01-11 18:25:06) > On Wed, Jan 11, 2017 at 06:14:55PM +0100, Jonas Smedegaard wrote: > > I believe I stated quite clearly the scope of this bug. > > i dont see the scope. Here it is, again: Quoting Jonas Smedegaard (2017-01-11 15:25:10) > This bugreport is tracking debian-design not entering testing. ...and again: Quoting Jonas Smedegaard (2017-01-11 15:25:10) > This bugreport is tracking the combined issue of a) + b) + c). ...and here I request keeping severity tied to debian-design: > Please therefore reassign and/or merge as appropriate, but only as > long as the severity reflects the actual treatment of debian-design. In other words, basically the whole content of the bugreport apart from the few lines you yourself quoted. > we have one for needsrestart being buggy and one for the release team > to ignore this for the testing migration of debian-design. I dont see > why another one is needed. You need not understand all needs of Debian. Thanks for trying, though. >> I fail to understand how merging with another (related) bug of >> different severity helps track the issue I reported? > > you know how to handle the bts yourself, feel free to unmerge and > assign somewhere. just not to piuparts (even partly) with RC severity. > feel free to make it wishlist and assign to piuparts (party or not). Yes, I am aware how I can run behind you and clean up after your ignorance. Wish I didn't have to. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#851028: composite: FTBFS: lrdf.h:8:20: fatal error: raptor.h: No such file or directory
Quoting Jaromír Mikeš (2017-01-11 23:29:24) > 2017-01-11 19:55 GMT+01:00 Lucas Nussbaum : > > > > > During a rebuild of all packages in sid, your package failed to build on > > amd64. > > > > Relevant part (hopefully): > > >^~~ > > > In file included from /<>/composite-0.006. > > 2+dfsg0/src/Tritium/src/fx/Effects.cpp:36:0: > > > /usr/include/lrdf.h:8:20: fatal error: raptor.h: No such file or > > directory > > > #include > > > ^ > > > compilation terminated. > > > src/Tritium/CMakeFiles/Tritium.dir/build.make:1025: recipe for target > > 'src/Tritium/CMakeFiles/Tritium.dir/src/fx/Effects.o' failed > > > make[3]: *** [src/Tritium/CMakeFiles/Tritium.dir/src/fx/Effects.o] > > Error 1 > > > > The full build log is available from: > >http://aws-logs.debian.net/2017/01/11/composite_0.006.2+ > > dfsg0-6_unstable.log > > > > <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers> > > > > Hi Jonas, > > isn't it this bug rather bug in ldrf and the line in /usr/include/lrdf.h > file should be: > #include > as ldrf now B-D on libraptor2-dev? Well, that would be one way to solve it, but the more correct one, I believe, is for composite to use pkg-config. Something like this: pkg-config --cflags liblrdf should correctly provide this: -I/usr/include/raptor2 -I/usr/include Seems to me that composite build fails to properly set build flags, but happened to work anyway in the past because back then no custom path was needed. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#850948: needrestart: Hangs in apt hook with a zombie
Quoting Thomas Liske (2017-01-14 16:09:26) > I've replied to #850948 where I think you wan't to discuss the > piuparts-needrestart-* issue. Thanks for correcting my error (I realized it only after posting) > Jonas Smedegaard writes: > >> Maybe it is just a debconf frontend issue? In cases needrestart > >> does seems to hang it trackes down to: > >> > >> - daemons hangig while restarting them (init scripts) > > > > Agreed. This would imply that either piuparts fail to setup > > policy-rc.d appropriately, or that needrestart ignores policy-rc.d. > > The latter is a Policy violation. > > You are referencing Debian Policy's section 9.3.3 [1]? Correct. Sorry for sloppily not mentioning it explicitly. [...] > I think the severity of this bug should be lowered to important since > there is no policy violation of needrestart at all. I think it is quite worrisome if simply installing (not actively using) needrestart inside a chroot spawns daemons - and that is not treated as serious (no matter framed by some geleral Debian Policy wording). > needrestart uses the service command of init-system-helpers to restart > daemons. A quick look into /usr/sbin/service shows that if there is no > systemd the service command calls the init script directly (look at > run_via_sysvinit). Thanks for clarifying. > So you might consider to move the bug to init-system-helpers. No need: init-system-helpers provide tools both to interacti via policy-rc.d and tools to bypass that layer - which is perfectly fine. Problem is when package install routines (even if indirectly - e.g. using inappropriate helper tools) bypass policy-rc.d. > I (upstream) or Patrick (maintainer) could add a patch to needrestart > to use invoke-rc.d instead of the service command. That would only be > a Debian specific workaround. Please do. That sounds like it would solve this issue. [...] > Needrestart's use of debconf should be aware if piuparts already tells > debconf that it is called non-interactive. So it seems to hang due to > some init scripts problem as discussed above. Agreed. >>> Feel free to open a new bug to needrestart to track down this issue. >> >> Thanks for the suggestion. I am not familiar with piupart I will >> likely not do so, but welcome others to pick up where I left. > > Neighter do I. Another workaround could be to change needrestart to > list only mode within piupart using some local config snippet as they > do for policy-rc.d. If I understand you corretly, that you suggest to invent a mechanism essentially doing the same as policy-rc.d, then I see no need for that: Please respect the already existing policy-rc.d instead. I guess what you seek is a solution not specific to Debian - and find that wuite sensible. I suspect, however, that there is no XDG or similar more generic standard for respecting deployment-specific hooks - which is really what policy-rc.d is about (not only chroot support). Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#851339: [Pkg-fonts-devel] Bug#851339: fonts-firacode: package in Debian with non-Debian build dependencies
Quoting Fabian Greffrath (2017-01-21 12:39:17) >> FYI, you are mistaken that C code is always "source". C is sometimes >> generated from other forms, via transpilers or lexer generators etc. >> It can also be obfuscated C code from the real C source (cf #383465). >> [...] >> So like C, OTF can be source or not source, depending on the upstream >> project. > > I find this by far the most convincing argument, although I still find > it difficult to accept that it should make a difference for Debian as > a mere downstream distributor. We provide many packages with fonts in > OTF format and while this is acepted as a proper source for some, it > is not for others because of upstream design decisions? I agree it feels weird that some fonts are fine to distribute as-is in Debian whereas other fonts using same format cannot - simply because we are aware that a different format is used for upstream development. But I believe this is not a unique oddity. A more common equivalent is makefiles, some of which are hand-written and others are auto-generated. "is used as source upstream" and "can be used as source downstream" are different things, and I believe Debian Policy talks about the former. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#848285: closed by Julien Cristau (Re: Bug#852042: nmu: jackd2_1.9.10+20150825git1ed50c92~dfsg-4)
Quoting James Cowgill (2017-01-23 11:59:10) > Control: notfixed -1 1.9.10+20150825git1ed50c92~dfsg-4+b1 > > Hi, > > On 22/01/17 16:55, Francesco Poli wrote: > > Control: fixed -1 jackd2/1.9.10+20150825git1ed50c92~dfsg-4+b1 > > > > On Sun, 22 Jan 2017 16:27:03 + Debian Bug Tracking System wrote: > > > >> This is an automatic notification regarding your Bug report > >> which was filed against the jackd2 package: > >> > >> #848285: jackd2: spits verbose output and exits immediately when the > >> client stops sending audio > >> > >> It has been closed by Julien Cristau . > > > > Many thanks to all people involved in fixing the bug in GCC and in > > fixing the resulting issue in Jackd! > > > > I am looking forward to seeing the binNMU migrate to Debian testing. > > > > In the meanwhile, apt-listbugs users risk seeing the package unpinned > > and upgraded to the buggy version currently in testing, just because > > this bug report has been closed with -done without version info. > > I know that 1.9.10+20150825git1ed50c92~dfsg-4+b1 is not a source > > version, but I guess that adding it as a fixed version should not harm > > the BTS version tracking and would probably make apt-listbugs understand > > that the bug was *not* closed as invalid, just fixed in a binNMU... > > I am adding such a fixed version, I hope nobody will get angry because > > of this. > > Unfortunately I don't think this is going to work. Now that there is a > "fixed" version, the BTS will only regard this bug as fixed in unstable > if it sees a source changelog containing that version. Since this will > never happen (it's a binNMU) the BTS will never regard this bug as fixed. > > Given that binNMUs have no testing migration delay, hopefully this won't > affect people for too long. I think the correct approach is to reassign the bug to gcc and mark it as affecting jackd - i.e. not try track which jackd package is fixed: Purpose of binNMUs is to operate independent of the package. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1034969: Fwd: Bug#1034969: terser: missing Breaks+Replaces for uglifyjs.terser when upgrading from bullseye
Thanks for the patch, Yadd - and for the bugreport, Helmut. I am quite busy elsewhere currently - if you have the time then I would appreciate if you would handle this issue. Otherwise I'll try make time for it the upcoming weekend. - Jonas Quoting Yadd (2023-04-28 05:38:56) > Hi Jonas, > > it seems that "Breaks" fields needs to be duplicated in "Replaces": > > diff --git a/debian/control b/debian/control > index 6772ac76..3d8f1174 100644 > --- a/debian/control > +++ b/debian/control > @@ -34,6 +34,9 @@ Depends: > Breaks: >uglifyjs.terser (<< 4.8.0-1~), >node-rollup-plugin-terser (<< 7.0.2+~5.0.1-3~) > +Replaces: > + uglifyjs.terser (<< 4.8.0-1~), > + node-rollup-plugin-terser (<< 7.0.2+~5.0.1-3~) > Suggests: >terser, > Multi-Arch: foreign > @@ -87,6 +90,8 @@ Recommends: >node-source-map-support, > Breaks: >uglifyjs.terser (<< 4.8.0-1~), > +Replaces: > + uglifyjs.terser (<< 4.8.0-1~), > Suggests: >node-acorn, > Multi-Arch: foreign > > Cheers, > Yadd > > Forwarded Message > Subject: [Pkg-javascript-devel] Bug#1034969: terser: missing > Breaks+Replaces for uglifyjs.terser when upgrading from bullseye > Resent-Date: Thu, 27 Apr 2023 13:11:12 + > Resent-From: Helmut Grohne > Resent-To: debian-bugs-d...@lists.debian.org > Resent-CC: Debian Javascript Maintainers > > Date: Thu, 27 Apr 2023 14:59:55 +0200 > From: Helmut Grohne > Reply-To: Helmut Grohne , 1034...@bugs.debian.org > To: sub...@bugs.debian.org > > Package: terser > Version: 5.16.4-1 > Severity: serious > Justification: dpkg unpack error > > Attempting to unpack terser/5.16.4-1 from Debian bookworm > on a minimal Debian bullseye with uglifyjs.terser/4.1.2-8 > installed, causes an unpack error from dpkg due to > /usr/share/nodejs/terser/bin/uglifyjs being contained in both packages. > > | Selecting previously unselected package terser. > | dpkg: considering deconfiguration of uglifyjs.terser, which would be > broken by installation of terser ... > | dpkg: yes, will deconfigure uglifyjs.terser (broken by terser) > | (Reading database ... 4922 files and directories currently installed.) > | Preparing to unpack ./terser_5.16.4-1_all.deb ... > | De-configuring uglifyjs.terser (4.1.2-8) ... > | Unpacking terser (5.16.4-1) ... > | dpkg: error processing archive ./terser_5.16.4-1_all.deb (--unpack): > | trying to overwrite '/usr/share/nodejs/terser/bin/uglifyjs', which is > also in package uglifyjs.terser 4.1.2-8 > | Errors were encountered while processing: > | ./terser_5.16.4-1_all.deb > > > Please ensure that terser has sufficient Breaks and Replaces declarations. > > Helmut > > -- > Pkg-javascript-devel mailing list > pkg-javascript-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#1034969: Fwd: Bug#1034969: terser: missing Breaks+Replaces for uglifyjs.terser when upgrading from bullseye
Quoting Yadd (2023-05-02 04:58:47) > a previous "unblock" was missing here: unstable version is 5.16.5-1 > while testing version is 5.16.4-1. What do you want to do, fix only this > bug with a 5.16.5-really-5.16.4-1 or a full update ? It is a bugfix release, and as such I would consider it relevant for stable, but I get exhausted just thinking about the need for "defending" changes against the release team: If you do it, you can desice if you want to try get all of it in or only a (arguably too) minimal patch. Thanks! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1034969: [Pkg-javascript-devel] Bug#1034969: Fwd: Bug#1034969: terser: missing Breaks+Replaces for uglifyjs.terser when upgrading from bullseye
Quoting Yadd (2023-05-02 08:58:06) > For the record, unblock issue is #1035368 Looks excellent - thanks for your work on this, Yadd! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1034170: Accepted netatalk 3.1.15~ds-1 (source) into unstable
Quoting Salvatore Bonaccorso (2023-05-04 08:49:45) > > Changes: > > netatalk (3.1.15~ds-1) unstable; urgency=high > > . > >[ upstream ] > >* new release > > + fixes CVE-2022-45188 CVE-2022-45188; > >closes: bug#1024021, thanks to Moritz Mühlenhoff > > And seems to fix as well CVE-2022-43634, in the netatalk-3-1-15 > upstream tag with > https://github.com/Netatalk/netatalk/commit/e6a9ce5b8145d0b39851fbf80916035a714e9d59 > . Marking #1034170 as closed as well. Indeed. That was a stupid copy-paste error on my side (same CVE listed twice). Thanks for noticing! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#1035005: [pkg-uWSGI-devel] Bug#1035005: [PATCH] Add Replaces on uwsgi-plugin-jvm-openjdk-11 (Closes: #1035005)
Hi James, Quoting James Valleroy (2023-05-19 12:33:50) > tags 1035005 patch > thanks > > The attached patch fixes this issue. I tested by unpacking the package into a > Debian bullseye VM where uwsgi-plugin-jvm-openjdk-11 was already installed. Thanks a lot. You are quite welcome to release this as a 0-day NMU. Otherwise I will try to find time for it (I am currently studying and in exam season, so pretty busy...) Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#1031046: asterisk gone from bookworm ?
Quoting Bogdan Veringioiu (2023-05-23 14:59:48) > Is there any news from the asterisk maintainers regarding this? > what are the chances that asterisk 20 will be included in bookworm ? No chance: It was removed during freeze which means it will not be part of Bookworm. Sorry, requires more man power to maintain than I could muster alone :-( - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1031046: Asterisk removed from Debian Bookworm
Hi Antony, Quoting Antony Stone (2023-05-26 16:58:54) > I've just discovered this "bug report" and I'm very disappointed by it. > > Please can someone tell me: > > 1. How many people are involved as Asterisk Debian Package Maintainers? Asterisk is maintained in the [VoIP team], and in principle anyone in that team can contribute directly to the git repo of asterisk packaging (and also most of the approximately 1000 formal Debian Developers has write access to the git repo as well, but will only do so for simpler quickfixes - anyone generally interested in Asterisk maintenance is expected to join the team). In reality, however, not everyone in our team are familiar with all of the packages we maintain together. In recent times, all [releases] of Asterisk since 16.16.1~dfsg+~2.10-1 in January 2021 was issued by me, and before that Bernhard Schmidt (almost) solely maintained Asterisk packaging since 13.20.0~dfsg-1 in April 2018. Unfortunately [Bernhard cannot grasp] how I embed PJProject, and I cannot grasp how he did it previously. Effectively, Asterisk has had a single maintainer for the past 5 years. [VoIP team]: https://salsa.debian.org/groups/pkg-voip-team/-/group_members [releases]: https://tracker.debian.org/pkg/asterisk/news/ [Bernhard cannot handle]: https://bugs.debian.org/1014133#25 > 2. Has this number decreased noticeably since the previous Debian release > Bullseye? Asterisk packaging in Debia has had a low bus factor for quite some time. > 3. Has anyone contacted the Asterisk community (for example via > https://community.asterisk.org ) to see whether additional volunteers would > be > willing to help with the effort involved in keeping Asterisk in the Debian > project? No, I haven't done any recruitment work, and neither has anyone else - to the best of my knowledge. If you are volunteering to either help yourself or to try do some recrutiment, then that's much appreciated. Unfortunately it is too late now for getting Asterisk part of upcoming stable Debian - but it is regardless helpful for the maintenance in *unstable* and *testing* during the lifetime of upcoming stable, which includes the ability for offering it unofficially for upcoming stable Debian through https://backports.debian.org/ Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
Bug#1037415: librust-grep-printer-dev: impossible to install: depends on gone package librust-base64-0.13+default-dev
Package: librust-grep-printer-dev Version: 0.1.6-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 librust-grep-printer-dev depends on librust-base64-0.13+default-dev which is gone. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmSHKHAACgkQLHwxRsGg ASGMJRAArH4HaVhzJXG99ayt8E9iZ6NSdECmqVndJSfUFNgrjXpy7cImi394cK94 0aA3yq8MdcMYh23gJEcW975YU7cjKT8WFHKsGvkYUZ51RDbEKAJly6tGp+mMHKA6 k2MGNJNejJlyNEL7Zd62Mq3wNUD//mz4aYn75MPkF3ucgSkw3l7/rh+jHbrLwiUu mXFRt0ZJkTR93UmpNcZDYmfjmaZ6/IFQ1sOwaCjZkP4NtPBtc4W97bdBNtcypNMr WiuPtTpUDArauX/MGu4v4KiY+EZa7AYdfdzqRHXkolH3nHOrjOL8QDwWdXXjBQ2V iuoaFIrQPUHNx1l93rotFUQYCuIabszdTutIuZgRTOxCgnsmqg88JqIifqFK8RHj zf7/LdahBDP8G0VV72LgB+VrLIT4nJNZNYciATKMnMn5zh9ref1FIOlfEio0KVgJ 9NrrwD9PPujEVVTe55b0lIKd24O57qs4SF5o51skLEshAqDS7ymCL95zWv/mPC76 yOgZhdW6ttfWgmrmLLqNiCgPJ9l6ydLzprU+dHyBx1hqo3iFVsvsAoLzseZdVWAM nO7Tfo1x4cuVTb62AC0hFja05/b4HkuP6+bwVX6AHllvlKu7Uo601HUtHbFzhVmT 4htlWV+7Wp8qeE95IWZkYxWJXyXSe2xXLG8QRb1wOJGqCZL/JtE= =3JpT -END PGP SIGNATURE-
Bug#1037977: rust-ureq - update for base64 0.21
Quoting Peter Green (2023-06-15 06:35:02) > rust-base64 was recently updated to 0.21 making rust-ureq unbuildable and > uninstallable. > > Upstream already has a fix, I grabbed it and added it to the Debian package > and it > built and passed autopkgtests fine. > > Debdiff attached, I may or may not NMU this later. Thanks for the report. Instead of using the provided patch, I have prepared an upgrade to newest upstream release which includes this change. Unfortunately I am not yet able to build that, due to base64 upgrade also affecting rust-rustls-pemfile and rust-cookie - which you already know and have dealt with earlier today. In future, I recommend to more cautiously release backwards-incompatible package upgrades: First release to experimental as a NEW package, then when approved by ftpmasters re-release to unstable, then when no longer wanting to maintain the older branch) file RC bugs against all reverse dependencies of the older package, and when none of those are in testing (which happens automatically after some time for packages with RC bugs) request removal from testing of the old package, and then later from unstable as well. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
