Bug#997016: RFS: swtpm/0.7.0-rc2-1 [ITA] -- Libtpms-based TPM emulator
Hi Bastian, On Thu, Nov 4, 2021 at 11:30 AM Seunghun Han wrote: > On Thu, Nov 4, 2021 at 6:43 AM Bastian Germann wrote: > > The failing build is on i386 and also fails natively on my i386 machine. > > It looks a bit like Y2K38 triggering... > I'm sorry. I missed the point that i386 means 32bit system. I agree > with your opinion about Y2K and should find the reason and the > solution. I found the reason for a failure in the i386 system. The certificate was made and valid until Dec 31 . But certtool program of the i386 system parsed the certification and showed it was valid until Dec 31 2037. It seemed a certtool problem and the limitation of the i386 system, not the problem of swtpm. So I updated the validation code of the test result like both could be accepted, then all builds were passed. Please check the pipeline result below. https://salsa.debian.org/debian/swtpm/-/pipelines/310288 Anyway, there are still some problems with reprotest and cross-build. Should I solve them, too? Best regards, Seunghun
Bug#994272: Continuing packaging effort (was: Bug#994272: RFS: opm-{common|material|grid|models|simulators|upscaling}/2021.04-1 [ITP] -- opm -- Open Porous Media Software Suite)
Hi, We are still looking for a sponsor for the OPM packages. FYI: We are about to release the next upstream version 2021.10 and intend to update the prospective Debian packages (see [0], [1] for all details). Any comments and recommendations about the current packages are of course welcome and we will try to incorporate them. It might of course make sense to wait with uploading to NEW for the new release. I will report when the packages for the new release are available. What OPM is and why it should be in Debian: The Open Porous Media (OPM) software suite provides libraries and tools for modeling and simulation of porous media processes, especially for simulating CO2 sequestration and improved and enhanced oil recovery. Its main part is a blackoil reservoir simulator with file input and output compatible with a major commercial oil reservoir simulator. On some cases it clearly outperforms the commercial one. Being open source it lowers the bar for starting simulations and is used by industry, research institutes and quite a few small consultancies. Looking foward to your reviews and sponsoring efforts Cheers, Markus [0] https://lists.debian.org/debian-mentors/2021/09/msg00055.html [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994272
Bug#997016: RFS: swtpm/0.7.0-rc2-1 [ITA] -- Libtpms-based TPM emulator
> On Nov 3, 2021, at 19:30, Seunghun Han wrote:
>
>> I am also not sure if you are allowed to write in /tmp on package building.
>> I will check that.
> Everyone has write access right to /tmp directory, so I guess the
> package also has it.
I don’t think this is the cause of the failures, but shouldn’t this really be
using $TMPDIR? AFAIK temporary scratch space is not guaranteed to be /tmp.
Maybe in Bash you want something like ${TMPDIR:-/tmp}.
Re: Bug#987996: RFS: hipercontracer/1.6.0~rc1-1 [ITP]
Hi, thanks for the review! The latest version 1.6.3~test1 on https://mentors.debian.net/package/hipercontracer/ should solve the issues: Den 02.06.2021 18:07, skrev Tobias Frost: > Control: tags -1 moreinfo > > Hi Thomas, > > Mentors says: > > "Package closes bugs in a wrong way > Errors: > > Bug #987996 is a RFS bug > > hipercontracer: > #987996 (Normal, RFS): RFS: hipercontracer/1.6.0~rc1-1 [ITP]" > > --> you need to close the ITP bug in the changelog. > Possibly after filing one; I couldnt find it at least… Fixed. > > - On a new package, the _only_ changelog entry is that one that closes the > ITP. > (in your case delete the new upstream version line and *all* older entries. Fixed. > > - There are lots of versioned Build-Depends which are already fulfilled in > oldstable. drop those. > - There is no cmake3 package in Debian, drop that alternative to cmake. > - It should be sufficient for the boost B-D to just specify the version > agnostic one. Or do I miss the point what you want to archive here? > (beside, oldstable has already 1.62, so no need to say >1.58) Fixed. > - Pendantic lintian has this, easy to fix: > P: hipercontracer source: uses-debhelper-compat-file Fixed. "/debian/compat" is gone now. > - The examples should be installed using dh_installexamples (not using > *.install) > > - Please add comments to lintian overrides. Did you override because you > checked them or just overode them? Comment added. > - I think the user/group handling in postinst is wrong in several ways. > - hardcoded id of 888. > - names should be "invalid names" so that it cannot cause collisions. > - setting the hoemdirectory to /tmp/ is certainly a bad idea and I > guess insecure. Especially when setting /bin/bash as shell… > - IOW, Read the Debian Policy on this topic. I rewrote the postinst and also added a postrm, in the same way as the user creation is made by the tcpdump package. -- Best regards / Mit freundlichen Grüßen / Med vennlig hilsen === Thomas Dreibholz SimulaMet -- Simula Metropolitan Centre for Digital Engineering Centre for Resilient Networks and Applications Pilestredet 52 0167 Oslo, Norway --- E-Mail: dre...@simula.no Homepage: http://simula.no/people/dreibh === OpenPGP_signature Description: OpenPGP digital signature
Bug#998517: RFS: diodon/1.11.2-1 [RC] -- GTK+ Clipboard manager
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "diodon": * Package name: diodon Version : 1.11.2-1 Upstream Author : Oliver Sauder * URL : https://launchpad.net/diodon * License : LGPL-2.1+, GPL-2+, LGPL-3+ * Vcs : https://git.launchpad.net/~diodon-team/+git/debian-packaging Section : utils It builds those binary packages: diodon - GTK+ Clipboard manager libdiodon0 - GTK+ Clipboard manager (main library) gir1.2-diodon-1.0 - GTK+ Clipboard manager (GObject introspection data) diodon-dev - GTK+ Clipboard manager (development files) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/diodon/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/d/diodon/diodon_1.11.2-1.dsc Changes since the last upload: diodon (1.11.2-1) unstable; urgency=medium . * New upstream release. * Fix custom-library-search-path * Removed invalid configure.in file (Closes: #997655) * Bump Standard-Version to 4.6.0 Regards, Oliver
Bug#995602: marked as done (RFS: python-patch-ng/1.17.4-1 [RFP] -- Patch NG (New Generation))
Your message dated Thu, 4 Nov 2021 19:56:16 + with message-id and subject line Re: (whole RFS) has caused the Debian Bug report #995602, regarding RFS: python-patch-ng/1.17.4-1 [RFP] -- Patch NG (New Generation) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 995602: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995602 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "python-patch-ng": * Package name: python-patch-ng Version : 1.17.4-1 Upstream Author : tThe Conan C package manager devs + techtonik * URL : https://github.com/conan-io/python-patch-ng * License : MIT * Vcs : https://salsa.debian.org/python-team/packages/python-patch-ng Section : python It builds those binary packages: python3-patch-ng - Patch NG (New Generation) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/python-patch-ng/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/p/python-patch-ng/python-patch-ng_1.17.4-1.dsc Changes for the initial release: python-patch-ng (1.17.4-1) unstable; urgency=medium . * Initial release (Closes: #845482) Regards, -- Joshua Peisach --- End Message --- --- Begin Message --- Hello, writing this as I'm demoralized. This whole package feels cursed. It was an attempt to write an alternative to GNU patch because of it's security vulnerabilities (are they really even that bad?), which was then abandoned, picked up by a group who's making a C package manager (who wrote it in Python?) and hasn't received much change, and barely has any popularity on GitHub. Plus for some reason the tests/docs directories aren't shipping with pypi, and since I don't feel any huge addiction to conan (that C package manager) I'm unfortunately, giving up here again (ashamed to say this after my pyupgrade stuff...) But I will try to get cppimport in. thanks, -Josh --- End Message ---
debian-mentors@lists.debian.org
On Thu, Nov 04, 2021 at 04:29:18PM +0100, Marco M. F. De Santis wrote: > * Package name: hoteldruid >Version : 3.0.3-1 > hoteldruid (3.0.3-1) unstable; urgency=low > . >* New upstream release > - Fixes multiple sql injection and XSS vulnerabilities. >(Ref: CVE-2021-32832, CVE-2021-38733, CVE-2021-38559) >(Closes: #991910) >* debian/control: updated Standards-Version >* debian/watch: updated debian watch file standard >* Added lintian override for index.html that is not documentation >* Updated appdata file with categories and content_rating >* debian/postinst: replaced tempfile with mktemp (Closes: #992458) >* Added autopkg tests: install-sqlite and lint >* debian/config: don't set administrator-username as blank when > called twice Hi! I'm afraid the "install-sqlite" autopkgtest silently fails; full log: autopkgtest [19:54:05]: test install-sqlite: preparing testbed autopkgtest [19:54:06]: testbed dpkg architecture: amd64 Get:1 file:/tmp/autopkgtest.tZYvNW/binaries InRelease Ign:1 file:/tmp/autopkgtest.tZYvNW/binaries InRelease Get:2 file:/tmp/autopkgtest.tZYvNW/binaries Release [816 B] Get:2 file:/tmp/autopkgtest.tZYvNW/binaries Release [816 B] Get:3 file:/tmp/autopkgtest.tZYvNW/binaries Release.gpg Ign:3 file:/tmp/autopkgtest.tZYvNW/binaries Release.gpg Get:4 file:/tmp/autopkgtest.tZYvNW/binaries Packages [1438 B] Reading package lists... Reading package lists... Building dependency tree... Reading state information... Correcting dependencies...Starting pkgProblemResolver with broken count: 0 Starting 2 pkgProblemResolver with broken count: 0 Done Done Starting pkgProblemResolver with broken count: 0 Starting 2 pkgProblemResolver with broken count: 0 Done The following additional packages will be installed: apache2 apache2-bin apache2-data apache2-utils curl hoteldruid libapache2-mod-php libapache2-mod-php7.4 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libargon2-1 libbrotli1 libbsd0 libcurl4 libedit2 libexpat1 libicu67 libjansson4 libldap-2.4-2 liblua5.3-0 libmagic-mgc libmagic1 libmd0 libncurses6 libncursesw6 libnghttp2-14 libprocps8 libpsl5 librtmp1 libsasl2-2 libsasl2-modules-db libsodium23 libsqlite3-0 libssh2-1 libxml2 libxslt1.1 mailcap media-types mime-support php-common php-sqlite3 php-xml php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-sqlite3 php7.4-xml procps psmisc sensible-utils ucf Suggested packages: apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser firefox | www-browser php-mysql | php-pgsql php-pear file Recommended packages: ssl-cert php-imap ca-certificates libldap-common libgpm2 publicsuffix libsasl2-modules file The following NEW packages will be installed: apache2 apache2-bin apache2-data apache2-utils curl hoteldruid libapache2-mod-php libapache2-mod-php7.4 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libargon2-1 libbrotli1 libbsd0 libcurl4 libedit2 libexpat1 libicu67 libjansson4 libldap-2.4-2 liblua5.3-0 libmagic-mgc libmagic1 libmd0 libncurses6 libncursesw6 libnghttp2-14 libprocps8 libpsl5 librtmp1 libsasl2-2 libsasl2-modules-db libsodium23 libsqlite3-0 libssh2-1 libxml2 libxslt1.1 mailcap media-types mime-support php-common php-sqlite3 php-xml php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-sqlite3 php7.4-xml procps psmisc sensible-utils ucf 0 upgraded, 55 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. Need to get 20.8 MB/22.2 MB of archives. After this operation, 91.9 MB of additional disk space will be used. Get:1 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 sensible-utils all 0.0.17 [21.5 kB] Get:2 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 ucf all 3.0043 [74.0 kB] Get:3 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libapr1 amd64 1.7.0-8 [106 kB] Get:4 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libexpat1 amd64 2.4.1-3 [104 kB] Get:5 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libaprutil1 amd64 1.6.1-5 [92.1 kB] Get:6 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libsqlite3-0 amd64 3.36.0-2 [815 kB] Get:7 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.1-5 [18.8 kB] Get:8 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libsasl2-modules-db amd64 2.1.27+dfsg-2.2 [69.1 kB] Get:9 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libsasl2-2 amd64 2.1.27+dfsg-2.2 [106 kB] Get:10 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libldap-2.4-2 amd64 2.4.59+dfsg-1 [232 kB] Get:11 file:/tmp/autopkgtest.tZYvNW/binaries hoteldruid 3.0.3-1 [1346 kB] Get:12 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libaprutil1-ldap amd64 1.6.1-5 [17.0 kB] Get:13 http://apt-rosy.angband.pl:3142/debian unstable/main amd64 libbrotli1 amd64 1.0.9-
Bug#998615: RFS: fonts-jetbrains-mono/2.242+ds-2 -- free and open-source typeface for developers
Package: sponsorship-requests Severity: normal X-Debbugs-Cc:debian-fo...@lists.debian.org Dear mentors, I am looking for a sponsor for my package "fonts-jetbrains-mono": * Package name: fonts-jetbrains-mono Version : 2.242+ds-2 Upstream Author : Phillip Nurullin * URL :https://www.jetbrains.com/lp/mono/ * License : Apache-2 * Vcs :https://salsa.debian.org/fonts-team/fonts-jetbrains-mono Section : fonts It builds those binary packages: fonts-jetbrains-mono - free and open-source typeface for developers To access further information about this package, please visit the following URL: https://mentors.debian.net/package/fonts-jetbrains-mono/ Alternatively, one can download the package with dget using this command: dget -xhttps://mentors.debian.net/debian/pool/main/f/fonts-jetbrains-mono/fonts-jetbrains-mono_2.242+ds-2.dsc Changes since the last upload: fonts-jetbrains-mono (2.242+ds-2) unstable; urgency=medium . * d/control: update Standards version to 4.6.0.1 (no changes needed) * Use upstream build script instead of custom Makefile Regards, -- Romain Porte
Bug#934297: RFS: bibtexconv
Control: tags -1 moreinfo On Thu, 02 Jan 2020 12:18:40 +0100 Tobias Frost wrote: - Can you please merge the d/changelog entries for (in Debian) unreleased versions? - The Debian changelog seems incomplete, I see (packaing) changes which are not documented. Please also try to expand a bit on the changes, e.g did the SV update require you add changes? (documenting "why has this changed" is important as additional information to the "what") These were fixed. - You do not need to specify the standards versions 4th digit, this digit is for editorial changes only. So it is sufficient to declare compatiblitliy with e.g 4.4.1 (which has been released since you put this package to mentors) - d/test/control is a empty file. I don't think that is right. nitpicks: d/compat can be obsoleted. ( https://nthykier.wordpress.com/2019/01/04/debhelper-compat-12-is-now-released/ ) Please correct these. - Where do you get the OpenSSL exception from? I know you are the upstream but this exception should be present in the source as well or should be removed from d/copyright. Debian does not require it any longer. - Please change the version and the origtarxz to actually match the released version/file. No ~test0 - Add "(Closes: #975076)" to d/changelog's "New upstream release." line. With these changes I am going to sponsor the package. Please untag moreinfo when you are done.
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Hello Bastian, > Please consider relicensing debian/* or at least debian/patches/* I've relicensed to BSD-3, in order to match upstream license. > Ken Martin, Will Schroeder, Bill Lorensen's copyright is missing. I guess you are referencing classic VTK's copyright. F3D's copyright is "Kitware, SAS" according to source code and official website, without any link to VTK's copyright. > src/cxxopts.hpp: Expat license is missing. Added to the copyright file, and I've opened an upstream bug: https://gitlab.kitware.com/f3d/f3d/-/issues/253 > d/f3d.1 > === > Please describe the options in the man page. Man page updated. > You should prefer using the not-installed file for this use case. The not-installed file seems to avoid trigger dh_missing error, which is not what I need here. I haven't figured out how exclude files during the CMake install target (--exclude has no effect), so I've added an "rm" command in the rules file. If there is a better way, please suggest. > I suggest to have the package in Salsa's debian namespace so that > others > can contribute easily. If you agree I can create that and grant you > maintainer rights for it. Yes! Please create the debian repository and grant me right to maintain it. Thanks a lot for this review, the new package is available on mentors. Best, François signature.asc Description: This is a digitally signed message part
Bug#986108: RFS: f3d/1.1.0-1 [ITP] -- fast and minimalist 3D viewer
Control: tags -1 moreinfo On 04.11.21 22:21, François Mazen wrote: Hello Bastian, Please consider relicensing debian/* or at least debian/patches/* I've relicensed to BSD-3, in order to match upstream license. Ken Martin, Will Schroeder, Bill Lorensen's copyright is missing. I guess you are referencing classic VTK's copyright. F3D's copyright is "Kitware, SAS" according to source code and official website, without any link to VTK's copyright. It is fine for them not to include it because these people obviously have the say over Kitware. Still, there are three source files that have their copyright and are BSD licensed. The license mandates including the copyright in any distribution, which is why Debian mandates it to be in the d/copyright file for the binary package to be compliant. I have added them to the git. src/cxxopts.hpp: Expat license is missing. Added to the copyright file, and I've opened an upstream bug: https://gitlab.kitware.com/f3d/f3d/-/issues/253 That is very kind of you. For the binaries that Kitware provides they are actually in breach of that license (given the file is actually compiled). Have you checked the files in the data directory? At least data/BoxAnimated0.bin is not a source file and some others might not be. Non-source files (defined as preferred format for modification) have to be excluded. Also, does the files' metadata say anythinng about copyright or license? d/f3d.1 === Please describe the options in the man page. Man page updated. You should prefer using the not-installed file for this use case. The not-installed file seems to avoid trigger dh_missing error, which is not what I need here. I haven't figured out how exclude files during the CMake install target (--exclude has no effect), so I've added an "rm" command in the rules file. If there is a better way, please suggest. I see you have already found another way... I suggest to have the package in Salsa's debian namespace so that others can contribute easily. If you agree I can create that and grant you maintainer rights for it. Yes! Please create the debian repository and grant me right to maintain it. Done. The CI test suite won't run because of the .lfsconfig file which is why I have disabled it.
debian-mentors@lists.debian.org
Control: tags -1 moreinfo Please untag moreinfo when you have provided a fixed upload.
Bug#998040: RFS: makedeb-makepkg/8.11.0 [ITP] -- Arch Linux build utility, modified for use with makedeb
Control: tags -1 moreinfo makedeb-makepkg's version has to have a Debian revision -1. Please keep only the latest packaged version in the changelog with a line closing the ITP. When you are done and have uploaded a version with fixed changelog please untag moreinfo.
