Bug#923315: unblock: gigolo/0.4.2-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
due to a bad timing combination, the gigolo packag is currently not in
testing and won't migrate without an unblock. I think it would be nice
for its users to let it migrate.
The package has been removed from testing a long time ago, and didn't
migrate again because of the alioth maintainer address RC bug. There's a
new development version in experimental fixing that bug, and I hoped
there would be a stable release in time for the freeze, but that didn't
happen and I uploaded just a new revision (I thought) in time for the
freeze.
Unfortunately my timing was off (I uploaded 5 days before the soft
freeze but too late). The diff between stable and unstable is attached.
Please unblock package gigolo
unblock gigolo/0.4.2-3
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8),
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru gigolo-0.4.2/debian/changelog gigolo-0.4.2/debian/changelog
--- gigolo-0.4.2/debian/changelog 2014-01-09 23:00:47.0 +0100
+++ gigolo-0.4.2/debian/changelog 2019-02-07 17:29:33.0 +0100
@@ -1,3 +1,35 @@
+gigolo (0.4.2-3) unstable; urgency=medium
+
+ * Moved the package to git on salsa.debian.org
+ * Updated the maintainer address to debian-x...@lists.debian.org
+closes: #899525
+ * d/gbp.conf added, following DEP-14
+ * d/watch: use HTTPS protocol
+ * d/gbp.conf adjusted for buster branch
+ * d/control: drop Emanuele, Simon, Lionel and Stefan from uploaders
+ * d/control: update standards version to 4.2.1
+
+ -- Yves-Alexis Perez Thu, 07 Feb 2019 17:29:33 +0100
+
+gigolo (0.4.2-2) unstable; urgency=medium
+
+ * debian/patches:
+- 01_migrate-gvfs-command added, replace gvfs-open by gio open as default
+open command.
+ * debian/control:
+- replace gvfs-bin by libglib2.0-bin in Recommends closes: #877744
+- run wrap-and-sort
+- update standards version to 4.4.1.
+- drop -dbg package.
+ * debian/rules:
+- migrate to dbgsym package.
+- use debian/gigolo instead of debian/tmp in file removals, since we only
+have one binary package now.
+- drop list-missing since we install everything.
+ * debian/gigolo.install dropped since we only have one package.
+
+ -- Yves-Alexis Perez Sun, 15 Oct 2017 16:08:34 +0200
+
gigolo (0.4.2-1) unstable; urgency=low
[ Evgeni Golov ]
diff -Nru gigolo-0.4.2/debian/control gigolo-0.4.2/debian/control
--- gigolo-0.4.2/debian/control 2014-01-09 23:00:41.0 +0100
+++ gigolo-0.4.2/debian/control 2019-02-07 17:29:33.0 +0100
@@ -1,34 +1,23 @@
Source: gigolo
Section: xfce
Priority: optional
-Maintainer: Debian Xfce Maintainers
-Uploaders: Yves-Alexis Perez , Emanuele Rocca
, Simon Huggins , Stefan Ott
, Lionel Le Folgoc
-Build-Depends: debhelper (>= 9), intltool, pkg-config,
- libgtk2.0-dev (>= 2.12.0)
-Standards-Version: 3.9.5
+Maintainer: Debian Xfce Maintainers
+Uploaders: Yves-Alexis Perez
+Build-Depends: debhelper (>= 9),
+ intltool,
+ libgtk2.0-dev (>= 2.12.0),
+ pkg-config
+Standards-Version: 4.2.1
Homepage: http://www.uvena.de/gigolo/
-Vcs-Svn: svn://anonscm.debian.org/pkg-xfce/goodies/trunk/gigolo/
-Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-xfce/goodies/trunk/gigolo/
+Vcs-Git: https://salsa.debian.org/xfce-team/apps/gigolo.git
+Vcs-Browser: https://salsa.debian.org/xfce-team/apps/gigolo
Package: gigolo
Section: xfce
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: gvfs-bin
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Recommends: libglib2.0-bin
Description: frontend to manage connections to remote filesystems using
GIO/GVfs
Gigolo is a frontend to easily manage connections to remote filesystems
using GIO/GVfs. It allows you to quickly connect/mount a remote filesystem
and manage bookmarks of such.
-
-Package: gigolo-dbg
-Section: debug
-Architecture: any
-Priority: extra
-Depends: gigolo (= ${binary:Version}), ${misc:Depends}
-Description: frontend to manage connections to remote filesystems using
GIO/GVfs (debug)
- Gigolo is a frontend to easily manage connections to remote filesystems
- using GIO/GVfs. It allows you to quickly connect/mount a remote filesystem
- and manage bookmarks of such.
- .
- This package contains the debugging symbols.
-
diff -Nru gigolo-0.4.2/debian/gbp.conf gigolo-0.4.2/debian/gbp.conf
--- gigolo-0.4.2/debian/gbp.conf1970-01-01 01:00:00.0 +0100
+++ gigolo-0.4.2/debian/gbp.conf2019-02-07 17:29:33.0 +0100
@@ -0,0 +1,
Bug#868355: Any reason not to simply upload ceres-solver with adjusted version of libeigen3-dev
Hi Philipp, On Tue, Feb 26, 2019 at 10:45:52AM +0100, Philipp Huebner wrote: > > > I mean: There is no *effective* change since the Build-Depends we set is > > fullfilled anyway by the existing packages. Its just that it is > > explicitly declared in the package metadata. > > IMO that's a valid fix for buster, but does not fix the underlying issue > for sid / buster+1. Sure, but we want to release Buster and if this bug is not fixed ceres-solver (and its dependencies are removed in now 4.3 days. Thus I'm just building the current HEAD and will upload if nobody will stop me. > The next time a newer version of eigen3 is uploaded, you'll have the > same "problem" all over again: adjust the build dep and upload to get a > corresponding rebuild. > Updating eigen3 renders ceres and similar packages unusable until > rebuilt, please read through the discussion in #868355 to understand > what I mean. > > The eigen3 maintainer and I are happy to simply rebuild affected > packages after every eigen3 update, but Emilio considers it an upstream bug. > Unfortunately I could not find anybody able to shed more light on the > eigen3 topic. I agree that the topic seems to be more complex in general but for the moment we need a fix for Buster and that fix is very simple - so I do not see any reason to not fix it. You might like to reopen the relevant bugs (I mean #868355 - I just asked for closing which was done and #883619) with lower severity to keep on discussing for Buster+1. Kind regards Andreas. -- http://fam-tille.de
Bug#923323: stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4
Package: release.debian.org
Severity: important
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
Here's the changelog entry:
+ * CVE-2018-1000872: Resource Management Errors (similar issue to
+CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the
+server can be made unavailable by one or more clients opening all of the
+available sockets. Applied upstream patch: Fix a denial-of-service bug by
+setting the server socket timeout (Closes: #917030).
The security team doesn't think a DSA is needed. Debdiff is attached. The
resulting package is here:
http://sid.gplhost.com/stretch-proposed-updates/python-pykmip/
Please allow me to upload python-pykmip/0.5.0-4+deb9u1 to Stretch-proposed.
Cheers,
Thomas Goirand (zigo)
diff -Nru python-pykmip-0.5.0/debian/changelog
python-pykmip-0.5.0/debian/changelog
--- python-pykmip-0.5.0/debian/changelog2016-12-02 21:49:06.0
+
+++ python-pykmip-0.5.0/debian/changelog2019-02-24 16:43:42.0
+
@@ -1,3 +1,13 @@
+python-pykmip (0.5.0-4+deb9u1) stretch; urgency=medium
+
+ * CVE-2018-1000872: Resource Management Errors (similar issue to
+CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the
+server can be made unavailable by one or more clients opening all of the
+available sockets. Applied upstream patch: Fix a denial-of-service bug by
+setting the server socket timeout (Closes: #917030).
+
+ -- Thomas Goirand Sun, 24 Feb 2019 17:43:42 +0100
+
python-pykmip (0.5.0-4) unstable; urgency=medium
* Team upload.
diff -Nru
python-pykmip-0.5.0/debian/patches/CVE-2018-1000872_Fix_a_denial-of-service_bug_by_setting_the_server_socket_timeout.patch
python-pykmip-0.5.0/debian/patches/CVE-2018-1000872_Fix_a_denial-of-service_bug_by_setting_the_server_socket_timeout.patch
---
python-pykmip-0.5.0/debian/patches/CVE-2018-1000872_Fix_a_denial-of-service_bug_by_setting_the_server_socket_timeout.patch
1970-01-01 00:00:00.0 +
+++
python-pykmip-0.5.0/debian/patches/CVE-2018-1000872_Fix_a_denial-of-service_bug_by_setting_the_server_socket_timeout.patch
2019-02-24 16:43:42.0 +
@@ -0,0 +1,54 @@
+Description: CVE-2018-1000872: Fix a denial-of-service bug by setting the
server socket timeout
+ This change fixes a potential denial-of-service bug with the
+ server, setting a default timeout for all server sockets. This
+ allows the server to drop hung connections without blocking
+ forever. The interrupt triggered during accept calls is expected
+ and is now handled appropriately. Server unit tests have been
+ updated to reflect this change.
+Author: Peter Hamilton
+Date: Tue, 24 Apr 2018 21:57:20 -0400
+Origin: upstream,
https://github.com/OpenKMIP/PyKMIP/commit/3a7b880bdf70d295ed8af3a5880bab65fa6b3932
+Bug-Debian: https://bugs.debian.org/917030
+Last-Update: 2019-02-24
+
+Index: python-pykmip/kmip/services/server/server.py
+===
+--- python-pykmip.orig/kmip/services/server/server.py
python-pykmip/kmip/services/server/server.py
+@@ -176,6 +176,7 @@ class KmipServer(object):
+ self._logger.info("Starting server socket handler.")
+
+ # Create a TCP stream socket and configure it for immediate reuse.
++socket.setdefaulttimeout(10)
+ self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+
+@@ -283,6 +284,11 @@ class KmipServer(object):
+ while self._is_serving:
+ try:
+ connection, address = self._socket.accept()
++except socket.timeout:
++# Setting the default socket timeout to break hung connections
++# will cause accept to periodically raise socket.timeout. This
++# is expected behavior, so ignore it and retry accept.
++pass
+ except socket.error as e:
+ if e.errno == errno.EINTR:
+ self._logger.warning("Interrupting connection service.")
+Index: python-pykmip/kmip/tests/unit/services/server/test_server.py
+===
+--- python-pykmip.orig/kmip/tests/unit/services/server/test_server.py
python-pykmip/kmip/tests/unit/services/server/test_server.py
+@@ -342,7 +342,11 @@ class TestKmipServer(testtools.TestCase)
+
+ # Test the expected behavior for a normal server/interrupt sequence
+ s._socket.accept = mock.MagicMock(
+-side_effect=[('connection', 'address'), expected_error]
++side_effect=[
++('connection', 'address'),
++socket.timeout,
++expected_error
++]
+ )
+
+ s.serve()
diff -Nru python-pykmip-0.5.0/debian/patches/series
python-pykmip-0.5.0/debian/patches/series
--- python-pykmip-0.
Bug#923324: nmu: libssh_0.8.6-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, libssh is statically linking against nacl. Before 20110221-6.1 (uploaded today), nacl was not built with -fPIC (#92), I suspect that this might be the root cause of #919956. Could you please rebuild libssh against the last upload of nacl? Thanks, Laurent Bigonville nmu libssh_0.8.6-3 . ANY -ia64 -kfreebsd-amd64 -kfreebsd-i386 . unstable . -m "Rebuild against nacl built with -fPIC" dw libssh_0.8.6-3 . ANY . -m "libnacl-dev (>= 20110221-6.1)" -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Processed: severity of 923323 is normal
Processing commands for cont...@bugs.debian.org: > severity 923323 normal Bug #923323 [release.debian.org] stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4 Severity set to 'normal' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 923323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923323 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#868355: Any reason not to simply upload ceres-solver with adjusted version of libeigen3-dev
On Tue, Feb 26, 2019 at 11:25:49AM +0100, Andreas Tille wrote: > > The eigen3 maintainer and I are happy to simply rebuild affected > > packages after every eigen3 update, but Emilio considers it an upstream bug. > > Unfortunately I could not find anybody able to shed more light on the > > eigen3 topic. > > I agree that the topic seems to be more complex in general but for the > moment we need a fix for Buster and that fix is very simple - so I do > not see any reason to not fix it. You might like to reopen the relevant > bugs (I mean #868355 - I just asked for closing which was done and > #883619) with lower severity to keep on discussing for Buster+1. Similar to packages built against static libraries, eigen3 as a header-only library gives us no chance except for binNMU all the rdeps. There are a lot of header only packages in my packaging radar, and the transition problem really brings me headache. Fortunately they won't have to much rdeps at the beginning.
Bug#923342: stretch-pu: package kauth/5.28.0-2+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
This fixes CVE-2019-7443 /
https://mail.kde.org/pipermail/kde-announce/2019-February/11.html.
Debdiff attached.
Cheers,
Moritz
diff -Nru kauth-5.28.0/debian/changelog kauth-5.28.0/debian/changelog
--- kauth-5.28.0/debian/changelog 2017-05-10 15:03:15.0 +0200
+++ kauth-5.28.0/debian/changelog 2019-02-15 00:03:40.0 +0100
@@ -1,3 +1,9 @@
+kauth (5.28.0-2+deb9u1) stretch; urgency=medium
+
+ * CVE-2019-7443 (Closes: #921995)
+
+ -- Moritz Mühlenhoff Fri, 15 Feb 2019 00:03:40 +0100
+
kauth (5.28.0-2) unstable; urgency=medium
* Drop applied patch: kauth_add_license
diff -Nru kauth-5.28.0/debian/patches/CVE-2019-7443.patch
kauth-5.28.0/debian/patches/CVE-2019-7443.patch
--- kauth-5.28.0/debian/patches/CVE-2019-7443.patch 1970-01-01
01:00:00.0 +0100
+++ kauth-5.28.0/debian/patches/CVE-2019-7443.patch 2019-02-15
00:03:40.0 +0100
@@ -0,0 +1,68 @@
+From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid
+Date: Sat, 2 Feb 2019 14:35:25 +0100
+Subject: Remove support for passing gui QVariants to KAuth helpers
+
+Supporting gui variants is very dangerous since they can end up triggering
+image loading plugins which are one of the biggest vectors for crashes, which
+for very smart people mean possible code execution, which is very dangerous
+in code that is executed as root.
+
+We've checked all the KAuth helpers inside KDE git and none seems to be using
+gui variants, so we're not actually limiting anything that people wanted to do.
+
+Reviewed by secur...@kde.org and Aleix Pol
+
+Issue reported by Fabian Vogt
+---
+ src/backends/dbus/DBusHelperProxy.cpp | 9 +
+ src/kauthaction.h | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/backends/dbus/DBusHelperProxy.cpp
b/src/backends/dbus/DBusHelperProxy.cpp
+index 10c14c6..8f0d336 100644
+--- a/src/backends/dbus/DBusHelperProxy.cpp
b/src/backends/dbus/DBusHelperProxy.cpp
+@@ -31,6 +31,8 @@
+ #include "kf5authadaptor.h"
+ #include "kauthdebug.h"
+
++extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper;
++
+ namespace KAuth
+ {
+
+@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString
&action, const QByteArra
+ return ActionReply::HelperBusyReply().serialized();
+ }
+
++// Make sure we don't try restoring gui variants, in particular
QImage/QPixmap/QIcon are super dangerous
++// since they end up calling the image loaders and thus are a vector for
crashing → executing code
++auto origMetaTypeGuiHelper = qMetaTypeGuiHelper;
++qMetaTypeGuiHelper = nullptr;
++
+ QVariantMap args;
+ QDataStream s(&arguments, QIODevice::ReadOnly);
+ s >> args;
+
++qMetaTypeGuiHelper = origMetaTypeGuiHelper;
++
+ m_currentAction = action;
+ emit remoteSignal(ActionStarted, action, QByteArray());
+ QEventLoop e;
+diff --git a/src/kauthaction.h b/src/kauthaction.h
+index c67a70a..01f3ba1 100644
+--- a/src/kauthaction.h
b/src/kauthaction.h
+@@ -298,6 +298,8 @@ public:
+ * This method sets the variant map that the application
+ * can use to pass arbitrary data to the helper when executing the action.
+ *
++ * Only non-gui variants are supported.
++ *
+ * @param arguments The new arguments map
+ */
+ void setArguments(const QVariantMap &arguments);
+--
+cgit v1.1
+
diff -Nru kauth-5.28.0/debian/patches/series kauth-5.28.0/debian/patches/series
--- kauth-5.28.0/debian/patches/series 2017-05-10 15:03:15.0 +0200
+++ kauth-5.28.0/debian/patches/series 2019-02-15 00:03:40.0 +0100
@@ -1 +1,2 @@
Verify-that-whoever-is-calling-us-is-actually-who-he-says.patch
+CVE-2019-7443.patch
Bug#923356: unblock: prelude-lml/4.1.0-1+b2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package prelude-lml The package was removed from testing due to a bad purge script which has just been fixed (#919869). Prelude-LML is an important part of the Prelude suite, it would be nice to have it. The fix has been accepted by Mattia Rizzolo: https://tracker.debian.org/news/1032409/accepted-prelude-lml-410-2-source-into-unstable/ Thank you, Thomas Andrejak unblock prelude-lml/4.1.0-1+b2 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_SOFTLOCKUP Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1
On Thu, Feb 14, 2019 at 09:42:42AM -0200, Antonio Terceiro wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Hello, > > Please unblock package chef > > Hi, > > The ci.debian.net nodes are managed with chef, and during the weekend I > realized that it was not in testing. There was an RC bug against chef (FTBFS, > 3 > tests broken by an update to the test framework, package just worked > nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I fixed both, and > they were ACCEPTED in unstable Sunday morning within less than one hour of > each > other (ruby-cheffish at 11:53:21 + and chef at 12:34:15 +) > > https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/ > https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/ FWIW today I noticed a new item in the chef migration excuses that was not there when I opened this bug, a piuparts regression. I made a new upload with a trivial patch fixing only that. signature.asc Description: PGP signature
Bug#923324: marked as done (nmu: libssh_0.8.6-3)
Your message dated Wed, 27 Feb 2019 06:31:00 + with message-id <7a88a0d7-bcb1-f825-7d16-d66ae187a...@thykier.net> and subject line Re: Bug#923324: nmu: libssh_0.8.6-3 has caused the Debian Bug report #923324, regarding nmu: libssh_0.8.6-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 923324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi, libssh is statically linking against nacl. Before 20110221-6.1 (uploaded today), nacl was not built with -fPIC (#92), I suspect that this might be the root cause of #919956. Could you please rebuild libssh against the last upload of nacl? Thanks, Laurent Bigonville nmu libssh_0.8.6-3 . ANY -ia64 -kfreebsd-amd64 -kfreebsd-i386 . unstable . -m "Rebuild against nacl built with -fPIC" dw libssh_0.8.6-3 . ANY . -m "libnacl-dev (>= 20110221-6.1)" -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Laurent Bigonville: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > > Hi, > > libssh is statically linking against nacl. > > Before 20110221-6.1 (uploaded today), nacl was not built with -fPIC > (#92), I suspect that this might be the root cause of #919956. > > Could you please rebuild libssh against the last upload of nacl? > > Thanks, > > Laurent Bigonville > > nmu libssh_0.8.6-3 . ANY -ia64 -kfreebsd-amd64 -kfreebsd-i386 . unstable . -m > "Rebuild against nacl built with -fPIC" > dw libssh_0.8.6-3 . ANY . -m "libnacl-dev (>= 20110221-6.1)" > > [...] Scheduled, thanks. ~Niels--- End Message ---
Bug#923315: marked as done (unblock: gigolo/0.4.2-3)
Your message dated Wed, 27 Feb 2019 06:39:00 +
with message-id
and subject line Re: Bug#923315: unblock: gigolo/0.4.2-3
has caused the Debian Bug report #923315,
regarding unblock: gigolo/0.4.2-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
923315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923315
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
due to a bad timing combination, the gigolo packag is currently not in
testing and won't migrate without an unblock. I think it would be nice
for its users to let it migrate.
The package has been removed from testing a long time ago, and didn't
migrate again because of the alioth maintainer address RC bug. There's a
new development version in experimental fixing that bug, and I hoped
there would be a stable release in time for the freeze, but that didn't
happen and I uploaded just a new revision (I thought) in time for the
freeze.
Unfortunately my timing was off (I uploaded 5 days before the soft
freeze but too late). The diff between stable and unstable is attached.
Please unblock package gigolo
unblock gigolo/0.4.2-3
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8),
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru gigolo-0.4.2/debian/changelog gigolo-0.4.2/debian/changelog
--- gigolo-0.4.2/debian/changelog 2014-01-09 23:00:47.0 +0100
+++ gigolo-0.4.2/debian/changelog 2019-02-07 17:29:33.0 +0100
@@ -1,3 +1,35 @@
+gigolo (0.4.2-3) unstable; urgency=medium
+
+ * Moved the package to git on salsa.debian.org
+ * Updated the maintainer address to debian-x...@lists.debian.org
+closes: #899525
+ * d/gbp.conf added, following DEP-14
+ * d/watch: use HTTPS protocol
+ * d/gbp.conf adjusted for buster branch
+ * d/control: drop Emanuele, Simon, Lionel and Stefan from uploaders
+ * d/control: update standards version to 4.2.1
+
+ -- Yves-Alexis Perez Thu, 07 Feb 2019 17:29:33 +0100
+
+gigolo (0.4.2-2) unstable; urgency=medium
+
+ * debian/patches:
+- 01_migrate-gvfs-command added, replace gvfs-open by gio open as default
+open command.
+ * debian/control:
+- replace gvfs-bin by libglib2.0-bin in Recommends closes: #877744
+- run wrap-and-sort
+- update standards version to 4.4.1.
+- drop -dbg package.
+ * debian/rules:
+- migrate to dbgsym package.
+- use debian/gigolo instead of debian/tmp in file removals, since we only
+have one binary package now.
+- drop list-missing since we install everything.
+ * debian/gigolo.install dropped since we only have one package.
+
+ -- Yves-Alexis Perez Sun, 15 Oct 2017 16:08:34 +0200
+
gigolo (0.4.2-1) unstable; urgency=low
[ Evgeni Golov ]
diff -Nru gigolo-0.4.2/debian/control gigolo-0.4.2/debian/control
--- gigolo-0.4.2/debian/control 2014-01-09 23:00:41.0 +0100
+++ gigolo-0.4.2/debian/control 2019-02-07 17:29:33.0 +0100
@@ -1,34 +1,23 @@
Source: gigolo
Section: xfce
Priority: optional
-Maintainer: Debian Xfce Maintainers
-Uploaders: Yves-Alexis Perez , Emanuele Rocca
, Simon Huggins , Stefan Ott
, Lionel Le Folgoc
-Build-Depends: debhelper (>= 9), intltool, pkg-config,
- libgtk2.0-dev (>= 2.12.0)
-Standards-Version: 3.9.5
+Maintainer: Debian Xfce Maintainers
+Uploaders: Yves-Alexis Perez
+Build-Depends: debhelper (>= 9),
+ intltool,
+ libgtk2.0-dev (>= 2.12.0),
+ pkg-config
+Standards-Version: 4.2.1
Homepage: http://www.uvena.de/gigolo/
-Vcs-Svn: svn://anonscm.debian.org/pkg-xfce/goodies/trunk/gigolo/
-Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-xfce/goodies/trunk/gigolo/
+Vcs-Git: https://salsa.debian.org/xfce-team/apps/gigolo.git
+Vcs-Browser: https://salsa.debian.org/xfce-team/apps/gigolo
Package: gigolo
Section: xfce
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: gvfs-bin
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Recommends: libglib2.0-bin
Description: frontend to manage connections to remote filesystems using
GIO/GVfs
Gigolo is a frontend to easily manage connections to remote filesystems
using
Bug#923306: marked as done (unblock: kazam/1.4.5-2.1)
Your message dated Wed, 27 Feb 2019 06:42:00 + with message-id and subject line Re: Bug#923306: unblock: kazam/1.4.5-2.1 has caused the Debian Bug report #923306, regarding unblock: kazam/1.4.5-2.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 923306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923306 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package kazam. It's a popular option for screen capture (both screenshots and video), and we don't seem to have alternatives for it in the archive, that work out-of-the-box. (That was the reason I used it in the first place.) I performed a NMU early this month, to solve the bug that got it removed from testing: $ debdiff kazam_1.4.5-2.dsc /opt/deb/buildarea/kazam_1.4.5-2.1.dsc diff -Nru kazam-1.4.5/debian/changelog kazam-1.4.5/debian/changelog --- kazam-1.4.5/debian/changelog2015-10-13 03:33:29.0 +0200 +++ kazam-1.4.5/debian/changelog2019-02-08 12:24:25.0 +0100 @@ -1,3 +1,11 @@ +kazam (1.4.5-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Patch after configuration API change (Closes: #916416) + * debian/control: Add missing build dependency on dh-python + + -- Nicolas Braud-Santoni Fri, 08 Feb 2019 12:24:25 +0100 + kazam (1.4.5-2) unstable; urgency=medium * configparser_api_changes.patch: Update for changes diff -Nru kazam-1.4.5/debian/control kazam-1.4.5/debian/control --- kazam-1.4.5/debian/control 2015-10-13 03:32:51.0 +0200 +++ kazam-1.4.5/debian/control 2019-02-08 12:24:25.0 +0100 @@ -3,6 +3,7 @@ Priority: optional Maintainer: Andrew Starr-Bochicchio Build-Depends: debhelper (>= 9), + dh-python, gettext, intltool, python3-all (>= 3.2), diff -Nru kazam-1.4.5/debian/patches/fix-configuration-handling.patch kazam-1.4.5/debian/patches/fix-configuration-handling.patch --- kazam-1.4.5/debian/patches/fix-configuration-handling.patch 1970-01-01 01:00:00.0 +0100 +++ kazam-1.4.5/debian/patches/fix-configuration-handling.patch 2019-02-08 12:24:25.0 +0100 @@ -0,0 +1,51 @@ +Subject: Fix configuration handling + +Origin: vendor +Bug: https://bugs.debian.org/916416 +Forwarded: https://github.com/hzbd/kazam/pull/21 +From: Sergey Spitsyn +Reviewed-by: Nicolas Braud-Santoni +Last-Update: 2019-02-07 +Applied-Upstream: no + +--- + kazam/backend/config.py | 11 --- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/kazam/backend/config.py b/kazam/backend/config.py +index 64b5117..2274435 100644 +--- a/kazam/backend/config.py b/kazam/backend/config.py +@@ -73,7 +73,7 @@ class KazamConfig(ConfigParser): + CONFIGFILE = os.path.join(CONFIGDIR, "kazam.conf") + + def __init__(self): +-ConfigParser.__init__(self, self.DEFAULTS[0]['keys']) ++super().__init__(self) + if not os.path.isdir(self.CONFIGDIR): + os.makedirs(self.CONFIGDIR) + if not os.path.isfile(self.CONFIGFILE): +@@ -98,10 +98,9 @@ class KazamConfig(ConfigParser): + if d_key == key: + return d_section["keys"][key] + +-def get(self, section, key, raw=True, fallback=None): ++def get(self, section, key, **kwargs): + try: +-return super(KazamConfig, self).get(section, +- key, raw=True, fallback=fallback) ++return super(KazamConfig, self).get(section, key, **kwargs) + except NoSectionError: + default = self.find_default(section, key) + self.set(section, key, default) +@@ -123,9 +122,7 @@ class KazamConfig(ConfigParser): + def set(self, section, option, value): + # If the section referred to doesn't exist (rare case), + # then create it +-if not self.has_section(section): +-self.add_section(section) +-ConfigParser.set(self, section, option, str(value)) ++super().set(section, option, str(value)) + + def write(self): + file_ = open(self.CONFIGFILE, "w") diff -Nru kazam-1.4.5/debian/patches/series kazam-1.4.5/debian/patches/series --- kazam-1.4.5/debian/patches/series 2015-10-13 03:23:18.0 +0200 +++ kazam-1.4.5/debian/patches/series 2019-02-08 12:24:25
Bug#922904: marked as done (RM: libcpan-meta-perl/2.150010-2)
Your message dated Wed, 27 Feb 2019 06:47:00 + with message-id <20e7431b-126f-038c-be9f-3af7233d9...@thykier.net> and subject line Re: Bug#922904: RM: libcpan-meta-perl/2.150010-2 has caused the Debian Bug report #922904, regarding RM: libcpan-meta-perl/2.150010-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 922904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm please remove libcpan-meta-perl from testing This is a separately packaged version of a module that is also bundled with Perl core. There is no value in releasing buster with this as a separate package. Bug #915876 (serious) was filed against libcpan-meta-perl in December to have the package auto-removed and kept out of buster, but this doesn't seem to have been effective, hence I'm asking for manual removal now. Florian --- End Message --- --- Begin Message --- Florian Schlichting: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: rm > > please remove libcpan-meta-perl from testing > > This is a separately packaged version of a module that is also bundled > with Perl core. There is no value in releasing buster with this as a > separate package. > > Bug #915876 (serious) was filed against libcpan-meta-perl in December to > have the package auto-removed and kept out of buster, but this doesn't > seem to have been effective, hence I'm asking for manual removal now. > > Florian > Removal hint added, thanks. ~Niels--- End Message ---
Bug#922903: marked as done (RM: libautodie-perl/2.29-2)
Your message dated Wed, 27 Feb 2019 06:46:00 + with message-id <2cd79db9-9e1a-f515-d4b0-71cc3ac33...@thykier.net> and subject line Re: Bug#922903: RM: libautodie-perl/2.29-2 has caused the Debian Bug report #922903, regarding RM: libautodie-perl/2.29-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 922903: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922903 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm please remove libautodie-perl from testing This is a separately packaged version of a module that is also bundled with Perl core. There is no value in releasing buster with this as a separate package. Bug #915550 (serious) was filed against libautodie-perl in December to have the package auto-removed and kept out of buster, but this doesn't seem to have been effective, hence I'm asking for manual removal now. Florian --- End Message --- --- Begin Message --- Florian Schlichting: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: rm > > please remove libautodie-perl from testing > > This is a separately packaged version of a module that is also bundled > with Perl core. There is no value in releasing buster with this as a > separate package. > > Bug #915550 (serious) was filed against libautodie-perl in December to > have the package auto-removed and kept out of buster, but this doesn't > seem to have been effective, hence I'm asking for manual removal now. > > Florian > Removal hint added, thanks. ~Niels--- End Message ---
Re: Unifont Freeze Exception Request
Paul Hardy:
> Dear Release Team,
>
> Unicode, Inc. expects to release Unicode Standard version 12.0.0 on or
> shortly after 5 March 2019[1]. Would you consider allowing a freeze
> exception for a unifont 12.0.01-1 package, to be uploaded by the day
> after Unicode 12.0.0 is released?
>
> Please CC me, as I am not subscribed to this list.
>
> TL;DR
> This is what I expect to change:
>
> * Add new glyphs introduced in Unicode 12.0.0
> * Replace "sed -i" with "sed -e" in the font/Makefile "bmp" target for
> portability
> * Possibly add new glyph ranges (Unicode "scripts") to src/unibmp2hex.c.
>
> I consider these changes to be low-risk.
>
> I have been drawing Unifont glyphs since 2007, so I think I have the
> hang of doing it correctly. :-) I also will be adding contributions
> from others, and will make a final check of every new glyph.
>
> The "bmp" font/Makefile target is only invoked manually, if someone
> wants Microsoft Bitmap Graphics (".bmp") files for editing. So
> modifying that target will not affect the Debian build. I will test
> the "bmp" font/Makefile target change and any changes to
> src/unibmp2hex.c before the upload.
>
> Thank you,
>
>
> Paul Hardy
>
> [1]http://unicode.org/versions/Unicode12.0.0/
>
Hi Paul,
Thanks for your email.
Could I have you file an unblock request/bug against release.debian.org
with the full source debdiff (when unifont 12.0.01 is released)? We
will evaluate your request at that time when we have seen the diff.
Thanks,
~Niels
Re: Freeze exception enquiry (Xen 4.12)
Ian Jackson: > tl;dr: should we update buster to Xen 4.12 (currently, 4.12-RC2) ? > > Hi. I hope you will be able to answer this question before we prepare > a proposed updated package (and certainly without us uploading the > package to unstable, since we want to keep unstable for updates to > buster). > > Xen upstream is currently in the 2nd week of the freeze for Xen 4.12. > sid/buster currently have 4.11. > > Upstream quality in 4.12 seems reasonable (and comparable to that of > the Xen 4.11) we have. It is very likely that Xen 4.12 will be > finally released well before Debian buster. > > [...] > > Please could you advise whether this update is something you generally > favour ? If so then we will prepare a suitable update and check that > the library transition is fine for all the the rdepends, and then > return with a formal freeze exception request. > > We do not expect to need any significant changes to the packaging. A > whole package debdiff is not likely to be very illuminating because > there will be a fair few upstream changes. > > Regards, > Ian. > Hi Ian, Do we know when xen 4.12 will be released? Also, be advised that even if we approve the exception, we may ask you to rollback to the current upstream version of xen in a timely fashion if it turns xen 4.12 has or causes non-trivial regressions (i.e. either on its own or in other packages). Thanks, ~Niels
Bug#923245: marked as done (unblock: procyon/0.5.32-5)
Your message dated Wed, 27 Feb 2019 07:06:00 + with message-id <48653503-9877-9cff-4e1e-57c67a7f9...@thykier.net> and subject line Re: Bug#923245: unblock: procyon/0.5.32-5 has caused the Debian Bug report #923245, regarding unblock: procyon/0.5.32-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 923245: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923245 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package procyon The package was removed from testing due to an incompatibility with Java 11 which has just been fixed (#909259). Procyon is the only Java decompiler packaged in Debian, it was part of Stretch and it would be nice to have it in Buster. Thank you, Emmanuel Bourg unblock procyon/0.5.32-5 --- End Message --- --- Begin Message --- Emmanuel Bourg: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock package procyon > > The package was removed from testing due to an incompatibility with Java 11 > which has just been fixed (#909259). Procyon is the only Java decompiler > packaged in Debian, it was part of Stretch and it would be nice to have it > in Buster. > > Thank you, > > Emmanuel Bourg > > unblock procyon/0.5.32-5 > I have added an unblock for that particular version on the premise that procyon/0.5.32-5 in its current form is ready for the release. If it turns out that procyon cannot migrate to testing in this version with only that unblock hint, then procyon will not be a part of buster. Thanks, ~Niels--- End Message ---
