Bug#985692: unblock: sweethome3d/6.4.2+dfsg-2

[Andrius Merkys]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Dear release-team,

I am seeking pre-approval to upload sweethome3d/6.4.2+dfsg-2.

[ Reason ]
sweethome3d/6.4.2+dfsg-1 is affected by #985604 which is of severity:
important. sweethome3d/6.4.2+dfsg-2 fixes this bug in unstable. The fix
is simple, it only contains an instruction for sweethome3d to add a
missing JAR to its CLASSPATH.

[ Impact ]
Without the fix, users of sweethome3d will not be able to use SVG export
feature.

[ Tests ]
* Built on clean sid chroot;
* Tested SVG export feature in sid.

[ Risks ]
Changes are minimal and should not affect other packages negatively.

[ Checklist ]
  [*] all changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in testing

unblock sweethome3d/6.4.2+dfsg-2

Best,
Andrius
diff -Nru sweethome3d-6.4.2+dfsg/debian/changelog 
sweethome3d-6.4.2+dfsg/debian/changelog
--- sweethome3d-6.4.2+dfsg/debian/changelog 2020-09-19 16:53:24.0 
-0400
+++ sweethome3d-6.4.2+dfsg/debian/changelog 2021-03-22 05:44:09.0 
-0400
@@ -1,3 +1,10 @@
+sweethome3d (6.4.2+dfsg-2) unstable; urgency=medium
+
+  * Team upload.
+  * Locating freehep-graphicsbase (Closes: #985604)
+
+ -- Andrius Merkys   Mon, 22 Mar 2021 05:44:09 -0400
+
 sweethome3d (6.4.2+dfsg-1) unstable; urgency=medium
 
   * New upstream version 6.4.2+dfsg.
diff -Nru sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh 
sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh
--- sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh2020-09-19 
16:53:24.0 -0400
+++ sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh2021-03-22 
05:43:57.0 -0400
@@ -13,7 +13,7 @@
 
 find_jars j3dcore j3dutils vecmath batik
 find_jars sunflow itext janino freehep-util freehep-io freehep-xml
-find_jars freehep-graphics2d freehep-graphicsio freehep-graphicsio-svg
+find_jars freehep-graphics2d freehep-graphicsbase freehep-graphicsio 
freehep-graphicsio-svg
 find_jars /usr/share/sweethome3d/sweethome3d.jar
 find_jars /usr/share/icedtea-web/netx.jar
 

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20190702+deb10u9_source.changes
  ACCEPT

Bug#985714: unblock: yubikey-manager/4.0.0~a1-3

[Taowa]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ni...@debian.org

Please unblock package yubikey-manager

[ Reason ]
-3 fixes an RC bug #984480 by ensuring that the symlink for the
python3-yubikey-manager package is properly generated.

There is also a change in the build process that replaces linking a file
with a patch. This change was made because this link at clean-time led
to unrepresentable changes to the source.

[ Impact ]
yubikey-manager and yubioath-desktop will be autoremoved should this not
be unblocked.

[ Tests ]
I manually tested whether the change fixed the symlink in question by
upgrading from the version in stable to -3.

I also manually tested whether the change to the build process had any
effects. It did not seem to.

[ Risks ]
I do not believe this change poses any substantial risks.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
Thanks!

unblock yubikey-manager/4.0.0~a1-3
diff -Nru yubikey-manager-4.0.0~a1/debian/changelog 
yubikey-manager-4.0.0~a1/debian/changelog
--- yubikey-manager-4.0.0~a1/debian/changelog   2021-02-11 06:33:27.0 
-0500
+++ yubikey-manager-4.0.0~a1/debian/changelog   2021-03-20 14:51:24.0 
-0400
@@ -1,3 +1,12 @@
+yubikey-manager (4.0.0~a1-3) unstable; urgency=medium
+
+  * Update maintscript to symlink doc directories for
+python3-yubikey-manager and yubikey-manager.
+Closes: #984480
+  * Add myself as an uploader.
+
+ -- Taowa   Sat, 20 Mar 2021 14:30:00 -0500
+
 yubikey-manager (4.0.0~a1-2) unstable; urgency=medium
 
   * Cherry-pick upstream fix for OATH on Yubikey NEO
diff -Nru yubikey-manager-4.0.0~a1/debian/control 
yubikey-manager-4.0.0~a1/debian/control
--- yubikey-manager-4.0.0~a1/debian/control 2021-02-11 06:33:27.0 
-0500
+++ yubikey-manager-4.0.0~a1/debian/control 2021-03-20 14:51:09.0 
-0400
@@ -1,7 +1,8 @@
 Source: yubikey-manager
 Maintainer: Debian Authentication Maintainers 

 Uploaders: Afif Elghraoui ,
-   nicoo 
+   nicoo ,
+   Taowa 
 Section: utils
 Priority: optional
 Rules-Requires-Root: no
diff -Nru yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch 
yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch
--- yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch  
1969-12-31 19:00:00.0 -0500
+++ yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch  
2021-03-20 14:35:37.0 -0400
@@ -0,0 +1,45 @@
+Description: add a setup.py
+Author: Taowa 
+Origin: Created from the setup.py manually edited by nicoo 
+Forwarded: not-needed
+Last-Update: 2021-03-20
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: yubikey-manager/setup.py
+===
+--- /dev/null  1970-01-01 00:00:00.0 +
 yubikey-manager/setup.py   2021-03-20 11:28:00.212298932 -0400
+@@ -0,0 +1,33 @@
++
++# -*- coding: utf-8 -*-
++
++# DO NOT EDIT THIS FILE!
++# This file has been autogenerated by dephell <3
++# https://github.com/dephell/dephell
++
++try:
++from setuptools import setup
++except ImportError:
++from distutils.core import setup
++
++readme = ''
++
++setup(
++long_description=readme,
++name='yubikey-manager',
++version='4.0.0a1',
++description='Tool for managing your YubiKey configuration.',
++python_requires='==3.*,>=3.6.0',
++project_urls={"homepage": "https://github.com/Yubico/yubikey-manager";, 
"repository": "https://github.com/Yubico/yubikey-manager"},
++author='Dain Nilsson',
++author_email='d...@yubico.com',
++license='BSD',
++keywords='yubikey yubiotp piv fido',
++classifiers=['Development Status :: 5 - Production/Stable', 'Intended 
Audience :: End Users/Desktop', 'Topic :: Security :: Cryptography', 'Topic :: 
Utilities'],
++entry_points={"console_scripts": ["ykman = ykman.cli.__main__:main"]},
++packages=['ykman', 'ykman.cli', 'ykman.hid', 'ykman.pcsc', 
'ykman.scancodes', 'yubikit', 'yubikit.core'],
++package_dir={"": "."},
++package_data={"ykman": [".mypy_cache/*.TAG", ".mypy_cache/3.9/*.json", 
".mypy_cache/3.9/_typeshed/*.json", ".mypy_cache/3.9/collections/*.json", 
".mypy_cache/3.9/cryptography/*.json", 
".mypy_cache/3.9/cryptography/hazmat/*.json", 
".mypy_cache/3.9/cryptography/hazmat/backends/*.json", 
".mypy_cache/3.9/cryptography/hazmat/primitives/*.json", 
".mypy_cache/3.9/cryptography/hazmat/primitives/asymmetric/*.json", 
".mypy_cache/3.9/cryptography/hazmat/primitives/ciphers/*.json", 
".mypy_cache/3.9/cryptography/hazmat/primitives/serialization/*.json", 
".mypy_cache/3.9/cryptography/x509/*.json", ".mypy_cache/3.9/email/*.json", 
".mypy_cache/3.9/email/mime/*.json", ".mypy_cache/3.9/html/*.json", 
".mypy_cache/3.9/http/*.json", ".mypy

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20190702+deb10u9_arm64-buildd.changes
  ACCEPT
Processing changes file: debian-installer_20190702+deb10u9_armel-buildd.changes
  ACCEPT
Processing changes file: debian-installer_20190702+deb10u9_i386.changes
  ACCEPT
Processing changes file: debian-installer_20190702+deb10u9_mips-buildd.changes
  ACCEPT
Processing changes file: 
debian-installer_20190702+deb10u9_ppc64el-buildd.changes
  ACCEPT
Processing changes file: debian-installer_20190702+deb10u9_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20190702+deb10u9_amd64-buildd.changes
  ACCEPT

Bug#985717: unblock: gemma/0.98.4+dfsg-2

[Andreas Tille]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: 985...@bugs.debian.org

Please unblock package gemma

[ Reason ]
Closes bug #985004

[ Impact ]
Leaf package no expected impact.

[ Tests ]
There is an autopkgtest.

[ Risks ]
Since the only change was to simply shorten the autopkgtest on a single
architecture armhf that simply can not cope with this package in time
there is no risk to be expected.  The package will never be used in
practice on this kind of architecture.

[ Checklist ]
  [*] all changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  I realised to late that there is a useless cut-n-pasto
  comment remaining which is removed in Git but it does
  not rectify another upload.
  [*] attach debdiff against the package in testing


unblock gemma/0.98.4+dfsg-2
diff -Nru gemma-0.98.4+dfsg/debian/changelog gemma-0.98.4+dfsg/debian/changelog
--- gemma-0.98.4+dfsg/debian/changelog  2021-02-02 20:59:26.0 +0100
+++ gemma-0.98.4+dfsg/debian/changelog  2021-03-22 14:09:15.0 +0100
@@ -1,3 +1,11 @@
+gemma (0.98.4+dfsg-2) unstable; urgency=medium
+
+  * Team upload.
+  * Do only one test for armhf to reduce test time
+Closes: #985004
+
+ -- Andreas Tille   Mon, 22 Mar 2021 14:09:15 +0100
+
 gemma (0.98.4+dfsg-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru gemma-0.98.4+dfsg/debian/tests/run-sample-analysis 
gemma-0.98.4+dfsg/debian/tests/run-sample-analysis
--- gemma-0.98.4+dfsg/debian/tests/run-sample-analysis  2021-02-02 
20:51:38.0 +0100
+++ gemma-0.98.4+dfsg/debian/tests/run-sample-analysis  2021-03-22 
14:09:15.0 +0100
@@ -16,6 +16,14 @@
 gemma -g mouse_hs1940.geno.txt.gz -p mouse_hs1940.pheno.txt \
   -a mouse_hs1940.anno.txt -gk -o mouse_hs1940
 
+hostarch=$(dpkg-architecture -qDEB_HOST_ARCH)
+
+# Ignore single test on armhf and i386 (see bug #972553)
+if [ "$hostarch" = "armhf" ] ; then
+  echo "Do only one test for $hostarch to reduce test time (see bug #985004)"
+  exit 0
+fi
+
 gemma -g mouse_hs1940.geno.txt.gz -p mouse_hs1940.pheno.txt -n 1 \
   -a mouse_hs1940.anno.txt -k ./output/mouse_hs1940.cXX.txt -lmm \
   -o mouse_hs1940_CD8_lmm

Processed: Re: Bug#985714: unblock: yubikey-manager/4.0.0~a1-3

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #985714 [release.debian.org] unblock: yubikey-manager/4.0.0~a1-3
Added tag(s) moreinfo.

-- 
985714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#985714: unblock: yubikey-manager/4.0.0~a1-3

[Sebastian Ramacher]

Control: tags -1 + moreinfo

On 2021-03-22 11:07:24, Taowa wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: ni...@debian.org
> 
> Please unblock package yubikey-manager
> 
> [ Reason ]
> -3 fixes an RC bug #984480 by ensuring that the symlink for the
> python3-yubikey-manager package is properly generated.
> 
> There is also a change in the build process that replaces linking a file
> with a patch. This change was made because this link at clean-time led
> to unrepresentable changes to the source.
> 
> [ Impact ]
> yubikey-manager and yubioath-desktop will be autoremoved should this not
> be unblocked.
> 
> [ Tests ]
> I manually tested whether the change fixed the symlink in question by
> upgrading from the version in stable to -3.
> 
> I also manually tested whether the change to the build process had any
> effects. It did not seem to.
> 
> [ Risks ]
> I do not believe this change poses any substantial risks.
> 
> [ Checklist ]
>   [x] all changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in testing
> 
> [ Other info ]
> Thanks!
> 
> unblock yubikey-manager/4.0.0~a1-3

> diff -Nru yubikey-manager-4.0.0~a1/debian/changelog 
> yubikey-manager-4.0.0~a1/debian/changelog
> --- yubikey-manager-4.0.0~a1/debian/changelog 2021-02-11 06:33:27.0 
> -0500
> +++ yubikey-manager-4.0.0~a1/debian/changelog 2021-03-20 14:51:24.0 
> -0400
> @@ -1,3 +1,12 @@
> +yubikey-manager (4.0.0~a1-3) unstable; urgency=medium
> +
> +  * Update maintscript to symlink doc directories for
> +python3-yubikey-manager and yubikey-manager.
> +Closes: #984480
> +  * Add myself as an uploader.
> +
> + -- Taowa   Sat, 20 Mar 2021 14:30:00 -0500
> +
>  yubikey-manager (4.0.0~a1-2) unstable; urgency=medium
>  
>* Cherry-pick upstream fix for OATH on Yubikey NEO
> diff -Nru yubikey-manager-4.0.0~a1/debian/control 
> yubikey-manager-4.0.0~a1/debian/control
> --- yubikey-manager-4.0.0~a1/debian/control   2021-02-11 06:33:27.0 
> -0500
> +++ yubikey-manager-4.0.0~a1/debian/control   2021-03-20 14:51:09.0 
> -0400
> @@ -1,7 +1,8 @@
>  Source: yubikey-manager
>  Maintainer: Debian Authentication Maintainers 
> 
>  Uploaders: Afif Elghraoui ,
> -   nicoo 
> +   nicoo ,
> +   Taowa 
>  Section: utils
>  Priority: optional
>  Rules-Requires-Root: no
> diff -Nru yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch 
> yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch
> --- yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch
> 1969-12-31 19:00:00.0 -0500
> +++ yubikey-manager-4.0.0~a1/debian/patches/0003-create-setup-py.patch
> 2021-03-20 14:35:37.0 -0400
> @@ -0,0 +1,45 @@
> +Description: add a setup.py
> +Author: Taowa 
> +Origin: Created from the setup.py manually edited by nicoo 
> +Forwarded: not-needed
> +Last-Update: 2021-03-20
> +---
> +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
> +Index: yubikey-manager/setup.py
> +===
> +--- /dev/null1970-01-01 00:00:00.0 +
>  yubikey-manager/setup.py 2021-03-20 11:28:00.212298932 -0400
> +@@ -0,0 +1,33 @@
> ++
> ++# -*- coding: utf-8 -*-
> ++
> ++# DO NOT EDIT THIS FILE!
> ++# This file has been autogenerated by dephell <3
> ++# https://github.com/dephell/dephell
> ++
> ++try:
> ++from setuptools import setup
> ++except ImportError:
> ++from distutils.core import setup
> ++
> ++readme = ''
> ++
> ++setup(
> ++long_description=readme,
> ++name='yubikey-manager',
> ++version='4.0.0a1',
> ++description='Tool for managing your YubiKey configuration.',
> ++python_requires='==3.*,>=3.6.0',
> ++project_urls={"homepage": "https://github.com/Yubico/yubikey-manager";, 
> "repository": "https://github.com/Yubico/yubikey-manager"},
> ++author='Dain Nilsson',
> ++author_email='d...@yubico.com',
> ++license='BSD',
> ++keywords='yubikey yubiotp piv fido',
> ++classifiers=['Development Status :: 5 - Production/Stable', 'Intended 
> Audience :: End Users/Desktop', 'Topic :: Security :: Cryptography', 'Topic 
> :: Utilities'],
> ++entry_points={"console_scripts": ["ykman = ykman.cli.__main__:main"]},
> ++packages=['ykman', 'ykman.cli', 'ykman.hid', 'ykman.pcsc', 
> 'ykman.scancodes', 'yubikit', 'yubikit.core'],
> ++package_dir={"": "."},
> ++package_data={"ykman": [".mypy_cache/*.TAG", ".mypy_cache/3.9/*.json", 
> ".mypy_cache/3.9/_typeshed/*.json", ".mypy_cache/3.9/collections/*.json", 
> ".mypy_cache/3.9/cryptography/*.json", 
> ".mypy_cache/3.9/cryptography/hazmat/*.json", 
> ".mypy_cache/3.9/cryptography/hazmat/backends/*.json", 
> ".mypy_cache/3.9/cryptography/hazmat/primitives/*.json", 
> ".mypy_cache/3.9/cryptography/hazmat/primitives

Bug#985714: unblock: yubikey-manager/4.0.0~a1-3

[Taowa]

Hi Sebastian,

Sebastian Ramacher, 2021-03-22 11:46 -0400:
> Thankfully the package does not install the .mypy_cache, but listing all
> the caches in package_data seems odd.
[...] 
> Note that python3-cryptography and python3-fido2 in stable do not
> satisfy these version requirements. I would expect that the version
> requirements would be reflected in Depends. Also listing both >= 0.15.1
> and >= 17.0.0 for pyopenssl is redundant.

Both of these were already being done in the package prior to my upload.
All I did was change them from an ln at clean-time to a patch. Seeing as
I'm not the one wro wrote setup.py, I'm not in a position where I feel
comfortably changing it, especially during a freeze. If, however, you
feel that's best, I can certainly try.
 
> This change is not documented and also not really necessary.
My bad.

How should I move forward with this? A new upload without the lintian
override or change to the build process?

Taowa

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20190702+deb10u9_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 
debian-installer_20190702+deb10u9_mips64el-buildd.changes
  ACCEPT

Bug#985721: unblock: fossil/1:2.15~rc1-1

[Barak A. Pearlmutter]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fossil

[ Reason ]

Marked for autoremoval due to #985124.

The issue was fixed upstream. Given the nature of the package, I think
tracking their release candidate is better than cherry-picking the
change that appears directly related to this issue. They made a number
of other safety-related fixes to ensure robustness and security in the
face of old or compiled-with-wrong-options versions of SQLITE3. And
nothing that looks scary.

[ Impact ]

Will allow fossil to be in the release.

[ Tests ]

There is a comprehensive test suite, which can be run automatically.
It is disabled in debian/rules because the makefile says it needs to
be run in a fossil repo that will be discarded after the test because
the tests can corrupt it. Well, it used to say this: the comment is
gone, so maybe it's okay now. But in any case, the system passes all
tests right now.

[ Risks ]

This is a leaf package.

It ticks various boxes for security sensitivity, sort of the union of
the security sensitivity of git and a web server and a wiki. Upstream
is extremely responsive and careful. I think the best option is to
follow upstream's recommendation, which is to track their releases.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

I'm attaching the debdiff, but it's large. Due mainly to changes in
the enclosed sqlite3 (unused unless the debian version is too old or
otherwise unsuitable), and tweaks to static material in the integrated
wiki.

unblock fossil/1:2.15~rc2-1
<#part type="application/octet-stream" filename="~/tmp/ddiff2" 
disposition=attachment>
<#/part>

Bug#959469: buster-pu: package openssl/1.1.1g-1

[Sebastian Andrzej Siewior]

On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
> > fix classified as MODERATE [1].

So this happened. OpenSSL upstream announced [0] 1.1.1k for next
Thursday (25th).

I will prepare 1.1.1k for unstable, do buster-security based on
1.1.1d-0+deb10u5 and then come back with an updated pu :)

[0] https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html
 
Sebastian

Bug#959469: buster-pu: package openssl/1.1.1g-1

[Sebastian Andrzej Siewior]

Resending because I managed to accidently clear TO:

On 2021-03-22 19:48:31 [+0100], Cc 959...@bugs.debian.org wrote:
> On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> > On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
> > > fix classified as MODERATE [1].
> 
> So this happened. OpenSSL upstream announced [0] 1.1.1k for next
> Thursday (25th).
> 
> I will prepare 1.1.1k for unstable, do buster-security based on
> 1.1.1d-0+deb10u5 and then come back with an updated pu :)
> 
> [0] https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html
>  
Sebastian

Processed: tagging 985714

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 985714 - moreinfo
Bug #985714 [release.debian.org] unblock: yubikey-manager/4.0.0~a1-3
Removed tag(s) moreinfo.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
985714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985714
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#961654: buster-pu: package bzip2/1.0.6-9.2~deb10u1

[Sebastian Andrzej Siewior]

On 2020-07-21 16:53:23 [+0200], Santiago Ruano Rincón wrote:
> diff -Nru bzip2-1.0.6/debian/rules bzip2-1.0.6/debian/rules
> --- bzip2-1.0.6/debian/rules  2019-06-24 22:16:40.0 +0200
> +++ bzip2-1.0.6/debian/rules  2020-07-21 10:31:21.0 +0200
> @@ -14,6 +14,9 @@
>  DEB_BUILD_MAINT_OPTIONS := hardening=+all
>  DEB_CFLAGS_MAINT_APPEND := -Wall -Winline
>  DEB_CPPFLAGS_MAINT_APPEND := -D_REENTRANT
> +# This -D_FILE_OFFSET_BITS=64 is needed to make bzip2 able to handle > 
> 2GB-size
> +# files in 32-bit archs. See #944557
> +DEB_CPPFLAGS_MAINT_APPEND += -D_FILE_OFFSET_BITS=64

Isn't the preferred way to add "future=+lfs" to DEB_BUILD_MAINT_OPTIONS
?
>  include /usr/share/dpkg/buildflags.mk
>  
>  include /usr/share/dpkg/pkg-info.mk

Sebastian

Bug#985139: marked as done (unblock: manpages-l10n/4.9.3-4)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 19:00:59 +
with message-id 
and subject line unblock manpages-l10n
has caused the Debian Bug report #985139,
regarding unblock: manpages-l10n/4.9.3-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985139: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985139
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: "Dr. Tobias Quathamer" , Javier 
Fernández-Sanguino Peña 

Please unblock package manpages-l10n

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
manpages-l10n contains (translated) man pages for > 100 source
packages. Shortly before the hard freeze, upstream synced the version
of the (english) man pages in Debian and prepared a new release. Due
to po4a this either contains the updated translation (if available) or
the current english texts. Therefore, the translated man pages in
4.9.3-1 are now in sync what is shipped with Bullseye.

Furthermore, I finally managed to contact Javier Fernández-Sanguino
Peña, and we agreed that the very outdated spanish man page
translations are taken over by manpages-l10n, manpages-es-extra is
asked for removal.

[ Impact ]
Some translated man pages are out of date (in 4.9.1-7), giving users 
reading them outdated (or possibly wrong) information.

Spanish users will miss some translations, since manpages-es-extra is
not available any more and the corresponding translations in
manpages-l10n would not be shipped (they were deliberately not present
in 4.9.1-7, where I had not been able to contact Javier).

[ Tests ]
Upstream (I'm part of upstream) runs nightly builds of all man pages
in all languages, checking for (build) errors. Furthermore upstream
regularly reviews (where possible) incoming translations.

[ Risks ]
This is a leaf and documentation package, servicing our users speaking
languages different from English.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [ ] attach debdiff against the package in testing

I can prepare the debdiff, but it will contain lots of changes, since
many man pages had updated (even if only due to po4a reformatting
them).

[ Other info ]
If there is any open question regarding this unblock, I'm most happy
to provide it.

In the changelog unfortunately there is a typo, the new upstream
versio is indeed 4.9.3, *not* 4.9.1.

unblock manpages-l10n/4.9.3-1

-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software "libre": http://www.ffii.de/


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked manpages-l10n.--- End Message ---

Bug#985431: marked as done (unblock: cloudkitty/13.0.0-5)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 19:02:27 +
with message-id 
and subject line unblock cloudkitty
has caused the Debian Bug report #985431,
regarding unblock: cloudkitty/13.0.0-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985431
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package cloudkitty

The updated package adds the small attached patch. The reason for it, is
that the role lookup from cloudkitty's keystone fetcher isn't working at
all, and therefore, it makes it impossible to rate customers.

The patch simply disables the rating role feature, and every project/tenant
in the deployment gets rated by cloudkitty.

unblock cloudkitty/13.0.0-5

Cheers,

Thomas Goirand (zigo)
Description: Rate everyone
 The Keystone fetcher looks at a "rating" role to see if a project should
 be rated or not. Unfortunately, this doesn't work, and projects that have
 the rating role aren't getting rated.
 .
 This patch therefore removes the rating role look-up, and just rates everyone
 with an account in the OpenStack cloud, and rates everyone. This also
 simplifies the user management where one doesn't have to manage the rating
 role anymore.
Author: Thomas Goirand 
Forwarded: no
Reviewed-By: 
Last-Update: 2021-03-10

--- cloudkitty-13.0.0.orig/cloudkitty/fetcher/keystone.py
+++ cloudkitty-13.0.0/cloudkitty/fetcher/keystone.py
@@ -77,6 +77,6 @@ class KeystoneFetcher(fetcher.BaseFetche
 roles = getattr(self.admin_ks.roles, role_func)(
 **{'user': my_user_id,
tenant_attr: tenant})
-if 'rating' not in [role.name for role in roles]:
-tenant_list.remove(tenant)
+#if 'rating' not in [role.name for role in roles]:
+#tenant_list.remove(tenant)
 return [tenant.id for tenant in tenant_list]
--- End Message ---
--- Begin Message ---
Unblocked cloudkitty.--- End Message ---

Bug#985714: unblock: yubikey-manager/4.0.0~a1-3

[Sebastian Ramacher]

Hi Taowa

On 2021-03-22 12:02:30 -0400, Taowa wrote:
> Hi Sebastian,
> 
> Sebastian Ramacher, 2021-03-22 11:46 -0400:
> > Thankfully the package does not install the .mypy_cache, but listing all
> > the caches in package_data seems odd.
> [...] 
> > Note that python3-cryptography and python3-fido2 in stable do not
> > satisfy these version requirements. I would expect that the version
> > requirements would be reflected in Depends. Also listing both >= 0.15.1
> > and >= 17.0.0 for pyopenssl is redundant.
> 
> Both of these were already being done in the package prior to my upload.
> All I did was change them from an ln at clean-time to a patch. Seeing as
> I'm not the one wro wrote setup.py, I'm not in a position where I feel
> comfortably changing it, especially during a freeze. If, however, you
> feel that's best, I can certainly try.
>  
> > This change is not documented and also not really necessary.
> My bad.
> 
> How should I move forward with this? A new upload without the lintian
> override or change to the build process?

setup.py can be fixed after the release of bullseye, but please fix
the dependencies of the binary packages to reflect the version
constraints from setup.py.

I'd prefer if the lintian override was also reverted. That's stuff for
bookworm.

Cheers
-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#985692: unblock: sweethome3d/6.4.2+dfsg-2

[Sebastian Ramacher]

Control: tags -1 confirmed moreinfo

On 2021-03-22 12:03:55 +0200, Andrius Merkys wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Dear release-team,
> 
> I am seeking pre-approval to upload sweethome3d/6.4.2+dfsg-2.

Please go ahead and removed the moreinfo tag once the version is
available in unstable.

Cheers

> 
> [ Reason ]
> sweethome3d/6.4.2+dfsg-1 is affected by #985604 which is of severity:
> important. sweethome3d/6.4.2+dfsg-2 fixes this bug in unstable. The fix
> is simple, it only contains an instruction for sweethome3d to add a
> missing JAR to its CLASSPATH.
> 
> [ Impact ]
> Without the fix, users of sweethome3d will not be able to use SVG export
> feature.
> 
> [ Tests ]
> * Built on clean sid chroot;
> * Tested SVG export feature in sid.
> 
> [ Risks ]
> Changes are minimal and should not affect other packages negatively.
> 
> [ Checklist ]
>   [*] all changes are documented in the d/changelog
>   [*] I reviewed all changes and I approve them
>   [*] attach debdiff against the package in testing
> 
> unblock sweethome3d/6.4.2+dfsg-2
> 
> Best,
> Andrius

> diff -Nru sweethome3d-6.4.2+dfsg/debian/changelog 
> sweethome3d-6.4.2+dfsg/debian/changelog
> --- sweethome3d-6.4.2+dfsg/debian/changelog   2020-09-19 16:53:24.0 
> -0400
> +++ sweethome3d-6.4.2+dfsg/debian/changelog   2021-03-22 05:44:09.0 
> -0400
> @@ -1,3 +1,10 @@
> +sweethome3d (6.4.2+dfsg-2) unstable; urgency=medium
> +
> +  * Team upload.
> +  * Locating freehep-graphicsbase (Closes: #985604)
> +
> + -- Andrius Merkys   Mon, 22 Mar 2021 05:44:09 -0400
> +
>  sweethome3d (6.4.2+dfsg-1) unstable; urgency=medium
>  
>* New upstream version 6.4.2+dfsg.
> diff -Nru sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh 
> sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh
> --- sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh  2020-09-19 
> 16:53:24.0 -0400
> +++ sweethome3d-6.4.2+dfsg/debian/sweethome3d.sh  2021-03-22 
> 05:43:57.0 -0400
> @@ -13,7 +13,7 @@
>  
>  find_jars j3dcore j3dutils vecmath batik
>  find_jars sunflow itext janino freehep-util freehep-io freehep-xml
> -find_jars freehep-graphics2d freehep-graphicsio freehep-graphicsio-svg
> +find_jars freehep-graphics2d freehep-graphicsbase freehep-graphicsio 
> freehep-graphicsio-svg
>  find_jars /usr/share/sweethome3d/sweethome3d.jar
>  find_jars /usr/share/icedtea-web/netx.jar
>  


-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Processed: Re: Bug#985692: unblock: sweethome3d/6.4.2+dfsg-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed moreinfo
Bug #985692 [release.debian.org] unblock: sweethome3d/6.4.2+dfsg-2
Added tag(s) moreinfo and confirmed.

-- 
985692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#985672: marked as done (unblock: mumps/5.3.5-2)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 19:28:06 +
with message-id 
and subject line unblock mumps
has caused the Debian Bug report #985672,
regarding unblock: mumps/5.3.5-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985672
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mumps

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]

RC Bug#985514 reports that libmumps64-seq-dev has dangling library
symlinks.  This is because the Depends field of libmumps64-seq-dev
was misconfigured, Depending on libmumps-seq-5.3 instead of
libmumps-64pord-seq-5.3

Release 5.3.5-2 fixes this.

5.3.5-2 also promotes the Standards-Version to 4.5.1

[ Impact ]

The unpatched libmumps64-seq-dev will not function correctly, containing
empty symlinks to the wrong package, unless libmumps-64pord-seq-5.3
happens to be installed (it is supposed to be required)

[ Tests ]

debci tests are passing in testing (bullseye).

[ Risks ]

The patch is trivial, one fix in Depends field of libmumps64-seq-dev,
and update to


[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing


unblock mumps/5.3.5-2
diff -Nru mumps-5.3.5/debian/changelog mumps-5.3.5/debian/changelog
--- mumps-5.3.5/debian/changelog2020-10-29 05:11:59.0 +0100
+++ mumps-5.3.5/debian/changelog2021-03-20 04:52:40.0 +0100
@@ -1,3 +1,12 @@
+mumps (5.3.5-2) unstable; urgency=medium
+
+  * Team upload.
+  * libmumps64-seq-dev Depends: libmumps-64pord-seq-5.3
+(not libmumps-seq-dev, libmumps-seq-5.3). Closes: #985514.
+  * Standards-Version: 4.5.1
+
+ -- Drew Parsons   Sat, 20 Mar 2021 04:52:40 +0100
+
 mumps (5.3.5-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru mumps-5.3.5/debian/control mumps-5.3.5/debian/control
--- mumps-5.3.5/debian/control  2020-10-29 05:11:59.0 +0100
+++ mumps-5.3.5/debian/control  2021-03-20 04:52:40.0 +0100
@@ -13,7 +13,7 @@
  libscalapack-mpi-dev (>= 2.0.2),
  libscotch-dev,
  mpi-default-dev
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
 Vcs-Git: https://salsa.debian.org/science-team/mumps.git
 Vcs-Browser: https://salsa.debian.org/science-team/mumps
 Homepage: http://mumps-solver.org/
@@ -192,8 +192,7 @@
 Depends:
  libmumps64-dev (= ${binary:Version}),
  libmumps-headers-dev (= ${source:Version}),
- libmumps-seq-dev (= ${binary:Version}),
- libmumps-seq-5.3 (= ${binary:Version}),
+ libmumps-64pord-seq-5.3 (= ${binary:Version}),
  ${misc:Depends},
 Description: Direct linear systems solver (64 bit) - non-parallel development 
files
  MUMPS implements a direct solver for large sparse linear systems, with a
--- End Message ---
--- Begin Message ---
Unblocked mumps.--- End Message ---

Bug#985735: unblock: freediameter/1.2.1-8

[Thorsten Alteholz]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package freediameter

The package is affected by CVE-2020-6098, which is marked as RC by the 
security team in #985088.

The mentioned fix is only minimal, so the risk should be low.

unblock freediameter/1.2.1-8

   Thorsten

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: debian-installer_20190702+deb10u9_armhf-buildd.changes
  ACCEPT

Bug#983876: marked as done (unblock: otrs2/6.0.32-1)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 21:10:31 +0100
with message-id <28075149-3914-6dbb-3057-9db11a011...@debian.org>
and subject line Re: Bug#983876: unblock: otrs2/6.0.32-1
has caused the Debian Bug report #983876,
regarding unblock: otrs2/6.0.32-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
983876: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983876
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello release team,

I try to citize from my mails to the security team:, it's about #982927:


Yesterday I had a videocall with the owner and lead developer of OTOBO. They
want to support me keeping the otrs2 source package in a good shape for
Bullseye, so that users of the package dont have to worry now.
Kicking the package out of Debian would not be optimal.
They also showed me https://github.com/znuny/Znuny (https://www.znuny.com/) - 
they
also forked OTRS CE 6 and fixing bugs and security bugs, also all known open 
bugs
in CVE/Debian atm. So the plan would be now:
* Switch the source of the otrs2 package to the znuny one, so that we have 
releases
  based on an open(source) maintained safe codebase => can I get the go from 
you for that?
* otrs packaging at all is obsolete for bullseye+1. I will package otobo, also 
with
  otobo support, and we will work on a easy way so that users later can migrate
  from otrs to otobo
We also spoke about the open security issues, there is indeed one in the 
CKEditor, but:
#980891:
They way otrs uses this library it should not be possible to attack the user, 
mostly only the attacker himself
#982586:
Thats a wrong information from the OTRS AG, because it does not affect otrs 6 
CE.
It depends on that you use an external interface, which is available in OTRS 7 
and 8
(not free) and maybe in the not-free otrs 6 package via addon, but not in the 
community edition, which is also packaged in Debian.

XX itself is not helpful at all anymore and just wrote me **
I hope switching as fast as possible to the znuny fork for the otrs2 source 
package is also an option for you, I dont want to release bullseye without it 


-

I just uploaded the otrs2 6.0.32 package to experimental.  Could I have your 
ACK for bullseye? :-)

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-14-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi Patrick,

Unblocked.

Paul



OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---

Bug#985745: unblock: desktop-base/11.0.3

[Aurélien COUDERC]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: Debian Desktop Team 

Please unblock package desktop-base

[ Reason ]
This last upload includes a couple of targeted fixes:
- Fix alternatives leftover after package uninstallation.
- Fix for unreadable GRUB text due to background color at some
  resolutions.
- Fix for Plymouth text display in multi-screen configurations for all
  other themes than bullseye’s homeworld theme (homeworld was fixed in
  the previous upload).
- Fix typo in bullseye theme metadata.

[ Impact ]
Users won’t get the above fixes.

[ Tests ]
I manually tested the fixes for all changes listed above.

[ Risks ]
The risk is very low: a couple of oneliners and some SVG image work.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I’m excluding the SVG diff of GRUB images from the debdiff as it adds a
lot of noise and not much readable information.

unblock desktop-base/11.0.3
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/debian/changelog desktop-base-11.0.3/debian/changelog
--- desktop-base-11.0.2/debian/changelog2021-03-02 00:37:18.0 
+0100
+++ desktop-base-11.0.3/debian/changelog2021-03-21 22:35:17.0 
+0100
@@ -1,3 +1,16 @@
+desktop-base (11.0.3) unstable; urgency=medium
+
+  * Make Debian logo and text darker on GRUB backgrounds to avoid grub’s own
+text being unreadable on top of these. (Closes: #983884)
+  * Also remove futurePrototype alternative for desktop-theme in prerm
+maintainer script. (Closes: #985267)
+  * Fix Name metadata for homeworld theme’s wallpaper.
+  * Also fix plymouth text display in multi-screen configurations for previous
+themes: futureprototype, joy, lines, moonlight, softwaves (fixes more
+cases of #956426).
+
+ -- Aurélien COUDERC   Sun, 21 Mar 2021 22:35:17 +0100
+
 desktop-base (11.0.2) unstable; urgency=medium
 
   [ Holger Levsen ]
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/debian/prerm desktop-base-11.0.3/debian/prerm
--- desktop-base-11.0.2/debian/prerm2021-03-01 21:46:50.0 +0100
+++ desktop-base-11.0.3/debian/prerm2021-03-18 13:45:17.0 +0100
@@ -182,8 +182,9 @@
 desktop-theme \
 /usr/share/desktop-base/$theme-theme
 done << EOF
-softwaves
+futureprototype
 moonlight
+softwaves
 lines
 joy
 joy-inksplat
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/futureprototype-theme/plymouth/futureprototype.script 
desktop-base-11.0.3/futureprototype-theme/plymouth/futureprototype.script
--- desktop-base-11.0.2/futureprototype-theme/plymouth/futureprototype.script   
2020-11-16 23:06:27.0 +0100
+++ desktop-base-11.0.3/futureprototype-theme/plymouth/futureprototype.script   
2021-03-21 15:05:41.0 +0100
@@ -119,7 +119,7 @@
 #Debug("y = " + y);
 
 text_height = first_line_height * 7.5;
-min_height = Window.GetHeight();
+min_height = window_max.height;
 #Debug("text_height=" + text_height + "; min_height=" + min_height);
 
 if (y + text_height > min_height)
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/homeworld-theme/wallpaper/metadata.desktop 
desktop-base-11.0.3/homeworld-theme/wallpaper/metadata.desktop
--- desktop-base-11.0.2/homeworld-theme/wallpaper/metadata.desktop  
2021-03-01 21:46:50.0 +0100
+++ desktop-base-11.0.3/homeworld-theme/wallpaper/metadata.desktop  
2021-03-18 13:38:20.0 +0100
@@ -1,5 +1,5 @@
 [Desktop Entry]
-Name=futurePrototype
+Name=Homeworld
 X-KDE-PluginInfo-Name=Homeworld
 X-KDE-PluginInfo-Author=Juliet Taka
 X-KDE-PluginInfo-Email=juliettetaka.be...@gmail.com
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/joy-theme/plymouth/joy.script 
desktop-base-11.0.3/joy-theme/plymouth/joy.script
--- desktop-base-11.0.2/joy-theme/plymouth/joy.script   2020-11-16 
23:06:27.0 +0100
+++ desktop-base-11.0.3/joy-theme/plymouth/joy.script   2021-03-21 
15:05:41.0 +0100
@@ -114,7 +114,7 @@
 
 text_height = first_line_height * 7.5;
 
-min_height = Window.GetHeight();
+min_height = window_max.height;
 if (y + text_height > min_height)
 y = min_height - text_height;
 
diff -Nru --exclude grub-16x9.svg --exclude grub-4x3.svg 
desktop-base-11.0.2/lines-theme/plymouth/lines.script 
desktop-base-11.0.3/lines-theme/plymouth/lines.script
--- desktop-base-11.0.2/lines-theme/plymouth/lines.script   2020-11-16 
23:06:27.0 +0100
+++ desktop-base-11.0.3/lines-theme/plymouth/lines.script   2021-03-21 
15:05:41.0 +0100
@@ -210,7 +210,7 @@
 
 text_height = first_line_height * 7.5;
 
-min_height = Window.GetHeight();
+min_height = window_max.height;
 if (y + text_height > min

Bug#985746: unblock: kpmcore/20.12.3-2

[Aurélien COUDERC]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: Debian Qt/KDE Maintainers 

Please unblock package kpmcore

[ Reason ]
It contains the backport of an upstream fix for not being able to
display S.M.A.R.T. information in KDE Partition Manager for some disk
states.

[ Impact ]
Users can’t display S.M.A.R.T. information from Partition Manager for
disks having some kind of issues.

[ Tests ]
No failing disk at hand, but I did test that displaying S.M.A.R.T.
information for valid disks still works.

[ Risks ]
Oneliner, coming from upstream, risk is low.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock kpmcore/20.12.3-2
diff -Nru kpmcore-20.12.3/debian/changelog kpmcore-20.12.3/debian/changelog
--- kpmcore-20.12.3/debian/changelog2021-03-08 23:23:00.0 +0100
+++ kpmcore-20.12.3/debian/changelog2021-03-22 11:36:09.0 +0100
@@ -1,3 +1,10 @@
+kpmcore (20.12.3-2) unstable; urgency=medium
+
+  * Backport upstream fix so that S.M.A.R.T. information display always works
+whatever the disk state.
+
+ -- Aurélien COUDERC   Mon, 22 Mar 2021 11:36:09 +0100
+
 kpmcore (20.12.3-1) unstable; urgency=medium
 
   * New upstream release (20.12.3).
diff -Nru kpmcore-20.12.3/debian/patches/series 
kpmcore-20.12.3/debian/patches/series
--- kpmcore-20.12.3/debian/patches/series   1970-01-01 01:00:00.0 
+0100
+++ kpmcore-20.12.3/debian/patches/series   2021-03-22 11:14:09.0 
+0100
@@ -0,0 +1 @@
+upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
diff -Nru 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
--- 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
   1970-01-01 01:00:00.0 +0100
+++ 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
   2021-03-22 11:24:15.0 +0100
@@ -0,0 +1,52 @@
+Origin: upstream, 
https://invent.kde.org/system/kpmcore/commit/2ea9ff49124750ece175cb1f27a1492fc50287a3
+From: Yaroslav Sidlovsky 
+Date: Wed, 17 Mar 2021 15:37:30 +0300
+Subject: [PATCH] Fix smartctl exit status success check
+ According to the smartctl man page:
+ ```
+ EXIT STATUS
+ The  exit  statuses of smartctl are defined by a bitmask.  If all is well 
with the disk, the exit status (return value) of smartctl is 0 (all bits turned 
off).  If a problem occurs, or an error, potential error, or fault is detected, 
then a non-zero status is
+ returned.  In this case, the eight different bits in the exit status have the 
following meanings for ATA disks; some of these values may also be returned for 
SCSI disks.
+ .
+ Bit 0: Command line did not parse.
+ .
+ Bit 1: Device open failed, device did not return an IDENTIFY DEVICE 
structure, or device is in a low-power mode (see '-n' option above).
+ .
+ Bit 2: Some SMART or other ATA command to the disk failed, or there was a 
checksum error in a SMART data structure (see '-b' option above).
+ .
+ Bit 3: SMART status check returned "DISK FAILING".
+ .
+ Bit 4: We found prefail Attributes <= threshold.
+ .
+ Bit 5: SMART status check returned "DISK OK" but we found that some (usage or 
prefail) Attributes have been <= threshold at some time in the past.
+ .
+ Bit 6: The device error log contains records of errors.
+ .
+ Bit 7: The device self-test log contains records of errors.  [ATA only] 
Failed self-tests outdated by a newer successful extended self-test are ignored.
+ ```
+ .
+ BUG: 429028
+---
+ src/core/smartparser.cpp | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/smartparser.cpp b/src/core/smartparser.cpp
+index 80c73f1..9170a0f 100644
+--- a/src/core/smartparser.cpp
 b/src/core/smartparser.cpp
+@@ -117,7 +117,11 @@ void SmartParser::loadSmartOutput()
+ if (m_SmartOutput.isEmpty()) {
+ ExternalCommand smartctl(QStringLiteral("smartctl"), { 
QStringLiteral("--all"), QStringLiteral("--json"), devicePath() });
+ 
+-if (smartctl.run() && smartctl.exitCode() == 0) {
++// Exit status of smartctl is a bitfield, check that bits 0 and 1 are 
not set:
++//  - bit 0: command line did not parse;
++//  - bit 1: device open failed.
++// See `man 8 smartctl` for more details.
++if (smartctl.run() && (smartctl.exitCode() & 1) == 0 && 
(smartctl.exitCode() & 2) == 0) {
+ QByteArray output = smartctl.rawOutput();
+ 
+ m_SmartOutput = QJsonDocument::fromJson(output);
+-- 
+GitLab
+

Bug#985390: unblock: squid/4.13-7

[Paul Gevers]

Control: tag -1 moreinfo

Hi Santiago,

On 17-03-2021 09:01, Santiago Garcia Mantinan wrote:
> Fixing a couple of nasty bugs discovered late,

Yes, due to handling of a new binary package that you had migrated into
bullseye the day before that wasn't allowed anymore exactly to avoid
this class of bugs.

> Loss of config and logs and service deactivated when switching squid flavour
> and purging the old one.

And now you don't purge the configuration and logs at all. Policy isn't
totally clear on this (the text is lightly ambiguous), but *I* expect
purging to remove my configuration and logs, what else is the delta
between removal and purging? However, I'm wondering if I want you to fix
that at this moment at the risk of not getting it right. However, I
think you're current message is confusing though and needs improvement:
1) it doesn't mention the configuration file(s)
2) it doesn't mention that the log is shared with that other
(potentially installed) package. There's context missing here for
sysadmins of why you're not doing it in the package. What happens if
somebody just did exactly as told and deleted the log directory?

-#DEBHELPER#
+# Automatically added by dh_installinit/13.3.4
  ^

Highly confusing, don't you think, for something that's not at all
automatically added.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Processed: Re: Bug#985390: unblock: squid/4.13-7

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #985390 [release.debian.org] unblock: squid/4.13-7
Added tag(s) moreinfo.

-- 
985390: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985390
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#985750: unblock: gazebo/11.1.0+dfsg-6

[Jochen Sprickerhof]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package gazebo

[ Reason ]
The version in testing was build with an old version of protobuf so
software using libgazebo-dev and the current protobuf version in testing
fail to build, like gazebo_ros (not in Debian). The fix is to rebuild
against the current protobuf API version and to depend on that to make
sure it is rebuild automatically in future.

The gazebo package only builds on amd64 and i386 and was blocked from
migration due to britney not being smarter. Discussing this in
#debian-devel, elbrus proposed to mark the only autopkgtest as
superficial as it not really testing enough of the package. So the diff
includes this as well.

[ Impact ]
The protobuf headers in libgazebo-dev would not be usable.

[ Tests ]
There are no automated tests, compiling gazebo_ros manually works after
the rebuild.

[ Risks ]
There is no risk, as the libgazebo-dev already depends on
libprotobuf-dev which provides the protobufapi package.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock gazebo/11.1.0+dfsg-6
diff --git a/debian/changelog b/debian/changelog
index 6ee8a113..7e75fc8b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+gazebo (11.1.0+dfsg-6) unstable; urgency=medium
+
+  * Team upload.
+  * Mark test superficial
+
+ -- Jochen Sprickerhof   Mon, 22 Mar 2021 22:21:38 +0100
+
+gazebo (11.1.0+dfsg-5) unstable; urgency=medium
+
+  * Team upload.
+  * libgazebo-dev Depends on Protobuf API version (Closes: #985660)
+
+ -- Jochen Sprickerhof   Sun, 21 Mar 2021 22:21:29 +0100
+
 gazebo (11.1.0+dfsg-4) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/control b/debian/control
index 161cefd4..5ac5de9b 100644
--- a/debian/control
+++ b/debian/control
@@ -172,7 +172,8 @@ Depends: libtbb-dev,
  libgazebo11 (= ${binary:Version}),
  gazebo-common (= ${source:Version}),
  gazebo-plugin-base (= ${binary:Version}),
- ${misc:Depends}
+ ${misc:Depends},
+ ${protobuf:API},
 Breaks: libgazebo7-dev, libgazebo9-dev (<< 11.0.0+dfsg-1~)
 Replaces: libgazebo7-dev, libgazebo9-dev (<< 11.0.0+dfsg-1~)
 Description: Open Source Robotics Simulator - Development Files
diff --git a/debian/rules b/debian/rules
index c5b852a6..7268f462 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,6 +2,11 @@
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
+# see #985660
+# extract the protobuf API version package and add it to d/control
+# Needed because protobuf generated headers are only compatible with that 
version
+protobufapi := $(shell dpkg-query -W -f '$${Provides}' libprotobuf-dev | grep 
-o 'protobuf-api-[^ ]*')
+
 override_dh_auto_configure:
dh_auto_configure -- \
 -DUSE_HOST_CFLAGS:BOOL=False \
@@ -18,6 +23,9 @@ override_dh_install:
# Remove old script
rm -f debian/gazebo/usr/bin/gzprop
 
+execute_before_dh_gencontrol:
+   echo 'protobuf:API=$(protobufapi)' >> debian/libgazebo-dev.substvars
+
 # Tests needs an X server running and GPU acceleration
 override_dh_auto_test:
 
diff --git a/debian/tests/control b/debian/tests/control
index 3a872e84..9de62eb0 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,3 @@
 Tests: build
 Depends: @, pkg-config, build-essential
+Restrictions: superficial

Bug#985390: unblock: squid/4.13-7

[Santiago Garcia Mantinan]

> > Fixing a couple of nasty bugs discovered late,
> Yes, due to handling of a new binary package that you had migrated into
> bullseye the day before that wasn't allowed anymore exactly to avoid
> this class of bugs.

Agreed, this was something that several users had asked for and that we, the
screen team, agreed on making, but nobody had the time till I was able to do
it, yes, it was late on the cycle, but I think we can get it right before
releasing.

> > Loss of config and logs and service deactivated when switching squid flavour
> > and purging the old one.
> And now you don't purge the configuration and logs at all. Policy isn't
> totally clear on this (the text is lightly ambiguous), but *I* expect
> purging to remove my configuration and logs, what else is the delta
> between removal and purging? However, I'm wondering if I want you to fix

The package has traditionally left, the cache (something that is probably
not usefull at all) without being removed from the disk just because it
would take a lot of time to remove it (reading the comments on postrm
script)
# We do not remove /var/spool/squid because that might
# take a lot of time. Most of the time it is on a seperate
# disk anyway and it is faster to do a mkfs on it..

I thought that leaving the logs which can be even legally needed, wouldn't
hurt, in my case when I found this it was a problem as I lost all the logs I
had on the system (luckily I had a backup).


> that at this moment at the risk of not getting it right. However, I

You are right.

> think you're current message is confusing though and needs improvement:
> 1) it doesn't mention the configuration file(s)

The configuration file (which was forcebly removed by postrm before) is
removed by dpkg if squid and squid-openssl are both purged, so as far as
config goes, it still does what you would spect.

> 2) it doesn't mention that the log is shared with that other
> (potentially installed) package. There's context missing here for
> sysadmins of why you're not doing it in the package. What happens if
> somebody just did exactly as told and deleted the log directory?

Agreed, I can try to get a better message on a -9 version of it.

> -#DEBHELPER#
> +# Automatically added by dh_installinit/13.3.4
>   ^
> 
> Highly confusing, don't you think, for something that's not at all
> automatically added.

Sure, I didn't remove this to minimize the changes between the binary
packages, and given that this was a temporary fix, I thougt it would be
better to leave it like that, but I'll remove it on -9.

Regards...
-- 
Manty/BestiaTester -> http://manty.net

Re: Bug#985556: flatpak/1.2.5-0+deb10u4 FTBFS on i386

[Aurelien Jarno]

On 2021-03-21 12:15, Philipp Kern wrote:
> On 20.03.21 13:32, Simon McVittie wrote:
> > On Sat, 20 Mar 2021 at 09:16:45 +0100, Salvatore Bonaccorso wrote:
> >> On Sat, Mar 20, 2021 at 12:12:39AM +, Simon McVittie wrote:
> >>> Could x86-conova-01.debian.org be an IPv6-only buildd?
> > ...
> >>> Or, if not that, could it be the case that this buildd is firewalled or
> >>> otherwise restricted such that connections from the build to a test
> >>> server listening on an arbitrary high port number on the loopback
> >>> interface will fail?
> >>
> >> JFTR, this might indeed be the case. I gave it back a couple of times
> >> and building on x86-conova-01.debian.org failed. The last one got
> >> picked on buildd-x86-grnet-01 which now seems to have built.
> > 
> > If we now have buildds that are more restrictive or limited than
> > the buildds that were used at the time stable was frozen, then
> > it would probably be good if it was possible to arrange for only
> > testing/unstable/experimental packages to be built on those buildds,
> > with stable updates built on buildds that more closely resemble the ones
> > they were originally tested on - otherwise we'll get random build
> > regressions.
> 
> The buildd is IPv6-only. I'm somewhat torn given that we have enough
> buildd coverage that a give-back would likely solve the problem. At the
> same time you can't avoid a particular buildd either. So I concur, as
> much as it hurts me in this day and age, that we should at least
> temporarily disable stable/oldstable builds on the IPv6-only buildds.
> 
> I have commented out stretch and buster (and their corresponding
> security and backports suites) on x86-conova-01 for now. I'll definitely
> leave bullseye on, though. Not sure if there's another IPv6-only buildd
> lingering around.

Thanks for doing that change that fully makes sense. I have done the
same change on arm-conova-03 which is also IPv6-only.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#985759: unblock: mosquitto/2.0.9-1

[Roger A. Light]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package mosquitto

[ Reason ]
Mosquitto 2.0.8 is currently in testing, Mosquitto 2.0.9 was released on
2021-03-11 and has sufficiently important fixes in it that I believe
should be in a Debian release.

The full debdiff is 1110 lines. If I reduce that to code-only changes it
drops to 387 (the remainder are documentation and extra tests), with
about 150 lines of actual affected code. It is a small bugfix release
with low risk but some reasonably important fixes.

[ Impact ]
I have listed the fixes below that I think are worth mentioning. The
other changes are of minor impact or are fixing strict compiler
warnings.

Client and library: There is a fairly minor security issue that affects
outgoing client connections only - if an empty or corrupt CA certificate
is provided to a client, then the initial connection would fail but
subsequent connections would succeed without verifying the remote server
certificate. There is a new test for this behaviour, but it is not in
the 2.0.9 release.

Build: The CMake build script was not enabling epoll(), so poll() was
being used instead which has a very detrimental impact on performance.

Server: Messages published with QoS 0 were not being delivered when
`max_queued_bytes` was configured. This has a big impact on users
wanting to use QoS 0, which is the most common QoS, but also set some
client limits. There is a new test to check this behaviour.

Server: If the `max_keepalive` option was set, this did not apply to
clients connecting with keepalive set to 0 (which means "infinite keepalive").
This gives a very straightforward means to circumvent the wishes of the
server operator, although in itself it isn't very important.

Server: The behaviour setting acceptable TLS versions did not match the
documentation.

Server: Messages to '$' prefixed MQTT topics were being rejected. This
is not security critical but very annoying for a user wanting to use
that feature.

[ Tests ]
The release introduces a new test that covers one issue. A test
exists for the CA issue but is not part of this release.

[ Risks ]
I believe this to be low risk. Most of the code changes are reasonably
simple.

shairport-sync, kamailio-mqtt-module, and baresip-core depend on
libmosquitto1. The changes to the library code are trivial.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
mosquitto_2.0.8-mosquitto-2.0.9.debdiff is the full debdiff.
mosquitto_2.0.8-mosquitto-2.0.9-code.debdiff is the code only debdiff.

unblock mosquitto/2.0.9-1

-- System Information:
Debian Release: bullseye/sid
  APT prefers focal-updates
  APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 
'focal-proposed'), (500, 'focal'), (100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-48-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru mosquitto-2.0.8/ChangeLog.txt mosquitto-2.0.9/ChangeLog.txt
--- mosquitto-2.0.8/ChangeLog.txt   2021-02-25 17:28:19.0 +
+++ mosquitto-2.0.9/ChangeLog.txt   2021-03-11 22:37:20.0 +
@@ -1,3 +1,39 @@
+2.0.9 - 2021-03-11
+==
+
+Security:
+- If an empty or invalid CA file was provided to the client library for
+  verifying the remote broker, then the initial connection would fail but
+  subsequent connections would succeed without verifying the remote broker
+  certificate. Closes #2130.
+- If an empty or invalid CA file was provided to the broker for verifying the
+  remote broker for an outgoing bridge connection then the initial connection
+  would fail but subsequent connections would succeed without verifying the
+  remote broker certificate. Closes #2130.
+
+Broker:
+- Fix encrypted bridge connections incorrectly connecting when `bridge_cafile`
+  is empty or invalid. Closes #2130.
+- Fix `tls_version` behaviour not matching documentation. It was setting the
+  exact TLS version to use, not the minimium TLS version to use. Closes #2110.
+- Fix messages to `$` prefixed topics being rejected. Closes #2111.
+- Fix QoS 0 messages not being delivered when max_queued_bytes was configured.
+  Closes #2123.
+- Fix bridge increasing backoff calculation.
+- Improve handling of invalid combinations of listener address and bind
+  interface configurations. Closes #2081.
+- Fix `max_keepalive` option not applying to clients connecting with keepalive
+  set to 0. Closes #2117.
+
+Client library:
+- Fix encrypted connections incorrectly connecting when the CA file passed to
+  `mosquitto_tls_set()` is empty or invalid. Closes #2130.
+- Fix connections retrying ve

Re: [SUA 197-1] Upcoming Debian 10 Update (10.9)

[Дмитрий Н . Медведев]

unsubscribe

пн, 22 мар. 2021 г. в 23:26, Adam D. Barratt :

>
> 
> Debian Stable Updates Announcement SUA 197-1
> https://www.debian.org/
> debian-release@lists.debian.org
> 
> Adam D. Barratt
> March 22nd, 2021
>
> 
>
> Upcoming Debian 10 Update (10.9)
>
> An update to Debian 10 is scheduled for Saturday, March 27th, 2021. As o
> now it will include the following bug fixes. They can be found in "buster-
> proposed-updates", which is carried by all official mirrors.
>
> Please note that packages published through security.debian.org are not
> listed, but will be included if possible. Some of the updates below are
> also
> already available through "buster-updates".
>
> Testing and feedback would be appreciated. Bugs should be filed in the
> Debian Bug Tracking System, but please make the Release Team aware of them
> by copying "debian-release@lists.debian.org" on your mails.
>
> The point release will also include a rebuild of debian-installer.
>
>
> Miscellaneous Bugfixes
> --
>
> This stable update adds a few important corrections to the following
> packages:
>
>   PackageReason
>   -----
>
>   avahi  Remove avahi-daemon-check-dns mechanism, no
>  longer needed
>
>   base-files Update /etc/debian_version for the 10.9 point
>  release
>
>   cloud-init Avoid logging generated passwords to world-
>  readable log files [CVE-2021-3429]
>
>   debian-archive-keyring Add bullseye keys; retire jessie keys
>
>   debian-installer   Use 4.19.0-16 Linux kernel ABI
>
>   exim4  Fix use of concurrent TLS connections under
>  GnuTLS; fix TLS certificate verification with
>  CNAMEs; README.Debian: document the
>  limitation/extent of server certificate
>  verification in the default configuration
>
>   fetchmail  No longer report "System error during
>  SSL_connect(): Success"; remove OpenSSL
> version
>  check
>
>   fwupd  Add SBAT support
>
>   fwupdate   Add SBAT support
>
>   gdnsd  Fix stack overflow with overly-large IPv6
>  addresses [CVE-2019-13952]
>
>   groff  Rebuild against ghostscript 9.27
>
>   hwloc-contrib  Enable support for ppc64el
>
>   intel-microcodeUpdate various microcode
>
>   iputilsFix ping rounding errors; fix tracepath target
>  corruption
>
>   jquery Fix untrusted code execution vulnerabilities
>  [CVE-2020-11022 CVE-2020-11023]
>
>   libbsd Fix out-of-bounds read issue [CVE-2019-20367]
>
>   libpano13  Fix format string vulnerability
>
>   libreofficeDo not load encodings.py from current directoy
>
>   linux  New upstream stable release; bump ABI to -16;
>  rotate secure boot signing keys
>
>   linux-latest   Update to -16 kernel ABI
>
>   lirc   Normalize embedded ${DEB_HOST_MULTIARCH} value
>  in /etc/lirc/lirc_options.conf to find
>  unmodified configuration files on all
>  architectures; recommend gir1.2-vte-2.91
>  instead of non-existant gir1.2-vte
>
>   m2crypto   Fix test failure with recent OpenSSL
>
>   openafsFix outgoing connections after unix epoch time
>  0x6000 (14 January 2021)
>
>   portaudio19Handle EPIPE from
>  alsa_snd_pcm_poll_descriptors, fixing crash
>
>   postgresql-11  New upstream stable release; fix information
>  leakage in constraint-violation error messages
>  [CVE-2021-3393]; fix CREATE INDEX CONCURRENTLY
>  to wait for concurrent prepared transactions
>
>   privoxySecurity issues [CVE-2020-35502 CVE-2021-20209
>  CVE-2021-20210 CVE-2021-20211 CVE-2021-20212
>  CVE-2021-20213 CVE-2021-20214 CVE-2021-20215
>  CVE-2021-20216 CVE-2021-20217 CVE-2021-20272
>  CVE-2021-20273 CVE-2021-20275 CVE-2021-20276]
>
>   python3.7  Fix C

Processed: Re: Bug#985721: unblock: fossil/1:2.15~rc1-1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #985721 [release.debian.org] unblock: fossil/1:2.15~rc1-1
Added tag(s) moreinfo.

-- 
985721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985721
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#985721: unblock: fossil/1:2.15~rc1-1

[Sebastian Ramacher]

Control: tags -1 + moreinfo

On 2021-03-22 16:37:43 +, Barak A. Pearlmutter wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Please unblock package fossil
> 
> [ Reason ]
> 
> Marked for autoremoval due to #985124.
> 
> The issue was fixed upstream. Given the nature of the package, I think
> tracking their release candidate is better than cherry-picking the
> change that appears directly related to this issue. They made a number
> of other safety-related fixes to ensure robustness and security in the
> face of old or compiled-with-wrong-options versions of SQLITE3. And
> nothing that looks scary.
> 
> [ Impact ]
> 
> Will allow fossil to be in the release.
> 
> [ Tests ]
> 
> There is a comprehensive test suite, which can be run automatically.
> It is disabled in debian/rules because the makefile says it needs to
> be run in a fossil repo that will be discarded after the test because
> the tests can corrupt it. Well, it used to say this: the comment is
> gone, so maybe it's okay now. But in any case, the system passes all
> tests right now.
> 
> [ Risks ]
> 
> This is a leaf package.
> 
> It ticks various boxes for security sensitivity, sort of the union of
> the security sensitivity of git and a web server and a wiki. Upstream
> is extremely responsive and careful. I think the best option is to
> follow upstream's recommendation, which is to track their releases.
> 
> [ Checklist ]
>   [X] all changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [ ] attach debdiff against the package in testing
> 
> I'm attaching the debdiff, but it's large. Due mainly to changes in
> the enclosed sqlite3 (unused unless the debian version is too old or
> otherwise unsuitable), and tweaks to static material in the integrated
> wiki.

 212 files changed, 12355 insertions(+), 12425 deletions(-)

We cannot review that in any reasonable way. Please provide a filtered debdiff.

Cheers

> 
> unblock fossil/1:2.15~rc2-1
> <#part type="application/octet-stream" filename="~/tmp/ddiff2" 
> disposition=attachment>
> <#/part>
> 

-- 
Sebastian Ramacher


signature.asc
Description: PGP signature

Bug#985746: marked as done (unblock: kpmcore/20.12.3-2)

[Debian Bug Tracking System]

Your message dated Mon, 22 Mar 2021 23:01:08 +
with message-id 
and subject line unblock kpmcore
has caused the Debian Bug report #985746,
regarding unblock: kpmcore/20.12.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985746
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: Debian Qt/KDE Maintainers 

Please unblock package kpmcore

[ Reason ]
It contains the backport of an upstream fix for not being able to
display S.M.A.R.T. information in KDE Partition Manager for some disk
states.

[ Impact ]
Users can’t display S.M.A.R.T. information from Partition Manager for
disks having some kind of issues.

[ Tests ]
No failing disk at hand, but I did test that displaying S.M.A.R.T.
information for valid disks still works.

[ Risks ]
Oneliner, coming from upstream, risk is low.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock kpmcore/20.12.3-2
diff -Nru kpmcore-20.12.3/debian/changelog kpmcore-20.12.3/debian/changelog
--- kpmcore-20.12.3/debian/changelog2021-03-08 23:23:00.0 +0100
+++ kpmcore-20.12.3/debian/changelog2021-03-22 11:36:09.0 +0100
@@ -1,3 +1,10 @@
+kpmcore (20.12.3-2) unstable; urgency=medium
+
+  * Backport upstream fix so that S.M.A.R.T. information display always works
+whatever the disk state.
+
+ -- Aurélien COUDERC   Mon, 22 Mar 2021 11:36:09 +0100
+
 kpmcore (20.12.3-1) unstable; urgency=medium
 
   * New upstream release (20.12.3).
diff -Nru kpmcore-20.12.3/debian/patches/series 
kpmcore-20.12.3/debian/patches/series
--- kpmcore-20.12.3/debian/patches/series   1970-01-01 01:00:00.0 
+0100
+++ kpmcore-20.12.3/debian/patches/series   2021-03-22 11:14:09.0 
+0100
@@ -0,0 +1 @@
+upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
diff -Nru 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
--- 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
   1970-01-01 01:00:00.0 +0100
+++ 
kpmcore-20.12.3/debian/patches/upstream_2ea9ff49_fix_smartctl_exit_status_success_check.patch
   2021-03-22 11:24:15.0 +0100
@@ -0,0 +1,52 @@
+Origin: upstream, 
https://invent.kde.org/system/kpmcore/commit/2ea9ff49124750ece175cb1f27a1492fc50287a3
+From: Yaroslav Sidlovsky 
+Date: Wed, 17 Mar 2021 15:37:30 +0300
+Subject: [PATCH] Fix smartctl exit status success check
+ According to the smartctl man page:
+ ```
+ EXIT STATUS
+ The  exit  statuses of smartctl are defined by a bitmask.  If all is well 
with the disk, the exit status (return value) of smartctl is 0 (all bits turned 
off).  If a problem occurs, or an error, potential error, or fault is detected, 
then a non-zero status is
+ returned.  In this case, the eight different bits in the exit status have the 
following meanings for ATA disks; some of these values may also be returned for 
SCSI disks.
+ .
+ Bit 0: Command line did not parse.
+ .
+ Bit 1: Device open failed, device did not return an IDENTIFY DEVICE 
structure, or device is in a low-power mode (see '-n' option above).
+ .
+ Bit 2: Some SMART or other ATA command to the disk failed, or there was a 
checksum error in a SMART data structure (see '-b' option above).
+ .
+ Bit 3: SMART status check returned "DISK FAILING".
+ .
+ Bit 4: We found prefail Attributes <= threshold.
+ .
+ Bit 5: SMART status check returned "DISK OK" but we found that some (usage or 
prefail) Attributes have been <= threshold at some time in the past.
+ .
+ Bit 6: The device error log contains records of errors.
+ .
+ Bit 7: The device self-test log contains records of errors.  [ATA only] 
Failed self-tests outdated by a newer successful extended self-test are ignored.
+ ```
+ .
+ BUG: 429028
+---
+ src/core/smartparser.cpp | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/smartparser.cpp b/src/core/smartparser.cpp
+index 80c73f1..9170a0f 100644
+--- a/src/core/smartparser.cpp
 b/src/core/smartparser.cpp
+@@ -117,7 +117,11 @@ void SmartParser::loadSmartOutput()
+ if (m_SmartOutput.isEmpty()) {
+ ExternalCommand smartctl(QStringLiteral("smartctl"), { 
QStringLiteral("--all"), QStringLiter

Bug#985761: unblock: plymouth/0.9.5-3

[Laurent Bigonville]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: couc...@debian.org

Please unblock package plymouth

So apparently I forgot to ask for an unblock my last upload of plymouth

[ Reason ]
The main change is the switch to the new "homeworld" theme

The other changes are:

- Removing a dependency against a package removed from the archive 
(ttf-dejavu-core)
- Remove the support for /etc/vconsole.conf that is not used anywhere in
  debian.

[ Impact ]
Plymouth uses the old theme from Buster

[ Tests ]
Reboot and the new theme is displayed.

The keymap is still read properly from /etc/default/keyboard

[ Risks ]
NA

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock plymouth/0.9.5-3
diff -Nru plymouth-0.9.5/debian/changelog plymouth-0.9.5/debian/changelog
--- plymouth-0.9.5/debian/changelog 2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/changelog 2021-03-02 13:18:12.0 +0100
@@ -1,3 +1,15 @@
+plymouth (0.9.5-3) unstable; urgency=medium
+
+  [ Laurent Bigonville ]
+  * debian/control: Remove dependency the ttf-dejavu-core alternative
+  * Don't use /etc/vconsole.conf after all as it's not used anywhere in debian
+  * d/p/0003-default-theme.patch: Switch to homeworld for bullseye
+
+  [ Simon McVittie ]
+  * Unfuzz 0008-show-delay.patch to apply cleanly
+
+ -- Laurent Bigonville   Tue, 02 Mar 2021 13:18:12 +0100
+
 plymouth (0.9.5-2) unstable; urgency=medium
 
   * debian/local/plymouth.hook: Copy logo-text-version-64.png in the initramfs
diff -Nru plymouth-0.9.5/debian/control plymouth-0.9.5/debian/control
--- plymouth-0.9.5/debian/control   2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/control   2021-03-02 13:18:12.0 +0100
@@ -110,7 +110,7 @@
 Depends: fontconfig,
  fontconfig-config,
  fonts-cantarell,
- fonts-dejavu-core | ttf-dejavu-core,
+ fonts-dejavu-core,
  plymouth (= ${binary:Version}),
  plymouth-label (= ${binary:Version}),
  ${misc:Depends},
diff -Nru plymouth-0.9.5/debian/local/plymouth.hook 
plymouth-0.9.5/debian/local/plymouth.hook
--- plymouth-0.9.5/debian/local/plymouth.hook   2020-12-09 15:58:50.0 
+0100
+++ plymouth-0.9.5/debian/local/plymouth.hook   2021-03-02 13:18:12.0 
+0100
@@ -121,17 +121,12 @@
esac
fc-cache -s -y "${DESTDIR}" > /dev/null 2>&1
 
-   # copy /etc/default/keyboard and /etc/vconsole.conf (needed for 
keymap detection)
+   # copy /etc/default/keyboard (needed for keymap detection)
if [ -e /etc/default/keyboard ]
then
mkdir -p "${DESTDIR}/etc/default"
cp /etc/default/keyboard "${DESTDIR}/etc/default"
fi
-   if [ -e /etc/vconsole.conf ]
-   then
-   mkdir -p "${DESTDIR}/etc"
-   cp /etc/vconsole.conf "${DESTDIR}/etc"
-   fi
 
# for two-step
case "$(sed -n 's/^ModuleName=\(.*\)/\1/p' ${THEME})" in
diff -Nru plymouth-0.9.5/debian/patches/0003-default-theme.patch 
plymouth-0.9.5/debian/patches/0003-default-theme.patch
--- plymouth-0.9.5/debian/patches/0003-default-theme.patch  2020-12-09 
15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/0003-default-theme.patch  2021-03-02 
13:18:12.0 +0100
@@ -7,7 +7,7 @@
  # Administrator customizations go in this file
  #[Daemon]
 -#Theme=fade-in
-+#Theme=futureprototype
++#Theme=homeworld
 --- a/src/plymouthd.defaults
 +++ b/src/plymouthd.defaults
 @@ -1,6 +1,6 @@
@@ -15,6 +15,6 @@
  # upgrades.
  [Daemon]
 -Theme=spinner
-+Theme=futureprototype
++Theme=homeworld
  ShowDelay=0
  DeviceTimeout=8
diff -Nru plymouth-0.9.5/debian/patches/0008-show-delay.patch 
plymouth-0.9.5/debian/patches/0008-show-delay.patch
--- plymouth-0.9.5/debian/patches/0008-show-delay.patch 2020-12-09 
15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/0008-show-delay.patch 2021-03-02 
13:18:12.0 +0100
@@ -6,5 +6,5 @@
 @@ -1,3 +1,4 @@
  # Administrator customizations go in this file
  #[Daemon]
- #Theme=futureprototype
+ #Theme=homeworld
 +#ShowDelay=0
diff -Nru plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch 
plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch
--- plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch   
2020-12-09 15:58:50.0 +0100
+++ plymouth-0.9.5/debian/patches/fallback-etc-default-keyboard.patch   
2021-03-02 13:18:12.0 +0100
@@ -1,17 +1,17 @@
+Description: Use /etc/default/keyboard instead of /etc/vconsole.conf
+Forwarded: not-needed
+
 --- a/src/libply-splash-core/ply-terminal.c
 +++ b/src/libply-splash-core/ply-terminal.c
-@@ -136,6 +136,14 @@ ply_terminal_parse_keyma

Bug#985390: unblock: squid/4.13-7

[Santiago Garcia Mantinan]

Hi again!

I have just pushed:

https://salsa.debian.org/squid-team/squid/-/commit/fe8a10ef8ec40411bb59bec7af2b179796d4f4ef

I think I'm addressing all your concerns there, if you like it I'll run
tests tomorrow and upload the -9 package.

Thanks in advance.
-- 
Manty/BestiaTester -> http://manty.net

Processed: Re: Bug#985692: unblock: sweethome3d/6.4.2+dfsg-2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 - moreinfo
Bug #985692 [release.debian.org] unblock: sweethome3d/6.4.2+dfsg-2
Removed tag(s) moreinfo.

-- 
985692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#985692: unblock: sweethome3d/6.4.2+dfsg-2

[Andrius Merkys]

Control: tags -1 - moreinfo

On 2021-03-22 21:26, Sebastian Ramacher wrote:
> Control: tags -1 confirmed moreinfo
> 
> On 2021-03-22 12:03:55 +0200, Andrius Merkys wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>>
>> Dear release-team,
>>
>> I am seeking pre-approval to upload sweethome3d/6.4.2+dfsg-2.
> 
> Please go ahead and removed the moreinfo tag once the version is
> available in unstable.

Thanks! Uploaded sweethome3d/6.4.2+dfsg-2 to unstable.

Best,
Andrius



signature.asc
Description: OpenPGP digital signature